我们一直在为多个应用程序使用camel cxf服务端点。它们运行良好。最近,我们需要保护这些服务端点的安全。因此,我们将<httpu:engine-factory>配置添加到camel-context.xml中。
我们还通过设置
将FUSE 7.6服务器配置为具有8183的安全端口
- [FUSE 7.6安装]/etc/org.ops4j.pax.web.cfg文件:
org.osgi.service.http.port=8811
org.osgi-service.http_port.secure=8183
org.ops4j.pasx.web.config.file=${karaf.etc}/bundertow.xml
org.ops4j.pasx.web.session.cookie.httpOnly=false
org.ops4j.pasx.web-session.coogie.secure=true
- [FUSE 7.6 Install]/etc/bundertow.xml已正确配置为指向到正确的密钥库和信任库等
以下是camel-context.xml:
<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:cxf="http://camel.apache.org/schema/blueprint/cxf"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:http="http://cxf.apache.org/transports/http/configuration"
xmlns:httpu="http://cxf.apache.org/transports/http-undertow/configuration"
xsi:schemaLocation="
http://www.osgi.org/xmlns/blueprint/v1.0.0
https://osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd
http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://cxf.apache.org/transports/http-undertow/configuration
http://cxf.apache.org/schemas/configuration/http-undertow.xsd">
<bean class="com.mycom.myapp.CamelRequestProcessor" id="myProcessor"/>
<cxf:cxfEndpoint address="{{MY_HOST}}:8185{{MY_SVC_ADDRESS}}"
bus="auditBus" id="myWebServiceEndpoint"
serviceClass="com.mycom.myapp.MyWebServiceEndpoint" wsdlURL="wsdl/mySvc.wsdl"/>
<httpu:engine-factory bus="cxf">
<httpu:engine port="8185">
<httpu:tlsServerParameters secureSocketProtocol="$(MY_SECURE_SOCKET_PROTOCOL)">
<sec:keyManagers keyPassword="$(MY_KEY_PASSWORD)">
<sec:keyStore file="$(MY_KEYSTORE)" password="$(MY_KEYSTORE_PASSWORD)" type="JKS"/>
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore file="$(MY_TRUSTSTORE)" password="$(MY_TRUSTSTORE_PASSWORD)" type="JKS"/>
</sec:trustManagers>
<sec:clientAuthentication required="true" want="true"/>
</httpu:tlsServerParameters>
</httpu:engine>
</httpu:engine-factory>
<camelContext id="_myCamelContext" useBlueprintPropertyResolver="true" errorHandlerRef="myErrorHandler">
<route id="_firstRuote">
<from id="_from" uri="cxf:bean:myWebServiceEndpoint"/>
<bean id="_processor" method="process" ref="myProcessor"/>
<to id="_to4" uri="direct:otherEndpoints"/>
</route>
</camelContext>
</blueprint>
在我们添加了<httpu:engine-factory/>部分之后,代码被构建并部署到FUSE 7.6中。一切顺利。日志中没有错误,捆绑包启动正常。当我在https://myhost:8183/cxf,服务显示在浏览器中
Endpoint address: https://my host:8185/cxf/MyWebServiceEndpoint/<br>
WSDL : {namespace}MyWebServiceEndpoint <--This is a link-->
然而,当我单击WSDL链接时,它会旋转几秒钟,然后显示";无法连接">。它应该显示WSDL文件。浏览器地址栏确实指向正确的URL
https://myhost:8185/cxf/MyWebServiceEndpoint/?wsdl
非常感谢您的帮助。
您的camel cxf端点具有<sec:clientAuthentication required=";真";want=";真"/>这意味着您的客户端(在本例中是加载wsdl的浏览器(也需要提供私钥(密钥库(。
您是否将用于camel cxf端点的信任库/密钥库导入到浏览器中?
问题已解决。understream配置必须指定主机如下,这使得端口可以访问:<httpu:引擎主机=";0.0.0.0";port=";8185">