Securing Web Service communication with SSL using CXF

Posted by reef on Stack Overflow See other posts from Stack Overflow or by reef
Published on 2010-03-05T15:11:21Z Indexed on 2010/03/14 17:45 UTC
Read the original article Hit count: 684

Filed under:
|
|
|
|

Hi all,

I am trying to secure communications via SSL/TLS for one of our Web Service using CXF 2.2.5. I am wondering how to update client and server Spring configuration file to activate this feature. I found some information on CXF's website (CXF Wiki) for the client configuration, here is the given example:

 <http:conduit name="{http://apache.org/hello_world}HelloWorld.http-conduit">
   <http:tlsClientParameters>
      <sec:keyManagers keyPassword="password">
           <sec:keyStore type="JKS" password="password"
                file="src/test/java/org/apache/cxf/systest/http/resources/Morpit.jks"/>
      </sec:keyManagers>
      <sec:trustManagers>
          <sec:keyStore type="JKS" password="password"
               file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
      </sec:trustManagers>
      <sec:cipherSuitesFilter>
        <!-- these filters ensure that a ciphersuite with
          export-suitable or null encryption is used,
          but exclude anonymous Diffie-Hellman key change as
          this is vulnerable to man-in-the-middle attacks -->
        <sec:include>.*_EXPORT_.*</sec:include>
        <sec:include>.*_EXPORT1024_.*</sec:include>
        <sec:include>.*_WITH_DES_.*</sec:include>
        <sec:include>.*_WITH_NULL_.*</sec:include>
        <sec:exclude>.*_DH_anon_.*</sec:exclude>
      </sec:cipherSuitesFilter>
  </http:tlsClientParameters>
  <http:authorization>
     <sec:UserName>Betty</sec:UserName>
     <sec:Password>password</sec:Password>
  </http:authorization>
  <http:client AutoRedirect="true" Connection="Keep-Alive"/>
 </http:conduit>

Concerning this configuration, the

Concerning the server side configuration I am unable to launch the server properly, here is the configuration I have:

<http:destination name="{urn:ihe:iti:xds-b:2007}DocumentRepository_Port_Soap12.http-destination">
    </http:destination>

    <httpj:engine-factory>
            <httpj:engine port="9043">
                    <httpj:tlsServerParameters>
                            <sec:keyManagers keyPassword="changeit">
                                    <sec:keyStore type="JKS" password="changeit" file="security/keystore.jks" />
                            </sec:keyManagers>
                            <sec:trustManagers>
                                    <sec:keyStore type="JKS" password="changeit" file="security/cacerts.jks" />
                            </sec:trustManagers>
                            <sec:cipherSuitesFilter>
                                    <!--
                                            these filters ensure that a ciphersuite with export-suitable or null encryption is used, but exclude
                                            anonymous Diffie-Hellman key change as this is vulnerable to man-in-the-middle attacks
                                    -->
                                    <sec:include>.*_EXPORT_.*</sec:include>
                                    <sec:include>.*_EXPORT1024_.*</sec:include>
                                    <sec:include>.*_WITH_DES_.*</sec:include>
                                    <sec:include>.*_WITH_NULL_.*</sec:include>
                                    <sec:exclude>.*_DH_anon_.*</sec:exclude>
                            </sec:cipherSuitesFilter>
                            <sec:clientAuthentication want="true" required="true" />
                    </httpj:tlsServerParameters>
            </httpj:engine>
    </httpj:engine-factory>

But when I run my application server (JOnas) with this configuration I have the following error message:

Line 20 in XML document from ServletContext resource [/WEB-INF/beans.xml] is invalid; nested exception is org.xml.sax.SAXParseException: cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'httpj:engine-factory'.

Do you guys know how to solve this issue?

Thanks in advance,

© Stack Overflow or respective owner

Related posts about cxf

Related posts about ssl