You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by "Bc. Jiří Mikulášek" <ji...@aura.cz> on 2007/12/13 16:12:33 UTC
My own TrustManager
Hi all,
I need to add some spicific features to my SSL communictaion - so basically I
would like to implement my own TrustManager.
But when using CXF the code suplying TrustManagers is not under my control. Is
there any way how to do it ofr CXF?
thanks for any hints
--
Jiri Mikulasek
---------------------------------
Developer
AURA, s.r.o.
Uvoz 499/56; 602 00 Brno
ISO 9001 certified company
AQAP 2110 (ČOS 051622)
tel./fax: +420 544 508 115
e-mail: mikulasek@aura.cz
http://www.aura.cz
---------------------------------
Re: My own TrustManager
Posted by Fred Dushin <fr...@dushin.net>.
I'm pretty sure we won't be able to do this declaratively, at least
in the current code.
You should have some avenues for doing this programmatically,
however. On the client side, see the HTTPConduitTest [1] in the CXF
systests.
I'm a bit less certain about the server side, though it should be
possible (this was an initial design requirement). If you can get
your hands on the Destination, you can downcast it to a
JettyHTTPDestination, and from there you should be able to get the
JettyHTTPServerEngine, on which you can set a collection of TLS
parameters.
There are some caveats, of course. For one, you probably need to do
this before publishing the endpoint -- you can't change TLS
parameters on an already-open socket. Also, these are all internal
types, which require a lot of casts down to implementation-specific
types. So you have no guarantee that these types will be supported
across changes to CXF. And this stuff is only relevant to using the
Jetty HTTP stack on the server side. YMMV with the servlet stack, or
anything else that comes down the pipe.
Hope that helps. Let us know if this works. If it does, feel free
to contribute a test!
Thanks,
-Fred
[1] https://svn.apache.org/repos/asf/incubator/cxf/trunk/systests/src/
test/java/org/apache/cxf/systest/http/HTTPConduitTest.java
On Dec 13, 2007, at 10:12 AM, Bc. Jiří Mikulášek wrote:
> Hi all,
> I need to add some spicific features to my SSL communictaion - so
> basically I
> would like to implement my own TrustManager.
>
> But when using CXF the code suplying TrustManagers is not under my
> control. Is
> there any way how to do it ofr CXF?
>
> thanks for any hints
> --
> Jiri Mikulasek
> ---------------------------------
> Developer
>
> AURA, s.r.o.
> Uvoz 499/56; 602 00 Brno
> ISO 9001 certified company
> AQAP 2110 (ČOS 051622)
> tel./fax: +420 544 508 115
> e-mail: mikulasek@aura.cz
> http://www.aura.cz
> ---------------------------------
>