Using a custom SSLSocketFactory with Apache CXF

Java allows to use a custom VM-wide SSLSocketFactory implementation like so: HttpsURLConnection.setDefaultSSLSocketFactory(SSLSocketFactory). Thus, you can either implement your own SSLSocketFactory or you can configure a regular instance according to your needs/environment. You have to understand that there are probably very few use cases where this method actually really helps. Setting a static default SSLSocketFactory influences all components that require a SSL connection of some sort. The same socket factory instance will be used!

Apache CXF has long had very good SSL support built right in. The documentation is pretty clear about how configure the SSL connection(s). Up to version 2.2.7, however, CXF ignored any custom SSLSocketFactory set as described above. CXF’s HttpsURLConnectionFactory.decorateWithTLS(HttpURLConnection) simply wasn’t prepared for that.

CXF 2.2.7 now supports this through a simple configuration parameter. The feature proposal in the CXF JIRA describes the change: I only had to add a few lines to the Spring application context:

  <http-conf:conduit name="*.http-conduit">
    <http-conf:tlsClientParameters useHttpsURLConnectionDefaultSslSocketFactory="true" />
    Due to a XML parsing issue mentioned here it's
    necessary to import the CXF XMLs explicitly.
  <import resource="classpath:META-INF/cxf/cxf.xml" />
  <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
  <import resource="classpath:META-INF/cxf/cxf-servlet.xml" />

One thought on “Using a custom SSLSocketFactory with Apache CXF

  1. hey, I am having somewhat related issue only. Recently the external SOAP interface which were generating client for changed to https one. and I had an old code base at hand which was generating the java files through cxf and unsecured, http:// based wdl. I chnaged the uri and on maven side everything works fine even the test pass. but when i use this jar in the main project of mine I get this:

    Caused by: java.lang.NoSuchMethodError:;
    at org.apache.cxf.resource.URIResolver.tryFileSystem(
    at org.apache.cxf.resource.URIResolver.resolve(
    at org.apache.cxf.resource.ExtendedURIResolver.resolve(
    at org.apache.cxf.transport.TransportURIResolver.resolve(
    at org.apache.cxf.catalog.CatalogWSDLLocator.getBaseInputSource(
    at org.apache.cxf.wsdl11.AbstractWrapperWSDLLocator.getBaseInputSource(
    at org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(
    at org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(
    at org.apache.cxf.wsdl11.WSDLServiceFactory.(
    at org.apache.cxf.jaxws.ServiceImpl.initializePorts(
    at org.apache.cxf.jaxws.ServiceImpl.(
    at org.apache.cxf.jaxws.spi.ProviderImpl.createServiceDelegate(
    at com.gbm.caprice.sso.client.CachingSSOClient.init(
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(
    at java.lang.reflect.Method.invoke(
    … 45 more

    Can you please help

Leave a Reply