You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Daniel Kulp <dk...@apache.org> on 2009/06/01 18:03:25 UTC

Re: Custom TLS TrustManager

On Thu May 28 2009 3:11:32 pm ning_sunrise wrote:
> Hi John:
>     Did you find clue?  I have same problem. Thanks

I don't think it's possible.    I ran into the same issue when trying to debug 
some ssl things and ended up putting some temporary code into the 
HttpsURLConnectionFactory to put a null TrustManager in place.   The code is 
still there, just commented out.

Right now, it looks like the TrustManagers can only be created via the normal 
javax.net.ssl.TrustManagerFactory mechanisms.  Thus, to use a custom 
TrustManager, you have to create and register your own TrustManagerFactory 
which involves all kinds of yucky things like signed jars and stuff.   Not 
fun.  I'd LOVE to see a JIRA issue filed with a patch to support something 
simpler.     Maybe on the TrustManagersType schema type, add a "bean" 
attribute or something that can point to a separate spring bean or something.

Dan



>     Ning
>
> John Hite wrote:
> > Hi,
> >
> >
> >
> > I have a jaxws web service that runs over https. I need the client to use
> > a
> > custom TrustManager that we have implemented. I know how to do this
> > programmatically, but I would like to be able to do this in a
> > configuration
> > file so I can use Spring to handle the client creation. I looked at
> > http://cxf.apache.org/schemas/configuration/security.xsd as well as the
> > getTrustManagers(TrustManagersType tmc) code and it does not look like
> > this
> > is supported.
> >
> >
> >
> > Does anyone know a work around? Are there plans to implement this
> > functionality?
> >
> >
> >
> >
> >
> > Here is the code that I have that installs the custom trust manager. This
> > is
> > what I want to be able to do in configuration.
> >
> >
> >
> > JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
> >
> > factory.setServiceClass(com.mycompany.Service.class);
> >
> > factory.setAddress(Configuration.getInstance().getConsoleURL());
> >
> > Session.service = (com.mycompany.Service) factory.create();
> >
> >
> >
> > Client client = ClientProxy.getClient(Session.adc);
> >
> > HTTPConduit http = (HTTPConduit) client.getConduit();
> >
> >
> >
> > TLSClientParameters tls = new TLSClientParameters();
> >
> >
> >
> > tls.setDisableCNCheck(true);
> >
> > tls.setTrustManagers(new TrustManager[]{new CustomTrustManager()});
> >
> >
> >
> > http.setTlsClientParameters(tls);
> >
> >
> >
> > Thanks,
> >
> > John

-- 
Daniel Kulp
dkulp@apache.org
http://www.dankulp.com/blog