You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by tog <gu...@gmail.com> on 2007/11/28 19:54:16 UTC
Using https ...
I would like to use https support for a code first approach ...
In order to do this I have looked at
http://cwiki.apache.org/CXF20DOC/standalone-http-transport.html, here
my question is to know whether or not thiese destinntions are
customizable by API ?
Let's call this aproach 0
On a second hand, I found http://cwiki.apache.org/CXF20DOC/ws-security.html
>From this page, I understand two possibilities:
1- Being possile to use user/password pair to crypt the message.
Here I thing there is a typo because
outProps.setProperty(WSHandlerConstants.ACTION,
WSHandlerConstants.USERNAME_TOKEN);
shoul be read:
outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
2- same as one using certificates.
The qestions I ghave are;
- Are 0 and 2 the same ?
- Will they work mixing dynamic jaxb client and Aegis binding ?
Best Regards
Guillaume
--
Best Regards
Guillaume
http://cheztog.blogspot.com
Re: Using https ...
Posted by tog <gu...@gmail.com>.
Sure that helps a lot ...
I want to do all that programmatically, is there some sample showing
this (see my other thread)
Thanks
Guillaume
On Nov 29, 2007 10:23 PM, Fred Dushin <fr...@dushin.net> wrote:
> Correct -- on the server side, https requires step 0, though you also
> need to do a bit more than just setting the server factory. You
> should have a look at the https sample in the distribution for the
> full picture. The basic idea is that you configure the physical port/
> socket using TLS certs. You also need to make sure that the protocol
> in the soap:address in the WSDL port is "https". If you're spring-
> loading your server (as opposed to publishing it programatically),
> you also need to wire the spring dependency (with a "depends-on").
>
> On the client side, you configure the http conduit using similar TLS
> settings. Again, the https sample should show you the pattern to use.
>
> Hope that helps,
> -Fred
>
>
> On Nov 28, 2007, at 6:07 PM, tog wrote:
>
> > So basically doing encryption using https requires only 0. Right ?
> > Is there something to do on the client side ?
> >
> > Cheers
> > Guillaume
> >
> > On Nov 29, 2007 5:20 AM, Fred Dushin <fr...@dushin.net> wrote:
> >> Okay, I think I understand what you are asking.
> >>
> >> Your 0 refers to configuring keys and certificates for HTTP/S. Your
> >> 2 refers to configuring keys and certificates for WS-Security -- and
> >> in particular, message protection. So no, the 2 are quite different.
> >>
> >> Is that what you were asking?
> >>
> >>
> >> On Nov 28, 2007, at 3:51 PM, tog wrote:
> >>
> >>>>> 2- same as one using certificates.
> >>>>
> >>>> Could you clarify what you mean by 2?
> >>>
> >>> As 1 is using username/password 2 is using certificates stored in
> >>> keystore.
> >>
> >>
> >
> >
> >
> > --
> >
> > Best Regards
> > Guillaume
> > http://cheztog.blogspot.com
> >
>
>
--
Best Regards
Guillaume
http://cheztog.blogspot.com
Re: Using https ...
Posted by Fred Dushin <fr...@dushin.net>.
Correct -- on the server side, https requires step 0, though you also
need to do a bit more than just setting the server factory. You
should have a look at the https sample in the distribution for the
full picture. The basic idea is that you configure the physical port/
socket using TLS certs. You also need to make sure that the protocol
in the soap:address in the WSDL port is "https". If you're spring-
loading your server (as opposed to publishing it programatically),
you also need to wire the spring dependency (with a "depends-on").
On the client side, you configure the http conduit using similar TLS
settings. Again, the https sample should show you the pattern to use.
Hope that helps,
-Fred
On Nov 28, 2007, at 6:07 PM, tog wrote:
> So basically doing encryption using https requires only 0. Right ?
> Is there something to do on the client side ?
>
> Cheers
> Guillaume
>
> On Nov 29, 2007 5:20 AM, Fred Dushin <fr...@dushin.net> wrote:
>> Okay, I think I understand what you are asking.
>>
>> Your 0 refers to configuring keys and certificates for HTTP/S. Your
>> 2 refers to configuring keys and certificates for WS-Security -- and
>> in particular, message protection. So no, the 2 are quite different.
>>
>> Is that what you were asking?
>>
>>
>> On Nov 28, 2007, at 3:51 PM, tog wrote:
>>
>>>>> 2- same as one using certificates.
>>>>
>>>> Could you clarify what you mean by 2?
>>>
>>> As 1 is using username/password 2 is using certificates stored in
>>> keystore.
>>
>>
>
>
>
> --
>
> Best Regards
> Guillaume
> http://cheztog.blogspot.com
>
Re: Using https ...
Posted by tog <gu...@gmail.com>.
So basically doing encryption using https requires only 0. Right ?
Is there something to do on the client side ?
Cheers
Guillaume
On Nov 29, 2007 5:20 AM, Fred Dushin <fr...@dushin.net> wrote:
> Okay, I think I understand what you are asking.
>
> Your 0 refers to configuring keys and certificates for HTTP/S. Your
> 2 refers to configuring keys and certificates for WS-Security -- and
> in particular, message protection. So no, the 2 are quite different.
>
> Is that what you were asking?
>
>
> On Nov 28, 2007, at 3:51 PM, tog wrote:
>
> >>> 2- same as one using certificates.
> >>
> >> Could you clarify what you mean by 2?
> >
> > As 1 is using username/password 2 is using certificates stored in
> > keystore.
>
>
--
Best Regards
Guillaume
http://cheztog.blogspot.com
Re: Using https ...
Posted by Fred Dushin <fr...@dushin.net>.
Okay, I think I understand what you are asking.
Your 0 refers to configuring keys and certificates for HTTP/S. Your
2 refers to configuring keys and certificates for WS-Security -- and
in particular, message protection. So no, the 2 are quite different.
Is that what you were asking?
On Nov 28, 2007, at 3:51 PM, tog wrote:
>>> 2- same as one using certificates.
>>
>> Could you clarify what you mean by 2?
>
> As 1 is using username/password 2 is using certificates stored in
> keystore.
Re: Using https ...
Posted by tog <gu...@gmail.com>.
>
> Ew. That's some awfully stale wiki. You can't configure a server
> endpoint for SSL using a destination any more. See
>
> https://svn.apache.org/repos/asf/incubator/cxf/tags/cxf-2.0.3-
> incubator/distribution/src/main/release/samples/wsdl_first_https/
> CherryServer.cxf
>
> for what your server-side config should really look like.
>
> As far as customizing this stuff programatically is concerned, can
> you say more about what you're trying to do?
I am trying to avoid any XML file.
>
> >
> > On a second hand, I found http://cwiki.apache.org/CXF20DOC/ws-
> > security.html
> > From this page, I understand two possibilities:
> >
> > 1- Being possile to use user/password pair to crypt the message.
> > Here I thing there is a typo because
> > outProps.setProperty(WSHandlerConstants.ACTION,
> > WSHandlerConstants.USERNAME_TOKEN);
> >
> > shoul be read:
> > outProps.put(WSHandlerConstants.ACTION,
> > WSHandlerConstants.USERNAME_TOKEN);
> >
> > 2- same as one using certificates.
>
> Could you clarify what you mean by 2?
As 1 is using username/password 2 is using certificates stored in keystore.
>
--
Best Regards
Guillaume
http://cheztog.blogspot.com
Re: Using https ...
Posted by Fred Dushin <fr...@dushin.net>.
On Nov 28, 2007, at 1:54 PM, tog wrote:
> I would like to use https support for a code first approach ...
> In order to do this I have looked at
> http://cwiki.apache.org/CXF20DOC/standalone-http-transport.html, here
> my question is to know whether or not thiese destinntions are
> customizable by API ?
> Let's call this aproach 0
Ew. That's some awfully stale wiki. You can't configure a server
endpoint for SSL using a destination any more. See
https://svn.apache.org/repos/asf/incubator/cxf/tags/cxf-2.0.3-
incubator/distribution/src/main/release/samples/wsdl_first_https/
CherryServer.cxf
for what your server-side config should really look like.
As far as customizing this stuff programatically is concerned, can
you say more about what you're trying to do?
>
> On a second hand, I found http://cwiki.apache.org/CXF20DOC/ws-
> security.html
> From this page, I understand two possibilities:
>
> 1- Being possile to use user/password pair to crypt the message.
> Here I thing there is a typo because
> outProps.setProperty(WSHandlerConstants.ACTION,
> WSHandlerConstants.USERNAME_TOKEN);
>
> shoul be read:
> outProps.put(WSHandlerConstants.ACTION,
> WSHandlerConstants.USERNAME_TOKEN);
>
> 2- same as one using certificates.
Could you clarify what you mean by 2?