You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by John-M Baker <jo...@db.com> on 2008/03/05 11:27:20 UTC
HTTPs and CXF
Hello,
I see the topic of HTTPs has been discussed very recently, however has
there been a conclusion? I've created a CXF client stub that operates
correctly with HTTP, but when I do nothing more than change the location
in the WSDL to an HTTPs URL, and generate stubs, I receive the following
runtime exception:
Caused by: java.io.IOException: Illegal Protocol https for HTTP
URLConnection Factory.
at
org.apache.cxf.transport.http.HttpURLConnectionFactoryImpl.createConnection(HttpURLConnectionFactoryImpl.java:44)
at
org.apache.cxf.transport.http.HTTPConduit.prepare(HTTPConduit.java:474)
at
org.apache.cxf.interceptor.MessageSenderInterceptor.handleMessage(MessageSenderInterceptor.java:46)
... 8 more
Is this a bug? Surely CXF is able to handle an HTTPs URL? If it's not a
bug, what am I expected to do?
Thanks,
John Baker
--
Web SSO
IT Infrastructure
Deutsche Bank London
URL: http://websso.cto.gt.intranet.db.com
---
This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
Please refer to http://www.db.com/en/content/eu_disclosures.htm for additional EU corporate and regulatory disclosures.
RE: HTTPs and CXF
Posted by John-M Baker <jo...@db.com>.
I'm not arguing that there shouldn't be a mechanism to improve the SSL
configuration, I'm suggesting that the product is overly difficult to use
becasue it does not support basic SSL out of the box - which is the basic
requirement for most people. Given I found myself researching this issue
by reading a post only a few days old, from someone who was equally
puzzled that effort was required to use an HTTPs URL, I can not help
thinking CXF should support basic SSL out of the box.
Write a little warning to the logs if you must, but introducing effort for
something so common place does not make life easier for the developer. It
only cost me a morning of my time, and I'm still not finished because of
the cipher bug...
John Baker
--
Web SSO
IT Infrastructure
Deutsche Bank London
URL: http://websso.cto.gt.intranet.db.com
"Arundel, Donal" <do...@iona.com>
05/03/2008 12:11
Please respond to
cxf-user@incubator.apache.org
To
<cx...@incubator.apache.org>
cc
Subject
RE: HTTPs and CXF
Yes, for clients who have no strong requirements for SSL themselves
(i.e. are happy to use insecure HTTP if they ca get away with it)
it would be reasonable to expect to be able to use SSL without being
required to have per-conduit config if the other required SSL config was
defaulted or otherwise specified at a higher level (or via appropriate
defaults).
Every SSL application in the world does have SSL configuration its just
a matter of how its picked up :-)
---
However for clients that DO have specific security requirements one
would also want to be able to enforce the use of SSL in some fashion.
For these types of secure apps though : basing the decision purely on
the URL which might even have been retrieved dynamically over an
insecure connection would be inappropriate.
In general this (fairly typical) type of secure application would like
to be able to specify this type of strictly secure behaviour at a high
level
(not per conduit/endpoint).
Cheers,
Donal
-----Original Message-----
From: John-M Baker [mailto:john-m.baker@db.com]
Sent: 05 March 2008 10:44
To: cxf-user@incubator.apache.org
Cc: cxf-user@incubator.apache.org
Subject: Re: HTTPs and CXF
Isn't that an awful lot of effort? Shouldn't it "just work" like any
other
application in the world?
John Baker
--
Web SSO
IT Infrastructure
Deutsche Bank London
URL: http://websso.cto.gt.intranet.db.com
"Christian Vest Hansen" <ka...@gmail.com>
05/03/2008 10:43
Please respond to
cxf-user@incubator.apache.org
To
cxf-user@incubator.apache.org
cc
Subject
Re: HTTPs and CXF
You are expected to configure a http conduit so that it will make
proper use of SSL:
http://cwiki.apache.org/CXF20DOC/client-http-transport.html
:)
On 3/5/08, John-M Baker <jo...@db.com> wrote:
> Hello,
>
> I see the topic of HTTPs has been discussed very recently, however
has
> there been a conclusion? I've created a CXF client stub that operates
> correctly with HTTP, but when I do nothing more than change the
location
> in the WSDL to an HTTPs URL, and generate stubs, I receive the
following
> runtime exception:
>
> Caused by: java.io.IOException: Illegal Protocol https for HTTP
> URLConnection Factory.
> at
>
org.apache.cxf.transport.http.HttpURLConnectionFactoryImpl.createConnect
ion(HttpURLConnectionFactoryImpl.java:44)
> at
>
org.apache.cxf.transport.http.HTTPConduit.prepare(HTTPConduit.java:474)
> at
>
org.apache.cxf.interceptor.MessageSenderInterceptor.handleMessage(Messag
eSenderInterceptor.java:46)
> ... 8 more
>
> Is this a bug? Surely CXF is able to handle an HTTPs URL? If it's not
a
> bug, what am I expected to do?
>
> Thanks,
>
>
> John Baker
> --
> Web SSO
> IT Infrastructure
> Deutsche Bank London
>
> URL: http://websso.cto.gt.intranet.db.com
>
>
> ---
>
> This e-mail may contain confidential and/or privileged information.
If
you are not the intended recipient (or have received this e-mail in
error)
please notify the sender immediately and delete this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.
>
> Please refer to http://www.db.com/en/content/eu_disclosures.htm for
additional EU corporate and regulatory disclosures.
--
Venlig hilsen / Kind regards,
Christian Vest Hansen.
---
This e-mail may contain confidential and/or privileged information. If
you are not the intended recipient (or have received this e-mail in
error) please notify the sender immediately and delete this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.
Please refer to http://www.db.com/en/content/eu_disclosures.htm for
additional EU corporate and regulatory disclosures.
----------------------------
IONA Technologies PLC (registered in Ireland)
Registered Number: 171387
Registered Address: The IONA Building, Shelbourne Road, Dublin 4, Ireland
---
This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
Please refer to http://www.db.com/en/content/eu_disclosures.htm for additional EU corporate and regulatory disclosures.
RE: HTTPs and CXF
Posted by "Arundel, Donal" <do...@iona.com>.
It turns out that that Dans change didn't actually downgrade the
attempted connection to http which was my primary outstanding concern.
So I'm happy with the new behaviour:-)
Cheers,
Donal
-----Original Message-----
From: Arundel, Donal [mailto:donal.arundel@iona.com]
Sent: 05 March 2008 12:11
To: cxf-user@incubator.apache.org
Subject: RE: HTTPs and CXF
However for clients that DO have specific security requirements one
would also want to be able to enforce the use of SSL in some fashion.
For these types of secure apps though : basing the decision purely on
the URL which might even have been retrieved dynamically over an
insecure connection would be inappropriate.
In general this (fairly typical) type of secure application would like
to be able to specify this type of strictly secure behaviour at a high
level
(not per conduit/endpoint).
Cheers,
Donal
----------------------------
IONA Technologies PLC (registered in Ireland)
Registered Number: 171387
Registered Address: The IONA Building, Shelbourne Road, Dublin 4, Ireland
RE: HTTPs and CXF
Posted by "Arundel, Donal" <do...@iona.com>.
Yes, for clients who have no strong requirements for SSL themselves
(i.e. are happy to use insecure HTTP if they ca get away with it)
it would be reasonable to expect to be able to use SSL without being
required to have per-conduit config if the other required SSL config was
defaulted or otherwise specified at a higher level (or via appropriate
defaults).
Every SSL application in the world does have SSL configuration its just
a matter of how its picked up :-)
---
However for clients that DO have specific security requirements one
would also want to be able to enforce the use of SSL in some fashion.
For these types of secure apps though : basing the decision purely on
the URL which might even have been retrieved dynamically over an
insecure connection would be inappropriate.
In general this (fairly typical) type of secure application would like
to be able to specify this type of strictly secure behaviour at a high
level
(not per conduit/endpoint).
Cheers,
Donal
-----Original Message-----
From: John-M Baker [mailto:john-m.baker@db.com]
Sent: 05 March 2008 10:44
To: cxf-user@incubator.apache.org
Cc: cxf-user@incubator.apache.org
Subject: Re: HTTPs and CXF
Isn't that an awful lot of effort? Shouldn't it "just work" like any
other
application in the world?
John Baker
--
Web SSO
IT Infrastructure
Deutsche Bank London
URL: http://websso.cto.gt.intranet.db.com
"Christian Vest Hansen" <ka...@gmail.com>
05/03/2008 10:43
Please respond to
cxf-user@incubator.apache.org
To
cxf-user@incubator.apache.org
cc
Subject
Re: HTTPs and CXF
You are expected to configure a http conduit so that it will make
proper use of SSL:
http://cwiki.apache.org/CXF20DOC/client-http-transport.html
:)
On 3/5/08, John-M Baker <jo...@db.com> wrote:
> Hello,
>
> I see the topic of HTTPs has been discussed very recently, however
has
> there been a conclusion? I've created a CXF client stub that operates
> correctly with HTTP, but when I do nothing more than change the
location
> in the WSDL to an HTTPs URL, and generate stubs, I receive the
following
> runtime exception:
>
> Caused by: java.io.IOException: Illegal Protocol https for HTTP
> URLConnection Factory.
> at
>
org.apache.cxf.transport.http.HttpURLConnectionFactoryImpl.createConnect
ion(HttpURLConnectionFactoryImpl.java:44)
> at
>
org.apache.cxf.transport.http.HTTPConduit.prepare(HTTPConduit.java:474)
> at
>
org.apache.cxf.interceptor.MessageSenderInterceptor.handleMessage(Messag
eSenderInterceptor.java:46)
> ... 8 more
>
> Is this a bug? Surely CXF is able to handle an HTTPs URL? If it's not
a
> bug, what am I expected to do?
>
> Thanks,
>
>
> John Baker
> --
> Web SSO
> IT Infrastructure
> Deutsche Bank London
>
> URL: http://websso.cto.gt.intranet.db.com
>
>
> ---
>
> This e-mail may contain confidential and/or privileged information.
If
you are not the intended recipient (or have received this e-mail in
error)
please notify the sender immediately and delete this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.
>
> Please refer to http://www.db.com/en/content/eu_disclosures.htm for
additional EU corporate and regulatory disclosures.
--
Venlig hilsen / Kind regards,
Christian Vest Hansen.
---
This e-mail may contain confidential and/or privileged information. If
you are not the intended recipient (or have received this e-mail in
error) please notify the sender immediately and delete this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.
Please refer to http://www.db.com/en/content/eu_disclosures.htm for
additional EU corporate and regulatory disclosures.
----------------------------
IONA Technologies PLC (registered in Ireland)
Registered Number: 171387
Registered Address: The IONA Building, Shelbourne Road, Dublin 4, Ireland
Re: HTTPs and CXF
Posted by John-M Baker <jo...@db.com>.
Isn't that an awful lot of effort? Shouldn't it "just work" like any other
application in the world?
John Baker
--
Web SSO
IT Infrastructure
Deutsche Bank London
URL: http://websso.cto.gt.intranet.db.com
"Christian Vest Hansen" <ka...@gmail.com>
05/03/2008 10:43
Please respond to
cxf-user@incubator.apache.org
To
cxf-user@incubator.apache.org
cc
Subject
Re: HTTPs and CXF
You are expected to configure a http conduit so that it will make
proper use of SSL:
http://cwiki.apache.org/CXF20DOC/client-http-transport.html
:)
On 3/5/08, John-M Baker <jo...@db.com> wrote:
> Hello,
>
> I see the topic of HTTPs has been discussed very recently, however has
> there been a conclusion? I've created a CXF client stub that operates
> correctly with HTTP, but when I do nothing more than change the
location
> in the WSDL to an HTTPs URL, and generate stubs, I receive the
following
> runtime exception:
>
> Caused by: java.io.IOException: Illegal Protocol https for HTTP
> URLConnection Factory.
> at
>
org.apache.cxf.transport.http.HttpURLConnectionFactoryImpl.createConnection(HttpURLConnectionFactoryImpl.java:44)
> at
> org.apache.cxf.transport.http.HTTPConduit.prepare(HTTPConduit.java:474)
> at
>
org.apache.cxf.interceptor.MessageSenderInterceptor.handleMessage(MessageSenderInterceptor.java:46)
> ... 8 more
>
> Is this a bug? Surely CXF is able to handle an HTTPs URL? If it's not a
> bug, what am I expected to do?
>
> Thanks,
>
>
> John Baker
> --
> Web SSO
> IT Infrastructure
> Deutsche Bank London
>
> URL: http://websso.cto.gt.intranet.db.com
>
>
> ---
>
> This e-mail may contain confidential and/or privileged information. If
you are not the intended recipient (or have received this e-mail in error)
please notify the sender immediately and delete this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.
>
> Please refer to http://www.db.com/en/content/eu_disclosures.htm for
additional EU corporate and regulatory disclosures.
--
Venlig hilsen / Kind regards,
Christian Vest Hansen.
---
This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
Please refer to http://www.db.com/en/content/eu_disclosures.htm for additional EU corporate and regulatory disclosures.
Re: HTTPs and CXF
Posted by Christian Vest Hansen <ka...@gmail.com>.
You are expected to configure a http conduit so that it will make
proper use of SSL:
http://cwiki.apache.org/CXF20DOC/client-http-transport.html
:)
On 3/5/08, John-M Baker <jo...@db.com> wrote:
> Hello,
>
> I see the topic of HTTPs has been discussed very recently, however has
> there been a conclusion? I've created a CXF client stub that operates
> correctly with HTTP, but when I do nothing more than change the location
> in the WSDL to an HTTPs URL, and generate stubs, I receive the following
> runtime exception:
>
> Caused by: java.io.IOException: Illegal Protocol https for HTTP
> URLConnection Factory.
> at
> org.apache.cxf.transport.http.HttpURLConnectionFactoryImpl.createConnection(HttpURLConnectionFactoryImpl.java:44)
> at
> org.apache.cxf.transport.http.HTTPConduit.prepare(HTTPConduit.java:474)
> at
> org.apache.cxf.interceptor.MessageSenderInterceptor.handleMessage(MessageSenderInterceptor.java:46)
> ... 8 more
>
> Is this a bug? Surely CXF is able to handle an HTTPs URL? If it's not a
> bug, what am I expected to do?
>
> Thanks,
>
>
> John Baker
> --
> Web SSO
> IT Infrastructure
> Deutsche Bank London
>
> URL: http://websso.cto.gt.intranet.db.com
>
>
> ---
>
> This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
>
> Please refer to http://www.db.com/en/content/eu_disclosures.htm for additional EU corporate and regulatory disclosures.
--
Venlig hilsen / Kind regards,
Christian Vest Hansen.