当前位置: 文江博客话题详情

如何在 OSGi 容器中使用 JAX-WS 通过 HTTPS 发布 Web 服务?

发布于 2024-11-18 00:05:38 字数 515 浏览 2 评论 0原文

使用 Java,可以轻松地通过 HTTPS 使用 Web 服务,但如何发布 Web 服务呢?

标准 JAX-WS 实现不支持它。我们尝试了 Jetty,但 Jetty 也不支持 HTTPS 上的 Web 服务(JettyHttpServerProvidercreateHttpsServer() 抛出 UnsupportedOperatonException)。我想这个问题应该很简单。但不知何故,我总是碰壁。

此外,这必须与 OSGi 一起使用,因此我希望大多数或所有依赖项都可以作为捆绑包提供。目前,我尝试运行 CXF,但它有很多非 OSGi 依赖项,这使得部署非常困难。

我们还需要通过证书进行客户端身份验证,但我希望一旦启用 HTTPS,这将相对容易。

为什么这有这么大的事?例如,要使用 Jetty 提供静态内容,您所需要做的就是创建一个服务器,添加任何 SSL 连接器,然后就完成了。为什么 Web 服务就不能那么容易呢?

原文

With Java it is easy to consume a Web Service over HTTPS but how do you publish one?

The standard JAX-WS implementation doesn't support it. We tried Jetty but Jetty does not have support for Web Services over HTTPS either (JettyHttpServerProvider's createHttpsServer() throws an UnsupportedOperatonException). I think this problem should be really easy. But somehow I always run against walls.

Additionally this has to work with OSGi so I'd prefer if most or all dependencies are available as bundles. Currently I try to get CXF running but it has a lot of non-OSGi dependencies which makes deployment very hard.

We also need client authentication via certificates but my hope is this will be relatively easy once HTTPS is enabled.

Why is this such a big deal? For example to provide static content with Jetty, all you need to do is create a server, add any SSL connector and you're done. Why can't it be that easy for Web Services?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

没有伤那来痛 2024-11-25 00:05:38

我们的系统在OSGi中使用cxf和jetty,并且它与HTTPS一起工作得很好。

当您将服务发布到 WebService 时,您不应该关心它是 HTTP 还是 HTTPS。通过将以下属性传递给 OSGi,将您的 jetty 配置为支持 HTTPS:

org.eclipse.equinox.http.jetty.http.enabled=false
org.eclipse.equinox.http.jetty.https.enabled=true
org.eclipse.equinox.http.jetty.https.port=443
org.eclipse.equinox.http.jetty.ssl.keystore=...
org.eclipse.equinox.http.jetty.ssl.password=...

您可以在中查看其他属性

org.eclipse.equinox.http.jetty_2.0.0.v20100503.jar\OSGI-INF\metatype\config.xml

通过执行此操作,您可以尝试使用 IE 通过 https 访问您的服务的 wsdl。

Our system uses cxf and jetty in OSGi, and it works fine with HTTPS.

When you publish your service to WebService, you should not concern it is HTTP or HTTPS. Configure your jetty to support HTTPS by passing the following properties to OSGi:

org.eclipse.equinox.http.jetty.http.enabled=false
org.eclipse.equinox.http.jetty.https.enabled=true
org.eclipse.equinox.http.jetty.https.port=443
org.eclipse.equinox.http.jetty.ssl.keystore=...
org.eclipse.equinox.http.jetty.ssl.password=...

You can check out the other properties in

org.eclipse.equinox.http.jetty_2.0.0.v20100503.jar\OSGI-INF\metatype\config.xml

By doing this, you can try to use IE to access the wsdl of your service through https.

回复 原文
东走西顾 2024-11-25 00:05:38

如果您使用的是spring,则可以使用以下配置。这篇关于 FuseSource 的文章很好地解释了配置所需的步骤。

<beans xmlns="http://www.springframework.org/schema/beans" 
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
  xmlns:sec="http://cxf.apache.org/configuration/security" 
  xmlns:http="http://cxf.apache.org/transports/http/configuration" 
  xmlns:httpj="http://cxf.apache.org/transports/http-
jetty/configuration" 
  xmlns:jaxws="http://java.sun.com/xml/ns/jaxws" 
  xsi:schemaLocation=" 
       http://cxf.apache.org/configuration/security       http: 
//cxf.apache.org/schemas/configuration/security.xsd 
            http://cxf.apache.org/transports/http/configuration
            http://cxf.apache.org/schemas/configuration/http-conf.xsd
            http://cxf.apache.org/transports/http-jetty/configuration
            http://cxf.apache.org/schemas/configuration/http-jetty.xsd
            http://www.springframework.org/schema/beans
            http://www.springframework.org/schema/beans/spring-beans-
2.0.xsd"> 


  <http:destination name="{http://package}AnInterfacePort.http- 
destination"> 
  </http:destination> 

  <httpj:engine-factory bus="cxf"> 
   <httpj:engine port="9001"> 
    <httpj:tlsServerParameters> 
      <sec:keyManagers keyPassword="password"> 
           <sec:keyStore type="JKS" password="password" 
                file="C:/certs/cherry.jks"/> 
      </sec:keyManagers> 
      <sec:trustManagers> 
          <sec:keyStore type="JKS" password="password" 
               file="C:/certs/truststore.jks"/> 
      </sec:trustManagers> 
      <sec:cipherSuitesFilter> 
        <!-- these filters ensure that a ciphersuite with 
          export-suitable or null encryption is used, 
          but exclude anonymous Diffie-Hellman key change as 
          this is vulnerable to man-in-the-middle attacks --> 
        <sec:include>.*_EXPORT_.*</sec:include> 
        <sec:include>.*_EXPORT1024_.*</sec:include> 
        <sec:include>.*_WITH_DES_.*</sec:include> 
        <sec:include>.*_WITH_NULL_.*</sec:include> 
        <sec:exclude>.*_DH_anon_.*</sec:exclude> 
      </sec:cipherSuitesFilter> 
      <sec:clientAuthentication want="true" required="true"/> 
    </httpj:tlsServerParameters> 
   </httpj:engine> 
  </httpj:engine-factory> 


  <!-- We need a bean named "cxf" --> 
  <bean id="cxf" class="org.apache.cxf.bus.CXFBusImpl"/> 
</beans>

If you are using spring, you could use the following configuration. This article on FuseSource gives a good explanation of steps needed for configuration.

<beans xmlns="http://www.springframework.org/schema/beans" 
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
  xmlns:sec="http://cxf.apache.org/configuration/security" 
  xmlns:http="http://cxf.apache.org/transports/http/configuration" 
  xmlns:httpj="http://cxf.apache.org/transports/http-
jetty/configuration" 
  xmlns:jaxws="http://java.sun.com/xml/ns/jaxws" 
  xsi:schemaLocation=" 
       http://cxf.apache.org/configuration/security       http: 
//cxf.apache.org/schemas/configuration/security.xsd 
            http://cxf.apache.org/transports/http/configuration
            http://cxf.apache.org/schemas/configuration/http-conf.xsd
            http://cxf.apache.org/transports/http-jetty/configuration
            http://cxf.apache.org/schemas/configuration/http-jetty.xsd
            http://www.springframework.org/schema/beans
            http://www.springframework.org/schema/beans/spring-beans-
2.0.xsd"> 


  <http:destination name="{http://package}AnInterfacePort.http- 
destination"> 
  </http:destination> 

  <httpj:engine-factory bus="cxf"> 
   <httpj:engine port="9001"> 
    <httpj:tlsServerParameters> 
      <sec:keyManagers keyPassword="password"> 
           <sec:keyStore type="JKS" password="password" 
                file="C:/certs/cherry.jks"/> 
      </sec:keyManagers> 
      <sec:trustManagers> 
          <sec:keyStore type="JKS" password="password" 
               file="C:/certs/truststore.jks"/> 
      </sec:trustManagers> 
      <sec:cipherSuitesFilter> 
        <!-- these filters ensure that a ciphersuite with 
          export-suitable or null encryption is used, 
          but exclude anonymous Diffie-Hellman key change as 
          this is vulnerable to man-in-the-middle attacks --> 
        <sec:include>.*_EXPORT_.*</sec:include> 
        <sec:include>.*_EXPORT1024_.*</sec:include> 
        <sec:include>.*_WITH_DES_.*</sec:include> 
        <sec:include>.*_WITH_NULL_.*</sec:include> 
        <sec:exclude>.*_DH_anon_.*</sec:exclude> 
      </sec:cipherSuitesFilter> 
      <sec:clientAuthentication want="true" required="true"/> 
    </httpj:tlsServerParameters> 
   </httpj:engine> 
  </httpj:engine-factory> 


  <!-- We need a bean named "cxf" --> 
  <bean id="cxf" class="org.apache.cxf.bus.CXFBusImpl"/> 
</beans>
回复 原文
~没有更多了~

关于作者

自控

暂无简介

0 文章
0 评论
24 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

胡图图

文章 0 评论 0

zt006

文章 0 评论 0

z祗昰~

文章 0 评论 0

冰葑

文章 0 评论 0

野の

文章 0 评论 0

天空

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文