I am trying to use JaxWsProxyFactoryBean to connect to a TLS1.2 https service using spring boot and java config through a proxy. I have been unable to find any samples, or information about how to configure this. Im using wsdl2java to build all of the objects that eventually get returned from JaxWsProxyFactoryBean. Any help would be greatly appreciated. What I currently have:
private <T> T cxfClient(String address, String user, String pass, Class<T> serviceClass) {
JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
factory.setAddress(address);
factory.setUsername(user);
factory.setPassword(pass);
return factory.create(serviceClass);
}
and
#Bean
public Client client() {
Client client = ClientProxy.getClient(lexisNexisClient());
HTTPConduit http = (HTTPConduit) client.getConduit();
http.getClient().setProxyServer("myproxy");
http.getClient().setProxyServerPort(myport);
http.getProxyAuthorization().setUserName("myuser");
http.getProxyAuthorization().setPassword("mypass");
return client;
}
I am currently getting an error:
Caused by: java.lang.NoSuchMethodError: org.apache.cxf.configuration.jsse.TLSClientParameters.getSslContext()Ljavax/net/ssl/SSLContext
Any help would be greatly appreciated.
Thanks,
Brian
Issue ended up being a dependency problem with CXF versions. Apparently the Ljavax/net/ssl/SSLContext means there is a dependency version conflict.
Thanks,
Brian
Related
I am building a spring boot application that runs on #websphere-liberty profile. I am using a Spring webclient for outbound connections. All good except that I am not able to specify liberty SSL context to the netty httpclient used by Spring Webclient.
Any help on how how to specify pre-configured libery ssl context to Netty httpclient is greatly appreciated.
IBM documentation says that I should use SSLSocketFactory.getDefault() to get liberty SSL context. But I don't see any way to pass this to Netty HttpClient.
Ref: [https://www.ibm.com/support/knowledgecenter/en/SSEQTP_liberty/com.ibm.websphere.wlp.doc/ae/twlp_sec_ssl.html]
This is what I tried, but it is not pointing to the SSL context configured by #Websphere-liberty. Instead, it seems to create a new one. Because of that, the trust/keystores are not available to the netty HttpClient and I get an error saying that the peer is not trusted.
#Bean
public WebClient createWebClient() throws SSLException {
JdkSslContext jdkSslContext = new
JdkSslContext(SSLContext.getInstance("SSL"),true,
null, IdentityCipherSuiteFilter.INSTANCE,null,ClientAuth.NONE,
null,false);
ClientHttpConnector httpConnector = HttpClient.create().secure { t -> t.sslContext(jdkSslContext) }
return WebClient.builder().clientConnector(httpConnector).build();
}
I am creating the bean of elastic client using the following code. It's creating the memory leakage. I am using the spring boot 2.0.1.RELEASE and elastic rest client 5.6.8.
#Bean
public Client client() throws UnknownHostException {
Settings esSettings = Settings.builder()
.put("cluster.name", esClusterName)
.build();
return new PreBuiltTransportClient(esSettings)
.addTransportAddress(new InetSocketTransportAddress(InetAddress.getByName(esHost), esPort));
}
This is well known problem.
https://github.com/elastic/elasticsearch/issues/26048
I think you have one way to solve it
You could switch to elastic java rest client. https://www.elastic.co/guide/en/elasticsearch/client/java-rest/current/index.html
Please check discussion here
https://discuss.elastic.co/t/are-there-memory-leaks-in-elasticsearchs-transportclient-5-4-3-or-is-my-code-flawed/91989
I am trying to connect my Spring Boot application to local elasticsearch 5.2.1 instance. When i use "org.springframework.boot:spring-boot-starter-data-elasticsearch" dependency, i face with "Received message from unsupported version: [2.0.0] minimal compatible version is: [5.0.0]". I think this is due to elasticsearch version is 2.4.4 in starter dependency. So to solve this error, i edit pom.xml properties by adding elasticsearch.version>5.2.1/elasticsearch.version> line. But this time i get
"java.lang.NoSuchMethodError: org.elasticsearch.client.transport.TransportClient.builder()"
To overcome this issue, i create custom config class like below:
#Configuration
public class ElasticsearchConfiguration {
#Bean
public Client client() throws UnknownHostException {
TransportClient client = new PreBuiltTransportClient(Settings.EMPTY)
.addTransportAddress(new InetSocketTransportAddress(InetAddress.getByName("localhost"), 9300));
return client;
}
#Bean
public ElasticsearchTemplate elasticsearchTemplate() throws UnknownHostException {
return new ElasticsearchTemplate(client());
}
}
This time i get apache.logging.log4j exceptions (check here) so i add necessary dependencies.
Finally i get below error and stucked there. Could anyone help me out with this?
nested exception is java.lang.NoClassDefFoundError:org/elasticsearch/action/count/CountRequestBuilder
The github page of spring-data-elasticsearch shows that it currently supports elasticsearch only up to version 2.4.0.
For now you have 3 options:
Wait and hope
checkout the pull request
checkout the dev branch 5.0.x-prep
You need to use Spring Boot 2. Check out my spring-boot-elasticsearch-5.x example.
You can use elasticsearch java api to create transport client instead of using spring-data-elasticsearch.
I tried the same and getting that error too for CountRequestBuilder, reason is that CountRequestBuilder class is deprecated and removed now from 5.x elastic search versions, that class is replaced by SearchRequestBuilder but unfortunately spring-data-elasticsearch don't provide this even in the latest release of its jar and that CountRequestBuilder is used in ElasticSearchTemplate.
I am also looking out for some solution. I will post if able to resolve.
I am trying to get familiar with Spring's Project Reactor (https://projectreactor.io/) and have built a small application to make REST calls to another service over SSL. I cannot find any way to configure the org.springframework.web.client.reactive.WebClient to make requests over SSL. There seems to be no documentation about this. I am using reactor-core 3.0.0.RC1 and reactor-netty 0.5.0.M3, and Spring Framework 5.0.0.M1. Does anyone know how to configure reactor-netty with SSL support?
Update 2017-01-04:
This was corrected in the 5.0.0.M4 release of Spring Framework with this patch.
Original Answer:
I discovered that the solution is to create a new ClientHttpConnector implementation that respects SSL.
public class ReactorClientHttpsAwareConnector implements ClientHttpConnector {
#Override
public Mono<ClientHttpResponse> connect(HttpMethod method, URI uri,
Function<? super ClientHttpRequest, Mono<Void>> requestCallback) {
return reactor.ipc.netty.http.HttpClient.create()
.request(io.netty.handler.codec.http.HttpMethod.valueOf(method.name()),
uri.toString(),
httpClientRequest -> requestCallback
.apply(new ReactorClientHttpRequest(method, uri, httpClientRequest)))
.cast(HttpInbound.class)
.otherwise(HttpException.class, exc -> Mono.just(exc.getChannel()))
.map(ReactorClientHttpResponse::new);
}
}
HttpClient.create() is required to make the client SSL-aware.
I am performing acceptance tests against REST services written using Jersey. In my services, I need to get the name of the user who successfully authenticated (BASIC) using:
#Context private SecurityContext securityContext; //at class level
String username = securityContext.getUserPrincipal().getName() //inside a resource
I am using the Jersey client API and running against the Grizzly server. I set up the server as follows:
public class BaseResourceTest extends JerseyTest {
public BaseResourceTest() throws Exception {
super(new WebAppDescriptor.Builder("net.tds.adm.na.batchcut")
.contextPath(baseUri.getPath())
.contextParam("contextConfigLocation","classpath:testContext.xml")
.initParam("com.sun.jersey.api.json.POJOMappingFeature",
"true").servletClass(SpringServlet.class)
.contextListenerClass(ContextLoaderListener.class)
.build());
}
.......
}
In my tests, I pass an authorization header as follows:
WebResource resource = resource().path(_url);
return resource.type(MediaType.APPLICATION_FORM_URLENCODED_TYPE).header(HttpHeaders.AUTHORIZATION, new String(Base64.encode("judge:smails"))).post(ClientResponse.class, _formData);
However, in my resources I get an NPE when trying to get the user name. I think I need to get the server to actively authenticate against a realm but I haven't found how to configure the server to do this. Has anybody had any experience with this?
Unfortunately Grizzly HttpServer doesn't support authentication at the moment.
But here you can find a simple example how to implement authentication using Jersey Filter.
http://simplapi.wordpress.com/2013/01/24/jersey-jax-rs-implements-a-http-basic-auth-decoder/