How to configure SSL in WSDL First CXF Framework web service? - ssl

I am new to CXF framework. Recently successfully created webservices using CXF and Spring Endpoint. I am using WSDL first approach. Can you please suggest how to use SSL(https) for web services. I have idea about truststore and keystore. I am using Apache Tomcat server.
below is my ApplicationContext.xml -->
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:cxf="http://cxf.apache.org/core"
xmlns:jaxws="http://cxf.apache.org/jaxws"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-2.5.xsd
http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd"
default-autowire="byName">
<!-- Service endpoint -->
<jaxws:endpoint id="CalculatorWebService"
implementorClass="com.web.calculator.service.CalculatorContractImpl"
implementor="#CalculatorImpl"
address="/CalculatorWS">
</jaxws:endpoint>
<bean id="CalculatorImpl" class="com.web.calculator.service.CalculatorContractImpl"/>
I believe I need to make some configuration entries for truststore here and similarly some configuration for keystore in client side in some xml. Also I think I need some Passwordcallback class for using keystores.
Can you please help me with the configurations that has to be made to enable SSL.
Your help is truly appreciated...
Thanks...

Here is great tutorial how to set up everything you need with SSL in your CXF. Please refer to section Configuring SSL Support.
And do not forget to enable https in your tomcat. The full "how to do this" is provided here. I assume that you did not try anything yet. All you need to do just follow these steps because there is everything explained very clear.

Related

How to configure Database with custom Datasource in MUlesoft

I have a requirement that to configure the database connector using my custom-defined Datasource(Spring based). When configuring my data-source to DB Connector with my custom bean, I am getting an error that cannot set javax.sql.Datasource to org.mule.extension.db.internal.domain.data source.DataSourceConnetionSettings.dataSourceRef. When I didn't configure my DB connector and referred to the data source using java invoke, able to get the Datasource object. How can I pass this Datasource this my database connector in runtime?
Referred to the below but didn't help.
https://help.mulesoft.com/s/article/Spring-based-datasources
Can someone help me with the last point in the below knowledgebase?
https://help.mulesoft.com/s/article/How-to-configure-connector-with-dynamic-parameters
<db:config name="Database_Config">
<db:data-source-connection dataSourceRef="myDbConnetor" />
</db:config>
My beans.xml as like below:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jdbc="http://www.springframework.org/schema/jdbc"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
http://www.springframework.org/schema/jdbc
http://www.springframework.org/schema/jdbc/spring-jdbc-4.1.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-4.1.xsd">
<context:annotation-config />
<context:component-scan base-package="com.test.datasource.*" />
<bean id="myDbConnetor" class="com.test.datasource.MyCustomDataSource"/>
</beans>

Jetty: load a server bean from war before initialization

I have a webapp being loaded from a Jetty server.
I want to load a bean implementing a MappedLoginService inside the webapp (not from the server) before the webapp starts loading.
Is there any way?
I tried to load the bean in the webapp post-construct and in webapp application class (javax.ws.rs.Application), without success.
Put the initialization in the WEB-INF/jetty-web.xml file.
That will load it during WebApp initialization, before the Servlet layer initialization kicks off.
I follow Joakim answer creating a WEB-INF/jetty-web.xml file and it worked. I just want to extend the answer adding a sample jetty-web.xml that prints something before servlet is initiated:
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure.dtd">
<Configure id="context" class="org.eclipse.jetty.webapp.WebAppContext">
<Get class="java.lang.System" name="out">
<Call name="println">
<Arg>Hello world!</Arg>
</Call>
</Get>
</Configure>
More information about jetty-web.xml syntax here.

Flex2gateway not working on https/ssl on websphere

We are upgrading our ColdFusion 9 non-ssl application to ColdFusion 11 ssl enabled setup using Websphere.
We have a few flex components that utilize Flex2Gateway to call remote services. The application/Flex2gateway calls work fine with http but not on https.
The following urls give me a blank page which as per Adobe forums mean that Flex2Gateway is setup right:
http://example.com/flex2gateway
https://example.com/flex2gateway
The app calls the non-ssl url(not sure why):
http://example.com/flex2gateway and then gets redirected to
https://example.com/flex2gateway
When I look at the browser developer tools(IE, Chrome) the redirection from
http://example.com/flex2gateway to https://example.com/flex2gateway
seems to be working fine. Can anybody provide some insights on a possible solution?
Here is my remoting-config.xml
<?xml version="1.0" encoding="UTF-8"?>
<service id="remoting-service"
class="flex.messaging.services.RemotingService"
messageTypes="flex.messaging.messages.RemotingMessage">
<adapters>
<adapter-definition id="cf-object"
class="coldfusion.flash.messaging.ColdFusionAdapter" default="true"/>
<adapter-definition id="java-object"
class="flex.messaging.services.remoting.adapters.JavaAdapter"/>
</adapters>
<default-channels>
<channel ref="my-cfamf-secure"/>
</default-channels>
<destination id="ColdFusion">
<channels>
<channel ref="my-cfamf-secure"/>
</channels>
<properties>
<source>*</source>
</properties>
</destination>
I do see the following in services-config.xml and I did uncomment the WebsphereLoginCommand option but saw no difference.
<security>
<login-command class="flex.messaging.security.JRunLoginCommand" server="JRun"/>
<!-- Uncomment the correct app server
<login-command class="flex.messaging.security.TomcatLoginCommand" server="Tomcat"/>
<login-command class="flex.messaging.security.WeblogicLoginCommand" server="Weblogic"/>
<login-command class="flex.messaging.security.WebSphereLoginCommand" server="WebSphere"/>
-->
UPDATE: I got https disabled on our server and receive the below error now when I try to access flex component:
faultCode:Client.Error.MessageSend faultString:'Send Failed' faultDetail:'Channel.Connect.Failed error NetConection.Call.Failed: HTTP: Failed:url: 'http://example.com/flex2gateway/"

KEYCLOAK unknown authenticator error - Client Adapter installed

I am trying to setup Keycloak with Tomcat 8.
I followed the instruction carefully. I downloaded the Client Adapter for Tomcat8 and copied all the jar into $CATALINA_HOME/lib directory. I modified my web.xml login-config to use KEYCLOAK. Yet when I started Tomcat I kept getting Severe Error Unknown Authenticator??
Anywhere I googled everyone said you have to install the Client Adapter but.. in my case IT IS ALREADY THERE!!! HELP!!
I think you forgot to create a META-INF directory beside the WEB-INF and put a file named context.xml into it:
The contents of this file has to be
<?xml version="1.0" encoding="UTF-8"?>
<Context>
<Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
</Context>
This is not needed if you deploy the war into WildFly. I had the same problem when I tried to transfer a well working webApp from WildFly to Tomcat.

Secure Session Cookie + Glassfish 3.1

I'm looking for a solution similar to this:
httpOnly Session Cookie + Servlet 3.0 (e.g. Glassfish v3)
I want to turn the HTTP headers: http-only and Secure off so that authentication with https carries across to http requests.
However,
1 Relating to the other post. I am not using servlet 3.0. I may be willing to try to use servlet 3.0 if there was decent documentation somewhere on how to migrate an intellij project from serverl 2.5 to 3.0. It does not seem obvious how to use this. Changing my maven pom to javax.servlet 3.0 and then editing my web.xml version to 3.0 doesn't work. Gives a facet-error on the 3.0 version. Sigh.
This is my primary approach to solve this. I edited domains/domain1/config for default-web.xml and domain.xml to what I thought would work but it doesn't. Oracle's documentation does not seem very clear to me on this.
domain.xml
<web-container>
<session-config>
<session-manager>
<manager-properties></manager-properties>
<store-properties></store-properties>
</session-manager>
<session-properties>
<property name="cookieSecure" value="false"></property>
<property name="cookieHttpOnly" value="false"></property>
</session-properties>
</session-config>
</web-container>
....
<configs>
<config name="server-config">
<http-service sso-enabled="true">
<access-log></access-log>
<virtual-server id="server" sso-cookie-secure="false" sso-cookie-http-only="false" network-listeners="http-listener-1,http-listener-2"></virtual-server>
<virtual-server id="__asadmin" sso-cookie-http-only="false" network-listeners="admin-listener"></virtual-server>
</http-service>
default-web.xml
<session-config>
<session-timeout>60</session-timeout>
<cookie-config>
<http-only>false</http-only>
<secure>false</secure>
</cookie-config>
<cookie-properties>
<property name="cookieSecure" value="false" />
<property name="cookieHttpOnly" value="false" />
</cookie-properties>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
Okay I feel a bit stupid but I generally have never written to a specific container before to make sure that my code was portable across containers. However, after some research, I discovered that you can put a WEB-INF/glassfish-web.xml file that looks like this to control your security cookie setting for each WAR file under glassfish.
http://blogs.oracle.com/jluehe/entry/ow_to_configure_the_security
<?xml version="1.0" encoding="UTF-8"?>
<glassfish-web-app>
<session-config>
<cookie-properties>
<b><property name="cookieSecure" value="[true|false|dynamic]"/></b>
</cookie-properties>
</session-config>
</glassfish-web-app>