如何在FUSE 7.6中保护camel cxf端点(https)?

ctrmrzij  于 2022-11-07  发布在  Apache
关注(0)|答案(2)|浏览(161)

我们一直在为多个应用程序使用camel-cxf服务端点。它们工作得很好。最近我们需要保护这些服务端点。因此,我们正在向camel-context.xml添加<httpu:engine-factory>配置。
我们还配置了FUSE 7.6服务器,使其安全端口为8183,方法是:

  • [FUSE 7.6安装]/etc/org.ops4j.pax.web.cfg档案:

服务器端口= 8181
org.osgi.service.http.port.secure 8183页
配置文件= ${karaf.etc}/undertow.xml
如果您的浏览器没有自动跳转,请点击这里
org.ops4j.pax.web.session.cookie.secure 真的

  • [FUSE 7.6安装]/etc/undertow.xml已正确配置为指向正确的密钥存储库和信任存储库等。

以下是camel-context.xml:

<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
     xmlns:cxf="http://camel.apache.org/schema/blueprint/cxf"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xmlns:sec="http://cxf.apache.org/configuration/security"
     xmlns:http="http://cxf.apache.org/transports/http/configuration"
     xmlns:httpu="http://cxf.apache.org/transports/http-undertow/configuration"
     xsi:schemaLocation="         
     http://www.osgi.org/xmlns/blueprint/v1.0.0             
     https://osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd
     http://cxf.apache.org/configuration/security 
     http://cxf.apache.org/schemas/configuration/security.xsd 
     http://cxf.apache.org/transports/http/configuration 
     http://cxf.apache.org/schemas/configuration/http-conf.xsd 
     http://cxf.apache.org/transports/http-undertow/configuration 
     http://cxf.apache.org/schemas/configuration/http-undertow.xsd">

     <bean class="com.mycom.myapp.CamelRequestProcessor" id="myProcessor"/>
     <cxf:cxfEndpoint address="{{MY_HOST}}:8185{{MY_SVC_ADDRESS}}"
          bus="auditBus" id="myWebServiceEndpoint"
          serviceClass="com.mycom.myapp.MyWebServiceEndpoint" wsdlURL="wsdl/mySvc.wsdl"/>

    <httpu:engine-factory bus="cxf">
        <httpu:engine port="8185">
            <httpu:tlsServerParameters secureSocketProtocol="$(MY_SECURE_SOCKET_PROTOCOL)">
                <sec:keyManagers keyPassword="$(MY_KEY_PASSWORD)">
                    <sec:keyStore file="$(MY_KEYSTORE)" password="$(MY_KEYSTORE_PASSWORD)" type="JKS"/>
                </sec:keyManagers>
                <sec:trustManagers>
                    <sec:keyStore file="$(MY_TRUSTSTORE)" password="$(MY_TRUSTSTORE_PASSWORD)" type="JKS"/>
                </sec:trustManagers>
                <sec:clientAuthentication required="true" want="true"/>
            </httpu:tlsServerParameters>
        </httpu:engine>
    </httpu:engine-factory>

    <camelContext id="_myCamelContext" useBlueprintPropertyResolver="true" errorHandlerRef="myErrorHandler">
          <route id="_firstRuote">
               <from id="_from" uri="cxf:bean:myWebServiceEndpoint"/>
               <bean id="_processor" method="process" ref="myProcessor"/>
               <to id="_to4" uri="direct:otherEndpoints"/>
          </route>  
     </camelContext>
</blueprint>

添加<httpu:engine-factory/>节后,代码构建完成,部署到FUSE 7.6,一切顺利,日志没有错误,bundle启动正常,我在https://myhost:8183/cxf检查服务时,浏览器中显示服务

Endpoint address: https://my host:8185/cxf/MyWebServiceEndpoint/<br>
WSDL : {namespace}MyWebServiceEndpoint   <--This is a link-->

但是,***当我单击WSDL链接时,它会旋转几秒钟,然后显示“无法连接”***。它应该显示WSDL文件。浏览器地址栏确实指向正确的URL
我的Web服务端点
任何帮助都是非常感谢的。

utugiqy6

utugiqy61#

您的camel-cxf端点具有<sec:clientAuthentication required="true" want="true"/>这意味着您的客户端(在本例中是加载wsdl的浏览器)也需要提供私钥(密钥库)。
您是否将用于camel-cxf端点的信任库/密钥库导入到浏览器中?

jm81lzqq

jm81lzqq2#

问题已解决。undertow配置必须按以下方式指定主机,以使端口可访问:<httpu:engine host="0.0.0.0" port="8185">

相关问题