4
我无法正确获取CXF REST客户端与我的CXF服务器通信的配置。我得到了可怕的javax.net.ssl.SSLHandshakeException:收到致命警报:handshake_failure。奇怪的是,这个配置在我们使用CXF for SOAP的时候起作用。任何提示都表示赞赏。无法为Apache CXF和JAX-RS配置SSL
这里是服务器端配置:
<httpj:engine-factory bus="cxf">
<httpj:engine port="443">
<httpj:tlsServerParameters>
<sec:keyManagers keyPassword="password">
<sec:keyStore type="JKS" password="password" file="cxf.jks"/>
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="JKS" password="password" file="cxf.jks"/>
</sec:trustManagers>
<sec:cipherSuitesFilter>
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
</httpj:tlsServerParameters>
<httpj:sessionSupport>true</httpj:sessionSupport>
</httpj:engine>
</httpj:engine-factory>
<jaxrs:server id="restContainer" bus="cxf" address="/" >
<jaxrs:serviceBeans>
<ref bean="policyService"/>
</jaxrs:serviceBeans>
</jaxrs:server>
这里是客户端配置:
<http:conduit name="*.http-conduit">
<http:tlsClientParameters>
<sec:keyManagers
keyPassword="password">
<sec:keyStore type="JKS"
password="password"
file="cxf.jks" />
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="JKS"
password="password"
file="cxf.jks" />
</sec:trustManagers>
<sec:cipherSuitesFilter>
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
</http:tlsClientParameters>
<http:client AutoRedirect="true" ReceiveTimeout="0" Connection="Keep-Alive" />
</http:conduit>
这是我使用的客户端的味道:
MyRestApi api = JAXRSClientFactory.create(myRestUri, MyRestApi.class);
这一切都工作正常,它只是SSL这是一个问题。
获得类似的问题。 ..在java命令行中使用javax.net.debug = all似乎告诉我们cxf找不到truststore/keystore。 – Thirlan 2012-01-30 14:57:34
我发现您需要将服务器证书导入您的客户端机器。在linux或OS X上: keytool -import -trustcacerts -alias -file -keystore /lib/security/cacerts -storepass changeit -noprompt -v –
2013-10-10 17:00:40