[resolved] Example of https services in Talend ESB

aolmo · ‎2014-12-02

Hi,
I try to explain that i need.
I have this job:

This job url is http://{host ip}:8092/services/bwl
I need that this job can only allow to access in https url.
I need that this job only can access with windows certificate (.pfx and .cer files).
Or other type of certificates, but I need that only can be accessed with a client certificate.
Can you help me? I search in internet, but I don´t find the neccesary information about it.

Anonymous · ‎2014-12-04

For standalone HTTPS service configuration Jetty server should be configured like

<?xml version="1.0" encoding="UTF-8"?>
<!--Used to inject external resources, beans or define more CamelContext and RouteBuilder here-->
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:camel="http://camel.apache.org/schema/spring"
	xmlns:context="http://www.springframework.org/schema/context"
	xmlns:http="http://cxf.apache.org/transports/http/configuration"
	xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
	xmlns:sec="http://cxf.apache.org/configuration/security"
	xsi:schemaLocation="
		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
		http://camel.apache.org/schema/spring http://camel.apache.org/schema/spring/camel-spring.xsd
		http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
		http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
		http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd
	">
<import resource="classpath:META-INF/cxf/cxf.xml"/>

	   <bean id="jmxEventNotifier" class="org.apache.camel.management.JmxNotificationEventNotifier">
	   			<property name="source" value="ServiceProxy"/>
	   			<property name="ignoreCamelContextEvents" value="true"/>
	   			<property name="ignoreRouteEvents" value="true"/>
	   			<property name="ignoreServiceEvents" value="true"/>
	   <property name="ignoreExchangeEvents" value="true"/></bean>

  <http:destination name="{http://www.talend.org/service/}DemoServicePort">    
  </http:destination>
   
  <httpj:engine-factory bus="cxf">
  <!-- you just need to specify the TLS Server configuration for the certain port -->
    <httpj:engine port="8060">
      <httpj:tlsServerParameters>
        <sec:keyManagers keyPassword="password">
          <sec:keyStore type="JKS" password="password" 
                        file="d:/Talend-Runtime-V5.6.1/etc/keystores/keystore.jks"/>
        </sec:keyManagers>
        <sec:trustManagers>
          <sec:keyStore type="JKS" password="password"
                        file="d:/Talend-Runtime-V5.6.1/etc/keystores/keystore.jks"/>
        </sec:trustManagers>
        <sec:cipherSuitesFilter>
          <!-- these filters ensure that a ciphersuite with
               export-suitable or null encryption is used,
               but exclude anonymous Diffie-Hellman key change as
               this is vulnerable to man-in-the-middle attacks -->
          <sec:include>.*_EXPORT_.*</sec:include>
          <sec:include>.*_EXPORT1024_.*</sec:include>
          <sec:include>.*_WITH_DES_.*</sec:include>
          <sec:include>.*_WITH_AES_.*</sec:include>
          <sec:include>.*_WITH_NULL_.*</sec:include>
          <sec:exclude>.*_DH_anon_.*</sec:exclude>
        </sec:cipherSuitesFilter>
        <!--sec:clientAuthentication want="true" required="true"/-->
      </httpj:tlsServerParameters>
    </httpj:engine>
  </httpj:engine-factory>

</beans>

Details http://cxf.apache.org/docs/jetty-configuration.html

or

You can also use a relative path so when you deploy to the ESB Runtime (Karaf) it will use the ports provided by the container. There you can configure keystores and https port in the etc/ config files.

Other

v5.x