How to substitute the placeholders in the config files ?
I have a cxf.xml that contains a section like this :
sec:trustManagers
sec:keyStore type=${securitystore.type}
password=${securitystore.password}
file=${securitystore.file} /
/sec:trustManagers
how do I substitute all those ${} placeholders ?
I tried to use PropertyPlaceholderConfigurer that of course did not work.
Any ideas ?
--
Thanks,
Alex.
Re: How to substitute the placeholders in the config files ?
You seem to have leapt from 'spring in cxf' to 'no spring at all'? Why not take Glen's suggestion and use an app context with a property configurator? Sorry, but the links do not help to see the solution to my particular problem. I can see how to do it with APIs but not with bunch of XML (maybe my vision is also blurred by the distaste to XML configuration). Alex.
Problems integrating CXF and Grails
I am using Grails framework in conjunction with CXF and I am getting the following error trying to instantiate a SOAP interface to the remote service: Message: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.apache.cxf.wsdl.WSDLManager' defined in class path resource [META-INF/cxf/cxf.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.apache.cxf.wsdl11.WSDLManagerImpl]: Constructor threw exception; nested exception is java.lang.ClassCastException: org.apache.xerces.jaxp.DocumentBuilderFactoryImpl cannot be cast to javax.xml.parsers.DocumentBuilderFactory Caused by: java.lang.RuntimeException: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.apache.cxf.wsdl.WSDLManager' defined in class path resource [META-INF/cxf/cxf.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.apache.cxf.wsdl11.WSDLManagerImpl]: Constructor threw exception; nested exception is java.lang.ClassCastException: org.apache.xerces.jaxp.DocumentBuilderFactoryImpl cannot be cast to javax.xml.parsers.DocumentBuilderFactory Does anyone know what could be a problem? Seems like a conflicting jar problem but what jar ? Alex.
Re: Problems integrating CXF and Grails
Thanks, Willem for your help! Eventually, Xerces was not the only problem. BTW, Grails 1.0RC3 comes with Xerces 2.9.0 and CXF works fine with that version. The problem I described occurred when I tried to move Xerces jar out of CP. When I added Xerceces jar back to the CP, I was getting a different error. It is the same one as described here: http://www.nabble.com/How-to-use-CXF-with-Grails--to14475535.html#a14475535 At the end of the thread I posted my solution. But as I mentioned in the thread I am not sure what might be the side-effects. For now it works and I will see how far I can take it :-) Alex. On Dec 24, 2007 2:41 AM, Willem Jiang [EMAIL PROTECTED] wrote: Hi Alex , We use 2.8.1 on the development environment , you can try out the 2.9.1 but I don't test it yet. Willem.
Re: service over https
Thanks, Fred!
Your openssl trick worked a treat. I imported the certificate into the key
store and can process transactions now. I guess, now I need not forget to
do the same for production :-)
Thanks,
Alex.
On Dec 16, 2007 10:08 PM, Fred Dushin [EMAIL PROTECTED] wrote:
You don't necessarily need to use keytool. You can now use a plain
PEM file, containing the CA's X.509 certificate:
{{{
http:conduit name=...
http:tlsClientParameters
csec:trustManagers
csec:certStore resource=path-to-pem-relative-to-
classpath/
/csec:trustManagers
csec:cipherSuitesFilter
csec:include.*/csec:include
csec:exclude.*_DH_anon_.*/csec:exclude
/csec:cipherSuitesFilter
/http:tlsClientParameters
/http:conduit
}}}
You'll need to get a hold of this certificate, if you don't already
have it. Here is the information about the peer you can get through
openssl:
15:57:32 spock:~ openssl s_client -host api-aa.sandbox.paypal.com -
port 443
CONNECTED(0004)
depth=2 /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary
Certification Authority
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
0 s:/C=US/ST=California/L=San Jose/O=Paypal, Inc./OU=Information
Systems/OU=Terms of use at www.verisign.com/rpa (c)00/CN=api-
aa.sandbox.paypal.com
i:/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign
International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by
Ref. LIABILITY LTD.(c)97 VeriSign
1 s:/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign
International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by
Ref. LIABILITY LTD.(c)97 VeriSign
i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification
Authority
2 s:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification
Authority
i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification
Authority
---
Server certificate
-BEGIN CERTIFICATE-
MIIEfzCCA+igAwIBAgIQLSP23WPvaFBTi2w3DtahojANBgkqhkiG9w0BAQUFADCB
ujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVy
aVNpZ24sIEluYy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2Vy
dmVyIENBIC0gQ2xhc3MgMzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMg
SW5jb3JwLmJ5IFJlZi4gTElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjAeFw0w
NjAzMDcwMDAwMDBaFw0wODAzMDYyMzU5NTlaMIHDMQswCQYDVQQGEwJVUzETMBEG
A1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxQIU2FuIEpvc2UxFTATBgNVBAoUDFBh
eXBhbCwgSW5jLjEcMBoGA1UECxQTSW5mb3JtYXRpb24gU3lzdGVtczEzMDEGA1UE
CxQqVGVybXMgb2YgdXNlIGF0IHd3dy52ZXJpc2lnbi5jb20vcnBhIChjKTAwMSIw
IAYDVQQDFBlhcGktYWEuc2FuZGJveC5wYXlwYWwuY29tMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQDGgeP8JtZJp8/pP4xkPFWkK+ZGskDW2S8NFbk+zoGOnNN5
vFwvrd2AqtU7bBqgVUfjqjGoUY03f/taNpdjfGcjWIPgjQzr9DUOF6dvh+/DBpCz
75lecSiyrVi70VqbxnrDFoBisbErMsJul5gzKiLwAzdLCja2sNcRFZmg06qHNwID
AQABo4IBeTCCAXUwCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwRgYDVR0fBD8wPTA7
oDmgN4Y1aHR0cDovL2NybC52ZXJpc2lnbi5jb20vQ2xhc3MzSW50ZXJuYXRpb25h
bFNlcnZlci5jcmwwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXAzAqMCgGCCsGAQUF
BwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMCgGA1UdJQQhMB8GCWCG
SAGG+EIEAQYIKwYBBQUHAwEGCCsGAQUFBwMCMDQGCCsGAQUFBwEBBCgwJjAkBggr
BgEFBQcwAYYYaHR0cDovL29jc3AudmVyaXNpZ24uY29tMG0GCCsGAQUFBwEMBGEw
X6FdoFswWTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PP
gGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lm
MA0GCSqGSIb3DQEBBQUAA4GBAApy0YfJ6u2U+dtaRIAqnwqdYeeYk85C3AAWTYjn
t6meV1fjVNCkA1uHNW12qoTgpaposI/B/TEzi4oVzV7icki7jqpx+KdFOukoMn8D
dVbGOCZ+wh867qkrgypiSESxTbnCPLKXxk5iHyVH07Aid9NEFcicwvflay5bZVee
fOE4
-END CERTIFICATE-
subject=/C=US/ST=California/L=San Jose/O=Paypal, Inc./OU=Information
Systems/OU=Terms of use at www.verisign.com/rpa (c)00/CN=api-
aa.sandbox.paypal.com
issuer=/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign
International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by
Ref. LIABILITY LTD.(c)97 VeriSign
---
Acceptable client certificate CA names
/C=US/ST=California/L=San Jose/O=PayPal, Inc./OU=sandbox_certs/
CN=sandbox_camerchapi/[EMAIL PROTECTED]
---
SSL handshake has read 3379 bytes and written 334 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher: DHE-RSA-AES256-SHA
Session-ID:
85E1D239A982C834730D359EBD5D009F1D64705CD2F44192E6081CF7A55CA88F
Session-ID-ctx:
Master-Key:
C7C10F6A3503C174C2B276FBE109F6C249B4C2B252BA45AFAFA157EB920B10DEB80BD9B1
2971A54CA42805A4940785D0
Key-Arg : None
Start Time: 1197838663
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate
chain)
---
So it looks like you'll need one of those 2 verisign certs.
-Fred
On Dec 16, 2007, at 3:53 PM, Alex Shneyderman wrote:
Hi, Fred!
On Dec 16, 2007 8:49 PM, Fred Dushin [EMAIL
service over https
I am new to web service or CXF, so forgive me if this is somehow
obvious for everyone.
I have been trying to figure out how to utilize paypal's WS. Here is
their WSDL http://www.paypal.com/wsdl/PayPalSvc.wsdl (if anyone is
interested). At the end of the
file there is ports section that looks like so:
wsdl:port name=PayPalAPIAA binding=ns:PayPalAPIAASoapBinding
wsdlsoap:address location=https://api-aa.sandbox.paypal.com/2.0//
/wsdl:port
port named PayPalAPIAA talks over https. I have written some code to process
direct payments and if I provide cxf.xml on my classpath of the
following content:
http:conduit name={urn:ebay:api:PayPalAPI}PayPalAPIAA.http-conduit
http:tlsClientParameters
/http:tlsClientParameters
http:client AutoRedirect=true Connection=Keep-Alive/
/http:conduit
There is a an error I get back:
Dec 16, 2007 7:18:30 PM org.apache.cxf.transport.https.SSLUtils getCiphersuites
INFO: The cipher suites have not been configured, falling back to
cipher suite filters.
Dec 16, 2007 7:18:30 PM org.apache.cxf.transport.https.SSLUtils getCiphersuites
INFO: The cipher suite filters have not been configured, falling back
to default filters.
Dec 16, 2007 7:18:30 PM org.apache.cxf.transport.https.SSLUtils
getCiphersFromList
INFO: The cipher suites have been set to SSL_RSA_WITH_DES_CBC_SHA,
SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA,
SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_WITH_NULL_MD5,
SSL_RSA_WITH_NULL_SHA, SSL_DH_anon_WITH_DES_CBC_SHA,
SSL_DH_anon_EXPORT_WITH_RC4_40_MD5,
SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, TLS_KRB5_WITH_DES_CBC_SHA,
TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA,
TLS_KRB5_EXPORT_WITH_RC4_40_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA,
TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5.
Dec 16, 2007 7:18:30 PM org.apache.cxf.transport.http.HTTPConduit prepare
INFO: AutoRedirect is turned on.
Dec 16, 2007 7:18:31 PM org.apache.cxf.phase.PhaseInterceptorChain doIntercept
INFO: Interceptor has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Received fatal alert: handshake_failure
at
org.apache.cxf.interceptor.AbstractOutDatabindingInterceptor.writeParts(AbstractOutDatabindingInterceptor.java:75)
at
org.apache.cxf.interceptor.BareOutInterceptor.handleMessage(BareOutInterceptor.java:68)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:207)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:254)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:205)
...
If I do not provide cxf.xml I get an error stating:
Dec 16, 2007 8:01:42 PM org.apache.cxf.phase.PhaseInterceptorChain doIntercept
..
Caused by: java.io.IOException: Illegal Protocol https for HTTP
URLConnection Factory.
at
org.apache.cxf.transport.http.HttpURLConnectionFactoryImpl.createConnection(HttpURLConnectionFactoryImpl.java:44)
at
org.apache.cxf.transport.http.HTTPConduit.prepare(HTTPConduit.java:474)
at
org.apache.cxf.interceptor.MessageSenderInterceptor.handleMessage(MessageSenderInterceptor.java:46)
... 12 more
Any ideas. BTW if I simply connect to the URL I can connect and get
content fine, so default java https connectivity works (I run java 6).
Somehow CXF screws stuff up for me.
Any ideas of what I am to fix here?
--
Thanks,
Alex.
Re: service over https
Hi, Fred! On Dec 16, 2007 8:49 PM, Fred Dushin [EMAIL PROTECTED] wrote: You need to specify a trust store containing the appropriate certificate authority to be used when performing the handshake with the paypal service. Could you explain this step in a bit more details. I guess I have to use something like keytool but I am not sure what appropriate certificate authority means ? Where do I get it, how do I deal with it ? I have tried to search PayPal's docs nothing of relevance turned up. Thanks, Alex.
