绿色记忆:Spring配置：启用Jetty SSL传输的CXF

Spring配置：启用Jetty SSL传输的CXF

By Alex

/ in Java

/ tags CXF, Jetty, JKS, SSL, WebService

0 Comments

Spring配置文件

100

101

102

103

104

<beans

xmlns="http://www.springframework.org/schema/beans"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xmlns:sec="http://cxf.apache.org/configuration/security"

xmlns:http="http://cxf.apache.org/transports/http/configuration"

xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"

xmlns:cxf="http://cxf.apache.org/core"

xmlns:jaxws="http://cxf.apache.org/jaxws"

xsi:schemaLocation="

http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd

http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd

http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd

http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd

http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd

http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd ">

<cxf:bus>

<cxf:features>

<cxf:logging />

</cxf:features>

</cxf:bus>

<value>

<![CDATA[

http.port=5050

https.port=5051

https.keyManagers.keyStore.type=JKS

https.keyManagers.keyPassword=sparknet

https.keyManagers.keyStore.password=sparknet

https.keyManagers.keyStore.url=#{@cfg.baseDirUrl}/work/security/key/platform.jks

https.trustManagers.keyStore.type=JKS

https.trustManagers.keyStore.password=sparknet

https.trustManagers.keyStore.url=#{@cfg.baseDirUrl}/work/security/cert/trust.jks

http.minThreads=5

http.maxThreads=50

]]>

</value>

</property>

</bean>

</bean>

</bean>

<jaxws:endpoint id="dataTransServiceHttp" implementor="#dataTransServiceImplHttp" address="http://0.0.0.0:#{@cfg.params['http.port']}/dataTransService" publish="true" />

<jaxws:endpoint id="dataTransServiceHttps" implementor="#dataTransServiceImplHttps" address="https://0.0.0.0:#{@cfg.params['https.port']}/dataTransService" publish="true" />

<httpj:engine-factory bus="cxf">

<httpj:identifiedThreadingParameters id="threadPool">

<httpj:threadingParameters minThreads="#{@cfg.params['http.minThreads']}" maxThreads="#{@cfg.params['http.maxThreads']}" />

</httpj:identifiedThreadingParameters>

<httpj:engine port="#{@cfg.params['http.port']}">

<httpj:threadingParametersRef id="threadPool" />

<httpj:connector>

</bean>

</httpj:connector>

</httpj:engine>

<httpj:engine port="#{@cfg.params['https.port']}">

<httpj:tlsServerParameters>

<sec:keyManagers keyPassword="#{@cfg.params['https.keyManagers.keyPassword']}">

<sec:keyStore type="#{@cfg.params['https.keyManagers.keyStore.type']}" url="#{@cfg.params['https.keyManagers.keyStore.url']}" password="#{@cfg.params['https.keyManagers.keyStore.password']}" />

</sec:keyManagers>

<sec:trustManagers>

<sec:keyStore type="#{@cfg.params['https.trustManagers.keyStore.type']}" url="#{@cfg.params['https.trustManagers.keyStore.url']}" password="#{@cfg.params['https.trustManagers.keyStore.password']}" />

</sec:trustManagers>

<sec:cipherSuitesFilter>

<sec:include>.*_EXPORT_.*</sec:include>

<sec:include>.*_EXPORT1024_.*</sec:include>

<sec:include>.*_WITH_DES_.*</sec:include>

<sec:include>.*_WITH_AES_.*</sec:include>

<sec:include>.*_WITH_NULL_.*</sec:include>

<sec:exclude>.*_DH_anon_.*</sec:exclude>

</sec:cipherSuitesFilter>

<sec:clientAuthentication want="true" required="true" />

</httpj:tlsServerParameters>

<httpj:threadingParametersRef id="threadPool" />

<httpj:connector>

</bean>

</httpj:connector>

</httpj:engine>

</httpj:engine-factory>

</beans>

使用JDK的keytool密钥对

使用JDK自带的keytool命令可以生成JKS（Java KeyStore）文件，作为数字证书库使用。在配置SSL时，一般需要用到两个JKS：信任库、证书库（对应上节配置文件中的truststore、keystore）。
下面是生成证书库的示例：

1	keytool -genkey -alias platform -keyalg RSA -keypass key_password -storepass store_password -dname "CN=DataTrans Platform, OU=, O=Gmem.cc, L=Nan Jing, ST=Jiang Su, C=CN" -validity 3650 -keystore platform.jks

← JacksonJson知识集锦

CXF带SSL支持的客户端示例 →

Spring配置：启用Jetty SSL传输的CXF

Spring配置：启用Jetty SSL传输的CXF

Leave a Reply Cancel reply

ABOUT ME

ABOUT GMEM

GMEM HISTORY

MIRROR INFO

Meta

Recent Posts

TOPLINKS

Recent Comments