0

我们一直在为多个应用程序使用 camel-cxf 服务端点。他们运作良好。最近我们需要保护这些服务端点。因此,我们正在向 <httpu:engine-factory>camel-context.xml 添加配置。

我们还通过设置将 FUSE 7.6 服务器配置为具有 8183 的安全端口

  • [FUSE 7.6 安装]/etc/org.ops4j.pax.web.cfg 文件:

org.osgi.service.http.port = 8181 org.osgi.service.http.port.secure
= 8183
org.ops4j.pax.web.config.file = ${karaf.etc}/undertow.xml
org.ops4j。 pax.web.session.cookie.httpOnly = false
org.ops4j.pax.web.session.cookie.secure = true

  • [FUSE 7.6 安装]/etc/undertow.xml 正确配置为指向正确的 keystore 和 truststore 等。

以下是骆驼上下文.xml:

<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
     xmlns:cxf="http://camel.apache.org/schema/blueprint/cxf"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xmlns:sec="http://cxf.apache.org/configuration/security"
     xmlns:http="http://cxf.apache.org/transports/http/configuration"
     xmlns:httpu="http://cxf.apache.org/transports/http-undertow/configuration"
     xsi:schemaLocation="         
     http://www.osgi.org/xmlns/blueprint/v1.0.0             
     https://osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd
     http://cxf.apache.org/configuration/security 
     http://cxf.apache.org/schemas/configuration/security.xsd 
     http://cxf.apache.org/transports/http/configuration 
     http://cxf.apache.org/schemas/configuration/http-conf.xsd 
     http://cxf.apache.org/transports/http-undertow/configuration 
     http://cxf.apache.org/schemas/configuration/http-undertow.xsd">
     
     <bean class="com.mycom.myapp.CamelRequestProcessor" id="myProcessor"/>
     <cxf:cxfEndpoint address="{{MY_HOST}}:8185{{MY_SVC_ADDRESS}}"
          bus="auditBus" id="myWebServiceEndpoint"
          serviceClass="com.mycom.myapp.MyWebServiceEndpoint" wsdlURL="wsdl/mySvc.wsdl"/>
 
    <httpu:engine-factory bus="cxf">
        <httpu:engine port="8185">
            <httpu:tlsServerParameters secureSocketProtocol="$(MY_SECURE_SOCKET_PROTOCOL)">
                <sec:keyManagers keyPassword="$(MY_KEY_PASSWORD)">
                    <sec:keyStore file="$(MY_KEYSTORE)" password="$(MY_KEYSTORE_PASSWORD)" type="JKS"/>
                </sec:keyManagers>
                <sec:trustManagers>
                    <sec:keyStore file="$(MY_TRUSTSTORE)" password="$(MY_TRUSTSTORE_PASSWORD)" type="JKS"/>
                </sec:trustManagers>
                <sec:clientAuthentication required="true" want="true"/>
            </httpu:tlsServerParameters>
        </httpu:engine>
    </httpu:engine-factory>
    
    <camelContext id="_myCamelContext" useBlueprintPropertyResolver="true" errorHandlerRef="myErrorHandler">
          <route id="_firstRuote">
               <from id="_from" uri="cxf:bean:myWebServiceEndpoint"/>
               <bean id="_processor" method="process" ref="myProcessor"/>
               <to id="_to4" uri="direct:otherEndpoints"/>
          </route>  
     </camelContext>
</blueprint>

添加<httpu:engine-factory/>部分后,代码将构建并部署到 FUSE 7.6。一切顺利。日志中没有错误,并且bundle正常启动。当我在 https://myhost:8183/cxf 检查服务时,该服务显示在浏览器中

Endpoint address: https://my host:8185/cxf/MyWebServiceEndpoint/<br>
WSDL : {namespace}MyWebServiceEndpoint   <--This is a link-->

但是,当我单击 WSDL 链接时,它会旋转几秒钟,然后显示 "Unable to connect"。它应该显示 WSDL 文件。浏览器地址栏确实指向正确的 URL
https://myhost:8185/cxf/MyWebServiceEndpoint/?wsdl

任何帮助是极大的赞赏。

4

1 回答 1

0

您的 camel-cxf 端点具有 <sec:clientAuthentication required="true" want="true"/> 这意味着您的客户端(在这种情况下是加载 wsdl 的浏览器)也需要提供私钥(密钥库)。

您是否将用于 camel-cxf 端点的信任库/密钥库导入浏览器?

于 2022-03-04T14:39:29.230 回答