Hi,
It's not broken, it's working as designed, client need authenticate with
the appropriate certs, both the java client or browser client
I agree what Dan mentioned in that thread
"the only way to get firefox to view the wsdl would
be import the certs into the firefox stores"
Also as I answered
"I guess you might need import some certificate for your browser
configuration "
But I don't know exactly how to do it though... :-(
Freeman
GNarra wrote:
Freeman,
I see Guillaume asked the same question with CXF community, Do you know how
to make it work in CXF or is it still broken in CXF?
http://www.nabble.com/cxf-server-using-https-td22412767.html
thanks
-gopal
GNarra wrote:
Freeman,
I get this error if I try it through Firefox, IE does nothing
Secure Connection Failed
An error occurred during a connection to localhost:8092.
Cannot communicate securely with peer: no common encryption algorithm(s).
(Error code: ssl_error_no_cypher_overlap)
thanks
-gopal
GNarra wrote:
Freeman,
I tried
https://localhost:8092/Services/MathService?wsdl
https://localhost:8092/Services/MathService/main.wsdl
thanks
-gopal
Freeman Fang wrote:
How you try load wsdl from your browser?
use
https://localhost:8092/Services/MathService?wsdl
?
Freeman
GNarra wrote:
Freeman,
I tried that and and that seemed to start the server in SSL but I
cannot hit
the WSDL anymore through IE or Firefox, I am attaching the appropriate
log
Apr 13, 2009 6:42:41 PM org.apache.cxf.endpoint.ServerImpl
initDestination
INFO: Setting the server's publish address to be
https://localhost:8092/Services/MathService
INFO - ServiceAssemblyLifeCycle - Starting service assembly:
samples-sa
INFO - ServiceUnitLifeCycle - Initializing service unit:
samples-cxf-se
INFO - ServiceUnitLifeCycle - Initializing service unit:
samples-cxf-bc
Apr 13, 2009 6:42:41 PM sun.reflect.NativeMethodAccessorImpl invoke0
INFO: Logging to org.slf4j.impl.JDK14LoggerAdapter(org.mortbay.log) via
org.mortbay.log.Slf4jLog
Apr 13, 2009 6:42:41 PM sun.reflect.NativeMethodAccessorImpl invoke0
INFO: jetty-6.1.6
Apr 13, 2009 6:42:42 PM org.apache.cxf.transport.https.SSLUtils
getCiphersuites
INFO: The cipher suites have not been configured, falling back to
cipher
suite filters.
Apr 13, 2009 6:42:42 PM org.apache.cxf.transport.https.SSLUtils
getCiphersFromList
INFO: The cipher suites have been set to SSL_RSA_WITH_RC4_128_MD5,
SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_DH_anon_WITH_R
C4_128_MD5, TLS_DH_anon_WITH_AES_128_CBC_SHA,
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, SSL_DH_anon_WITH_DES_CBC_SHA,
SSL_DH_anon_EXPORT_WITH_RC4_40_MD5, SSL_DH_a
non_EXPORT_WITH_DES40_CBC_SHA, TLS_KRB5_WITH_RC4_128_SHA,
TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA,
TLS_KRB5_WITH_3DES_EDE_CBC_MD5.
Apr 13, 2009 6:42:42 PM sun.reflect.NativeMethodAccessorImpl invoke0
INFO: Started [email protected]:8092
INFO - ServiceUnitLifeCycle - Starting service unit:
samples-cxf-se
Apr 13, 2009 6:42:42 PM
org.apache.cxf.service.factory.ReflectionServiceFactoryBean
buildServiceFromClass
INFO: Creating Service {http://samples.com/}MathService from class
com.samples.MathService
Apr 13, 2009 6:42:43 PM
org.apache.cxf.configuration.spring.ConfigurerImpl
getBeanName
INFO: Could not determine bean name for instance of class
org.apache.cxf.transport.jbi.JBIDestination.
Apr 13, 2009 6:42:43 PM org.apache.cxf.endpoint.ServerImpl
initDestination
INFO: Setting the server's publish address to be
jbi://ID-192-168-216-101-120a212d27b-19-0
INFO - ServiceUnitLifeCycle - Starting service unit:
samples-cxf-bc
thanks
-gopal
Freeman Fang wrote:
Hi,
If you really can't use fuse version now, one work around I can come
up
with is
rename your busCfg from cxf.xml to cxf-ssl.xml in your xbean.xml, and
copy cxf-ssl.xml to your $SMX_HOME directory,by this way, the busCfg
could be picked up.
Freeman
GNarra wrote:
Anybody,
Is there any way to get the SSL and CXF to work consistently? Any
workarounds? I would be glad to try anything at this point.
thanks
-gopal
GNarra wrote:
Freeman,
Do you have a JIRA for me so that I can manually patch my
installation?
Our infrastructure is built on top of SMX 3.3 and I just cannot rip
it
out
and replace with SMX 3.4.0.1 (fuse) without considerable effort.
I would definitely change when we do our next release.
thanks
-gopal
Freeman Fang wrote:
Hi,
The resource load problem already get resolved, try with FUSE ESB
3.4.0.1 [1](which is based on Apache Servicemix 3.3 but get
released
more frequently)
[1]http://repo.open.iona.com/maven2/org/apache/servicemix/apache-servicemix/3.4.0.1-fuse/
Freeman
GNarra wrote:
Freeman,
Uploading the sample for your reference, I think it might be 1)
busCfg
isn't
picked up but I cannot figure out why?
I am uploading the sample(samples-3.3.zip) code I have for your
reference
thanks
-gopal
Freeman Fang wrote:
Seems
1)the busCfg isn't picked up,
2) or the port QName you specified in
<http:destination
name="{http://samples.com/}MathServicePort.http-destination";>
</http:destination>
isn't match the one in your wsdl.
Freeman
GNarra wrote:
Freeman,
This is the only SA I deploy, I checked hotdeploy and there is
only
one
sa
more than what is shipped with SMX 3.3
thanks
-gopal
Freeman Fang wrote:
Hmm, do you already bind http protocol to port 8092? You may
already
have endpoint registered to use port 8092 with http(but not
https),
for
example you deploy another SA using 8092 with http(maybe the
cxf-wsdl-first example with kit?)
GNarra wrote:
Freeman,
I looked at the test and I am getting this error when I try
it...
xbean.xml configuration is
<cxfbc:consumer wsdl="classpath:MathService.wsdl"
busCfg="cxf.xml"
locationURI="https://localhost:8092/Services/MathService";
targetService="samples:MathService"
targetEndpoint="MathServicePort"
/>
the busCfg cxf.xml configuration, I use the keystore.jks that
ships
with
the
Servicemix.
<bean id="cxf" class="org.apache.cxf.bus.CXFBusImpl" />
<http:destination
name="{http://samples.com/}MathServicePort.http-destination";>
</http:destination>
<httpj:engine-factory bus="cxf">
<httpj:engine port="8092">
<httpj:tlsServerParameters>
<sec:keyManagers keyPassword="password">
<sec:keyStore type="JKS" password="servicemix"
resource="keystore.jks" />
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="JKS" password="servicemix"
resource="keystore.jks" />
</sec:trustManagers>
<sec:cipherSuitesFilter>
<!--
these filters ensure that a ciphersuite with
export-suitable
or
null encryption is used, but exclude anonymous
Diffie-Hellman
key
change as this is vulnerable to
man-in-the-middle attacks
-->
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
<sec:clientAuthentication want="true"
required="true" />
</httpj:tlsServerParameters>
</httpj:engine>
</httpj:engine-factory>
I get this error
ava.lang.Exception: <?xml version="1.0" encoding="UTF-8"?>
<jbi-task
xmlns="http://java.sun.com/xml/ns/jbi/management-message";
version="1.0">
<jbi-task-result>
<frmwk-task-result>
<frmwk-task-result-details>
<task-result-details>
<task-id>deploy</task-id>
<task-result>FAILED</task-result>
<message-type>ERROR</message-type>
</task-result-details>
</frmwk-task-result-details>
</frmwk-task-result>
<component-task-result
xmlns="http://java.sun.com/xml/ns/jbi/management-message";>
<component-name>servicemix-cxf-se</component-name>
<component-task-result-details>
<task-result-details>
<task-id>deploy</task-id>
<task-result>SUCCESS</task-result>
</task-result-details>
</component-task-result-details>
</component-task-result>
<component-task-result
xmlns="http://java.sun.com/xml/ns/jbi/management-message";>
<component-name>servicemix-cxf-se</component-name>
<component-task-result-details>
<task-result-details>
<task-id>deploy</task-id>
<task-result>SUCCESS</task-result>
</task-result-details>
</component-task-result-details>
</component-task-result>
<component-task-result>
<component-name>servicemix-cxf-bc</component-name>
<component-task-result-details>
<task-result-details>
<task-id>deploy</task-id>
<task-result>FAILED</task-result>
<message-type>ERROR</message-type>
<task-status-msg>
<msg-loc-info>
<loc-token/>
<loc-message>Unable to parse result string</loc-message>
</msg-loc-info>
</task-status-msg>
<exception-info>
<nesting-level>1</nesting-level>
<loc-token/>
<loc-message>java.io.IOException: Protocol mismatch for port
8092:
engine's
protocol is http, the url protocol is https</loc-message>
<stack-trace><![CDATA[javax.jbi.management.DeploymentException:
java.io.IOException: Protocol mismatch for port 8092: engine's
protocol
is
http, the url protocol is https
at
org.apache.servicemix.cxfbc.CxfBcConsumer.validate(CxfBcConsumer.java:441)
at
org.apache.servicemix.common.AbstractDeployer.validate(AbstractDeployer.java:58)
at
org.apache.servicemix.common.xbean.BaseXBeanDeployer.validate(BaseXBeanDeployer.java:55)
at
org.apache.servicemix.common.xbean.AbstractXBeanDeployer.deploy(AbstractXBeanDeployer.java:96)
at
org.apache.servicemix.common.BaseServiceUnitManager.doDeploy(BaseServiceUnitManager.java:88)
at
org.apache.servicemix.common.BaseServiceUnitManager.deploy(BaseServiceUnitManager.java:69)
at
org.apache.servicemix.jbi.framework.DeploymentService.deployServiceAssembly(DeploymentService.java:508)
at
org.apache.servicemix.jbi.framework.AutoDeploymentService.checkPendingSAs(AutoDeploymentService.java:482)
at
org.apache.servicemix.jbi.framework.AutoDeploymentService.checkPendingComponents(AutoDeploymentService.java:535)
at
org.apache.servicemix.jbi.framework.AutoDeploymentService.updateSharedLibrary(AutoDeploymentService.java:317)
at
org.apache.servicemix.jbi.framework.AutoDeploymentService.updateArchive(AutoDeploymentService.java:254)
at
org.apache.servicemix.jbi.framework.AutoDeploymentService.monitorDirectory(AutoDeploymentService.java:667)
at
org.apache.servicemix.jbi.framework.AutoDeploymentService.access$800(AutoDeploymentService.java:62)
at
org.apache.servicemix.jbi.framework.AutoDeploymentService$1.run(AutoDeploymentService.java:631)
at java.util.TimerThread.mainLoop(Timer.java:512)
at java.util.TimerThread.run(Timer.java:462)
Caused by: java.io.IOException: Protocol mismatch for port
8092:
engine's
protocol is http, the url protocol is https
at
org.apache.cxf.transport.http_jetty.JettyHTTPServerEngineFactory.createJettyHTTPServerEngine(JettyHTTPServerEngineFactory.java:205)
at
org.apache.cxf.transport.http_jetty.JettyHTTPDestination.retrieveEngine(JettyHTTPDestination.java:106)
at
org.apache.cxf.transport.http_jetty.JettyHTTPDestination.finalizeConfig(JettyHTTPDestination.java:134)
at
org.apache.cxf.transport.http_jetty.JettyHTTPTransportFactory.createDestination(JettyHTTPTransportFactory.java:123)
at
org.apache.cxf.transport.http_jetty.JettyHTTPTransportFactory.getDestination(JettyHTTPTransportFactory.java:103)
at
org.apache.cxf.endpoint.ServerImpl.initDestination(ServerImpl.java:90)
at
org.apache.cxf.endpoint.ServerImpl.<init>(ServerImpl.java:58)
at
org.apache.servicemix.cxfbc.CxfBcConsumer.validate(CxfBcConsumer.java:435)
... 15 more
]]></stack-trace>
</exception-info>
</task-result-details>
</component-task-result-details>
</component-task-result>
</jbi-task-result>
</jbi-task>
at
org.apache.servicemix.jbi.framework.ManagementSupport.failure(ManagementSupport.java:125)
at
org.apache.servicemix.jbi.framework.ManagementSupport.failure(ManagementSupport.java:111)
at
org.apache.servicemix.jbi.framework.DeploymentService.deployServiceAssembly(DeploymentService.java:543)
at
org.apache.servicemix.jbi.framework.AutoDeploymentService.checkPendingSAs(AutoDeploymentService.java:482)
at
org.apache.servicemix.jbi.framework.AutoDeploymentService.checkPendingComponents(AutoDeploymentService.java:535)
at
org.apache.servicemix.jbi.framework.AutoDeploymentService.updateSharedLibrary(AutoDeploymentService.java:317)
at
org.apache.servicemix.jbi.framework.AutoDeploymentService.updateArchive(AutoDeploymentService.java:254)
at
org.apache.servicemix.jbi.framework.AutoDeploymentService.monitorDirectory(AutoDeploymentService.java:667)
at
org.apache.servicemix.jbi.framework.AutoDeploymentService.access$800(AutoDeploymentService.java:62)
at
org.apache.servicemix.jbi.framework.AutoDeploymentService$1.run(AutoDeploymentService.java:631)
at java.util.TimerThread.mainLoop(Timer.java:512)
at java.util.TimerThread.run(Timer.java:462)
thanks
-gopal
Freeman Fang wrote:
Hi,
Take a look at [1] and [2], those test demostrate how to
configure
SSL
for servicemix-cxf-bc consumer and provider.
[1]http://svn.apache.org/repos/asf/servicemix/smx3/branches/servicemix-3.2/deployables/bindingcomponents/servicemix-cxf-bc/src/test/java/org/apache/servicemix/cxfbc/ws/security/CxfBcHttpsConsumerTest.java
[2]http://svn.apache.org/repos/asf/servicemix/smx3/branches/servicemix-3.2/deployables/bindingcomponents/servicemix-cxf-bc/src/test/java/org/apache/servicemix/cxfbc/ws/security/CxfBcProviderHttpsTest.java
Freeman
GNarra wrote:
Hi All,
Can you somebody post a example on how to configure CXF SSL
in
Servicemix? I
see examples only for http and not for https
thanks
-gopal
--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com
--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com
--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com
http://www.nabble.com/file/p22983203/samples-3.3.zip
samples-3.3.zip
--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com
--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com
--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com
--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com
