You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by jaybytez <ja...@yahoo.com> on 2011/03/08 18:32:41 UTC
CXF - Support 2-way SSL?
Does CXF support two way SSL? And if so, is this done purely through the
configuration of http:conduit?
Based on the following blogs, there is some good SSL information:
http://aruld.info/programming-ssl-for-jetty-based-cxf-services/
http://www.knowledgetip.com/index.php/home/software-development/1-java/32-sslauthentication
http://www.quendor.org/archiv/428#comments
But I don't see anything that essentially describes 2-way SSL.
The following is a snippet of my http:conduit...and I missing anything:
.*_EXPORT_.*
.*_EXPORT1024_.*
.*_WITH_DES_.*
.*_WITH_NULL_.*
.*_RSA_.*
.*_DH_anon_.*
Thanks,
Jay
--
View this message in context: http://cxf.547215.n5.nabble.com/CXF-Support-2-way-SSL-tp3414301p3414301.html
Sent from the cxf-user mailing list archive at Nabble.com.
RE: CXF - Support 2-way SSL?
Posted by Sven Zethelius <sv...@expedia.com>.
I'm not sure of the XML declaration, but the code to support 2 way SSL (Mutual Authentication) is there. I'm pretty sure the XML support is there, I just don't use it so don't know the particulars.
org.apache.cxf.configuration.jsse.TLSClientParameters.setKeyManagers(...) is what would enable 2-way on the client.
-----Original Message-----
From: Daniel Kulp [mailto:dkulp@apache.org]
Sent: Tuesday, March 08, 2011 12:52 PM
To: users@cxf.apache.org
Cc: jaybytez
Subject: Re: CXF - Support 2-way SSL?
On Tuesday 08 March 2011 12:32:41 PM jaybytez wrote:
> Does CXF support two way SSL?
Honestly, I have no idea. I assume the answer is yes.
> And if so, is this done purely through the
> configuration of http:conduit?
Yep.
Not sure what to suggest without a testcase or even a stack trace as to what's
happening. My initial inclination is to suggest you change your definition
to use a url name. Like:
<http:conduit name="https://localhost:8443/.*">
(note the .* wildcard on the end)
To make sure it's being picked up. That's one of the main problems is not
getting the name right on that and thus the settings are getting picked up
properly.
Dan
>
> Based on the following blogs, there is some good SSL information:
>
> http://aruld.info/programming-ssl-for-jetty-based-cxf-services/
> http://www.knowledgetip.com/index.php/home/software-development/1-java/32-s
> slauthentication http://www.quendor.org/archiv/428#comments
>
> But I don't see anything that essentially describes 2-way SSL.
>
> The following is a snippet of my http:conduit...and I missing anything:
>
>
>
>
>
>
>
>
>
>
>
> .*_EXPORT_.*
> .*_EXPORT1024_.*
> .*_WITH_DES_.*
> .*_WITH_NULL_.*
> .*_RSA_.*
> .*_DH_anon_.*
>
>
>
>
>
> Thanks,
>
> Jay
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/CXF-Support-2-way-SSL-tp3414301p3414301.ht
> ml Sent from the cxf-user mailing list archive at Nabble.com.
--
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog
Talend - http://www.talend.com
Re: CXF - Support 2-way SSL?
Posted by Daniel Kulp <dk...@apache.org>.
On Tuesday 08 March 2011 12:32:41 PM jaybytez wrote:
> Does CXF support two way SSL?
Honestly, I have no idea. I assume the answer is yes.
> And if so, is this done purely through the
> configuration of http:conduit?
Yep.
Not sure what to suggest without a testcase or even a stack trace as to what's
happening. My initial inclination is to suggest you change your definition
to use a url name. Like:
<http:conduit name="https://localhost:8443/.*">
(note the .* wildcard on the end)
To make sure it's being picked up. That's one of the main problems is not
getting the name right on that and thus the settings are getting picked up
properly.
Dan
>
> Based on the following blogs, there is some good SSL information:
>
> http://aruld.info/programming-ssl-for-jetty-based-cxf-services/
> http://www.knowledgetip.com/index.php/home/software-development/1-java/32-s
> slauthentication http://www.quendor.org/archiv/428#comments
>
> But I don't see anything that essentially describes 2-way SSL.
>
> The following is a snippet of my http:conduit...and I missing anything:
>
>
>
>
>
>
>
>
>
>
>
> .*_EXPORT_.*
> .*_EXPORT1024_.*
> .*_WITH_DES_.*
> .*_WITH_NULL_.*
> .*_RSA_.*
> .*_DH_anon_.*
>
>
>
>
>
> Thanks,
>
> Jay
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/CXF-Support-2-way-SSL-tp3414301p3414301.ht
> ml Sent from the cxf-user mailing list archive at Nabble.com.
--
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog
Talend - http://www.talend.com
Re: CXF - Support 2-way SSL?
Posted by Colm O hEigeartaigh <co...@apache.org>.
For 1-way SSL, the client just needs to trust the server, so the
client needs a truststore, and the server needs a keystore. For 2-way
SSL, the server also needs to trust the client, so they both need a
keystore and truststore configured, and the server policy must be
configured to demand a client cert, e.g.:
<sec:clientAuthentication want="true" required="true"/>
Colm.
On Tue, Mar 8, 2011 at 5:32 PM, jaybytez <ja...@yahoo.com> wrote:
> Does CXF support two way SSL? And if so, is this done purely through the
> configuration of http:conduit?
>
> Based on the following blogs, there is some good SSL information:
>
> http://aruld.info/programming-ssl-for-jetty-based-cxf-services/
> http://www.knowledgetip.com/index.php/home/software-development/1-java/32-sslauthentication
> http://www.quendor.org/archiv/428#comments
>
> But I don't see anything that essentially describes 2-way SSL.
>
> The following is a snippet of my http:conduit...and I missing anything:
>
>
>
>
>
>
>
>
>
>
>
> .*_EXPORT_.*
> .*_EXPORT1024_.*
> .*_WITH_DES_.*
> .*_WITH_NULL_.*
> .*_RSA_.*
> .*_DH_anon_.*
>
>
>
>
>
> Thanks,
>
> Jay
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/CXF-Support-2-way-SSL-tp3414301p3414301.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>