You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Christian Vest Hansen <ka...@gmail.com> on 2007/08/20 12:15:51 UTC
Why the HTTPS hassle
Hi,
I don't get why I must do all this configuration of cxf in order to
make it access external web services over HTTPS when my web browser is
able to access web sites over HTTPS so easily.
Can someone explain this?
Besides, if I must provide all sorts of configurations in a
http:conduit element in my beans.xml, then isn't there a way to make
this configuration apply to more than one service/port pair?
--
Venlig hilsen / Kind regards,
Christian Vest Hansen.
Re: Why the HTTPS hassle
Posted by Willem Jiang <ni...@iona.com>.
Hi
Please see my comment in the mail.
Fred Dushin wrote:
> On Aug 20, 2007, at 6:15 AM, Christian Vest Hansen wrote:
>
>> Hi,
>>
>> I don't get why I must do all this configuration of cxf in order to
>> make it access external web services over HTTPS when my web browser is
>> able to access web sites over HTTPS so easily.
>>
>> Can someone explain this?
>
> I'm not sure what you mean here. CXF is a piece of infrastructure.
> It can't really make the same assumptions that a Web browser -- an
> end-user piece of software -- can. In particular, CXF gives you the
> ability to make fine-grained trust decisions that web browsers aren't
> really capable of -- mostly because of the trust model they are based on.
>
>>
>> Besides, if I must provide all sorts of configurations in a
>> http:conduit element in my beans.xml, then isn't there a way to make
>> this configuration apply to more than one service/port pair?
>
> That's certainly a valid question, and one for which I don't think
> there is a real answer, currently. All configuration for SSL is done
> at endpoint granularity. Feel free to raise an enhancement request,
> though.
>
>
Current CXF configuration supports configuring with wild card , eg.
<http:conduit name="*.http-conduit">
.....
</http:conduit>
CXF will apply the upper configuration to all HttpConduit class instance.
>>
>>
>> --
>> Venlig hilsen / Kind regards,
>> Christian Vest Hansen.
>>
>
Willem.
Re: Why the HTTPS hassle
Posted by Fred Dushin <fr...@dushin.net>.
On Aug 20, 2007, at 6:15 AM, Christian Vest Hansen wrote:
> Hi,
>
> I don't get why I must do all this configuration of cxf in order to
> make it access external web services over HTTPS when my web browser is
> able to access web sites over HTTPS so easily.
>
> Can someone explain this?
I'm not sure what you mean here. CXF is a piece of infrastructure.
It can't really make the same assumptions that a Web browser -- an
end-user piece of software -- can. In particular, CXF gives you the
ability to make fine-grained trust decisions that web browsers aren't
really capable of -- mostly because of the trust model they are based
on.
>
> Besides, if I must provide all sorts of configurations in a
> http:conduit element in my beans.xml, then isn't there a way to make
> this configuration apply to more than one service/port pair?
That's certainly a valid question, and one for which I don't think
there is a real answer, currently. All configuration for SSL is done
at endpoint granularity. Feel free to raise an enhancement request,
though.
>
>
> --
> Venlig hilsen / Kind regards,
> Christian Vest Hansen.
>