I am migrating some (more) legacy code up to CXF 2.7 from 2.3. The code used to
build and run fine, but now I'm getting an exception (trimmed to the relevant
part) ...
Caused by: java.io.IOException: JSSE Security Exception
at
gov.faa.swim.ctk.harness.wss.common.server.CtkJettyHTTPTransportFactory.createDestination(CtkJettyHTTPTransportFactory.java:136)
at
gov.faa.swim.ctk.harness.wss.common.server.CtkJettyHTTPTransportFactory.getDestination(CtkJettyHTTPTransportFactory.java:111)
at
org.apache.cxf.binding.soap.SoapTransportFactory.getDestination(SoapTransportFactory.java:142)
at
org.apache.cxf.endpoint.ServerImpl.initDestination(ServerImpl.java:83)
at
org.apache.cxf.endpoint.ServerImpl.<init>(ServerImpl.java:62)
at
org.apache.cxf.frontend.ServerFactoryBean.create(ServerFactoryBean.java:170)
... 52 more
Caused by: java.lang.RuntimeException: Protocol mismatch for port 15443:
engine's protocol is http, the url protocol is https
at
org.apache.cxf.transport.http_jetty.JettyHTTPDestination.finalizeConfig(JettyHTTPDestination.java:162)
at
gov.faa.swim.ctk.harness.wss.common.server.CtkJettyHTTPTransportFactory.createDestination(CtkJettyHTTPTransportFactory.java:131)
... 57 more
Caused by: java.io.IOException: Protocol mismatch for port 15443: engine's
protocol is http, the url protocol is https
at
org.apache.cxf.transport.http_jetty.JettyHTTPServerEngineFactory.createJettyHTTPServerEngine(JettyHTTPServerEngineFactory.java:271)
at
org.apache.cxf.transport.http_jetty.JettyHTTPDestination.retrieveEngine(JettyHTTPDestination.java:127)
at
org.apache.cxf.transport.http_jetty.JettyHTTPDestination.finalizeConfig(JettyHTTPDestination.java:160)
... 58 more
So it would seem that the server engine is not correctly configured for
TLS/HTTPS, but as far as I can tell it is. This is how the engine factory is
set up:
<httpj:engine-factory bus="cxf">
<httpj:identifiedTLSServerParameters id="secure">
<httpj:tlsServerParameters>
<sec:keyManagers keyPassword="${tlsKeystorePassword}">
<sec:keyStore type="JKS" password="${tlsKeyPassword}"
file="${tlsKeystore}"/>
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="JKS" password="${tlsTruststorePassword}"
file="${tlsTruststore}"/>
</sec:trustManagers>
<sec:cipherSuitesFilter>
<sec:include>TLS_DHE_DSS_WITH_AES_256_CBC_SHA</sec:include>
<sec:include>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</sec:include>
<sec:include>TLS_RSA_WITH_AES_256_CBC_SHA</sec:include>
<sec:include>TLS_DH_DSS_WITH_AES_256_CBC_SHA</sec:include>
<sec:include>TLS_DH_RSA_WITH_AES_256_CBC_SHA</sec:include>
<sec:include>TLS_DHE_DSS_WITH_AES_128_CBC_SHA</sec:include>
<sec:include>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</sec:include>
<sec:include>TLS_RSA_WITH_AES_128_CBC_SHA</sec:include>
<sec:include>TLS_DH_DSS_WITH_AES_128_CBC_SHA</sec:include>
<sec:include>TLS_DH_RSA_WITH_AES_128_CBC_SHA</sec:include>
<sec:include>TLS_DHE_DSS_WITH_AES_256_CBC_SHA</sec:include>
<sec:include>TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA</sec:include>
<sec:include>TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA</sec:include>
<sec:include>TLS_RSA_WITH_3DES_EDE_CBC_SHA</sec:include>
<sec:include>TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA</sec:include>
<sec:include>TLS_DH_RSA_WITH_3DES_EDE_CBC_SH</sec:include>
</sec:cipherSuitesFilter>
</httpj:tlsServerParameters>
</httpj:identifiedTLSServerParameters>
<httpj:engine port="${port}">
<httpj:tlsServerParametersRef id="secure" />
<httpj:threadingParameters minThreads="5" maxThreads="15" />
</httpj:engine>
</httpj:engine-factory>
Does anyone know if there was a change somewhere along the line that isn't
accounted for in here? Any kicks in the right direction would be appreciated,
thanx!
Stephen W. Chappell
