ESB routes: https proxy ccxf

lucasperez1 · ‎2014-12-03

Hi,
I have defined a simple route with two cxf endpoints.
I intend to publish a http endpoint as https. My idea is to do a https proxy for a http (soap) service with as simple route.
endpoint 1 : https (soap)
endpoint 2 : http
When I try to run the route i always have this error.
Protocol mismatch for port 9002: engine's protocol is http, the url protocol is https
java.lang.RuntimeException: Protocol mismatch for port 9002: engine's protocol is http, the url protocol is https
at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.finalizeConfig(JettyHTTPDestination.java:162)
at org.apache.cxf.transport.http.HTTPTransportFactory.getDestination(HTTPTransportFactory.java:308)
at org.apache.cxf.binding.soap.SoapTransportFactory.getDestination(SoapTransportFactory.java:142)
at org.apache.cxf.endpoint.ServerImpl.initDestination(ServerImpl.java:83)
at org.apache.cxf.endpoint.ServerImpl.<init>(ServerImpl.java:62)
at org.apache.cxf.frontend.ServerFactoryBean.create(ServerFactoryBean.java:160)
at org.apache.camel.component.cxf.CxfConsumer.<init>(CxfConsumer.java:259)
at org.apache.camel.component.cxf.CxfEndpoint.createConsumer(CxfEndpoint.java:209)
at org.apache.camel.impl.EventDrivenConsumerRoute.addServices(EventDrivenConsumerRoute.java:65)
at org.apache.camel.impl.DefaultRoute.onStartingServices(DefaultRoute.java:80)
What did I understand wrong? Is there a way to force the engine to do https?
Thank you for any help or idea.

I am using Talend Open Studio for ESB 5.5.0

Anonymous · ‎2014-12-04

For standalone HTTPS service configuration Jetty server should be configured like

<?xml version="1.0" encoding="UTF-8"?>
<!--Used to inject external resources, beans or define more CamelContext and RouteBuilder here-->
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:camel="http://camel.apache.org/schema/spring"
	xmlns:context="http://www.springframework.org/schema/context"
	xmlns:http="http://cxf.apache.org/transports/http/configuration"
	xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
	xmlns:sec="http://cxf.apache.org/configuration/security"
	xsi:schemaLocation="
		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
		http://camel.apache.org/schema/spring http://camel.apache.org/schema/spring/camel-spring.xsd
		http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
		http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
		http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd
	">
<import resource="classpath:META-INF/cxf/cxf.xml"/>
	   <bean id="jmxEventNotifier" class="org.apache.camel.management.JmxNotificationEventNotifier">
	   			<property name="source" value="ServiceProxy"/>
	   			<property name="ignoreCamelContextEvents" value="true"/>
	   			<property name="ignoreRouteEvents" value="true"/>
	   			<property name="ignoreServiceEvents" value="true"/>
	   <property name="ignoreExchangeEvents" value="true"/></bean>
  <http:destination name="{http://www.talend.org/service/}DemoServicePort">    
  </http:destination>
   
  <httpj:engine-factory bus="cxf">
  <!-- you just need to specify the TLS Server configuration for the certain port -->
    <httpj:engine port="8060">
      <httpj:tlsServerParameters>
        <sec:keyManagers keyPassword="password">
          <sec:keyStore type="JKS" password="password" 
                        file="d:/Talend-Runtime-V5.6.1/etc/keystores/keystore.jks"/>
        </sec:keyManagers>
        <sec:trustManagers>
          <sec:keyStore type="JKS" password="password"
                        file="d:/Talend-Runtime-V5.6.1/etc/keystores/keystore.jks"/>
        </sec:trustManagers>
        <sec:cipherSuitesFilter>
          <!-- these filters ensure that a ciphersuite with
               export-suitable or null encryption is used,
               but exclude anonymous Diffie-Hellman key change as
               this is vulnerable to man-in-the-middle attacks -->
          <sec:include>.*_EXPORT_.*</sec:include>
          <sec:include>.*_EXPORT1024_.*</sec:include>
          <sec:include>.*_WITH_DES_.*</sec:include>
          <sec:include>.*_WITH_AES_.*</sec:include>
          <sec:include>.*_WITH_NULL_.*</sec:include>
          <sec:exclude>.*_DH_anon_.*</sec:exclude>
        </sec:cipherSuitesFilter>
        <!--sec:clientAuthentication want="true" required="true"/-->
      </httpj:tlsServerParameters>
    </httpj:engine>
  </httpj:engine-factory>
</beans>

Details http://cxf.apache.org/docs/jetty-configuration.html

Anonymous · ‎2014-12-04

You can also use a relative path so when you deploy to the ESB Runtime (Karaf) it will use the ports provided by the container. There you can configure keystores and https port in the etc/ config files.

lucasperez1 · ‎2014-12-04

Thank you for the response. It helped a lot.
Does that mean that i need to put something like this in the Address field of the cCXF component?
" { http://www.talend.org/service/ }DemoServicePort"
I actually configured the keystore in the /etc/org.ops4j.pax.web.cfg file

Anonymous · ‎2017-01-10

Hi Lucas,
Could you please share your solution for this post. I am facing same issue here. My end point is HTTPS, but job fails with "engine's protocol is http, the url protocol is https". Thanks

Other

v5.x