Me again. This configuration seems to work as well... shortened a bit...
<beans ...> <httpj:engine-factory id="https" bus="cxf"> <httpj:identifiedTLSServerParameters id="secure"> <httpj:tlsServerParameters> </httpj:tlsServerParameters> </httpj:identifiedTLSServerParameters> <httpj:engine port="9001"> <httpj:tlsServerParametersRef id="secure"/> <httpj:threadingParameters minThreads="5" maxThreads="15"/> <httpj:connector> <bean class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector"> <property name="port" value="9001"/> <constructor-arg> <bean class="org.eclipse.jetty.http.ssl.SslContextFactory"> <property name="keyStore" value=""/> <property name="keyStoreType" value="..."/> <property name="keyStorePassword" value="..."/> <property name="trustStore" value="..."/> <property name="trustStoreType" value="..."/> <property name="trustStorePassword" value="..."/> <property name="wantClientAuth" value="..."/> <property name="needClientAuth" value="..."/> <property name="excludeCipherSuites" ref="banned"/> </bean> </constructor-arg> </bean> </httpj:connector> <httpj:handlers> <bean class="org.eclipse.jetty.server.handler.DefaultHandler"/> </httpj:handlers> <httpj:sessionSupport>true</httpj:sessionSupport> </httpj:engine> </httpj:engine-factory> <bean id="banned" class="..." factory-method="..."> <constructor-arg value="..."/> </bean> </beans> And again, I repeat: More/other properties can be set as specified in http://wiki.eclipse.org/Jetty/Howto/Configure_SSL#Configuring_Jetty. Not sure if the keyPassword for keyManagers is really needed, more info here: http://stackoverflow.com/questions/10847983/what-is-the-difference-between-keystorepassword-and-keymanagerpassword-in-jetty. And I believe, instead of org.eclipse.jetty.server.ssl.SslSelectChannelConnector, the class org.eclipse.jetty.server.ssl.SslSocketConnector can be used as well... looked very similar and worked, too. Jana Am Fr, 13.06.2014, 01:47 schrieb Jana Weschenfelder: > I forgot something: > More info: > http://cxf.apache.org/docs/secure-jax-rs-services.html#SecureJAX-RSServices-Configuringendpoints > (till the end of the page) > > And: > <bean id="banned" class="..." factory-method="..."> > <constructor-arg value="..."> > </bean> > > Should be: > <bean id="banned" class="..." factory-method="..."> > <constructor-arg value="..."/> > </bean> > > I just forgot a slash there. ;-) > > Jana > > > Am Fr, 13.06.2014, 01:30 schrieb Jana Weschenfelder: >> Hello, I think I got it working... >> >> With the following configuration, it seems to work... I haven't found >> online references for it, and it looks twice configured, but it seems to >> work correctly... I have invented it right now, thanks to the Spring IoC >> documentation. >> >> <beans ...> >> >> <httpj:engine-factory id="https" bus="cxf"> >> <httpj:identifiedTLSServerParameters id="secure"> >> <httpj:tlsServerParameters> >> <sec:keyManagers> >> <sec:keyStore type="..." password="..." file="..."/> >> </sec:keyManagers> >> <sec:trustManagers> >> <sec:keyStore type="..." password="..." file="..."/> >> </sec:trustManagers> >> <sec:cipherSuitesFilter> >> <sec:include>.*_EXPORT_.*</sec:include> >> <sec:include>.*_EXPORT1024_.*</sec:include> >> <sec:include>.*_WITH_DES_.*</sec:include> >> <sec:include>.*_WITH_NULL_.*</sec:include> >> <sec:exclude>.*_DH_anon_.*</sec:exclude> >> </sec:cipherSuitesFilter> >> </httpj:tlsServerParameters> >> </httpj:identifiedTLSServerParameters> >> <httpj:engine port="9001"> >> <httpj:tlsServerParametersRef id="secure"/> >> <httpj:threadingParameters minThreads="5" maxThreads="15"/> >> <httpj:connector> >> <bean >> class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector"> >> <property name="port" value="9001"/> >> <constructor-arg> >> <bean >> class="org.eclipse.jetty.http.ssl.SslContextFactory"> >> <property name="keyStore" value=""/> >> <property name="keyStoreType" value="..."/> >> <property name="keyStorePassword" value="..."/> >> <property name="trustStore" value="..."/> >> <property name="trustStoreType" value="..."/> >> <property name="trustStorePassword" >> value="..."/> >> <property name="wantClientAuth" value="..."/> >> <property name="needClientAuth" value="..."/> >> <property name="excludeCipherSuites" >> ref="banned"/> >> </bean> >> </constructor-arg> >> </bean> >> </httpj:connector> >> <httpj:handlers> >> <bean >> class="org.eclipse.jetty.server.handler.DefaultHandler"/> >> </httpj:handlers> >> <httpj:sessionSupport>true</httpj:sessionSupport> >> </httpj:engine> >> </httpj:engine-factory> >> >> <bean id="banned" class="..." factory-method="..."> >> <constructor-arg value="..."> >> </bean> >> >> </beans> >> >> The configuration looks really twice now... but without the lower >> configuration, you will get an error message that a .keystore file is >> missing. And without the upper configuration, you will get the error >> message "java.lang.RuntimeException: Connector >> SslSelectChannelConnector@0.0.0.0:9001 for JettyServerEngine Port 9001 >> does not support non-SSL connections.". >> >> If you configure it twice as above, it seems to work without any >> problems. >> I can connect to the service after I confirmed that I trust the web >> site, >> as it should be. It will need more tests to be very sure. >> >> More/other properties can be set as specified in >> http://cxf.apache.org/docs/jetty-configuration.html and >> http://wiki.eclipse.org/Jetty/Howto/Configure_SSL#Configuring_Jetty. I >> think the configuration needs to be done twice at the moment so that it >> works, on CXF side and on Jetty side (the Jetty side uses Spring IoC). >> >> Not sure if the keyPassword for keyManagers is really needed, more info >> here: >> http://stackoverflow.com/questions/10847983/what-is-the-difference-between-keystorepassword-and-keymanagerpassword-in-jetty. >> >> If the configuration above is correct, either Apache or Eclipse will >> have >> to update their documentation. I would think that Eclipse made a change >> sometime and Apache still doesn't know about it. As I said, I also have >> to >> test the configuration first. It looks very good so far, but it still >> can >> be wrong somewhere. >> >> I believe, instead of >> org.eclipse.jetty.server.ssl.SslSelectChannelConnector, the class >> org.eclipse.jetty.server.ssl.SslSocketConnector can be used as well... >> looked very similar and worked, too. >> >> Thanks, Jana >> >> >> Am Do, 12.06.2014, 23:45 schrieb Jana Weschenfelder: >>> Dear Ladies and Gentlemen, >>> >>> I have exactly the problem of >>> http://mail-archives.apache.org/mod_mbox/cxf-users/201403.mbox/%3c5316440e.4020...@serotoninsoftware.com%3E. >>> I don't know if there existed a solution already. >>> >>> I followed the instructions of >>> http://cxf.apache.org/docs/jetty-configuration.html and I don't have >>> any >>> success by using org.eclipse.jetty.server.bio.SocketConnector here. I >>> receive the error message then that the port (HTTP) wouldn't be >>> configured >>> for HTTPS. >>> >>> Regarding to Eclipse, org.eclipse.jetty.server.bio.SocketConnector is >>> configured for HTTP and is not a SSLConnector, and it also doesn't >>> accept >>> any SSL Configuration if I look into the code there. >>> >>> If I read the instructions of >>> http://wiki.eclipse.org/Jetty/Howto/Configure_SSL#Configuring_Jetty, >>> org.eclipse.jetty.server.ssl.SslSelectChannelConnector should be used >>> as >>> SSLConnector instead. But if I just replace >>> org.eclipse.jetty.server.bio.SocketConnector in the example of >>> http://cxf.apache.org/docs/jetty-configuration.html, I receive the >>> error >>> message "java.io.FileNotFoundException: /home/user/.keystore" as >>> described >>> in >>> http://mail-archives.apache.org/mod_mbox/cxf-users/201403.mbox/%3c5316440e.4020...@serotoninsoftware.com%3E. >>> >>> I would think that something like this would be more correct, regarding >>> to >>> Eclipse: >>> <httpj:engine-factory id="https" bus="cxf"> >>> <httpj:engine port="${cdmi.net.ssl.port}"> >>> <httpj:threadingParameters minThreads="5" maxThreads="15" /> >>> <httpj:connector> >>> <bean >>> class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector"> >>> <property name = "port" value="9001"/> >>> <bean >>> class="org.eclipse.jetty.http.ssl.SslContextFactory"> >>> <property name="keyStore" value="..."/> >>> <property name="keystoreType" value="..."/> >>> <property name="keyStorePassword" value="..."/> >>> ... >>> <property name="excludeCipherSuites" ref="..."/> >>> </bean> >>> </bean> >>> </httpj:connector> >>> <httpj:handlers> >>> <bean >>> class="org.eclipse.jetty.server.handler.DefaultHandler"/> >>> </httpj:handlers> >>> <httpj:sessionSupport>true</httpj:sessionSupport> >>> </httpj:engine> >>> </httpj:engine-factory> >>> >>> But it doesn't work. It doesn't accept the part <bean >>> class="org.eclipse.jetty.http.ssl.SslContextFactory">...</bean> within >>> of >>> <bean >>> class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">...</bean>. >>> The error message is "Invalid content was found starting with element >>> 'bean'.". >>> >>> A similar configuration was found here: >>> http://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#configuring-sslcontextfactory >>> >>> But I need it for httpj:engine-factory. >>> >>> What is the right way to configure the Jetty Runtime with SSLConnector? >>> Is Jetty still supported by Apache CXF? Btw, HTTP works fine, but I >>> need >>> HTTPS because of certificates. >>> >>> Many thanks in advance!!! >>> >>> Jana >>> >>> >> >> >> > > >