1. 首頁
  2. 問答
  3. 無法爲Apache CXF和JAX-RS配置SSL

無法爲Apache CXF和JAX-RS配置SSL

2011-04-29 67 views
4

我無法正確獲取CXF REST客戶端與我的CXF服務器通信的配置。我得到了可怕的javax.net.ssl.SSLHandshakeException:收到致命警報:handshake_failure。奇怪的是,這個配置在我們使用CXF for SOAP的時候起作用。任何提示都表示讚賞。無法爲Apache CXF和JAX-RS配置SSL

這裏是服務器端配置:

<httpj:engine-factory bus="cxf"> 
<httpj:engine port="443"> 
<httpj:tlsServerParameters> 
    <sec:keyManagers keyPassword="password"> 
     <sec:keyStore type="JKS" password="password" file="cxf.jks"/> 
    </sec:keyManagers> 
    <sec:trustManagers> 
     <sec:keyStore type="JKS" password="password" file="cxf.jks"/> 
    </sec:trustManagers> 
    <sec:cipherSuitesFilter> 
     <sec:include>.*_EXPORT_.*</sec:include> 
     <sec:include>.*_EXPORT1024_.*</sec:include> 
     <sec:include>.*_WITH_DES_.*</sec:include> 
     <sec:include>.*_WITH_NULL_.*</sec:include> 
     <sec:exclude>.*_DH_anon_.*</sec:exclude> 
    </sec:cipherSuitesFilter> 
</httpj:tlsServerParameters> 
<httpj:sessionSupport>true</httpj:sessionSupport> 
</httpj:engine> 
</httpj:engine-factory> 


<jaxrs:server id="restContainer" bus="cxf" address="/" > 
<jaxrs:serviceBeans> 
    <ref bean="policyService"/> 
</jaxrs:serviceBeans> 
</jaxrs:server>

這裏是客戶端配置:

<http:conduit name="*.http-conduit"> 
    <http:tlsClientParameters> 
     <sec:keyManagers 
      keyPassword="password"> 
      <sec:keyStore type="JKS" 
       password="password" 
       file="cxf.jks" /> 
     </sec:keyManagers> 
     <sec:trustManagers> 
      <sec:keyStore type="JKS" 
       password="password" 
       file="cxf.jks" /> 
     </sec:trustManagers> 
     <sec:cipherSuitesFilter> 
      <sec:include>.*_EXPORT_.*</sec:include> 
      <sec:include>.*_EXPORT1024_.*</sec:include> 
      <sec:include>.*_WITH_DES_.*</sec:include> 
      <sec:include>.*_WITH_NULL_.*</sec:include> 
      <sec:exclude>.*_DH_anon_.*</sec:exclude> 
     </sec:cipherSuitesFilter> 
    </http:tlsClientParameters> 
    <http:client AutoRedirect="true" ReceiveTimeout="0" Connection="Keep-Alive" /> 
</http:conduit>

這是我使用的客戶端的味道:

MyRestApi api = JAXRSClientFactory.create(myRestUri, MyRestApi.class);

這一切都工作正常,它只是SSL這是一個問題。

來源

2011-04-29 Julian S

+1

獲得類似的問題。 ..在java命令行中使用javax.net.debug = all似乎告訴我們cxf找不到truststore/keystore。 – Thirlan 2012-01-30 14:57:34

+0

我發現您需要將服務器證書導入您的客戶端機器。在linux或OS X上: keytool -import -trustcacerts -alias -file -keystore /lib/security/cacerts -storepass changeit -noprompt -v – 2013-10-10 17:00:40

回答

1

,以確保你有,你可以硬編碼設置是否正確(溫度)是這樣的:

System.setProperty("javax.net.ssl.keyStore", "/usr/lib/jvm/java-7-oracle/jre/lib/security/cacerts"); 
    System.setProperty("javax.net.ssl.keyStorePassword", "changeit"); 
    System.setProperty("javax.net.ssl.trustStore", "/usr/lib/jvm/java-7-oracle/jre/lib/security/cacerts"); 
    System.setProperty("javax.net.ssl.trustStorePassword", "changeit"); 
    System.setProperty("javax.net.debug", "all");

然後與輸出檢查可以調試更多...

來源

2014-02-03 12:47:04 tibi

+0

感謝您的提示! – 2014-02-05 16:58:01

相關問題

 相關問題