One Star

Secure CXF web service with 2way SSL

I've deployed a CXF web service into the Talend ESB container and I can access this service over SSL without any problems.
One of our clients wishes to secure this web service by using 2way SSL.
Is there a way to define (on container level) a separate keystore / truststore per CXF web service?
I've been looking at chapter, but I am not sure if this is SSL configuration used to access to service or for the service to access 3rd party web services over SSL?
What I would like is to deploy a number of CXF web services and assign each of them a private keystore / truststore so I can define per web service trusted web service consumers.
Thanks in advance,
One Star

Re: Secure CXF web service with 2way SSL

I misread the question please disregard this post
One Star

Re: Secure CXF web service with 2way SSL

Hi Robin,
CXF is an framework, therefore you have the common configuration for services.
just an idea - what about do the authentication based on the client certificate (using a common keystore / truststore) and than do the role based authorization based on the assigned roles?
1. use Jetty:
define jetty.xml in your org.ops4j.pax.web.cfg file
then add a new SSL listener (on a different port) for client authenticated SSL
2. we never exposed ESB outside directly, there was always a kind of proxy/load balancer/... doing SSL offloading
3. now came to my mind - you can check the client certificate on the CXF HTTP conduit, however I've never done it on the server side
Spring http conduit configuration
optional settings to ensure client side security
that the client connects to the right web service endpoint

Best regards
One Star

Re: Secure CXF web service with 2way SSL

Thanks Gabriel for your answer anyway, gave me some new ideas to solve this issue.