CXF ssl sample using CXF APIs

Arul Dhesiaseelan wrote:

Hello,

I was trying to use CXF APIs to configure SSL on the service. But, I am
getting an illegal state exception: Port 9001 is configured with wrong
protocol "http" for "https://localhost:9001/hello"

    JaxWsServerFactoryBean sf = new JaxWsServerFactoryBean();
    sf.setServiceClass(HelloWorld.class);  
    sf.getServiceFactory().setWrapped(true);

    QName name = new QName("http://test.com", "ws", "");
    sf.setServiceName(name);
    sf.setAddress("https://localhost:9001/hello");

    HelloWorld helloService = new HelloWorldImpl();

Arul Dhesiaseelan wrote:

Hi Glen,

I am not using Spring in my service as all my web services are creating
dynamically using JaxWsServerFactoryBean.

Is it possible to use Spring configuration only for using SSL on the CXF
service and do the service creation using CXF APIs (without spring config)?

My HelloWorld interface just has single hello method. It does not refer
to any WSDL.

Thanks,
Arul

Arul Dhesiaseelan wrote:

Can someone look into this pls?

I am close to making this work. But, figuring out what could be wrong is
still a puzzle to me.

Thank you,
Arul

Arul Dhesiaseelan wrote:
> Hello,
>
> I did some debugging using CXF 2.1.1 sources. I see the problem in
> line 201 in JettyHTTPServerEngineFactory.createJettyHTTPServerEngine()
> where it makes a call to ref.finalizeConfig().
>
> In JettyHTTPServerEngine.finalizeConfig(), it calls method
> retrieveListenerFactory(). In this method the "tlsServerParameters" is
> null so the protocol is defaulted to "http" and finally throws the
> exception.
>
> This tells me that I am not correctly setting the TLSServerParameters
> to the JettyHTTPServerEngine in my code in the correct order. Or, I am
> not creating the JettyHTTPServerEngine instance properly.
>
> Does some one help me if I am missing something here?
>
> Appreciate your help.
>
> -Arul
>
> Arul Dhesiaseelan wrote:
>> Hello,
>>
>> I was trying to use CXF APIs to configure SSL on the service. But, I
>> am getting an illegal state exception: Port 9001 is configured with
>> wrong protocol "http" for "https://localhost:9001/hello"
>>
>>    JaxWsServerFactoryBean sf = new JaxWsServerFactoryBean();
>>    sf.setServiceClass(HelloWorld.class);      
>> sf.getServiceFactory().setWrapped(true);
>>
>>    QName name = new QName("http://test.com", "ws", "");
>>    sf.setServiceName(name);
>>    sf.setAddress("https://localhost:9001/hello");
>>
>>    HelloWorld helloService = new HelloWorldImpl();
>>
>>    sf.getServiceFactory().setInvoker(new BeanInvoker(helloService));
>>    //org.apache.cxf.endpoint.Server server = sf.create();
>>
>>    JettyHTTPServerEngineFactory factory =
>> sf.getBus().getExtension(JettyHTTPServerEngineFactory.class);
>>
>>    TLSServerParameters tlsParams = new TLSServerParameters();
>>    JettyHTTPServerEngine engine = null;
>>    try {
>>      engine = factory.createJettyHTTPServerEngine(9001, "https");
>>      KeyStore keyStore = KeyStore.getInstance("JKS");
>>      String trustpass = "password";
>>      File truststore = new
>> File("C:\\apache-cxf-2.1.1\\samples\\wsdl_first_https\\certs\\cherry.jks");
>>
>>      keyStore.load(new FileInputStream(truststore),
>> trustpass.toCharArray());
>>      KeyManagerFactory keyFactory =
>> KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
>>      keyFactory.init(keyStore, trustpass.toCharArray());
>>      KeyManager[] km = keyFactory.getKeyManagers();
>>      tlsParams.setKeyManagers(km);
>>
>>      truststore = new
>> File("C:\\apache-cxf-2.1.1\\samples\\wsdl_first_https\\certs\\truststore.jks");
>>
>>      keyStore.load(new FileInputStream(truststore),
>> trustpass.toCharArray());
>>      TrustManagerFactory trustFactory =
>> TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
>>
>>      trustFactory.init(keyStore);
>>      TrustManager[] tm = trustFactory.getTrustManagers();
>>      tlsParams.setTrustManagers(tm);
>>      FiltersType filter = new FiltersType();
>>      filter.getInclude().add(".*_EXPORT_.*");
>>      filter.getInclude().add(".*_EXPORT1024_.*");
>>      filter.getInclude().add(".*_WITH_DES_.*");
>>      filter.getInclude().add(".*_WITH_NULL_.*");
>>      filter.getExclude().add(".*_DH_anon_.*");
>>      tlsParams.setCipherSuitesFilter(filter);
>>      ClientAuthentication ca = new ClientAuthentication();
>>      ca.setRequired(true);
>>      ca.setWant(true);
>>      tlsParams.setClientAuthentication(ca);
>>      tlsParams.setSecureSocketProtocol("SSL");
>>      if (engine != null) {
>>        engine.setTlsServerParameters(tlsParams);
>>      }
>>    } catch (KeyStoreException kse) {
>>    } catch (NoSuchAlgorithmException nsa) {
>>    } catch (FileNotFoundException fnfe) {
>>    } catch (UnrecoverableKeyException uke) {
>>    } catch (CertificateException ce) {
>>    } catch (GeneralSecurityException gse) {
>>    } catch (IOException ioe) {
>>    }
>>
>>    List<JettyHTTPServerEngine> engines = new
>> ArrayList<JettyHTTPServerEngine>();
>>    if (engine != null)
>>      engines.add(engine);
>>    factory.setEnginesList(engines);
>>    org.apache.cxf.endpoint.Server server = sf.create();
>>    ((JettyHTTPServerEngine) ((JettyHTTPDestination)
>> server.getDestination()).getEngine()).setJettyHTTPServerEngineFactory(factory);
>>
>>
>>    String endpoint =
>> server.getEndpoint().getEndpointInfo().getAddress();
>>    System.out.println("Server started at " + endpoint);
>>
>>
>> But when I start the service, I get the below error:
>>
>> Jul 21, 2008 9:15:10 AM
>> org.apache.cxf.service.factory.ReflectionServiceFactoryBean
>> buildServiceFromClass
>> INFO: Creating Service {http://test.com}ws from class
>> com.test.cxf.HelloWorld
>> Exception in thread "main" java.lang.IllegalStateException: Port 9001
>> is configured with wrong protocol "http" for
>> "https://localhost:9001/hello"
>>    at
>> org.apache.cxf.transport.http_jetty.JettyHTTPDestination.retrieveEngine(JettyHTTPDestination.java:115)
>>
>>    at
>> org.apache.cxf.transport.http_jetty.JettyHTTPDestination.finalizeConfig(JettyHTTPDestination.java:134)
>>
>>    at
>> org.apache.cxf.transport.http_jetty.JettyHTTPTransportFactory.createDestination(JettyHTTPTransportFactory.java:123)
>>
>>    at
>> org.apache.cxf.transport.http_jetty.JettyHTTPTransportFactory.getDestination(JettyHTTPTransportFactory.java:103)
>>
>>    at
>> org.apache.cxf.endpoint.ServerImpl.initDestination(ServerImpl.java:90)
>>    at org.apache.cxf.endpoint.ServerImpl.<init>(ServerImpl.java:69)
>>    at
>> org.apache.cxf.frontend.ServerFactoryBean.create(ServerFactoryBean.java:115)
>>
>>    at
>> org.apache.cxf.jaxws.JaxWsServerFactoryBean.create(JaxWsServerFactoryBean.java:164)
>>
>>    at com.test.cxf.Server.main(Server.java:104)
>>    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>    at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>
>>    at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>
>>    at java.lang.reflect.Method.invoke(Method.java:585)
>>    at
>> com.intellij.rt.execution.application.AppMain.main(AppMain.java:90)
>>
>>
>> Any thoughts on this issue?
>>
>> Thank you,
>> -Arul
>>
>>
>> ______________________________
>

Arul Dhesiaseelan wrote:

Glen,

Thanks for all your help. I appreciate your inputs.

I did a quick test using the spring-configs and embedded Jetty server
(JaxWsServerFactoryBean). It worked like a charm. CXF uses Jetty SSL
connector to support SSL (CXFJettySslSocketConnector).

My only gut feeling says if embedded Jetty supports SSL using
spring-config, it should support Java APIs as well.

-Arul

Glen Mazza wrote:
> Actually, we may not be able to support SSL with embedded Jetty anyway--look
> at this thread, as well as a J2SE 6.0 based alternative solution:
>
> http://www.nabble.com/Help-needed-for-SSL-and-Basic-authentication-tt17761832.html
>
> HTH,
> Glen
>
>
> Glen Mazza wrote:
>  
>> While I hope others can help you with your problem, if you want to use
>> SSL, I suspect you'd be better off with a standalone container[1]
>> anyway--WAR file, web.xml, all that good stuff--this way at least you know
>> what you're coding on top of.  I just haven't researched SSL over embedded
>> Jetty containers.
>>
>> Glen
>>
>> [1] http://www.jroller.com/gmazza/entry/setting_up_ssl_and_basic
>>
>>
>> Arul Dhesiaseelan wrote:
>>    
>>> Can someone look into this pls?
>>>
>>> I am close to making this work. But, figuring out what could be wrong is
>>> still a puzzle to me.
>>>
>>> Thank you,
>>> Arul
>>>
>>> Arul Dhesiaseelan wrote:
>>>      
>>>> Hello,
>>>>
>>>> I did some debugging using CXF 2.1.1 sources. I see the problem in
>>>> line 201 in JettyHTTPServerEngineFactory.createJettyHTTPServerEngine()
>>>> where it makes a call to ref.finalizeConfig().
>>>>
>>>> In JettyHTTPServerEngine.finalizeConfig(), it calls method
>>>> retrieveListenerFactory(). In this method the "tlsServerParameters" is
>>>> null so the protocol is defaulted to "http" and finally throws the
>>>> exception.
>>>>
>>>> This tells me that I am not correctly setting the TLSServerParameters
>>>> to the JettyHTTPServerEngine in my code in the correct order. Or, I am
>>>> not creating the JettyHTTPServerEngine instance properly.
>>>>
>>>> Does some one help me if I am missing something here?
>>>>
>>>> Appreciate your help.
>>>>
>>>> -Arul
>>>>
>>>> Arul Dhesiaseelan wrote:
>>>>        
>>>>> Hello,
>>>>>
>>>>> I was trying to use CXF APIs to configure SSL on the service. But, I
>>>>> am getting an illegal state exception: Port 9001 is configured with
>>>>> wrong protocol "http" for "https://localhost:9001/hello"
>>>>>
>>>>>    JaxWsServerFactoryBean sf = new JaxWsServerFactoryBean();
>>>>>    sf.setServiceClass(HelloWorld.class);      
>>>>> sf.getServiceFactory().setWrapped(true);
>>>>>
>>>>>    QName name = new QName("http://test.com", "ws", "");
>>>>>    sf.setServiceName(name);
>>>>>    sf.setAddress("https://localhost:9001/hello");
>>>>>
>>>>>    HelloWorld helloService = new HelloWorldImpl();
>>>>>
>>>>>    sf.getServiceFactory().setInvoker(new BeanInvoker(helloService));
>>>>>    //org.apache.cxf.endpoint.Server server = sf.create();
>>>>>
>>>>>    JettyHTTPServerEngineFactory factory =
>>>>> sf.getBus().getExtension(JettyHTTPServerEngineFactory.class);
>>>>>
>>>>>    TLSServerParameters tlsParams = new TLSServerParameters();
>>>>>    JettyHTTPServerEngine engine = null;
>>>>>    try {
>>>>>      engine = factory.createJettyHTTPServerEngine(9001, "https");
>>>>>      KeyStore keyStore = KeyStore.getInstance("JKS");
>>>>>      String trustpass = "password";
>>>>>      File truststore = new
>>>>> File("C:\