You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by JuliusIT <ri...@yahoo.it> on 2008/11/02 10:42:36 UTC
SSL on server side without container
Hi again
I was looking to provide a server side SSL without using a container such
Tomcat, like in Jsch for Sftp. I look around in the documetation and in the
example but they all use Spring configuration.
I would really like to put the server in a container, but my boss doesn't
want this solution.
Can enyone help me on this?
I see how I can configure it in the client, but not in the server
I'm using CXF 2.1
--
View this message in context: http://www.nabble.com/SSL-on-server-side-without-container-tp20288256p20288256.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: SSL on server side without container
Posted by JuliusIT <ri...@yahoo.it>.
I was able to configure the server and the client but I have a strange
exception:
INFO: Interceptor has thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: Security processing failed.
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:213)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:86)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:221)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:276)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:222)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:177)
at $Proxy42.sendFileToDerwid(Unknown Source)
at com.xyz.test.soap.test.Client.main(Client.java:78)
Caused by: org.apache.ws.security.WSSecurityException: WSHandler: Signature:
error during message procesingorg.apache.ws.security.WSSecurityException:
General security error (Unexpected number of X509Data: for Signature)
at
org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:57)
at
org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:192)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:47)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:198)
... 8 more
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: Security
processing failed.
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:218)
at $Proxy42.sendFileToDerwid(Unknown Source)
at com.xyz.test.soap.test.Client.main(Client.java:78)
Caused by: org.apache.cxf.binding.soap.SoapFault: Security processing
failed.
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:213)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:86)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:221)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:276)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:222)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:177)
... 2 more
Caused by: org.apache.ws.security.WSSecurityException: WSHandler: Signature:
error during message procesingorg.apache.ws.security.WSSecurityException:
General security error (Unexpected number of X509Data: for Signature)
at
org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:57)
at
org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:192)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:47)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:198)
... 8 more
I have the keystore on the calsspath and the certificate is inside, i can
export it using alias and password, here is the certificate:
-----BEGIN CERTIFICATE-----
MIIDbTCCAyugAwIBAgIESQ3KKzALBgcqhkjOOAQDBQAwgZkxFzAVBgNVBAYTDklUIC1rZXlhbGcg
UlNBMQ4wDAYDVQQIEwVJdGFseTEfMB0GA1UEBxMWTW9yc2FubyBhbCBUYWdsaWFtZW50bzEfMB0G
A1UEChMWQWN0aXZlLU1lZGlhLUdyb3VwLmNvbTERMA8GA1UECxMIUmVzZWFyY2gxGTAXBgNVBAMT
EEhvcnN0IEV4ZW5iZXJnZXIwHhcNMDgxMTAyMTU0MTMxWhcNMDkwMTMxMTU0MTMxWjCBmTEXMBUG
A1UEBhMOSVQgLWtleWFsZyBSU0ExDjAMBgNVBAgTBUl0YWx5MR8wHQYDVQQHExZNb3JzYW5vIGFs
IFRhZ2xpYW1lbnRvMR8wHQYDVQQKExZBY3RpdmUtTWVkaWEtR3JvdXAuY29tMREwDwYDVQQLEwhS
ZXNlYXJjaDEZMBcGA1UEAxMQSG9yc3QgRXhlbmJlcmdlcjCCAbcwggEsBgcqhkjOOAQBMIIBHwKB
gQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2y5tVbNeB
O4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUPBPuD9tPFHsMCNVQTWhaRMvZ1
864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4
V7l5lK+7+jrqgvlXTAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyN
KOCjrh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQBTDv+z0kq
A4GEAAKBgAu1WpClKoOmiDOXiCpjKuksKHa5wbXWCqB6rWG0ZY0q3RkFIaE2bI7bykQ4+DslonJ2
bg5A9MwAPEDuwm2B4VVdNkVrmKmPt+XautUpJT/Yb8X5UqUYX1cV1Ve4RJf/mrb6bomDhg76EPQm
DC/37XsN5ikGS2Qi8NjQvDnu4KiNMAsGByqGSM44BAMFAAMvADAsAhR0X9WVNOiisyO7FhzHRxCk
7YQcYQIUNdGZPGnG5ybG85Y+2WgiyoOJ6P8=
-----END CERTIFICATE-----
here is my config file, client:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=TestPass
org.apache.ws.security.crypto.merlin.keystore.alias=TestSoapClient
org.apache.ws.security.crypto.merlin.file=TestSoapPublic.jks
and server:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=H3x3nb3rg3r
org.apache.ws.security.crypto.merlin.file=DerWidSoapPrivate.jks
Thanks
Giulio
JuliusIT wrote:
>
>
> Benson Margulies-4 wrote:
>>
>> What's wrong with just using Spring from a simple applicaton to launch
>> the server?
>>
>> In any case, you can certainly configure the http conduit for SSL
>> without spring, but I'm hoping that Glen will see this and have one of
>> his handy samples to help you out.
>>
>>
>
> I love Spring. Really. Our Web application for handling documents are made
> with Spring. If I could I'll use it for sure. But my Boss will run it as a
> standalone server runned, as thin as possibile, inside a Debian bash
> deamon. I don't agree with this choise, we already have apache and tomcat
> up and running. So I have to follow this requirement.
> I've found this
>
> http://cwiki.apache.org/CXF20DOC/ws-security.html
>
> I' doing it now.
>
> For sure an example will be apriciated.
> And then I have to move to Momt... for binary files sending.
> I know I seems like a blind moving around. But I'm really in a hurry with
> this.
>
>
>
--
View this message in context: http://www.nabble.com/SSL-on-server-side-without-container-tp20288256p20292099.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: SSL on server side without container
Posted by JuliusIT <ri...@yahoo.it>.
Benson Margulies-4 wrote:
>
> What's wrong with just using Spring from a simple applicaton to launch
> the server?
>
> In any case, you can certainly configure the http conduit for SSL
> without spring, but I'm hoping that Glen will see this and have one of
> his handy samples to help you out.
>
>
I love Spring. Really. Our Web application for handling documents are made
with Spring. If I could I'll use it for sure. But my Boss will run it as a
standalone server runned, as thin as possibile, inside a Debian bash
deamon. I don't agree with this choise, we already have apache and tomcat up
and running. So I have to follow this requirement.
I've found this
http://cwiki.apache.org/CXF20DOC/ws-security.html
I' doing it now.
For sure an example will be apriciated.
And then I have to move to Momt... for binary files sending.
I know I seems like a blind moving around. But I'm really in a hurry with
this.
--
View this message in context: http://www.nabble.com/SSL-on-server-side-without-container-tp20288256p20289321.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: SSL on server side without container
Posted by Benson Margulies <bi...@gmail.com>.
What's wrong with just using Spring from a simple applicaton to launch
the server?
In any case, you can certainly configure the http conduit for SSL
without spring, but I'm hoping that Glen will see this and have one of
his handy samples to help you out.
On Sun, Nov 2, 2008 at 4:42 AM, JuliusIT <ri...@yahoo.it> wrote:
>
> Hi again
>
> I was looking to provide a server side SSL without using a container such
> Tomcat, like in Jsch for Sftp. I look around in the documetation and in the
> example but they all use Spring configuration.
> I would really like to put the server in a container, but my boss doesn't
> want this solution.
> Can enyone help me on this?
> I see how I can configure it in the client, but not in the server
>
> I'm using CXF 2.1
> --
> View this message in context: http://www.nabble.com/SSL-on-server-side-without-container-tp20288256p20288256.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
>
Re: SSL on server side without container
Posted by JuliusIT <ri...@yahoo.it>.
I sort It out, I setted the wrong user in
outProps.put(WSHandlerConstants.USER, user);
this needs the user to be the same of the alias of the certificate, is not
sufficent that it is set in the properties file related to the keystore.
Thanks
Giulio
dkulp wrote:
>
> On Sunday 02 November 2008 4:42:36 am JuliusIT wrote:
>> Hi again
>>
>> I was looking to provide a server side SSL without using a container such
>> Tomcat, like in Jsch for Sftp. I look around in the documetation and in
>> the
>> example but they all use Spring configuration.
>> I would really like to put the server in a container, but my boss doesn't
>> want this solution.
>
> Umm... you can use the spring configuration without running a full blown
> container. Take a look at the wsdl_first_https sample. It brings up
> our
> internal Jetty on an SSL port for the client to hit. It's spring
> configuration, but using a "main method" type thing to start it up and
> such.
>
> Dan
>
>
>
>> Can enyone help me on this?
>> I see how I can configure it in the client, but not in the server
>>
>> I'm using CXF 2.1
>
>
>
> --
> Daniel Kulp
> dkulp@apache.org
> http://dankulp.com/blog
>
>
--
View this message in context: http://www.nabble.com/SSL-on-server-side-without-container-tp20288256p20329128.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: SSL on server side without container
Posted by Daniel Kulp <dk...@apache.org>.
On Sunday 02 November 2008 4:42:36 am JuliusIT wrote:
> Hi again
>
> I was looking to provide a server side SSL without using a container such
> Tomcat, like in Jsch for Sftp. I look around in the documetation and in the
> example but they all use Spring configuration.
> I would really like to put the server in a container, but my boss doesn't
> want this solution.
Umm... you can use the spring configuration without running a full blown
container. Take a look at the wsdl_first_https sample. It brings up our
internal Jetty on an SSL port for the client to hit. It's spring
configuration, but using a "main method" type thing to start it up and such.
Dan
> Can enyone help me on this?
> I see how I can configure it in the client, but not in the server
>
> I'm using CXF 2.1
--
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog