[CXF-6414] - Add a way of including TLS protocols in the Jetty server
Conflicts:
rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/575095a1
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/575095a1
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/575095a1
Branch: refs/heads/3.0.x-fixes
Commit: 575095a1abd5190ac4e8d1db73973e5b300a33e2
Parents: 153ddff
Author: Colm O hEigeartaigh <[email protected]>
Authored: Tue May 19 16:36:57 2015 +0100
Committer: Colm O hEigeartaigh <[email protected]>
Committed: Tue May 19 16:52:38 2015 +0100
----------------------------------------------------------------------
.../configuration/jsse/TLSServerParameters.java | 18 ++
.../jsse/TLSServerParametersConfig.java | 3 +
.../schemas/configuration/security.xsd | 20 ++
.../http_jetty/JettyHTTPServerEngine.java | 268 +++++++++++++++++++
...ttyHTTPServerEngineBeanDefinitionParser.java | 4 +
.../org/apache/cxf/https/ssl3/SSLv3Test.java | 47 ++++
.../org/apache/cxf/https/ssl3/sslv3-server.xml | 27 ++
7 files changed, 387 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/575095a1/core/src/main/java/org/apache/cxf/configuration/jsse/TLSServerParameters.java
----------------------------------------------------------------------
diff --git
a/core/src/main/java/org/apache/cxf/configuration/jsse/TLSServerParameters.java
b/core/src/main/java/org/apache/cxf/configuration/jsse/TLSServerParameters.java
index 52884c3..fe7806e 100644
---
a/core/src/main/java/org/apache/cxf/configuration/jsse/TLSServerParameters.java
+++
b/core/src/main/java/org/apache/cxf/configuration/jsse/TLSServerParameters.java
@@ -32,6 +32,7 @@ public class TLSServerParameters extends TLSParameterBase {
ClientAuthentication clientAuthentication;
List<String> excludeProtocols = new ArrayList<String>();
+ List<String> includeProtocols = new ArrayList<String>();
/**
* This parameter configures the server side to request and/or
@@ -64,5 +65,22 @@ public class TLSServerParameters extends TLSParameterBase {
}
return excludeProtocols;
}
+
+ /**
+ * This parameter sets the protocol list to include.
+ */
+ public final void setIncludeProtocols(List<String> protocols) {
+ includeProtocols = protocols;
+ }
+
+ /**
+ * Returns the protocols to include that are associated with this endpoint.
+ */
+ public List<String> getIncludeProtocols() {
+ if (includeProtocols == null) {
+ includeProtocols = new ArrayList<String>();
+ }
+ return includeProtocols;
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/575095a1/core/src/main/java/org/apache/cxf/configuration/jsse/TLSServerParametersConfig.java
----------------------------------------------------------------------
diff --git
a/core/src/main/java/org/apache/cxf/configuration/jsse/TLSServerParametersConfig.java
b/core/src/main/java/org/apache/cxf/configuration/jsse/TLSServerParametersConfig.java
index a9c9cd6..137e80d 100644
---
a/core/src/main/java/org/apache/cxf/configuration/jsse/TLSServerParametersConfig.java
+++
b/core/src/main/java/org/apache/cxf/configuration/jsse/TLSServerParametersConfig.java
@@ -57,6 +57,9 @@ public class TLSServerParametersConfig
if (params.isSetExcludeProtocols()) {
this.setExcludeProtocols(params.getExcludeProtocols().getExcludeProtocol());
}
+ if (params.isSetIncludeProtocols()) {
+
this.setIncludeProtocols(params.getIncludeProtocols().getIncludeProtocol());
+ }
if (params.isSetJsseProvider()) {
this.setJsseProvider(params.getJsseProvider());
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/575095a1/core/src/main/resources/schemas/configuration/security.xsd
----------------------------------------------------------------------
diff --git a/core/src/main/resources/schemas/configuration/security.xsd
b/core/src/main/resources/schemas/configuration/security.xsd
index 56fe888..2a2c9de 100644
--- a/core/src/main/resources/schemas/configuration/security.xsd
+++ b/core/src/main/resources/schemas/configuration/security.xsd
@@ -353,6 +353,19 @@
</xs:sequence>
</xs:complexType>
+ <xs:complexType name="IncludeProtocols">
+ <xs:annotation>
+ <xs:documentation>
+ This structure holds a list of protocols that are to be included.
+ Sometimes we want to include more protocols than the secure socket
protocol, for example
+ "SSLv2Hello".
+ </xs:documentation>
+ </xs:annotation>
+ <xs:sequence>
+ <xs:element name="includeProtocol" type="xs:string" minOccurs="0"
maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+
<xs:complexType name="SecureRandomParameters">
<xs:annotation>
<xs:documentation>
@@ -557,6 +570,13 @@
</xs:documentation>
</xs:annotation>
</xs:element>
+ <xs:element name="includeProtocols" type="tns:IncludeProtocols"
minOccurs="0">
+ <xs:annotation>
+ <xs:documentation>
+ This element contains the the Protocols that will be included
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
<xs:element name="secureRandomParameters"
type="tns:SecureRandomParameters" minOccurs="0">
<xs:annotation>
http://git-wip-us.apache.org/repos/asf/cxf/blob/575095a1/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
----------------------------------------------------------------------
diff --git
a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
index 87f313d..740e588 100644
---
a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
+++
b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
@@ -490,6 +490,274 @@ public class JettyHTTPServerEngine implements
ServerEngine {
}
}
+<<<<<<< HEAD
+=======
+ private void addServerMBean() {
+ if (mBeanContainer == null) {
+ return;
+ }
+
+ try {
+ Object o = getContainer(server);
+ o.getClass().getMethod("addEventListener",
Container.Listener.class).invoke(o, mBeanContainer);
+ if (Server.getVersion().startsWith("8")) {
+ return;
+ }
+ mBeanContainer.getClass().getMethod("beanAdded", Container.class,
Object.class)
+ .invoke(mBeanContainer, null, server);
+ } catch (RuntimeException rex) {
+ throw rex;
+ } catch (Exception r) {
+ throw new RuntimeException(r);
+ }
+ }
+ private void removeServerMBean() {
+ try {
+ mBeanContainer.getClass().getMethod("beanRemoved",
Container.class, Object.class)
+ .invoke(mBeanContainer, null, server);
+ } catch (RuntimeException rex) {
+ throw rex;
+ } catch (Exception r) {
+ throw new RuntimeException(r);
+ }
+ }
+
+ private Connector createConnector(String hosto, int porto) {
+ // now we just use the SelectChannelConnector as the default connector
+ SslContextFactory sslcf = null;
+ if (tlsServerParameters != null) {
+ sslcf = new SslContextFactory() {
+ protected void doStart() throws Exception {
+ setSslContext(createSSLContext(this));
+ super.doStart();
+ }
+ public void checkKeyStore() {
+ //we'll handle this later
+ }
+ };
+ decorateCXFJettySslSocketConnector(sslcf);
+ }
+ AbstractConnector result = null;
+ if (!Server.getVersion().startsWith("8")) {
+ result = createConnectorJetty9(sslcf, hosto, porto);
+ } else {
+ result = createConnectorJetty8(sslcf, hosto, porto);
+ }
+
+ try {
+ result.getClass().getMethod("setPort",
Integer.TYPE).invoke(result, porto);
+ if (hosto != null) {
+ result.getClass().getMethod("setHost",
String.class).invoke(result, hosto);
+ }
+ result.getClass().getMethod("setReuseAddress",
Boolean.TYPE).invoke(result, isReuseAddress());
+ } catch (RuntimeException rex) {
+ throw rex;
+ } catch (Exception ex) {
+ throw new RuntimeException(ex);
+ }
+
+ return result;
+ }
+
+ AbstractConnector createConnectorJetty9(SslContextFactory sslcf, String
hosto, int porto) {
+ //Jetty 9
+ AbstractConnector result = null;
+ try {
+ Class<?> configClass =
ClassLoaderUtils.loadClass("org.eclipse.jetty.server.HttpConfiguration",
+ Server.class);
+ Object httpConfig = configClass.newInstance();
+ httpConfig.getClass().getMethod("setSendServerVersion",
Boolean.TYPE)
+ .invoke(httpConfig, getSendServerVersion());
+
+ Object httpFactory =
ClassLoaderUtils.loadClass("org.eclipse.jetty.server.HttpConnectionFactory",
+ Server.class)
+
.getConstructor(configClass).newInstance(httpConfig);
+
+ Collection<Object> connectionFactories = new ArrayList<Object>();
+ result =
(AbstractConnector)ClassLoaderUtils.loadClass("org.eclipse.jetty.server.ServerConnector",
+
Server.class)
+
.getConstructor(Server.class)
+
.newInstance(server);
+
+ if (tlsServerParameters != null) {
+ Class<?> src =
ClassLoaderUtils.loadClass("org.eclipse.jetty.server.SecureRequestCustomizer",
+ Server.class);
+ httpConfig.getClass().getMethod("addCustomizer",
src.getInterfaces()[0])
+ .invoke(httpConfig, src.newInstance());
+ Object scf =
ClassLoaderUtils.loadClass("org.eclipse.jetty.server.SslConnectionFactory",
+
Server.class).getConstructor(SslContextFactory.class,
+
String.class)
+ .newInstance(sslcf,
"HTTP/1.1");
+ connectionFactories.add(scf);
+ result.getClass().getMethod("setDefaultProtocol",
String.class).invoke(result, "SSL-HTTP/1.1");
+ }
+ connectionFactories.add(httpFactory);
+ result.getClass().getMethod("setConnectionFactories",
Collection.class)
+ .invoke(result, connectionFactories);
+
+ if (getMaxIdleTime() > 0) {
+ result.getClass().getMethod("setIdleTimeout",
Long.TYPE).invoke(result, Long.valueOf(getMaxIdleTime()));
+ }
+
+ } catch (RuntimeException rex) {
+ throw rex;
+ } catch (Exception ex) {
+ throw new RuntimeException(ex);
+ }
+ return result;
+ }
+ AbstractConnector createConnectorJetty8(SslContextFactory sslcf, String
hosto, int porto) {
+ //Jetty 8
+ AbstractConnector result = null;
+ try {
+ if (sslcf == null) {
+ result = (AbstractConnector)ClassLoaderUtils
+
.loadClass("org.eclipse.jetty.server.nio.SelectChannelConnector",
+ Server.class).newInstance();
+ } else {
+ result = (AbstractConnector)ClassLoaderUtils
+
.loadClass("org.eclipse.jetty.server.ssl.SslSelectChannelConnector",
+
Server.class).getConstructor(SslContextFactory.class)
+ .newInstance(sslcf);
+ }
+ Server.class.getMethod("setSendServerVersion",
Boolean.TYPE).invoke(server, getSendServerVersion());
+ if (getMaxIdleTime() > 0) {
+ result.getClass().getMethod("setMaxIdleTime",
Integer.TYPE).invoke(result, getMaxIdleTime());
+ }
+ } catch (RuntimeException rex) {
+ throw rex;
+ } catch (Exception ex) {
+ throw new RuntimeException(ex);
+ }
+ return result;
+ }
+
+
+ protected SSLContext createSSLContext(SslContextFactory scf) throws
Exception {
+ String proto = tlsServerParameters.getSecureSocketProtocol() == null
+ ? "TLS" : tlsServerParameters.getSecureSocketProtocol();
+
+ // Jetty 9 excludes SSLv3 by default. So if we want it then we need to
+ // remove it from the default excluded protocols
+ boolean allowSSLv3 = "SSLv3".equals(proto);
+ if (allowSSLv3 ||
!tlsServerParameters.getIncludeProtocols().isEmpty()) {
+ List<String> excludedProtocols = new ArrayList<String>();
+ for (String excludedProtocol : scf.getExcludeProtocols()) {
+ if
(!(tlsServerParameters.getIncludeProtocols().contains(excludedProtocol)
+ || (allowSSLv3 && ("SSLv3".equals(excludedProtocol)
+ || "SSLv2Hello".equals(excludedProtocol))))) {
+ excludedProtocols.add(excludedProtocol);
+ }
+ }
+ String[] revisedProtocols = new String[excludedProtocols.size()];
+ excludedProtocols.toArray(revisedProtocols);
+ scf.setExcludeProtocols(revisedProtocols);
+ }
+
+ for (String p : tlsServerParameters.getExcludeProtocols()) {
+ scf.addExcludeProtocols(p);
+ }
+
+ SSLContext context = tlsServerParameters.getJsseProvider() == null
+ ? SSLContext.getInstance(proto)
+ : SSLContext.getInstance(proto,
tlsServerParameters.getJsseProvider());
+
+ KeyManager keyManagers[] = tlsServerParameters.getKeyManagers();
+ if (tlsServerParameters.getCertAlias() != null) {
+ keyManagers = getKeyManagersWithCertAlias(keyManagers);
+ }
+ context.init(tlsServerParameters.getKeyManagers(),
+ tlsServerParameters.getTrustManagers(),
+ tlsServerParameters.getSecureRandom());
+
+ // Set the CipherSuites
+ final String[] supportedCipherSuites =
+ SSLUtils.getServerSupportedCipherSuites(context);
+
+ if (tlsServerParameters.getCipherSuitesFilter() != null
+ && tlsServerParameters.getCipherSuitesFilter().isSetExclude()) {
+ String[] excludedCipherSuites =
+
SSLUtils.getFilteredCiphersuites(tlsServerParameters.getCipherSuitesFilter(),
+ supportedCipherSuites,
+ LOG,
+ true);
+ scf.setExcludeCipherSuites(excludedCipherSuites);
+ }
+
+ String[] includedCipherSuites =
+
SSLUtils.getCiphersuitesToInclude(tlsServerParameters.getCipherSuites(),
+
tlsServerParameters.getCipherSuitesFilter(),
+
context.getServerSocketFactory().getDefaultCipherSuites(),
+ supportedCipherSuites,
+ LOG);
+ scf.setIncludeCipherSuites(includedCipherSuites);
+
+ return context;
+ }
+ protected KeyManager[] getKeyManagersWithCertAlias(KeyManager
keyManagers[]) throws Exception {
+ if (tlsServerParameters.getCertAlias() != null) {
+ for (int idx = 0; idx < keyManagers.length; idx++) {
+ if (keyManagers[idx] instanceof X509KeyManager) {
+ keyManagers[idx] = new AliasedX509ExtendedKeyManager(
+ tlsServerParameters.getCertAlias(),
(X509KeyManager)keyManagers[idx]);
+ }
+ }
+ }
+ return keyManagers;
+ }
+ protected void setClientAuthentication(SslContextFactory con,
+ ClientAuthentication clientAuth) {
+ con.setWantClientAuth(true);
+ if (clientAuth != null) {
+ if (clientAuth.isSetWant()) {
+ con.setWantClientAuth(clientAuth.isWant());
+ }
+ if (clientAuth.isSetRequired()) {
+ con.setNeedClientAuth(clientAuth.isRequired());
+ }
+ }
+ }
+ /**
+ * This method sets the security properties for the CXF extension
+ * of the JettySslConnector.
+ */
+ private void decorateCXFJettySslSocketConnector(
+ SslContextFactory con
+ ) {
+ setClientAuthentication(con,
+ tlsServerParameters.getClientAuthentication());
+ con.setCertAlias(tlsServerParameters.getCertAlias());
+ }
+
+
+ private static Container getContainer(Object server) {
+ if (server instanceof Container) {
+ return (Container)server;
+ }
+ try {
+ return
(Container)server.getClass().getMethod("getContainer").invoke(server);
+ } catch (RuntimeException t) {
+ throw t;
+ } catch (Throwable t) {
+ throw new RuntimeException(t);
+ }
+ }
+
+ private static void logConnector(Connector connector) {
+ try {
+ String h =
(String)connector.getClass().getMethod("getHost").invoke(connector);
+ int port =
(Integer)connector.getClass().getMethod("getPort").invoke(connector);
+ LOG.finer("connector.host: "
+ + h == null
+ ? "null"
+ : "\"" + h + "\"");
+ LOG.finer("connector.port: " + port);
+ } catch (Throwable t) {
+ //ignore
+ }
+ }
+
+>>>>>>> 96f7367... [CXF-6414] - Add a way of including TLS protocols in the
Jetty server
protected void setupThreadPool() {
AbstractConnector aconn = (AbstractConnector) connector;
if (isSetThreadingParameters()) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/575095a1/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/spring/JettyHTTPServerEngineBeanDefinitionParser.java
----------------------------------------------------------------------
diff --git
a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/spring/JettyHTTPServerEngineBeanDefinitionParser.java
b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/spring/JettyHTTPServerEngineBeanDefinitionParser.java
index 9ee06a0..bcafe89 100644
---
a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/spring/JettyHTTPServerEngineBeanDefinitionParser.java
+++
b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/spring/JettyHTTPServerEngineBeanDefinitionParser.java
@@ -40,6 +40,7 @@ import org.apache.cxf.configuration.security.CipherSuites;
import org.apache.cxf.configuration.security.ClientAuthentication;
import org.apache.cxf.configuration.security.ExcludeProtocols;
import org.apache.cxf.configuration.security.FiltersType;
+import org.apache.cxf.configuration.security.IncludeProtocols;
import org.apache.cxf.configuration.security.KeyManagersType;
import org.apache.cxf.configuration.security.SecureRandomParameters;
import org.apache.cxf.configuration.security.TLSServerParametersType;
@@ -199,6 +200,9 @@ public class JettyHTTPServerEngineBeanDefinitionParser
extends AbstractBeanDefin
} else if ("excludeProtocols".equals(ename)) {
mapElementToJaxbProperty((Element)n, paramsbean, ename,
ExcludeProtocols.class);
+ } else if ("includeProtocols".equals(ename)) {
+ mapElementToJaxbProperty((Element)n, paramsbean, ename,
+ IncludeProtocols.class);
} else if ("secureRandomParameters".equals(ename)) {
mapElementToJaxbProperty((Element)n, paramsbean, ename,
SecureRandomParameters.class);
http://git-wip-us.apache.org/repos/asf/cxf/blob/575095a1/systests/transports-ssl3/src/test/java/org/apache/cxf/https/ssl3/SSLv3Test.java
----------------------------------------------------------------------
diff --git
a/systests/transports-ssl3/src/test/java/org/apache/cxf/https/ssl3/SSLv3Test.java
b/systests/transports-ssl3/src/test/java/org/apache/cxf/https/ssl3/SSLv3Test.java
index df5dc19..44b5e4e 100644
---
a/systests/transports-ssl3/src/test/java/org/apache/cxf/https/ssl3/SSLv3Test.java
+++
b/systests/transports-ssl3/src/test/java/org/apache/cxf/https/ssl3/SSLv3Test.java
@@ -47,6 +47,7 @@ public class SSLv3Test extends
AbstractBusClientServerTestBase {
static final String PORT = allocatePort(SSLv3Server.class);
static final String PORT2 = allocatePort(SSLv3Server.class, 2);
static final String PORT3 = allocatePort(SSLv3Server.class, 3);
+ static final String PORT4 = allocatePort(SSLv3Server.class, 4);
@BeforeClass
public static void startServers() throws Exception {
@@ -243,6 +244,52 @@ public class SSLv3Test extends
AbstractBusClientServerTestBase {
((java.io.Closeable)port).close();
bus.shutdown(true);
}
+
+ @org.junit.Test
+ public void testTLSClientToEndpointWithSSL3Allowed() throws Exception {
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = SSLv3Test.class.getResource("sslv3-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL url = SOAPService.WSDL_LOCATION;
+ SOAPService service = new SOAPService(url, SOAPService.SERVICE);
+ assertNotNull("Service is null", service);
+ final Greeter port = service.getHttpsPort();
+ assertNotNull("Port is null", port);
+
+ updateAddressPort(port, PORT4);
+
+ port.greetMe("Kitty");
+
+ ((java.io.Closeable)port).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
+ public void testSSL3ClientToEndpointWithSSL3Allowed() throws Exception {
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = SSLv3Test.class.getResource("sslv3-client-allow.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL url = SOAPService.WSDL_LOCATION;
+ SOAPService service = new SOAPService(url, SOAPService.SERVICE);
+ assertNotNull("Service is null", service);
+ final Greeter port = service.getHttpsPort();
+ assertNotNull("Port is null", port);
+
+ updateAddressPort(port, PORT4);
+
+ port.greetMe("Kitty");
+
+ ((java.io.Closeable)port).close();
+ bus.shutdown(true);
+ }
private static final class DisableCNCheckVerifier implements
HostnameVerifier {
http://git-wip-us.apache.org/repos/asf/cxf/blob/575095a1/systests/transports-ssl3/src/test/resources/org/apache/cxf/https/ssl3/sslv3-server.xml
----------------------------------------------------------------------
diff --git
a/systests/transports-ssl3/src/test/resources/org/apache/cxf/https/ssl3/sslv3-server.xml
b/systests/transports-ssl3/src/test/resources/org/apache/cxf/https/ssl3/sslv3-server.xml
index 02f9f59..1df2fda 100644
---
a/systests/transports-ssl3/src/test/resources/org/apache/cxf/https/ssl3/sslv3-server.xml
+++
b/systests/transports-ssl3/src/test/resources/org/apache/cxf/https/ssl3/sslv3-server.xml
@@ -96,5 +96,32 @@
address="https://localhost:${testutil.ports.SSLv3Server.3}/SoapContext/HttpsPort";
serviceName="s:SOAPService"
endpointName="e:HttpsPort"
depends-on="disallow-tls-via-configuration"/>
+
+ <httpj:engine-factory id="tls-but-allow-ssl3">
+ <httpj:engine port="${testutil.ports.SSLv3Server.4}">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="jks" password="password"
resource="keys/Bethal.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="jks" password="password"
resource="keys/Truststore.jks"/>
+ </sec:trustManagers>
+ <sec:clientAuthentication want="true" required="false"/>
+ <sec:includeProtocols>
+ <sec:includeProtocol>SSLv3</sec:includeProtocol>
+ <sec:includeProtocol>SSLv2Hello</sec:includeProtocol>
+ </sec:includeProtocols>
+ </httpj:tlsServerParameters>
+ </httpj:engine>
+ </httpj:engine-factory>
+
+ <jaxws:endpoint xmlns:e="http://apache.org/hello_world/services";
+ xmlns:s="http://apache.org/hello_world/services";
+ id="TLSAllowSSLv3Endpoint"
+ implementor="org.apache.cxf.https.ssl3.GreeterImpl"
+
address="https://localhost:${testutil.ports.SSLv3Server.4}/SoapContext/HttpsPort";
+ serviceName="s:SOAPService"
+ endpointName="e:HttpsPort"
depends-on="tls-but-allow-ssl3"/>
+
</beans>
