无法为 Apache CXF 和 JAX-RS 配置 SSL

【问题标题】:Can't get SSL configured for Apache CXF and JAX-RS无法为 Apache CXF 和 JAX-RS 配置 SSL
【发布时间】:2014-02-03 20:47:04
【问题描述】:

我无法正确配置以使我的 CXF REST 客户端与我的 CXF 服务器通信。我得到了可怕的 javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure。奇怪的是,当我们将 CXF 用于 SOAP 时,此配置有效。任何提示表示赞赏。

这是服务器端配置:

<httpj:engine-factory bus="cxf">
<httpj:engine port="443">
<httpj:tlsServerParameters>
    <sec:keyManagers keyPassword="password">
        <sec:keyStore type="JKS" password="password" file="cxf.jks"/>
    </sec:keyManagers>
    <sec:trustManagers>
        <sec:keyStore type="JKS" password="password" file="cxf.jks"/>
    </sec:trustManagers>
    <sec:cipherSuitesFilter>
        <sec:include>.*_EXPORT_.*</sec:include>
        <sec:include>.*_EXPORT1024_.*</sec:include>
        <sec:include>.*_WITH_DES_.*</sec:include>
        <sec:include>.*_WITH_NULL_.*</sec:include>
        <sec:exclude>.*_DH_anon_.*</sec:exclude>
    </sec:cipherSuitesFilter>
</httpj:tlsServerParameters>
<httpj:sessionSupport>true</httpj:sessionSupport>
</httpj:engine>
</httpj:engine-factory>


<jaxrs:server id="restContainer" bus="cxf" address="/" >
<jaxrs:serviceBeans>
    <ref bean="policyService"/>
</jaxrs:serviceBeans>
</jaxrs:server>

这是客户端配置:

<http:conduit name="*.http-conduit">
    <http:tlsClientParameters>
        <sec:keyManagers
            keyPassword="password">
            <sec:keyStore type="JKS"
                password="password"
                file="cxf.jks" />
        </sec:keyManagers>
        <sec:trustManagers>
            <sec:keyStore type="JKS"
                password="password"
                file="cxf.jks" />
        </sec:trustManagers>
        <sec:cipherSuitesFilter>
            <sec:include>.*_EXPORT_.*</sec:include>
            <sec:include>.*_EXPORT1024_.*</sec:include>
            <sec:include>.*_WITH_DES_.*</sec:include>
            <sec:include>.*_WITH_NULL_.*</sec:include>
            <sec:exclude>.*_DH_anon_.*</sec:exclude>
        </sec:cipherSuitesFilter>
    </http:tlsClientParameters>
    <http:client AutoRedirect="true" ReceiveTimeout="0"  Connection="Keep-Alive" />
</http:conduit>

这是我正在使用的客户端的风格:

MyRestApi api = JAXRSClientFactory.create(myRestUri, MyRestApi.class);

这一切都很好,只是 SSL 有问题。

【问题讨论】:

  • 遇到类似问题...在 java 命令行中使用 javax.net.debug=all 似乎向我们表明 cxf 找不到信任库/密钥库。
  • 我发现您需要将服务器证书导入您的客户端计算机。在 linux 或 OS X 上:keytool -import -trustcacerts -alias -file -keystore /lib/security/cacerts -storepass changeit -noprompt -v

标签: rest cxf jax-rs


【解决方案1】:

为了确保您有正确的设置,您可以像这样对其(温度)进行硬编码:

    System.setProperty("javax.net.ssl.keyStore", "/usr/lib/jvm/java-7-oracle/jre/lib/security/cacerts");
    System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
    System.setProperty("javax.net.ssl.trustStore", "/usr/lib/jvm/java-7-oracle/jre/lib/security/cacerts");
    System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
    System.setProperty("javax.net.debug", "all");

然后通过输出检查,您可以调试更多...

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 2013-12-18
    • 1970-01-01
    • 1970-01-01
    • 2012-06-19
    • 1970-01-01
    • 2014-03-10
    • 1970-01-01
    • 1970-01-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode