CXF/Jetty/Jax WS的SSL侦听器问题-端口配置了错误的“http”协议https://0.0.0.0:9227/v1"
试图修改使用CXF 2.2.10/Jetty 6的现有应用程序
这是运行在Linux,使用Java1.8,我们看到的错误是:
JAVAlang.IllegalStateException:端口9227配置了错误的协议“http”,用于https://0.0.0.0:9227/v1"
这是我们的cxf。xml文件:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:http="http://cxf.apache.org/transports/http/configuration"
xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
xsi:schemaLocation="http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://cxf.apache.org/transports/http-jetty/configuration
http://cxf.apache.org/schemas/configuration/http-jetty.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
<beans:bean name="connectorThreadPool" class="org.eclipse.jetty.util.thread.QueuedThreadPool">
<beans:constructor-arg value="72"/>
</beans:bean>
<beans:bean name="server" class="org.eclipse.jetty.server.Server">
<constructor-arg ref="connectorThreadPool" />
</beans:bean>
<beans:bean name="sslConnectionFactory" class="org.eclipse.jetty.server.SslConnectionFactory" />
<httpj:engine-factory bus="cxf">
<httpj:engine port="9127">
<httpj:threadingParameters minThreads="5" maxThreads="200"/>
<httpj:connector>
<beans:bean class="org.eclipse.jetty.server.ServerConnector">
<constructor-arg ref="server" />
<beans:property name="port" value="9127"/>
</beans:bean>
</httpj:connector>
</httpj:engine>
</httpj:engine-factory>
<httpj:engine-factory bus="cxf">
<httpj:identifiedTLSServerParameters id="secure">
<httpj:tlsServerParameters secureSocketProtocol="TLSv1">
<sec:keyManagers keyPassword="keyPassword">
<sec:keyStore type="JKS" password="keyPassword" file="keystore-lab.jks"/>
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="JKS" password="password" file="cacerts.jks"/>
</sec:trustManagers>
<sec:cipherSuitesFilter>
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_DES40_.*</sec:include>
<sec:include>.*_WITH_AES_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
</httpj:tlsServerParameters>
</httpj:identifiedTLSServerParameters>
<httpj:engine port="9227">
<httpj:tlsServerParametersRef id="secure" />
<httpj:threadingParameters minThreads="5" maxThreads="200"/>
<httpj:connector>
<beans:bean class="org.eclipse.jetty.server.ServerConnector">
<constructor-arg ref="server" />
<constructor-arg ref="sslConnectionFactory" />
<beans:property name="port" value="9227"/>
</beans:bean>
</httpj:connector>
</httpj:engine>
</httpj:engine-factory>
</beans>
我注意到的一件事是,CXF的SslConnectionFactory调用它的超类构造函数,以“SSL”作为协议,而JettyHTTPServerEngine检查“https”的值作为协议值。我无法想象这个以前没有被发现过,所以我觉得我一定错过了什么。
但当我扩展SslConnectionFactory并修改该构造函数以传递“https”而不是“SSL”作为协议时,它没有抛出这个异常。后来在尝试连接时,它确实抛出了另一个:
java.lang.NullPointerException
at com.mypackage.util.CustomSslConnectionFactory.newConnection(CustomSslConnectionFactory.java:108)
at org.eclipse.jetty.server.ServerConnector$ServerConnectorManager.newConnection(ServerConnector.java:550)
at org.eclipse.jetty.io.ManagedSelector.createEndPoint(ManagedSelector.java:263)
at org.eclipse.jetty.io.ManagedSelector.access$1900(ManagedSelector.java:61)
at org.eclipse.jetty.io.ManagedSelector$Accept.run(ManagedSelector.java:747)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:698)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:804)
at java.lang.Thread.run(Thread.java:748)
我认为这与“nextProtocol”的价值有关。但由于找不到这个,我觉得我用这个方法走错了路。
我真的只是希望得到这个升级工作与超文本传输协议(这似乎工作正常!)和SSL。
Eddo的帖子让我找到了正确的方向,但我需要的是服务器细节,而不是客户端。
我还能清除很多我不需要的多余垃圾。最终的cxf。基于http://cxf.apache.org/docs/standalone-http-transport.html :
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:http="http://cxf.apache.org/transports/http/configuration"
xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
xsi:schemaLocation="http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://cxf.apache.org/transports/http-jetty/configuration
http://cxf.apache.org/schemas/configuration/http-jetty.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
<http:destination name="{http://WsdlHost}WsdlPort.http-destination">
</http:destination>
<httpj:engine-factory bus="cxf">
<httpj:engine port="9127">
<httpj:threadingParameters minThreads="5" maxThreads="200"/>
<httpj:connector>
<beans:bean class="org.eclipse.jetty.server.ServerConnector">
<constructor-arg ref="server" />
<beans:property name="port" value="9127"/>
</beans:bean>
</httpj:connector>
</httpj:engine>
</httpj:engine-factory>
<httpj:engine-factory bus="cxf">
<httpj:engine port="9227">
<httpj:tlsServerParameters>
<sec:keyManagers keyPassword="keyPassword">
<sec:keyStore type="JKS" password="keyPassword" file="keystore-lab.jks"/>
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="JKS" password="password" file="cacerts.jks"/>
</sec:trustManagers>
<sec:cipherSuitesFilter>
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_DES40_.*</sec:include>
<sec:include>.*_WITH_AES_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
</httpj:tlsServerParameters>
</httpj:engine>
</httpj:engine-factory>
</beans>
共有1个答案
下面是我如何使用https设置它的一个例子,所以您可以将其用作参考,请注意,我使用的是blueprint(不是spring DSL)和JBoss,但我知道这种方法也适用于spring DSL,所以您可以尝试一下。
<?xml version="1.0" encoding="UTF-8" ?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:bp="http://camel.apache.org/schema/blueprint"
xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.1.0"
xmlns:cxf="http://camel.apache.org/schema/blueprint/cxf"
xmlns:http="http://cxf.apache.org/transports/http/configuration"
xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://camel.apache.org/schema/blueprint
http://camel.apache.org/schema/blueprint/camel-blueprint-2.16.4.xsd
http://www.osgi.org/xmlns/blueprint/v1.0.0
https://osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd
http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.1.0
http://aries.apache.org/schemas/blueprint-ext/blueprint-ext-1.1.xsd
http://camel.apache.org/schema/blueprint/cxf
http://camel.apache.org/schema/blueprint/cxf/camel-cxf.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
">
<cxf:cxfEndpoint id="myService"
address="https://localhost:8443/MyWebService/"
wsdlURL="https://localhost:8443/MyWebService?wsdl"
loggingFeatureEnabled="true">
</cxf:cxfEndpoint>
<http:conduit name="*.http-conduit">
<http:tlsClientParameters disableCNCheck="true">
<sec:keyManagers keyPassword="$RF[trustStore.password]">
<sec:keyStore type="JKS" password="yourpassgoeshere"
file="/var/app/security/my-trust.jks" />
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="JKS" password="yourpassgoeshere"
file="/var/app/security/my-trust.jks" />
</sec:trustManagers>
</http:tlsClientParameters>
</http:conduit>
</blueprint>
除此之外,请看一看文档,文档中有很好的解释,以便您可以根据自己的需要对其进行调整。
http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html
-
我们有两个web服务(REST SOAP)在Apache Camel 2.13.0中运行,它基于CXF 2.7.10版,一直使用SSL和基本身份验证,运行得非常好。 由于Camel的版本升级到2.14.0版(内部使用现在的CXF 3.0.1),我们的服务现在停止工作,因为端口x的——但在版本更新期间,配置未被更改。 因此,我创建了一个新的eclipse项目,它将事情简化到最低限度(只是一个简单的S
-
我们有web服务(jaxws),它正在调用另一个web服务(aslo jaxws)。Jaxws客户端配置如下所示-- 正如您所看到的,我们有两个拦截器和一个故障侦听器。我们希望在这些拦截器、故障侦听器和web服务代码之间进行通信。正如SO线程中所述,我们使用cxf交换对象在web服务和拦截器之间进行通信。 我们的inFaultInterceptor代码如下所示-- } Web服务代码如下所示- 但
-
我正在EC2实例上开发apache2环境。为了安全起见,我想更改apache2的ssl端口。我已经确认默认的ssl端口443是通过检查页面与chrome浏览器工作。但修改ports.conf如下,我有一个错误,ERR_SSL_PROTOCOL_ERROR当访问这个服务器像https://xxxxxxx: 18443/ 是否有任何更改ssl端口的设置? 侦听端口 /etc/apache2/ports
-
我在斯波克写过集成测试。已将Spring Boot上下文配置为随机端口。Documantation声称sprig应该为我注入正确配置的实例,但是当我试图通过这些“自动配置的实例”进行调用时,我有下面给出的错误: 下面是我的代码:BaseIntegrationTest 使用WebTestClient类:
-
如何配置Jetty9以使用Gretty侦听多个端口。我只想配置Jetty监听多个端口。我不想要多个实例或多个webapp,只是一个Jetty,一个webapp,但监听2个或更多的端口。 谢谢!
-
我正在向我使用httplib2拥有的REST服务发出HTTPS GET请求,但我们得到了错误: 所有其他客户端都运行良好(浏览器、Java客户端等...),只有一个小例外,PHP curl需要设置为使用SSL v3。 我已经搜索了周围,它似乎确实是一个关于SSL版本的错误,但我似乎找不到一种方法来改变它在http://www. ttplib2.除了改变源代码中的以下行之外,还有什么方法可以解决这个