You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Tóth Csaba <ig...@domen.hu> on 2018/06/13 15:18:33 UTC
cxf client with conduit and dynamic endpoint
Hello!
I need to put a client into the webapp what communicate over ssl and
before every call need to evaluate and maybe change the endpoint url.
I set up the system via cxf-servlet.xml:
<jaxws:client id="LDAPRequesterBean"
serviceClass="ihe.iti.hpd._2010.ProviderInformationDirectoryPortType"
address="https://myserver.com/mypath">
<jaxws:binding>
<soap:soapBinding version="1.2" mtomEnabled="true" />
</jaxws:binding>
</jaxws:client>
<bean id="LDAPClientBean" class="mypackage.LDAPClient" >
<property name="lDapRequesterBean" ref="LDAPRequesterBean"/>
</bean>
<http:conduit name="https://myserver_1/.*">
<http:tlsClientParameters>
...
</http:conduit>
<http:conduit name="https://myserver_1/.*">
<http:tlsClientParameters>
...
</http:conduit>
and in the client I change the endpoint:
endpoint = //evaluate and change it, if needed
BindingProvider bindingProvider = (BindingProvider)
lDapRequesterBean;
bindingProvider.getRequestContext()
.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, endpoint);
And its working, for the first time. (endpoint A)
If It changed the url (endpoint B) (the 2nd call must go to another
endpoint), I get SSL error.
After I restart the tomcat, and try first with this url (endpoint B),
its working, but next not working with the first URL (endpoint A)
I think, its some caching problem, but not find where, and how can I
turn off
Thanx
Csaba
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
Re: cxf client with conduit and dynamic endpoint
Posted by Tóth Csaba <ig...@domen.hu>.
Hello!
Meanwhile i did the same, create (config) more proxy with fixed address,
and dynamic choose one.
Thanx
Csaba
On 2018-06-21 13:42, James Carman wrote:
> What I do in these situations is generate multiple client proxies for each
> endpoint and then put a dynamic proxy in front of them to do the switching
> between them. The client proxies aren’t too expensive to create.
>
> On Wed, Jun 13, 2018 at 11:18 AM Tóth Csaba <ig...@domen.hu> wrote:
>
>> Hello!
>> I need to put a client into the webapp what communicate over ssl and
>> before every call need to evaluate and maybe change the endpoint url.
>> I set up the system via cxf-servlet.xml:
>>
>> <jaxws:client id="LDAPRequesterBean"
>> serviceClass="ihe.iti.hpd._2010.ProviderInformationDirectoryPortType"
>> address="https://myserver.com/mypath">
>>
>> <jaxws:binding>
>> <soap:soapBinding version="1.2" mtomEnabled="true" />
>> </jaxws:binding>
>> </jaxws:client>
>>
>> <bean id="LDAPClientBean" class="mypackage.LDAPClient" >
>> <property name="lDapRequesterBean" ref="LDAPRequesterBean"/>
>> </bean>
>>
>> <http:conduit name="https://myserver_1/.*">
>> <http:tlsClientParameters>
>> ...
>> </http:conduit>
>>
>> <http:conduit name="https://myserver_1/.*">
>> <http:tlsClientParameters>
>> ...
>> </http:conduit>
>>
>> and in the client I change the endpoint:
>>
>> endpoint = //evaluate and change it, if needed
>>
>> BindingProvider bindingProvider = (BindingProvider)
>> lDapRequesterBean;
>> bindingProvider.getRequestContext()
>> .put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, endpoint);
>>
>> And its working, for the first time. (endpoint A)
>> If It changed the url (endpoint B) (the 2nd call must go to another
>> endpoint), I get SSL error.
>> After I restart the tomcat, and try first with this url (endpoint B),
>> its working, but next not working with the first URL (endpoint A)
>>
>> I think, its some caching problem, but not find where, and how can I
>> turn off
>>
>> Thanx
>> Csaba
>>
>> ---
>> This email has been checked for viruses by Avast antivirus software.
>> https://www.avast.com/antivirus
>>
>>
Re: cxf client with conduit and dynamic endpoint
Posted by James Carman <ja...@carmanconsulting.com>.
What I do in these situations is generate multiple client proxies for each
endpoint and then put a dynamic proxy in front of them to do the switching
between them. The client proxies aren’t too expensive to create.
On Wed, Jun 13, 2018 at 11:18 AM Tóth Csaba <ig...@domen.hu> wrote:
> Hello!
> I need to put a client into the webapp what communicate over ssl and
> before every call need to evaluate and maybe change the endpoint url.
> I set up the system via cxf-servlet.xml:
>
> <jaxws:client id="LDAPRequesterBean"
> serviceClass="ihe.iti.hpd._2010.ProviderInformationDirectoryPortType"
> address="https://myserver.com/mypath">
>
> <jaxws:binding>
> <soap:soapBinding version="1.2" mtomEnabled="true" />
> </jaxws:binding>
> </jaxws:client>
>
> <bean id="LDAPClientBean" class="mypackage.LDAPClient" >
> <property name="lDapRequesterBean" ref="LDAPRequesterBean"/>
> </bean>
>
> <http:conduit name="https://myserver_1/.*">
> <http:tlsClientParameters>
> ...
> </http:conduit>
>
> <http:conduit name="https://myserver_1/.*">
> <http:tlsClientParameters>
> ...
> </http:conduit>
>
> and in the client I change the endpoint:
>
> endpoint = //evaluate and change it, if needed
>
> BindingProvider bindingProvider = (BindingProvider)
> lDapRequesterBean;
> bindingProvider.getRequestContext()
> .put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, endpoint);
>
> And its working, for the first time. (endpoint A)
> If It changed the url (endpoint B) (the 2nd call must go to another
> endpoint), I get SSL error.
> After I restart the tomcat, and try first with this url (endpoint B),
> its working, but next not working with the first URL (endpoint A)
>
> I think, its some caching problem, but not find where, and how can I
> turn off
>
> Thanx
> Csaba
>
> ---
> This email has been checked for viruses by Avast antivirus software.
> https://www.avast.com/antivirus
>
>
Re: cxf client with conduit and dynamic endpoint
Posted by Tóth Csaba <ig...@domen.hu>.
Hello!
If somebody prepare the two service (same server cert, different client
cert, over tls, some simple webservice), I can create a client for it,
and than we have a test case.
Csaba
On 2018-06-19 11:06, Tóth Csaba wrote:
> Hello!
> No, i dont have test case, I'm not an expert to create a test case
> with tls client cert services and all needed component.
> Because i try develop a client, I even dont know how to start to
> develop the services with certification.
>
> sorry
> Csaba
>
> On 2018-06-19 10:37, Colm O hEigeartaigh wrote:
>>
>> Do you have a test-case I can run to reproduce the problem?
>>
>> Colm.
>>
>> On Tue, Jun 19, 2018 at 8:52 AM, Tóth Csaba <ignis@domen.hu
>> <ma...@domen.hu>> wrote:
>>
>> Hello!
>> I did some research:
>>
>> I tired to debug the certification selection methods, and found
>> this class (TLSClientParametersConfig). this handle the tls config
>> from the config file.
>> - its run only once (even if need another config for another
>> endpoint)
>> - its parse only one conduit, and the end get back only one key.
>> - it called from native classes, i cant debug it.
>> maybe its because both endpoint has the same owner, and both
>> client cert is signed to the same subject (the subject field is
>> the same), and the keymanager in the return value contains a
>> hashmap, what keys are the subject (or derivated from the subject)
>>
>> So can be, that the program cant notice: need an another cert?
>>
>> thanx
>> Csaba
>>
>>
>>
>> On 2018-06-15 08:14, Tóth Csaba wrote:
>>> Hello!
>>> -Need the same WS service in different endpoint.
>>> -both need to set up to use client certification but different
>>> one. (maybe good if the boot client cert is similar as it can be)
>>> -put the certs and the server certs into different keystore (one
>>> keystore for each endpoint)
>>> -set up the conduits in the cxf-config
>>> -create a client (proxy client), and make it, can change the
>>> endpoint.
>>> -call endpoint 1
>>> -call endpoint 2 without restart the environment.
>>>
>>> I did a full ssl debug and its clearly visible, it use the wrong
>>> cert .
>>> What I didnt find, how choose a client cert the ssl framework?
>>> because all the endpoint run the same company, everything is very
>>> similar (endpoints, certs, everything), maybe the key attributes
>>> are the same, and the framework think, use the right one cert.
>>>
>>> Thanx
>>> Csaba
>>>
>>> On 2018-06-14 10:56, Colm O hEigeartaigh wrote:
>>>> Do you have a test-case to reproduce the issue?
>>>>
>>>> Colm.
>>>>
>>>> On Wed, Jun 13, 2018 at 4:18 PM, Tóth Csaba <ig...@domen.hu>
>>>> <ma...@domen.hu> wrote:
>>>>
>>>>> Hello!
>>>>> I need to put a client into the webapp what communicate over
>>>>> ssl and
>>>>> before every call need to evaluate and maybe change the
>>>>> endpoint url.
>>>>> I set up the system via cxf-servlet.xml:
>>>>>
>>>>> <jaxws:client id="LDAPRequesterBean"
>>>>> serviceClass="ihe.iti.hpd._2010.ProviderInformationDirectoryPortType"
>>>>>
>>>>> address="https://myserver.com/mypath"
>>>>> <https://myserver.com/mypath>>
>>>>>
>>>>> <jaxws:binding>
>>>>> <soap:soapBinding version="1.2" mtomEnabled="true" />
>>>>> </jaxws:binding>
>>>>> </jaxws:client>
>>>>>
>>>>> <bean id="LDAPClientBean" class="mypackage.LDAPClient" >
>>>>> <property name="lDapRequesterBean"
>>>>> ref="LDAPRequesterBean"/>
>>>>> </bean>
>>>>>
>>>>> <http:conduit name="https://myserver_1/.*"
>>>>> <https://myserver_1/.*>>
>>>>> <http:tlsClientParameters> <http:tlsClientParameters>
>>>>> ...
>>>>> </http:conduit>
>>>>>
>>>>> <http:conduit name="https://myserver_1/.*"
>>>>> <https://myserver_1/.*>>
>>>>> <http:tlsClientParameters> <http:tlsClientParameters>
>>>>> ...
>>>>> </http:conduit>
>>>>>
>>>>> and in the client I change the endpoint:
>>>>>
>>>>> endpoint = //evaluate and change it, if needed
>>>>>
>>>>> BindingProvider bindingProvider =
>>>>> (BindingProvider)
>>>>> lDapRequesterBean;
>>>>> bindingProvider.getRequestContext()
>>>>> .put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, endpoint);
>>>>>
>>>>> And its working, for the first time. (endpoint A)
>>>>> If It changed the url (endpoint B) (the 2nd call must go to
>>>>> another
>>>>> endpoint), I get SSL error.
>>>>> After I restart the tomcat, and try first with this url
>>>>> (endpoint B), its
>>>>> working, but next not working with the first URL (endpoint A)
>>>>>
>>>>> I think, its some caching problem, but not find where, and how
>>>>> can I turn
>>>>> off
>>>>>
>>>>> Thanx
>>>>> Csaba
>>>>>
>>>>> ---
>>>>> This email has been checked for viruses by Avast antivirus
>>>>> software.
>>>>> https://www.avast.com/antivirus <https://www.avast.com/antivirus>
>>>>>
>>>>>
>>>>
>>>
>>>
>>
>>
>>
>>
>> --
>> Colm O hEigeartaigh
>>
>> Talend Community Coder
>> http://coders.talend.com
>
>
>
Re: cxf client with conduit and dynamic endpoint
Posted by Tóth Csaba <ig...@domen.hu>.
Hello!
No, i dont have test case, I'm not an expert to create a test case with
tls client cert services and all needed component.
Because i try develop a client, I even dont know how to start to develop
the services with certification.
sorry
Csaba
On 2018-06-19 10:37, Colm O hEigeartaigh wrote:
>
> Do you have a test-case I can run to reproduce the problem?
>
> Colm.
>
> On Tue, Jun 19, 2018 at 8:52 AM, Tóth Csaba <ignis@domen.hu
> <ma...@domen.hu>> wrote:
>
> Hello!
> I did some research:
>
> I tired to debug the certification selection methods, and found
> this class (TLSClientParametersConfig). this handle the tls config
> from the config file.
> - its run only once (even if need another config for another endpoint)
> - its parse only one conduit, and the end get back only one key.
> - it called from native classes, i cant debug it.
> maybe its because both endpoint has the same owner, and both
> client cert is signed to the same subject (the subject field is
> the same), and the keymanager in the return value contains a
> hashmap, what keys are the subject (or derivated from the subject)
>
> So can be, that the program cant notice: need an another cert?
>
> thanx
> Csaba
>
>
>
> On 2018-06-15 08:14, Tóth Csaba wrote:
>> Hello!
>> -Need the same WS service in different endpoint.
>> -both need to set up to use client certification but different
>> one. (maybe good if the boot client cert is similar as it can be)
>> -put the certs and the server certs into different keystore (one
>> keystore for each endpoint)
>> -set up the conduits in the cxf-config
>> -create a client (proxy client), and make it, can change the
>> endpoint.
>> -call endpoint 1
>> -call endpoint 2 without restart the environment.
>>
>> I did a full ssl debug and its clearly visible, it use the wrong
>> cert .
>> What I didnt find, how choose a client cert the ssl framework?
>> because all the endpoint run the same company, everything is very
>> similar (endpoints, certs, everything), maybe the key attributes
>> are the same, and the framework think, use the right one cert.
>>
>> Thanx
>> Csaba
>>
>> On 2018-06-14 10:56, Colm O hEigeartaigh wrote:
>>> Do you have a test-case to reproduce the issue?
>>>
>>> Colm.
>>>
>>> On Wed, Jun 13, 2018 at 4:18 PM, Tóth Csaba <ig...@domen.hu>
>>> <ma...@domen.hu> wrote:
>>>
>>>> Hello!
>>>> I need to put a client into the webapp what communicate over
>>>> ssl and
>>>> before every call need to evaluate and maybe change the
>>>> endpoint url.
>>>> I set up the system via cxf-servlet.xml:
>>>>
>>>> <jaxws:client id="LDAPRequesterBean"
>>>> serviceClass="ihe.iti.hpd._2010.ProviderInformationDirectoryPortType"
>>>>
>>>> address="https://myserver.com/mypath"
>>>> <https://myserver.com/mypath>>
>>>>
>>>> <jaxws:binding>
>>>> <soap:soapBinding version="1.2" mtomEnabled="true" />
>>>> </jaxws:binding>
>>>> </jaxws:client>
>>>>
>>>> <bean id="LDAPClientBean" class="mypackage.LDAPClient" >
>>>> <property name="lDapRequesterBean"
>>>> ref="LDAPRequesterBean"/>
>>>> </bean>
>>>>
>>>> <http:conduit name="https://myserver_1/.*"
>>>> <https://myserver_1/.*>>
>>>> <http:tlsClientParameters> <http:tlsClientParameters>
>>>> ...
>>>> </http:conduit>
>>>>
>>>> <http:conduit name="https://myserver_1/.*"
>>>> <https://myserver_1/.*>>
>>>> <http:tlsClientParameters> <http:tlsClientParameters>
>>>> ...
>>>> </http:conduit>
>>>>
>>>> and in the client I change the endpoint:
>>>>
>>>> endpoint = //evaluate and change it, if needed
>>>>
>>>> BindingProvider bindingProvider =
>>>> (BindingProvider)
>>>> lDapRequesterBean;
>>>> bindingProvider.getRequestContext()
>>>> .put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, endpoint);
>>>>
>>>> And its working, for the first time. (endpoint A)
>>>> If It changed the url (endpoint B) (the 2nd call must go to
>>>> another
>>>> endpoint), I get SSL error.
>>>> After I restart the tomcat, and try first with this url
>>>> (endpoint B), its
>>>> working, but next not working with the first URL (endpoint A)
>>>>
>>>> I think, its some caching problem, but not find where, and how
>>>> can I turn
>>>> off
>>>>
>>>> Thanx
>>>> Csaba
>>>>
>>>> ---
>>>> This email has been checked for viruses by Avast antivirus
>>>> software.
>>>> https://www.avast.com/antivirus <https://www.avast.com/antivirus>
>>>>
>>>>
>>>
>>
>>
>
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
Re: cxf client with conduit and dynamic endpoint
Posted by Colm O hEigeartaigh <co...@apache.org>.
Do you have a test-case I can run to reproduce the problem?
Colm.
On Tue, Jun 19, 2018 at 8:52 AM, Tóth Csaba <ig...@domen.hu> wrote:
> Hello!
> I did some research:
>
> I tired to debug the certification selection methods, and found this class
> (TLSClientParametersConfig). this handle the tls config from the config
> file.
> - its run only once (even if need another config for another endpoint)
> - its parse only one conduit, and the end get back only one key.
> - it called from native classes, i cant debug it.
> maybe its because both endpoint has the same owner, and both client cert
> is signed to the same subject (the subject field is the same), and the
> keymanager in the return value contains a hashmap, what keys are the
> subject (or derivated from the subject)
>
> So can be, that the program cant notice: need an another cert?
>
> thanx
> Csaba
>
>
>
> On 2018-06-15 08:14, Tóth Csaba wrote:
>
> Hello!
> -Need the same WS service in different endpoint.
> -both need to set up to use client certification but different one. (maybe
> good if the boot client cert is similar as it can be)
> -put the certs and the server certs into different keystore (one keystore
> for each endpoint)
> -set up the conduits in the cxf-config
> -create a client (proxy client), and make it, can change the endpoint.
> -call endpoint 1
> -call endpoint 2 without restart the environment.
>
> I did a full ssl debug and its clearly visible, it use the wrong cert .
> What I didnt find, how choose a client cert the ssl framework? because all
> the endpoint run the same company, everything is very similar (endpoints,
> certs, everything), maybe the key attributes are the same, and the
> framework think, use the right one cert.
>
> Thanx
> Csaba
>
> On 2018-06-14 10:56, Colm O hEigeartaigh wrote:
>
> Do you have a test-case to reproduce the issue?
>
> Colm.
>
> On Wed, Jun 13, 2018 at 4:18 PM, Tóth Csaba <ig...@domen.hu>
> <ig...@domen.hu> wrote:
>
> Hello!
> I need to put a client into the webapp what communicate over ssl and
> before every call need to evaluate and maybe change the endpoint url.
> I set up the system via cxf-servlet.xml:
>
> <jaxws:client id="LDAPRequesterBean"
> serviceClass="ihe.iti.hpd._2010.ProviderInformationDirectoryPortType"
> address="https://myserver.com/mypath"
> <https://myserver.com/mypath>>
>
> <jaxws:binding>
> <soap:soapBinding version="1.2" mtomEnabled="true" />
> </jaxws:binding>
> </jaxws:client>
>
> <bean id="LDAPClientBean" class="mypackage.LDAPClient" >
> <property name="lDapRequesterBean" ref="LDAPRequesterBean"/>
> </bean>
>
> <http:conduit name="https://myserver_1/.*" <https://myserver_1/.*>>
> <http:tlsClientParameters> <http:tlsClientParameters>
> ...
> </http:conduit>
>
> <http:conduit name="https://myserver_1/.*" <https://myserver_1/.*>>
> <http:tlsClientParameters> <http:tlsClientParameters>
> ...
> </http:conduit>
>
> and in the client I change the endpoint:
>
> endpoint = //evaluate and change it, if needed
>
> BindingProvider bindingProvider = (BindingProvider)
> lDapRequesterBean;
> bindingProvider.getRequestContext()
> .put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, endpoint);
>
> And its working, for the first time. (endpoint A)
> If It changed the url (endpoint B) (the 2nd call must go to another
> endpoint), I get SSL error.
> After I restart the tomcat, and try first with this url (endpoint B), its
> working, but next not working with the first URL (endpoint A)
>
> I think, its some caching problem, but not find where, and how can I turn
> off
>
> Thanx
> Csaba
>
> ---
> This email has been checked for viruses by Avast antivirus software.
> https://www.avast.com/antivirus
>
>
>
>
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: cxf client with conduit and dynamic endpoint
Posted by Tóth Csaba <ig...@domen.hu>.
Hello!
I did some research:
I tired to debug the certification selection methods, and found this
class (TLSClientParametersConfig). this handle the tls config from the
config file.
- its run only once (even if need another config for another endpoint)
- its parse only one conduit, and the end get back only one key.
- it called from native classes, i cant debug it.
maybe its because both endpoint has the same owner, and both client cert
is signed to the same subject (the subject field is the same), and the
keymanager in the return value contains a hashmap, what keys are the
subject (or derivated from the subject)
So can be, that the program cant notice: need an another cert?
thanx
Csaba
On 2018-06-15 08:14, Tóth Csaba wrote:
> Hello!
> -Need the same WS service in different endpoint.
> -both need to set up to use client certification but different one.
> (maybe good if the boot client cert is similar as it can be)
> -put the certs and the server certs into different keystore (one
> keystore for each endpoint)
> -set up the conduits in the cxf-config
> -create a client (proxy client), and make it, can change the endpoint.
> -call endpoint 1
> -call endpoint 2 without restart the environment.
>
> I did a full ssl debug and its clearly visible, it use the wrong cert .
> What I didnt find, how choose a client cert the ssl framework? because
> all the endpoint run the same company, everything is very similar
> (endpoints, certs, everything), maybe the key attributes are the same,
> and the framework think, use the right one cert.
>
> Thanx
> Csaba
>
> On 2018-06-14 10:56, Colm O hEigeartaigh wrote:
>> Do you have a test-case to reproduce the issue?
>>
>> Colm.
>>
>> On Wed, Jun 13, 2018 at 4:18 PM, Tóth Csaba <ig...@domen.hu> wrote:
>>
>>> Hello!
>>> I need to put a client into the webapp what communicate over ssl and
>>> before every call need to evaluate and maybe change the endpoint url.
>>> I set up the system via cxf-servlet.xml:
>>>
>>> <jaxws:client id="LDAPRequesterBean"
>>> serviceClass="ihe.iti.hpd._2010.ProviderInformationDirectoryPortType"
>>> address="https://myserver.com/mypath">
>>>
>>> <jaxws:binding>
>>> <soap:soapBinding version="1.2" mtomEnabled="true" />
>>> </jaxws:binding>
>>> </jaxws:client>
>>>
>>> <bean id="LDAPClientBean" class="mypackage.LDAPClient" >
>>> <property name="lDapRequesterBean" ref="LDAPRequesterBean"/>
>>> </bean>
>>>
>>> <http:conduit name="https://myserver_1/.*">
>>> <http:tlsClientParameters>
>>> ...
>>> </http:conduit>
>>>
>>> <http:conduit name="https://myserver_1/.*">
>>> <http:tlsClientParameters>
>>> ...
>>> </http:conduit>
>>>
>>> and in the client I change the endpoint:
>>>
>>> endpoint = //evaluate and change it, if needed
>>>
>>> BindingProvider bindingProvider = (BindingProvider)
>>> lDapRequesterBean;
>>> bindingProvider.getRequestContext()
>>> .put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, endpoint);
>>>
>>> And its working, for the first time. (endpoint A)
>>> If It changed the url (endpoint B) (the 2nd call must go to another
>>> endpoint), I get SSL error.
>>> After I restart the tomcat, and try first with this url (endpoint
>>> B), its
>>> working, but next not working with the first URL (endpoint A)
>>>
>>> I think, its some caching problem, but not find where, and how can I
>>> turn
>>> off
>>>
>>> Thanx
>>> Csaba
>>>
>>> ---
>>> This email has been checked for viruses by Avast antivirus software.
>>> https://www.avast.com/antivirus
>>>
>>>
>>
>
>
Re: cxf client with conduit and dynamic endpoint
Posted by Tóth Csaba <ig...@domen.hu>.
Hello!
-Need the same WS service in different endpoint.
-both need to set up to use client certification but different one.
(maybe good if the boot client cert is similar as it can be)
-put the certs and the server certs into different keystore (one
keystore for each endpoint)
-set up the conduits in the cxf-config
-create a client (proxy client), and make it, can change the endpoint.
-call endpoint 1
-call endpoint 2 without restart the environment.
I did a full ssl debug and its clearly visible, it use the wrong cert .
What I didnt find, how choose a client cert the ssl framework? because
all the endpoint run the same company, everything is very similar
(endpoints, certs, everything), maybe the key attributes are the same,
and the framework think, use the right one cert.
Thanx
Csaba
On 2018-06-14 10:56, Colm O hEigeartaigh wrote:
> Do you have a test-case to reproduce the issue?
>
> Colm.
>
> On Wed, Jun 13, 2018 at 4:18 PM, Tóth Csaba <ig...@domen.hu> wrote:
>
>> Hello!
>> I need to put a client into the webapp what communicate over ssl and
>> before every call need to evaluate and maybe change the endpoint url.
>> I set up the system via cxf-servlet.xml:
>>
>> <jaxws:client id="LDAPRequesterBean"
>> serviceClass="ihe.iti.hpd._2010.ProviderInformationDirectoryPortType"
>> address="https://myserver.com/mypath">
>>
>> <jaxws:binding>
>> <soap:soapBinding version="1.2" mtomEnabled="true" />
>> </jaxws:binding>
>> </jaxws:client>
>>
>> <bean id="LDAPClientBean" class="mypackage.LDAPClient" >
>> <property name="lDapRequesterBean" ref="LDAPRequesterBean"/>
>> </bean>
>>
>> <http:conduit name="https://myserver_1/.*">
>> <http:tlsClientParameters>
>> ...
>> </http:conduit>
>>
>> <http:conduit name="https://myserver_1/.*">
>> <http:tlsClientParameters>
>> ...
>> </http:conduit>
>>
>> and in the client I change the endpoint:
>>
>> endpoint = //evaluate and change it, if needed
>>
>> BindingProvider bindingProvider = (BindingProvider)
>> lDapRequesterBean;
>> bindingProvider.getRequestContext()
>> .put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, endpoint);
>>
>> And its working, for the first time. (endpoint A)
>> If It changed the url (endpoint B) (the 2nd call must go to another
>> endpoint), I get SSL error.
>> After I restart the tomcat, and try first with this url (endpoint B), its
>> working, but next not working with the first URL (endpoint A)
>>
>> I think, its some caching problem, but not find where, and how can I turn
>> off
>>
>> Thanx
>> Csaba
>>
>> ---
>> This email has been checked for viruses by Avast antivirus software.
>> https://www.avast.com/antivirus
>>
>>
>
Re: cxf client with conduit and dynamic endpoint
Posted by Colm O hEigeartaigh <co...@apache.org>.
Do you have a test-case to reproduce the issue?
Colm.
On Wed, Jun 13, 2018 at 4:18 PM, Tóth Csaba <ig...@domen.hu> wrote:
> Hello!
> I need to put a client into the webapp what communicate over ssl and
> before every call need to evaluate and maybe change the endpoint url.
> I set up the system via cxf-servlet.xml:
>
> <jaxws:client id="LDAPRequesterBean"
> serviceClass="ihe.iti.hpd._2010.ProviderInformationDirectoryPortType"
> address="https://myserver.com/mypath">
>
> <jaxws:binding>
> <soap:soapBinding version="1.2" mtomEnabled="true" />
> </jaxws:binding>
> </jaxws:client>
>
> <bean id="LDAPClientBean" class="mypackage.LDAPClient" >
> <property name="lDapRequesterBean" ref="LDAPRequesterBean"/>
> </bean>
>
> <http:conduit name="https://myserver_1/.*">
> <http:tlsClientParameters>
> ...
> </http:conduit>
>
> <http:conduit name="https://myserver_1/.*">
> <http:tlsClientParameters>
> ...
> </http:conduit>
>
> and in the client I change the endpoint:
>
> endpoint = //evaluate and change it, if needed
>
> BindingProvider bindingProvider = (BindingProvider)
> lDapRequesterBean;
> bindingProvider.getRequestContext()
> .put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, endpoint);
>
> And its working, for the first time. (endpoint A)
> If It changed the url (endpoint B) (the 2nd call must go to another
> endpoint), I get SSL error.
> After I restart the tomcat, and try first with this url (endpoint B), its
> working, but next not working with the first URL (endpoint A)
>
> I think, its some caching problem, but not find where, and how can I turn
> off
>
> Thanx
> Csaba
>
> ---
> This email has been checked for viruses by Avast antivirus software.
> https://www.avast.com/antivirus
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com