Hello, for the record, we are using: - Fuse ESB 7.1.0.fuse-047 - Camel 2.10.0.fuse-71-047 - CXF 2.6.0.fuse-71-047 - JDK 1.7 - JBOss EAP 6.3
and we encounter a problem using the Camel CXFRS component in combination with an http-conduit definition. It seems the wildcards one should be able to use in the http-conduit name is not taken into account (http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html#ClientHTTPTransport%28includingSSLsupport%29-Theconduitelement). Here its definition in our bundle-context.xml: <http:conduit name="*.http-conduit"> <http:tlsClientParameters disableCNCheck="true"> <sec:trustManagers> <sec:keyStore type="JKS" password="#{decryptedTruststorePassword}" file="${trustStore.file.ics}" /> </sec:trustManagers> <sec:cipherSuitesFilter> <sec:include>.*.*</sec:include> <sec:exclude>.*40_.*</sec:exclude> <sec:exclude>.*_RSA_WITH_DES_CBC_SHA.*</sec:exclude> <sec:exclude>.*_RSA_WITH_3DES_EDE_CBC_SHA.*</sec:exclude> </sec:cipherSuitesFilter> </http:tlsClientParameters> <http:client ReceiveTimeout="${cxfReceiveTimeout}" ConnectionTimeout="${cxfConnectionTimeout}" ProxyServer="${proxy.server}" ProxyServerPort="${proxy.port}" NonProxyHosts="${proxy.nonProxyHosts}" /> </http:conduit> The Camel route, deployed on Fuse, uses the Camel CXFRS component for the call of a REST service running on a JBOss server. A typical call would be: cxfrs://https://localhost:8443/invitation-code-service/checkCode/param1/param2/param3 This leads to following log entries: 2015-07-30 08:35:29,477 | DEBUG | tp1076592703-174 | TrustDecisionUtil | 120 - org.apache.cxf.cxf-rt-transports-http - 2.6.0.fuse-71-047 | No Trust Decider for Conduit '{htt ps://localhost:8443/invitation-code-service/checkCode/param1/param2/param3}WebClient.http-conduit'. An afirmative Trust Decision is assumed. 2015-07-30 08:35:29,493 | DEBUG | tp1076592703-174 | PhaseInterceptorChain | 90 - org.apache.cxf.cxf-api - 2.6.0.fuse-71-047 | Invoking handleFault on interceptor org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor@7d909223 2015-07-30 08:35:29,493 | DEBUG | tp1076592703-174 | PhaseInterceptorChain | 90 - org.apache.cxf.cxf-api - 2.6.0.fuse-71-047 | Invoking handleFault on interceptor org.apache.cxf.interceptor.MessageSenderInterceptor@64e182ae 2015-07-30 08:35:29,493 | DEBUG | tp1076592703-174 | PhaseInterceptorChain | 90 - org.apache.cxf.cxf-api - 2.6.0.fuse-71-047 | Invoking handleFault on interceptor org.apache.cxf.ws.policy.PolicyOutInterceptor@26da3556 2015-07-30 08:35:29,493 | WARN | tp1076592703-174 | PhaseInterceptorChain | 90 - org.apache.cxf.cxf-api - 2.6.0.fuse-71-047 | Interceptor for {https://localhost:8443/invitation-code-service/checkCode/param1/param2/param3}WebClient has thrown exception, unwinding now org.apache.cxf.interceptor.Fault: Could not send Message. at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:64)[90:org.apache.cxf.cxf-api:2.6.0.fuse-71-047] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)[90:org.apache.cxf.cxf-api:2.6.0.fuse-71-047] at org.apache.cxf.jaxrs.client.WebClient.doChainedInvocation(WebClient.java:795) at org.apache.cxf.jaxrs.client.WebClient.doInvoke(WebClient.java:743) at org.apache.cxf.jaxrs.client.WebClient.doInvoke(WebClient.java:717) at org.apache.cxf.jaxrs.client.WebClient.invoke(WebClient.java:262) at org.apache.camel.component.cxf.jaxrs.CxfRsProducer.invokeHttpClient(CxfRsProducer.java:155) at org.apache.camel.component.cxf.jaxrs.CxfRsProducer.process(CxfRsProducer.java:87) at org.apache.camel.util.AsyncProcessorConverterHelper$ProcessorToAsyncProcessorBridge.process(AsyncProcessorConverterHelper.java:61) at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:73) at org.apache.camel.processor.RoutingSlip$2.doInAsyncProducer(RoutingSlip.java:287) at org.apache.camel.impl.ProducerCache.doInAsyncProducer(ProducerCache.java:298) at org.apache.camel.processor.RoutingSlip.processExchange(RoutingSlip.java:280) at org.apache.camel.processor.RoutingSlip.doRoutingSlip(RoutingSlip.java:205) at org.apache.camel.processor.RoutingSlip.process(RoutingSlip.java:135) at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:73) at org.apache.camel.processor.DelegateAsyncProcessor.processNext(DelegateAsyncProcessor.java:99) at org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:90) at org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:73) at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:73) at org.apache.camel.processor.DelegateAsyncProcessor.processNext(DelegateAsyncProcessor.java:99) at org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:90) at org.apache.camel.processor.interceptor.TraceInterceptor.process(TraceInterceptor.java:163) at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:73) at org.apache.camel.processor.DelegateAsyncProcessor.processNext(DelegateAsyncProcessor.java:99) at org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:90) at org.apache.camel.fabric.FabricTraceProcessor.process(FabricTraceProcessor.java:81) [...] Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)[:1.7.0_72] at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)[:1.7.0_72] at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)[:1.7.0_72] at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)[:1.7.0_72] at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1439)[:1.7.0_72] at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:209)[:1.7.0_72] at sun.security.ssl.Handshaker.processLoop(Handshaker.java:878)[:1.7.0_72] at sun.security.ssl.Handshaker.process_record(Handshaker.java:814)[:1.7.0_72] at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)[:1.7.0_72] at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)[:1.7.0_72] at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)[:1.7.0_72] at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)[:1.7.0_72] at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)[:1.7.0_72] at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)[:1.7.0_72] at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1300)[:1.7.0_72] at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:468)[:1.7.0_72] at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)[:1.7.0_72] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1604)[120:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1530)[120:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1438)[120:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047] ... 266 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)[:1.7.0_72] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)[:1.7.0_72] at sun.security.validator.Validator.validate(Validator.java:260)[:1.7.0_72] at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)[:1.7.0_72] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)[:1.7.0_72] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)[:1.7.0_72] at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1421)[:1.7.0_72] ... 281 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)[:1.7.0_72] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)[:1.7.0_72] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)[:1.7.0_72] ... 287 more If we define a fully http-conduit name like: <http:conduit name="{https://localhost:8443/invitation-code-service/checkCode/param1/param2/param3}WebClient.http-conduit";> it works. Obviously, we can't use the http-conduit definition this way, as param1, param2 and param3 change for every call. Why does it not work with wildcards ? Regards, Myriam -- View this message in context: http://camel.465427.n5.nabble.com/Use-CXFRS-component-in-combination-with-an-http-conduit-definition-with-wildcards-tp5770096.html Sent from the Camel Development mailing list archive at Nabble.com.
