Fabric8 CXF endpoints security with TLS... possible?

StackOverflow https://stackoverflow.com/questions/21703589

Question

I would have a question about the wonderful tool that I just discovered named fabric8 (http://fabric8.io).

When I deploy a CXF SOAP service into the system, it is available at http://${HOSTNAME}:8181/cxf. Until now, all our stack was deployed into a tomcat container, secured using TLS encryption on the regular 8443 port (using or not client authentication). We, by the way, use WSDL policies to enforce it.

Is it possible to setup this TLS encryption using fabric8 ? karaf ?

Jerome

P.S: I wanted to add the new tag 'fabric8' but I do not have enough points to do that so I tagged using 'fusefabric'.

Edit 1:

Thanks @iocanel!

It seems to work.... well mostly :-)

In fact, if I start from a fresh fabric8 installation, and if I setup in etc/org.ops4j.pax.web.cfg:

org.ops4j.pax.web.config.file=etc/jetty.xml
org.osgi.service.http.port=8181

org.osgi.service.http.secure.enabled=true
org.osgi.service.http.port.secure=8443
org.ops4j.pax.web.ssl.keystore=etc/serverKeystore.jks
org.ops4j.pax.web.ssl.password=mytest
org.ops4j.pax.web.ssl.keypassword=mytest

Then I can browse the hawtio web interface on the 8443 port. However, as soon as I initialise the container with fabric:create the port is not available anymore. If I restart fabric8, then the logs are full of:

2014-02-11 17:41:15,945 | WARN  | tp1828719771-631 | AbstractHttpConnection           | ty.server.AbstractHttpConnection  552 | 89 - org.eclipse.jetty.aggregate.jetty-all-server - 8.1.14.v20131031 | /git/fabric/info/refs?service=git-upload-pack
java.lang.IllegalStateException: Committed
    at org.eclipse.jetty.server.Response.resetBuffer(Response.java:1154)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.Response.sendError(Response.java:317)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.Response.sendError(Response.java:419)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at javax.servlet.http.HttpServletResponseWrapper.sendError(HttpServletResponseWrapper.java:137)[84:org.apache.geronimo.specs.geronimo-servlet_3.0_spec:1.0]
    at io.fabric8.maven.impl.MavenSecureHttpContext.authenticate(MavenSecureHttpContext.java:173)[129:io.fabric8.fabric-maven-proxy:1.0.0.SNAPSHOT]
    at io.fabric8.maven.impl.MavenSecureHttpContext.handleSecurity(MavenSecureHttpContext.java:78)[129:io.fabric8.fabric-maven-proxy:1.0.0.SNAPSHOT]
    at org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:68)[100:org.ops4j.pax.web.pax-web-jetty:3.0.6]
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:219)[100:org.ops4j.pax.web.pax-web-jetty:3.0.6]
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:85)[100:org.ops4j.pax.web.pax-web-jetty:3.0.6]
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.Server.handle(Server.java:370)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:971)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1033)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:667)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at java.lang.Thread.run(Thread.java:744)[:1.7.0_51]
2014-02-11 17:41:15,967 | WARN  | tp1828719771-616 | Response                         | rg.eclipse.jetty.server.Response  315 | 89 - org.eclipse.jetty.aggregate.jetty-all-server - 8.1.14.v20131031 | Committed before 401 null
2014-02-11 17:41:15,968 | WARN  | tp1828719771-616 | AbstractHttpConnection           | ty.server.AbstractHttpConnection  552 | 89 - org.eclipse.jetty.aggregate.jetty-all-server - 8.1.14.v20131031 | /git/fabric/info/refs?service=git-receive-pack
java.lang.IllegalStateException: Committed
    at org.eclipse.jetty.server.Response.resetBuffer(Response.java:1154)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.Response.sendError(Response.java:317)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.Response.sendError(Response.java:419)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at javax.servlet.http.HttpServletResponseWrapper.sendError(HttpServletResponseWrapper.java:137)[84:org.apache.geronimo.specs.geronimo-servlet_3.0_spec:1.0]
    at io.fabric8.maven.impl.MavenSecureHttpContext.authenticate(MavenSecureHttpContext.java:173)[129:io.fabric8.fabric-maven-proxy:1.0.0.SNAPSHOT]
    at io.fabric8.maven.impl.MavenSecureHttpContext.handleSecurity(MavenSecureHttpContext.java:78)[129:io.fabric8.fabric-maven-proxy:1.0.0.SNAPSHOT]
    at org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:68)[100:org.ops4j.pax.web.pax-web-jetty:3.0.6]
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:219)[100:org.ops4j.pax.web.pax-web-jetty:3.0.6]
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:85)[100:org.ops4j.pax.web.pax-web-jetty:3.0.6]
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.Server.handle(Server.java:370)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:971)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1033)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:667)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at java.lang.Thread.run(Thread.java:744)[:1.7.0_51]

Do you have an idea ?

Jerome

Était-ce utile?

La solution

The default profiles contains the org.ops4j.pax.web.properties file.

By editing this file you could configure ssl as described here: https://ops4j1.jira.com/wiki/display/paxweb/SSL+Configuration

Autres conseils

I posted an issue: https://github.com/fabric8io/fabric8/issues/696

Let's see if there is a specific configuration to apply.

Licencié sous: CC-BY-SA avec attribution
Non affilié à StackOverflow
scroll top