LibraryToggle FramesPrintFeedback

The certificates used in this demonstration are taken from a sample in the Fuse Service Framework 2.4.2-fuse-00-08 product. If you download and install the standalone version of Fuse Service Framework, you will find the sample certificates in the CXFInstallDir/samples/wsdl_first_https/certs directory.

Copy the certs directory from CXFInstallDir/samples/wsdl_first_https/ to the EsbInstallDir/etc/ directory. After copying, you should have the following directory structure under EsbInstallDir/etc/:

EsbInstallDir/etc/
    |
    \--certs/
        |
        \--cherry.jks
           wibble.jks
           truststore.jks
           ...

Where cherry.jks, wibble.jks, and truststore.jks are the keystores that are used in this demonstration.

[Warning]Warning

The demonstration key store and trust sture are provided for testing purposes only. Do not deploy these certificates in a production system. To set up a genuinely secure SSL/TLS system, you must generate custom certificates, as described in Managing Certificates in Fuse Message Broker Security Guide.

The Jetty Web server is created by defining a Jetty endpoint at the start of an Fuse Mediation Router route. The route is then responsible for processing the incoming HTTP request and generating a reply. The current example simply sends back a small HTML page in the reply. For a more realistic application, you would typically process the incoming message using a bean, which accesses the message through the Java servlet API.

Create the following directory to hold the Spring configuration files:

ProjectDir/jetty-security/src/main/resources/META-INF/spring

In the spring directory that you just created, use your favorite text editor to create the file, jetty-spring.xml, containing the following XML configuration:

The jetty bean defines a new instance of the Fuse Mediation Router Jetty component, overriding the default component defined in the camel-jetty JAR file. This Jetty component is configured with SSL/TLS properties as follows:

[Note]Note

The preceding configuration shows how to enable SSL/TLS security for all IP port values. To enable SSL/TLS security for specific IP ports only, see SSL Support (HTTPS) in EIP Component Reference.

You must also modify the URI at the start of the route (the uri attribute of the from element). Make sure that the scheme of the URI matches the secure Jetty component, jetty, that you have just created. You must also change the protocol scheme from http to https.

[Tip]Tip

Always double-check you have changed the protocol scheme to https! This is such a small change, it is easy to forget.

Comments powered by Disqus