Child pages
  • How to switch the CXF consumer between HTTP and HTTPS without touching the Spring configuration
Skip to end of metadata
Go to start of metadata

You can find general information how to secure your Camel CXF Consumer with HTTPS here

A simple Camel CXF Consumer configuration which use the http:conduit configuration to enable SSL and an external properties file for all environment specific configurations could looks like:

bundle-context.xml
<beans xmlns="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:ctx="http://www.springframework.org/schema/context"
  xmlns:camel="http://camel.apache.org/schema/spring"
  xmlns:camel-cxf="http://camel.apache.org/schema/cxf"
  xmlns:http="http://cxf.apache.org/transports/http/configuration"
  xmlns:sec="http://cxf.apache.org/configuration/security"
  xsi:schemaLocation="
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
    http://camel.apache.org/schema/spring http://camel.apache.org/schema/spring/camel-spring.xsd
    http://camel.apache.org/schema/osgi http://camel.apache.org/schema/osgi/camel-osgi.xsd
    http://camel.apache.org/schema/cxf http://camel.apache.org/schema/cxf/camel-cxf.xsd
    http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
    http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd
	">

  <import resource="classpath:META-INF/cxf/cxf.xml" />
  <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
  <import resource="classpath:META-INF/cxf/cxf-extension-http-jetty.xml" />

  <ctx:property-placeholder location="classpath:orderEntry.cfg" />

  <camel-cxf:cxfEndpoint id="orderEntryEndpoint"
    address="${endpointUri}"
    serviceClass="com.company.product.OrderEntryService"
    endpointName="ssp:OrderEntry"
    serviceName="ssp:OrderEntryService"
    wsdlURL="META-INF/orderEntry/orderEntry.wsdl"
    xmlns:ssp="http://www.company.com/product/orderEntry/service/1" />
  
  <http:conduit name="{http://www.company.com/product/orderEntry/service/1}OrderEntry.http-conduit">
    <http:tlsClientParameters disableCNCheck="true">
      <sec:trustManagers>
        <sec:keyStore type="JKS" password="${trustStore.password}" file="${trustStore.file}"/>
      </sec:trustManagers>
      <sec:cipherSuitesFilter>
        <sec:include>.*_EXPORT_.*</sec:include>
        <sec:include>.*_EXPORT1024_.*</sec:include>
        <sec:include>.*_WITH_DES_.*</sec:include>
        <sec:include>.*_WITH_NULL_.*</sec:include>
        <sec:exclude>.*_DH_anon_.*</sec:exclude>
      </sec:cipherSuitesFilter>
    </http:tlsClientParameters>
  </http:conduit>

  <camel:camelContext trace="true">
    <camel:routeBuilder ref="orderEntryRoute" />
  </camel:camelContext>
	
  <bean id="orderEntryRoute" class="com.company.product.OrderEntryRoute" />
</beans>

The environment specific configurations are externalized into a properties file:

orderEntry.cfg
endpointUri=https://localhost:8181/OrderEntry
trustStore.password=password
trustStore.file=etc/myApp.ts

With this configuration, you Camel CXF consumer connects with HTTPS to the web service provider.
If you need to change the protocol to HTTP, maybe for tracing/debugging reasons, change the endpointUri property in your properties file to e.g. http://localhost:8080/OrderEntry. That's all! Isn't it easy.
Apache CXF detects that you "only" use HTTP and instantiates a HttpURLConnectionFactoryImpl instead of a HttpsURLConnectionFactory.

  • No labels

0 Comments