Setting up mutual authentication without Spring and Apache CXF
chatrfb Sep 4, 2018 8:23 AMHi,
I'm migrating an application from JBoss EAP 6.4 to Wildfly 10. In the migration guide it says:
The setup of web service's endpoints and clients, through a Spring XML descriptor, driving a CXF bus creation, is no longer supported in WildFly.
Any application containing a jbossws-cxf.xml must migrate all functionality specified in such XML descriptor, mostly already supported by the JAX-WS specification, included in Java EE 7. It is still possible to rely on direct Apache CXF API usage, loosing the Java EE portability of the application, for instance when specific Apache CXF functionalities are needed. Please refer to the Apache CXF Integration document for further information.
My application has a jbossws-cxf.xml file with the following content:
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xsi:schemaLocation="http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd"> <bean id="propertyConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer" /> <!-- webservice i need to call --> <http:conduit name="https://webservice.com/webmethod" depends-on="propertyConfigurer"> <http:tlsClientParameters disableCNCheck="true"> <sec:keyManagers keyPassword="keypass"> <sec:keyStore type="JKS" password="keystorepassword" url="file://${jboss.server.config.dir}/keystore.jks" /> </sec:keyManagers> <sec:trustManagers> <sec:keyStore type="JKS" password="otherkeystorepassword" url="file://${jboss.server.config.dir}/truststore.jks" /> </sec:trustManagers> <sec:cipherSuitesFilter> <!-- these filters ensure that a ciphersuite with export-suitable or null encryption is used, but exclude anonymous Diffie-Hellman key change as this is vulnerable to man-in-the-middle attacks --> <sec:include>.*_AES_.*</sec:include> <sec:include>.*_EXPORT_.*</sec:include> <sec:include>.*_EXPORT1024_.*</sec:include> <sec:include>.*_WITH_DES_.*</sec:include> <sec:include>.*_WITH_NULL_.*</sec:include> <sec:include>SSL_RSA_WITH_3DES_EDE_CBC_SHA</sec:include> <sec:exclude>.*_DH_anon_.*</sec:exclude> </sec:cipherSuitesFilter> </http:tlsClientParameters> <http:client AutoRedirect="true" Connection="Keep-Alive" /> </http:conduit> <jaxws:client name="webserviceClient" serviceClass="my.package.ClientService" address="https://webservice.com/webmethod/"> <jaxws:outInterceptors> <bean class="my.package.MyInterceptor" /> </jaxws:outInterceptors> </jaxws:client> <bean id="myClient" class="my.package.MyClient" scope="prototype"> <property name="clientServico"> <ref bean="webserviceClient" /> </property> </bean> </beans>
I'm having trouble finding examples to achieve the same goal using only JAX-WS spec.
I'd really appreciate it if you guys pointed me in the right direction.