I have generated self signed certificate using keytool command. and successfully configured https at jboss fuse level and port assigned to it is 8443. https://localhost:8443/hawtio/login works perfectly fine. In apache cxf i am facing issue. following configuration is done in blueprint xml file.
<cxf:rsServer address="http://0.0.0.0:9192/"
id="serviceOrderEndpoint" serviceClass="pk.com.telenor.so.controller.ServiceOrder"/>
<cxfcore:bus/>
<httpj:engine-factory bus="cxf">
<httpj:engine port="8443">
<httpj:tlsServerParameters secureSocketProtocol="TLSv1">
<sec:keyManagers keyPassword="password">
<sec:keyStore resource="certs/jbossfuse-dev.jks" password="password" type="JKS"/>
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore resource="certs/jbossfuse-dev.jks" password="password" type="JKS"/>
</sec:trustManagers>
<sec:cipherSuitesFilter>
<sec:include>.*_WITH_3DES_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:exclude>.*_WITH_NULL_.*</sec:exclude>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
<sec:clientAuthentication want="true" required="false"/>
</httpj:tlsServerParameters>
</httpj:engine>
</httpj:engine-factory>
I want to run it on https://localhost:9192/
In pom.xml file i have placed the following dependencies:
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-server</artifactId>
<version>9.3.0.M0</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.apache.cxf/cxf-rt-frontend-jaxws -->
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxws</artifactId>
<version>2.5.1</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.apache.cxf/cxf-rt-transports-http -->
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-transports-http</artifactId>
<version>2.2.3</version>
</dependency>
This is the issue that i am facing
Caused by: java.lang.ClassNotFoundException: org.apache.cxf.jaxb.JAXBDataBinding not found by org.apache.cxf.cxf-rt-wsdl
When you said "configured https at jboss fuse level " I believe you mean you configured in the $JBOSS_FUSE/etc/org.ops4j.pax.web.cfg.
Then as your cxf rs endpoint get deployed into the JBoss FUSE container, the best practice is that this endpoint use the servlet transport managed by this container(the HTTP OSGi service implmented by OPS4J PAXWEB with jetty), so your configuration address for the cxf:rsServer should be relative address like address="/myendpoint", then you can access it from
https://localhost:8443/cxf/myendpoint.
Also, as the https already configured at JBoss FUSE level, you don't need
<httpj:engine-factory bus="cxf">
...
</httpj:engine-factory>
stuff.
Freeman
Related
I am trying to publish secured SOAP server as a consuming endpoint at JBoss Fuse camel route.
I have the following endpoint and Jetty-security description in my Blueprint configuration:
...
<cxf:cxfEndpoint
xmlns:crm="http://www.bank.com/CRM"
id="crmOutboundService"
address="https://localhost:9001/cxf/CRMOutbound"
serviceName="crm:CRMOutboundRq"
endpointName="crm:ASBOCRMOutPort"
wsdlURL="model/ASBOCRMOut/CRMOutboundRq.wsdl"
serviceClass="com.bank.SAXSourceService">
<cxf:properties>
<entry key="dataFormat" value="PAYLOAD"/>
</cxf:properties>
</cxf:cxfEndpoint>
<httpj:engine-factory bus="cxf">
<httpj:engine port="9001">
<httpj:tlsServerParameters secureSocketProtocol="TLSv1">
<sec:keyManagers keyPassword="password">
<sec:keyStore type="JKS" password="password"
file="/opt/esb/security/keystore.jks"/>
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="JKS" password="password"
file="/opt/esb/security/truststore.jks"/>
</sec:trustManagers>
<sec:cipherSuitesFilter>
<sec:include>.*_WITH_3DES_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:exclude>.*_WITH_NULL_.*</sec:exclude>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
<sec:clientAuthentication want="true" required="true"/>
</httpj:tlsServerParameters>
</httpj:engine>
</httpj:engine-factory>
...
Everything as in manual from here: https://access.redhat.com/documentation/en-us/red_hat_jboss_fuse/6.2/pdf/apache_cxf_security_guide/Red_Hat_JBoss_Fuse-6.2-Apache_CXF_Security_Guide-en-US.pdf
I have (among others) the following dependencies in pom.xml:
<dependency>
<groupId>org.apache.camel</groupId>
<artifactId>camel-blueprint</artifactId>
</dependency>
<dependency>
<groupId>org.apache.camel</groupId>
<artifactId>camel-cxf</artifactId>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-transports-http-jetty</artifactId>
</dependency>
When application bundle is deployed into JBoss Fuse the following exception comes:
org.osgi.service.blueprint.container.ComponentDefinitionException: Unable to load class org.eclipse.jetty.server.Connector from recipe MapRecipe[name='#recipe-11850']"
The questions are: why does such an error take place and what is the right way to establish secured SOAP server in JBoss Fuse?
We have ended up with adding the following directive into Blueprint descriptor:
<bean id="server" class="org.eclipse.jetty.server.Server"/>
The error has gone, and the application is working correctly, but we do not actually understand why, because there are no any references to the new bean. We are trying to figure out, if this directive starts new instance of Jetty server.
I trying to do migration from S3n to S3a for my Flink application.
I have written my custom rolling sink for writing data into aws S3. Its accepts URL as base path like S3a:///.
Its works for S3n and when i did following changes for S3a, its throws following exception.
Its seems like core-site.xml is not picking up incase of S3a for AWS credential.
its using AWS default loader for loading the credentials.
Please let me know what configuration is missing for this. Right now i am running in eclipse development enviornment,how its works in flink cluster mode?
Exception is:
com.amazonaws.AmazonClientException: Unable to load AWS credentials from any provider in the chain
at com.amazonaws.auth.AWSCredentialsProviderChain.getCredentials(AWSCredentialsProviderChain.java:117)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:3521)
at com.amazonaws.services.s3.AmazonS3Client.headBucket(AmazonS3Client.java:1031)
at com.amazonaws.services.s3.AmazonS3Client.doesBucketExist(AmazonS3Client.java:994)
at org.apache.hadoop.fs.s3a.S3AFileSystem.initialize(S3AFileSystem.java:297)
at org.apache.hadoop.fs.FileSystem.createFileSystem(FileSystem.java:2316)
at org.apache.hadoop.fs.FileSystem.access$200(FileSystem.java:90)
at org.apache.hadoop.fs.FileSystem$Cache.getInternal(FileSystem.java:2350)
at org.apache.hadoop.fs.FileSystem$Cache.get(FileSystem.java:2332)
at org.apache.hadoop.fs.FileSystem.get(FileSystem.java:369)
at org.apache.hadoop.fs.Path.getFileSystem(Path.java:296)
at com.abc.abc.common.sinks.CustomRollingSink.open(CustomRollingSink.java:260)
I am using the flink 1.0.0 version and following dependecies into the project pom file and core-site .xml for AWS credentials.
<property>
<name>fs.s3a.awsAccessKeyId</name>
<value>value..</value>
</property>
<property>
<name>fs.s3a.awsSecretAccessKey</name>
<value>values...</value>
</property>
<property>
<name>fs.s3a.impl</name>
<value>org.apache.hadoop.fs.s3a.S3AFileSystem</value>
</property>
Pom file:
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-aws</artifactId>
<version>2.7.2</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.2.5</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpcore</artifactId>
<version>4.2.5</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.6.3</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
<version>2.6.3</version>
</dependency>
I have a camel route fronted with a CXF Web Service consumer (from). I'm deploying in Glassfish 4.0 and this works fine when using the servlet spec 2.4. I now need to enhance the route by adding some persistence along the way which is being done with JPA. Doing this requires an upgrade to servlet spec 2.5+ (I've gone to 3.0)
When the servlet spec is changed to 2.5+ the following error occurs on deployment: java.lang.IllegalStateException: The lifecycle method [finalizeConfig] must not throw a checked exception. Most solutions to this say to remove cxf-rt-transports-http-jetty-2.7.11.jar.
When the jetty jar is removed, the deployment error becomes: java.io.IOException: Could not find destination factory for transport http://schemas.xmlsoap.org/soap/http
Solutions to this, such as CXF BusException No DestinationFactory for namespace http://cxf.apache.org/transports/http OR org.apache.cxf.BusException: No DestinationFactory was found for the namespace http://schemas.xmlsoap.org/soap/http/ say to import the cxf-servlet.xml file which then requires the inclusion of the jar cxf-rt-transports-http-2.7.11.jar (I removed this when I removed the jetty jar). Including these files then gives the following deployment error: java.io.IOException: Cannot find any registered HttpDestinationFactory from the Bus.
The solutions for this error all say to include the jar cxf-rt-transports-http-jetty-2.7.11.jar. This puts me back where I started having to remove it due to the servlet spec upgrade.
I've been able to create a small project to demonstrate this and have included the contents below. I've also tried deploying on Glassfish 4.1 and various combinations of different jar versions (CXF 3.0 excluding the 2.7 jars from camel etc) but I'm still unable to deploy the app in Glassfish.
I'm able to run this with the maven camel plugin 'mvm camel:run' (this requires de-scoping the cxf-rt-transports-http*.jar files from test. Of course this works because I'm outside the glassfish container.
Any help would be greatly appreciated.
pom.xml:
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.example</groupId>
<artifactId>camel-cxf-gf</artifactId>
<packaging>war</packaging>
<version>0.1</version>
<name>Camel with CXF in GF</name>
<properties>
<camel-version>2.13.1</camel-version>
<cxf-version>2.7.11</cxf-version>
<buildNumber>0.1</buildNumber>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>4.0.6.RELEASE</version>
</dependency>
<dependency>
<groupId>org.apache.camel</groupId>
<artifactId>camel-core</artifactId>
<version>${camel-version}</version>
</dependency>
<dependency>
<groupId>org.apache.camel</groupId>
<artifactId>camel-cxf</artifactId>
<version>${camel-version}</version>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.17</version>
</dependency>
<!-- cxf using slf4j -->
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>1.7.5</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.7.5</version>
</dependency>
<!-- using Jetty with CXF -->
<!-- "The Google" says to exclude this when deploying to Glassfish (test scope only) -->
<!-- To run with mvn camel:run, comment out the test scope on BOTH cxf-rt dependencies -->
<!-- However, if present for GF deploy, you get the error: The lifecycle method [finalizeConfig] must not throw a checked exception -->
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-transports-http-jetty</artifactId>
<version>${cxf-version}</version>
<scope>test</scope>
</dependency>
<!-- "The Google" says to exclude this (test scope only) -->
<!-- To run with mvn camel:run, comment out the test scope on BOTH cxf-rt dependencies -->
<!-- If present for GF deploy, you get the error: java.io.IOException: Cannot find any registered HttpDestinationFactory from the Bus -->
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-transports-http</artifactId>
<version>${cxf-version}</version>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>2.5.1</version>
<configuration>
<source>1.7</source>
<target>1.7</target>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-resources-plugin</artifactId>
<version>2.6</version>
<configuration>
<encoding>UTF-8</encoding>
</configuration>
</plugin>
<!-- allows the route to be executed via 'mvn camel:run', NOTE: must comment out the test scope on the cxf-rt-transports dependencies above.... -->
<plugin>
<groupId>org.apache.camel</groupId>
<artifactId>camel-maven-plugin</artifactId>
<version>${camel-version}</version>
<configuration>
<fileApplicationContextUri>
classpath:META-INF/applicationContext.xml
</fileApplicationContextUri>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
<version>2.3</version>
<configuration>
<webXml>web/WEB-INF/web.xml</webXml>
<failOnMissingWebXml>true</failOnMissingWebXml>
<archive>
<manifestEntries>
<Build-Version>${project.version}</Build-Version>
<Build-Revision>${buildNumber}</Build-Revision>
<Build-Date>${maven.build.timestamp}</Build-Date>
</manifestEntries>
</archive>
</configuration>
</plugin>
</plugins>
</build>
</project>
web.xml:
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
<display-name>Camel CXF, JMS Web Application</display-name>
<!-- location of spring xml files -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:META-INF/applicationContext.xml</param-value>
</context-param>
<!-- the listener that kick-starts Spring -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
</web-app>
The CXF Service:
package com.example;
import javax.jws.WebMethod;
import javax.jws.WebParam;
import javax.jws.WebResult;
import javax.jws.WebService;
#WebService(serviceName = "HelloMessage", targetNamespace = "http://example.com/")
public interface HelloMessageEndpoint {
#WebMethod(operationName = "sayHello")
#WebResult(name = "messageAnswer", targetNamespace = "http://example.com/", partName = "messageAnswer")
public String sayHello(#WebParam(name = "name") String name);
}
My applicationContext.xml which contains the Spring DSL camel route (under resources/META-INF):
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:cxf="http://camel.apache.org/schema/cxf"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://camel.apache.org/schema/spring
http://camel.apache.org/schema/spring/camel-spring.xsd
http://camel.apache.org/schema/cxf
http://camel.apache.org/schema/cxf/camel-cxf.xsd
">
<import resource="classpath:META-INF/cxf/cxf.xml"/>
<!-- This doesn't seem to make a difference -->
<!--<import resource="classpath:META-INF/cxf/cxf-extension-camel.xml"/>-->
<!-- When cxf-rt-transports-http is removed (test scope) cxf-servlet.xml is no longer available -->
<!--<import resource="classpath:META-INF/cxf/cxf-servlet.xml"/>-->
<import resource="classpath:META-INF/cxf/cxf-extension-soap.xml"/>
<cxf:cxfEndpoint id="helloMessageEndpoint"
address="http://0.0.0.0:9000/HelloWS/"
serviceClass="com.example.HelloMessageEndpoint"
endpointName="HelloMessageEndpoint"
serviceName="HelloMessage"
loggingFeatureEnabled="false"/>
<camelContext id="messageContext" streamCache="true" xmlns="http://camel.apache.org/schema/spring">
<route>
<from uri="cxf:bean:helloMessageEndpoint"/>
<log loggingLevel="INFO" message="====> CXF Message Body: ${body}"/>
</route>
</camelContext>
</beans>
As you are using address="http://0.0.0.0:9000/HelloWS/", not the relative path, cxf-rt-transports-http-jetty-2.7.11.jar is need. If you want to use the servlet transport you need to deploy the CXFServlet in you web.xml first, and setup the address of to be relative path, then you should be able to access the CXF endpoint there.
I need to create SSL secured Web Service client using CXF Spring configuration
and I wonder how do I tell to CXF to use client certificate from my keystore?
Do i need to create cxf.xml file under WEB-INF ?
If yes what should i include there?
I need just the client side, as the server side is a 3rd party provider im connecting to.
I do have the following dependencies in my pom
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxws</artifactId>
<version>${cxf.version}</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-transports-http</artifactId>
<version>${cxf.version}</version>
</dependency>
Thank you!
I had the same problem and didn't find a spring way to config it. So I do this.
how about http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html#ClientHTTPTransport%28includingSSLsupport%29-ConfiguringSSLSupport
<http:conduit name="{http://apache.org/hello_world}HelloWorld.http-conduit">
<http:tlsClientParameters>
<sec:keyManagers keyPassword="password">
<sec:keyStore type="JKS" password="password"
file="my/file/dir/Morpit.jks"/>
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="JKS" password="password"
file="my/file/dir/Truststore.jks"/>
</sec:trustManagers>
<sec:cipherSuitesFilter>
<!-- these filters ensure that a ciphersuite with export-suitable or null encryption is used, but exclude anonymous Diffie-Hellman key change as
this is vulnerable to man-in-the-middle attacks -->
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_AES_.*</sec:include>
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
</http:tlsClientParameters>
<http:authorization>
<sec:UserName>Betty</sec:UserName>
<sec:Password>password</sec:Password>
</http:authorization>
<http:client AutoRedirect="true" Connection="Keep-Alive"/>
</http:conduit>
I'm trying to make GAE 1.7.5 work with Maven:
<properties>
<gae.version>1.7.5</gae.version>
<gae-runtime.version>1.7.5.1</gae-runtime.version>
<maven.gae.plugin.version>0.9.6</maven.gae.plugin.version>
</properties>
<plugin>
<groupId>net.kindleit</groupId>
<artifactId>maven-gae-plugin</artifactId>
<version>${maven.gae.plugin.version}</version>
<configuration>
<unpackVersion>${gae.version}</unpackVersion>
<serverId>appengine.google.com</serverId>
<appDir>${webappDirectory}</appDir>
</configuration>
<dependencies>
<dependency>
<groupId>net.kindleit</groupId>
<artifactId>gae-runtime</artifactId>
<version>${gae-runtime.version}</version>
<type>pom</type>
</dependency>
</dependencies>
</plugin>
However there is this problem:
[WARNING] The POM for net.kindleit:maven-gae-plugin:jar:0.9.6 is missing, no dependency information available
[WARNING] Failed to retrieve plugin descriptor for net.kindleit:maven-gae-plugin:0.9.6: Plugin net.kindleit:maven-gae-plugin:0.9.6 or one of its dependencies could not be resolved: Failed to read artifact descriptor for net.kindleit:maven-gae-plugin:jar:0.9.6
[WARNING] The POM for org.eclipse.m2e:lifecycle-mapping:jar:1.0.0 is invalid, transitive dependencies (if any) will not be available, enable debug logging for more details
Then eventually, will end into BUILD FAILURE.
How to build my GAE against version 1.7.5 with Maven?
You can use the App Engine Maven Plugin. We also have a guestbook sample app on github.
The official appengine-maven-plugin supports 1.7.6, you could use the 1.7.5 version if you want, but 1.7.6 is current now.