Configuring SSL

To configure the standalone HTTP transport to use SSL, you'll need to add an <http:destination> definition to your XML configuration file. See the Configuration guide to learn how to supply your own XML configuration file to CXF. If you are already using Spring, this can be added to your existing beans definitions. For more information about configuring TLS, see the Configuring TLS page.

Destinations in CXF are responsible for listening for server side requests.

<beans xmlns="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:sec="http://cxf.apache.org/configuration/security"
  xmlns:http="http://cxf.apache.org/transports/http/configuration"
  xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
  xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
  xsi:schemaLocation="
           http://cxf.apache.org/configuration/security
              http://cxf.apache.org/schemas/configuration/security.xsd
           http://cxf.apache.org/transports/http/configuration
              http://cxf.apache.org/schemas/configuration/http-conf.xsd
           http://cxf.apache.org/transports/http-jetty/configuration
              http://cxf.apache.org/schemas/configuration/http-jetty.xsd
           http://www.springframework.org/schema/beans
              http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">

  <http:destination name="{http://apache.org/hello_world}GreeterImplPort.http-destination">    
  </http:destination>
  
  <httpj:engine-factory bus="cxf">
  <!-- you just need to specify the TLS Server configuration for the certain port -->
    <httpj:engine port="9003">
      <httpj:tlsServerParameters>
        <sec:keyManagers keyPassword="password">
          <sec:keyStore type="JKS" password="password" 
                        file="src/test/java/org/apache/cxf/systest/http/resources/Tarpin.jks"/>
        </sec:keyManagers>
        <sec:trustManagers>
          <sec:keyStore type="JKS" password="password"
                        file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
        </sec:trustManagers>
        <sec:cipherSuitesFilter>
          <!-- these filters ensure that a ciphersuite with
               export-suitable or null encryption is used,
               but exclude anonymous Diffie-Hellman key change as
               this is vulnerable to man-in-the-middle attacks -->
          <sec:include>.*_EXPORT_.*</sec:include>
          <sec:include>.*_EXPORT1024_.*</sec:include>
          <sec:include>.*_WITH_DES_.*</sec:include>
          <sec:include>.*_WITH_AES_.*</sec:include>
          <sec:include>.*_WITH_NULL_.*</sec:include>
          <sec:exclude>.*_DH_anon_.*</sec:exclude>
        </sec:cipherSuitesFilter>
        <sec:clientAuthentication want="true" required="true"/>
      </httpj:tlsServerParameters>
    </httpj:engine>
  </httpj:engine-factory>
</bean> 

Add the static content pages into the jetty server

The CXF standalone http transport is based on the jetty server. The code below shows how to get the jetty server from the destination and how to add the static content path to the jetty server.

    // get the jetty server form the destination
    EndpointInfo ei = new EndpointInfo();
    ei.setAddress(serviceFactory.getAddress());
    Destination destination = df.getDestination(ei);
    JettyHTTPDestination jettyDestination = (JettyHTTPDestination) destination;
    ServerEngine engine = jettyDestination.getEngine();
    Handler handler = engine.getServant(new URL(serviceFactory.getAddress()));
    org.mortbay.jetty.Server server = handler.getServer(); // The Server

    // We have to create a HandlerList structure that includes both a ResourceHandler for the static
    // content as well as the ContextHandlerCollection created by CXF (which we retrieve as serverHandler). 
    Handler serverHandler = server.getHandler();
    HandlerList handlerList = new HandlerList();
    ResourceHandler resourceHandler = new ResourceHandler();
    handlerList.addHandler(resourceHandler);
    handlerList.addHandler(serverHandler);

    // replace the CXF servlet connect collection with the list.
    server.setHandler(handlerList);
    // and tell the handler list that it is alive.
    handlerList.start();

    // setup the resource handler
    File staticContentFile = new File(staticContentPath); // ordinary pathname.
    URL targetURL = new URL("file://" + staticContentFile.getCanonicalPath());
    FileResource fileResource = new FileResource(targetURL);
    resourceHandler.setBaseResource(fileResource);