javacxfwildfly-9cxf-clientjbossws

Use DefaultSSLSocketFactory in WildFly/CXF Webservice client


I'm hoping someone can help me with this. I'm using the following :

and I am dealing with an integration issue with a partner endpoint related to SNI in the HTTPS handshake. Following along with another site (here) I have been able to create a custom SSLSocketFactory and set that as the default SSLSocketFactory, but then I ran into the issue where CXF does not use the default SSLSocketFactory(here). With that I have not found a way to inform CXF to use the default SSLSocketFactory through configuration.

By debugging I was able to set the httpsURLConnectionDefaultHostnameVerifier on the TLSClientParameters to true and confirmed that this resolves the issue. I have also seen a number of posts that imply that this value can be set via a configuration file(JBoss WS config or CXF config) or as a startup parameter, but I have not been able to find a way to do this.

Has anyone else been able to accomplish this and if so can you share how?


Solution

  • So the only answer I could find to this particular issue was pretty brute force/ugly, but here goes in hopes it may save someone some pain later.

    1. I created a custom SSLSocketFactory and set that as the default at startup.
    2. This factory will return a custom connection implementation that extends the CXF extend the SOAPConnectionImpl that will set setUseHttpsURLConnectionDefaultSslSocketFactory to true on the TLSClientParameters.
    3. This is set on the URLConnectionHTTPConduit in turn
    4. Lastly I had to use a ThreadLocal class to hold the host name which is used by the custom SSLSocketFactory