0 Replies Latest reply on Dec 23, 2016 5:24 AM by rsteeghs

    How to use 2 way SSL/TLS with Wildfly 10.1.0.Final and JBossWS 5.1.5.Final

    rsteeghs
    rsteeghs Dec 23, 2016 5:24 AM

      We, at an Energy Grid Operator in the Netherlands, have an application running in Wildfly, which is calling a web service from another party through SSL (TLS) with usage of server and client certificates (2 way SSL).

      At the moment for the calls we use the Spring configuration option of JBossWS 5.0.0.Final in Wildfly 9.0.0.Final to configure the ‘http:conduit’ and underlying CXF logging. E.g. of used ‘cxf.xml’:

      <beans xmlns="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
        xmlns:cxf="http://cxf.apache.org/core" xmlns:jaxws="http://cxf.apache.org/jaxws"
        xmlns:http="http://cxf.apache.org/transports/http/configuration"
        xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:wsa="http://cxf.apache.org/ws/addressing"
        xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
        http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
        http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd
        http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/configuration/security
        http://cxf.apache.org/schemas/configuration/security.xsd">

        <bean id="propertyConfigurer"
        class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
        <property name="searchSystemEnvironment" value="true" />
        <property name="systemPropertiesModeName" value="SYSTEM_PROPERTIES_MODE_OVERRIDE" />
        <property name="ignoreUnresolvablePlaceholders" value="true" />
        <property name="locations">
        <list>
        <value>file:${jboss.server.config.dir}/ssl/ssl.properties</value>
        </list>
        </property>
        </bean>

        <cxf:bus>
        <cxf:features>
        <cxf:logging />
        </cxf:features>
        </cxf:bus>

        <!-- Minimal install jbossws 5.0.0 ON WILDFLY WITH THE OPTION
        SPRING IS TRUE. Load this THROUGH USING jboss-deployment-structure.xml -->
        <http:conduit name="*.http-conduit">
        <http:tlsClientParameters disableCNCheck="${disableCNCheck}">
        <sec:keyManagers keyPassword="${key.password}">
        <sec:keyStore type="JKS" password="${keystore.password}"
        file="${keystore.path}" />
        </sec:keyManagers>
        <sec:trustManagers>
        <sec:keyStore type="JKS" password="${truststore.password}"
        file="${truststore.path}" />
        </sec:trustManagers>
        <sec:certAlias>${key.alias}</sec:certAlias>
        </http:tlsClientParameters>
        </http:conduit>
      </beans>

      Now we want to upgrade to Wildfly 10.1.0.Final, which includes JBossWS 5.1.5.Final. In this JBossWS version the Spring configuration option is removed, but we still need to configure the 2 way SSL.

      Any suggestions which options we have? Or has anyone a solution? In the past the Spring option was also an escape, because we couldn’t figure it out another way at that time.

      Thanks and kind regards.