开发者

Securing Web Service communication with SSL using CXF

I am trying to secure communications via SSL/TLS for one of our Web Service using CXF 2.2.5. I am wondering how to update client and server Spring configuration file to activate this feature. I found some information on CXF's website (CXF Wiki) for the client configuration, here is the given example:

 <http:conduit name="{http://apache.org/hello_world}HelloWorld.http-conduit">
   <http:tlsClientParameters>
      <sec:keyManagers keyPassword="password">
           <sec:keyStore type="JKS" password="password"
                file="src/test/java/org/apache/cxf/systest/http/resources/Morpit.jks"/>
      </sec:keyManagers>
      <sec:trustManagers>
          <sec:keyStore type="JKS" password="password"
               file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
      </sec:trustManagers>
      <sec:cipherSuitesFilter>
        <!-- these filters ensure that a ciphersuite with
          export-suitable or null encryption is used,
          but exclude anonymous Diffie-Hellman key change as
          this is vulnerable to man-in-the-middle attacks -->
        <sec:include>.*_EXPORT_.*</sec:include>
        <sec:include>.*_EXPORT1024_.*</sec:include>
        <sec:include>.*_WITH_DES_.*</sec:include>
        <sec:include>.*_WITH_NULL_.*</sec:include>
        <sec:exclude>.*_DH_anon_.*</sec:exclude>
      </sec:cipherSuitesFilter>
  </http:tlsClientParameters>
  <http:authorization>
     <sec:UserName>Betty</sec:UserName>
     <sec:Password>password</sec:Password>
  </http:authorization>
  <http:client AutoRedirect="true" Connection="Keep-Alive"/>
 </http:conduit>

Con开发者_StackOverflowcerning this configuration, the

Concerning the server side configuration I am unable to launch the server properly, here is the configuration I have:

<http:destination name="{urn:ihe:iti:xds-b:2007}DocumentRepository_Port_Soap12.http-destination">
    </http:destination>

    <httpj:engine-factory>
            <httpj:engine port="9043">
                    <httpj:tlsServerParameters>
                            <sec:keyManagers keyPassword="changeit">
                                    <sec:keyStore type="JKS" password="changeit" file="security/keystore.jks" />
                            </sec:keyManagers>
                            <sec:trustManagers>
                                    <sec:keyStore type="JKS" password="changeit" file="security/cacerts.jks" />
                            </sec:trustManagers>
                            <sec:cipherSuitesFilter>
                                    <!--
                                            these filters ensure that a ciphersuite with export-suitable or null encryption is used, but exclude
                                            anonymous Diffie-Hellman key change as this is vulnerable to man-in-the-middle attacks
                                    -->
                                    <sec:include>.*_EXPORT_.*</sec:include>
                                    <sec:include>.*_EXPORT1024_.*</sec:include>
                                    <sec:include>.*_WITH_DES_.*</sec:include>
                                    <sec:include>.*_WITH_NULL_.*</sec:include>
                                    <sec:exclude>.*_DH_anon_.*</sec:exclude>
                            </sec:cipherSuitesFilter>
                            <sec:clientAuthentication want="true" required="true" />
                    </httpj:tlsServerParameters>
            </httpj:engine>
    </httpj:engine-factory>

But when I run my application server (JOnas) with this configuration I have the following error message:

Line 20 in XML document from ServletContext resource [/WEB-INF/beans.xml] is invalid; nested exception is org.xml.sax.SAXParseException: cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'httpj:engine-factory'.

Do you guys know how to solve this issue?

Thanks in advance,


It sounds like you are missing a namespace declaration or you have fat-fingered your XML. This is likely more of a Spring related issue than a CXF issue.

Check that the following items appear on your beans element where you declare httj:engine-factory:

<beans
  ...
  xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
  ...
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="
      http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
      ...">
  <import resource="classpath:META-INF/cxf/cxf-extension-http.xml" />
  <import resource="classpath:META-INF/cxf/cxf-extension-http-jetty.xml" />

Check that the CXF Jetty Transport JAR is in your classpath at runtime.

If you add the declaration and the schema location to your context file in your IDE (at least in Eclipse with the Spring plug-ins and IDEA) you should get schema validation right in your IDE so you can easily find any mistakes you make and take advantage of auto-completion.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜