You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cxf.apache.org by Jonathan Anstey <ja...@iona.com> on 2007/03/05 16:12:40 UTC
Re: svn commit: r512143 [Update HTTPS sample to latest configuration
syntax]
Hmmm... it appears I skimmed this email too quickly last week! Yeah, the
"9001" was not intended to go there. It was a copy and paste error :-)
Cheers,
Jon
Glynn, Eoghan wrote:
> Sorry Dan, just looked at the svn logs and the strange "SoapPort9001"
> suffix came in a different commit (r502625 - "Apply patch for CXF-405
> from Jonathan Anstey").
>
> Looks like the "9001" is spurious, but I'll just check with Jon what the
> intention was before removing it.
>
> /Eoghan
>
>
>> -----Original Message-----
>> From: Dan Diephouse [mailto:dan@envoisolutions.com]
>> Sent: 27 February 2007 15:54
>> To: cxf-dev@incubator.apache.org
>> Subject: Re: svn commit: r512143 [Update HTTPS sample to
>> latest configuration syntax]
>>
>> Hi Eoghan,
>>
>> I think it must actually be the port name. I didn't actually
>> change any of the logic about the ID (although in retrospect
>> I wish I would have, it seems quite redundant to have
>> ".http-conduit" in there). I simply changed name->id in all
>> the examples.
>>
>> - Dan
>>
>> On 2/27/07, Glynn, Eoghan <eo...@iona.com> wrote:
>>
>>>
>>> Hi Dan,
>>>
>>> I noticed the other demos using the new config syntax have
>>>
>> what looks
>>
>>> like a target port embedded in the conduit bean ID, e.g.
>>>
>>> <http:conduit id="{http://apache.org/foo}MyPort9001.http-conduit">
>>> ^^^^
>>>
>>> whereas this is missing in your change to the HTTPS sample.
>>>
>>> Is this optional, i.e. only required if the conduits for different
>>> target endpoints are to be configured differently. If so, would the
>>> target hostname as well as the port need to be encoded in
>>>
>> the conduit
>>
>>> ID?
>>>
>>> Or maybe the embedded "9001" denotes something else? (as the target
>>> port for the relevant demos is actually 9000).
>>>
>>> Cheers,
>>> Eoghan
>>>
>>>
>>>> -----Original Message-----
>>>> From: dandiep@apache.org [mailto:dandiep@apache.org]
>>>> Sent: 27 February 2007 05:45
>>>> To: cxf-commits@incubator.apache.org
>>>> Subject: svn commit: r512143 - in
>>>> /incubator/cxf/trunk/distribution/src/main/release/samples/hel
>>>> lo_world_https: client.xml insecure_client.xml server.xml
>>>>
>>>> Author: dandiep
>>>> Date: Mon Feb 26 21:44:33 2007
>>>> New Revision: 512143
>>>>
>>>> URL: http://svn.apache.org/viewvc?view=rev&rev=512143
>>>> Log:
>>>> Update HTTPS sample to latest configuration syntax.
>>>>
>>>> Modified:
>>>>
>>>> incubator/cxf/trunk/distribution/src/main/release/samples/hell
>>>> o_world_https/client.xml
>>>>
>>>> incubator/cxf/trunk/distribution/src/main/release/samples/hell
>>>> o_world_https/insecure_client.xml
>>>>
>>>> incubator/cxf/trunk/distribution/src/main/release/samples/hell
>>>> o_world_https/server.xml
>>>>
>>>> Modified:
>>>> incubator/cxf/trunk/distribution/src/main/release/samples/hell
>>>> o_world_https/client.xml
>>>> URL:
>>>> http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/
>>>> src/main/release/samples/hello_world_https/client.xml?view=dif
>>>> f&rev=512143&r1=512142&r2=512143
>>>> ==============================================================
>>>> ================
>>>> ---
>>>> incubator/cxf/trunk/distribution/src/main/release/samples/hell
>>>> o_world_https/client.xml (original)
>>>> +++
>>>>
>>>>
>> incubator/cxf/trunk/distribution/src/main/release/samples/hello_worl
>>
>>>> +++ d_https/client.xml Mon Feb 26 21:44:33 2007
>>>> @@ -7,9 +7,9 @@
>>>> to you under the Apache License, Version 2.0 (the
>>>> "License"); you may not use this file except in compliance
>>>> with the License. You may obtain a copy of the License at
>>>> -
>>>> +
>>>> http://www.apache.org/licenses/LICENSE-2.0
>>>> -
>>>> +
>>>> Unless required by applicable law or agreed to in writing,
>>>> software distributed under the License is distributed on an
>>>> "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@
>>>> -18,32 +18,32 @@
>>>> under the License.
>>>> -->
>>>> <beans xmlns="http://www.springframework.org/schema/beans"
>>>> - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>>> - xmlns:sec="http://cxf.apache.org/configuration/security"
>>>> - xsi:schemaLocation="
>>>> + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>>> + xmlns:sec="http://cxf.apache.org/configuration/security"
>>>> +
>>>>
>> xmlns:http="http://cxf.apache.org/transports/http/configuration"
>>
>>>> + xsi:schemaLocation="
>>>> +http://cxf.apache.org/transports/http/configuration
>>>> +http://cxf.apache.org/schema/transports/http.xsd
>>>> http://www.springframework.org/schema/beans
>>>> http://www.springframework.org/schema/beans/spring-beans.xsd">
>>>>
>>>> - <bean
>>>> name="{http://apache.org/hello_world_soap_http}SoapPort.http-c
>>>> onduit" abstract="true">
>>>> - <property name="sslClient">
>>>> - <value>
>>>> - <sec:sslClient>
>>>> -
>>>>
>>>>
>> <sec:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore>
>>
>>>> -
>>>> <sec:KeystorePassword>celtixpass</sec:KeystorePassword>
>>>> - <sec:KeyPassword>celtixpass</sec:KeyPassword>
>>>> -
>>>> <sec:TrustStore>src/demo/hw_https/resources/abigcompany_ca.pem
>>>> </sec:TrustStore>
>>>> - <sec:CiphersuiteFilters>
>>>> - <!-- these filters ensure that a
>>>> ciphersuite with
>>>> - export-suitable but non-null
>>>> encryption is used,
>>>> - and prefers the stronger SHA over MD5
>>>> message digests -->
>>>> - <sec:include>.*_EXPORT_.*</sec:include>
>>>> - <sec:include>.*_EXPORT1024_.*</sec:include>
>>>> - <sec:include>.*_WITH_DES_.*</sec:include>
>>>> - <sec:exclude>.*_WITH_NULL_.*</sec:exclude>
>>>> - <sec:exclude>.*_MD5</sec:exclude>
>>>> - </sec:CiphersuiteFilters>
>>>> - </sec:sslClient>
>>>> - </value>
>>>> - </property>
>>>> - </bean>
>>>> + <http:conduit
>>>> +
>>>>
>> id="{http://apache.org/hello_world_soap_http}SoapPort.http-conduit
>>
>>>> + ">
>>>> +
>>>> + <http:sslClient>
>>>> +
>>>>
>>>>
>> <sec:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore>
>>
>>>> + <sec:KeystorePassword>celtixpass</sec:KeystorePassword>
>>>> + <sec:KeyPassword>celtixpass</sec:KeyPassword>
>>>> +
>>>> <sec:TrustStore>src/demo/hw_https/resources/abigcompany_ca.pem
>>>> </sec:TrustStore>
>>>> + <sec:CiphersuiteFilters>
>>>> + <!-- these filters ensure that a ciphersuite with
>>>> + export-suitable but non-null encryption is used,
>>>> + and prefers the stronger SHA over MD5 message
>>>>
>> digests -->
>>
>>>> + <sec:include>.*_EXPORT_.*</sec:include>
>>>> + <sec:include>.*_EXPORT1024_.*</sec:include>
>>>> + <sec:include>.*_WITH_DES_.*</sec:include>
>>>> + <sec:exclude>.*_WITH_NULL_.*</sec:exclude>
>>>> + <sec:exclude>.*_MD5</sec:exclude>
>>>> + </sec:CiphersuiteFilters>
>>>> + </http:sslClient>
>>>> + </http:conduit>
>>>> +
>>>>
>>>> </beans>
>>>>
>>>> Modified:
>>>> incubator/cxf/trunk/distribution/src/main/release/samples/hell
>>>> o_world_https/insecure_client.xml
>>>> URL:
>>>> http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/
>>>> src/main/release/samples/hello_world_https/insecure_client.xml
>>>> ?view=diff&rev=512143&r1=512142&r2=512143
>>>> ==============================================================
>>>> ================
>>>> ---
>>>> incubator/cxf/trunk/distribution/src/main/release/samples/hell
>>>> o_world_https/insecure_client.xml (original)
>>>> +++
>>>>
>>>>
>> incubator/cxf/trunk/distribution/src/main/release/samples/hello_worl
>>
>>>> +++ d_https/insecure_client.xml Mon Feb 26 21:44:33 2007
>>>> @@ -7,9 +7,9 @@
>>>> to you under the Apache License, Version 2.0 (the
>>>> "License"); you may not use this file except in compliance
>>>> with the License. You may obtain a copy of the License at
>>>> -
>>>> +
>>>> http://www.apache.org/licenses/LICENSE-2.0
>>>> -
>>>> +
>>>> Unless required by applicable law or agreed to in writing,
>>>> software distributed under the License is distributed on an
>>>> "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@
>>>> -18,11 +18,13 @@
>>>> under the License.
>>>> -->
>>>> <beans xmlns="http://www.springframework.org/schema/beans"
>>>> - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>>> - xsi:schemaLocation="
>>>> + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>>> +
>>>>
>> xmlns:http="http://cxf.apache.org/transports/http/configuration"
>>
>>>> + xsi:schemaLocation="
>>>> +http://cxf.apache.org/transports/http/configuration
>>>> +http://cxf.apache.org/schema/transports/http.xsd
>>>> http://www.springframework.org/schema/beans
>>>> http://www.springframework.org/schema/beans/spring-beans.xsd">
>>>>
>>>> - <bean
>>>> name="{http://apache.org/hello_world_soap_http}SoapPort.http-c
>>>> onduit" abstract="true">
>>>> - </bean>
>>>> + <http:conduit
>>>> +
>>>>
>> id="{http://apache.org/hello_world_soap_http}SoapPort.http-conduit
>>
>>>> + ">
>>>> + </http:conduit>
>>>>
>>>> </beans>
>>>>
>>>> Modified:
>>>> incubator/cxf/trunk/distribution/src/main/release/samples/hell
>>>> o_world_https/server.xml
>>>> URL:
>>>> http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/
>>>> src/main/release/samples/hello_world_https/server.xml?view=dif
>>>> f&rev=512143&r1=512142&r2=512143
>>>> ==============================================================
>>>> ================
>>>> ---
>>>> incubator/cxf/trunk/distribution/src/main/release/samples/hell
>>>> o_world_https/server.xml (original)
>>>> +++
>>>>
>>>>
>> incubator/cxf/trunk/distribution/src/main/release/samples/hello_worl
>>
>>>> +++ d_https/server.xml Mon Feb 26 21:44:33 2007
>>>> @@ -7,9 +7,9 @@
>>>> to you under the Apache License, Version 2.0 (the
>>>> "License"); you may not use this file except in compliance
>>>> with the License. You may obtain a copy of the License at
>>>> -
>>>> +
>>>> http://www.apache.org/licenses/LICENSE-2.0
>>>> -
>>>> +
>>>> Unless required by applicable law or agreed to in writing,
>>>> software distributed under the License is distributed on an
>>>> "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@
>>>> -18,37 +18,34 @@
>>>> under the License.
>>>> -->
>>>> <beans xmlns="http://www.springframework.org/schema/beans"
>>>> - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>>> - xmlns:sec="http://cxf.apache.org/configuration/security"
>>>> - xsi:schemaLocation="
>>>> + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>>> + xmlns:sec="http://cxf.apache.org/configuration/security"
>>>> +
>>>>
>> xmlns:http="http://cxf.apache.org/transports/http/configuration"
>>
>>>> + xsi:schemaLocation="
>>>> +http://cxf.apache.org/transports/http/configuration
>>>> +http://cxf.apache.org/schema/transports/http.xsd
>>>> http://www.springframework.org/schema/beans
>>>> http://www.springframework.org/schema/beans/spring-beans.xsd">
>>>>
>>>> - <bean
>>>> name="{http://apache.org/hello_world_soap_http}GreeterImplPort
>>>> .http-destination" abstract="true">
>>>> -
>>>> - <property name="sslServer">
>>>> - <value>
>>>> - <sec:sslServer>
>>>> -
>>>>
>>>>
>> <sec:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore>
>>
>>>> - <sec:KeystoreType>PKCS12</sec:KeystoreType>
>>>> -
>>>> <sec:KeystorePassword>celtixpass</sec:KeystorePassword>
>>>> - <sec:KeyPassword>celtixpass</sec:KeyPassword>
>>>> -
>>>> <sec:WantClientAuthentication>true</sec:WantClientAuthentication>
>>>> -
>>>> <sec:RequireClientAuthentication>true</sec:RequireClientAuthen
>>>> tication>
>>>> -
>>>> <sec:TrustStore>src/demo/hw_https/resources/celtixp12.truststo
>>>> re</sec:TrustStore>
>>>> - <sec:CiphersuiteFilters>
>>>> - <!-- these filters ensure that a
>>>> ciphersuite with
>>>> - export-suitable or null encryption is used,
>>>> - but exclude anonymous Diffie-Hellman
>>>> key change as
>>>> - this is vulnerable to
>>>> man-in-the-middle attacks -->
>>>> - <sec:include>.*_EXPORT_.*</sec:include>
>>>> - <sec:include>.*_EXPORT1024_.*</sec:include>
>>>> - <sec:include>.*_WITH_DES_.*</sec:include>
>>>> - <sec:include>.*_WITH_NULL_.*</sec:include>
>>>> - <sec:exclude>.*_DH_anon_.*</sec:exclude>
>>>> - </sec:CiphersuiteFilters>
>>>> - </sec:sslServer>
>>>> - </value>
>>>> - </property>
>>>> - </bean>
>>>> -
>>>> + <http:destination
>>>> id="{http://apache.org/hello_world_soap_http}GreeterImplPort.h
>>>> ttp-destination">
>>>> + <http:sslServer>
>>>> +
>>>>
>>>>
>> <sec:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore>
>>
>>>> + <sec:KeystoreType>PKCS12</sec:KeystoreType>
>>>> + <sec:KeystorePassword>celtixpass</sec:KeystorePassword>
>>>> + <sec:KeyPassword>celtixpass</sec:KeyPassword>
>>>> +
>>>> <sec:WantClientAuthentication>true</sec:WantClientAuthentication>
>>>> +
>>>> <sec:RequireClientAuthentication>true</sec:RequireClientAuthen
>>>> tication>
>>>> +
>>>> <sec:TrustStore>src/demo/hw_https/resources/celtixp12.truststo
>>>> re</sec:TrustStore>
>>>> + <sec:CiphersuiteFilters>
>>>> + <!-- these filters ensure that a ciphersuite with
>>>> + export-suitable or null encryption is used,
>>>> + but exclude anonymous Diffie-Hellman key change as
>>>> + this is vulnerable to man-in-the-middle attacks -->
>>>> + <sec:include>.*_EXPORT_.*</sec:include>
>>>> + <sec:include>.*_EXPORT1024_.*</sec:include>
>>>> + <sec:include>.*_WITH_DES_.*</sec:include>
>>>> + <sec:include>.*_WITH_NULL_.*</sec:include>
>>>> + <sec:exclude>.*_DH_anon_.*</sec:exclude>
>>>> + </sec:CiphersuiteFilters>
>>>> + </http:sslServer>
>>>> + </http:destination>
>>>> +
>>>> </beans>
>>>>
>>>>
>>>>
>>>>
>>
>> --
>> Dan Diephouse
>> Envoi Solutions
>> http://envoisolutions.com | http://netzooid.com/blog
>>
>>
>
>
>