I need to create SSL secured Web Service client using CXF Spring configuration
and I wonder how do I tell to CXF to use client certificate from my keystore?
Do i need to create cxf.xml file under WEB-INF ?
If yes what should i include there?
I need just the client side, as the server side is a 3rd party provider im connecting to.
I do have the following dependencies in my pom
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxws</artifactId>
<version>${cxf.version}</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-transports-http</artifactId>
<version>${cxf.version}</version>
</dependency>
Thank you!
I had the same problem and didn't find a spring way to config it. So I do this.
how about http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html#ClientHTTPTransport%28includingSSLsupport%29-ConfiguringSSLSupport
<http:conduit name="{http://apache.org/hello_world}HelloWorld.http-conduit">
<http:tlsClientParameters>
<sec:keyManagers keyPassword="password">
<sec:keyStore type="JKS" password="password"
file="my/file/dir/Morpit.jks"/>
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="JKS" password="password"
file="my/file/dir/Truststore.jks"/>
</sec:trustManagers>
<sec:cipherSuitesFilter>
<!-- these filters ensure that a ciphersuite with export-suitable or null encryption is used, but exclude anonymous Diffie-Hellman key change as
this is vulnerable to man-in-the-middle attacks -->
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_AES_.*</sec:include>
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
</http:tlsClientParameters>
<http:authorization>
<sec:UserName>Betty</sec:UserName>
<sec:Password>password</sec:Password>
</http:authorization>
<http:client AutoRedirect="true" Connection="Keep-Alive"/>
</http:conduit>
Related
I am trying to publish secured SOAP server as a consuming endpoint at JBoss Fuse camel route.
I have the following endpoint and Jetty-security description in my Blueprint configuration:
...
<cxf:cxfEndpoint
xmlns:crm="http://www.bank.com/CRM"
id="crmOutboundService"
address="https://localhost:9001/cxf/CRMOutbound"
serviceName="crm:CRMOutboundRq"
endpointName="crm:ASBOCRMOutPort"
wsdlURL="model/ASBOCRMOut/CRMOutboundRq.wsdl"
serviceClass="com.bank.SAXSourceService">
<cxf:properties>
<entry key="dataFormat" value="PAYLOAD"/>
</cxf:properties>
</cxf:cxfEndpoint>
<httpj:engine-factory bus="cxf">
<httpj:engine port="9001">
<httpj:tlsServerParameters secureSocketProtocol="TLSv1">
<sec:keyManagers keyPassword="password">
<sec:keyStore type="JKS" password="password"
file="/opt/esb/security/keystore.jks"/>
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="JKS" password="password"
file="/opt/esb/security/truststore.jks"/>
</sec:trustManagers>
<sec:cipherSuitesFilter>
<sec:include>.*_WITH_3DES_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:exclude>.*_WITH_NULL_.*</sec:exclude>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
<sec:clientAuthentication want="true" required="true"/>
</httpj:tlsServerParameters>
</httpj:engine>
</httpj:engine-factory>
...
Everything as in manual from here: https://access.redhat.com/documentation/en-us/red_hat_jboss_fuse/6.2/pdf/apache_cxf_security_guide/Red_Hat_JBoss_Fuse-6.2-Apache_CXF_Security_Guide-en-US.pdf
I have (among others) the following dependencies in pom.xml:
<dependency>
<groupId>org.apache.camel</groupId>
<artifactId>camel-blueprint</artifactId>
</dependency>
<dependency>
<groupId>org.apache.camel</groupId>
<artifactId>camel-cxf</artifactId>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-transports-http-jetty</artifactId>
</dependency>
When application bundle is deployed into JBoss Fuse the following exception comes:
org.osgi.service.blueprint.container.ComponentDefinitionException: Unable to load class org.eclipse.jetty.server.Connector from recipe MapRecipe[name='#recipe-11850']"
The questions are: why does such an error take place and what is the right way to establish secured SOAP server in JBoss Fuse?
We have ended up with adding the following directive into Blueprint descriptor:
<bean id="server" class="org.eclipse.jetty.server.Server"/>
The error has gone, and the application is working correctly, but we do not actually understand why, because there are no any references to the new bean. We are trying to figure out, if this directive starts new instance of Jetty server.
I have generated self signed certificate using keytool command. and successfully configured https at jboss fuse level and port assigned to it is 8443. https://localhost:8443/hawtio/login works perfectly fine. In apache cxf i am facing issue. following configuration is done in blueprint xml file.
<cxf:rsServer address="http://0.0.0.0:9192/"
id="serviceOrderEndpoint" serviceClass="pk.com.telenor.so.controller.ServiceOrder"/>
<cxfcore:bus/>
<httpj:engine-factory bus="cxf">
<httpj:engine port="8443">
<httpj:tlsServerParameters secureSocketProtocol="TLSv1">
<sec:keyManagers keyPassword="password">
<sec:keyStore resource="certs/jbossfuse-dev.jks" password="password" type="JKS"/>
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore resource="certs/jbossfuse-dev.jks" password="password" type="JKS"/>
</sec:trustManagers>
<sec:cipherSuitesFilter>
<sec:include>.*_WITH_3DES_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:exclude>.*_WITH_NULL_.*</sec:exclude>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
<sec:clientAuthentication want="true" required="false"/>
</httpj:tlsServerParameters>
</httpj:engine>
</httpj:engine-factory>
I want to run it on https://localhost:9192/
In pom.xml file i have placed the following dependencies:
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-server</artifactId>
<version>9.3.0.M0</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.apache.cxf/cxf-rt-frontend-jaxws -->
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxws</artifactId>
<version>2.5.1</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.apache.cxf/cxf-rt-transports-http -->
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-transports-http</artifactId>
<version>2.2.3</version>
</dependency>
This is the issue that i am facing
Caused by: java.lang.ClassNotFoundException: org.apache.cxf.jaxb.JAXBDataBinding not found by org.apache.cxf.cxf-rt-wsdl
When you said "configured https at jboss fuse level " I believe you mean you configured in the $JBOSS_FUSE/etc/org.ops4j.pax.web.cfg.
Then as your cxf rs endpoint get deployed into the JBoss FUSE container, the best practice is that this endpoint use the servlet transport managed by this container(the HTTP OSGi service implmented by OPS4J PAXWEB with jetty), so your configuration address for the cxf:rsServer should be relative address like address="/myendpoint", then you can access it from
https://localhost:8443/cxf/myendpoint.
Also, as the https already configured at JBoss FUSE level, you don't need
<httpj:engine-factory bus="cxf">
...
</httpj:engine-factory>
stuff.
Freeman
I trying to do migration from S3n to S3a for my Flink application.
I have written my custom rolling sink for writing data into aws S3. Its accepts URL as base path like S3a:///.
Its works for S3n and when i did following changes for S3a, its throws following exception.
Its seems like core-site.xml is not picking up incase of S3a for AWS credential.
its using AWS default loader for loading the credentials.
Please let me know what configuration is missing for this. Right now i am running in eclipse development enviornment,how its works in flink cluster mode?
Exception is:
com.amazonaws.AmazonClientException: Unable to load AWS credentials from any provider in the chain
at com.amazonaws.auth.AWSCredentialsProviderChain.getCredentials(AWSCredentialsProviderChain.java:117)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:3521)
at com.amazonaws.services.s3.AmazonS3Client.headBucket(AmazonS3Client.java:1031)
at com.amazonaws.services.s3.AmazonS3Client.doesBucketExist(AmazonS3Client.java:994)
at org.apache.hadoop.fs.s3a.S3AFileSystem.initialize(S3AFileSystem.java:297)
at org.apache.hadoop.fs.FileSystem.createFileSystem(FileSystem.java:2316)
at org.apache.hadoop.fs.FileSystem.access$200(FileSystem.java:90)
at org.apache.hadoop.fs.FileSystem$Cache.getInternal(FileSystem.java:2350)
at org.apache.hadoop.fs.FileSystem$Cache.get(FileSystem.java:2332)
at org.apache.hadoop.fs.FileSystem.get(FileSystem.java:369)
at org.apache.hadoop.fs.Path.getFileSystem(Path.java:296)
at com.abc.abc.common.sinks.CustomRollingSink.open(CustomRollingSink.java:260)
I am using the flink 1.0.0 version and following dependecies into the project pom file and core-site .xml for AWS credentials.
<property>
<name>fs.s3a.awsAccessKeyId</name>
<value>value..</value>
</property>
<property>
<name>fs.s3a.awsSecretAccessKey</name>
<value>values...</value>
</property>
<property>
<name>fs.s3a.impl</name>
<value>org.apache.hadoop.fs.s3a.S3AFileSystem</value>
</property>
Pom file:
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-aws</artifactId>
<version>2.7.2</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.2.5</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpcore</artifactId>
<version>4.2.5</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.6.3</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
<version>2.6.3</version>
</dependency>
I'm unable to connect to my Solr instance on Tomcat from SolrJ. I've been through the documentation shown at "http://wiki.apache.org/solr/Solrj" , but its pretty outdated - primarily because it has no reference on Solr cores. I'm wondering if somebody could point me to the latest documentation OR advise on how to connect SolrJ with Solr4.0 or ahead - although my instance is running just 1 core for now.
Here's my connection string: "localhost:8080/solr-example/collection1/". Do you know which jars to add along with solrj? Thats where the trouble might be. For examples, the SolrJ wiki references a jar called commons-codec-1.3.jar which is not to be found anywhere, in the solr 4.0 zip file.
Calling Solr from Java with SolrJ
You can specify the Core directly in the URL.
HttpSolrServer server = new HttpSolrServer("http://localhost:8080/solr/my_core");
SolrQuery solrQuery = new SolrQuery();
solrQuery.setQuery(q);
solrQuery.setStart(start);
solrQuery.setRows(rows);
QueryResponse response = server.query(solrQuery);
HttpSolrServer is reusable for more queries.
The communication between the Solr Server and SolrJ happens via HTTP with a custom binary format. Can you Browse the Solr Web Admin at http://localhost:8080/solr? Depending on your installation, you might need to adjust the port (8080 is default on Tomcat, jetty uses 8983).
Also, did you deploy Solr with a generic name or did you include the Version? Than your URL would be http://localhost:8080/solr-4.2.1/my_core
Dependencies
These are the minimum dependencies you need for using SolrJ. Add these to your pom.xml, if you are using maven.
<dependency>
<artifactId>solr-solrj</artifactId>
<groupId>org.apache.solr</groupId>
<version>4.2.0</version>
<type>jar</type>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-simple</artifactId>
<version>1.5.6</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>1.7.2</version>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.1.1</version>
</dependency>
If you are not using maven, you need the following jars:
solr-solrj-4.2.0
zookeeper-3.4.5
commons-io-2.1
httpclient-4.2.3
httpcore-4.2.2
commons-codec-1.6
httpmime-4.2.3
wstx-asl-3.2.3
slf4j-simple-1.5.6
slf4j-api-1.7.2
commons-logging-1.1.1
Just starting out with Flyway and Spring 3.0. So far, all I did was add the Flyway dependency and plugin to my pom.xml. Next, I tried running mvn flyway:status in the command line. However, it complains that it is unable to instantiate the jdbc driver (I'm using postgres).
Does anybody know what might be causing this? I'm using Springsource Tool Suite to develop my app. The postgres driver is located under WEB-INF/lib/postgresql-9.1-902.jdbc4.jar
Any help is greatly appreciated! Thanks!
For the Maven plugin to work you must:
Add this dependency to your project (or just the plugin):
<dependency>
<groupId>postgresql</groupId>
<artifactId>postgresql</artifactId>
<version>9.1-901-1.jdbc4</version>
</dependency>
and configure the plugin like this:
<plugin>
<groupId>com.googlecode.flyway</groupId>
<artifactId>flyway-maven-plugin</artifactId>
<version>1.7</version>
<configuration>
<driver>org.postgresql.Driver</driver>
<url>jdbc:postgresql://...</url>
<user>...</user>
<password>...</password>
</configuration>
</plugin>
You also have to provide the Postgresql jdbc drivers as a maven dependency:
<dependency>
<groupId>postgresql</groupId>
<artifactId>postgresql</artifactId>
<version>9.1-902.jdbc4</version>
</dependency>