You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Faz <ar...@gmail.com> on 2013/12/06 15:39:31 UTC
Issue with TransportBinding (httpstoken)
All,Am having a configuraton like below,User requests a service via
domain-url i.e, https://services.com/services/port?wsdl, this is forwarded
to the Load balancer which is then moved to Apache and tomcat.Am using
ws-policy where in am incorporating both Transportbinding and usernametoken
policies. All works good in my local, but i need to make sure that it will
work fine in the above configured environment.Th LB will strip all the https
requests and only http requests are forwarded to the underlying apache and
tomcat servers. Can you please let me know if this will be a problem in real
environment, because am using the below trannsport binding which requires
SSL requests to hit the server.Below is my *security policy*,Please note the
stand-alone client will be invoking the wsdl via :
https://services.com/services/port?wsdl*Server CXF-config:*
--
View this message in context: http://cxf.547215.n5.nabble.com/Issue-with-TransportBinding-httpstoken-tp5737466.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Issue with TransportBinding (httpstoken)
Posted by Jason Pell <ja...@pellcorp.com>.
When you configure your jaxws endpoints to expose the http only web
services.
Don't add the interceptor to any HTTPS endpoints.
Sent from my Android phone
On 09/12/2013 10:40 PM, "Faz" <ar...@gmail.com> wrote:
> Thanks Jason, this looks apt as my https is striped in the LB layer and all
> forwarded requests will be http.
>
> Could you please let me know what you mean by "*Ideally only assign it as
> interceptor on the http:// jaxws endpoints*"
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/Issue-with-TransportBinding-httpstoken-tp5737466p5737554.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
Re: Issue with TransportBinding (httpstoken)
Posted by Faz <ar...@gmail.com>.
Thanks Jason, this looks apt as my https is striped in the LB layer and all
forwarded requests will be http.
Could you please let me know what you mean by "*Ideally only assign it as
interceptor on the http:// jaxws endpoints*"
--
View this message in context: http://cxf.547215.n5.nabble.com/Issue-with-TransportBinding-httpstoken-tp5737466p5737554.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Issue with TransportBinding (httpstoken)
Posted by Jason Pell <ja...@pellcorp.com>.
I do believe it will be a problem. Cxf will expect a TLS connection for
that policy and so it will fail.
If you need HTTPS token for other parts of policy what I do is actually
trick cxf using following interceptor
https://github.com/pellcorp/cxf/blob/master/JavaFirst/src/main/java/com/pellcorp/server/interceptor/FakeTLSSessionInfoInInterceptor.java
Ideally only assign it as interceptor on the http:// jaxws endpoints
Its a hack and I will be interested to see what feedback some cxf Devs will
have for my hack :-)
It works very well for this exact scenario though
Sent from my Android phone
On 09/12/2013 9:38 PM, "Faz" <ar...@gmail.com> wrote:
> Pls, any help on this?
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/Issue-with-TransportBinding-httpstoken-tp5737466p5737541.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
Re: Issue with TransportBinding (httpstoken)
Posted by Faz <ar...@gmail.com>.
Pls, any help on this?
--
View this message in context: http://cxf.547215.n5.nabble.com/Issue-with-TransportBinding-httpstoken-tp5737466p5737541.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Issue with TransportBinding (httpstoken)
Posted by Faz <ar...@gmail.com>.
Any idea on this please?
--
View this message in context: http://cxf.547215.n5.nabble.com/Issue-with-TransportBinding-httpstoken-tp5737466p5737506.html
Sent from the cxf-user mailing list archive at Nabble.com.