CXF keystore config - How to access keystore file from filesystem rather than within deployed jar ?
Issue
- We are adapting a prototyped camel route to work in our
real
environment.
In a blueprint route, we have the definition:
<http:conduit name="*.http-conduit"> <!-- set this to * from a to turn certs on -->
<http:tlsClientParameters disableCNCheck="false"> <!-- not normally required secureSocketProtocol values TLS, TLSv1, SSL -->
<!-- their certificate -->
<sec:trustManagers>
<!-- sec:keyStore password="!£$%^" type="JKS" -->
<sec:keyStore password="${bybox.their.tls.keystore.password}" type="JKS"
resource="${bybox.their.tls.keystore.file}" ></sec:keyStore>
</sec:trustManagers>
<!-- our certificate -->
<!--
<sec:keyManagers keyPassword="!£$%^">
<sec:keyStore type="JKS" password="!£$%^" resource="certs/DanStore.jks" ></sec:keyStore>
</sec:keyManagers>
-->
<sec:cipherSuitesFilter>
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_AES_.*</sec:include>
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
</http:tlsClientParameters>
<http:authorization>
<sec:UserName>${bybox.username}</sec:UserName>
<sec:Password>${bybox.password}</sec:Password>
<sec:AuthorizationType>Basic</sec:AuthorizationType>
</http:authorization>
</http:conduit>
Everything works perfectly if we set the value of ${keystore.password}
to point at a keystore included in the deployed jar file.
- However, if we set this value to point to a file on the local hard disk, such as:
C:/ar-work/project/eComFuse/env/bybox-ar.jks
or
file:///C:/ar-work/project/eComFuse/env/bybox-ar.jks
we get the stack trace:
org.osgi.service.blueprint.container.ComponentDefinitionException: Error when instantiating bean #recipe-153 of class org.apache.cxf.configuration.jsse.TLSClientParametersConfig
at org.apache.aries.blueprint.container.BeanRecipe.getInstance(BeanRecipe.java:315)
at org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:806)
at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:787)
at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:106)
at org.apache.aries.blueprint.container.BeanRecipe.setProperty(BeanRecipe.java:933)
at org.apache.aries.blueprint.container.BeanRecipe.setProperties(BeanRecipe.java:907)
at org.apache.aries.blueprint.container.BeanRecipe.setProperties(BeanRecipe.java:888)
at org.apache.aries.blueprint.container.BlueprintContainerImpl.injectBeanInstance(BlueprintContainerImpl.java:937)
at org.apache.cxf.bus.blueprint.ConfigurerImpl.configureBean(ConfigurerImpl.java:121)
at org.apache.cxf.bus.blueprint.ConfigurerImpl.configureWithWildCard(ConfigurerImpl.java:137)
at org.apache.cxf.bus.blueprint.ConfigurerImpl.configureBean(ConfigurerImpl.java:110)
at org.apache.cxf.bus.blueprint.ConfigurerImpl.configureBean(ConfigurerImpl.java:99)
at org.apache.cxf.transport.http.HTTPTransportFactory.configure(HTTPTransportFactory.java:176)
at org.apache.cxf.transport.http.HTTPTransportFactory.getConduit(HTTPTransportFactory.java:241)
at org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:222)
at org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:229)
at org.apache.cxf.endpoint.AbstractConduitSelector.createConduit(AbstractConduitSelector.java:145)
at org.apache.cxf.endpoint.AbstractConduitSelector.getSelectedConduit(AbstractConduitSelector.java:107)
at org.apache.cxf.endpoint.UpfrontConduitSelector.prepare(UpfrontConduitSelector.java:63)
at org.apache.cxf.endpoint.ClientImpl.prepareConduitSelector(ClientImpl.java:853)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:511)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:418)
at org.apache.camel.component.cxf.CxfProducer.process(CxfProducer.java:116)
at org.apache.camel.processor.SendProcessor.process(SendProcessor.java:129)
at org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:77)
at org.apache.camel.processor.interceptor.HandleFaultInterceptor.process(HandleFaultInterceptor.java:42)
at org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:91)
at org.apache.camel.processor.RedeliveryErrorHandler.process(RedeliveryErrorHandler.java:448)
at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:191)
at org.apache.camel.processor.Pipeline.process(Pipeline.java:118)
at org.apache.camel.processor.Pipeline.process(Pipeline.java:80)
at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:191)
at org.apache.camel.component.direct.DirectProducer.process(DirectProducer.java:51)
at org.apache.camel.processor.SendProcessor.process(SendProcessor.java:129)
at org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:77)
at org.apache.camel.processor.RedeliveryErrorHandler.process(RedeliveryErrorHandler.java:448)
at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:191)
at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:191)
at org.apache.camel.component.jetty.CamelContinuationServlet.service(CamelContinuationServlet.java:162)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:668)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:684)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1496)
at org.eclipse.jetty.servlets.MultiPartFilter.doFilter(MultiPartFilter.java:136)
at org.apache.camel.component.jetty.CamelFilterWrapper.doFilter(CamelFilterWrapper.java:43)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:501)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:429)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
at org.eclipse.jetty.server.Server.handle(Server.java:370)
at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494)
at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:982)
at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1043)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)
at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:696)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:53)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.IOException: Could not load keystore resource file:///C:/user/keystore.jks
at org.apache.cxf.configuration.jsse.TLSParameterJaxBUtils.getKeyStore(TLSParameterJaxBUtils.java:140)
at org.apache.cxf.configuration.jsse.TLSParameterJaxBUtils.getTrustManagers(TLSParameterJaxBUtils.java:291)
at org.apache.cxf.configuration.jsse.TLSClientParametersConfig.createTLSClientParametersFromType(TLSClientParametersConfig.java:115)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:297)
at org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:958)
at org.apache.aries.blueprint.container.BeanRecipe.getInstance(BeanRecipe.java:313)
... 62 more
Environment
- Red Hat JBoss Fuse
- 6.x
- Apache CXF
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.