CXF与Camel - HTTPS

时间:2016-08-09 06:08:15

标签: ssl https apache-camel cxf

我正在尝试实现一个模块,使用HTTPS将消息从CXF客户端发送到服务器(SOAP端点)。我可以按照以下指南来实现这一目标:https://camel.apache.org/how-to-switch-the-cxf-consumer-between-http-and-https-without-touching-the-spring-configuration.html

以下配置是关键:

<ctx:property-placeholder location="classpath:orderEntry.cfg" />
<!-- other properties -->
<http:conduit name="{http://www.company.com/product/orderEntry/service/1}OrderEntry.http-conduit">
    <http:tlsClientParameters disableCNCheck="true">
      <sec:trustManagers>
        <sec:keyStore type="JKS" password="${trustStore.password}" file="${trustStore.file}"/>
      </sec:trustManagers>
      <!-- other config -->
    </http:tlsClientParameters>
</http:conduit>

以上配置是指存储了以下属性的配置文件:

orderEntry.cfg
--------------
endpointUri=https://localhost:8181/OrderEntry
trustStore.password=password
trustStore.file=etc/myApp.ts

如前所述,当我按照指南操作时,我可以通过https发送消息。

但是我担心密码以明文形式存储在这里。有没有办法让我可以从Java代码(可能从加密源读取密码)连接密码,并在需要时将其提供给http管道?

1 个答案:

答案 0 :(得分:1)

您是否尝试使用file前缀的位置属性值?

E.g。 location="file:/my/custom/location/orderEntry.cfg"

请参阅:https://stackoverflow.com/a/17303537

更新: 如果它适用于您的自定义bean,您可以尝试将信任管理器创建为bean并将其注入管道配置,如下所示:

blueprint.xml 

<bean id="serviceTrustManager"
      class="my.app.security.KeyStores" factory-method="loadTrustManagers">
    <argument index="0" value="${my.app.service.trustStorePath}"/>
    <argument index="1" value="${my.app.service.trustStoreEncryptedPassword}"/>
</bean>
<http:conduit name="{http://www.company.com/product/orderEntry/service/1}OrderEntry.http-conduit">
    <http:tlsClientParameters disableCNCheck="true">
        <sec:trustManagers ref="serviceTrustManager"/>
    </http:tlsClientParameters>
</http:conduit>

Java代码:

public class KeyStores {
    public static TrustManager[] loadTrustManagers(String trustStorePath, String trustStoreEncryptedPassword) {
        String trustStoreDecryptedPassword = PasswordDescriptor.decryptPassword(trustStoreEncryptedPassword); //Password decryption logic here
        KeyStore trustStore = KeyStores.loadKeyStore("JKS", trustStorePath, trustStoreDecryptedPassword); //IO logic here
        TrustManagerFactory trustFactory;
        try {
            trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustFactory.init(trustStore);
        } catch (NoSuchAlgorithmException | KeyStoreException ex) {
            throw new IllegalStateException(ex);
        }
        return trustFactory.getTrustManagers();
    }
}
相关问题
最新问题