[jira] Updated: (CXF-3064) JAX-RS SSL on Google App Engine
[
https://issues.apache.org/jira/browse/CXF-3064?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sergey Beryozkin updated CXF-3064:
--
Component/s: Transports
> JAX-RS SSL on Google App Engine
> ---
>
> Key: CXF-3064
> URL: https://issues.apache.org/jira/browse/CXF-3064
> Project: CXF
> Issue Type: Improvement
> Components: JAX-RS, Transports
>Affects Versions: 2.2.11
>Reporter: Gary Rudolph
>
> I've been using JAX-RS with CXF with Google App Engine with success as a
> service provider as well as client proxies. Unfortunately, when a jaxrs
> spring injected client needs https I run into issues as the GAE
> {{HttpURLConnection}} is non-standard and doesn't contain the method
> {{getSSLSocketFactory}}.
> I noticed that {{TLSClientParameters}} now contains a
> {{setSSLSocketFactory}}, but it's not exposed through the spring xsd. Can we
> please change the {{}} xsd to support injecting the
> {{sslSocketFactory}}? Then I could get it from GAE and do it myself.
> The other option is to have {{HttpsURLConnectionFactory.decorateWithTLS}}
> attempt to get the {{SSLSocketFactory}} using
> {{SSLSocketFactory.getSSLSocketFactory}}.
> Note, I'm doing the following in a spring config:
> {code:xml}
> https://api.twilio.com/*";>
>
>useHttpsURLConnectionDefaultSslSocketFactory="true" disableCNCheck="true"/>
>
> foo
> bar
>
>
> address="https://api.twilio.com/2008-08-01";
> serviceClass="com.lolay.where.service.support.TwilioResource">
>
>
>
>
> {code}
> Then, I'm receiving the following error:
> {noformat}
> Oct 13, 2010 4:05:56 PM org.apache.cxf.transport.https.SSLUtils
> getCiphersuites
> INFO: The cipher suites have not been configured, falling back to cipher
> suite filters.
> Oct 13, 2010 4:05:56 PM org.apache.cxf.transport.https.SSLUtils
> getCiphersuites
> INFO: The cipher suite filters have not been configured, falling back to
> default filters.
> Oct 13, 2010 4:05:56 PM org.apache.cxf.transport.https.SSLUtils
> getCiphersFromList
> INFO: The cipher suites have been set to SSL_RSA_WITH_RC4_128_MD5,
> SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
> TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
> SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA,
> SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,
> SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
> SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_KRB5_WITH_RC4_128_SHA,
> TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA,
> TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_DES_CBC_SHA,
> TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA,
> TLS_KRB5_EXPORT_WITH_RC4_40_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA,
> TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5.
> Oct 13, 2010 4:05:56 PM org.apache.cxf.phase.PhaseInterceptorChain
> doDefaultLogging
> WARNING: Interceptor for
> {http://support.service.where.lolay.com/}TwilioResource has thrown exception,
> unwinding now
> org.apache.cxf.interceptor.Fault: Could not send Message.
> at
> org.apache.cxf.interceptor.MessageSenderInterceptor.handleMessage(MessageSenderInterceptor.java:48)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
> at
> org.apache.cxf.jaxrs.client.ClientProxyImpl.doChainedInvocation(ClientProxyImpl.java:438)
> at
> org.apache.cxf.jaxrs.client.ClientProxyImpl.invoke(ClientProxyImpl.java:177)
> at $Proxy43.sendSmsMessage(Unknown Source)
> at
> com.lolay.where.service.resources.BaseResourceImpl.sendSms(BaseResourceImpl.java:497)
> at
> com.lolay.where.service.resources.TokenResourceImpl.passwordReset(TokenResourceImpl.java:333)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at
> com.google.appengine.tools.development.agent.runtime.Runtime.invoke(Runtime.java:100)
> at
> org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:173)
> at
> org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:89)
> at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:133)
> at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:82)
> at
> org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(S
[jira] Commented: (CXF-3064) JAX-RS SSL on Google App Engine
[
https://issues.apache.org/jira/browse/CXF-3064?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12975760#action_12975760
]
Sergey Beryozkin commented on CXF-3064:
---
Hi
Is there a chance that you can attach a simple test project, zip, or maven
based ?
Alternatively, can you please try CXF 2.3.1 and post the exception stack trace,
if it still occurs ?
thanks, Sergey
> JAX-RS SSL on Google App Engine
> ---
>
> Key: CXF-3064
> URL: https://issues.apache.org/jira/browse/CXF-3064
> Project: CXF
> Issue Type: Improvement
> Components: JAX-RS, Transports
>Affects Versions: 2.2.11
>Reporter: Gary Rudolph
>
> I've been using JAX-RS with CXF with Google App Engine with success as a
> service provider as well as client proxies. Unfortunately, when a jaxrs
> spring injected client needs https I run into issues as the GAE
> {{HttpURLConnection}} is non-standard and doesn't contain the method
> {{getSSLSocketFactory}}.
> I noticed that {{TLSClientParameters}} now contains a
> {{setSSLSocketFactory}}, but it's not exposed through the spring xsd. Can we
> please change the {{}} xsd to support injecting the
> {{sslSocketFactory}}? Then I could get it from GAE and do it myself.
> The other option is to have {{HttpsURLConnectionFactory.decorateWithTLS}}
> attempt to get the {{SSLSocketFactory}} using
> {{SSLSocketFactory.getSSLSocketFactory}}.
> Note, I'm doing the following in a spring config:
> {code:xml}
> https://api.twilio.com/*";>
>
>useHttpsURLConnectionDefaultSslSocketFactory="true" disableCNCheck="true"/>
>
> foo
> bar
>
>
> address="https://api.twilio.com/2008-08-01";
> serviceClass="com.lolay.where.service.support.TwilioResource">
>
>
>
>
> {code}
> Then, I'm receiving the following error:
> {noformat}
> Oct 13, 2010 4:05:56 PM org.apache.cxf.transport.https.SSLUtils
> getCiphersuites
> INFO: The cipher suites have not been configured, falling back to cipher
> suite filters.
> Oct 13, 2010 4:05:56 PM org.apache.cxf.transport.https.SSLUtils
> getCiphersuites
> INFO: The cipher suite filters have not been configured, falling back to
> default filters.
> Oct 13, 2010 4:05:56 PM org.apache.cxf.transport.https.SSLUtils
> getCiphersFromList
> INFO: The cipher suites have been set to SSL_RSA_WITH_RC4_128_MD5,
> SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
> TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
> SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA,
> SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,
> SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
> SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_KRB5_WITH_RC4_128_SHA,
> TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA,
> TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_DES_CBC_SHA,
> TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA,
> TLS_KRB5_EXPORT_WITH_RC4_40_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA,
> TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5.
> Oct 13, 2010 4:05:56 PM org.apache.cxf.phase.PhaseInterceptorChain
> doDefaultLogging
> WARNING: Interceptor for
> {http://support.service.where.lolay.com/}TwilioResource has thrown exception,
> unwinding now
> org.apache.cxf.interceptor.Fault: Could not send Message.
> at
> org.apache.cxf.interceptor.MessageSenderInterceptor.handleMessage(MessageSenderInterceptor.java:48)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
> at
> org.apache.cxf.jaxrs.client.ClientProxyImpl.doChainedInvocation(ClientProxyImpl.java:438)
> at
> org.apache.cxf.jaxrs.client.ClientProxyImpl.invoke(ClientProxyImpl.java:177)
> at $Proxy43.sendSmsMessage(Unknown Source)
> at
> com.lolay.where.service.resources.BaseResourceImpl.sendSms(BaseResourceImpl.java:497)
> at
> com.lolay.where.service.resources.TokenResourceImpl.passwordReset(TokenResourceImpl.java:333)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at
> com.google.appengine.tools.development.agent.runtime.Runtime.invoke(Runtime.java:100)
> at
> org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:173)
> at
> org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvo
[jira] Resolved: (CXF-3154) Add extraClass property to JAXBElementProvider in order to avoid @XmlSeeAlso annotations
[ https://issues.apache.org/jira/browse/CXF-3154?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sergey Beryozkin resolved CXF-3154. --- Resolution: Fixed Fix Version/s: 2.4 2.3.2 Assignee: Sergey Beryozkin Example : org.apache.cxf.jaxrs.resources.SuperBook org.apache.cxf.jaxrs.resources.SuperBook2 > Add extraClass property to JAXBElementProvider in order to avoid @XmlSeeAlso > annotations > > > Key: CXF-3154 > URL: https://issues.apache.org/jira/browse/CXF-3154 > Project: CXF > Issue Type: Improvement > Components: JAX-RS >Affects Versions: 2.2.11 > Environment: Spring 3, Apache CXF, JAXB >Reporter: Ivan Vitoria >Assignee: Sergey Beryozkin > Fix For: 2.3.2, 2.4 > > > As Sergey suggested to me through mailing list, it would be appreciate if > JAXBElementProvider had the extraClass property, which currently belongs to > JAXBDataBinding, because it is quite interesting in order to avoid the > annotation @XmlSeeAlso in inheritance scenery. > Thanks, > Ivan -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Created: (CXF-3223) introduce a threshold system property for staxutils to avoid parsing message with unreasonable inner element level
introduce a threshold system property for staxutils to avoid parsing message with unreasonable inner element level --- Key: CXF-3223 URL: https://issues.apache.org/jira/browse/CXF-3223 Project: CXF Issue Type: Improvement Reporter: Freeman Fang Assignee: Freeman Fang Fix For: 2.3.2, 2.4 if the incoming message like .. "n" here could be very huge, then it will take long time(a 500k size message with only element tag but no real content will take minutes) for staxutils to parse this message. In some case, this kind of message with unreasonable inner element level should be considered as vulnerability, so we need introduce inner element level threshold property for staxutils, so that we get chance that if it reach the threshold, just throw exception and stop parsing, this way ensure release resource soon in case of vulnerability. The default value of this property should be -1 which means no inner element limit, for backward compatible. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (CXF-3129) wsdl2java: place @Generated annotation on generated code
[ https://issues.apache.org/jira/browse/CXF-3129?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nithya Sivasubramaniam updated CXF-3129: Attachment: Patch for CXF 3129 - version 2.patch (1) Added a new option, '-mark-generated' to wsdl2java, as discussed in the dev mailing list. When this option is set, all generated java files will have @Generated annotation set on classes, fields, constructors and methods. (1.1) Passes the mark-generated flag to jaxb xjc so that all classes generated by jaxb include the annotation. (1.2) Modified velocity templates to support adding the mark-generated flag for classes directly generated by CXF. (2) Added CodeGenOptionTest.testMarkGeneratedOption() that exercises the new -mark-generated option. This test requires a newer version of jaxb xjc (version 2.2.3). So the test is commented out and should be uncommented once we move to using the newer version of jaxb. > wsdl2java: place @Generated annotation on generated code > > > Key: CXF-3129 > URL: https://issues.apache.org/jira/browse/CXF-3129 > Project: CXF > Issue Type: New Feature > Components: Tooling >Affects Versions: 2.3.0 >Reporter: Andrew Spencer >Priority: Minor > Attachments: Patch for CXF 3129 - version 2.patch, Patch for CXF > 3129.txt > > > It would be considerate on the part of CXF to place @Generated on the Java > source generated by wsdl2java. > @Generated is in the javax.annotation package and is a marker for generated > code. It allows code quality tools to ignore the generated code, as > described in this feature request for Sonar: > http://jira.codehaus.org/browse/SONAR-1042 -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
