You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by qu...@aol.com on 2008/02/05 18:44:35 UTC
Ensuring CXF soap is behind SSL
I want to make sure any messages not encrypted with SSL are rejected by the CXF container. What configuration is neccessary for this?
I've tried setting the location to an https address but this is unsufficient. The only documentation I've found on the subject refers to client, not server, configuration.
? <wsdl:service name="HelloWorldService">
??? <wsdl:port binding="impl:HelloWorldServiceSoapBinding" name="HelloWorldService">
????? <wsdlsoap:address location="https://localhost:8080/HelloWorldService"/>
??? </wsdl:port>
? </wsdl:service>
Thanks!
________________________________________________________________________
More new features than ever. Check out the new AOL Mail ! - http://webmail.aol.com
Re: Ensuring CXF soap is behind SSL
Posted by Fred Dushin <fr...@dushin.net>.
Apropos to that, the TLSSessionInfo structure on the message should
give you everything you want:
http://svn.apache.org/repos/asf/incubator/cxf/trunk/api/src/main/java/org/apache/cxf/security/transport/TLSSessionInfo.java
Currently this is plumbed through only for HTTP, though it should work
in both transports (jetty and servlet)
-Fred
On Feb 5, 2008, at 2:28 PM, Daniel Kulp wrote:
>
> You may need to write a simple interceptor that would grab the
> HttpServletRequest object out of the message and checks the security
> stuff. It shouldn't be too hard to write.
>
> There might be some policy things along with the ws-security stuff
> that
> could enforce it with the ws-security module, but that would
> definitely
> cause a performance hit due to the security module dropping to saaj
> mode. I'm not really sure anyway. Fred may need to answer that
> one.
>
>
> Dan
>
>
> On Tuesday 05 February 2008, quakexpert@aol.com wrote:
>> I want to make sure any messages not encrypted with SSL are rejected
>> by the CXF container. What configuration is neccessary for this?
>>
>> I've tried setting the location to an https address but this is
>> unsufficient. The only documentation I've found on the subject refers
>> to client, not server, configuration.
>>
>> ? <wsdl:service name="HelloWorldService">
>> ??? <wsdl:port binding="impl:HelloWorldServiceSoapBinding"
>> name="HelloWorldService"> ????? <wsdlsoap:address
>> location="https://localhost:8080/HelloWorldService"/> ??? </
>> wsdl:port>
>> ? </wsdl:service>
>>
>> Thanks!
>>
>>
>>
>> ______________________________________________________________________
>> __ More new features than ever. Check out the new AOL Mail ! -
>> http://webmail.aol.com
>
>
>
> --
> J. Daniel Kulp
> Principal Engineer, IONA
> dkulp@apache.org
> http://www.dankulp.com/blog
>
Re: Ensuring CXF soap is behind SSL
Posted by Daniel Kulp <dk...@apache.org>.
You may need to write a simple interceptor that would grab the
HttpServletRequest object out of the message and checks the security
stuff. It shouldn't be too hard to write.
There might be some policy things along with the ws-security stuff that
could enforce it with the ws-security module, but that would definitely
cause a performance hit due to the security module dropping to saaj
mode. I'm not really sure anyway. Fred may need to answer that one.
Dan
On Tuesday 05 February 2008, quakexpert@aol.com wrote:
> I want to make sure any messages not encrypted with SSL are rejected
> by the CXF container. What configuration is neccessary for this?
>
> I've tried setting the location to an https address but this is
> unsufficient. The only documentation I've found on the subject refers
> to client, not server, configuration.
>
> ? <wsdl:service name="HelloWorldService">
> ??? <wsdl:port binding="impl:HelloWorldServiceSoapBinding"
> name="HelloWorldService"> ????? <wsdlsoap:address
> location="https://localhost:8080/HelloWorldService"/> ??? </wsdl:port>
> ? </wsdl:service>
>
> Thanks!
>
>
>
> ______________________________________________________________________
>__ More new features than ever. Check out the new AOL Mail ! -
> http://webmail.aol.com
--
J. Daniel Kulp
Principal Engineer, IONA
dkulp@apache.org
http://www.dankulp.com/blog
Re: Ensuring CXF soap is behind SSL
Posted by qu...@aol.com.
thanks ill try this out
-----Original Message-----
From: Glen Mazza <gl...@verizon.net>
To: cxf-user@incubator.apache.org
Sent: Tue, 5 Feb 2008 8:51 pm
Subject: Re: Ensuring CXF soap is behind SSL
I believe that can be enforced in the web.xml file that you distribute
your WAR with. For example, (another web app unrelated to web
services), line 41-51 of web.xml: http://tinyurl.com/yp6faz
Glen
Am Dienstag, den 05.02.2008, 12:44 -0500 schrieb quakexpert@aol.com:
> I want to make sure any messages not encrypted with SSL are rejected by the
CXF container. What configuration is neccessary for this?
>
> I've tried setting the location to an https address but this is unsufficient.
The only documentation I've found on the subject refers to client, not server,
configuration.
>
> ? <wsdl:service name="HelloWorldService">
> ??? <wsdl:port binding="impl:HelloWorldServiceSoapBinding"
name="HelloWorldService">
> ????? <wsdlsoap:address location="https://localhost:8080/HelloWorldService"/>
> ??? </wsdl:port>
> ? </wsdl:service>
>
> Thanks!
>
>
>
> ________________________________________________________________________
> More new features than ever. Check out the new AOL Mail ! -
http://webmail.aol.com
________________________________________________________________________
More new features than ever. Check out the new AOL Mail ! - http://webmail.aol.com
Re: Ensuring CXF soap is behind SSL
Posted by Glen Mazza <gl...@verizon.net>.
I believe that can be enforced in the web.xml file that you distribute
your WAR with. For example, (another web app unrelated to web
services), line 41-51 of web.xml: http://tinyurl.com/yp6faz
Glen
Am Dienstag, den 05.02.2008, 12:44 -0500 schrieb quakexpert@aol.com:
> I want to make sure any messages not encrypted with SSL are rejected by the CXF container. What configuration is neccessary for this?
>
> I've tried setting the location to an https address but this is unsufficient. The only documentation I've found on the subject refers to client, not server, configuration.
>
> ? <wsdl:service name="HelloWorldService">
> ??? <wsdl:port binding="impl:HelloWorldServiceSoapBinding" name="HelloWorldService">
> ????? <wsdlsoap:address location="https://localhost:8080/HelloWorldService"/>
> ??? </wsdl:port>
> ? </wsdl:service>
>
> Thanks!
>
>
>
> ________________________________________________________________________
> More new features than ever. Check out the new AOL Mail ! - http://webmail.aol.com
Re: Ensuring CXF soap is behind SSL
Posted by Eric Miles <er...@kronos.com>.
If you're using Spring and Acegi, you could use a secure channel filter.
On Tue, 2008-02-05 at 12:44 -0500, quakexpert@aol.com wrote:
> I want to make sure any messages not encrypted with SSL are rejected by the CXF container. What configuration is neccessary for this?
>
> I've tried setting the location to an https address but this is unsufficient. The only documentation I've found on the subject refers to client, not server, configuration.
>
> ? <wsdl:service name="HelloWorldService">
> ??? <wsdl:port binding="impl:HelloWorldServiceSoapBinding" name="HelloWorldService">
> ????? <wsdlsoap:address location="https://localhost:8080/HelloWorldService"/>
> ??? </wsdl:port>
> ? </wsdl:service>
>
> Thanks!
>
>
>
> ________________________________________________________________________
> More new features than ever. Check out the new AOL Mail ! - http://webmail.aol.com