CXF keystore config - How to access keystore file from filesystem rather than within deployed jar ?
Issue
- We are adapting a prototyped camel route to work in our
realenvironment.
In a blueprint route, we have the definition:
<http:conduit name="*.http-conduit"> <!-- set this to * from a to turn certs on -->
<http:tlsClientParameters disableCNCheck="false"> <!-- not normally required secureSocketProtocol values TLS, TLSv1, SSL -->
<!-- their certificate -->
<sec:trustManagers>
<!-- sec:keyStore password="!£$%^" type="JKS" -->
<sec:keyStore password="${bybox.their.tls.keystore.password}" type="JKS"
resource="${bybox.their.tls.keystore.file}" ></sec:keyStore>
</sec:trustManagers>
<!-- our certificate -->
<!--
<sec:keyManagers keyPassword="!£$%^">
<sec:keyStore type="JKS" password="!£$%^" resource="certs/DanStore.jks" ></sec:keyStore>
</sec:keyManagers>
-->
<sec:cipherSuitesFilter>
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_AES_.*</sec:include>
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
</http:tlsClientParameters>
<http:authorization>
<sec:UserName>${bybox.username}</sec:UserName>
<sec:Password>${bybox.password}</sec:Password>
<sec:AuthorizationType>Basic</sec:AuthorizationType>
</http:authorization>
</http:conduit>
Everything works perfectly if we set the value of ${keystore.password} to point at a keystore included in the deployed jar file.
- However, if we set this value to point to a file on the local hard disk, such as:
C:/ar-work/project/eComFuse/env/bybox-ar.jks
or
file:///C:/ar-work/project/eComFuse/env/bybox-ar.jks
we get the stack trace:
org.osgi.service.blueprint.container.ComponentDefinitionException: Error when instantiating bean #recipe-153 of class org.apache.cxf.configuration.jsse.TLSClientParametersConfig
at org.apache.aries.blueprint.container.BeanRecipe.getInstance(BeanRecipe.java:315)
at org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:806)
at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:787)
at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:106)
at org.apache.aries.blueprint.container.BeanRecipe.setProperty(BeanRecipe.java:933)
at org.apache.aries.blueprint.container.BeanRecipe.setProperties(BeanRecipe.java:907)
at org.apache.aries.blueprint.container.BeanRecipe.setProperties(BeanRecipe.java:888)
at org.apache.aries.blueprint.container.BlueprintContainerImpl.injectBeanInstance(BlueprintContainerImpl.java:937)
at org.apache.cxf.bus.blueprint.ConfigurerImpl.configureBean(ConfigurerImpl.java:121)
at org.apache.cxf.bus.blueprint.ConfigurerImpl.configureWithWildCard(ConfigurerImpl.java:137)
at org.apache.cxf.bus.blueprint.ConfigurerImpl.configureBean(ConfigurerImpl.java:110)
at org.apache.cxf.bus.blueprint.ConfigurerImpl.configureBean(ConfigurerImpl.java:99)
at org.apache.cxf.transport.http.HTTPTransportFactory.configure(HTTPTransportFactory.java:176)
at org.apache.cxf.transport.http.HTTPTransportFactory.getConduit(HTTPTransportFactory.java:241)
at org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:222)
at org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:229)
at org.apache.cxf.endpoint.AbstractConduitSelector.createConduit(AbstractConduitSelector.java:145)
at org.apache.cxf.endpoint.AbstractConduitSelector.getSelectedConduit(AbstractConduitSelector.java:107)
at org.apache.cxf.endpoint.UpfrontConduitSelector.prepare(UpfrontConduitSelector.java:63)
at org.apache.cxf.endpoint.ClientImpl.prepareConduitSelector(ClientImpl.java:853)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:511)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:418)
at org.apache.camel.component.cxf.CxfProducer.process(CxfProducer.java:116)
at org.apache.camel.processor.SendProcessor.process(SendProcessor.java:129)
at org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:77)
at org.apache.camel.processor.interceptor.HandleFaultInterceptor.process(HandleFaultInterceptor.java:42)
at org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:91)
at org.apache.camel.processor.RedeliveryErrorHandler.process(RedeliveryErrorHandler.java:448)
at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:191)
at org.apache.camel.processor.Pipeline.process(Pipeline.java:118)
at org.apache.camel.processor.Pipeline.process(Pipeline.java:80)
at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:191)
at org.apache.camel.component.direct.DirectProducer.process(DirectProducer.java:51)
at org.apache.camel.processor.SendProcessor.process(SendProcessor.java:129)
at org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:77)
at org.apache.camel.processor.RedeliveryErrorHandler.process(RedeliveryErrorHandler.java:448)
at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:191)
at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:191)
at org.apache.camel.component.jetty.CamelContinuationServlet.service(CamelContinuationServlet.java:162)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:668)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:684)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1496)
at org.eclipse.jetty.servlets.MultiPartFilter.doFilter(MultiPartFilter.java:136)
at org.apache.camel.component.jetty.CamelFilterWrapper.doFilter(CamelFilterWrapper.java:43)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:501)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:429)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
at org.eclipse.jetty.server.Server.handle(Server.java:370)
at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494)
at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:982)
at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1043)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)
at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:696)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:53)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.IOException: Could not load keystore resource file:///C:/user/keystore.jks
at org.apache.cxf.configuration.jsse.TLSParameterJaxBUtils.getKeyStore(TLSParameterJaxBUtils.java:140)
at org.apache.cxf.configuration.jsse.TLSParameterJaxBUtils.getTrustManagers(TLSParameterJaxBUtils.java:291)
at org.apache.cxf.configuration.jsse.TLSClientParametersConfig.createTLSClientParametersFromType(TLSClientParametersConfig.java:115)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:297)
at org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:958)
at org.apache.aries.blueprint.container.BeanRecipe.getInstance(BeanRecipe.java:313)
... 62 more
Environment
- Red Hat JBoss Fuse
- 6.x
- Apache CXF
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
