cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Glen Mazza (JIRA)" <j...@apache.org>
Subject [jira] Commented: (CXF-3064) JAX-RS SSL on Google App Engine
Date Tue, 22 Feb 2011 14:46:43 GMT

    [ https://issues.apache.org/jira/browse/CXF-3064?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12997829#comment-12997829
] 

Glen Mazza commented on CXF-3064:
---------------------------------

Are there legitimate safety reasons why Google hides the getSSLSocketFactory, namely to prevent
nonrigorous/novice developers from creating supposedly secure applications handling other
people's data that are not actually secure?  Google probably went out of its way to use that
non-standard HttpURLConnection and I suspect would have had a reason for that.

> JAX-RS SSL on Google App Engine
> -------------------------------
>
>                 Key: CXF-3064
>                 URL: https://issues.apache.org/jira/browse/CXF-3064
>             Project: CXF
>          Issue Type: Improvement
>          Components: JAX-RS, Transports
>    Affects Versions: 2.2.11
>            Reporter: Gary Rudolph
>
> I've been using JAX-RS with CXF with Google App Engine with success as a service provider
as well as client proxies. Unfortunately, when a jaxrs spring injected client needs https
I run into issues as the GAE {{HttpURLConnection}} is non-standard and doesn't contain the
method {{getSSLSocketFactory}}.
> I noticed that {{TLSClientParameters}} now contains a {{setSSLSocketFactory}}, but it's
not exposed through the spring xsd. Can we please change the {{<http:tlsClientParameters>}}
xsd to support injecting the {{sslSocketFactory}}? Then I could get it from GAE and do it
myself.
> The other option is to have {{HttpsURLConnectionFactory.decorateWithTLS}} attempt to
get the {{SSLSocketFactory}} using {{SSLSocketFactory.getSSLSocketFactory}}.
> Note, I'm doing the following in a spring config:
> {code:xml}
> <http:conduit id="where-twilio-conduit" name="https://api.twilio.com/*">
> 	<!--  FIXME: This will work if we can figure out a way to set sslSocketFactory to
SSLSocketFactory.getSSLSocketFactory -->
> 	<http:tlsClientParameters useHttpsURLConnectionDefaultSslSocketFactory="true" disableCNCheck="true"/>
> 	<http:authorization>
> 		<sec:UserName>foo</sec:UserName>
> 		<sec:Password>bar</sec:Password>
> 	</http:authorization>
> </http:conduit>
> <jaxrs:client id="where-twilio-resource" address="https://api.twilio.com/2008-08-01"
serviceClass="com.lolay.where.service.support.TwilioResource">
> 	<jaxrs:features>
> 		<cxf:logging/>
> 	</jaxrs:features>
> </jaxrs:client>
> {code}
> Then, I'm receiving the following error:
> {noformat}
> Oct 13, 2010 4:05:56 PM org.apache.cxf.transport.https.SSLUtils getCiphersuites
> INFO: The cipher suites have not been configured, falling back to cipher suite filters.
> Oct 13, 2010 4:05:56 PM org.apache.cxf.transport.https.SSLUtils getCiphersuites
> INFO: The cipher suite filters have not been configured, falling back to default filters.
> Oct 13, 2010 4:05:56 PM org.apache.cxf.transport.https.SSLUtils getCiphersFromList
> INFO: The cipher suites have been set to SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
TLS_KRB5_WITH_RC4_128_SHA, TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5,
TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA, TLS_KRB5_EXPORT_WITH_RC4_40_MD5,
TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5.  
> Oct 13, 2010 4:05:56 PM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
> WARNING: Interceptor for {http://support.service.where.lolay.com/}TwilioResource has
thrown exception, unwinding now
> org.apache.cxf.interceptor.Fault: Could not send Message.
> 	at org.apache.cxf.interceptor.MessageSenderInterceptor.handleMessage(MessageSenderInterceptor.java:48)
> 	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
> 	at org.apache.cxf.jaxrs.client.ClientProxyImpl.doChainedInvocation(ClientProxyImpl.java:438)
> 	at org.apache.cxf.jaxrs.client.ClientProxyImpl.invoke(ClientProxyImpl.java:177)
> 	at $Proxy43.sendSmsMessage(Unknown Source)
> 	at com.lolay.where.service.resources.BaseResourceImpl.sendSms(BaseResourceImpl.java:497)
> 	at com.lolay.where.service.resources.TokenResourceImpl.passwordReset(TokenResourceImpl.java:333)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> 	at java.lang.reflect.Method.invoke(Method.java:597)
> 	at com.google.appengine.tools.development.agent.runtime.Runtime.invoke(Runtime.java:100)
> 	at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:173)
> 	at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:89)
> 	at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:133)
> 	at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:82)
> 	at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58)
> 	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
> 	at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
> 	at java.util.concurrent.FutureTask.run(FutureTask.java:138)
> 	at org.apache.cxf.workqueue.SynchronousExecutor.execute(SynchronousExecutor.java:37)
> 	at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:106)
> 	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
> 	at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:111)
> 	at org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:99)
> 	at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:428)
> 	at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:144)
> 	at org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServlet.java:148)
> 	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:179)
> 	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPut(AbstractHTTPServlet.java:120)
> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:716)
> 	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:159)
> 	at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
> 	at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166)
> 	at com.google.appengine.api.blobstore.dev.ServeBlobFilter.doFilter(ServeBlobFilter.java:58)
> 	at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
> 	at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:43)
> 	at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
> 	at com.google.appengine.tools.development.StaticFileFilter.doFilter(StaticFileFilter.java:122)
> 	at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
> 	at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
> 	at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
> 	at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
> 	at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
> 	at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
> 	at com.google.apphosting.utils.jetty.DevAppEngineWebAppContext.handle(DevAppEngineWebAppContext.java:70)
> 	at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
> 	at com.google.appengine.tools.development.JettyContainerService$ApiProxyHandler.handle(JettyContainerService.java:349)
> 	at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
> 	at org.mortbay.jetty.Server.handle(Server.java:326)
> 	at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
> 	at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:938)
> 	at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:755)
> 	at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:218)
> 	at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
> 	at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:409)
> 	at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
> Caused by: java.io.IOException: Error while initializing secure socket
> 	at org.apache.cxf.transport.https.HttpsURLConnectionFactory.createConnection(HttpsURLConnectionFactory.java:134)
> 	at org.apache.cxf.transport.http.HTTPConduit.prepare(HTTPConduit.java:504)
> 	at org.apache.cxf.interceptor.MessageSenderInterceptor.handleMessage(MessageSenderInterceptor.java:46)
> 	... 56 more
> Caused by: java.lang.IllegalArgumentException: Error decorating connection class com.google.apphosting.utils.security.urlfetch.URLFetchServiceStreamHandler$Connection
> 	at org.apache.cxf.transport.https.HttpsURLConnectionFactory.decorateWithTLS(HttpsURLConnectionFactory.java:255)
> 	at org.apache.cxf.transport.https.HttpsURLConnectionFactory.createConnection(HttpsURLConnectionFactory.java:125)
> 	... 58 more
> Caused by: java.lang.NoSuchMethodException: com.google.apphosting.utils.security.urlfetch.URLFetchServiceStreamHandler$Connection.getSSLSocketFactory()
> 	at java.lang.Class.getMethod(Class.java:1605)
> 	at org.apache.cxf.transport.https.HttpsURLConnectionFactory.decorateWithTLS(HttpsURLConnectionFactory.java:231)
> 	... 59 more
> {noformat}

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message