I have developed the dashboard in my application using flex 3.0. For this I have used JSP wrapper around the flex application. My application runs on JBoss application server. for communication between flex app and my application i am using LCDS. HTTPService component is being used to receive data from the server. Channel definitions are given in service-config.xml for amf and http channels and for both secure secure and not secure mode. In my proxy-config.xml i have defined Channels and destinations.
services-config.xml
...
...
<channel-definition id="my-amf" class="mx.messaging.channels.AMFChannel">
<endpoint url="http://{server.name}:{server.port}/{context.root}/messagebroker/amf" class="flex.messaging.endpoints.AMFEndpoint"/>
<properties>
<polling-enabled>false</polling-enabled>
</properties>
</channel-definition>
<channel-definition id="my-secure-amf" class="mx.messaging.channels.SecureAMFChannel">
<endpoint url="https://{server.name}:{server.port}/{context.root}/messagebroker/amfsecure" class="flex.messaging.endpoints.SecureAMFEndpoint"/>
<properties>
<add-no-cache-headers>false</add-no-cache-headers>
</properties>
</channel-definition>
<channel-definition id="my-http" class="mx.messaging.channels.HTTPChannel">
<endpoint url="http://{server.name}:{server.port}/{context.root}/messagebroker/http" class="flex.messaging.endpoints.HTTPEndpoint"/>
</channel-definition>
<channel-definition id="my-secure-http" class="mx.messaging.channels.SecureHTTPChannel">
<endpoint url="https://{server.name}:{server.port}/{context.root}/messagebroker/httpsecure" class="flex.messaging.endpoints.SecureHTTPEndpoint"/>
<properties>
<add-no-cache-headers>false</add-no-cache-headers>
</properties>
</channel-definition>
...
...
proxy-config.xml
...
...
<default-channels>
<channel ref="my-http"/>
<channel ref="my-amf"/>
<channel ref="my-secure-http"/>
<channel ref="my-secure-amf"/>
</default-channels>
...
...
<destination id="dashboardService">
<properties>
<url>/kr/servlet/DashboardServlet</url>
</properties>
</destination>
<destination id="dashboardJSPService">
<properties>
<url>/kr/krportal/dashboardJSPService.jsf</url>
</properties>
</destination>
...
...
In my development environment both secure and non secure mode were working fine. Now when I have deployed it behind the load balancer(which accepts secure requests only and if the request is not secure it redirects it to secure url) there is no response from the message broker servlet. One thing more I have observed is when the environment is non load balanced there are request like 'http://{server.name}:{server.port}/{context.root}/messagebroker/http'. and these requests are post request. But in load balanced environment with ssl the request is again like 'http://{server.name}:{server.port}/{context.root}/messagebroker/http' which is a post request and it is redirected to 'https://{server.name}:{server.port}/{context.root}/messagebroker/http' which is a get request. The content returned by this get request is null.
Looking for some comments
Thanks
This config file is used by both flex and lcds. Flex uses it to send messages to a specific endpoint and lcds uses this file to actually create the endpoints. You'll notice the at the end of the urls you see /amf, /amfsecure, /http, and /httpsecure. If your load balancer is redirecting a call like http://domain.com/app/messagebroker/amf to https://domain.com/app/messagebroker/amf it will fail because the ssl endpoint ends with /amfsecure.
Related
I am using spring boot application with appliaction.properties.
In the project there is XML file written by another company to configure Stomp, and there is hardcoded IP of the server, but I want to change those IP to take value from application.properties.
is there any way to do it?
application.properties
property.env=SLA
property.endpoint=http://172.1.1.139/router
tcmanager.xml
<tcmanager>
<channelbuilders>
<channelbuilder>
<class>com.company.tc.stomp.TcStompChannelBuilder</class>
<config>
<properties>
<property>brokerURL=[property.endpoint]</property> //this is the place
<property>login=login</property>
<property>passcode=pass</property>
</properties>
<in> [...] </in>
<out> [...]</out>
</config>
</channelbuilder>
</channelbuilders>
<processingbuilders>
<processingbuilder>
<class>com.company.tc.template.camel.MainProcessingBuilder</class>
<config>
<properties>
<property>p1=1</property>
</properties>
</config>
</processingbuilder>
</processingbuilders>
</tcmanager>
Maybe this question already has but I think there is a different situation.
I configure all required things from the web config file and install certificates.
I consume java web service in ASP.NET WEB API.
SOAP service was configured mutual authentication. (Two-way SSL)
I have 2 Keystore files. (client.jks and truststore.jks)
My full error: This could be due to the fact that the server certificate is
not configured properly with HTTP.SYS in the HTTPS case.
This could also be caused by a mismatch of the security binding between
the client and the server.'
WebConfig:
<customBinding>
<binding name="MyBinding">
<textMessageEncoding messageVersion="Soap11"/>
<security authenticationMode="MutualCertificate" enableUnsecuredResponse="true" allowSerializedSigningTokenOnReply="true"
messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
includeTimestamp="false">
</security>
<httpsTransport />
</binding>
</customBinding>
<endpoint behaviorConfiguration="ClientCredentialsBehavior" address="https://abc.bank.dm:9193/Money/Money" binding="customBinding" bindingConfiguration="MyBinding" contract="Ref.Port" name="Port">
<identity>
<dns value="test"/>
</identity>
</endpoint>
<behaviors>
<endpointBehaviors>
<behavior name="ClientCredentialsBehavior">
<clientCredentials>
<clientCertificate findValue="2d73n94087857dndyr874ydr"
storeLocation="CurrentUser"
storeName="My"
x509FindType="FindByThumbprint" />
<serviceCertificate>
<defaultCertificate findValue="d346n32d48938w43d943095d"
storeLocation="CurrentUser"
storeName="TrustedPeople"
x509FindType="FindByThumbprint" />
<authentication certificateValidationMode="None" revocationMode="NoCheck"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
Try to specify the same protocol on the client and server. Add the following code in the client:
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;
Here is the reference: TLS 1.2
Yesterday I spent half of day trying to force Flex Remoting to use HTTPS with no success.
Today I tried to connect to other domain.
I changed url of endpoint, but it looks like flex just ignores my changes.
I am sure that an old url doesn't exist in any file in src directory,
I even renamed services-config.xml to services-config2.xml, cleaned and rebuilded project many times, even made a release build, but it still connects to the same domain.
I have tested flex application in localhost and in the same domain, that has AMF services, but it works in the same way.
My services-config.xml is:
<?xml version="1.0" encoding="UTF-8"?>
<services-config>
<services>
<service id="amfphp-flashremoting-service" class="flex.messaging.services.RemotingService" messageTypes="flex.messaging.messages.RemotingMessage">
<destination id="amfphp">
<channels>
<channel ref="my-amfphp-secure"/>
<channel ref="my-amfphp"/>
</channels>
<properties>
<source>*</source>
</properties>
</destination>
</service>
</services>
<channels>
<channel-definition id="my-amfphp-secure" class="mx.messaging.channels.SecureAMFChannel">
<endpoint uri="https://xxx.dev.company.com:443/AMF" class="flex.messaging.endpoints.SecureAMFEndpoint"/>
<properties>
<polling-enabled>false</polling-enabled>
<serialization>
<instantiate-types>false</instantiate-types>
<log-property-errors>true</log-property-errors>
</serialization>
<add-no-cache-headers>false</add-no-cache-headers>
</properties>
</channel-definition>
<channel-definition id="my-amfphp" class="mx.messaging.channels.AMFChannel" >
<endpoint uri="http://xxx.dev.company.com/AMF" class="flex.messaging.endpoints.AMFEndpoint" />
<properties>
<polling-enabled>false</polling-enabled>
<serialization>
<instantiate-types>false</instantiate-types>
<log-property-errors>true</log-property-errors>
</serialization>
<add-no-cache-headers>false</add-no-cache-headers>
</properties>
</channel-definition>
</channels>
</services-config>
RemoteObject definition in mxml:
<mx:RemoteObject id="Agentrpc" destination="amfphp" source="Agentrpc" showBusyCursor="true">
<mx:method name="getAgentID" result="getAgentID_resultHandler(event)" fault="faultHandler(event)"/>
</mx:RemoteObject>
I'm using Flex 3.
Edit: I took a look at generated/ dir and I see that FlexInit files (like MainModule_FlexInit-generated.as) contains code:
ServerConfig.xml =
<services>
<service id="amfphp-flashremoting-service">
<destination id="amfphp">
<channels>
<channel ref="my-amfphp-secure"/>
<channel ref="my-amfphp"/>
</channels>
</destination>
</service>
<channels>
<channel id="my-amfphp-secure" type="mx.messaging.channels.SecureAMFChannel">
<endpoint uri="https://gintautas.dev.company.com:443/AMF"/>
<properties>
<polling-enabled>false</polling-enabled>
</properties>
</channel>
<channel id="my-amfphp" type="mx.messaging.channels.AMFChannel">
<endpoint uri="http://gintautas.dev.company.com/AMF"/>
<properties>
<polling-enabled>false</polling-enabled>
</properties>
</channel>
</channels>
</services>;
That's correct, but application doesn't make requests to gintautas.dev.company.com
Edit 2: I installed Flash Builder 4 and tried to compile using 3.5 and 4.0(in compatibility mode) compilers, but both has the same problem :(
Can you try to clear your browser cache ? The content of the services.xml is injected into the SWF at compile time.
you can check what is being compiled into flex from the *-config.XML files with the following:
trace( ServerConfig.XML );
Also, if using WTP with tomcat, check if server is using the actual installation of tomcat, or a temp eclipse folder to run. that can sometimes cause mix ups.
You must "clean project" in Flex Builder when you change services-config.xml
With Java it is easy to consume a Web Service over HTTPS but how do you publish one?
The standard JAX-WS implementation doesn't support it. We tried Jetty but Jetty does not have support for Web Services over HTTPS either (JettyHttpServerProvider's createHttpsServer() throws an UnsupportedOperatonException). I think this problem should be really easy. But somehow I always run against walls.
Additionally this has to work with OSGi so I'd prefer if most or all dependencies are available as bundles. Currently I try to get CXF running but it has a lot of non-OSGi dependencies which makes deployment very hard.
We also need client authentication via certificates but my hope is this will be relatively easy once HTTPS is enabled.
Why is this such a big deal? For example to provide static content with Jetty, all you need to do is create a server, add any SSL connector and you're done. Why can't it be that easy for Web Services?
Our system uses cxf and jetty in OSGi, and it works fine with HTTPS.
When you publish your service to WebService, you should not concern it is HTTP or HTTPS. Configure your jetty to support HTTPS by passing the following properties to OSGi:
org.eclipse.equinox.http.jetty.http.enabled=false
org.eclipse.equinox.http.jetty.https.enabled=true
org.eclipse.equinox.http.jetty.https.port=443
org.eclipse.equinox.http.jetty.ssl.keystore=...
org.eclipse.equinox.http.jetty.ssl.password=...
You can check out the other properties in
org.eclipse.equinox.http.jetty_2.0.0.v20100503.jar\OSGI-INF\metatype\config.xml
By doing this, you can try to use IE to access the wsdl of your service through https.
If you are using spring, you could use the following configuration. This article on FuseSource gives a good explanation of steps needed for configuration.
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:http="http://cxf.apache.org/transports/http/configuration"
xmlns:httpj="http://cxf.apache.org/transports/http-
jetty/configuration"
xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
xsi:schemaLocation="
http://cxf.apache.org/configuration/security http:
//cxf.apache.org/schemas/configuration/security.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://cxf.apache.org/transports/http-jetty/configuration
http://cxf.apache.org/schemas/configuration/http-jetty.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-
2.0.xsd">
<http:destination name="{http://package}AnInterfacePort.http-
destination">
</http:destination>
<httpj:engine-factory bus="cxf">
<httpj:engine port="9001">
<httpj:tlsServerParameters>
<sec:keyManagers keyPassword="password">
<sec:keyStore type="JKS" password="password"
file="C:/certs/cherry.jks"/>
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="JKS" password="password"
file="C:/certs/truststore.jks"/>
</sec:trustManagers>
<sec:cipherSuitesFilter>
<!-- these filters ensure that a ciphersuite with
export-suitable or null encryption is used,
but exclude anonymous Diffie-Hellman key change as
this is vulnerable to man-in-the-middle attacks -->
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
<sec:clientAuthentication want="true" required="true"/>
</httpj:tlsServerParameters>
</httpj:engine>
</httpj:engine-factory>
<!-- We need a bean named "cxf" -->
<bean id="cxf" class="org.apache.cxf.bus.CXFBusImpl"/>
</beans>
I've run into a bit of a wall with sending messages from BlazeDS on the server to Flex clients. I have my adapters and destinations set properly (I think) messaging-config.xml and my streaming channel setup in my services-config.xml files. The messages work beautifully in Safari (Mac and PC) but no other browsers.
relevant Bits from messaging-config.xml
Adapter:
Destination:
<destination id="FriendNotifierGateway">
<adapter ref="friendNotifierAdapter" />
<properties>
<server>
<max-cache-size>1000</max-cache-size>
<durable>true</durable>
<allow-subtopics>true</allow-subtopics>
<subtopic-separator>.</subtopic-separator>
</server>
</properties>
<channels>
<channel ref="my-streaming-amf"/>
<channel ref="cf-polling-amf"/>
</channels>
Relevant Bits from services-config.xml
<channel-definition id="my-streaming-amf" class="mx.messaging.channels.StreamingAMFChannel">
<endpoint url="http://{server.name}:{server.port}/{context.root}/messagebroker/amfsecure/streamingamf" class="flex.messaging.endpoints.StreamingAMFEndpoint" />
<properties>
<idle-timeout-minutes>0</idle-timeout-minutes>
<max-streaming-clients>500</max-streaming-clients>
<server-to-client-heartbeat-millis>5000</server-to-client-heartbeat-millis>
<user-agent-settings>
<user-agent match-on="MSIE" kickstart-bytes="2048" max-streaming-connections-per-session="1" />
<user-agent match-on="Firefox" kickstart-bytes="2048" max-streaming-connections-per-session="4" />
<user-agent match-on="Safari" kickstart-bytes="2048" max-streaming-connections-per-session="3" />
<user-agent match-on="Opera" kickstart-bytes="2048" max-streaming-connections-per-session="3" />
<user-agent match-on="Chrome" kickstart-bytes="2048" max-streaming-connections-per-session="3" />
</user-agent-settings>
</properties>
I feel like things are setup correctly in the channel definition but, perhaps, some of those user-agent settings are off (I have played with their settings, to no avail thus far).
Thanks, in advance, for any suggestions or insights!
Regards,
Craig
I never sorted out why the server-side messages never reached the client. However, my setup was less than ideal for an active site. So, I switched to using ActiveMQ and, ever since, the messaging has been fantastic!