camel-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Willem Jiang <willem.ji...@gmail.com>
Subject Re: Setting CXF TLSClientParameters programmatically
Date Thu, 05 Jan 2012 10:52:18 GMT
Current camel-cxf doesn't care any thing of the CXF endpoint transport. 

I think the issue should  be address in the CXF side instead of 
camel-cxf.


On Thu Jan  5 15:50:16 2012, Claus Ibsen wrote:
> David have worked on uniform TLS/SSL configuration of the Camel components.
>
> He wrote a lot of documentation and whatnot here
> http://camel.apache.org/camel-configuration-utilities.html
>
> And from time to time add support for it with the Camel components.
>
> But I guess CXF has already a lot of bells and whistles for SSL configuration
> http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html
>
> So I wonder if it makes sense at all to try to allow to use the stuff
> David did for camel-cxf as well?
> However as people often already configure CXF using the CXF
> namespaces, then it may just add more confusion to the mix.
>
> Any thoughts?
>
>
>
> On Thu, Jan 5, 2012 at 8:15 AM, David Karlsen<davidkarlsen@gmail.com>  wrote:
>> Absolutely. We want to do this because of individual applications running
>> in the same container should have separate stores. Doesn't Camel operate
>> with å SSLContext for this purpose for the components?
>> Den 5. jan. 2012 08:09 skrev "Alexandre Gattiker"<agattiker@gmail.com>
>> følgende:
>>
>>> Good catch, many thanks!
>>>
>>> Still, it would be very useful to be able to set the key store
>>> parameters programmatically for an endpoint, rather than through
>>> system properties only.
>>>
>>> Best regards,
>>> Alexandre
>>>
>>> On Wed, Jan 4, 2012 at 9:07 PM, Daniel Kulp<dkulp@apache.org>  wrote:
>>>> On Wednesday, January 04, 2012 8:39:54 PM Alexandre Gattiker wrote:
>>>>> As of Camel 2.9.0 I can write:
>>>>>
>>>>> Map<String, Object>  cxfProperties = new HashMap<String, Object>();
>>>>> cxfProperties.put(AuthorizationPolicy.class.getName(), policy);
>>>>> cxfEndpoint.setProperties(cxfProperties);
>>>>>
>>>>> Is there a similar way to set the TLSClientParameters? I would like to
>>>>> set them e.g. from the usual system properties
>>>>> javax.net.ssl.keyStoreType, etc. which are not honored by the default
>>>>> HTTP Conduit (why?).
>>>>
>>>> Argh....   bug in CXF.     Just looked at the code.   We are grabbing the
>>>> system property for javax.net.ssl.keyStore and
>>> javax.net.ssl.keyStorePassword,
>>>> but not for keyStoreType.  :-(
>>>>
>>>> Will fix.
>>>>
>>>> Dan
>>>>
>>>>
>>>>
>>>>
>>>>>
>>>>> In CXF I can write the following, but I couldn't find a Camel
>>> equivalent:
>>>>> JaxWsClientFactoryBean factory = new JaxWsClientFactoryBean();
>>>>> ...
>>>>> proxy = factory.create();
>>>>> HTTPConduit conduit = (HTTPConduit) proxy.getConduit();
>>>>> TLSClientParameters tcp = new TLSClientParameters();
>>>>> tcp.setUseHttpsURLConnectionDefaultHostnameVerifier(true);
>>>>> tcp.setUseHttpsURLConnectionDefaultSslSocketFactory(true);
>>>>> conduit.setTlsClientParameters(tcp);
>>>>>
>>>>>
>>>>> I found a workaround as follows, but it is quite complicated. Also,
>>>>> the CXF conduit wildcard (name="*.http-conduit") doesn't work.
>>>>>
>>>>> context = new SpringCamelContext(new
>>>>> ClassPathXmlApplicationContext("/camel-ssl.xml"));
>>>>> context.addRoutes(...)
>>>>>
>>>>> camel-ssl.xml:
>>>>> <?xml version="1.0" encoding="UTF-8"?>
>>>>> <beans xmlns="http://www.springframework.org/schema/beans"
>>>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>>>> xmlns:http="http://cxf.apache.org/transports/http/configuration"
>>>>>          xmlns:sec="http://cxf.apache.org/configuration/security"
>>>>> xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
>>>>>          xsi:schemaLocation="
>>>>>         http://www.springframework.org/schema/beans
>>>>> http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
>>>>>        http://cxf.apache.org/transports/http/configuration
>>>>> http://cxf.apache.org/schemas/configuration/http-conf.xsd
>>>>>         http://cxf.apache.org/configuration/security
>>>>> http://cxf.apache.org/schemas/configuration/security.xsd
>>>>> ">
>>>>>
>>>>>          <bean
>>>>>
>>> class="org.springframework.beans.factory.config.PropertyPlaceholderConfigur
>>>>> er">  <property name="properties">
>>>>>                          <props>
>>>>>                                  <prop
>>>>> key="javax.net.ssl.trustStoreType">JKS</prop>
>>>>>                                  <prop
>>>>> key="javax.net.ssl.keyStoreType">JKS</prop>
>>>>>                                  <prop
>>>>> key="javax.net.ssl.keyStorePassword">changeit</prop>
>>>>>                          </props>
>>>>>                  </property>
>>>>>                  <property name="systemPropertiesModeName">
>>>>>                          <value>SYSTEM_PROPERTIES_MODE_OVERRIDE</value>
>>>>>                  </property>
>>>>>          </bean>
>>>>>
>>>>>          <http:conduit id="myHttpConduit"
>>> name="{myNs}myPort.http-conduit">
>>>>>                  <http:tlsClientParameters>
>>>>>                          <sec:keyManagers
>>>>> keyPassword="${javax.net.ssl.keyStorePassword}">
>>>>>                                  <sec:keyStore
>>>>> type="${javax.net.ssl.keyStoreType}"
>>>>> password="${javax.net.ssl.keyStorePassword}"
>>>>> file="${javax.net.ssl.keyStore}" />
>>>>>                          </sec:keyManagers>
>>>>>                          <sec:trustManagers>
>>>>>                                  <sec:keyStore
>>>>> type="${javax.net.ssl.trustStoreType}"
>>>>> file="${javax.net.ssl.trustStore}" />
>>>>>                          </sec:trustManagers>
>>>>>                  </http:tlsClientParameters>
>>>>>          </http:conduit>
>>>>> </beans>
>>>>>
>>>>> Thanks in advance for your advice.
>>>> --
>>>> Daniel Kulp
>>>> dkulp@apache.org - http://dankulp.com/blog
>>>> Talend Community Coder - http://coders.talend.com
>>>
>
>
>



-- 
Willem
----------------------------------
FuseSource
Web: http://www.fusesource.com
Blog:    http://willemjiang.blogspot.com (English)
         http://jnn.javaeye.com (Chinese)
Twitter: willemjiang 
Weibo: willemjiang 


Mime
View raw message