We have been using camel-cxf service endpoints for multiple applications. They works well. Recently we have a need to secure these service endpoints. Therefore, we are adding <httpu:engine-factory> configuration to the camel-context.xml.
We also configured FUSE 7.6 server to have the secure port at 8183 by setting
- [FUSE 7.6 Install]/etc/org.ops4j.pax.web.cfg file:
org.osgi.service.http.port = 8181
org.osgi.service.http.port.secure = 8183
org.ops4j.pax.web.config.file = ${karaf.etc}/undertow.xml
org.ops4j.pax.web.session.cookie.httpOnly = false
org.ops4j.pax.web.session.cookie.secure = true
- [FUSE 7.6 Install]/etc/undertow.xml is correctly configured to point to right keystore and truststore, etc.
Following is the camel-context.xml:
<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:cxf="http://camel.apache.org/schema/blueprint/cxf"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:http="http://cxf.apache.org/transports/http/configuration"
xmlns:httpu="http://cxf.apache.org/transports/http-undertow/configuration"
xsi:schemaLocation="
http://www.osgi.org/xmlns/blueprint/v1.0.0
https://osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd
http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://cxf.apache.org/transports/http-undertow/configuration
http://cxf.apache.org/schemas/configuration/http-undertow.xsd">
<bean class="com.mycom.myapp.CamelRequestProcessor" id="myProcessor"/>
<cxf:cxfEndpoint address="{{MY_HOST}}:8185{{MY_SVC_ADDRESS}}"
bus="auditBus" id="myWebServiceEndpoint"
serviceClass="com.mycom.myapp.MyWebServiceEndpoint" wsdlURL="wsdl/mySvc.wsdl"/>
<httpu:engine-factory bus="cxf">
<httpu:engine port="8185">
<httpu:tlsServerParameters secureSocketProtocol="$(MY_SECURE_SOCKET_PROTOCOL)">
<sec:keyManagers keyPassword="$(MY_KEY_PASSWORD)">
<sec:keyStore file="$(MY_KEYSTORE)" password="$(MY_KEYSTORE_PASSWORD)" type="JKS"/>
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore file="$(MY_TRUSTSTORE)" password="$(MY_TRUSTSTORE_PASSWORD)" type="JKS"/>
</sec:trustManagers>
<sec:clientAuthentication required="true" want="true"/>
</httpu:tlsServerParameters>
</httpu:engine>
</httpu:engine-factory>
<camelContext id="_myCamelContext" useBlueprintPropertyResolver="true" errorHandlerRef="myErrorHandler">
<route id="_firstRuote">
<from id="_from" uri="cxf:bean:myWebServiceEndpoint"/>
<bean id="_processor" method="process" ref="myProcessor"/>
<to id="_to4" uri="direct:otherEndpoints"/>
</route>
</camelContext>
</blueprint>
After we add <httpu:engine-factory/>section, the code is built and deployed to FUSE 7.6. Everything goes well. There is no error in the log, and the bundle starts normally. When I inspected the service at https://myhost:8183/cxf, the service is displayed in browser
Endpoint address: https://my host:8185/cxf/MyWebServiceEndpoint/<br>
WSDL : {namespace}MyWebServiceEndpoint <--This is a link-->
However, when I click the WSDL link, it spins a few seconds, then displays "Unable to connect". It should display the WSDL file.
The browser address bar does point to the correct URL
https://myhost:8185/cxf/MyWebServiceEndpoint/?wsdl
Any help is greatly appreciated.
Your camel-cxf endpoint has <sec:clientAuthentication required="true" want="true"/> Which means your client(in this case a browser to load the wsdl) also needs to provide the private key(keystore).
Did you import truststore/keystore that you used for the camel-cxf endpoint into your browser?