1

我正在尝试通过 SSL/TLS 保护我们使用 CXF 2.2.5 的 Web 服务之一的通信。我想知道如何更新客户端和服务器 Spring 配置文件以激活此功能。我在 CXF 的网站 ( CXF Wiki ) 上找到了一些关于客户端配置的信息,这是给定的示例:

 <http:conduit name="{http://apache.org/hello_world}HelloWorld.http-conduit">
   <http:tlsClientParameters>
      <sec:keyManagers keyPassword="password">
           <sec:keyStore type="JKS" password="password"
                file="src/test/java/org/apache/cxf/systest/http/resources/Morpit.jks"/>
      </sec:keyManagers>
      <sec:trustManagers>
          <sec:keyStore type="JKS" password="password"
               file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
      </sec:trustManagers>
      <sec:cipherSuitesFilter>
        <!-- these filters ensure that a ciphersuite with
          export-suitable or null encryption is used,
          but exclude anonymous Diffie-Hellman key change as
          this is vulnerable to man-in-the-middle attacks -->
        <sec:include>.*_EXPORT_.*</sec:include>
        <sec:include>.*_EXPORT1024_.*</sec:include>
        <sec:include>.*_WITH_DES_.*</sec:include>
        <sec:include>.*_WITH_NULL_.*</sec:include>
        <sec:exclude>.*_DH_anon_.*</sec:exclude>
      </sec:cipherSuitesFilter>
  </http:tlsClientParameters>
  <http:authorization>
     <sec:UserName>Betty</sec:UserName>
     <sec:Password>password</sec:Password>
  </http:authorization>
  <http:client AutoRedirect="true" Connection="Keep-Alive"/>
 </http:conduit>

关于这种配置,

关于服务器端配置,我无法正确启动服务器,这是我的配置:

<http:destination name="{urn:ihe:iti:xds-b:2007}DocumentRepository_Port_Soap12.http-destination">
    </http:destination>

    <httpj:engine-factory>
            <httpj:engine port="9043">
                    <httpj:tlsServerParameters>
                            <sec:keyManagers keyPassword="changeit">
                                    <sec:keyStore type="JKS" password="changeit" file="security/keystore.jks" />
                            </sec:keyManagers>
                            <sec:trustManagers>
                                    <sec:keyStore type="JKS" password="changeit" file="security/cacerts.jks" />
                            </sec:trustManagers>
                            <sec:cipherSuitesFilter>
                                    <!--
                                            these filters ensure that a ciphersuite with export-suitable or null encryption is used, but exclude
                                            anonymous Diffie-Hellman key change as this is vulnerable to man-in-the-middle attacks
                                    -->
                                    <sec:include>.*_EXPORT_.*</sec:include>
                                    <sec:include>.*_EXPORT1024_.*</sec:include>
                                    <sec:include>.*_WITH_DES_.*</sec:include>
                                    <sec:include>.*_WITH_NULL_.*</sec:include>
                                    <sec:exclude>.*_DH_anon_.*</sec:exclude>
                            </sec:cipherSuitesFilter>
                            <sec:clientAuthentication want="true" required="true" />
                    </httpj:tlsServerParameters>
            </httpj:engine>
    </httpj:engine-factory>

但是,当我使用此配置运行我的应用程序服务器 (JOnas) 时,我收到以下错误消息:

Line 20 in XML document from ServletContext resource [/WEB-INF/beans.xml] is invalid; nested exception is org.xml.sax.SAXParseException: cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'httpj:engine-factory'.

你们知道如何解决这个问题吗?

提前致谢,

4

1 回答 1

4

听起来您缺少名称空间声明,或者您的 XML 过于复杂。这可能更多是与 Spring 相关的问题,而不是 CXF 问题。

检查以下项目是否出现在您声明 httj:engine-factory 的 beans 元素上:

<beans
  ...
  xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
  ...
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="
      http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
      ...">
  <import resource="classpath:META-INF/cxf/cxf-extension-http.xml" />
  <import resource="classpath:META-INF/cxf/cxf-extension-http-jetty.xml" />

在运行时检查 CXF Jetty Transport JAR 是否在您的类路径中。

如果您将声明和模式位置添加到 IDE 中的上下文文件中(至少在带有 Spring 插件和 IDEA 的 Eclipse 中),您应该在 IDE 中直接进行模式验证,这样您就可以轻松找到您犯的任何错误并采取自动完成的优势。

于 2010-03-14T17:40:59.323 回答