How to substitute the placeholders in the config files ?
I have a cxf.xml that contains a section like this : sec:trustManagers sec:keyStore type=${securitystore.type} password=${securitystore.password} file=${securitystore.file} / /sec:trustManagers how do I substitute all those ${} placeholders ? I tried to use PropertyPlaceholderConfigurer that of course did not work. Any ideas ? -- Thanks, Alex.
Re: How to substitute the placeholders in the config files ?
You seem to have leapt from 'spring in cxf' to 'no spring at all'? Why not take Glen's suggestion and use an app context with a property configurator? Sorry, but the links do not help to see the solution to my particular problem. I can see how to do it with APIs but not with bunch of XML (maybe my vision is also blurred by the distaste to XML configuration). Alex.
Problems integrating CXF and Grails
I am using Grails framework in conjunction with CXF and I am getting the following error trying to instantiate a SOAP interface to the remote service: Message: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.apache.cxf.wsdl.WSDLManager' defined in class path resource [META-INF/cxf/cxf.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.apache.cxf.wsdl11.WSDLManagerImpl]: Constructor threw exception; nested exception is java.lang.ClassCastException: org.apache.xerces.jaxp.DocumentBuilderFactoryImpl cannot be cast to javax.xml.parsers.DocumentBuilderFactory Caused by: java.lang.RuntimeException: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.apache.cxf.wsdl.WSDLManager' defined in class path resource [META-INF/cxf/cxf.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.apache.cxf.wsdl11.WSDLManagerImpl]: Constructor threw exception; nested exception is java.lang.ClassCastException: org.apache.xerces.jaxp.DocumentBuilderFactoryImpl cannot be cast to javax.xml.parsers.DocumentBuilderFactory Does anyone know what could be a problem? Seems like a conflicting jar problem but what jar ? Alex.
Re: Problems integrating CXF and Grails
Thanks, Willem for your help! Eventually, Xerces was not the only problem. BTW, Grails 1.0RC3 comes with Xerces 2.9.0 and CXF works fine with that version. The problem I described occurred when I tried to move Xerces jar out of CP. When I added Xerceces jar back to the CP, I was getting a different error. It is the same one as described here: http://www.nabble.com/How-to-use-CXF-with-Grails--to14475535.html#a14475535 At the end of the thread I posted my solution. But as I mentioned in the thread I am not sure what might be the side-effects. For now it works and I will see how far I can take it :-) Alex. On Dec 24, 2007 2:41 AM, Willem Jiang [EMAIL PROTECTED] wrote: Hi Alex , We use 2.8.1 on the development environment , you can try out the 2.9.1 but I don't test it yet. Willem.
Re: service over https
Thanks, Fred! Your openssl trick worked a treat. I imported the certificate into the key store and can process transactions now. I guess, now I need not forget to do the same for production :-) Thanks, Alex. On Dec 16, 2007 10:08 PM, Fred Dushin [EMAIL PROTECTED] wrote: You don't necessarily need to use keytool. You can now use a plain PEM file, containing the CA's X.509 certificate: {{{ http:conduit name=... http:tlsClientParameters csec:trustManagers csec:certStore resource=path-to-pem-relative-to- classpath/ /csec:trustManagers csec:cipherSuitesFilter csec:include.*/csec:include csec:exclude.*_DH_anon_.*/csec:exclude /csec:cipherSuitesFilter /http:tlsClientParameters /http:conduit }}} You'll need to get a hold of this certificate, if you don't already have it. Here is the information about the peer you can get through openssl: 15:57:32 spock:~ openssl s_client -host api-aa.sandbox.paypal.com - port 443 CONNECTED(0004) depth=2 /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority verify error:num=19:self signed certificate in certificate chain verify return:0 --- Certificate chain 0 s:/C=US/ST=California/L=San Jose/O=Paypal, Inc./OU=Information Systems/OU=Terms of use at www.verisign.com/rpa (c)00/CN=api- aa.sandbox.paypal.com i:/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign 1 s:/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority 2 s:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority --- Server certificate -BEGIN CERTIFICATE- MIIEfzCCA+igAwIBAgIQLSP23WPvaFBTi2w3DtahojANBgkqhkiG9w0BAQUFADCB ujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVy aVNpZ24sIEluYy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2Vy dmVyIENBIC0gQ2xhc3MgMzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMg SW5jb3JwLmJ5IFJlZi4gTElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjAeFw0w NjAzMDcwMDAwMDBaFw0wODAzMDYyMzU5NTlaMIHDMQswCQYDVQQGEwJVUzETMBEG A1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxQIU2FuIEpvc2UxFTATBgNVBAoUDFBh eXBhbCwgSW5jLjEcMBoGA1UECxQTSW5mb3JtYXRpb24gU3lzdGVtczEzMDEGA1UE CxQqVGVybXMgb2YgdXNlIGF0IHd3dy52ZXJpc2lnbi5jb20vcnBhIChjKTAwMSIw IAYDVQQDFBlhcGktYWEuc2FuZGJveC5wYXlwYWwuY29tMIGfMA0GCSqGSIb3DQEB AQUAA4GNADCBiQKBgQDGgeP8JtZJp8/pP4xkPFWkK+ZGskDW2S8NFbk+zoGOnNN5 vFwvrd2AqtU7bBqgVUfjqjGoUY03f/taNpdjfGcjWIPgjQzr9DUOF6dvh+/DBpCz 75lecSiyrVi70VqbxnrDFoBisbErMsJul5gzKiLwAzdLCja2sNcRFZmg06qHNwID AQABo4IBeTCCAXUwCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwRgYDVR0fBD8wPTA7 oDmgN4Y1aHR0cDovL2NybC52ZXJpc2lnbi5jb20vQ2xhc3MzSW50ZXJuYXRpb25h bFNlcnZlci5jcmwwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXAzAqMCgGCCsGAQUF BwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMCgGA1UdJQQhMB8GCWCG SAGG+EIEAQYIKwYBBQUHAwEGCCsGAQUFBwMCMDQGCCsGAQUFBwEBBCgwJjAkBggr BgEFBQcwAYYYaHR0cDovL29jc3AudmVyaXNpZ24uY29tMG0GCCsGAQUFBwEMBGEw X6FdoFswWTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PP gGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lm MA0GCSqGSIb3DQEBBQUAA4GBAApy0YfJ6u2U+dtaRIAqnwqdYeeYk85C3AAWTYjn t6meV1fjVNCkA1uHNW12qoTgpaposI/B/TEzi4oVzV7icki7jqpx+KdFOukoMn8D dVbGOCZ+wh867qkrgypiSESxTbnCPLKXxk5iHyVH07Aid9NEFcicwvflay5bZVee fOE4 -END CERTIFICATE- subject=/C=US/ST=California/L=San Jose/O=Paypal, Inc./OU=Information Systems/OU=Terms of use at www.verisign.com/rpa (c)00/CN=api- aa.sandbox.paypal.com issuer=/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign --- Acceptable client certificate CA names /C=US/ST=California/L=San Jose/O=PayPal, Inc./OU=sandbox_certs/ CN=sandbox_camerchapi/[EMAIL PROTECTED] --- SSL handshake has read 3379 bytes and written 334 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher: DHE-RSA-AES256-SHA Session-ID: 85E1D239A982C834730D359EBD5D009F1D64705CD2F44192E6081CF7A55CA88F Session-ID-ctx: Master-Key: C7C10F6A3503C174C2B276FBE109F6C249B4C2B252BA45AFAFA157EB920B10DEB80BD9B1 2971A54CA42805A4940785D0 Key-Arg : None Start Time: 1197838663 Timeout : 300 (sec) Verify return code: 19 (self signed certificate in certificate chain) --- So it looks like you'll need one of those 2 verisign certs. -Fred On Dec 16, 2007, at 3:53 PM, Alex Shneyderman wrote: Hi, Fred! On Dec 16, 2007 8:49 PM, Fred Dushin [EMAIL
service over https
I am new to web service or CXF, so forgive me if this is somehow obvious for everyone. I have been trying to figure out how to utilize paypal's WS. Here is their WSDL http://www.paypal.com/wsdl/PayPalSvc.wsdl (if anyone is interested). At the end of the file there is ports section that looks like so: wsdl:port name=PayPalAPIAA binding=ns:PayPalAPIAASoapBinding wsdlsoap:address location=https://api-aa.sandbox.paypal.com/2.0// /wsdl:port port named PayPalAPIAA talks over https. I have written some code to process direct payments and if I provide cxf.xml on my classpath of the following content: http:conduit name={urn:ebay:api:PayPalAPI}PayPalAPIAA.http-conduit http:tlsClientParameters /http:tlsClientParameters http:client AutoRedirect=true Connection=Keep-Alive/ /http:conduit There is a an error I get back: Dec 16, 2007 7:18:30 PM org.apache.cxf.transport.https.SSLUtils getCiphersuites INFO: The cipher suites have not been configured, falling back to cipher suite filters. Dec 16, 2007 7:18:30 PM org.apache.cxf.transport.https.SSLUtils getCiphersuites INFO: The cipher suite filters have not been configured, falling back to default filters. Dec 16, 2007 7:18:30 PM org.apache.cxf.transport.https.SSLUtils getCiphersFromList INFO: The cipher suites have been set to SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_WITH_NULL_MD5, SSL_RSA_WITH_NULL_SHA, SSL_DH_anon_WITH_DES_CBC_SHA, SSL_DH_anon_EXPORT_WITH_RC4_40_MD5, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA, TLS_KRB5_EXPORT_WITH_RC4_40_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5. Dec 16, 2007 7:18:30 PM org.apache.cxf.transport.http.HTTPConduit prepare INFO: AutoRedirect is turned on. Dec 16, 2007 7:18:31 PM org.apache.cxf.phase.PhaseInterceptorChain doIntercept INFO: Interceptor has thrown exception, unwinding now org.apache.cxf.interceptor.Fault: Received fatal alert: handshake_failure at org.apache.cxf.interceptor.AbstractOutDatabindingInterceptor.writeParts(AbstractOutDatabindingInterceptor.java:75) at org.apache.cxf.interceptor.BareOutInterceptor.handleMessage(BareOutInterceptor.java:68) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:207) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:254) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:205) ... If I do not provide cxf.xml I get an error stating: Dec 16, 2007 8:01:42 PM org.apache.cxf.phase.PhaseInterceptorChain doIntercept .. Caused by: java.io.IOException: Illegal Protocol https for HTTP URLConnection Factory. at org.apache.cxf.transport.http.HttpURLConnectionFactoryImpl.createConnection(HttpURLConnectionFactoryImpl.java:44) at org.apache.cxf.transport.http.HTTPConduit.prepare(HTTPConduit.java:474) at org.apache.cxf.interceptor.MessageSenderInterceptor.handleMessage(MessageSenderInterceptor.java:46) ... 12 more Any ideas. BTW if I simply connect to the URL I can connect and get content fine, so default java https connectivity works (I run java 6). Somehow CXF screws stuff up for me. Any ideas of what I am to fix here? -- Thanks, Alex.
Re: service over https
Hi, Fred! On Dec 16, 2007 8:49 PM, Fred Dushin [EMAIL PROTECTED] wrote: You need to specify a trust store containing the appropriate certificate authority to be used when performing the handshake with the paypal service. Could you explain this step in a bit more details. I guess I have to use something like keytool but I am not sure what appropriate certificate authority means ? Where do I get it, how do I deal with it ? I have tried to search PayPal's docs nothing of relevance turned up. Thanks, Alex.