Five Stars

ESB routes: https proxy ccxf

Hi,
I have defined a simple route with two cxf endpoints. 
I intend to publish a http endpoint as https. My idea is to do a https proxy for a http (soap) service with as simple route.
endpoint 1 : https (soap)
endpoint 2 : http
When I try to run the route i always have this  error.
Protocol mismatch for port 9002: engine's protocol is http, the url protocol is https
java.lang.RuntimeException: Protocol mismatch for port 9002: engine's protocol is http, the url protocol is https
at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.finalizeConfig(JettyHTTPDestination.java:162)
at org.apache.cxf.transport.http.HTTPTransportFactory.getDestination(HTTPTransportFactory.java:308)
at org.apache.cxf.binding.soap.SoapTransportFactory.getDestination(SoapTransportFactory.java:142)
at org.apache.cxf.endpoint.ServerImpl.initDestination(ServerImpl.java:83)
at org.apache.cxf.endpoint.ServerImpl.<init>(ServerImpl.java:62)
at org.apache.cxf.frontend.ServerFactoryBean.create(ServerFactoryBean.java:160)
at org.apache.camel.component.cxf.CxfConsumer.<init>(CxfConsumer.java:259)
at org.apache.camel.component.cxf.CxfEndpoint.createConsumer(CxfEndpoint.java:209)
at org.apache.camel.impl.EventDrivenConsumerRoute.addServices(EventDrivenConsumerRoute.java:65)
at org.apache.camel.impl.DefaultRoute.onStartingServices(DefaultRoute.java:80)
What did I understand wrong? Is there a way to force the engine to do https?
Thank you for any help or idea.

I am using Talend Open Studio for ESB 5.5.0
4 REPLIES
One Star

Re: ESB routes: https proxy ccxf

For standalone HTTPS service configuration Jetty server should be configured like

<?xml version="1.0" encoding="UTF-8"?>
<!--Used to inject external resources, beans or define more CamelContext and RouteBuilder here-->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:camel="http://camel.apache.org/schema/spring"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:http="http://cxf.apache.org/transports/http/configuration"
xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
xmlns:sec="http://cxf.apache.org/configuration/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://camel.apache.org/schema/spring http://camel.apache.org/schema/spring/camel-spring.xsd
http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd
">
<import resource="classpath:META-INF/cxf/cxf.xml"/>
  <bean id="jmxEventNotifier" class="org.apache.camel.management.JmxNotificationEventNotifier">
  <property name="source" value="ServiceProxy"/>
  <property name="ignoreCamelContextEvents" value="true"/>
  <property name="ignoreRouteEvents" value="true"/>
  <property name="ignoreServiceEvents" value="true"/>
  <property name="ignoreExchangeEvents" value="true"/></bean>
 <http:destination name="{http://www.talend.org/service/}DemoServicePort">    
 </http:destination>
 
 <httpj:engine-factory bus="cxf">
 <!-- you just need to specify the TLS Server configuration for the certain port -->
   <httpj:engine port="8060">
     <httpj:tlsServerParameters>
       <sec:keyManagers keyPassword="password">
         <sec:keyStore type="JKS" password="password"
                       file="d:/Talend-Runtime-V5.6.1/etc/keystores/keystore.jks"/>
       </sec:keyManagers>
       <sec:trustManagers>
         <sec:keyStore type="JKS" password="password"
                       file="d:/Talend-Runtime-V5.6.1/etc/keystores/keystore.jks"/>
       </sec:trustManagers>
       <sec:cipherSuitesFilter>
         <!-- these filters ensure that a ciphersuite with
              export-suitable or null encryption is used,
              but exclude anonymous Diffie-Hellman key change as
              this is vulnerable to man-in-the-middle attacks -->
         <sec:include>.*_EXPORT_.*</sec:include>
         <sec:include>.*_EXPORT1024_.*</sec:include>
         <sec:include>.*_WITH_DES_.*</sec:include>
         <sec:include>.*_WITH_AES_.*</sec:include>
         <sec:include>.*_WITH_NULL_.*</sec:include>
         <sec:exclude>.*_DH_anon_.*</sec:exclude>
       </sec:cipherSuitesFilter>
       <!--sec:clientAuthentication want="true" required="true"/-->
     </httpj:tlsServerParameters>
   </httpj:engine>
 </httpj:engine-factory>
</beans>

Details http://cxf.apache.org/docs/jetty-configuration.html
Employee

Re: ESB routes: https proxy ccxf

You can also use a relative path so when you deploy to the ESB Runtime (Karaf) it will use the ports provided by the container.  There you can configure keystores and https port in the etc/ config files.
Five Stars

Re: ESB routes: https proxy ccxf

Thank you for the response. It helped a lot.
Does that mean that i need to put something like this in the Address field of the cCXF component?
"http://www.talend.org/service/ }DemoServicePort
I actually configured the keystore in the /etc/org.ops4j.pax.web.cfg file
One Star

Re: ESB routes: https proxy ccxf

Hi Lucas,
Could you please share your solution for this post. I am facing same issue here. My end point is HTTPS, but job fails with "engine's protocol is http, the url protocol is https". Thanks