Question

我们在本地运行的CXF Web服务可通过HTTPS TLS / SSL访问。我们希望使用Mule的＆lt; pattern：web-service-proxy＆gt;在外部公开这些服务。我们的问题是，＆lt; pattern：web-service-proxy＆gt;配置为使用HTTPS？

我们已使用＆lt; pattern：web-service-proxy＆gt;成功通过HTTP代理这些服务。但是，当我们将web-service-proxy的inboundAddress和outboundAddress属性（下面）从HTTP URL更改为HTTPS URL时，我们收到错误：“所需的对象/属性”tls-key-store“为null”。

这有效：

<pattern:web-service-proxy name="unsecure_ws_proxy"
    inboundAddress="http://localhost:80/services/service_common_name"
    outboundAddress="http://localhost:8080/app_name/proxied_service_name" 
/>

这不起作用（产生“所需的对象/属性”tls-key-store“为null”）：

<pattern:web-service-proxy name="secure_ws_proxy"
    inboundAddress="https://localhost:443/services/service_common_name"
    outboundAddress="https://localhost:8443/app_name/proxied_service_name" 
/>

我们已经定义了＆lt; tls：context name =“TLS_Context”＆gt;并假设我们可以获得＆lt; pattern：web-service-proxy＆gt;使用它然后代理应该工作。

这个假设是否正确，如果是这样，我们如何告诉＆lt; pattern：web-service-proxy＆gt;使用我们定义的TLS_Context？如果我们的假设是错误的，那么Mule中最简单的方法是什么来定义什么本质上是使用HTTPS协议的CXF SOAP Web服务的pass-thru代理？

编辑：

我们正在使用Mule v.3.6.0。

为了完整性，我们的TLS_Context（我们还不知道如何与模式相关联：web-service-proxy，如果这甚至是答案）：

<tls:context name="TLS_Context" doc:name="TLS Context">
    <tls:trust-store path="${ssl.truststore.path}" password="${ssl.truststore.password}"/>
    <tls:key-store path="${ssl.keystore.path}" password="${ssl.keystore.password}" keyPassword="${ssl.keystore.password}"/>
</tls:context>

解答：

这是完整的解决方案，基于David的接受回应。不需要TLS_Context。谢谢大卫：

<?xml version="1.0" encoding="UTF-8"?>
<mule 
    xmlns="http://www.mulesoft.org/schema/mule/core" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:http="http://www.mulesoft.org/schema/mule/http" 
    xmlns:script="http://www.mulesoft.org/schema/mule/scripting"
    xmlns:spring="http://www.springframework.org/schema/beans" 
    xmlns:pattern="http://www.mulesoft.org/schema/mule/pattern"
    xmlns:https="http://www.mulesoft.org/schema/mule/https"
    xsi:schemaLocation="
       http://www.mulesoft.org/schema/mule/core 
       http://www.mulesoft.org/schema/mule/core/current/mule.xsd
       http://www.mulesoft.org/schema/mule/http 
       http://www.mulesoft.org/schema/mule/http/current/mule-http.xsd
       http://www.mulesoft.org/schema/mule/pattern 
       http://www.mulesoft.org/schema/mule/pattern/current/mule-pattern.xsd
       http://www.mulesoft.org/schema/mule/scripting 
       http://www.mulesoft.org/schema/mule/scripting/current/mule-scripting.xsd
       http://www.springframework.org/schema/beans 
       http://www.springframework.org/schema/beans/spring-beans-current.xsd
       http://www.mulesoft.org/schema/mule/https 
       http://www.mulesoft.org/schema/mule/https/3.0/mule-https.xsd">

    <https:connector name="httpsConnector">
        <!-- Not currently needed 
        <https:tls-client 
            path="${ssl.client.keystore.path}" 
            storePassword="${ssl.client.keystore.password}"/>     
        -->   
        <https:tls-key-store 
            path="${ssl.server.keystore.path}" 
            keyPassword="${ssl.server.keystore.password}" 
            storePassword="${ssl.server.keystore.password}"/>
        <https:tls-server 
            path="${ssl.server.truststore.path}" 
            storePassword="${ssl.server.truststore.password}"/>
    </https:connector>

    <!-- Pattern-based configuration was introduced in Mule v.3.2 to decrease "the amount of 
        noise in its configuration files". Configuration patterns are, by design, not  as 
        powerful as Mule FLows or Services. They have instead been designed for ease of use. 
        (http://www.mulesoft.org/documentation-3.2/display/32X/Understanding+Configuration+Patterns+Using+Mule) -->

    <!-- MULE PATTERN PROXIES -->
    <!-- HTTP -->
    <pattern:web-service-proxy name="http_ws_proxy"
        inboundAddress="http://localhost:80/services/service_common_name"
        outboundAddress="http://localhost:8080/app_name/proxied_service_name" 
    />
    <!-- HTTPS -->
    <pattern:web-service-proxy name="https_ws_proxy"
        inboundAddress="https://localhost:443/services/service_common_name"
        outboundAddress="https://localhost:8443/app_name/proxied_service_name" 
    />

</mule>

Answer 1

您需要使用相关的JKS配置配置HTTPS连接器。

示例：

<https:connector name="httpsConnector">
  <https:tls-key-store path="keystore.jks" keyPassword="<Your Password>"
         storePassword="<Your Password>"/>
</https:connector>

参考：http://www.mulesoft.org/documentation/display/current/HTTPS+Transport+Reference

Answer 2

当您的https连接器指向http网址时，可能会发生这种情况。您可以在xml中更改server / url，也可以在连接器中禁用https选项：

如何使用Mule的<pattern：web-service-proxy> </pattern：web-service-proxy>代理安全Web服务（HTTPS SSL / TLS）

2 个答案: