You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@camel.apache.org by Alexandre Gattiker <ag...@gmail.com> on 2012/01/04 20:39:54 UTC
Setting CXF TLSClientParameters programmatically
As of Camel 2.9.0 I can write:
Map<String, Object> cxfProperties = new HashMap<String, Object>();
cxfProperties.put(AuthorizationPolicy.class.getName(), policy);
cxfEndpoint.setProperties(cxfProperties);
Is there a similar way to set the TLSClientParameters? I would like to
set them e.g. from the usual system properties
javax.net.ssl.keyStoreType, etc. which are not honored by the default
HTTP Conduit (why?).
In CXF I can write the following, but I couldn't find a Camel equivalent:
JaxWsClientFactoryBean factory = new JaxWsClientFactoryBean();
...
proxy = factory.create();
HTTPConduit conduit = (HTTPConduit) proxy.getConduit();
TLSClientParameters tcp = new TLSClientParameters();
tcp.setUseHttpsURLConnectionDefaultHostnameVerifier(true);
tcp.setUseHttpsURLConnectionDefaultSslSocketFactory(true);
conduit.setTlsClientParameters(tcp);
I found a workaround as follows, but it is quite complicated. Also,
the CXF conduit wildcard (name="*.http-conduit") doesn't work.
context = new SpringCamelContext(new
ClassPathXmlApplicationContext("/camel-ssl.xml"));
context.addRoutes(...)
camel-ssl.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:http="http://cxf.apache.org/transports/http/configuration"
xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
">
<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="properties">
<props>
<prop
key="javax.net.ssl.trustStoreType">JKS</prop>
<prop
key="javax.net.ssl.keyStoreType">JKS</prop>
<prop
key="javax.net.ssl.keyStorePassword">changeit</prop>
</props>
</property>
<property name="systemPropertiesModeName">
<value>SYSTEM_PROPERTIES_MODE_OVERRIDE</value>
</property>
</bean>
<http:conduit id="myHttpConduit" name="{myNs}myPort.http-conduit">
<http:tlsClientParameters>
<sec:keyManagers
keyPassword="${javax.net.ssl.keyStorePassword}">
<sec:keyStore
type="${javax.net.ssl.keyStoreType}"
password="${javax.net.ssl.keyStorePassword}"
file="${javax.net.ssl.keyStore}" />
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore
type="${javax.net.ssl.trustStoreType}"
file="${javax.net.ssl.trustStore}" />
</sec:trustManagers>
</http:tlsClientParameters>
</http:conduit>
</beans>
Thanks in advance for your advice.
Re: Setting CXF TLSClientParameters programmatically
Posted by jjathman <jj...@gmail.com>.
I realize this is a very old post, but I don't really see a concrete answer
to the questions from the OP. From what I can tell using a wildcard HTTP
conduit configuration does not work correctly when programmatically creating
a CxfEndpoint. Using that would be ideal, but even if that isn't possible
can we programmatically set the TLS Client Parameters somehow?
--
View this message in context: http://camel.465427.n5.nabble.com/Setting-CXF-TLSClientParameters-programmatically-tp5120622p5756553.html
Sent from the Camel - Users mailing list archive at Nabble.com.
Re: Setting CXF TLSClientParameters programmatically
Posted by Willem Jiang <wi...@gmail.com>.
Current camel-cxf doesn't care any thing of the CXF endpoint transport.
I think the issue should be address in the CXF side instead of
camel-cxf.
On Thu Jan 5 15:50:16 2012, Claus Ibsen wrote:
> David have worked on uniform TLS/SSL configuration of the Camel components.
>
> He wrote a lot of documentation and whatnot here
> http://camel.apache.org/camel-configuration-utilities.html
>
> And from time to time add support for it with the Camel components.
>
> But I guess CXF has already a lot of bells and whistles for SSL configuration
> http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html
>
> So I wonder if it makes sense at all to try to allow to use the stuff
> David did for camel-cxf as well?
> However as people often already configure CXF using the CXF
> namespaces, then it may just add more confusion to the mix.
>
> Any thoughts?
>
>
>
> On Thu, Jan 5, 2012 at 8:15 AM, David Karlsen<da...@gmail.com> wrote:
>> Absolutely. We want to do this because of individual applications running
>> in the same container should have separate stores. Doesn't Camel operate
>> with å SSLContext for this purpose for the components?
>> Den 5. jan. 2012 08:09 skrev "Alexandre Gattiker"<ag...@gmail.com>
>> følgende:
>>
>>> Good catch, many thanks!
>>>
>>> Still, it would be very useful to be able to set the key store
>>> parameters programmatically for an endpoint, rather than through
>>> system properties only.
>>>
>>> Best regards,
>>> Alexandre
>>>
>>> On Wed, Jan 4, 2012 at 9:07 PM, Daniel Kulp<dk...@apache.org> wrote:
>>>> On Wednesday, January 04, 2012 8:39:54 PM Alexandre Gattiker wrote:
>>>>> As of Camel 2.9.0 I can write:
>>>>>
>>>>> Map<String, Object> cxfProperties = new HashMap<String, Object>();
>>>>> cxfProperties.put(AuthorizationPolicy.class.getName(), policy);
>>>>> cxfEndpoint.setProperties(cxfProperties);
>>>>>
>>>>> Is there a similar way to set the TLSClientParameters? I would like to
>>>>> set them e.g. from the usual system properties
>>>>> javax.net.ssl.keyStoreType, etc. which are not honored by the default
>>>>> HTTP Conduit (why?).
>>>>
>>>> Argh.... bug in CXF. Just looked at the code. We are grabbing the
>>>> system property for javax.net.ssl.keyStore and
>>> javax.net.ssl.keyStorePassword,
>>>> but not for keyStoreType. :-(
>>>>
>>>> Will fix.
>>>>
>>>> Dan
>>>>
>>>>
>>>>
>>>>
>>>>>
>>>>> In CXF I can write the following, but I couldn't find a Camel
>>> equivalent:
>>>>> JaxWsClientFactoryBean factory = new JaxWsClientFactoryBean();
>>>>> ...
>>>>> proxy = factory.create();
>>>>> HTTPConduit conduit = (HTTPConduit) proxy.getConduit();
>>>>> TLSClientParameters tcp = new TLSClientParameters();
>>>>> tcp.setUseHttpsURLConnectionDefaultHostnameVerifier(true);
>>>>> tcp.setUseHttpsURLConnectionDefaultSslSocketFactory(true);
>>>>> conduit.setTlsClientParameters(tcp);
>>>>>
>>>>>
>>>>> I found a workaround as follows, but it is quite complicated. Also,
>>>>> the CXF conduit wildcard (name="*.http-conduit") doesn't work.
>>>>>
>>>>> context = new SpringCamelContext(new
>>>>> ClassPathXmlApplicationContext("/camel-ssl.xml"));
>>>>> context.addRoutes(...)
>>>>>
>>>>> camel-ssl.xml:
>>>>> <?xml version="1.0" encoding="UTF-8"?>
>>>>> <beans xmlns="http://www.springframework.org/schema/beans"
>>>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>>>> xmlns:http="http://cxf.apache.org/transports/http/configuration"
>>>>> xmlns:sec="http://cxf.apache.org/configuration/security"
>>>>> xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
>>>>> xsi:schemaLocation="
>>>>> http://www.springframework.org/schema/beans
>>>>> http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
>>>>> http://cxf.apache.org/transports/http/configuration
>>>>> http://cxf.apache.org/schemas/configuration/http-conf.xsd
>>>>> http://cxf.apache.org/configuration/security
>>>>> http://cxf.apache.org/schemas/configuration/security.xsd
>>>>> ">
>>>>>
>>>>> <bean
>>>>>
>>> class="org.springframework.beans.factory.config.PropertyPlaceholderConfigur
>>>>> er"> <property name="properties">
>>>>> <props>
>>>>> <prop
>>>>> key="javax.net.ssl.trustStoreType">JKS</prop>
>>>>> <prop
>>>>> key="javax.net.ssl.keyStoreType">JKS</prop>
>>>>> <prop
>>>>> key="javax.net.ssl.keyStorePassword">changeit</prop>
>>>>> </props>
>>>>> </property>
>>>>> <property name="systemPropertiesModeName">
>>>>> <value>SYSTEM_PROPERTIES_MODE_OVERRIDE</value>
>>>>> </property>
>>>>> </bean>
>>>>>
>>>>> <http:conduit id="myHttpConduit"
>>> name="{myNs}myPort.http-conduit">
>>>>> <http:tlsClientParameters>
>>>>> <sec:keyManagers
>>>>> keyPassword="${javax.net.ssl.keyStorePassword}">
>>>>> <sec:keyStore
>>>>> type="${javax.net.ssl.keyStoreType}"
>>>>> password="${javax.net.ssl.keyStorePassword}"
>>>>> file="${javax.net.ssl.keyStore}" />
>>>>> </sec:keyManagers>
>>>>> <sec:trustManagers>
>>>>> <sec:keyStore
>>>>> type="${javax.net.ssl.trustStoreType}"
>>>>> file="${javax.net.ssl.trustStore}" />
>>>>> </sec:trustManagers>
>>>>> </http:tlsClientParameters>
>>>>> </http:conduit>
>>>>> </beans>
>>>>>
>>>>> Thanks in advance for your advice.
>>>> --
>>>> Daniel Kulp
>>>> dkulp@apache.org - http://dankulp.com/blog
>>>> Talend Community Coder - http://coders.talend.com
>>>
>
>
>
--
Willem
----------------------------------
FuseSource
Web: http://www.fusesource.com
Blog: http://willemjiang.blogspot.com (English)
http://jnn.javaeye.com (Chinese)
Twitter: willemjiang
Weibo: willemjiang
Re: Setting CXF TLSClientParameters programmatically
Posted by Claus Ibsen <cl...@gmail.com>.
David have worked on uniform TLS/SSL configuration of the Camel components.
He wrote a lot of documentation and whatnot here
http://camel.apache.org/camel-configuration-utilities.html
And from time to time add support for it with the Camel components.
But I guess CXF has already a lot of bells and whistles for SSL configuration
http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html
So I wonder if it makes sense at all to try to allow to use the stuff
David did for camel-cxf as well?
However as people often already configure CXF using the CXF
namespaces, then it may just add more confusion to the mix.
Any thoughts?
On Thu, Jan 5, 2012 at 8:15 AM, David Karlsen <da...@gmail.com> wrote:
> Absolutely. We want to do this because of individual applications running
> in the same container should have separate stores. Doesn't Camel operate
> with å SSLContext for this purpose for the components?
> Den 5. jan. 2012 08:09 skrev "Alexandre Gattiker" <ag...@gmail.com>
> følgende:
>
>> Good catch, many thanks!
>>
>> Still, it would be very useful to be able to set the key store
>> parameters programmatically for an endpoint, rather than through
>> system properties only.
>>
>> Best regards,
>> Alexandre
>>
>> On Wed, Jan 4, 2012 at 9:07 PM, Daniel Kulp <dk...@apache.org> wrote:
>> > On Wednesday, January 04, 2012 8:39:54 PM Alexandre Gattiker wrote:
>> >> As of Camel 2.9.0 I can write:
>> >>
>> >> Map<String, Object> cxfProperties = new HashMap<String, Object>();
>> >> cxfProperties.put(AuthorizationPolicy.class.getName(), policy);
>> >> cxfEndpoint.setProperties(cxfProperties);
>> >>
>> >> Is there a similar way to set the TLSClientParameters? I would like to
>> >> set them e.g. from the usual system properties
>> >> javax.net.ssl.keyStoreType, etc. which are not honored by the default
>> >> HTTP Conduit (why?).
>> >
>> > Argh.... bug in CXF. Just looked at the code. We are grabbing the
>> > system property for javax.net.ssl.keyStore and
>> javax.net.ssl.keyStorePassword,
>> > but not for keyStoreType. :-(
>> >
>> > Will fix.
>> >
>> > Dan
>> >
>> >
>> >
>> >
>> >>
>> >> In CXF I can write the following, but I couldn't find a Camel
>> equivalent:
>> >> JaxWsClientFactoryBean factory = new JaxWsClientFactoryBean();
>> >> ...
>> >> proxy = factory.create();
>> >> HTTPConduit conduit = (HTTPConduit) proxy.getConduit();
>> >> TLSClientParameters tcp = new TLSClientParameters();
>> >> tcp.setUseHttpsURLConnectionDefaultHostnameVerifier(true);
>> >> tcp.setUseHttpsURLConnectionDefaultSslSocketFactory(true);
>> >> conduit.setTlsClientParameters(tcp);
>> >>
>> >>
>> >> I found a workaround as follows, but it is quite complicated. Also,
>> >> the CXF conduit wildcard (name="*.http-conduit") doesn't work.
>> >>
>> >> context = new SpringCamelContext(new
>> >> ClassPathXmlApplicationContext("/camel-ssl.xml"));
>> >> context.addRoutes(...)
>> >>
>> >> camel-ssl.xml:
>> >> <?xml version="1.0" encoding="UTF-8"?>
>> >> <beans xmlns="http://www.springframework.org/schema/beans"
>> >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> >> xmlns:http="http://cxf.apache.org/transports/http/configuration"
>> >> xmlns:sec="http://cxf.apache.org/configuration/security"
>> >> xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
>> >> xsi:schemaLocation="
>> >> http://www.springframework.org/schema/beans
>> >> http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
>> >> http://cxf.apache.org/transports/http/configuration
>> >> http://cxf.apache.org/schemas/configuration/http-conf.xsd
>> >> http://cxf.apache.org/configuration/security
>> >> http://cxf.apache.org/schemas/configuration/security.xsd
>> >> ">
>> >>
>> >> <bean
>> >>
>> class="org.springframework.beans.factory.config.PropertyPlaceholderConfigur
>> >> er"> <property name="properties">
>> >> <props>
>> >> <prop
>> >> key="javax.net.ssl.trustStoreType">JKS</prop>
>> >> <prop
>> >> key="javax.net.ssl.keyStoreType">JKS</prop>
>> >> <prop
>> >> key="javax.net.ssl.keyStorePassword">changeit</prop>
>> >> </props>
>> >> </property>
>> >> <property name="systemPropertiesModeName">
>> >> <value>SYSTEM_PROPERTIES_MODE_OVERRIDE</value>
>> >> </property>
>> >> </bean>
>> >>
>> >> <http:conduit id="myHttpConduit"
>> name="{myNs}myPort.http-conduit">
>> >> <http:tlsClientParameters>
>> >> <sec:keyManagers
>> >> keyPassword="${javax.net.ssl.keyStorePassword}">
>> >> <sec:keyStore
>> >> type="${javax.net.ssl.keyStoreType}"
>> >> password="${javax.net.ssl.keyStorePassword}"
>> >> file="${javax.net.ssl.keyStore}" />
>> >> </sec:keyManagers>
>> >> <sec:trustManagers>
>> >> <sec:keyStore
>> >> type="${javax.net.ssl.trustStoreType}"
>> >> file="${javax.net.ssl.trustStore}" />
>> >> </sec:trustManagers>
>> >> </http:tlsClientParameters>
>> >> </http:conduit>
>> >> </beans>
>> >>
>> >> Thanks in advance for your advice.
>> > --
>> > Daniel Kulp
>> > dkulp@apache.org - http://dankulp.com/blog
>> > Talend Community Coder - http://coders.talend.com
>>
--
Claus Ibsen
-----------------
FuseSource
Email: cibsen@fusesource.com
Web: http://fusesource.com
Twitter: davsclaus, fusenews
Blog: http://davsclaus.blogspot.com/
Author of Camel in Action: http://www.manning.com/ibsen/
Re: Setting CXF TLSClientParameters programmatically
Posted by David Karlsen <da...@gmail.com>.
Absolutely. We want to do this because of individual applications running
in the same container should have separate stores. Doesn't Camel operate
with å SSLContext for this purpose for the components?
Den 5. jan. 2012 08:09 skrev "Alexandre Gattiker" <ag...@gmail.com>
følgende:
> Good catch, many thanks!
>
> Still, it would be very useful to be able to set the key store
> parameters programmatically for an endpoint, rather than through
> system properties only.
>
> Best regards,
> Alexandre
>
> On Wed, Jan 4, 2012 at 9:07 PM, Daniel Kulp <dk...@apache.org> wrote:
> > On Wednesday, January 04, 2012 8:39:54 PM Alexandre Gattiker wrote:
> >> As of Camel 2.9.0 I can write:
> >>
> >> Map<String, Object> cxfProperties = new HashMap<String, Object>();
> >> cxfProperties.put(AuthorizationPolicy.class.getName(), policy);
> >> cxfEndpoint.setProperties(cxfProperties);
> >>
> >> Is there a similar way to set the TLSClientParameters? I would like to
> >> set them e.g. from the usual system properties
> >> javax.net.ssl.keyStoreType, etc. which are not honored by the default
> >> HTTP Conduit (why?).
> >
> > Argh.... bug in CXF. Just looked at the code. We are grabbing the
> > system property for javax.net.ssl.keyStore and
> javax.net.ssl.keyStorePassword,
> > but not for keyStoreType. :-(
> >
> > Will fix.
> >
> > Dan
> >
> >
> >
> >
> >>
> >> In CXF I can write the following, but I couldn't find a Camel
> equivalent:
> >> JaxWsClientFactoryBean factory = new JaxWsClientFactoryBean();
> >> ...
> >> proxy = factory.create();
> >> HTTPConduit conduit = (HTTPConduit) proxy.getConduit();
> >> TLSClientParameters tcp = new TLSClientParameters();
> >> tcp.setUseHttpsURLConnectionDefaultHostnameVerifier(true);
> >> tcp.setUseHttpsURLConnectionDefaultSslSocketFactory(true);
> >> conduit.setTlsClientParameters(tcp);
> >>
> >>
> >> I found a workaround as follows, but it is quite complicated. Also,
> >> the CXF conduit wildcard (name="*.http-conduit") doesn't work.
> >>
> >> context = new SpringCamelContext(new
> >> ClassPathXmlApplicationContext("/camel-ssl.xml"));
> >> context.addRoutes(...)
> >>
> >> camel-ssl.xml:
> >> <?xml version="1.0" encoding="UTF-8"?>
> >> <beans xmlns="http://www.springframework.org/schema/beans"
> >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> >> xmlns:http="http://cxf.apache.org/transports/http/configuration"
> >> xmlns:sec="http://cxf.apache.org/configuration/security"
> >> xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
> >> xsi:schemaLocation="
> >> http://www.springframework.org/schema/beans
> >> http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
> >> http://cxf.apache.org/transports/http/configuration
> >> http://cxf.apache.org/schemas/configuration/http-conf.xsd
> >> http://cxf.apache.org/configuration/security
> >> http://cxf.apache.org/schemas/configuration/security.xsd
> >> ">
> >>
> >> <bean
> >>
> class="org.springframework.beans.factory.config.PropertyPlaceholderConfigur
> >> er"> <property name="properties">
> >> <props>
> >> <prop
> >> key="javax.net.ssl.trustStoreType">JKS</prop>
> >> <prop
> >> key="javax.net.ssl.keyStoreType">JKS</prop>
> >> <prop
> >> key="javax.net.ssl.keyStorePassword">changeit</prop>
> >> </props>
> >> </property>
> >> <property name="systemPropertiesModeName">
> >> <value>SYSTEM_PROPERTIES_MODE_OVERRIDE</value>
> >> </property>
> >> </bean>
> >>
> >> <http:conduit id="myHttpConduit"
> name="{myNs}myPort.http-conduit">
> >> <http:tlsClientParameters>
> >> <sec:keyManagers
> >> keyPassword="${javax.net.ssl.keyStorePassword}">
> >> <sec:keyStore
> >> type="${javax.net.ssl.keyStoreType}"
> >> password="${javax.net.ssl.keyStorePassword}"
> >> file="${javax.net.ssl.keyStore}" />
> >> </sec:keyManagers>
> >> <sec:trustManagers>
> >> <sec:keyStore
> >> type="${javax.net.ssl.trustStoreType}"
> >> file="${javax.net.ssl.trustStore}" />
> >> </sec:trustManagers>
> >> </http:tlsClientParameters>
> >> </http:conduit>
> >> </beans>
> >>
> >> Thanks in advance for your advice.
> > --
> > Daniel Kulp
> > dkulp@apache.org - http://dankulp.com/blog
> > Talend Community Coder - http://coders.talend.com
>
Re: Setting CXF TLSClientParameters programmatically
Posted by Alexandre Gattiker <ag...@gmail.com>.
Good catch, many thanks!
Still, it would be very useful to be able to set the key store
parameters programmatically for an endpoint, rather than through
system properties only.
Best regards,
Alexandre
On Wed, Jan 4, 2012 at 9:07 PM, Daniel Kulp <dk...@apache.org> wrote:
> On Wednesday, January 04, 2012 8:39:54 PM Alexandre Gattiker wrote:
>> As of Camel 2.9.0 I can write:
>>
>> Map<String, Object> cxfProperties = new HashMap<String, Object>();
>> cxfProperties.put(AuthorizationPolicy.class.getName(), policy);
>> cxfEndpoint.setProperties(cxfProperties);
>>
>> Is there a similar way to set the TLSClientParameters? I would like to
>> set them e.g. from the usual system properties
>> javax.net.ssl.keyStoreType, etc. which are not honored by the default
>> HTTP Conduit (why?).
>
> Argh.... bug in CXF. Just looked at the code. We are grabbing the
> system property for javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword,
> but not for keyStoreType. :-(
>
> Will fix.
>
> Dan
>
>
>
>
>>
>> In CXF I can write the following, but I couldn't find a Camel equivalent:
>> JaxWsClientFactoryBean factory = new JaxWsClientFactoryBean();
>> ...
>> proxy = factory.create();
>> HTTPConduit conduit = (HTTPConduit) proxy.getConduit();
>> TLSClientParameters tcp = new TLSClientParameters();
>> tcp.setUseHttpsURLConnectionDefaultHostnameVerifier(true);
>> tcp.setUseHttpsURLConnectionDefaultSslSocketFactory(true);
>> conduit.setTlsClientParameters(tcp);
>>
>>
>> I found a workaround as follows, but it is quite complicated. Also,
>> the CXF conduit wildcard (name="*.http-conduit") doesn't work.
>>
>> context = new SpringCamelContext(new
>> ClassPathXmlApplicationContext("/camel-ssl.xml"));
>> context.addRoutes(...)
>>
>> camel-ssl.xml:
>> <?xml version="1.0" encoding="UTF-8"?>
>> <beans xmlns="http://www.springframework.org/schema/beans"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> xmlns:http="http://cxf.apache.org/transports/http/configuration"
>> xmlns:sec="http://cxf.apache.org/configuration/security"
>> xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
>> xsi:schemaLocation="
>> http://www.springframework.org/schema/beans
>> http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
>> http://cxf.apache.org/transports/http/configuration
>> http://cxf.apache.org/schemas/configuration/http-conf.xsd
>> http://cxf.apache.org/configuration/security
>> http://cxf.apache.org/schemas/configuration/security.xsd
>> ">
>>
>> <bean
>> class="org.springframework.beans.factory.config.PropertyPlaceholderConfigur
>> er"> <property name="properties">
>> <props>
>> <prop
>> key="javax.net.ssl.trustStoreType">JKS</prop>
>> <prop
>> key="javax.net.ssl.keyStoreType">JKS</prop>
>> <prop
>> key="javax.net.ssl.keyStorePassword">changeit</prop>
>> </props>
>> </property>
>> <property name="systemPropertiesModeName">
>> <value>SYSTEM_PROPERTIES_MODE_OVERRIDE</value>
>> </property>
>> </bean>
>>
>> <http:conduit id="myHttpConduit" name="{myNs}myPort.http-conduit">
>> <http:tlsClientParameters>
>> <sec:keyManagers
>> keyPassword="${javax.net.ssl.keyStorePassword}">
>> <sec:keyStore
>> type="${javax.net.ssl.keyStoreType}"
>> password="${javax.net.ssl.keyStorePassword}"
>> file="${javax.net.ssl.keyStore}" />
>> </sec:keyManagers>
>> <sec:trustManagers>
>> <sec:keyStore
>> type="${javax.net.ssl.trustStoreType}"
>> file="${javax.net.ssl.trustStore}" />
>> </sec:trustManagers>
>> </http:tlsClientParameters>
>> </http:conduit>
>> </beans>
>>
>> Thanks in advance for your advice.
> --
> Daniel Kulp
> dkulp@apache.org - http://dankulp.com/blog
> Talend Community Coder - http://coders.talend.com
Re: Setting CXF TLSClientParameters programmatically
Posted by Daniel Kulp <dk...@apache.org>.
On Wednesday, January 04, 2012 8:39:54 PM Alexandre Gattiker wrote:
> As of Camel 2.9.0 I can write:
>
> Map<String, Object> cxfProperties = new HashMap<String, Object>();
> cxfProperties.put(AuthorizationPolicy.class.getName(), policy);
> cxfEndpoint.setProperties(cxfProperties);
>
> Is there a similar way to set the TLSClientParameters? I would like to
> set them e.g. from the usual system properties
> javax.net.ssl.keyStoreType, etc. which are not honored by the default
> HTTP Conduit (why?).
Argh.... bug in CXF. Just looked at the code. We are grabbing the
system property for javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword,
but not for keyStoreType. :-(
Will fix.
Dan
>
> In CXF I can write the following, but I couldn't find a Camel equivalent:
> JaxWsClientFactoryBean factory = new JaxWsClientFactoryBean();
> ...
> proxy = factory.create();
> HTTPConduit conduit = (HTTPConduit) proxy.getConduit();
> TLSClientParameters tcp = new TLSClientParameters();
> tcp.setUseHttpsURLConnectionDefaultHostnameVerifier(true);
> tcp.setUseHttpsURLConnectionDefaultSslSocketFactory(true);
> conduit.setTlsClientParameters(tcp);
>
>
> I found a workaround as follows, but it is quite complicated. Also,
> the CXF conduit wildcard (name="*.http-conduit") doesn't work.
>
> context = new SpringCamelContext(new
> ClassPathXmlApplicationContext("/camel-ssl.xml"));
> context.addRoutes(...)
>
> camel-ssl.xml:
> <?xml version="1.0" encoding="UTF-8"?>
> <beans xmlns="http://www.springframework.org/schema/beans"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:http="http://cxf.apache.org/transports/http/configuration"
> xmlns:sec="http://cxf.apache.org/configuration/security"
> xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
> xsi:schemaLocation="
> http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
> http://cxf.apache.org/transports/http/configuration
> http://cxf.apache.org/schemas/configuration/http-conf.xsd
> http://cxf.apache.org/configuration/security
> http://cxf.apache.org/schemas/configuration/security.xsd
> ">
>
> <bean
> class="org.springframework.beans.factory.config.PropertyPlaceholderConfigur
> er"> <property name="properties">
> <props>
> <prop
> key="javax.net.ssl.trustStoreType">JKS</prop>
> <prop
> key="javax.net.ssl.keyStoreType">JKS</prop>
> <prop
> key="javax.net.ssl.keyStorePassword">changeit</prop>
> </props>
> </property>
> <property name="systemPropertiesModeName">
> <value>SYSTEM_PROPERTIES_MODE_OVERRIDE</value>
> </property>
> </bean>
>
> <http:conduit id="myHttpConduit" name="{myNs}myPort.http-conduit">
> <http:tlsClientParameters>
> <sec:keyManagers
> keyPassword="${javax.net.ssl.keyStorePassword}">
> <sec:keyStore
> type="${javax.net.ssl.keyStoreType}"
> password="${javax.net.ssl.keyStorePassword}"
> file="${javax.net.ssl.keyStore}" />
> </sec:keyManagers>
> <sec:trustManagers>
> <sec:keyStore
> type="${javax.net.ssl.trustStoreType}"
> file="${javax.net.ssl.trustStore}" />
> </sec:trustManagers>
> </http:tlsClientParameters>
> </http:conduit>
> </beans>
>
> Thanks in advance for your advice.
--
Daniel Kulp
dkulp@apache.org - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com