You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Configuring SSL

To configure the standalone HTTP transport to use SSL, you'll need to add an <http:destination> definition to your XML configuration file. See the Configuration guide to learn how to supply your own XML configuration file to CXF. If you are already using Spring, this can be added to your existing beans definitions.

Destinations in CXF are responsible for listening for server side requests.

<beans xmlns="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:sec="http://cxf.apache.org/configuration/security"
  xmlns:http="http://cxf.apache.org/transports/http/configuration"
  xsi:schemaLocation="
http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schema/transports/http.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">

  <http:destination id="{http://apache.org/hello_world_soap_http}GreeterImplPort.http-destination">
    <http:sslServer>
      <sec:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore>
      <sec:KeystoreType>PKCS12</sec:KeystoreType>
      <sec:KeystorePassword>celtixpass</sec:KeystorePassword>
      <sec:KeyPassword>celtixpass</sec:KeyPassword>
      <sec:WantClientAuthentication>true</sec:WantClientAuthentication>
      <sec:RequireClientAuthentication>true</sec:RequireClientAuthentication>
      <sec:TrustStore>src/demo/hw_https/resources/celtixp12.truststore</sec:TrustStore>
      <sec:CiphersuiteFilters>
        <!-- these filters ensure that a ciphersuite with
          export-suitable or null encryption is used,
          but exclude anonymous Diffie-Hellman key change as
          this is vulnerable to man-in-the-middle attacks -->
        <sec:include>.*_EXPORT_.*</sec:include>
        <sec:include>.*_EXPORT1024_.*</sec:include>
        <sec:include>.*_WITH_DES_.*</sec:include>
        <sec:include>.*_WITH_NULL_.*</sec:include>
        <sec:exclude>.*_DH_anon_.*</sec:exclude>
      </sec:CiphersuiteFilters>
    </http:sslServer>
  </http:destination>

</beans>

Add the static content pages into the jetty server

CXF standalone http tansport is based on jetty server, the below code shows how to get the jetty server from the destination and how to add the static content path to the jetty server.

    // get the jetty server form the destination
    EndpointInfo ei = new EndpointInfo();
    ei.setAddress(serviceFactory.getAddress());
    Destination destination = df.getDestination(ei);
    JettyHTTPDestination jettyDestination = (JettyHTTPDestination) destination;
    ServerEngine engine = jettyDestination.getEngine();
    Handler handler = engine.getServant(new URL(serviceFactory.getAddress()));
    org.mortbay.jetty.Server server = handler.getServer();

    // add the resource handler to server the static content 
    Handler serverHandler = server.getHandler();
    ContextHandlerCollection contextHandlerCollection = (ContextHandlerCollection)serverHandler;
    HandlerList handlerList = new HandlerList();
    ResourceHandler resourceHandler = new ResourceHandler();
    handlerList.addHandler(resourceHandler);
    handlerList.addHandler(contextHandlerCollection);

    server.setHandler(handlerList);
    handlerList.start();

    // set the resource handler
    File staticContentFile = new File(staticContentPath);
    URL targetURL = new URL("file://" + staticContentFile.getCanonicalPath());
    FileResource fileResource = new FileResource(targetURL);
    resourceHandler.setBaseResource(fileResource);
  • No labels