...
Configuring
...
SSL
...
To
...
configure
...
the
...
standalone
...
HTTP
...
transport
...
to
...
use
...
SSL,
...
you'll
...
need
...
to
...
add
...
an
...
<http:destination>
...
definition
...
to
...
your
...
XML
...
configuration
...
file.
...
See
...
the
...
Configuration
...
guide
...
to
...
learn
...
how
...
to
...
supply
...
your
...
own
...
XML
...
configuration
...
file
...
to
...
CXF.
...
If
...
you
...
are
...
already
...
using
...
Spring,
...
this
...
can
...
be
...
added
...
to
...
your
...
existing
...
beans
...
definitions.
...
Destinations
...
in
...
CXF
...
are
...
responsible
...
for
...
listening
...
for
...
server
...
side
...
requests.
Code Block | ||||
---|---|---|---|---|
| ||||
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:http="http://cxf.apache.org/transports/http/configuration" xsi:schemaLocation=" http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schema/transports/http.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd"> <http:destination id="{http://apache.org/hello_world_soap_http}GreeterImplPort.http-destination"> <http:sslServer> <sec:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore> <sec:KeystoreType>PKCS12</sec:KeystoreType> <sec:KeystorePassword>celtixpass</sec:KeystorePassword> <sec:KeyPassword>celtixpass</sec:KeyPassword> <sec:WantClientAuthentication>true</sec:WantClientAuthentication> <sec:RequireClientAuthentication>true</sec:RequireClientAuthentication> <sec:TrustStore>src/demo/hw_https/resources/celtixp12.truststore</sec:TrustStore> <sec:CiphersuiteFilters> <!-- these filters ensure that a ciphersuite with export-suitable or null encryption is used, but exclude anonymous Diffie-Hellman key change as this is vulnerable to man-in-the-middle attacks --> <sec:include>.*_EXPORT_.*</sec:include> <sec:include>.*_EXPORT1024_.*</sec:include> <sec:include>.*_WITH_DES_.*</sec:include> <sec:include>.*_WITH_NULL_.*</sec:include> <sec:exclude>.*_DH_anon_.*</sec:exclude> </sec:CiphersuiteFilters> </http:sslServer> </http:destination> </beans> |