Hi Griffin
Is it possible for you to attach your synapse.xml and axis2.xml? I am
assuming you are using 0.91 with the latest nhttp code. I will try this
out shortly. It seems like your out transport in the axis2.xml is not
properly configured - so having your config file will help me.
Also to verify, your client talks to Synapse using http, and Synapse
uses https to talk to an external service. Are you using the samples
(server / client) by any chance?
asankha
Michael Griffin wrote:
asankha,
Thank you for this. I gave it a try but I am running into some problems
that are probably just configuration related. When I try to flow a request
through synapse to the https endpoint I get the following message and
exception in the log.
[HttpConnection-82-1] DEBUG Axis2FlexibleMEPClient - sending [add = false]
[sec= false] [ rm = false] [ to Address: https://host.domain.com/service]
[HttpConnection-82-1] ERROR Axis2Sender - Unexpected error during Sending
messag
e onwards
java.lang.NullPointerException
at
org.apache.axis2.description.ClientUtils.inferInTransport(ClientUtils.java:8
5)
at
org.apache.synapse.core.axis2.DynamicAxisOperation$DynamicOperationClient.ex
ecute(DynamicAxisOperation.java:228)
at
org.apache.synapse.core.axis2.Axis2FlexibleMEPClient.send(Axis2FlexibleMEPCl
ient.java:151)
at
org.apache.synapse.core.axis2.Axis2Sender.sendOn(Axis2Sender.java:55)
at
org.apache.synapse.core.axis2.Axis2SynapseEnvironment.send(Axis2SynapseEnvir
onment.java:84)
at
org.apache.synapse.mediators.builtin.SendMediator.mediate(SendMediator.java:
143)
at
org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediat
or.java:49)
at
org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.
java:67)
at
org.apache.synapse.core.axis2.ProxyServiceMessageReceiver.receive(ProxyServi
ceMessageReceiver.java:143)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:497)
at
org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HT
TPTransportUtils.java:326)
at
org.apache.axis2.transport.http.HTTPWorker.service(HTTPWorker.java:230)
at
org.apache.axis2.transport.http.server.DefaultHttpServiceProcessor.doService
(DefaultHttpServiceProcessor.java:190)
at
org.apache.http.protocol.HttpService.handleRequest(HttpService.java:123)
at
org.apache.axis2.transport.http.server.DefaultHttpServiceProcessor.run(Defau
ltHttpServiceProcessor.java:262)
at
edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run
Task(ThreadPoolExecutor.java:665)
at
edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run
(ThreadPoolExecutor.java:690)
at java.lang.Thread.run(Thread.java:595)
My axis2.xml in relation to transportSender is as follows:
<transportSender name="http"
class="org.apache.axis2.transport.nhttp.HttpCoreNIOSender">
<parameter name="non-blocking" locked="false">true</parameter>
</transportSender>
<transportSender name="https"
class="org.apache.axis2.transport.nhttp.HttpCoreNIOSSLSender">
<parameter name="non-blocking" locked="false">true</parameter>
<parameter name="keystore" locked="false">
<KeyStore>
<Location>keystore.pkcs12</Location>
<Type>PKCS12</Type>
<Password>password</Password>
<KeyPassword>password</KeyPassword>
</KeyStore>
</parameter>
<parameter name="truststore" locked="false">
<TrustStore>
<Location>truststore.jks</Location>
<Type>JKS</Type>
<Password>password</Password>
</TrustStore>
</parameter>
</transportSender>
I added the http sender in order to verify that my base configuration was
still operable when delegating back to http end points. I encounter the
same problem. Let me know if you have any suggestions.
Thanks,
Griffin
-----Original Message-----
From: Asankha C. Perera [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 06, 2007 12:02 PM
To: [email protected]
Subject: Re: Outbound HTTPS with Client Certificate
Hi Griffin
If you are using the latest nhttp transport with 0.91 of Synapse, you will
need to configure your axis2.xml to specify the https properties as shown
here ->
http://svn.apache.org/viewvc/webservices/synapse/trunk/java/repository/conf/
axis2.xml?view=markup
i.e. for outgoing https:
<transportSender name="https"
class="org.apache.axis2.transport.nhttp.HttpCoreNIOSSLSender">
<parameter name="non-blocking" locked="false">true</parameter>
<parameter name="keystore" locked="false">
<KeyStore>
<Location>keystore.jks</Location>
<Type>JKS</Type>
<Password>password</Password>
<KeyPassword>password</KeyPassword>
</KeyStore>
</parameter>
<parameter name="truststore" locked="false">
<TrustStore>
<Location>keystore.jks</Location>
<Type>JKS</Type>
<Password>password</Password>
</TrustStore>
</parameter>
</transportSender>
The keystore is expected to contain a single certificate for your identity
and the trust store - the usual. Once this is setup, you should be able to
talk https endpoints. Make sure to import the CA certs or the certs of the
endpoints into your trust store. Now, once a Synapse configuration attempts
to send a message to a https://.... endpoint, the https transport
configuration above would be used.
asankha
Michael Griffin wrote:
asankha,
Thank you. I'll give it a try. Are there any specific samples / code that
I should reference when I set this up. Let me know.
Thanks,
Griffin
-----Original Message-----
From: Asankha C. Perera [mailto:[EMAIL PROTECTED]
Sent: Monday, March 05, 2007 1:37 PM
To: [email protected]
Subject: Re: Outbound HTTPS with Client Certificate
Hi Griffin
Yes, this should be ready with the NIO transport enhancements we did for
HTTPS already. We do set the trust and identity stores for the
TransportSender with these enhancements. However we do not yet do
host-name verification, and this area needs some more testing.
If you would like to try this out with the new transport enhancements
and 0.91 code, I would suggest that you take a svn checkout of the
trunk, and perform a build using "mvn clean install" and drop the
nhttp.jar that gets built into your existing 0.91 installations' lib
directory. Right now we are doing some changes and cleanup on the trunk,
so I do not want you to try the latest trunk until we have stabilized
and completed the changes
Let me know if you need any more help on this
asankha
Michael Griffin wrote:
Does Synapse support using HTTPS with Client Certificates as an outbound
transport? I would like to use Synapse to act as a gateway between my
internal applications and an third-party hosted web service requiring
HTTPS
and client certificates. Any help or direction would be great.
Thanks,
Griffin
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To
unsubscribe, e-mail: [EMAIL PROTECTED] For additional
commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
