You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by HHendriks <hu...@rubix.nl> on 2011/02/03 09:36:37 UTC
Http:conduit isn't picked up
Hello,
I want to be able to run my service over SSL. I've created a simple service
and added the following http-conduit to my applicationContext-cxf.xml:
<!-- Webservice endpoints -->
<jaxws:endpoint id="calendarWebService" implementor="#calendarService"
address="/CalendarService">
</jaxws:endpoint>
<http:conduit name="*.http-conduit">
<http:tlsClientParameters>
<sec:keyManagers keyPassword="server">
<sec:keyStore type="JKS" password="server"
file="src/main/java/resources/certificates/server_keystore.jks" />
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="JKS" password="server"
file="src/main/java/resources/certificates/server_truststore.jks" />
</sec:trustManagers>
<sec:cipherSuitesFilter>
<!-- these filters ensure that a ciphersuite with export-suitable or
null encryption is used, but exclude anonymous Diffie-Hellman key
change
as this is vulnerable to man-in-the-middle attacks -->
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
</http:tlsClientParameters>
<http:authorization>
<sec:UserName>Betty</sec:UserName>
<sec:Password>Ugly</sec:Password>
</http:authorization>
<http:client AutoRedirect="true" Connection="Keep-Alive" />
</http:conduit>
When i deploy the service, i can get the wsdl with any certificate request
or anything. I also see no logging of somekind that an SSL connection is
setup for the service.
Can anyone tell me what I'm doing wrong?
I'm running on Spring 3.0.5.RELEASE with CXF 2.2.3 and deploying on Tomcat
6.0.29
Best regards!
--
View this message in context: http://cxf.547215.n5.nabble.com/Http-conduit-isn-t-picked-up-tp3368957p3368957.html
Sent from the cxf-user mailing list archive at Nabble.com.
RE: Http:conduit isn't picked up
Posted by HHendriks <hu...@rubix.nl>.
Hi Freeman,
After some reading up I came to the same conclusion ☺ but thanks anyway. I configured tomcat to run SSL on HTTP to secure my services.
Thanks!
Best regards,
Hugo
From: Freeman-2 [via CXF] [mailto:ml-node+3384107-934832902-147806@n5.nabble.com]
Sent: maandag 14 februari 2011 9:17
To: Hugo Hendriks
Subject: Re: Http:conduit isn't picked up
Hi,
http:conduit is used for client side configuration, your http:conduit
configuration here is enable a client to connect a https service, but
not enable a https service.
If I understand your requirement correctly, you want to run cxf
service in tomcat container over https transport, you need check with
tomcat docs to see how to configure tomcat to support https.
Freeman
On 2011-2-3, at 下午4:36, HHendriks wrote:
>
> Hello,
>
> I want to be able to run my service over SSL. I've created a simple
> service
> and added the following http-conduit to my applicationContext-cxf.xml:
>
> <!-- Webservice endpoints -->
> <jaxws:endpoint id="calendarWebService"
> implementor="#calendarService"
> address="/CalendarService">
> </jaxws:endpoint>
>
> <http:conduit name="*.http-conduit">
> <http:tlsClientParameters>
> <sec:keyManagers keyPassword="server">
> <sec:keyStore type="JKS" password="server"
> file="src/main/java/resources/certificates/
> server_keystore.jks" />
> </sec:keyManagers>
> <sec:trustManagers>
> <sec:keyStore type="JKS" password="server"
> file="src/main/java/resources/certificates/
> server_truststore.jks" />
> </sec:trustManagers>
> <sec:cipherSuitesFilter>
> <!-- these filters ensure that a ciphersuite with export-
> suitable or
> null encryption is used, but exclude anonymous Diffie-Hellman key
> change
> as this is vulnerable to man-in-the-middle attacks -->
> <sec:include>.*_EXPORT_.*</sec:include>
> <sec:include>.*_EXPORT1024_.*</sec:include>
> <sec:include>.*_WITH_DES_.*</sec:include>
> <sec:include>.*_WITH_NULL_.*</sec:include>
> <sec:exclude>.*_DH_anon_.*</sec:exclude>
> </sec:cipherSuitesFilter>
> </http:tlsClientParameters>
> <http:authorization>
> <sec:UserName>Betty</sec:UserName>
> <sec:Password>Ugly</sec:Password>
> </http:authorization>
> <http:client AutoRedirect="true" Connection="Keep-Alive" />
> </http:conduit>
>
> When i deploy the service, i can get the wsdl with any certificate
> request
> or anything. I also see no logging of somekind that an SSL
> connection is
> setup for the service.
>
> Can anyone tell me what I'm doing wrong?
>
> I'm running on Spring 3.0.5.RELEASE with CXF 2.2.3 and deploying on
> Tomcat
> 6.0.29
>
> Best regards!
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Http-conduit-isn-t-picked-up-tp3368957p3368957.html<http://cxf.547215.n5.nabble.com/Http-conduit-isn-t-picked-up-tp3368957p3368957.html?by-user=t>
> Sent from the cxf-user mailing list archive at Nabble.com.
--
Freeman Fang
------------------------
FuseSource: http://fusesource.com
blog: http://freemanfang.blogspot.com
twitter: http://twitter.com/freemanfang
Apache Servicemix:http://servicemix.apache.org
Apache Cxf: http://cxf.apache.org
Apache Karaf: http://karaf.apache.org
Apache Felix: http://felix.apache.org
________________________________
If you reply to this email, your message will be added to the discussion below:
http://cxf.547215.n5.nabble.com/Http-conduit-isn-t-picked-up-tp3368957p3384107.html
To unsubscribe from Http:conduit isn't picked up, click here<http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=3368957&code=aHVnby5oZW5kcmlrc0BydWJpeC5ubHwzMzY4OTU3fC0xMjgzODY3NDc5>.
--
View this message in context: http://cxf.547215.n5.nabble.com/Http-conduit-isn-t-picked-up-tp3368957p3384109.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Http:conduit isn't picked up
Posted by Freeman Fang <fr...@gmail.com>.
Hi,
http:conduit is used for client side configuration, your http:conduit
configuration here is enable a client to connect a https service, but
not enable a https service.
If I understand your requirement correctly, you want to run cxf
service in tomcat container over https transport, you need check with
tomcat docs to see how to configure tomcat to support https.
Freeman
On 2011-2-3, at 下午4:36, HHendriks wrote:
>
> Hello,
>
> I want to be able to run my service over SSL. I've created a simple
> service
> and added the following http-conduit to my applicationContext-cxf.xml:
>
> <!-- Webservice endpoints -->
> <jaxws:endpoint id="calendarWebService"
> implementor="#calendarService"
> address="/CalendarService">
> </jaxws:endpoint>
>
> <http:conduit name="*.http-conduit">
> <http:tlsClientParameters>
> <sec:keyManagers keyPassword="server">
> <sec:keyStore type="JKS" password="server"
> file="src/main/java/resources/certificates/
> server_keystore.jks" />
> </sec:keyManagers>
> <sec:trustManagers>
> <sec:keyStore type="JKS" password="server"
> file="src/main/java/resources/certificates/
> server_truststore.jks" />
> </sec:trustManagers>
> <sec:cipherSuitesFilter>
> <!-- these filters ensure that a ciphersuite with export-
> suitable or
> null encryption is used, but exclude anonymous Diffie-Hellman key
> change
> as this is vulnerable to man-in-the-middle attacks -->
> <sec:include>.*_EXPORT_.*</sec:include>
> <sec:include>.*_EXPORT1024_.*</sec:include>
> <sec:include>.*_WITH_DES_.*</sec:include>
> <sec:include>.*_WITH_NULL_.*</sec:include>
> <sec:exclude>.*_DH_anon_.*</sec:exclude>
> </sec:cipherSuitesFilter>
> </http:tlsClientParameters>
> <http:authorization>
> <sec:UserName>Betty</sec:UserName>
> <sec:Password>Ugly</sec:Password>
> </http:authorization>
> <http:client AutoRedirect="true" Connection="Keep-Alive" />
> </http:conduit>
>
> When i deploy the service, i can get the wsdl with any certificate
> request
> or anything. I also see no logging of somekind that an SSL
> connection is
> setup for the service.
>
> Can anyone tell me what I'm doing wrong?
>
> I'm running on Spring 3.0.5.RELEASE with CXF 2.2.3 and deploying on
> Tomcat
> 6.0.29
>
> Best regards!
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Http-conduit-isn-t-picked-up-tp3368957p3368957.html
> Sent from the cxf-user mailing list archive at Nabble.com.
--
Freeman Fang
------------------------
FuseSource: http://fusesource.com
blog: http://freemanfang.blogspot.com
twitter: http://twitter.com/freemanfang
Apache Servicemix:http://servicemix.apache.org
Apache Cxf: http://cxf.apache.org
Apache Karaf: http://karaf.apache.org
Apache Felix: http://felix.apache.org