Author: gmazza
Date: Thu Apr 7 12:07:53 2011
New Revision: 1089840
URL: http://svn.apache.org/viewvc?rev=1089840&view=rev
Log:
Better mavenized source code
Added:
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/jaxrs/
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/jaxrs/client/
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/jaxrs/client/Client.java
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/jaxrs/server/
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/jaxrs/server/Customer.java
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/jaxrs/server/CustomerService.java
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/jaxrs/server/Server.java
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/org/
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/org/apache/
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/org/apache/commons/
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/org/apache/commons/httpclient/
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/org/apache/commons/httpclient/contrib/
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/org/apache/commons/httpclient/contrib/ssl/
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/org/apache/commons/httpclient/contrib/ssl/AuthSSLInitializationError.java
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/org/apache/commons/httpclient/contrib/ssl/AuthSSLX509TrustManager.java
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/resources/
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/resources/ServerConfig.xml
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/resources/add_customer.xml
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/resources/update_customer.xml
Removed:
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/CherryServer.xml
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/certs/ca.crl
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/certs/cacert.pem
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/certs/caprivkey.pem
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/certs/cherry-ra-cert.pem
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/certs/cherry.chain
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/certs/csrcherry.pem
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/certs/csrra.pem
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/certs/csrwibble.pem
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/certs/exts
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/certs/ra-ca-cert.pem
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/certs/raprivkey.pem
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/certs/wibble-ra-cert.pem
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/certs/wibble.chain
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/contrib/
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/demo/
Modified:
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/README.txt
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/pom.xml
Modified:
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/README.txt
URL:
http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/README.txt?rev=1089840&r1=1089839&r2=1089840&view=diff
==============================================================================
---
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/README.txt
(original)
+++
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/README.txt
Thu Apr 7 12:07:53 2011
@@ -30,6 +30,10 @@ may be configured programatically so usi
employed to keep passwords from being stored in configuration files.
The approach taken here is for demonstration reasons only.
+NOTE: Classes AuthSSLInitializationError, AuthSSLProtocolSocketFactory,
+and AuthSSLX509TrustManager are files copied from the Apache HTTP Client
+project and used by the client for certificate validation.
+
Please review the README in the samples directory before
continuing.
Modified:
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/pom.xml
URL:
http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/pom.xml?rev=1089840&r1=1089839&r2=1089840&view=diff
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/pom.xml
(original)
+++ cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/pom.xml
Thu Apr 7 12:07:53 2011
@@ -44,46 +44,6 @@
<target>1.5</target>
</configuration>
</plugin>
- <plugin>
- <artifactId>maven-antrun-plugin</artifactId>
- <executions>
- <execution>
- <id>copyResources</id>
- <phase>generate-sources</phase>
- <goals>
- <goal>run</goal>
- </goals>
- <configuration>
- <tasks>
- <copy
file="${basedir}/src/demo/jaxrs/client/add_customer.xml"
todir="${basedir}/target/classes/demo/jaxrs/client" />
- <copy
file="${basedir}/src/demo/jaxrs/client/update_customer.xml"
todir="${basedir}/target/classes/demo/jaxrs/client" />
- <copy file="${basedir}/CherryServer.xml"
todir="${basedir}/target/classes" />
- <copy todir="${basedir}/src">
- <fileset dir="${basedir}/contrib">
- <include name="*.java" />
- </fileset>
- </copy>
- </tasks>
- </configuration>
- </execution>
- <execution>
- <id>removeContribFromSrc</id>
- <phase>process-classes</phase>
- <goals>
- <goal>run</goal>
- </goals>
- <configuration>
- <tasks>
- <delete>
- <fileset dir="${basedir}/src">
- <include name="*.java" />
- </fileset>
- </delete>
- </tasks>
- </configuration>
- </execution>
- </executions>
- </plugin>
</plugins>
</build>
<profiles>
@@ -103,12 +63,6 @@
</goals>
<configuration>
<mainClass>demo.jaxrs.server.Server</mainClass>
- <systemProperties>
- <property>
- <key>cxf.config.file</key>
- <value>CherryServer.xml</value>
- </property>
- </systemProperties>
</configuration>
</execution>
</executions>
@@ -147,28 +101,18 @@
<dependencies>
<dependency>
<groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-transports-http</artifactId>
+ <artifactId>cxf-rt-frontend-jaxrs</artifactId>
<version>2.4.0-SNAPSHOT</version>
</dependency>
- <!-- Jetty is needed if you're using Jetty container -->
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-transports-http-jetty</artifactId>
<version>2.4.0-SNAPSHOT</version>
</dependency>
<dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-frontend-jaxrs</artifactId>
- <version>2.4.0-SNAPSHOT</version>
- </dependency>
- <dependency>
<groupId>commons-httpclient</groupId>
<artifactId>commons-httpclient</artifactId>
<version>${httpclient.version}</version>
</dependency>
- <dependency>
- <groupId>javax.ws.rs</groupId>
- <artifactId>jsr311-api</artifactId>
- </dependency>
</dependencies>
</project>
Added:
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/jaxrs/client/Client.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/jaxrs/client/Client.java?rev=1089840&view=auto
==============================================================================
---
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/jaxrs/client/Client.java
(added)
+++
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/jaxrs/client/Client.java
Thu Apr 7 12:07:53 2011
@@ -0,0 +1,111 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package demo.jaxrs.client;
+
+import java.io.File;
+
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.contrib.ssl.AuthSSLProtocolSocketFactory;
+import org.apache.commons.httpclient.methods.FileRequestEntity;
+import org.apache.commons.httpclient.methods.GetMethod;
+import org.apache.commons.httpclient.methods.PostMethod;
+import org.apache.commons.httpclient.methods.PutMethod;
+import org.apache.commons.httpclient.methods.RequestEntity;
+import org.apache.commons.httpclient.protocol.Protocol;
+
+public final class Client {
+
+ private Client() {
+ }
+
+ public static void main(String args[]) throws Exception {
+ File wibble = new File(args[0]);
+ File truststore = new File(args[1]);
+
+ Protocol authhttps = new Protocol("https",
+ new AuthSSLProtocolSocketFactory(wibble.toURL(), "password",
+ truststore.toURL(), "password"),
+ 9000);
+ Protocol.registerProtocol("https", authhttps);
+
+ // Sent HTTP GET request to query customer info
+ System.out.println("Sent HTTPS GET request to query customer info");
+ HttpClient httpclient = new HttpClient();
+ GetMethod httpget = new
GetMethod("https://localhost:9000/customerservice/customers/123";);
+ httpget.addRequestHeader("Accept" , "text/xml");
+
+ // If Basic Authentication required (not needed in this sample) could
+ // do so via the following:
+ /*
+ String authorizationHeader = "Basic "
+ +
org.apache.cxf.common.util.Base64Utility.encode("username:password".getBytes());
+ httpget.addRequestHeader("Authorization", authorizationHeader);
+ */
+ try {
+ httpclient.executeMethod(httpget);
+ System.out.println(httpget.getResponseBodyAsString());
+ } finally {
+ httpget.releaseConnection();
+ }
+
+ // Sent HTTP PUT request to update customer info
+ System.out.println("\n");
+ System.out.println("Sent HTTPS PUT request to update customer info");
+ Client client = new Client();
+ String inputFile =
Client.class.getClassLoader().getResource("update_customer.xml").getFile();
+ File input = new File(inputFile);
+ PutMethod put = new
PutMethod("https://localhost:9000/customerservice/customers";);
+ RequestEntity entity = new FileRequestEntity(input, "text/xml;
charset=ISO-8859-1");
+ put.setRequestEntity(entity);
+
+ try {
+ int result = httpclient.executeMethod(put);
+ System.out.println("Response status code: " + result);
+ System.out.println("Response body: ");
+ System.out.println(put.getResponseBodyAsString());
+ } finally {
+ put.releaseConnection();
+ }
+
+ // Sent HTTP POST request to add customer
+ System.out.println("\n");
+ System.out.println("Sent HTTPS POST request to add customer");
+ inputFile =
Client.class.getClassLoader().getResource("add_customer.xml").getFile();
+ input = new File(inputFile);
+ PostMethod post = new
PostMethod("https://localhost:9000/customerservice/customers";);
+ post.addRequestHeader("Accept" , "text/xml");
+ entity = new FileRequestEntity(input, "text/xml; charset=ISO-8859-1");
+ post.setRequestEntity(entity);
+
+ try {
+ int result = httpclient.executeMethod(post);
+ System.out.println("Response status code: " + result);
+ System.out.println("Response body: ");
+ System.out.println(post.getResponseBodyAsString());
+ } finally {
+ // Release current connection to the connection pool once you are
+ // done
+ post.releaseConnection();
+ }
+
+ System.out.println("\n");
+ System.exit(0);
+ }
+}
Added:
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/jaxrs/server/Customer.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/jaxrs/server/Customer.java?rev=1089840&view=auto
==============================================================================
---
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/jaxrs/server/Customer.java
(added)
+++
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/jaxrs/server/Customer.java
Thu Apr 7 12:07:53 2011
@@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package demo.jaxrs.server;
+
+import javax.xml.bind.annotation.XmlRootElement;
+
+@XmlRootElement(name = "Customer")
+public class Customer {
+ private long id;
+ private String name;
+
+ public long getId() {
+ return id;
+ }
+
+ public void setId(long id) {
+ this.id = id;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public void setName(String name) {
+ this.name = name;
+ }
+}
Added:
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/jaxrs/server/CustomerService.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/jaxrs/server/CustomerService.java?rev=1089840&view=auto
==============================================================================
---
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/jaxrs/server/CustomerService.java
(added)
+++
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/jaxrs/server/CustomerService.java
Thu Apr 7 12:07:53 2011
@@ -0,0 +1,102 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package demo.jaxrs.server;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.ws.rs.DELETE;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.PUT;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.core.Response;
+
+@Path("/customerservice/")
+public class CustomerService {
+ long currentId = 123;
+ Map<Long, Customer> customers = new HashMap<Long, Customer>();
+
+ public CustomerService() {
+ init();
+ }
+
+ @GET
+ @Path("/customers/{id}/")
+ public Customer getCustomer(@PathParam("id") String id) {
+ System.out.println("----invoking getCustomer, Customer id is: " + id);
+ long idNumber = Long.parseLong(id);
+ Customer c = customers.get(idNumber);
+ return c;
+ }
+
+ @PUT
+ @Path("/customers/")
+ public Response updateCustomer(Customer customer) {
+ System.out.println("----invoking updateCustomer, Customer name is: " +
customer.getName());
+ Customer c = customers.get(customer.getId());
+ Response r;
+ if (c != null) {
+ customers.put(customer.getId(), customer);
+ r = Response.ok().build();
+ } else {
+ r = Response.notModified().build();
+ }
+
+ return r;
+ }
+
+ @POST
+ @Path("/customers/")
+ public Response addCustomer(Customer customer) {
+ System.out.println("----invoking addCustomer, Customer name is: " +
customer.getName());
+ customer.setId(++currentId);
+
+ customers.put(customer.getId(), customer);
+
+ return Response.ok(customer).build();
+ }
+
+ @DELETE
+ @Path("/customers/{id}/")
+ public Response deleteCustomer(@PathParam("id") String id) {
+ System.out.println("----invoking deleteCustomer, Customer id is: " +
id);
+ long idNumber = Long.parseLong(id);
+ Customer c = customers.get(idNumber);
+
+ Response r;
+ if (c != null) {
+ r = Response.ok().build();
+ customers.remove(idNumber);
+ } else {
+ r = Response.notModified().build();
+ }
+
+ return r;
+ }
+
+ final void init() {
+ Customer c = new Customer();
+ c.setName("John");
+ c.setId(123);
+ customers.put(c.getId(), c);
+ }
+
+}
Added:
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/jaxrs/server/Server.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/jaxrs/server/Server.java?rev=1089840&view=auto
==============================================================================
---
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/jaxrs/server/Server.java
(added)
+++
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/jaxrs/server/Server.java
Thu Apr 7 12:07:53 2011
@@ -0,0 +1,55 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package demo.jaxrs.server;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.jaxrs.JAXRSServerFactoryBean;
+import org.apache.cxf.jaxrs.lifecycle.SingletonResourceProvider;
+
+public class Server {
+
+ static {
+ // set the configuration file
+ SpringBusFactory factory = new SpringBusFactory();
+ Bus bus = factory.createBus("ServerConfig.xml");
+ BusFactory.setDefaultBus(bus);
+ }
+
+ protected Server() throws Exception {
+ JAXRSServerFactoryBean sf = new JAXRSServerFactoryBean();
+ sf.setResourceClasses(CustomerService.class);
+ sf.setResourceProvider(CustomerService.class,
+ new SingletonResourceProvider(new CustomerService()));
+ sf.setAddress("https://localhost:9000/";);
+
+ sf.create();
+ }
+
+ public static void main(String args[]) throws Exception {
+ new Server();
+ System.out.println("Server ready...");
+
+ Thread.sleep(5 * 60 * 1000);
+ System.out.println("Server exiting");
+ System.exit(0);
+ }
+}
Added:
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/org/apache/commons/httpclient/contrib/ssl/AuthSSLInitializationError.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/org/apache/commons/httpclient/contrib/ssl/AuthSSLInitializationError.java?rev=1089840&view=auto
==============================================================================
---
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/org/apache/commons/httpclient/contrib/ssl/AuthSSLInitializationError.java
(added)
+++
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/org/apache/commons/httpclient/contrib/ssl/AuthSSLInitializationError.java
Thu Apr 7 12:07:53 2011
@@ -0,0 +1,52 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.commons.httpclient.contrib.ssl;
+
+/**
+ * <p>
+ * Signals fatal error in initialization of {@link
AuthSSLProtocolSocketFactory}.
+ * </p>
+ *
+ * @author <a href="mailto:[email protected]";>Oleg Kalnichevski</a>
+ * <p>
+ * DISCLAIMER: HttpClient developers DO NOT actively support this
+ * component. The component is provided as a reference material, which
+ * may be inappropriate for use without additional customization.
+ * </p>
+ */
+
+public class AuthSSLInitializationError extends Error {
+
+ /**
+ * Creates a new AuthSSLInitializationError.
+ */
+ public AuthSSLInitializationError() {
+ super();
+ }
+
+ /**
+ * Creates a new AuthSSLInitializationError with the specified message.
+ *
+ * @param message error message
+ */
+ public AuthSSLInitializationError(String message) {
+ super(message);
+ }
+}
Added:
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java?rev=1089840&view=auto
==============================================================================
---
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java
(added)
+++
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java
Thu Apr 7 12:07:53 2011
@@ -0,0 +1,383 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.commons.httpclient.contrib.ssl;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import java.net.Socket;
+import java.net.SocketAddress;
+import java.net.URL;
+import java.net.UnknownHostException;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.Enumeration;
+
+import org.apache.commons.httpclient.ConnectTimeoutException;
+import org.apache.commons.httpclient.params.HttpConnectionParams;
+import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import javax.net.SocketFactory;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
+
+/**
+ * <p>
+ * AuthSSLProtocolSocketFactory can be used to validate the identity of the
HTTPS
+ * server against a list of trusted certificates and to authenticate to the
HTTPS
+ * server using a private key.
+ * </p>
+ *
+ * <p>
+ * AuthSSLProtocolSocketFactory will enable server authentication when
supplied with
+ * a {@link KeyStore truststore} file containg one or several trusted
certificates.
+ * The client secure socket will reject the connection during the SSL session
handshake
+ * if the target HTTPS server attempts to authenticate itself with a
non-trusted
+ * certificate.
+ * </p>
+ *
+ * <p>
+ * Use JDK keytool utility to import a trusted certificate and generate a
truststore file:
+ * <pre>
+ * keytool -import -alias "my server cert" -file server.crt -keystore
my.truststore
+ * </pre>
+ * </p>
+ *
+ * <p>
+ * AuthSSLProtocolSocketFactory will enable client authentication when
supplied with
+ * a {@link KeyStore keystore} file containg a private key/public certificate
pair.
+ * The client secure socket will use the private key to authenticate itself to
the target
+ * HTTPS server during the SSL session handshake if requested to do so by the
server.
+ * The target HTTPS server will in its turn verify the certificate presented
by the client
+ * in order to establish client's authenticity
+ * </p>
+ *
+ * <p>
+ * Use the following sequence of actions to generate a keystore file
+ * </p>
+ * <ul>
+ * <li>
+ * <p>
+ * Use JDK keytool utility to generate a new key
+ * <pre>keytool -genkey -v -alias "my client key" -validity 365 -keystore
my.keystore</pre>
+ * For simplicity use the same password for the key as that of the
keystore
+ * </p>
+ * </li>
+ * <li>
+ * <p>
+ * Issue a certificate signing request (CSR)
+ * <pre>keytool -certreq -alias "my client key" -file mycertreq.csr
-keystore my.keystore</pre>
+ * </p>
+ * </li>
+ * <li>
+ * <p>
+ * Send the certificate request to the trusted Certificate Authority for
signature.
+ * One may choose to act as her own CA and sign the certificate request
using a PKI
+ * tool, such as OpenSSL.
+ * </p>
+ * </li>
+ * <li>
+ * <p>
+ * Import the trusted CA root certificate
+ * <pre>keytool -import -alias "my trusted ca" -file caroot.crt
-keystore my.keystore</pre>
+ * </p>
+ * </li>
+ * <li>
+ * <p>
+ * Import the PKCS#7 file containg the complete certificate chain
+ * <pre>keytool -import -alias "my client key" -file mycert.p7 -keystore
my.keystore</pre>
+ * </p>
+ * </li>
+ * <li>
+ * <p>
+ * Verify the content the resultant keystore file
+ * <pre>keytool -list -v -keystore my.keystore</pre>
+ * </p>
+ * </li>
+ * </ul>
+ * <p>
+ * Example of using custom protocol socket factory for a specific host:
+ * <pre>
+ * Protocol authhttps = new Protocol("https",
+ * new AuthSSLProtocolSocketFactory(
+ * new URL("file:my.keystore"), "mypassword",
+ * new URL("file:my.truststore"), "mypassword"), 443);
+ *
+ * HttpClient client = new HttpClient();
+ * client.getHostConfiguration().setHost("localhost", 443, authhttps);
+ * // use relative url only
+ * GetMethod httpget = new GetMethod("/");
+ * client.executeMethod(httpget);
+ * </pre>
+ * </p>
+ * <p>
+ * Example of using custom protocol socket factory per default instead of the
standard one:
+ * <pre>
+ * Protocol authhttps = new Protocol("https",
+ * new AuthSSLProtocolSocketFactory(
+ * new URL("file:my.keystore"), "mypassword",
+ * new URL("file:my.truststore"), "mypassword"), 443);
+ * Protocol.registerProtocol("https", authhttps);
+ *
+ * HttpClient client = new HttpClient();
+ * GetMethod httpget = new GetMethod("https://localhost/";);
+ * client.executeMethod(httpget);
+ * </pre>
+ * </p>
+ * @author <a href="mailto:oleg -at- ural.ru">Oleg Kalnichevski</a>
+ *
+ * <p>
+ * DISCLAIMER: HttpClient developers DO NOT actively support this component.
+ * The component is provided as a reference material, which may be
inappropriate
+ * for use without additional customization.
+ * </p>
+ */
+
+public class AuthSSLProtocolSocketFactory implements
SecureProtocolSocketFactory {
+
+ /** Log object for this class. */
+ private static final Log LOG =
LogFactory.getLog(AuthSSLProtocolSocketFactory.class);
+
+ private URL keystoreUrl = null;
+ private String keystorePassword = null;
+ private URL truststoreUrl = null;
+ private String truststorePassword = null;
+ private SSLContext sslcontext = null;
+
+ /**
+ * Constructor for AuthSSLProtocolSocketFactory. Either a keystore or
truststore file
+ * must be given. Otherwise SSL context initialization error will result.
+ *
+ * @param keystoreUrl URL of the keystore file. May be <tt>null</tt> if
HTTPS client
+ * authentication is not to be used.
+ * @param keystorePassword Password to unlock the keystore. IMPORTANT:
this implementation
+ * assumes that the same password is used to protect the key and
the keystore itself.
+ * @param truststoreUrl URL of the truststore file. May be <tt>null</tt>
if HTTPS server
+ * authentication is not to be used.
+ * @param truststorePassword Password to unlock the truststore.
+ */
+ public AuthSSLProtocolSocketFactory(final URL keystoreUrl, final String
keystorePassword,
+ final URL truststoreUrl, final String
truststorePassword) {
+ super();
+ this.keystoreUrl = keystoreUrl;
+ this.keystorePassword = keystorePassword;
+ this.truststoreUrl = truststoreUrl;
+ this.truststorePassword = truststorePassword;
+ }
+
+ private static KeyStore createKeyStore(final URL url, final String
password) throws KeyStoreException,
+ NoSuchAlgorithmException, CertificateException, IOException {
+ if (url == null) {
+ throw new IllegalArgumentException("Keystore url may not be null");
+ }
+ LOG.debug("Initializing key store");
+ KeyStore keystore = KeyStore.getInstance("jks");
+ InputStream is = null;
+ try {
+ is = url.openStream();
+ keystore.load(is, password != null ? password.toCharArray() :
null);
+ } finally {
+ if (is != null)
+ is.close();
+ }
+ return keystore;
+ }
+
+ private static KeyManager[] createKeyManagers(final KeyStore keystore,
final String password)
+ throws KeyStoreException, NoSuchAlgorithmException,
UnrecoverableKeyException {
+ if (keystore == null) {
+ throw new IllegalArgumentException("Keystore may not be null");
+ }
+ LOG.debug("Initializing key manager");
+ KeyManagerFactory kmfactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+ kmfactory.init(keystore, password != null ? password.toCharArray() :
null);
+ return kmfactory.getKeyManagers();
+ }
+
+ private static TrustManager[] createTrustManagers(final KeyStore keystore)
throws KeyStoreException,
+ NoSuchAlgorithmException {
+ if (keystore == null) {
+ throw new IllegalArgumentException("Keystore may not be null");
+ }
+ LOG.debug("Initializing trust manager");
+ TrustManagerFactory tmfactory =
TrustManagerFactory.getInstance(TrustManagerFactory
+ .getDefaultAlgorithm());
+ tmfactory.init(keystore);
+ TrustManager[] trustmanagers = tmfactory.getTrustManagers();
+ for (int i = 0; i < trustmanagers.length; i++) {
+ if (trustmanagers[i] instanceof X509TrustManager) {
+ trustmanagers[i] = new
AuthSSLX509TrustManager((X509TrustManager)trustmanagers[i]);
+ }
+ }
+ return trustmanagers;
+ }
+
+ private SSLContext createSSLContext() {
+ try {
+ KeyManager[] keymanagers = null;
+ TrustManager[] trustmanagers = null;
+ if (this.keystoreUrl != null) {
+ KeyStore keystore = createKeyStore(this.keystoreUrl,
this.keystorePassword);
+ if (LOG.isDebugEnabled()) {
+ Enumeration aliases = keystore.aliases();
+ while (aliases.hasMoreElements()) {
+ String alias = (String)aliases.nextElement();
+ Certificate[] certs =
keystore.getCertificateChain(alias);
+ if (certs != null) {
+ LOG.debug("Certificate chain '" + alias + "':");
+ for (int c = 0; c < certs.length; c++) {
+ if (certs[c] instanceof X509Certificate) {
+ X509Certificate cert =
(X509Certificate)certs[c];
+ LOG.debug(" Certificate " + (c + 1) + ":");
+ LOG.debug(" Subject DN: " +
cert.getSubjectDN());
+ LOG.debug(" Signature Algorithm: " +
cert.getSigAlgName());
+ LOG.debug(" Valid from: " +
cert.getNotBefore());
+ LOG.debug(" Valid until: " +
cert.getNotAfter());
+ LOG.debug(" Issuer: " +
cert.getIssuerDN());
+ }
+ }
+ }
+ }
+ }
+ keymanagers = createKeyManagers(keystore,
this.keystorePassword);
+ }
+ if (this.truststoreUrl != null) {
+ KeyStore keystore = createKeyStore(this.truststoreUrl,
this.truststorePassword);
+ if (LOG.isDebugEnabled()) {
+ Enumeration aliases = keystore.aliases();
+ while (aliases.hasMoreElements()) {
+ String alias = (String)aliases.nextElement();
+ LOG.debug("Trusted certificate '" + alias + "':");
+ Certificate trustedcert =
keystore.getCertificate(alias);
+ if (trustedcert != null && trustedcert instanceof
X509Certificate) {
+ X509Certificate cert =
(X509Certificate)trustedcert;
+ LOG.debug(" Subject DN: " + cert.getSubjectDN());
+ LOG.debug(" Signature Algorithm: " +
cert.getSigAlgName());
+ LOG.debug(" Valid from: " + cert.getNotBefore());
+ LOG.debug(" Valid until: " + cert.getNotAfter());
+ LOG.debug(" Issuer: " + cert.getIssuerDN());
+ }
+ }
+ }
+ trustmanagers = createTrustManagers(keystore);
+ }
+ SSLContext sslcontext = SSLContext.getInstance("SSL");
+ sslcontext.init(keymanagers, trustmanagers, null);
+ return sslcontext;
+ } catch (NoSuchAlgorithmException e) {
+ LOG.error(e.getMessage(), e);
+ throw new AuthSSLInitializationError("Unsupported algorithm
exception: " + e.getMessage());
+ } catch (KeyStoreException e) {
+ LOG.error(e.getMessage(), e);
+ throw new AuthSSLInitializationError("Keystore exception: " +
e.getMessage());
+ } catch (GeneralSecurityException e) {
+ LOG.error(e.getMessage(), e);
+ throw new AuthSSLInitializationError("Key management exception: "
+ e.getMessage());
+ } catch (IOException e) {
+ LOG.error(e.getMessage(), e);
+ throw new AuthSSLInitializationError("I/O error reading
keystore/truststore file: "
+ + e.getMessage());
+ }
+ }
+
+ private SSLContext getSSLContext() {
+ if (this.sslcontext == null) {
+ this.sslcontext = createSSLContext();
+ }
+ return this.sslcontext;
+ }
+
+ /**
+ * Attempts to get a new socket connection to the given host within the
given time limit.
+ * <p>
+ * To circumvent the limitations of older JREs that do not support connect
timeout a
+ * controller thread is executed. The controller thread attempts to create
a new socket
+ * within the given limit of time. If socket constructor does not return
until the
+ * timeout expires, the controller terminates and throws an {@link
ConnectTimeoutException}
+ * </p>
+ *
+ * @param host the host name/IP
+ * @param port the port on the host
+ * @param clientHost the local host name/IP to bind the socket to
+ * @param clientPort the port on the local machine
+ * @param params {@link HttpConnectionParams Http connection parameters}
+ *
+ * @return Socket a new socket
+ *
+ * @throws IOException if an I/O error occurs while creating the socket
+ * @throws UnknownHostException if the IP address of the host cannot be
+ * determined
+ */
+ public Socket createSocket(final String host, final int port, final
InetAddress localAddress,
+ final int localPort, final HttpConnectionParams
params) throws IOException,
+ UnknownHostException, ConnectTimeoutException {
+ if (params == null) {
+ throw new IllegalArgumentException("Parameters may not be null");
+ }
+ int timeout = params.getConnectionTimeout();
+ SocketFactory socketfactory = getSSLContext().getSocketFactory();
+ if (timeout == 0) {
+ return socketfactory.createSocket(host, port, localAddress,
localPort);
+ } else {
+ Socket socket = socketfactory.createSocket();
+ SocketAddress localaddr = new InetSocketAddress(localAddress,
localPort);
+ SocketAddress remoteaddr = new InetSocketAddress(host, port);
+ socket.bind(localaddr);
+ socket.connect(remoteaddr, timeout);
+ return socket;
+ }
+ }
+
+ /**
+ * @see
SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int)
+ */
+ public Socket createSocket(String host, int port, InetAddress clientHost,
int clientPort)
+ throws IOException, UnknownHostException {
+ return getSSLContext().getSocketFactory().createSocket(host, port,
clientHost, clientPort);
+ }
+
+ /**
+ * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int)
+ */
+ public Socket createSocket(String host, int port) throws IOException,
UnknownHostException {
+ return getSSLContext().getSocketFactory().createSocket(host, port);
+ }
+
+ /**
+ * @see
SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.String,int,boolean)
+ */
+ public Socket createSocket(Socket socket, String host, int port, boolean
autoClose) throws IOException,
+ UnknownHostException {
+ return getSSLContext().getSocketFactory().createSocket(socket, host,
port, autoClose);
+ }
+}
Added:
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/org/apache/commons/httpclient/contrib/ssl/AuthSSLX509TrustManager.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/org/apache/commons/httpclient/contrib/ssl/AuthSSLX509TrustManager.java?rev=1089840&view=auto
==============================================================================
---
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/org/apache/commons/httpclient/contrib/ssl/AuthSSLX509TrustManager.java
(added)
+++
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/org/apache/commons/httpclient/contrib/ssl/AuthSSLX509TrustManager.java
Thu Apr 7 12:07:53 2011
@@ -0,0 +1,106 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.commons.httpclient.contrib.ssl;
+
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.X509TrustManager;
+import java.security.cert.CertificateException;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+/**
+ * <p>
+ * AuthSSLX509TrustManager can be used to extend the default
+ * {@link X509TrustManager} with additional trust decisions.
+ * </p>
+ *
+ * @author <a href="mailto:[email protected]";>Oleg Kalnichevski</a>
+ * <p>
+ * DISCLAIMER: HttpClient developers DO NOT actively support this
+ * component. The component is provided as a reference material, which
+ * may be inappropriate for use without additional customization.
+ * </p>
+ */
+
+public class AuthSSLX509TrustManager implements X509TrustManager {
+ private X509TrustManager defaultTrustManager = null;
+
+ /** Log object for this class. */
+ private static final Log LOG =
LogFactory.getLog(AuthSSLX509TrustManager.class);
+
+ /**
+ * Constructor for AuthSSLX509TrustManager.
+ */
+ public AuthSSLX509TrustManager(final X509TrustManager defaultTrustManager)
{
+ super();
+ if (defaultTrustManager == null) {
+ throw new IllegalArgumentException("Trust manager may not be
null");
+ }
+ this.defaultTrustManager = defaultTrustManager;
+ }
+
+ /**
+ * @see
javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[],String
+ * authType)
+ */
+ public void checkClientTrusted(X509Certificate[] certificates, String
authType)
+ throws CertificateException {
+ if (LOG.isInfoEnabled() && certificates != null) {
+ for (int c = 0; c < certificates.length; c++) {
+ X509Certificate cert = certificates[c];
+ LOG.info(" Client certificate " + (c + 1) + ":");
+ LOG.info(" Subject DN: " + cert.getSubjectDN());
+ LOG.info(" Signature Algorithm: " + cert.getSigAlgName());
+ LOG.info(" Valid from: " + cert.getNotBefore());
+ LOG.info(" Valid until: " + cert.getNotAfter());
+ LOG.info(" Issuer: " + cert.getIssuerDN());
+ }
+ }
+ defaultTrustManager.checkClientTrusted(certificates, authType);
+ }
+
+ /**
+ * @see
javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],String
+ * authType)
+ */
+ public void checkServerTrusted(X509Certificate[] certificates, String
authType)
+ throws CertificateException {
+ if (LOG.isInfoEnabled() && certificates != null) {
+ for (int c = 0; c < certificates.length; c++) {
+ X509Certificate cert = certificates[c];
+ LOG.info(" Server certificate " + (c + 1) + ":");
+ LOG.info(" Subject DN: " + cert.getSubjectDN());
+ LOG.info(" Signature Algorithm: " + cert.getSigAlgName());
+ LOG.info(" Valid from: " + cert.getNotBefore());
+ LOG.info(" Valid until: " + cert.getNotAfter());
+ LOG.info(" Issuer: " + cert.getIssuerDN());
+ }
+ }
+ defaultTrustManager.checkServerTrusted(certificates, authType);
+ }
+
+ /**
+ * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers()
+ */
+ public X509Certificate[] getAcceptedIssuers() {
+ return this.defaultTrustManager.getAcceptedIssuers();
+ }
+}
Added:
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/resources/ServerConfig.xml
URL:
http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/resources/ServerConfig.xml?rev=1089840&view=auto
==============================================================================
---
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/resources/ServerConfig.xml
(added)
+++
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/resources/ServerConfig.xml
Thu Apr 7 12:07:53 2011
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+<!--
+ ** This file configures the Cherry Server.
+ -->
+
+<beans xmlns="http://www.springframework.org/schema/beans";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xmlns:sec="http://cxf.apache.org/configuration/security";
+ xmlns:http="http://cxf.apache.org/transports/http/configuration";
+ xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration";
+ xsi:schemaLocation="
+ http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
+ http://cxf.apache.org/transports/http/configuration
+ http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/transports/http-jetty/configuration
+ http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+ http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans.xsd";>
+
+ <httpj:engine-factory bus="cxf">
+ <httpj:engine port="9000">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password"
+ file="certs/cherry.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password"
+ file="certs/truststore.jks"/>
+ </sec:trustManagers>
+ <sec:cipherSuitesFilter>
+ <!-- these filters ensure that a ciphersuite with
+ export-suitable or null encryption is used,
+ but exclude anonymous Diffie-Hellman key change as
+ this is vulnerable to man-in-the-middle attacks -->
+ <sec:include>.*_EXPORT_.*</sec:include>
+ <sec:include>.*_EXPORT1024_.*</sec:include>
+ <sec:include>.*_WITH_DES_.*</sec:include>
+ <sec:include>.*_WITH_NULL_.*</sec:include>
+ <sec:exclude>.*_DH_anon_.*</sec:exclude>
+ </sec:cipherSuitesFilter>
+ <sec:clientAuthentication want="true" required="true"/>
+ </httpj:tlsServerParameters>
+ </httpj:engine>
+ </httpj:engine-factory>
+
+</beans>
Added:
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/resources/add_customer.xml
URL:
http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/resources/add_customer.xml?rev=1089840&view=auto
==============================================================================
---
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/resources/add_customer.xml
(added)
+++
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/resources/add_customer.xml
Thu Apr 7 12:07:53 2011
@@ -0,0 +1,3 @@
+<Customer>
+ <name>Jack</name>
+</Customer>
\ No newline at end of file
Added:
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/resources/update_customer.xml
URL:
http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/resources/update_customer.xml?rev=1089840&view=auto
==============================================================================
---
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/resources/update_customer.xml
(added)
+++
cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/resources/update_customer.xml
Thu Apr 7 12:07:53 2011
@@ -0,0 +1,4 @@
+<Customer>
+ <name>Mary</name>
+ <id>123</id>
+</Customer>
\ No newline at end of file
