cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jesse Pangburn <Jesse.Pangb...@us.lawson.com>
Subject SSL engine starting problem
Date Thu, 21 Jul 2011 00:54:49 GMT
Hi,
I'm new to CXF so please forgive these noob questions.  I'm running CXF embedded in a Spring
app and have a couple problems.  The following is the content of my spring config xml:
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:http="http://cxf.apache.org/transports/http/configuration"
	xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
	xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:cxf="http://cxf.apache.org/core"
	xmlns:soap="http://cxf.apache.org/bindings/soap"
	xsi:schemaLocation="http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd
            http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
            http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
            http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
            http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd
            http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
            http://cxf.apache.org/bindings/soap http://cxf.apache.org/schemas/configuration/soap.xsd">

	<import resource="classpath:META-INF/cxf/cxf.xml" />
	<import resource="classpath:META-INF/cxf/cxf-extension-jaxws.xml" />
 
	<jaxws:endpoint id="restfulGreeting" 
		implementor="com.infor.cloverleaf.ib.RestfulGreetingProvider"		
		bindingUri="http://www.w3.org/2004/08/wsdl/http"
		address="http://localhost:9001/RestfulGreeting" />
 
	<httpj:engine-factory bus="cxf" id="engineFactory">

		<httpj:engine port="9001" >
			<httpj:threadingParameters minThreads="6"
				maxThreads="16" />
		</httpj:engine>

		<httpj:engine port="9002">
			<httpj:tlsServerParameters>
				<sec:keyManagers keyPassword="changeit">
					<sec:keyStore type="JKS" password="changeit"
						file="/home/jpangburn/certs/server-keystore.jks" />
				</sec:keyManagers>
				<sec:trustManagers>
					<sec:keyStore type="JKS" password="changeit"
						file="/home/jpangburn/certs/server-truststore.jks" />
				</sec:trustManagers>
				<sec:cipherSuitesFilter>
					<sec:include>.*_EXPORT_.*</sec:include>
					<sec:include>.*_EXPORT1024_.*</sec:include>
					<sec:include>.*_WITH_DES_.*</sec:include>
					<sec:include>.*_WITH_NULL_.*</sec:include>
					<sec:exclude>.*_DH_anon_.*</sec:exclude>
				</sec:cipherSuitesFilter>
			</httpj:tlsServerParameters>
			<httpj:threadingParameters minThreads="5"
				maxThreads="15" />
			<httpj:connector>
				<beans:bean class="org.eclipse.jetty.server.ssl.SslSocketConnector">
					<beans:property name="port" value="9002" />
				</beans:bean>
			</httpj:connector>
			<httpj:handlers>
				<beans:bean class="org.eclipse.jetty.server.handler.DefaultHandler" />
			</httpj:handlers>
			<httpj:sessionSupport>true</httpj:sessionSupport>
		</httpj:engine>
	</httpj:engine-factory>
</beans>

This file is loaded by the following code:
ApplicationContext context = new ClassPathXmlApplicationContext(new String[] {"/com/infor/cloverleaf/ib/IBApplicationContext.xml"});
// this line is just for debugging, not needed otherwise
Object factory = context.getBean("engineFactory");

With the address in my restful endpoint like this 'address="http://localhost:9001/RestfulGreeting"'
I have no problems.  I can connect to the service and in the debugger when I look at the factory
object's portMap field I find that the 9001 port has maxThreads=16 and minThreads=6, so I
know that it's using the httpj:engine settings for that port.

Problem #1 is if I change the address to 'address="https://localhost:9002/RestfulGreeting"'
to use SSL then I get an error on startup.  It says this:
WARNING: FAILED org.eclipse.jetty.http.ssl.SslContextFactory@73b879: java.io.FileNotFoundException:
/home/jpangburn/.keystore (No such file or directory)

So since it's looking for /home/jpangburn/.keystore (the default) instead of /home/jpangburn/certs/server-keystore.jks
as I have configured for port 9002, it's clear that it's ignoring my configuration for that
port.  I know it's reading the configuration for the HTTP port, so why not the HTTPS port?

The problem #2 is probably just my own misunderstanding, but I see some examples where the
address doesn't have the host:port but can't get it to work.  If I set 'address="/RestfulGreeting"'
it does not seem to start the jetty engine and netstat shows the port is not listening.  I
would have thought that it would try to listen on each engine instance (port 9001 and 9002
in my case) when you didn't specify the host port.  Instead it says the following but doesn't
open any ports:
INFO: Setting the server's publish address to be /RestfulGreeting

Thanks for your help!
Jesse


Mime
View raw message