1. 首页
  2. 问答
  3. 无法为Apache CXF和JAX-RS配置SSL

无法为Apache CXF和JAX-RS配置SSL

2011-04-29 70 views
4

我无法正确获取CXF REST客户端与我的CXF服务器通信的配置。我得到了可怕的javax.net.ssl.SSLHandshakeException:收到致命警报:handshake_failure。奇怪的是,这个配置在我们使用CXF for SOAP的时候起作用。任何提示都表示赞赏。无法为Apache CXF和JAX-RS配置SSL

这里是服务器端配置:

<httpj:engine-factory bus="cxf"> 
<httpj:engine port="443"> 
<httpj:tlsServerParameters> 
    <sec:keyManagers keyPassword="password"> 
     <sec:keyStore type="JKS" password="password" file="cxf.jks"/> 
    </sec:keyManagers> 
    <sec:trustManagers> 
     <sec:keyStore type="JKS" password="password" file="cxf.jks"/> 
    </sec:trustManagers> 
    <sec:cipherSuitesFilter> 
     <sec:include>.*_EXPORT_.*</sec:include> 
     <sec:include>.*_EXPORT1024_.*</sec:include> 
     <sec:include>.*_WITH_DES_.*</sec:include> 
     <sec:include>.*_WITH_NULL_.*</sec:include> 
     <sec:exclude>.*_DH_anon_.*</sec:exclude> 
    </sec:cipherSuitesFilter> 
</httpj:tlsServerParameters> 
<httpj:sessionSupport>true</httpj:sessionSupport> 
</httpj:engine> 
</httpj:engine-factory> 


<jaxrs:server id="restContainer" bus="cxf" address="/" > 
<jaxrs:serviceBeans> 
    <ref bean="policyService"/> 
</jaxrs:serviceBeans> 
</jaxrs:server>

这里是客户端配置:

<http:conduit name="*.http-conduit"> 
    <http:tlsClientParameters> 
     <sec:keyManagers 
      keyPassword="password"> 
      <sec:keyStore type="JKS" 
       password="password" 
       file="cxf.jks" /> 
     </sec:keyManagers> 
     <sec:trustManagers> 
      <sec:keyStore type="JKS" 
       password="password" 
       file="cxf.jks" /> 
     </sec:trustManagers> 
     <sec:cipherSuitesFilter> 
      <sec:include>.*_EXPORT_.*</sec:include> 
      <sec:include>.*_EXPORT1024_.*</sec:include> 
      <sec:include>.*_WITH_DES_.*</sec:include> 
      <sec:include>.*_WITH_NULL_.*</sec:include> 
      <sec:exclude>.*_DH_anon_.*</sec:exclude> 
     </sec:cipherSuitesFilter> 
    </http:tlsClientParameters> 
    <http:client AutoRedirect="true" ReceiveTimeout="0" Connection="Keep-Alive" /> 
</http:conduit>

这是我使用的客户端的味道:

MyRestApi api = JAXRSClientFactory.create(myRestUri, MyRestApi.class);

这一切都工作正常,它只是SSL这是一个问题。

来源

2011-04-29 Julian S

+1

获得类似的问题。 ..在java命令行中使用javax.net.debug = all似乎告诉我们cxf找不到truststore/keystore。 – Thirlan 2012-01-30 14:57:34

+0

我发现您需要将服务器证书导入您的客户端机器。在linux或OS X上: keytool -import -trustcacerts -alias -file -keystore /lib/security/cacerts -storepass changeit -noprompt -v – 2013-10-10 17:00:40

回答

1

,以确保你有,你可以硬编码设置是否正确(温度)是这样的:

System.setProperty("javax.net.ssl.keyStore", "/usr/lib/jvm/java-7-oracle/jre/lib/security/cacerts"); 
    System.setProperty("javax.net.ssl.keyStorePassword", "changeit"); 
    System.setProperty("javax.net.ssl.trustStore", "/usr/lib/jvm/java-7-oracle/jre/lib/security/cacerts"); 
    System.setProperty("javax.net.ssl.trustStorePassword", "changeit"); 
    System.setProperty("javax.net.debug", "all");

然后与输出检查可以调试更多...

来源

2014-02-03 12:47:04 tibi

+0

感谢您的提示! – 2014-02-05 16:58:01

相关问题

 相关问题