如何使用 Mule 的 <pattern:web-service-proxy> 代理安全 Web 服务 (HTTPS SSL/TLS)
How to proxy secure web services (HTTPS SSL/TLS) using Mule's <pattern:web-service-proxy>
我们在本地有 CXF Web 服务 运行,可通过 HTTPS TLS/SSL 访问。我们想使用 Mule 的 在外部公开这些服务。我们的问题是,能否将 配置为使用 HTTPS?
我们已经使用 通过 HTTP 成功代理了这些服务。然而,当我们将 web-service-proxy 的 inboundAddress 和 outboundAddress 属性(如下)从 HTTP URLS 更改为 HTTPS URLs 时,我们得到一个错误:"The required object/property "tls-key-store" is null"。
这个有效:
<pattern:web-service-proxy name="unsecure_ws_proxy"
inboundAddress="http://localhost:80/services/service_common_name"
outboundAddress="http://localhost:8080/app_name/proxied_service_name"
/>
这不起作用(产生 "The required object/property "tls-key-store" is null "):
<pattern:web-service-proxy name="secure_ws_proxy"
inboundAddress="https://localhost:443/services/service_common_name"
outboundAddress="https://localhost:8443/app_name/proxied_service_name"
/>
我们已经定义了一个 并假设如果我们可以让 使用它,那么代理应该可以工作。
这个假设是否正确,如果正确,我们如何告诉 使用我们定义的 TLS_Context?如果我们的假设是错误的,那么在 Mule 中定义本质上是使用 HTTPS 协议的 CXF SOAP web 服务的直通代理的最简单方法是什么?
编辑:
我们正在使用 Mule v.3.6.0。
为了完整起见,我们的 TLS_Context(我们还不知道如何与 pattern:web-service-proxy 关联,如果这就是答案的话):
<tls:context name="TLS_Context" doc:name="TLS Context">
<tls:trust-store path="${ssl.truststore.path}" password="${ssl.truststore.password}"/>
<tls:key-store path="${ssl.keystore.path}" password="${ssl.keystore.password}" keyPassword="${ssl.keystore.password}"/>
</tls:context>
答案:
这是基于 David 接受的回复的完整解决方案。不需要 TLS_Context。谢谢大卫:
<?xml version="1.0" encoding="UTF-8"?>
<mule
xmlns="http://www.mulesoft.org/schema/mule/core"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:http="http://www.mulesoft.org/schema/mule/http"
xmlns:script="http://www.mulesoft.org/schema/mule/scripting"
xmlns:spring="http://www.springframework.org/schema/beans"
xmlns:pattern="http://www.mulesoft.org/schema/mule/pattern"
xmlns:https="http://www.mulesoft.org/schema/mule/https"
xsi:schemaLocation="
http://www.mulesoft.org/schema/mule/core
http://www.mulesoft.org/schema/mule/core/current/mule.xsd
http://www.mulesoft.org/schema/mule/http
http://www.mulesoft.org/schema/mule/http/current/mule-http.xsd
http://www.mulesoft.org/schema/mule/pattern
http://www.mulesoft.org/schema/mule/pattern/current/mule-pattern.xsd
http://www.mulesoft.org/schema/mule/scripting
http://www.mulesoft.org/schema/mule/scripting/current/mule-scripting.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-current.xsd
http://www.mulesoft.org/schema/mule/https
http://www.mulesoft.org/schema/mule/https/3.0/mule-https.xsd">
<https:connector name="httpsConnector">
<!-- Not currently needed
<https:tls-client
path="${ssl.client.keystore.path}"
storePassword="${ssl.client.keystore.password}"/>
-->
<https:tls-key-store
path="${ssl.server.keystore.path}"
keyPassword="${ssl.server.keystore.password}"
storePassword="${ssl.server.keystore.password}"/>
<https:tls-server
path="${ssl.server.truststore.path}"
storePassword="${ssl.server.truststore.password}"/>
</https:connector>
<!-- Pattern-based configuration was introduced in Mule v.3.2 to decrease "the amount of
noise in its configuration files". Configuration patterns are, by design, not as
powerful as Mule FLows or Services. They have instead been designed for ease of use.
(http://www.mulesoft.org/documentation-3.2/display/32X/Understanding+Configuration+Patterns+Using+Mule) -->
<!-- MULE PATTERN PROXIES -->
<!-- HTTP -->
<pattern:web-service-proxy name="http_ws_proxy"
inboundAddress="http://localhost:80/services/service_common_name"
outboundAddress="http://localhost:8080/app_name/proxied_service_name"
/>
<!-- HTTPS -->
<pattern:web-service-proxy name="https_ws_proxy"
inboundAddress="https://localhost:443/services/service_common_name"
outboundAddress="https://localhost:8443/app_name/proxied_service_name"
/>
</mule>
您需要使用相关的 JKS 配置来配置 HTTPS 连接器。
示例:
<https:connector name="httpsConnector">
<https:tls-key-store path="keystore.jks" keyPassword="<Your Password>"
storePassword="<Your Password>"/>
</https:connector>
参考:http://www.mulesoft.org/documentation/display/current/HTTPS+Transport+Reference
当您的 https 连接器指向 http url 时,可能会发生这种情况。您可以更改 xml 中的 server/url 或禁用连接器中的 https 选项:
我们在本地有 CXF Web 服务 运行,可通过 HTTPS TLS/SSL 访问。我们想使用 Mule 的
我们已经使用
这个有效:
<pattern:web-service-proxy name="unsecure_ws_proxy"
inboundAddress="http://localhost:80/services/service_common_name"
outboundAddress="http://localhost:8080/app_name/proxied_service_name"
/>
这不起作用(产生 "The required object/property "tls-key-store" is null "):
<pattern:web-service-proxy name="secure_ws_proxy"
inboundAddress="https://localhost:443/services/service_common_name"
outboundAddress="https://localhost:8443/app_name/proxied_service_name"
/>
我们已经定义了一个
这个假设是否正确,如果正确,我们如何告诉
编辑:
我们正在使用 Mule v.3.6.0。
为了完整起见,我们的 TLS_Context(我们还不知道如何与 pattern:web-service-proxy 关联,如果这就是答案的话):
<tls:context name="TLS_Context" doc:name="TLS Context">
<tls:trust-store path="${ssl.truststore.path}" password="${ssl.truststore.password}"/>
<tls:key-store path="${ssl.keystore.path}" password="${ssl.keystore.password}" keyPassword="${ssl.keystore.password}"/>
</tls:context>
答案:
这是基于 David 接受的回复的完整解决方案。不需要 TLS_Context。谢谢大卫:
<?xml version="1.0" encoding="UTF-8"?>
<mule
xmlns="http://www.mulesoft.org/schema/mule/core"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:http="http://www.mulesoft.org/schema/mule/http"
xmlns:script="http://www.mulesoft.org/schema/mule/scripting"
xmlns:spring="http://www.springframework.org/schema/beans"
xmlns:pattern="http://www.mulesoft.org/schema/mule/pattern"
xmlns:https="http://www.mulesoft.org/schema/mule/https"
xsi:schemaLocation="
http://www.mulesoft.org/schema/mule/core
http://www.mulesoft.org/schema/mule/core/current/mule.xsd
http://www.mulesoft.org/schema/mule/http
http://www.mulesoft.org/schema/mule/http/current/mule-http.xsd
http://www.mulesoft.org/schema/mule/pattern
http://www.mulesoft.org/schema/mule/pattern/current/mule-pattern.xsd
http://www.mulesoft.org/schema/mule/scripting
http://www.mulesoft.org/schema/mule/scripting/current/mule-scripting.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-current.xsd
http://www.mulesoft.org/schema/mule/https
http://www.mulesoft.org/schema/mule/https/3.0/mule-https.xsd">
<https:connector name="httpsConnector">
<!-- Not currently needed
<https:tls-client
path="${ssl.client.keystore.path}"
storePassword="${ssl.client.keystore.password}"/>
-->
<https:tls-key-store
path="${ssl.server.keystore.path}"
keyPassword="${ssl.server.keystore.password}"
storePassword="${ssl.server.keystore.password}"/>
<https:tls-server
path="${ssl.server.truststore.path}"
storePassword="${ssl.server.truststore.password}"/>
</https:connector>
<!-- Pattern-based configuration was introduced in Mule v.3.2 to decrease "the amount of
noise in its configuration files". Configuration patterns are, by design, not as
powerful as Mule FLows or Services. They have instead been designed for ease of use.
(http://www.mulesoft.org/documentation-3.2/display/32X/Understanding+Configuration+Patterns+Using+Mule) -->
<!-- MULE PATTERN PROXIES -->
<!-- HTTP -->
<pattern:web-service-proxy name="http_ws_proxy"
inboundAddress="http://localhost:80/services/service_common_name"
outboundAddress="http://localhost:8080/app_name/proxied_service_name"
/>
<!-- HTTPS -->
<pattern:web-service-proxy name="https_ws_proxy"
inboundAddress="https://localhost:443/services/service_common_name"
outboundAddress="https://localhost:8443/app_name/proxied_service_name"
/>
</mule>
您需要使用相关的 JKS 配置来配置 HTTPS 连接器。
示例:
<https:connector name="httpsConnector">
<https:tls-key-store path="keystore.jks" keyPassword="<Your Password>"
storePassword="<Your Password>"/>
</https:connector>
参考:http://www.mulesoft.org/documentation/display/current/HTTPS+Transport+Reference
当您的 https 连接器指向 http url 时,可能会发生这种情况。您可以更改 xml 中的 server/url 或禁用连接器中的 https 选项: