[英]How to proxy secure web services (HTTPS SSL/TLS) using Mule's <pattern:web-service-proxy>
我們有本地運行的CXF Web服務,可通過HTTPS TLS / SSL訪問。 我們想使用Mule的<pattern:web-service-proxy>在外部公開這些服務。 我們的問題是,是否可以將<pattern:web-service-proxy>配置為使用HTTPS?
我們已經使用<pattern:web-service-proxy>在HTTP上成功代理了這些服務。 但是,當我們將Web服務代理的inboundAddress和outboundAddress屬性(如下)從HTTP URLS更改為HTTPS URL時,會出現錯誤:“所需的對象/屬性“ tls-key-store”為空”。
這有效:
<pattern:web-service-proxy name="unsecure_ws_proxy"
inboundAddress="http://localhost:80/services/service_common_name"
outboundAddress="http://localhost:8080/app_name/proxied_service_name"
/>
這不起作用(產生“必需的對象/屬性“ tls-key-store”為null”):
<pattern:web-service-proxy name="secure_ws_proxy"
inboundAddress="https://localhost:443/services/service_common_name"
outboundAddress="https://localhost:8443/app_name/proxied_service_name"
/>
我們已經定義了一個<tls:context name =“ TLS_Context”>,並假設如果我們可以使用<pattern:web-service-proxy>來使用它,那么代理應該可以工作。
這個假設正確嗎?如果是,我們如何告訴<pattern:web-service-proxy>使用我們定義的TLS_Context? 如果我們的假設是錯誤的,那么在Mule中定義最基本的方法是使用HTTPS協議的CXF SOAP Web服務的直通代理是什么?
編輯:
我們正在使用Mule v.3.6.0。
為了完整性,我們使用了TLS_Context(我們尚不知道如何將其與pattern:web-service-proxy關聯,即使這就是答案):
<tls:context name="TLS_Context" doc:name="TLS Context">
<tls:trust-store path="${ssl.truststore.path}" password="${ssl.truststore.password}"/>
<tls:key-store path="${ssl.keystore.path}" password="${ssl.keystore.password}" keyPassword="${ssl.keystore.password}"/>
</tls:context>
回答:
這是完整的解決方案,基於David接受的答復。 不需要TLS_Context。 謝謝大衛:
<?xml version="1.0" encoding="UTF-8"?>
<mule
xmlns="http://www.mulesoft.org/schema/mule/core"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:http="http://www.mulesoft.org/schema/mule/http"
xmlns:script="http://www.mulesoft.org/schema/mule/scripting"
xmlns:spring="http://www.springframework.org/schema/beans"
xmlns:pattern="http://www.mulesoft.org/schema/mule/pattern"
xmlns:https="http://www.mulesoft.org/schema/mule/https"
xsi:schemaLocation="
http://www.mulesoft.org/schema/mule/core
http://www.mulesoft.org/schema/mule/core/current/mule.xsd
http://www.mulesoft.org/schema/mule/http
http://www.mulesoft.org/schema/mule/http/current/mule-http.xsd
http://www.mulesoft.org/schema/mule/pattern
http://www.mulesoft.org/schema/mule/pattern/current/mule-pattern.xsd
http://www.mulesoft.org/schema/mule/scripting
http://www.mulesoft.org/schema/mule/scripting/current/mule-scripting.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-current.xsd
http://www.mulesoft.org/schema/mule/https
http://www.mulesoft.org/schema/mule/https/3.0/mule-https.xsd">
<https:connector name="httpsConnector">
<!-- Not currently needed
<https:tls-client
path="${ssl.client.keystore.path}"
storePassword="${ssl.client.keystore.password}"/>
-->
<https:tls-key-store
path="${ssl.server.keystore.path}"
keyPassword="${ssl.server.keystore.password}"
storePassword="${ssl.server.keystore.password}"/>
<https:tls-server
path="${ssl.server.truststore.path}"
storePassword="${ssl.server.truststore.password}"/>
</https:connector>
<!-- Pattern-based configuration was introduced in Mule v.3.2 to decrease "the amount of
noise in its configuration files". Configuration patterns are, by design, not as
powerful as Mule FLows or Services. They have instead been designed for ease of use.
(http://www.mulesoft.org/documentation-3.2/display/32X/Understanding+Configuration+Patterns+Using+Mule) -->
<!-- MULE PATTERN PROXIES -->
<!-- HTTP -->
<pattern:web-service-proxy name="http_ws_proxy"
inboundAddress="http://localhost:80/services/service_common_name"
outboundAddress="http://localhost:8080/app_name/proxied_service_name"
/>
<!-- HTTPS -->
<pattern:web-service-proxy name="https_ws_proxy"
inboundAddress="https://localhost:443/services/service_common_name"
outboundAddress="https://localhost:8443/app_name/proxied_service_name"
/>
</mule>
您需要使用相關的JKS配置來配置HTTPS連接器。
例:
<https:connector name="httpsConnector">
<https:tls-key-store path="keystore.jks" keyPassword="<Your Password>"
storePassword="<Your Password>"/>
</https:connector>
參考: http : //www.mulesoft.org/documentation/display/current/HTTPS+Transport+Reference
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.