Create Jetty Connectors in Pax-Web - jetty

Is there a possibility (API) to add Jetty connectors via Pax-Web programmatically. Pax-Web internally uses a nice JettyServer interface, but there seems to be no OSGi service available. The ports that must be available are not known in advance, so I cannot use jetty.xml for configuration purposes.
Has anybody an idea?

As you just seem to want to change the port you should do it the OSGi way and just configure pax web with the appropriate configuration. See also here: https://ops4j1.jira.com/wiki/display/paxweb/Basic+Configuration
The configuration in question is
org.osgi.service.http.port
This port can be configured by the config admin service. In case of a configuration change the jetty server will be restarted.
Regarding the initial question about a service, this is not possible right now but there is a JIRA issue for it available, and contributions are highly appreciated.

Starting from PaxWeb 4.1.0 you can register the connectors you need by registering them as service (it allows for instance to exclude the SSL protocols against Poodle vulnerability)
SslContextFactory contextFactory = new SslContextFactory();
contextFactory.addExcludeProtocols("SSLv2Hello", "SSLv3");
contextFactory.setKeyStorePath("PATH_TO_KEYSTORE");
contextFactory.setKeyStorePassword("KEYSTORE_PASSWORD");
contextFactory.setTrustStore("PATH_TO_TRUSTSTORE");
contextFactory.setTrustStorePassword("TRUSTSTORE_PASSWORD");
contextFactory.setNeedClientAuth(true);
contextFactory.setWantClientAuth(true);
Connector sc = new SslSelectChannelConnector(contextFactory);
sc.setPort(8443);
ServiceRegistration<Connector> registerService = bundleContext.registerService(Connector.class, sc, null);
Mainly taken from pax web documentation http://ops4j.github.io/pax/web/SNAPSHOT/

Related

ActiveMQ Artemis http and https in bootstrap.xml

I hope you have an idea.
I am working with an ActiveMQ Artemis Broker and installed a metrics plugin to use with prometheus and grafana (https://github.com/rh-messaging/artemis-prometheus-metrics-plugin/). Like the instruction says, I added <app url="metrics" war="metrics.war"/> to the bootstrap.xml
We're working with a vendor providing us with the Grafana dashboards as long as we are providing metrics they can work with. The problem is that the vendor wants to access the metrics page (https://activemq:port/metrics) via HTTP and not HTTPS, which is configured in the bootstrap.xml ( <web bind="https://0.0.0.0:port" path="web" keyStorePath=...) Their effort would be disproportionately high to change their system to work with HTTPS now.
Is it possible to configure the jetty-Webserver to serve the console etc. via HTTPS and the URL activemq:port/metrics via HTTP?
I tried to add another web-container in the bootstrap.xml, now binding bind="http://0.0.0.0:port/" and adding the metrics plugin in it but the webserver wasn't happy with two web-containers :/
Thanks for your help :)
This is not currently possible. However, the project could be enhanced to support multiple web instances in bootstrap.xml. Contributions are always welcome.

Changing WSO2 / Synapse to expose CXF service instead of AXIS2

Currently WSO2/Synapse uses AXIS 2 services as a base and proxy service tag exposes a typical service based on AXIS 2 engine.
Is it possible to change this to expose CXF service instead? If it's not currently supported out of box, can you give an idea of how large that effort would be if I am ready to make those changes myself in WSO2/Synapse
Thanks,
Harish
CXF based inbound endpoint implementation will be release with the next ESB(4.9.0) version. This feature is primarily for CXF reliable message support. If you need to write your own custom inbound endpoint on the CXF, you can check the existing ESB 4.9.0 code base;
https://github.com/wso2/carbon-mediation/tree/master/components/inbound-endpoints/org.wso2.carbon.inbound.endpoint.ext.wsrm

publish cxf webservice in localhost

used cxf framework for webservice. It works.
however the webservice is always published in public ip and I see followin in colsole
Setting the server's publish address to be soap.udp://239.255.255.250:3702
how to change that to localhost.
appreciate any help.
Thanks,
raen
That's the WS-Discovery service that runs along side your other services to allow for discovery of the services on the network. See http://cxf.apache.org/docs/ws-discovery.html
You can remove the WS-Discovery jars from the classpath and this would be disabled.

How do I setup a asmx web service in Azure that accepts a client certificate?

I apologize in advance if the question is ridiculous.
I have an asmx service running in Azure (HTTP - no SSL).
I have a WPF app that loads a X509Certificate2 and adds it to the request by doing the following:
X509Certificate2 cert = new X509Certificate2("...");
webRequest.ClientCertificates.Add(cert);
In the web service I get the certificate by
new X509Certificate2(this.Context.Request.ClientCertificate.Certificate)
And then I load a cert (that I have both uploaded to the Azure control panel and added to my service definition file) by using the following sample:
var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2Collection certs = store.Certificates.Find(X509FindType.FindBySubjectName, certName, true);
And then I validate by doing the following:
clientCert.Thumbprint == certs[0].Thumbprint
Now unfortunately I get an exception (System.Security.Cryptography.CryptographicException: m_safeCertContext is an invalid handle) as soon as I do
Request.ClientCertificate.Certificate
So I have a few questions. How do I avoid the exception. This answer states I need to modify an IIS setting, but how can I do that in Azure?
In any case is this even the proper way to do certificate authentication?
Thanks!
You can use command scripts to modify IIS, in combination with appcmd.exe.
For a quick example (disabling timeout in an application pool), take a look at this sample by Steve Marx.
In this example, you'd call DisableTimeout.cmd as a startup task. For more info on creating startup tasks, you can watch this episode of Cloud Cover Show. There should be a lab on startup tasks in the Platform Training Kit as well.
Just remember that any type of IIS configuration change should be made via an automated task at startup. If you manually change IIS via RDP, those changes won't propagate to all of your instances, and won't remain persistent in the event of hardware failure or OS update.
You can remote into your azure instances to manage IIS. As for a way to do it globally for all instances at once, I'm not sure. That would be an interesting side project though.
http://learn.iis.net/page.aspx/979/managing-iis-on-windows-azure-via-remote-desktop/

Web Service Port No Question

I am working on a web service project using gsoap. I am new to web services and have some basic questions.
What should be the port no. of my web service? Currently this web service is a stand alone service listening to a hard-coded port no. of 22050. Client connects to this port and everything works fine. Is this approach OK? What are the pros/cons of this approach?
Or Should my web service be a plug-in of the apache web server? In that case how does it work? Apache httpd listens on port 80, so client sends request to this port. Then how does the request get routed to my web service?
I didn't find any proper online resources on these. Any pointers would be great.
You will have to configure apache such that it knows it will be your web service. In this case you will probably give it a location. So you can configure a directive that will make sure your service is called by apache.
I.e. you will use urls that identify your service (http://.
You will then use a location directive in which you make the proper configurations. You can find more information at http://httpd.apache.org/docs/2.0/sections.html
Hope this helps.