4
我無法正確獲取CXF REST客戶端與我的CXF服務器通信的配置。我得到了可怕的javax.net.ssl.SSLHandshakeException:收到致命警報:handshake_failure。奇怪的是,這個配置在我們使用CXF for SOAP的時候起作用。任何提示都表示讚賞。無法爲Apache CXF和JAX-RS配置SSL
這裏是服務器端配置:
<httpj:engine-factory bus="cxf">
<httpj:engine port="443">
<httpj:tlsServerParameters>
<sec:keyManagers keyPassword="password">
<sec:keyStore type="JKS" password="password" file="cxf.jks"/>
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="JKS" password="password" file="cxf.jks"/>
</sec:trustManagers>
<sec:cipherSuitesFilter>
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
</httpj:tlsServerParameters>
<httpj:sessionSupport>true</httpj:sessionSupport>
</httpj:engine>
</httpj:engine-factory>
<jaxrs:server id="restContainer" bus="cxf" address="/" >
<jaxrs:serviceBeans>
<ref bean="policyService"/>
</jaxrs:serviceBeans>
</jaxrs:server>
這裏是客戶端配置:
<http:conduit name="*.http-conduit">
<http:tlsClientParameters>
<sec:keyManagers
keyPassword="password">
<sec:keyStore type="JKS"
password="password"
file="cxf.jks" />
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="JKS"
password="password"
file="cxf.jks" />
</sec:trustManagers>
<sec:cipherSuitesFilter>
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
</http:tlsClientParameters>
<http:client AutoRedirect="true" ReceiveTimeout="0" Connection="Keep-Alive" />
</http:conduit>
這是我使用的客戶端的味道:
MyRestApi api = JAXRSClientFactory.create(myRestUri, MyRestApi.class);
這一切都工作正常,它只是SSL這是一個問題。
獲得類似的問題。 ..在java命令行中使用javax.net.debug = all似乎告訴我們cxf找不到truststore/keystore。 – Thirlan 2012-01-30 14:57:34
我發現您需要將服務器證書導入您的客戶端機器。在linux或OS X上: keytool -import -trustcacerts -alias -file -keystore /lib/security/cacerts -storepass changeit -noprompt -v –
2013-10-10 17:00:40