我有两个骡子应用程序。我叫它APP1,APP2。 APP1和APP2使用客户端证书身份验证使用一些soap Web服务(不同)。
总而言之,您似乎无法在使用客户端证书身份验证的同一服务器上拥有两个应用, 因为只有jvm上的写变量。问题是这些应用程序不应该写 在jvm变量中拥有证书信息。
这里有运行时的jvm配置
root@icef-servizi-1 apps.deploy]# /opt/java/bin/jinfo -sysprops 23598 | grep ssl
Attaching to process ID 23598, please wait...
Debugger attached successfully.
Server compiler detected.
JVM version is 23.21-b01
javax.net.ssl.trustStorePassword = xxxxxxxxxxx
javax.net.ssl.trustManagerAlgorithm = SunX509
javax.net.ssl.keyStore = /opt/mule-standalone-3.4.0/apps/ESB_ICEFCud/classes/keystore/client-p.icef-to-wsfis.intra.infotn.it.jks
javax.net.ssl.trustStoreType = jks
java.protocol.handler.pkgs = com.sun.net.ssl.internal.www.protocol|org.apache.axis.transport|
com.sun.net.ssl.enableECC = false
javax.net.ssl.keyStoreType = jks
javax.net.ssl.trustStore = /opt/mule-standalone-3.4.0/apps/ESB_ICEFCud/classes/keystore/client-p.icef-to-wsfis.intra.infotn.it.jks
javax.net.ssl.keyStorePassword = xxxxxxxxxxx
任何想法/解决方法?这是APPA,APPB的配置
APPA
<https:connector name="Https_Pi3_InfoTn" cookieSpec="netscape"
validateConnections="true" sendBufferSize="0" receiveBufferSize="0"
receiveBacklog="0" clientSoTimeout="${ws.https.connector.client.timeout}"
serverSoTimeout="${ws.https.connector.server.timeout}" socketSoLinger="0"
doc:name="HTTP\HTTPS" enableCookies="false">
<service-overrides sessionHandler="org.mule.session.NullSessionHandler" />
<https:tls-client path="${ws.https.certificate.file}" storePassword="${ws.https.certificate.password}" />
<https:tls-key-store path="${ws.https.certificate.file}" keyPassword="${ws.https.certificate.password}" storePassword="${ws.https.certificate.password}" />
<https:tls-server path="${ws.https.certificate.file}" storePassword="${ws.https.certificate.password}" />
</https:connector>
<sub-flow name="GetActiveClassificationScheme_WS" doc:name="GetActiveClassificationScheme_WS">
<cxf:jaxws-client operation="GetActiveClassificationScheme"
clientClass="com.nttdata._2012.pi3.ClassificationSchemes" port="BasicHttpBinding_IClassificationSchemes"
wsdlLocation="https://${ws.host}:${ws.port}/${ws.path.classificationschemes}"
doc:name="Prepare messaggio SOAP2">
</cxf:jaxws-client>
<https:outbound-endpoint exchange-pattern="request-response"
doc:name="Chiama WS" connector-ref="Https_Pi3_InfoTn" method="POST"
host="${ws.host}" path="${ws.path.router}" port="${ws.port}"
responseTimeout="${ws.https.connector.response.timeout}" />
</sub-flow>
APPB
<https:connector name="Https_Cud_InfoTn" enableCookies="true" cookieSpec="netscape"
validateConnections="true" sendBufferSize="0"
receiveBufferSize="0" receiveBacklog="0"
clientSoTimeout="${ws.https.connector.client.timeout}" serverSoTimeout="${ws.https.connector.server.timeout}"
socketSoLinger="0" doc:name="HTTP\HTTPS">
<https:tls-client path="${ws.https.certificate.file}" storePassword="${ws.https.certificate.password}"/>
<https:tls-key-store path="${ws.https.certificate.file}" keyPassword="${ws.https.certificate.password}" storePassword="${ws.https.certificate.password}"/>
<https:tls-server path="${ws.https.certificate.file}" storePassword="${ws.https.certificate.password}"/>
</https:connector>
<sub-flow name="RichiestaRiferimCud_WS" doc:name="RichiestaRiferimCud_WS">
<cxf:jaxws-client operation="CercaRiferimentiCud" clientClass="infotn._2008.richiestacud.FISServiceServiceagent" port="CudServiceEndpoint1" wsdlLocation="https://${ws.host}:${ws.port}/${ws.path.wsdl}?wsdl" doc:name="Prepare messaggio SOAP2"/>
<https:outbound-endpoint exchange-pattern="request-response" host="${ws.host}" port="${ws.port}" path="${ws.path.cud}" method="POST" responseTimeout="${ws.https.connector.response.timeout}" connector-ref="Https_Cud_InfoTn" doc:name="Chiama WS"/>
</sub-flow>
答案 0 :(得分:2)
明确定义两个应用程序的HTTPS连接器的密钥库和信任库,即使它们使用的是Java的cacerts。
这仍将覆盖SSL的系统属性,但它将为每个应用程序使用不同的SSL上下文。