...
The TLSClientParameters are listed here and here.
trustAllCertificates
: SSL X509 certificate verification deactivation
A new feature starting in CXF 2.02.5 7 is the disableCNcheck
trustAllCertificates
attribute for this element. It defaults to false
, indicating that the hostname given in the HTTPS URL SSL certificate will be checked against the service's Common Name (CN) given in its certificate during SOAP client requeststhe X509TrustManager (if none is configured, the JVM's keystore is used), and failing if there is a mismatchthe certificate is not trusted (unknown Certificate Authority, etc). If set to true
(not recommended for production use), such checks will be bypassed. That will allow you, for example, to easily use a URL such as localhost
during development. self-signed certificate during development.
Code Block | ||
---|---|---|
| ||
...
<http-conf:conduit name="{http://example.com/}HelloWorldServicePort.http-conduit">
<!-- trust all certificates (self-signed certificate, etc) -->
<!-- WARNING ! trustAllCertificates=true should NOT be used in production -->
<http-conf:tlsClientParameters trustAllCertificates="true" />
...
</http-conf:conduit>
...
|
disableCNcheck
: SSL hostname verification
A new feature starting in CXF 2.0.5 is the disableCNcheck
attribute for this element. It defaults to false
, indicating that the hostname given in the HTTPS URL will be checked against the service's Common Name (CN) given in its certificate during SOAP client requests, and failing if there is a mismatch. If set to true
(not recommended for production use), such checks will be bypassed. That will allow you, for example, to use a URL such as localhost
during development.
Code Block | ||
---|---|---|
| ||
...
<http-conf:conduit name="{http://example.com/}HelloWorldServicePort.http-conduit">
<!-- deactivate HTTPS url hostname verification (localhost, etc) -->
<!-- WARNING ! disableCNcheck=true should NOT be used in production -->
<http-conf:tlsClientParameters disableCNcheck="true" />
...
</http-conf:conduit>
...
|
Using WSDL
Namespace
The WSDL extension elements used to configure an HTTP client are defined in the namespace http://cxf.apache.org/transports/http/configuration
. It is commonly referred to using the prefix http-conf
. In order to use the HTTP configuration elements you will need to add the line shown below to the definitions
element of your endpoint's WSDL document.
...