I am currently studying WS-Security and using CXF to build a basic example with signature and encryption actions. I set the client and server to sign and encrypt the request and response respectively.
I am using Spring to configure the server. This is the configuration:
<context:component-scan base-package="com.jfjp.ws" />
<bean id="passwordCallback" class="com.jfjp.ws.service.ServerPasswordCallback" />
<jaxws:endpoint id="greetServiceWS" implementor="#greetService" address="/Greeting">
<jaxws:inInterceptors>
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<entry key="action" value="UsernameToken Signature Encrypt"/>
<entry key="signaturePropFile" value="server_signverf.properties"/>
<entry key="decryptionPropFile" value="server_decrypt.properties"/>
<entry key="encryptionKeyIdentifier" value="password"/>
<entry key="passwordCallbackRef">
<ref bean="passwordCallback"/>
</entry>
</map>
</constructor-arg>
</bean>
<bean class="org.apache.cxf.interceptor.LoggingInInterceptor"></bean>
</jaxws:inInterceptors>
<jaxws:outInterceptors>
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<constructor-arg>
<map>
<entry key="action" value="Signature Encrypt"/>
<entry key="user" value="server"/>
<entry key="signaturePropFile" value="server_sign.properties"/>
<entry key="encryptionPropFile" value="server_encrypt.properties"/>
<entry key="encryptionUser" value="client"/>
<entry key="passwordCallbackRef">
<ref bean="passwordCallback"/>
</entry>
</map>
</constructor-arg>
</bean>
<bean class="org.apache.cxf.interceptor.LoggingOutInterceptor"></bean>
</jaxws:outInterceptors>
</jaxws:endpoint>
To encrypt the response I need to know the client's public key and I'm doing this by setting the value of encryptionUser with the client certificate alias. But if I do this I can only have one client.
I can configure multiple clients if I use an endpoint for each of them. Is this the correct way?
Can I set the value of encryptionUser dynamically?
Yes. There is a special value for "encryptionUser" for this scenario -> "useReqSigCert". It uses the client signing certificate to encrypt the response to the client.
See here: http://ws.apache.org/wss4j/config.html
Related
I am setting up a ServieMix instance using apache-camel as the routing engine, with my routes defined in a blueprint.xml. I am trying to configure ActiveMQ for my blueprint to be completely isolated from anything else (use its own, private, broker).
Here is my camel blueprint XML
<?xml version="1.0" encoding="UTF-8"?>
<blueprint
xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.0.0"
>
<bean id="record_ip" class="my.service.RecordIP"/>
<bean id="jmsConnectionFactory"
class="org.apache.activemq.ActiveMQConnectionFactory">
<property name="brokerURL" value="vm://myBroker?create=true&waitForStart=10000" />
<property name="userName" value="shadow"/>
<property name="password" value="broker"/>
</bean>
<bean id="pooledConnectionFactory"
class="org.apache.activemq.pool.PooledConnectionFactory" init-method="start" destroy-method="stop">
<property name="maxConnections" value="8" />
<property name="connectionFactory" ref="jmsConnectionFactory" />
</bean>
<bean id="jmsConfig"
class="org.apache.camel.component.jms.JmsConfiguration">
<property name="connectionFactory" ref="pooledConnectionFactory"/>
<property name="concurrentConsumers" value="10"/>
</bean>
<bean id="activemq"
class="org.apache.activemq.camel.component.ActiveMQComponent">
<property name="configuration" ref="jmsConfig"/>
</bean>
<camelContext xmlns="http://camel.apache.org/schema/blueprint">
<route id="tracing_route">
<from uri="jetty:http://localhost:9696/trace"/>
<inOnly uri="activemq:queue:ip_capture"/>
</route>
<route id="ip_capture">
<from uri="activemq:queue:ip_capture?concurrentConsumers=1&maxConcurrentConsumers=64&maxMessagesPerTask=100"/>
<bean ref="record_ip"/>
<log message="Finished!" loggingLevel="WARN" />
</route>
</camelContext>
</blueprint>
I don't think it's using the setup at all because I get the following error
Could not refresh JMS Connection for destination 'ip_capture' - retrying in 5000 ms. Cause: Error while attempting to add new Connection to the pool; nested exception is javax.jms.JMSException: Could not create Transport. Reason: java.io.IOException: Broker named 'amq-broker' does not exist.
And amq-broker is the default broker.
I'm pouring through everything I can find but something important is missing
http://camel.apache.org/activemq.html
http://activemq.apache.org/networks-of-brokers.html
http://activemq.apache.org/how-do-i-embed-a-broker-inside-a-connection.html
http://activemq.apache.org/xml-configuration.html
I can't use xmlns:amq="http://activemq.apache.org/schema/core" (ServiceMix can't resolve it)
I am using
ServiceMix 7.0.0
apache-camel/camel-blueprint 2.16.4
activemq-client/camel/blueprint 5.14.3
So long story sort, How do I properly configure ActiveMQ for my blueprint to be completely isolated from anything else?
I ended up not really needing to do this, because for all intents and purposes, the broker is independent, and setting up a new one doesn't change anything.
When calling a SOAP service I am getting response 302 when the XML message size is large but works when the message size is small.
Though when I post the same message on a SoapUI I am getting a correct response for both small and large messages.
Is there a limit to message length in camel cxf, if yes?
How can I change the limit?
Camel 2.10
JBoss Fuse 6.0.0
This the extract of my cxfEndpoint
<cxf:cxfEndpoint id="remindaWsEndpoint" address="https://example.service.abc.com/BasicService"
serviceName="s:ABCService"
endpointName="s:ABCHttpBinding_ABCService"
wsdlURL="/META-INF/wsdl/ABCService.wsdl"
xmlns:s="http://www.example.com">
<cxf:outInterceptors>
<ref bean="loggingOutInterceptor" />
</cxf:outInterceptors>
<cxf:inInterceptors>
<ref bean="loggingInInterceptor"/>
</cxf:inInterceptors>
<cxf:properties>
<entry key="dataFormat" value="PAYLOAD" />
<entry key="allowStreaming" value="true" />
<entry key="defaultOperationName" value="ABCOperations"/>
<entry key="defaultOperationNamespace" value="http://www.example.com"/>
</cxf:properties>
</cxf:cxfEndpoint>
HTTP 302 is not an error. It means the server is trying to redirect you to another url. Ensure your route configuration can handle that.
https://en.wikipedia.org/wiki/HTTP_302
i try to use Activiti in KARAF OSGI with camel.
I copied some parts out of the service mix configuration.
<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:camel="http://camel.apache.org/schema/blueprint"
xsi:schemaLocation="
http://www.osgi.org/xmlns/blueprint/v1.0.0 http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd
http://camel.apache.org/schema/blueprint http://camel.apache.org/schema/blueprint/camel-blueprint.xsd"
xmlns:jpa="http://aries.apache.org/xmlns/jpa/v1.0.0"
xmlns:tx="http://aries.apache.org/xmlns/transactions/v1.0.0"
xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0">
<ext:property-placeholder />
<!--
Setting up the process engine configuration, using an embedded H2 database together with our default Aries
transaction manager.
-->
<bean id="dataSource" class="org.h2.jdbcx.JdbcDataSource">
<property name="URL" value="jdbc:h2:~/activiti"/>
<property name="user" value="sa"/>
<property name="password" value=""/>
</bean>
<reference id="transactionManager" interface="javax.transaction.TransactionManager"/>
<bean id="configuration" class="org.activiti.engine.impl.cfg.JtaProcessEngineConfiguration" ext:field-injection="true">
<property name="databaseType" value="h2"/>
<property name="dataSource" ref="dataSource"/>
<property name="transactionManager" ref="transactionManager"/>
<property name="databaseSchemaUpdate" value="true"/>
<property name="transactionsExternallyManaged" value="true" />
<property name="defaultCamelContext" value="defaultContext"/>
</bean>
<!--
Set up the custom resolver implementation to ease integration with Camel routes
-->
<bean id="resolver" class="de.myproject.CamelAwareELResolver"/>
<reference-list availability="optional" interface="org.activiti.camel.ContextProvider">
<reference-listener ref="resolver" bind-method="addContextProvider" unbind-method="removeContextProvider" />
</reference-list>
<reference-list availability="optional" interface="org.activiti.engine.delegate.JavaDelegate">
<reference-listener ref="resolver" bind-method="bindService" unbind-method="unbindService" />
</reference-list>
<!--
Set up the Activiti process engine itself
-->
<bean id="processEngineFactory" class="org.activiti.osgi.blueprint.ProcessEngineFactoryWithELResolver" init-method="init" destroy-method="destroy">
<property name="processEngineConfiguration" ref="configuration"/>
<property name="bundle" ref="blueprintBundle"/>
<property name="blueprintELResolver" ref="resolver" />
</bean>
<bean id="processEngine" factory-ref="processEngineFactory" factory-method="getObject"/>
<bean id="runtimeService" factory-ref="processEngine" factory-method="getRuntimeService" />
<!--
Register the ProcessEngine and RuntimeService as OSGi services to allow other bundles to use them
-->
<service ref="processEngine" interface="org.activiti.engine.ProcessEngine"/>
<service ref="runtimeService" interface="org.activiti.engine.RuntimeService"/>
<bean id="routeBuilder" class="de.myproject.bpmn.BpmnRestRouteBuilder"/>
<camelContext id="clientContext" trace="false" xmlns="http://camel.apache.org/schema/blueprint">
<routeBuilder ref="routeBuilder" />
<route id="entryPointClient">
<from uri="vm:client_queue"/>
<to uri="jobsbpmn://bpmn"/>
</route>
</camelContext>
I can deploy the bundle without problems in the container. When i trigger a workflow with a camel module i get those exception:
2016-11-08 11:56:43,569 | ERROR | m://client_queue | JobsBpmnProducer
| 45 - jobs-logging - 1.0.0 | No Processdefinition found with this
Identifier ActivitiException: Expecting a
SpringProcessEngineConfiguration for the Activiti Camel module.
ClassCastException:
org.activiti.engine.impl.cfg.JtaProcessEngineConfiguration cannot be
cast to org.activiti.spring.SpringProcessEngineConfiguration**
How can i deploy a OSGI conform Processengine using spring to get Camel to work?
This problem might be fixed in the Activity code already.
See https://github.com/Activiti/Activiti/pull/519
Can you try with the newest Activitiy version?
We are invoking a soap service through RabbitMQ using Camel transport JaxWS client as given below (Ref: http://camel.apache.org/better-jms-transport-for-cxf-webservice-using-apache-camel.html , and used camel-cxf-transport version 2.15.2).
Service invoked successfully, but could not add interceptors to the JaxWS client proxy. Tried the following:
<client id="TestService" xmlns="http://cxf.apache.org/jaxws"
xmlns:testsvc="http://mytest.com/services/test/v2"
serviceName="testsvc:Test_v2_0_service" endpointName="testsvc:HttpTestPort"
address="camel://direct:TestService" serviceClass="test.v2.TestSVCV20" >
<outInterceptors>
<ref bean="wss4jOutInterceptor" />
</outInterceptors>
<features>
<logging xmlns="http://cxf.apache.org/core"/>
</features>
</client>
<bean id="wss4jOutInterceptor" class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<constructor-arg>
<map>
<entry key="action" value="testToken" />
<entry key="user" value="dummy" />
<entry key="passwordType" value="PasswordTestTxt" />
<entry key="passwordCallbackClass" value="test.PwdCallbackclass" />
</map>
</constructor-arg>
</bean>
When interceptor tag with bean ref is added it is showing the following error:
org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Cannot locate BeanDefinitionParser for element [ref]
Can anyone please help with a sample on how to correctly add the interceptors in camel transport cxf client?
Thanks.
The problem is resolved. Added namespace declaration for spring elements to solve the issue.
Please see the link for more details :
http://camel.465427.n5.nabble.com/Apache-Camel-CXF-Transport-Adding-interceptors-to-JaxWs-Client-td5770596.html
Thanks.
I am trying to determine the best way to combine message streams from two hornetq broker instances into a single stream for processing, using Apache Camel and Spring. This is essentially the opposite of the Camel reciepient list pattern; but instead of one to many I need many to one. One idea is to implement this functionality with the direct component:
<?xml version="1.0" encoding="UTF-8"/>
<beans xmlns="..."
xmlns="...">
<!-- JMS Connection 1 -->
<bean id="jndiTemplate1" class="org.springframework.jndi.JndiTemplate">
<property name="environment">
<props>
...Connection 1 Specific Information...
</props>
</property>
</bean>
<bean id="jmsTopicConnectionFactory1"
class="org.springframework.jndi.JndiObjectFactoryBean">
<property name="jndiTemplate">
<ref bean="jndiTemplate1"/>
</property>
<property name="jndiName">
<value>java:jms/RemoteConnectionFactory</value>
</property>
</bean>
<bean id="jms1" class="org.apache.camel.component.jms.JmsComponent">
<property name="connectionFactory" ref="jmsTopicConnectionFactory1"/>
</bean>
<!-- JMS Connection 2 -->
<bean id="jndiTemplate2" class="org.springframework.jndi.JndiTemplate">
<property name="environment">
<props>
...Connection 2 Specific Information...
</props>
</property>
</bean>
<bean id="jmsTopicConnectionFactory2"
class="org.springframework.jndi.JndiObjectFactoryBean">
<property name="jndiTemplate">
<ref bean="jndiTemplate2"/>
</property>
<property name="jndiName">
<value>java:jms/RemoteConnectionFactory</value>
</property>
</bean>
<bean id="jms2" class="org.apache.camel.component.jms.JmsComponent">
<property name="connectionFactory" ref="jmsTopicConnectionFactory2"/>
</bean>
<!-- Camel route many to 1 using direct component -->
<camelContext xmlns="http://camel.apache.org/schema/spring">
<route id="hornetQ_broker_1">
<from uri="jms1:topic:testTopic1">
<to uri="direct:process_message">
</route>
<route id="hornetQ_broker_2">
<from uri="jms2:topic:testTopic2">
<to uri="direct:process_message">
</route>
<route id="message_processor">
<from uri="direct:process_message">
<log message="message_processor received message">
</route>
</camelContext>
</beans>
Question: Is the above approach recommended when a many->1 integration pattern is required? If multiple Apache Camel solutions exist, what are the key performance impacts of each approach?
Runtime environment:
HornetQ brokers are JBoss EAP6.
Camel context deployed to FuseSource 4.4.1
Each entity exists on a seperate server/jvm.
Notes:
The hornetQ broker instances cannot be clustered.
The hornetQ broker instances do not contain duplicate data.
I think that your approach is valid for your scenario. However, maybe direct is not the component you need to use for this if you are running in different JVMs.
There are different components for internal queues: Direct, Direct-VM, SEDA, VM, Disruptor... but I believe all of them are if you are running in the JVM (and some of the if you just running in the same CamelContext). For more info: How do the direct, event, seda and vm endpoints compare
If you are going to have different CamelContexts across different JVM will need to use a different component.