1

I would have a question about the wonderful tool that I just discovered named fabric8 (http://fabric8.io).

When I deploy a CXF SOAP service into the system, it is available at http://${HOSTNAME}:8181/cxf. Until now, all our stack was deployed into a tomcat container, secured using TLS encryption on the regular 8443 port (using or not client authentication). We, by the way, use WSDL policies to enforce it.

Is it possible to setup this TLS encryption using fabric8 ? karaf ?

Jerome

P.S: I wanted to add the new tag 'fabric8' but I do not have enough points to do that so I tagged using 'fusefabric'.

Edit 1:

Thanks @iocanel!

It seems to work.... well mostly :-)

In fact, if I start from a fresh fabric8 installation, and if I setup in etc/org.ops4j.pax.web.cfg:

org.ops4j.pax.web.config.file=etc/jetty.xml
org.osgi.service.http.port=8181

org.osgi.service.http.secure.enabled=true
org.osgi.service.http.port.secure=8443
org.ops4j.pax.web.ssl.keystore=etc/serverKeystore.jks
org.ops4j.pax.web.ssl.password=mytest
org.ops4j.pax.web.ssl.keypassword=mytest

Then I can browse the hawtio web interface on the 8443 port. However, as soon as I initialise the container with fabric:create the port is not available anymore. If I restart fabric8, then the logs are full of:

2014-02-11 17:41:15,945 | WARN  | tp1828719771-631 | AbstractHttpConnection           | ty.server.AbstractHttpConnection  552 | 89 - org.eclipse.jetty.aggregate.jetty-all-server - 8.1.14.v20131031 | /git/fabric/info/refs?service=git-upload-pack
java.lang.IllegalStateException: Committed
    at org.eclipse.jetty.server.Response.resetBuffer(Response.java:1154)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.Response.sendError(Response.java:317)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.Response.sendError(Response.java:419)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at javax.servlet.http.HttpServletResponseWrapper.sendError(HttpServletResponseWrapper.java:137)[84:org.apache.geronimo.specs.geronimo-servlet_3.0_spec:1.0]
    at io.fabric8.maven.impl.MavenSecureHttpContext.authenticate(MavenSecureHttpContext.java:173)[129:io.fabric8.fabric-maven-proxy:1.0.0.SNAPSHOT]
    at io.fabric8.maven.impl.MavenSecureHttpContext.handleSecurity(MavenSecureHttpContext.java:78)[129:io.fabric8.fabric-maven-proxy:1.0.0.SNAPSHOT]
    at org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:68)[100:org.ops4j.pax.web.pax-web-jetty:3.0.6]
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:219)[100:org.ops4j.pax.web.pax-web-jetty:3.0.6]
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:85)[100:org.ops4j.pax.web.pax-web-jetty:3.0.6]
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.Server.handle(Server.java:370)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:971)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1033)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:667)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at java.lang.Thread.run(Thread.java:744)[:1.7.0_51]
2014-02-11 17:41:15,967 | WARN  | tp1828719771-616 | Response                         | rg.eclipse.jetty.server.Response  315 | 89 - org.eclipse.jetty.aggregate.jetty-all-server - 8.1.14.v20131031 | Committed before 401 null
2014-02-11 17:41:15,968 | WARN  | tp1828719771-616 | AbstractHttpConnection           | ty.server.AbstractHttpConnection  552 | 89 - org.eclipse.jetty.aggregate.jetty-all-server - 8.1.14.v20131031 | /git/fabric/info/refs?service=git-receive-pack
java.lang.IllegalStateException: Committed
    at org.eclipse.jetty.server.Response.resetBuffer(Response.java:1154)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.Response.sendError(Response.java:317)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.Response.sendError(Response.java:419)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at javax.servlet.http.HttpServletResponseWrapper.sendError(HttpServletResponseWrapper.java:137)[84:org.apache.geronimo.specs.geronimo-servlet_3.0_spec:1.0]
    at io.fabric8.maven.impl.MavenSecureHttpContext.authenticate(MavenSecureHttpContext.java:173)[129:io.fabric8.fabric-maven-proxy:1.0.0.SNAPSHOT]
    at io.fabric8.maven.impl.MavenSecureHttpContext.handleSecurity(MavenSecureHttpContext.java:78)[129:io.fabric8.fabric-maven-proxy:1.0.0.SNAPSHOT]
    at org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:68)[100:org.ops4j.pax.web.pax-web-jetty:3.0.6]
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:219)[100:org.ops4j.pax.web.pax-web-jetty:3.0.6]
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:85)[100:org.ops4j.pax.web.pax-web-jetty:3.0.6]
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.Server.handle(Server.java:370)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:971)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1033)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:667)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)[89:org.eclipse.jetty.aggregate.jetty-all-server:8.1.14.v20131031]
    at java.lang.Thread.run(Thread.java:744)[:1.7.0_51]

Do you have an idea ?

Jerome

James Strachan
  • 9,168
  • 34
  • 31
Jerome
  • 61
  • 9
  • Could you test this with a vanilla Karaf, don't know what this fabric stuff is doing on top. – Achim Nierbeck Feb 12 '14 at 07:47
  • @AchimNierbeck, I tested on a basic karaf configuration with the web console and it works indeed. It seems specific to fabric8. – Jerome Feb 12 '14 at 08:33
  • :) . In fact, I misunderstood the @iocanel answer. I modified etc/org.ops4j.pax.web.cfg whereas I now understand that I have to modify org.ops4j.pax.web.properties in the fabric8 default profile. – Jerome Feb 12 '14 at 10:31
  • BTW I tried adding a fabric8 tag too. I hope that helps ;) – James Strachan Mar 03 '14 at 08:32

2 Answers2

0

The default profiles contains the org.ops4j.pax.web.properties file.

By editing this file you could configure ssl as described here: https://ops4j1.jira.com/wiki/display/paxweb/SSL+Configuration

iocanel
  • 570
  • 2
  • 2
  • thanks a lot, but I face another issue (see my edit). – Jerome Feb 11 '14 at 16:49
  • Ok in fact I misunderstood your answer. I modified etc/org.ops4j.pax.web.cfg instead of the org.ops4j.pax.web.properties file in the default profile! – Jerome Feb 12 '14 at 10:33
0

I posted an issue: https://github.com/fabric8io/fabric8/issues/696

Let's see if there is a specific configuration to apply.

Jerome
  • 61
  • 9