git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Configuring a CFXEndPoint with multiple certificates


We are trying to make client requests to a SOAP web service using the Apache CXF component from a central Camel server. The endpoint
is always the same address, however, the owner of the endpoint wants a different SSL certificate depending on which of our high street stores
the request originates from.
We have created one CFXEndpoint per store, each with its own CxfEndpointConfigurer that sets up the conduit's TlsClientParameters with
the correct certificate store information. Then we've used a RecipientList in the route to dynamically select the correct endpoint with the
relevant certificate.
Unfortunately, because the endpoints all share the same address, the configureClient method on the CxfEndpointConfigurer is only ever
called once, even though each endpoint has a different instance containing different SSL configuration info. This results in all the endpoint
instances sharing the same certificate. As a test we changed the endpoint address for one of the CFXEndpoint instances and saw that its
related configureClient was called correctly.
So it appears that if CFXEndPoints have different addresses then their CxfEndpointConfigurer will be called, but if 2 or more endpoint instances
share the same address then the CxfEndpointConfigurer is only called once even though those configurers are different instances with different
configurations.
Does anyone have any advice on how we can dynamically allocate certificates to the same endpoint based on message content (store id effectively)?

Richard Davis | Architect | Healthcare | Boots IT
D90 East EG03| 1 Thane Road | Nottingham | NG90 1BS
* Internal: 725481 | * External: +44(0) 115 959 5481 | * Email: richard.davis@xxxxxxxxxxx<mailto:richard.davis@xxxxxxxxxxx>



Boots UK Limited, Registered 928555, Nottingham NG2 3AA This e-mail (including any attachments) is confidential. It may be read, copied and used only by the intended recipient. If you are not the intended recipient you should not copy it or use it for any purpose or disclose its contents to any other person. If you have received this message in error, please notify us and remove it from your system. We cannot accept liability for any damage you incur as a result of virus infection.