-
1. Re: JAX-RS Endpoints over SSL
ffang May 19, 2011 11:32 PM (in response to petitgitan_g.atala)Hi,
I don't think it's possible with cxf http-osgi transport.
As the SSL transport level configuration is per port, so if your services are using cxf http-osgi transport(pax-web underlying), which means it will use same port, then you can't achieve such per-service/endpoint basis configuration.
However, if your services are using cxf http-jetty transport directly, which means each service can listen on different port, then you can configure different port with different keystore/truststore/client auth policy, from this way, you can achieve kind of per-service/endpoint configuration.
Freeman
-
2. Re: JAX-RS Endpoints over SSL
petitgitan_g.atala May 19, 2011 11:38 PM (in response to ffang)Freeman,
Thank you for the quick response. Is it possible to deploy the bundles relevant to a RESTful endpoint to the OSGI container, and still use the http-jetty transport? How is this done? I'd appreciate a reference to any examples.
George
-
3. Re: JAX-RS Endpoints over SSL
ffang May 19, 2011 11:43 PM (in response to petitgitan_g.atala)Hi,
yeah, just simply set address="http://urlyouwant", but not use address="/url", the http:// prefix will make cxf to load http-jetty transport.
Also
use
Freeman
-
4. Re: JAX-RS Endpoints over SSL
petitgitan_g.atala May 20, 2011 12:01 AM (in response to ffang)Thanks again. So to configure TLS, would you recommend the approach described here: <http://is.gd/aSAuv4>, that is, using something like:
<httpj:engine-factory id="port-9095-tls-config">
<httpj:engine port="9095">
<httpj:tlsServerParameters>
....
</httpj:tlsServerParameters>
</httpj:engine>
</httpj:engine-factory>
Regards,
George
-
5. Re: JAX-RS Endpoints over SSL
ffang May 20, 2011 12:17 AM (in response to petitgitan_g.atala)Him
Yeah, if you really wanna using different SSL configuration for different endpoint, as the SSL configuration is per port.
Freeman
-
6. Re: JAX-RS Endpoints over SSL
petitgitan_g.atala May 20, 2011 2:37 AM (in response to ffang)Freeman,
One more question: I can configure the server's keystore using the following:
org.ops4j.pax.web.ssl.keystore=/path/server-keystore.jks
org.ops4j.pax.web.ssl.keystore.type=JKS
What about a truststore? I tried putting trusted certs in the same keystore (and they're labeled as trusted inside the store), but that doesn't seem to work. Is there another way to configure or point to a truststore?
Many thanks,
George