CXF Bus和STSClient如何处理SSL证书和代理?

时间:2016-10-08 06:29:55

标签: cxf

我使用 CXF 3.1.5,如何在发送时应用代理设置并信任或忽略 SSL证书请求?

我通过以下两种方式使用 CXF

  1. 使用 org.apache.cxf.bus 从IdP或SP获取WSDL定义bus.getExtension(WSDLManager.class).getDefinition()
  2. 使用 org.apache.cxf.ws.security.trust.STSClient 请求安全令牌。stsClient.requestSecurityToken()

    3. 我认为我需要使用代码进行配置而不是配置文件,因为我的调用者会向我发送有关代理和SSL证书的信息。

    非常感谢!

    经过进一步的研究,我找到了一些东西。 要解决第一个问题,请添加以下代码:
                ResourceManager extension = bus.getExtension(ResourceManager.class); extension.addResourceResolver(new ResourceResolver() { @Override public <T> T resolve(String resourceName, Class<T> resourceType) { return null; } @Override public InputStream getAsStream(String name) { if (!name.startsWith("https")) { return null; } org.apache.http.client.HttpClient httpClient = HttpUtils.createHttpClient(setting); HttpGet httpGet = new HttpGet(name); try { HttpResponse httpResponse = httpClient.execute(httpGet); return httpResponse.getEntity().getContent(); } catch (IOException e) { e.printStackTrace(); return null; } } });
    然后我可以得到WSDL定义,但我仍然不知道如何解决第二个问题,我试图使用HTTPConduit(HTTPConduit)stsClient.getClient().getConduit()),但是当调用{{ 1}},cxf将尝试加载那些导致以下异常的XML Schema:

    stsClient.getClient()

2 个答案:

答案 0 :(得分:1)

找到解决方案:
实现HTTPConduitFactory并将其放入总线 bus.setExtension(new MyHTTPConduitFactory(setting), HTTPConduitFactory.class)

在工厂类中:
@Override public HTTPConduit createConduit(HTTPTransportFactory f, Bus b, EndpointInfo localInfo, EndpointReferenceType target) throws IOException { return new MyHTTPConduit(settings, f, b, localInfo, target); }

MyHTTPConduit扩展URLConnectionHTTPConduit
处理SSL证书。

    TLSClientParameters parameters = new TLSClientParameters();

    parameters.setDisableCNCheck(settings.isTurnOffHostVerifier());

    if (settings.isIgnoreServerCertificate()) {
        parameters.setTrustManagers(new TrustManager[] { new TrustAllCertsTrustManager() });
    } else {
        TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        factory.init(settings.getTrustStore());
        parameters.setTrustManagers(factory.getTrustManagers());
    }

    this.setTlsClientParameters(parameters);

TrustAllCertsTrustManager类

private class TrustAllCertsTrustManager implements X509TrustManager {

    @Override
    public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {

    }

    @Override
    public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {

    }

    @Override
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }

}

处理代理。

        HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
        httpClientPolicy.setProxyServer(proxy.getHostName());
        httpClientPolicy.setProxyServerPort(proxy.getPort());

        this.setClient(httpClientPolicy);

答案 1 :(得分:0)

这里有一些例子:http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html

相关问题
最新问题