CXF simple frontend, allow all SSL certificates and set basic authentication credentials

CXF is a wonderful web services framework. It is mostly configured using spring, however, this falls short when trying to assure that all SSL certificates are accepted. In this case, programmatic configuration is needed.

In the case where I needed this, SSL was used only to assure that the communication is encrypted at the transport level. Though the server certificate is normally used to assure the that it cannot be replaced without being noticed, this was not our concern. Specifically, self signed certificates are used, and there is no guarantee that they will not be changed.

In CXF the configuration of the transport is done by the conduit. The following snippet indicates how this can be accessed for the simple frontend.

        ClientProxyFactoryBean factory = new ClientProxyFactoryBean();
        factory.setServiceClass( PingService.class );
        factory.setAddress( "https://localhost:8443/ca/pxws/1.0/ping" );
        PingService client = (PingService) factory.create();

        Client proxy = ClientProxy.getClient( client );
        HTTPConduit conduit = (HTTPConduit) proxy.getConduit();
        TLSClientParameters tcp = new TLSClientParameters();
        tcp.setTrustManagers( new TrustManager[]{ new TrustAllX509TrustManager() } );
        conduit.setTlsClientParameters( tcp );

Similarly, the conduit can also be used to set the credentials which may be needed when the service is secured using basic authentication (as can be configured in web.xml).

The full code for the test is


package example.ws10.test;

import example.ws10.PingService;
import junit.framework.TestCase;
import org.apache.cxf.configuration.jsse.TLSClientParameters;
import org.apache.cxf.configuration.security.AuthorizationPolicy;
import org.apache.cxf.endpoint.Client;
import org.apache.cxf.frontend.ClientProxy;
import org.apache.cxf.frontend.ClientProxyFactoryBean;
import org.apache.cxf.transport.http.HTTPConduit;
import org.equanda.util.security.SslUtil;

import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.cert.X509Certificate;

/**
 * Test the Ping service
 *
 * @author <a href="mailto:joachim@progs.be">Joachim Van der Auwera</a>
 */
public class PingTest
    extends TestCase
{
    public void testPingService()
        throws Exception
    {
        ClientProxyFactoryBean factory = new ClientProxyFactoryBean();
        factory.setServiceClass( PingService.class );
        factory.setAddress( "https://localhost:8443/ca/pxws/1.0/ping" );
        PingService client = (PingService) factory.create();
        Client proxy = ClientProxy.getClient( client );

        HTTPConduit conduit = (HTTPConduit) proxy.getConduit();
        TLSClientParameters tcp = new TLSClientParameters();
        tcp.setTrustManagers( new TrustManager[]{ new SslUtil.TrustAllX509TrustManager() } );
        conduit.setTlsClientParameters( tcp );
        AuthorizationPolicy auth = conduit.getAuthorization();
        if ( null == auth ) auth = new AuthorizationPolicy();
        auth.setUserName( "local" );
        auth.setPassword( "local" );

        String res = client.getPing();
        assertTrue( res.startsWith( "Ping back @" ) );
    }

    /**
     * This class allow any X509 certificates to be used to authenticate the remote side of a secure socket, including
     * self-signed certificates.
     */
    public static class TrustAllX509TrustManager
        implements X509TrustManager
    {

        /** Empty array of certificate authority certificates. */
        private static final X509Certificate[] acceptedIssuers = new X509Certificate[]{ };

        /**
         * Always trust for client SSL chain peer certificate chain with any authType authentication types.
         *
         * @param chain the peer certificate chain.
         * @param authType the authentication type based on the client certificate.
         */
        public void checkClientTrusted( X509Certificate[] chain, String authType )
        {}

        /**
         * Always trust for server SSL chain peer certificate chain with any authType exchange algorithm types.
         *
         * @param chain the peer certificate chain.
         * @param authType the key exchange algorithm used.
         */
        public void checkServerTrusted( X509Certificate[] chain, String authType )
        {}

        /**
         * Return an empty array of certificate authority certificates which are trusted for authenticating peers.
         *
         * @return a empty array of issuer certificates.
         */
        public X509Certificate[] getAcceptedIssuers()
        {
            return ( acceptedIssuers );
        }
    }
}
Consolidation debt loan personal unsecured
Unsecured credit card debt consolidation
Compare consolidation loan student
California equity home loan mortgage
Bad credit home loan score
Personal loan for college student
Bank personal loan for bad credit
Application california home loan mortgage
Personal loan
Sallie mae student loan
New york home loan
South carolina debt consolidation
Free debt consolidation company
Maryland debt consolidation loan
Va home loan
Card consolidation credit debt unsecured
Michigan debt consolidation
Equity georgia home loan rate
Consolidation debt fee free no
Consolidating private student loan
Ten dollar payday loan
Bad credit equity home loan no
Credit card depot and debt consolidation
Equity loan home improvement
Bad credit home loan washington
Bad credit personal loan uk
Mortgage calculator home loan refinance
Fixed home equity loan
Iowa student loan liquidity corporation
D ford loan student william
California equity home loan southern
Federal direct student loan consolidation
Debt consolidation affiliate program
California home loan veteran
1000 loan no payday telecheck
Home improvement loan hud
Citibank student loan consolidation
Best consolidation debt service
Debt consolidation loan without owning a home
Loan repayment student
No telecheck payday loan
Beneficial personal loan
Poor credit georgia home loan
Easy online payday loan
Personal debt consolidation loan uk
Bad credit debt consolidation mortgage
Student loan for people with bad credit
Home equity loan refinance credit
Va home loan interest rate
Online payday cash loan
Washington mutual bank home loan
North carolina home equity loan
Canada loan student
Debt consolidation help
Application loan online personal
Card debt consolidation
Student loan consolidation program
Current home interest loan rate
Bank federal finance home loan office
Consolidation credit debt loan
Advance cash loan military payday
Personal car loan
Bad colorado credit home loan
Loan mae sallie signature student
Card consolidation credit debt management
Citibank student loan
Card consolidation credit debt debt
Consolidation debt uk
Advance cash fast loan payday
Consolidation debt loan uk unsecured
Acs student loan consolidation
Advance cash loan payday
Broker consolidation debt lead mortgage
Kansas city home equity loan
New york mortgage home loan
Advice consolidation loan student
Card consolidation credit debt loan relief

Comments are closed.