CXF/Jetty/Jax-WS 的 SSL 侦听器问题 - 端口为 "https://0.0.0.0:9227/v1" 配置了错误的协议 "http"
Issue with SSL listener for CXF/Jetty/Jax-WS - Port is configured with wrong protocol "http" for "https://0.0.0.0:9227/v1"
尝试将使用 CXF 2.2.10/Jetty 6 和 8 的现有应用程序修改为 CXF 3.3.2/Jetty 9,我在设置 SSL 侦听器时遇到了问题。不幸的是,我对 CXF 的经验很少,而且我 运行 遇到了问题。
这是 Linux 上的 运行,使用 Java 1.8,我们看到的错误是:
java.lang.IllegalStateException:端口 9227 为“https://0.0.0.0:9227/v1”配置了错误的协议 "http"
这是我们的 cxf.xml 文件:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:http="http://cxf.apache.org/transports/http/configuration"
xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
xsi:schemaLocation="http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://cxf.apache.org/transports/http-jetty/configuration
http://cxf.apache.org/schemas/configuration/http-jetty.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
<beans:bean name="connectorThreadPool" class="org.eclipse.jetty.util.thread.QueuedThreadPool">
<beans:constructor-arg value="72"/>
</beans:bean>
<beans:bean name="server" class="org.eclipse.jetty.server.Server">
<constructor-arg ref="connectorThreadPool" />
</beans:bean>
<beans:bean name="sslConnectionFactory" class="org.eclipse.jetty.server.SslConnectionFactory" />
<httpj:engine-factory bus="cxf">
<httpj:engine port="9127">
<httpj:threadingParameters minThreads="5" maxThreads="200"/>
<httpj:connector>
<beans:bean class="org.eclipse.jetty.server.ServerConnector">
<constructor-arg ref="server" />
<beans:property name="port" value="9127"/>
</beans:bean>
</httpj:connector>
</httpj:engine>
</httpj:engine-factory>
<httpj:engine-factory bus="cxf">
<httpj:identifiedTLSServerParameters id="secure">
<httpj:tlsServerParameters secureSocketProtocol="TLSv1">
<sec:keyManagers keyPassword="keyPassword">
<sec:keyStore type="JKS" password="keyPassword" file="keystore-lab.jks"/>
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="JKS" password="password" file="cacerts.jks"/>
</sec:trustManagers>
<sec:cipherSuitesFilter>
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_DES40_.*</sec:include>
<sec:include>.*_WITH_AES_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
</httpj:tlsServerParameters>
</httpj:identifiedTLSServerParameters>
<httpj:engine port="9227">
<httpj:tlsServerParametersRef id="secure" />
<httpj:threadingParameters minThreads="5" maxThreads="200"/>
<httpj:connector>
<beans:bean class="org.eclipse.jetty.server.ServerConnector">
<constructor-arg ref="server" />
<constructor-arg ref="sslConnectionFactory" />
<beans:property name="port" value="9227"/>
</beans:bean>
</httpj:connector>
</httpj:engine>
</httpj:engine-factory>
</beans>
我注意到的一件事是 CXF 的 SslConnectionFactory 使用 "SSL" 作为协议调用它的超类构造函数,而 JettyHTTPServerEngine 检查 "https" 的值作为协议值。我无法想象以前没有找到这个,所以我觉得我一定是错过了什么。
但是当我扩展 SslConnectionFactory 并修改该构造函数以传递 "https" 而不是 "SSL" 作为协议时,它没有抛出此异常。它确实在稍后尝试连接时抛出了另一个:
java.lang.NullPointerException
at com.mypackage.util.CustomSslConnectionFactory.newConnection(CustomSslConnectionFactory.java:108)
at org.eclipse.jetty.server.ServerConnector$ServerConnectorManager.newConnection(ServerConnector.java:550)
at org.eclipse.jetty.io.ManagedSelector.createEndPoint(ManagedSelector.java:263)
at org.eclipse.jetty.io.ManagedSelector.access00(ManagedSelector.java:61)
at org.eclipse.jetty.io.ManagedSelector$Accept.run(ManagedSelector.java:747)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:698)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:804)
at java.lang.Thread.run(Thread.java:748)
我认为这与 "nextProtocol" 值有关。但是找不到这个,我觉得我用这个方法走错了路。
我真的只是希望让这个升级同时适用于 http(这似乎工作正常!)和 SSL。
更新:
Eddo 的 post 让我走上了正确的方向,但我需要服务器详细信息而不是客户端。
我还能够删除很多我不需要的无关垃圾。最终 cxf.xml 基于 http://cxf.apache.org/docs/standalone-http-transport.html :
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:http="http://cxf.apache.org/transports/http/configuration"
xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
xsi:schemaLocation="http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://cxf.apache.org/transports/http-jetty/configuration
http://cxf.apache.org/schemas/configuration/http-jetty.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
<http:destination name="{http://WsdlHost}WsdlPort.http-destination">
</http:destination>
<httpj:engine-factory bus="cxf">
<httpj:engine port="9127">
<httpj:threadingParameters minThreads="5" maxThreads="200"/>
<httpj:connector>
<beans:bean class="org.eclipse.jetty.server.ServerConnector">
<constructor-arg ref="server" />
<beans:property name="port" value="9127"/>
</beans:bean>
</httpj:connector>
</httpj:engine>
</httpj:engine-factory>
<httpj:engine-factory bus="cxf">
<httpj:engine port="9227">
<httpj:tlsServerParameters>
<sec:keyManagers keyPassword="keyPassword">
<sec:keyStore type="JKS" password="keyPassword" file="keystore-lab.jks"/>
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="JKS" password="password" file="cacerts.jks"/>
</sec:trustManagers>
<sec:cipherSuitesFilter>
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_DES40_.*</sec:include>
<sec:include>.*_WITH_AES_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
</httpj:tlsServerParameters>
</httpj:engine>
</httpj:engine-factory>
</beans>
这是我如何使用 https 进行设置的示例,因此您可以将其用作参考,请注意我使用的是蓝图(不是 spring DSL)以及 JBoss 但我知道这种方法也适用于 spring DSL,因此您可以尝试一下。
<?xml version="1.0" encoding="UTF-8" ?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:bp="http://camel.apache.org/schema/blueprint"
xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.1.0"
xmlns:cxf="http://camel.apache.org/schema/blueprint/cxf"
xmlns:http="http://cxf.apache.org/transports/http/configuration"
xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://camel.apache.org/schema/blueprint
http://camel.apache.org/schema/blueprint/camel-blueprint-2.16.4.xsd
http://www.osgi.org/xmlns/blueprint/v1.0.0
https://osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd
http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.1.0
http://aries.apache.org/schemas/blueprint-ext/blueprint-ext-1.1.xsd
http://camel.apache.org/schema/blueprint/cxf
http://camel.apache.org/schema/blueprint/cxf/camel-cxf.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
">
<cxf:cxfEndpoint id="myService"
address="https://localhost:8443/MyWebService/"
wsdlURL="https://localhost:8443/MyWebService?wsdl"
loggingFeatureEnabled="true">
</cxf:cxfEndpoint>
<http:conduit name="*.http-conduit">
<http:tlsClientParameters disableCNCheck="true">
<sec:keyManagers keyPassword="$RF[trustStore.password]">
<sec:keyStore type="JKS" password="yourpassgoeshere"
file="/var/app/security/my-trust.jks" />
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="JKS" password="yourpassgoeshere"
file="/var/app/security/my-trust.jks" />
</sec:trustManagers>
</http:tlsClientParameters>
</http:conduit>
</blueprint>
除此之外,请查看详细解释的文档,以便您可以根据自己的需要进行调整。
http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html
尝试将使用 CXF 2.2.10/Jetty 6 和 8 的现有应用程序修改为 CXF 3.3.2/Jetty 9,我在设置 SSL 侦听器时遇到了问题。不幸的是,我对 CXF 的经验很少,而且我 运行 遇到了问题。
这是 Linux 上的 运行,使用 Java 1.8,我们看到的错误是:
java.lang.IllegalStateException:端口 9227 为“https://0.0.0.0:9227/v1”配置了错误的协议 "http"
这是我们的 cxf.xml 文件:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:http="http://cxf.apache.org/transports/http/configuration"
xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
xsi:schemaLocation="http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://cxf.apache.org/transports/http-jetty/configuration
http://cxf.apache.org/schemas/configuration/http-jetty.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
<beans:bean name="connectorThreadPool" class="org.eclipse.jetty.util.thread.QueuedThreadPool">
<beans:constructor-arg value="72"/>
</beans:bean>
<beans:bean name="server" class="org.eclipse.jetty.server.Server">
<constructor-arg ref="connectorThreadPool" />
</beans:bean>
<beans:bean name="sslConnectionFactory" class="org.eclipse.jetty.server.SslConnectionFactory" />
<httpj:engine-factory bus="cxf">
<httpj:engine port="9127">
<httpj:threadingParameters minThreads="5" maxThreads="200"/>
<httpj:connector>
<beans:bean class="org.eclipse.jetty.server.ServerConnector">
<constructor-arg ref="server" />
<beans:property name="port" value="9127"/>
</beans:bean>
</httpj:connector>
</httpj:engine>
</httpj:engine-factory>
<httpj:engine-factory bus="cxf">
<httpj:identifiedTLSServerParameters id="secure">
<httpj:tlsServerParameters secureSocketProtocol="TLSv1">
<sec:keyManagers keyPassword="keyPassword">
<sec:keyStore type="JKS" password="keyPassword" file="keystore-lab.jks"/>
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="JKS" password="password" file="cacerts.jks"/>
</sec:trustManagers>
<sec:cipherSuitesFilter>
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_DES40_.*</sec:include>
<sec:include>.*_WITH_AES_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
</httpj:tlsServerParameters>
</httpj:identifiedTLSServerParameters>
<httpj:engine port="9227">
<httpj:tlsServerParametersRef id="secure" />
<httpj:threadingParameters minThreads="5" maxThreads="200"/>
<httpj:connector>
<beans:bean class="org.eclipse.jetty.server.ServerConnector">
<constructor-arg ref="server" />
<constructor-arg ref="sslConnectionFactory" />
<beans:property name="port" value="9227"/>
</beans:bean>
</httpj:connector>
</httpj:engine>
</httpj:engine-factory>
</beans>
我注意到的一件事是 CXF 的 SslConnectionFactory 使用 "SSL" 作为协议调用它的超类构造函数,而 JettyHTTPServerEngine 检查 "https" 的值作为协议值。我无法想象以前没有找到这个,所以我觉得我一定是错过了什么。
但是当我扩展 SslConnectionFactory 并修改该构造函数以传递 "https" 而不是 "SSL" 作为协议时,它没有抛出此异常。它确实在稍后尝试连接时抛出了另一个:
java.lang.NullPointerException
at com.mypackage.util.CustomSslConnectionFactory.newConnection(CustomSslConnectionFactory.java:108)
at org.eclipse.jetty.server.ServerConnector$ServerConnectorManager.newConnection(ServerConnector.java:550)
at org.eclipse.jetty.io.ManagedSelector.createEndPoint(ManagedSelector.java:263)
at org.eclipse.jetty.io.ManagedSelector.access00(ManagedSelector.java:61)
at org.eclipse.jetty.io.ManagedSelector$Accept.run(ManagedSelector.java:747)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:698)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:804)
at java.lang.Thread.run(Thread.java:748)
我认为这与 "nextProtocol" 值有关。但是找不到这个,我觉得我用这个方法走错了路。
我真的只是希望让这个升级同时适用于 http(这似乎工作正常!)和 SSL。
更新:
Eddo 的 post 让我走上了正确的方向,但我需要服务器详细信息而不是客户端。
我还能够删除很多我不需要的无关垃圾。最终 cxf.xml 基于 http://cxf.apache.org/docs/standalone-http-transport.html :
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:http="http://cxf.apache.org/transports/http/configuration"
xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
xsi:schemaLocation="http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://cxf.apache.org/transports/http-jetty/configuration
http://cxf.apache.org/schemas/configuration/http-jetty.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
<http:destination name="{http://WsdlHost}WsdlPort.http-destination">
</http:destination>
<httpj:engine-factory bus="cxf">
<httpj:engine port="9127">
<httpj:threadingParameters minThreads="5" maxThreads="200"/>
<httpj:connector>
<beans:bean class="org.eclipse.jetty.server.ServerConnector">
<constructor-arg ref="server" />
<beans:property name="port" value="9127"/>
</beans:bean>
</httpj:connector>
</httpj:engine>
</httpj:engine-factory>
<httpj:engine-factory bus="cxf">
<httpj:engine port="9227">
<httpj:tlsServerParameters>
<sec:keyManagers keyPassword="keyPassword">
<sec:keyStore type="JKS" password="keyPassword" file="keystore-lab.jks"/>
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="JKS" password="password" file="cacerts.jks"/>
</sec:trustManagers>
<sec:cipherSuitesFilter>
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_DES40_.*</sec:include>
<sec:include>.*_WITH_AES_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
</httpj:tlsServerParameters>
</httpj:engine>
</httpj:engine-factory>
</beans>
这是我如何使用 https 进行设置的示例,因此您可以将其用作参考,请注意我使用的是蓝图(不是 spring DSL)以及 JBoss 但我知道这种方法也适用于 spring DSL,因此您可以尝试一下。
<?xml version="1.0" encoding="UTF-8" ?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:bp="http://camel.apache.org/schema/blueprint"
xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.1.0"
xmlns:cxf="http://camel.apache.org/schema/blueprint/cxf"
xmlns:http="http://cxf.apache.org/transports/http/configuration"
xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://camel.apache.org/schema/blueprint
http://camel.apache.org/schema/blueprint/camel-blueprint-2.16.4.xsd
http://www.osgi.org/xmlns/blueprint/v1.0.0
https://osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd
http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.1.0
http://aries.apache.org/schemas/blueprint-ext/blueprint-ext-1.1.xsd
http://camel.apache.org/schema/blueprint/cxf
http://camel.apache.org/schema/blueprint/cxf/camel-cxf.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
">
<cxf:cxfEndpoint id="myService"
address="https://localhost:8443/MyWebService/"
wsdlURL="https://localhost:8443/MyWebService?wsdl"
loggingFeatureEnabled="true">
</cxf:cxfEndpoint>
<http:conduit name="*.http-conduit">
<http:tlsClientParameters disableCNCheck="true">
<sec:keyManagers keyPassword="$RF[trustStore.password]">
<sec:keyStore type="JKS" password="yourpassgoeshere"
file="/var/app/security/my-trust.jks" />
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="JKS" password="yourpassgoeshere"
file="/var/app/security/my-trust.jks" />
</sec:trustManagers>
</http:tlsClientParameters>
</http:conduit>
</blueprint>
除此之外,请查看详细解释的文档,以便您可以根据自己的需要进行调整。
http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html