Grails-cxf 中通过 SSL 的 Web 服务？

发布于 2024-12-07 07:36:57 字数 1127 浏览 1 评论 0原文

我需要通过 HTTPS 提供特定的 CXF Web 服务（我还有其他几个需要通过纯 HTTP 工作）。在 SecurityConfig.groovy 中，我设置：

httpsPort = 8443

并尝试了

secureChannelDefinitionSource = '''
   CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
   PATTERN_TYPE_APACHE_ANT
   /services/doodah/**=REQUIRES_SECURE_CHANNEL
   /**=REQUIRES_INSECURE_CHANNEL
'''

和

channelConfig = [ secure: ['/services/productid/**'], insecure: '/' ]

服务在 8080 处停止响应 http 协议，但似乎不在 https:8443 上 - 至少，到 8443 的 telnet 连接失败。

如果我使用 grails run-app -https 运行应用程序，则所有应用程序都通过 https 运行。

要将 http 与 https 服务分开，我可能需要这样做： "使用 Grails 自动进行 http/httpS 切换"，但现在我至少希望在两个不同的端口上运行不同的服务。

我应该遵循哪些步骤才能让一项服务仅通过 HTTPS 运行？
看起来 SSL 还需要在战争中发挥作用，就像这个问题一样：SSL，Tomcat和 Grails？

我的环境是：Grails 1.3.5、acegi-security 0.5.3（我知道它已经过时了）、Tomcat 6。

原文

I need to serve a specific CXF web service over HTTPS (I have several others that need to work over plain HTTP). In SecurityConfig.groovy, I set:

httpsPort = 8443

and tried both of

secureChannelDefinitionSource = '''
   CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
   PATTERN_TYPE_APACHE_ANT
   /services/doodah/**=REQUIRES_SECURE_CHANNEL
   /**=REQUIRES_INSECURE_CHANNEL
'''

and

channelConfig = [ secure: ['/services/productid/**'], insecure: '/' ]

The service stops responding to http protocol at 8080, but doesn't appear to be on https:8443 - at least, telnet connection to 8443 fails.

If I run the app with grails run-app -https, all the application works over https.

To separate http from https services, I'll probably need to do this: "Automatic http/httpS switching with Grails", but for now I'd like at least to get different services running on two different ports.

What steps should I follow to have one service working over HTTPS only?
Looks like there is something else SSL need to work in war, like in this quesion: SSL, Tomcat and Grails?

My environment is: Grails 1.3.5, acegi-security 0.5.3 (I know it's outdated), Tomcat 6.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

吐个泡泡 2024-12-14 07:36:57

如果我错了，请纠正我。

SecurityConfig.groovy 中的两个选项都可以工作。

在独立的 Tomcat 中，无法以编程方式启用 SSL 连接器，必须在全局服务器配置 (server.xml) 中启用它：SSL、Tomcat 和 Grails。

对于run-app，我添加了带有eventConfigureTomcat钩子的scripts/_Events.groovy，并在Tomcat插件中复制了一段TomcatServer.groovy：

eventConfigureTomcat = { Tomcat tomcat ->
    keystore = "./some-keystore"
    keystoreFile = new File(keystore)
    keyPassword = "123456"
    System.setProperty('org.mortbay.xml.XmlParser.NotValidating', 'true')

    if (!(keystoreFile.exists())) {
        createSSLCertificate(keystore, keyPassword, keystoreFile)
    }

    def httpsPort = 8443 // TODO: Take from SecurityConfig.groovy

    Connector sslConnector = loadInstance(
        tomcat, 'org.apache.catalina.connector.Connector')
    sslConnector.scheme = "https"
    sslConnector.secure = true
    sslConnector.port = httpsPort
    sslConnector.setProperty("SSLEnabled", "true")
    sslConnector.setAttribute("keystore", keystore)
    sslConnector.setAttribute("keystorePass", keyPassword)
    sslConnector.URIEncoding = 'UTF-8'
    tomcat.service.addConnector sslConnector
}

我不必执行协议switch 技巧，Grails 为我正确地在 http 和 https 之间重定向。

Please correct me if I'm wrong.

Both options in SecurityConfig.groovy do work.

In a standalone Tomcat, there's no way to programmatically enable SSL Connector, one has to enable it in global server configuration (server.xml): SSL, Tomcat and Grails.

For run-app, I added scripts/_Events.groovy with a eventConfigureTomcat hook and copied a piece of TomcatServer.groovy in Tomcat plugin:

eventConfigureTomcat = { Tomcat tomcat ->
    keystore = "./some-keystore"
    keystoreFile = new File(keystore)
    keyPassword = "123456"
    System.setProperty('org.mortbay.xml.XmlParser.NotValidating', 'true')

    if (!(keystoreFile.exists())) {
        createSSLCertificate(keystore, keyPassword, keystoreFile)
    }

    def httpsPort = 8443 // TODO: Take from SecurityConfig.groovy

    Connector sslConnector = loadInstance(
        tomcat, 'org.apache.catalina.connector.Connector')
    sslConnector.scheme = "https"
    sslConnector.secure = true
    sslConnector.port = httpsPort
    sslConnector.setProperty("SSLEnabled", "true")
    sslConnector.setAttribute("keystore", keystore)
    sslConnector.setAttribute("keystorePass", keyPassword)
    sslConnector.URIEncoding = 'UTF-8'
    tomcat.service.addConnector sslConnector
}

I don't have to do protocol switch trick, Grails correctly redirects between http and https for me.

回复收藏 0 原文

~没有更多了~