Me again.
This configuration seems to work as well... shortened a bit...
<beans ...>
<httpj:engine-factory id="https" bus="cxf">
<httpj:identifiedTLSServerParameters id="secure">
<httpj:tlsServerParameters>
</httpj:tlsServerParameters>
</httpj:identifiedTLSServerParameters>
<httpj:engine port="9001">
<httpj:tlsServerParametersRef id="secure"/>
<httpj:threadingParameters minThreads="5" maxThreads="15"/>
<httpj:connector>
<bean
class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<property name="port" value="9001"/>
<constructor-arg>
<bean
class="org.eclipse.jetty.http.ssl.SslContextFactory">
<property name="keyStore" value=""/>
<property name="keyStoreType" value="..."/>
<property name="keyStorePassword" value="..."/>
<property name="trustStore" value="..."/>
<property name="trustStoreType" value="..."/>
<property name="trustStorePassword" value="..."/>
<property name="wantClientAuth" value="..."/>
<property name="needClientAuth" value="..."/>
<property name="excludeCipherSuites" ref="banned"/>
</bean>
</constructor-arg>
</bean>
</httpj:connector>
<httpj:handlers>
<bean class="org.eclipse.jetty.server.handler.DefaultHandler"/>
</httpj:handlers>
<httpj:sessionSupport>true</httpj:sessionSupport>
</httpj:engine>
</httpj:engine-factory>
<bean id="banned" class="..." factory-method="...">
<constructor-arg value="..."/>
</bean>
</beans>
And again, I repeat:
More/other properties can be set as specified in
http://wiki.eclipse.org/Jetty/Howto/Configure_SSL#Configuring_Jetty.
Not sure if the keyPassword for keyManagers is really needed, more info
here:
http://stackoverflow.com/questions/10847983/what-is-the-difference-between-keystorepassword-and-keymanagerpassword-in-jetty.
And I believe, instead of
org.eclipse.jetty.server.ssl.SslSelectChannelConnector, the class
org.eclipse.jetty.server.ssl.SslSocketConnector can be used as well...
looked very similar and worked, too.
Jana
Am Fr, 13.06.2014, 01:47 schrieb Jana Weschenfelder:
> I forgot something:
> More info:
> http://cxf.apache.org/docs/secure-jax-rs-services.html#SecureJAX-RSServices-Configuringendpoints
> (till the end of the page)
>
> And:
> <bean id="banned" class="..." factory-method="...">
> <constructor-arg value="...">
> </bean>
>
> Should be:
> <bean id="banned" class="..." factory-method="...">
> <constructor-arg value="..."/>
> </bean>
>
> I just forgot a slash there. ;-)
>
> Jana
>
>
> Am Fr, 13.06.2014, 01:30 schrieb Jana Weschenfelder:
>> Hello, I think I got it working...
>>
>> With the following configuration, it seems to work... I haven't found
>> online references for it, and it looks twice configured, but it seems to
>> work correctly... I have invented it right now, thanks to the Spring IoC
>> documentation.
>>
>> <beans ...>
>>
>> <httpj:engine-factory id="https" bus="cxf">
>> <httpj:identifiedTLSServerParameters id="secure">
>> <httpj:tlsServerParameters>
>> <sec:keyManagers>
>> <sec:keyStore type="..." password="..." file="..."/>
>> </sec:keyManagers>
>> <sec:trustManagers>
>> <sec:keyStore type="..." password="..." file="..."/>
>> </sec:trustManagers>
>> <sec:cipherSuitesFilter>
>> <sec:include>.*_EXPORT_.*</sec:include>
>> <sec:include>.*_EXPORT1024_.*</sec:include>
>> <sec:include>.*_WITH_DES_.*</sec:include>
>> <sec:include>.*_WITH_NULL_.*</sec:include>
>> <sec:exclude>.*_DH_anon_.*</sec:exclude>
>> </sec:cipherSuitesFilter>
>> </httpj:tlsServerParameters>
>> </httpj:identifiedTLSServerParameters>
>> <httpj:engine port="9001">
>> <httpj:tlsServerParametersRef id="secure"/>
>> <httpj:threadingParameters minThreads="5" maxThreads="15"/>
>> <httpj:connector>
>> <bean
>> class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
>> <property name="port" value="9001"/>
>> <constructor-arg>
>> <bean
>> class="org.eclipse.jetty.http.ssl.SslContextFactory">
>> <property name="keyStore" value=""/>
>> <property name="keyStoreType" value="..."/>
>> <property name="keyStorePassword" value="..."/>
>> <property name="trustStore" value="..."/>
>> <property name="trustStoreType" value="..."/>
>> <property name="trustStorePassword"
>> value="..."/>
>> <property name="wantClientAuth" value="..."/>
>> <property name="needClientAuth" value="..."/>
>> <property name="excludeCipherSuites"
>> ref="banned"/>
>> </bean>
>> </constructor-arg>
>> </bean>
>> </httpj:connector>
>> <httpj:handlers>
>> <bean
>> class="org.eclipse.jetty.server.handler.DefaultHandler"/>
>> </httpj:handlers>
>> <httpj:sessionSupport>true</httpj:sessionSupport>
>> </httpj:engine>
>> </httpj:engine-factory>
>>
>> <bean id="banned" class="..." factory-method="...">
>> <constructor-arg value="...">
>> </bean>
>>
>> </beans>
>>
>> The configuration looks really twice now... but without the lower
>> configuration, you will get an error message that a .keystore file is
>> missing. And without the upper configuration, you will get the error
>> message "java.lang.RuntimeException: Connector
>> SslSelectChannelConnector@0.0.0.0:9001 for JettyServerEngine Port 9001
>> does not support non-SSL connections.".
>>
>> If you configure it twice as above, it seems to work without any
>> problems.
>> I can connect to the service after I confirmed that I trust the web
>> site,
>> as it should be. It will need more tests to be very sure.
>>
>> More/other properties can be set as specified in
>> http://cxf.apache.org/docs/jetty-configuration.html and
>> http://wiki.eclipse.org/Jetty/Howto/Configure_SSL#Configuring_Jetty. I
>> think the configuration needs to be done twice at the moment so that it
>> works, on CXF side and on Jetty side (the Jetty side uses Spring IoC).
>>
>> Not sure if the keyPassword for keyManagers is really needed, more info
>> here:
>> http://stackoverflow.com/questions/10847983/what-is-the-difference-between-keystorepassword-and-keymanagerpassword-in-jetty.
>>
>> If the configuration above is correct, either Apache or Eclipse will
>> have
>> to update their documentation. I would think that Eclipse made a change
>> sometime and Apache still doesn't know about it. As I said, I also have
>> to
>> test the configuration first. It looks very good so far, but it still
>> can
>> be wrong somewhere.
>>
>> I believe, instead of
>> org.eclipse.jetty.server.ssl.SslSelectChannelConnector, the class
>> org.eclipse.jetty.server.ssl.SslSocketConnector can be used as well...
>> looked very similar and worked, too.
>>
>> Thanks, Jana
>>
>>
>> Am Do, 12.06.2014, 23:45 schrieb Jana Weschenfelder:
>>> Dear Ladies and Gentlemen,
>>>
>>> I have exactly the problem of
>>> http://mail-archives.apache.org/mod_mbox/cxf-users/201403.mbox/%3c5316440e.4020...@serotoninsoftware.com%3E.
>>> I don't know if there existed a solution already.
>>>
>>> I followed the instructions of
>>> http://cxf.apache.org/docs/jetty-configuration.html and I don't have
>>> any
>>> success by using org.eclipse.jetty.server.bio.SocketConnector here. I
>>> receive the error message then that the port (HTTP) wouldn't be
>>> configured
>>> for HTTPS.
>>>
>>> Regarding to Eclipse, org.eclipse.jetty.server.bio.SocketConnector is
>>> configured for HTTP and is not a SSLConnector, and it also doesn't
>>> accept
>>> any SSL Configuration if I look into the code there.
>>>
>>> If I read the instructions of
>>> http://wiki.eclipse.org/Jetty/Howto/Configure_SSL#Configuring_Jetty,
>>> org.eclipse.jetty.server.ssl.SslSelectChannelConnector should be used
>>> as
>>> SSLConnector instead. But if I just replace
>>> org.eclipse.jetty.server.bio.SocketConnector in the example of
>>> http://cxf.apache.org/docs/jetty-configuration.html, I receive the
>>> error
>>> message "java.io.FileNotFoundException: /home/user/.keystore" as
>>> described
>>> in
>>> http://mail-archives.apache.org/mod_mbox/cxf-users/201403.mbox/%3c5316440e.4020...@serotoninsoftware.com%3E.
>>>
>>> I would think that something like this would be more correct, regarding
>>> to
>>> Eclipse:
>>> <httpj:engine-factory id="https" bus="cxf">
>>> <httpj:engine port="${cdmi.net.ssl.port}">
>>> <httpj:threadingParameters minThreads="5" maxThreads="15" />
>>> <httpj:connector>
>>> <bean
>>> class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
>>> <property name = "port" value="9001"/>
>>> <bean
>>> class="org.eclipse.jetty.http.ssl.SslContextFactory">
>>> <property name="keyStore" value="..."/>
>>> <property name="keystoreType" value="..."/>
>>> <property name="keyStorePassword" value="..."/>
>>> ...
>>> <property name="excludeCipherSuites" ref="..."/>
>>> </bean>
>>> </bean>
>>> </httpj:connector>
>>> <httpj:handlers>
>>> <bean
>>> class="org.eclipse.jetty.server.handler.DefaultHandler"/>
>>> </httpj:handlers>
>>> <httpj:sessionSupport>true</httpj:sessionSupport>
>>> </httpj:engine>
>>> </httpj:engine-factory>
>>>
>>> But it doesn't work. It doesn't accept the part <bean
>>> class="org.eclipse.jetty.http.ssl.SslContextFactory">...</bean> within
>>> of
>>> <bean
>>> class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">...</bean>.
>>> The error message is "Invalid content was found starting with element
>>> 'bean'.".
>>>
>>> A similar configuration was found here:
>>> http://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#configuring-sslcontextfactory
>>>
>>> But I need it for httpj:engine-factory.
>>>
>>> What is the right way to configure the Jetty Runtime with SSLConnector?
>>> Is Jetty still supported by Apache CXF? Btw, HTTP works fine, but I
>>> need
>>> HTTPS because of certificates.
>>>
>>> Many thanks in advance!!!
>>>
>>> Jana
>>>
>>>
>>
>>
>>
>
>
>
