当前位置: 首页 > 知识库问答 >
问题:

CXF/Jetty/Jax WS的SSL侦听器问题-端口配置了错误的“http”协议https://0.0.0.0:9227/v1"

白越
2023-03-14

试图修改使用CXF 2.2.10/Jetty 6的现有应用程序

这是运行在Linux,使用Java1.8,我们看到的错误是:

JAVAlang.IllegalStateException:端口9227配置了错误的协议“http”,用于https://0.0.0.0:9227/v1"

这是我们的cxf。xml文件:

<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:sec="http://cxf.apache.org/configuration/security"
       xmlns:http="http://cxf.apache.org/transports/http/configuration"
       xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
       xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
       xsi:schemaLocation="http://cxf.apache.org/configuration/security
                      http://cxf.apache.org/schemas/configuration/security.xsd
            http://cxf.apache.org/transports/http/configuration
            http://cxf.apache.org/schemas/configuration/http-conf.xsd
            http://cxf.apache.org/transports/http-jetty/configuration
            http://cxf.apache.org/schemas/configuration/http-jetty.xsd
            http://www.springframework.org/schema/beans
            http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">

    <beans:bean name="connectorThreadPool" class="org.eclipse.jetty.util.thread.QueuedThreadPool">
        <beans:constructor-arg value="72"/>
    </beans:bean>

    <beans:bean name="server" class="org.eclipse.jetty.server.Server">
        <constructor-arg ref="connectorThreadPool" />
    </beans:bean>

    <beans:bean name="sslConnectionFactory" class="org.eclipse.jetty.server.SslConnectionFactory" />

    <httpj:engine-factory bus="cxf">
        <httpj:engine port="9127">
            <httpj:threadingParameters minThreads="5" maxThreads="200"/>
            <httpj:connector>
                <beans:bean class="org.eclipse.jetty.server.ServerConnector">
                    <constructor-arg ref="server" />
                    <beans:property name="port" value="9127"/>
                </beans:bean>
            </httpj:connector>
        </httpj:engine>
    </httpj:engine-factory>

    <httpj:engine-factory bus="cxf">
        <httpj:identifiedTLSServerParameters id="secure">
            <httpj:tlsServerParameters secureSocketProtocol="TLSv1">
                <sec:keyManagers keyPassword="keyPassword">
                    <sec:keyStore type="JKS" password="keyPassword" file="keystore-lab.jks"/>
                </sec:keyManagers>
                <sec:trustManagers>
                    <sec:keyStore type="JKS" password="password" file="cacerts.jks"/>
                </sec:trustManagers>
                <sec:cipherSuitesFilter>
                    <sec:include>.*_EXPORT_.*</sec:include>
                    <sec:include>.*_EXPORT1024_.*</sec:include>
                    <sec:include>.*_WITH_DES_.*</sec:include>
                    <sec:include>.*_WITH_DES40_.*</sec:include>
                    <sec:include>.*_WITH_AES_.*</sec:include>
                    <sec:exclude>.*_DH_anon_.*</sec:exclude>
                </sec:cipherSuitesFilter>
            </httpj:tlsServerParameters>
        </httpj:identifiedTLSServerParameters>
        <httpj:engine port="9227">
            <httpj:tlsServerParametersRef id="secure" />
            <httpj:threadingParameters minThreads="5" maxThreads="200"/>
            <httpj:connector>
                <beans:bean class="org.eclipse.jetty.server.ServerConnector">
                    <constructor-arg ref="server" />
                    <constructor-arg ref="sslConnectionFactory" />
                    <beans:property name="port" value="9227"/>
                </beans:bean>
            </httpj:connector>
        </httpj:engine>
    </httpj:engine-factory>
</beans>

我注意到的一件事是,CXF的SslConnectionFactory调用它的超类构造函数,以“SSL”作为协议,而JettyHTTPServerEngine检查“https”的值作为协议值。我无法想象这个以前没有被发现过,所以我觉得我一定错过了什么。

但当我扩展SslConnectionFactory并修改该构造函数以传递“https”而不是“SSL”作为协议时,它没有抛出这个异常。后来在尝试连接时,它确实抛出了另一个:

java.lang.NullPointerException
        at com.mypackage.util.CustomSslConnectionFactory.newConnection(CustomSslConnectionFactory.java:108)
        at org.eclipse.jetty.server.ServerConnector$ServerConnectorManager.newConnection(ServerConnector.java:550)
        at org.eclipse.jetty.io.ManagedSelector.createEndPoint(ManagedSelector.java:263)
        at org.eclipse.jetty.io.ManagedSelector.access$1900(ManagedSelector.java:61)
        at org.eclipse.jetty.io.ManagedSelector$Accept.run(ManagedSelector.java:747)
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:698)
        at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:804)
        at java.lang.Thread.run(Thread.java:748)

我认为这与“nextProtocol”的价值有关。但由于找不到这个,我觉得我用这个方法走错了路。

我真的只是希望得到这个升级工作与超文本传输协议(这似乎工作正常!)和SSL。

Eddo的帖子让我找到了正确的方向,但我需要的是服务器细节,而不是客户端

我还能清除很多我不需要的多余垃圾。最终的cxf。基于http://cxf.apache.org/docs/standalone-http-transport.html :

<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:sec="http://cxf.apache.org/configuration/security"
       xmlns:http="http://cxf.apache.org/transports/http/configuration"
       xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
       xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
       xsi:schemaLocation="http://cxf.apache.org/configuration/security
                      http://cxf.apache.org/schemas/configuration/security.xsd
            http://cxf.apache.org/transports/http/configuration
            http://cxf.apache.org/schemas/configuration/http-conf.xsd
            http://cxf.apache.org/transports/http-jetty/configuration
            http://cxf.apache.org/schemas/configuration/http-jetty.xsd
            http://www.springframework.org/schema/beans
            http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">

    <http:destination name="{http://WsdlHost}WsdlPort.http-destination">
    </http:destination>

    <httpj:engine-factory bus="cxf">
        <httpj:engine port="9127">
            <httpj:threadingParameters minThreads="5" maxThreads="200"/>
            <httpj:connector>
                <beans:bean class="org.eclipse.jetty.server.ServerConnector">
                    <constructor-arg ref="server" />
                    <beans:property name="port" value="9127"/>
                </beans:bean>
            </httpj:connector>
        </httpj:engine>
    </httpj:engine-factory>

    <httpj:engine-factory bus="cxf">
        <httpj:engine port="9227">
            <httpj:tlsServerParameters>
                <sec:keyManagers keyPassword="keyPassword">
                    <sec:keyStore type="JKS" password="keyPassword" file="keystore-lab.jks"/>
                </sec:keyManagers>
                <sec:trustManagers>
                    <sec:keyStore type="JKS" password="password" file="cacerts.jks"/>
                </sec:trustManagers>
                <sec:cipherSuitesFilter>
                    <sec:include>.*_EXPORT_.*</sec:include>
                    <sec:include>.*_EXPORT1024_.*</sec:include>
                    <sec:include>.*_WITH_DES_.*</sec:include>
                    <sec:include>.*_WITH_DES40_.*</sec:include>
                    <sec:include>.*_WITH_AES_.*</sec:include>
                    <sec:exclude>.*_DH_anon_.*</sec:exclude>
                </sec:cipherSuitesFilter>
            </httpj:tlsServerParameters>
        </httpj:engine>
    </httpj:engine-factory>
</beans>

共有1个答案

沈伟
2023-03-14

下面是我如何使用https设置它的一个例子,所以您可以将其用作参考,请注意,我使用的是blueprint(不是spring DSL)和JBoss,但我知道这种方法也适用于spring DSL,所以您可以尝试一下。

<?xml version="1.0" encoding="UTF-8" ?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
    xmlns:bp="http://camel.apache.org/schema/blueprint"
    xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.1.0"
    xmlns:cxf="http://camel.apache.org/schema/blueprint/cxf" 
    xmlns:http="http://cxf.apache.org/transports/http/configuration"
    xmlns:sec="http://cxf.apache.org/configuration/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="
      http://camel.apache.org/schema/blueprint
         http://camel.apache.org/schema/blueprint/camel-blueprint-2.16.4.xsd
      http://www.osgi.org/xmlns/blueprint/v1.0.0
         https://osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd
      http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.1.0
         http://aries.apache.org/schemas/blueprint-ext/blueprint-ext-1.1.xsd
      http://camel.apache.org/schema/blueprint/cxf
         http://camel.apache.org/schema/blueprint/cxf/camel-cxf.xsd
      http://cxf.apache.org/transports/http/configuration 
         http://cxf.apache.org/schemas/configuration/http-conf.xsd
      http://cxf.apache.org/configuration/security 
         http://cxf.apache.org/schemas/configuration/security.xsd
      ">

    <cxf:cxfEndpoint id="myService"
        address="https://localhost:8443/MyWebService/"
        wsdlURL="https://localhost:8443/MyWebService?wsdl"
        loggingFeatureEnabled="true">
    </cxf:cxfEndpoint>

    <http:conduit name="*.http-conduit">
        <http:tlsClientParameters disableCNCheck="true">
            <sec:keyManagers keyPassword="$RF[trustStore.password]">
                <sec:keyStore type="JKS" password="yourpassgoeshere"
                    file="/var/app/security/my-trust.jks" />
            </sec:keyManagers>
            <sec:trustManagers>
                <sec:keyStore type="JKS" password="yourpassgoeshere"
                    file="/var/app/security/my-trust.jks" />
            </sec:trustManagers>
        </http:tlsClientParameters>
    </http:conduit>

</blueprint>

除此之外,请看一看文档,文档中有很好的解释,以便您可以根据自己的需要对其进行调整。

http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html

 类似资料:
  • 我们有两个web服务(REST SOAP)在Apache Camel 2.13.0中运行,它基于CXF 2.7.10版,一直使用SSL和基本身份验证,运行得非常好。 由于Camel的版本升级到2.14.0版(内部使用现在的CXF 3.0.1),我们的服务现在停止工作,因为端口x的——但在版本更新期间,配置未被更改。 因此,我创建了一个新的eclipse项目,它将事情简化到最低限度(只是一个简单的S

  • 我们有web服务(jaxws),它正在调用另一个web服务(aslo jaxws)。Jaxws客户端配置如下所示-- 正如您所看到的,我们有两个拦截器和一个故障侦听器。我们希望在这些拦截器、故障侦听器和web服务代码之间进行通信。正如SO线程中所述,我们使用cxf交换对象在web服务和拦截器之间进行通信。 我们的inFaultInterceptor代码如下所示-- } Web服务代码如下所示- 但

  • 我正在EC2实例上开发apache2环境。为了安全起见,我想更改apache2的ssl端口。我已经确认默认的ssl端口443是通过检查页面与chrome浏览器工作。但修改ports.conf如下,我有一个错误,ERR_SSL_PROTOCOL_ERROR当访问这个服务器像https://xxxxxxx: 18443/ 是否有任何更改ssl端口的设置? 侦听端口 /etc/apache2/ports

  • 我在斯波克写过集成测试。已将Spring Boot上下文配置为随机端口。Documantation声称sprig应该为我注入正确配置的实例,但是当我试图通过这些“自动配置的实例”进行调用时,我有下面给出的错误: 下面是我的代码:BaseIntegrationTest 使用WebTestClient类:

  • 如何配置Jetty9以使用Gretty侦听多个端口。我只想配置Jetty监听多个端口。我不想要多个实例或多个webapp,只是一个Jetty,一个webapp,但监听2个或更多的端口。 谢谢!

  • 我正在向我使用httplib2拥有的REST服务发出HTTPS GET请求,但我们得到了错误: 所有其他客户端都运行良好(浏览器、Java客户端等...),只有一个小例外,PHP curl需要设置为使用SSL v3。 我已经搜索了周围,它似乎确实是一个关于SSL版本的错误,但我似乎找不到一种方法来改变它在http://www. ttplib2.除了改变源代码中的以下行之外,还有什么方法可以解决这个