Versions Compared

Old Version 15

changes.mady.by.user willem jiang

Saved on

compared with

New Version 16

changes.mady.by.user willem jiang

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: updated the client side SSL configuration sample

...

Code Block
xml
xml
<beans xmlns="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:sec="http://cxf.apache.org/configuration/security"
  xmlns:http="http://cxf.apache.org/transports/http/configuration"  
  xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
  xsi:schemaLocation="
  		   http://cxf.apache.org/transports/http/configurationconfiguration/security
  		      http://cxf.apache.org/schemas/configuration/http-confsecurity.xsd
           http://wwwcxf.springframeworkapache.org/transports/schema/beanshttp/configuration
              http://wwwcxf.springframeworkapache.org/schemaschemas/beansconfiguration/springhttp-beansconf.xsd">

  <http:conduit name="{           
           http://apachewww.springframework.org/hello_world_soap_http}SoapPort.http-conduit">/schema/beans
    <http:sslClient>
          <sechttp:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore>
      <sec:KeystorePassword>celtixpass</sec:KeystorePassword>
/www.springframework.org/schema/beans/spring-beans-2.0.xsd">
 
   <http:conduit name="{http://apache.org/hello_world}HelloWorld.http-conduit">

	   <http:tlsClientParameters>
	      <sec:KeyPassword>celtixpass</sec:KeyPassword>
keyManagers keyPassword="password">
	           <sec:keyStore type="JKS" password="password" 
	                file="src/test/java/org/apache/cxf/systest/http/resources/Morpit.jks"/>
	      </sec:keyManagers>
	      <sec:trustManagers>
	          <sec:keyStore type="JKS" password="password"
	               file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
	      <sec:TrustStore>src/demo/hw_https/resources/abigcompany_ca.pem</sec:TrustStore>
</sec:trustManagers>
	      <sec:CiphersuiteFilters>cipherSuitesFilter>
	        <!-- these filters ensure that a ciphersuite with
	          export-suitable or null encryption is used,
	          but exclude anonymous exportDiffie-suitableHellman butkey non-null encryption is used,
change as
	          this is andvulnerable prefersto man-in-the stronger SHA over MD5 message digests -->
-middle attacks -->
	        <sec:include>.*_EXPORT_.*</sec:include>
	        <sec:include>.*_EXPORTEXPORT1024_.*</sec:include>
	        <sec:include>.*_WITH_EXPORT1024DES_.*</sec:include>
	        <sec:include>.*_WITH_DESNULL_.*</sec:include>
	        <sec:exclude>.*_WITHDH_NULL_.*</sec:exclude>
   anon_.*</sec:exclude>
	      </sec:cipherSuitesFilter>
	  </http:tlsClientParameters>
	  <http:authorization>
	     <sec:UserName>Betty</sec:UserName>
	     <sec:exclude>.*_MD5<Password>password</sec:exclude>Password>
	  </http:authorization>
      <http:client  </sec:CiphersuiteFilters>AutoRedirect="true" Connection="Keep-Alive"/>
    </http:sslClient>
   </http:conduit>

</beans>

The first thing to notice is the "id" attribute on <http:conduit>. This allows CXF to associate this HTTP Conduit configuration with a particular WSDL Port. The id includes the service's namespace, the WSDL port name, and ".http-conduit". It follows this template: "{serviceNamespace}portName.http-conduit".

...

A client endpoint can be configured using two three mechanisms:

  • Configuration
  • WSDL
  • Java code

Using Configuration

Namespace

...