[jira] [Commented] (CXF-8211) JAX-RS Client - Failover does not respect truststore settings

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[jira] [Commented] (CXF-8211) JAX-RS Client - Failover does not respect truststore settings

Ivan Topić (Jira)

    [ https://issues.apache.org/jira/browse/CXF-8211?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17036382#comment-17036382 ]

Colm O hEigeartaigh commented on CXF-8211:

The solution is to explicitly create and set a default bus. Then you can do:
HTTPConduitConfigurer httpConduitConfigurer = new HTTPConduitConfigurer() {
            public void configure(String name, String address, HTTPConduit c) {
        bus.setExtension(httpConduitConfigurer, HTTPConduitConfigurer.class);
I created an example using WebClient here: [https://github.com/coheigea/testcases/blob/master/apache/cxf/cxf-failover/src/test/java/org/apache/coheigea/cxf/failover/feature/FailoverTLSTest.java]

Let me know if this approach works for you.

> JAX-RS Client - Failover does not respect truststore settings
> -------------------------------------------------------------
>                 Key: CXF-8211
>                 URL: https://issues.apache.org/jira/browse/CXF-8211
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS Security
>    Affects Versions: 3.2.1
>            Reporter: Stephan Gasser
>            Assignee: Colm O hEigeartaigh
>            Priority: Major
>         Attachments: CXF_att_init_jax_rs_client.java
> Setup the client for TLS/SSL (use my own truststore)
> Setup the client for Failover
>  * In normal case, the client communicates over TLS/SSL with the server (certificate found in my own truststore)
>  * But in the case of a failover, the client use cacerts (???) and not my own configured truststore (-> SSLHandshakeException)
> If I set the 2 properties 'javax.net.ssl.trustStore' and 'javax.net.ssl.trustStorePassword' to my own truststore the TLS/SSL connection to the failover host works as well.
> But this is not the idea, because I configured my own truststore with TLSClientParameters and TrustManagerFactory (with method init(myOwnTruststore)).

This message was sent by Atlassian Jira