Hi,
Yeah, in this case you need something like
<httpj:engine-factory bus="cxf">
<httpj:engine port="443">
<httpj:tlsServerParameters>
<sec:keyManagers keyPassword="password">
<sec:keyStore type="JKS" password="password"
file="certs/cherry.jks"/>
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="JKS" password="password"
file="certs/truststore.jks"/>
</sec:trustManagers>
<sec:cipherSuitesFilter>
<!-- these filters ensure that a ciphersuite with
export-suitable or null encryption is used,
but exclude anonymous Diffie-Hellman key change as
this is vulnerable to man-in-the-middle attacks -->
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
<sec:clientAuthentication want="true" required="true"/>
</httpj:tlsServerParameters>
</httpj:engine>
</httpj:engine-factory>
Take a look at [1] to get more details
[1]http://cxf.apache.org/docs/jetty-configuration.html
Freeman
On 2011-10-19, at 上午9:26, nkunkov wrote:
Hi thanks a lot for your answer but I need to use https protocol
with ws-security..
I feel I miss some jetty configuration.
Any help is very much appreciated!
Nadia
On Oct 18, 2011, at 9:15 PM, "Freeman-2 [via CXF]" <ml-node+s547215n491600...@n5.nabble.com
> wrote:
On 2011-10-19, at 上午5:08, nkunkov wrote:
Hello,
I'm deploying a cxf web service outside of the application server
container.
I know it's not the best way, but it does work with http.
I added In and Out interceptors that use the encrypt/decrypt and
sign
property files.
It looks like I still need to add something to deploy the web
service as I'm
getting the following error:
Protocol mismatch for port 443: engine's protocol is http, the url
protocol
is https
I'm posting my cxf file and one of my interceptors below.
I assume that since my process is started without an application
server
container, but by a simple windows service and the web service is
being
depoyed using Spring, i need to add something else cxf.xml.
In the other postings I see that the keystore needs to be specified
in the
cxf.xml etc..
could you point me in the right direction?
Your help is greatly appreciated as I've been battling this for a
while now.
Thank you!
My cxf.config file looks like this:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:jaxws="http://cxf.apache.org/jaxws";
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/
jaxws.xsd">
<import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-
soap.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-
http.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-http-
jetty.xml"
/>
<jaxws:endpoint
id="NotifyNewSearch"
implementor="com.test.ws.impl.NotifyNewSearchWSImpl"
address="https://myserver:443/datax/services/NotifyNewSearch"; >
Hi,
You just wanna use http transport with ws-security, right? If so
change
address="https://myserver:443/datax/services/NotifyNewSearch";
to
address="http://myserver:443/datax/services/NotifyNewSearch";
Freeman
<jaxws:inInterceptors>
<ref bean="RequestInterceptor"/>
<bean
class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"/>
</jaxws:inInterceptors>
<jaxws:outInterceptors>
<ref bean="ResponseInterceptor"/>
<bean
class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor"/>
</jaxws:outInterceptors>
</jaxws:endpoint>
<bean name="RequestInterceptorFactory"
class="com.escholar.beans.RequestInterceptor"/>
<bean name="RequestInterceptor" factory-
bean="RequestInterceptorFactory"
factory-method="getInstance"/>
<bean name="ResponseInterceptorFactory"
class="com.escholar.beans.ResponseInterceptor"/>
<bean name="ResponseInterceptor" factory-
bean="ResponseInterceptorFactory"
factory-method="getInstance"/>
</beans>
----------------------------
public class HubServerWSS4JInInterceptor extends
WSS4JInInterceptor {
public static HubServerWSS4JInInterceptor getInstance() {
HubServerWSS4JInInterceptor interceptor = null;
String keyStoreAlias = getKeyStoreAlias();
Log.debug("keyStoreAlias="+keyStoreAlias);
Map<String,Object> inProps = new HashMap<String,Object>();
inProps.put(WSHandlerConstants.ACTION, "Signature Encrypt");
inProps.put(WSHandlerConstants.USER, keyStoreAlias);
inProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
HubPasswordCallbackHandler.class.getName());
inProps.put(WSHandlerConstants.SIG_PROP_FILE,
"server_sign.properties");
inProps.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
inProps.put(WSHandlerConstants.DEC_PROP_FILE,
"server_decrypt.properties");
inProps.put(WSHandlerConstants.ENC_KEY_ID, "X509KeyIdentifier");
interceptor = new HubServerWSS4JInInterceptor(inProps);
return interceptor;
}
--
View this message in context:
http://cxf.547215.n5.nabble.com/mismatch-for-port-443-even-with-interceptors-in-cxf-xml-tp4915430p4915430.html
Sent from the cxf-user mailing list archive at Nabble.com.
---------------------------------------------
Freeman Fang
FuseSource
Email:[hidden email]
Web: fusesource.com
Twitter: freemanfang
Blog: http://freemanfang.blogspot.com
If you reply to this email, your message will be added to the
discussion below:
http://cxf.547215.n5.nabble.com/mismatch-for-port-443-even-with-interceptors-in-cxf-xml-tp4915430p4916008.html
To unsubscribe from mismatch for port 443, even with interceptors
in cxf.xml, click here.
--
View this message in context:
http://cxf.547215.n5.nabble.com/mismatch-for-port-443-even-with-interceptors-in-cxf-xml-tp4915430p4916031.html
Sent from the cxf-user mailing list archive at Nabble.com.
---------------------------------------------
Freeman Fang
FuseSource
Email:ff...@fusesource.com
Web: fusesource.com
Twitter: freemanfang
Blog: http://freemanfang.blogspot.com
