Author: buildbot
Date: Tue Sep 11 09:58:02 2018
New Revision: 1034974
Log:
Production update by buildbot for cxf
Modified:
websites/production/cxf/content/cache/docs.pageCache
websites/production/cxf/content/docs/client-http-transport-including-ssl-support.html
Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.
Modified:
websites/production/cxf/content/docs/client-http-transport-including-ssl-support.html
==============================================================================
---
websites/production/cxf/content/docs/client-http-transport-including-ssl-support.html
(original)
+++
websites/production/cxf/content/docs/client-http-transport-including-ssl-support.html
Tue Sep 11 09:58:02 2018
@@ -119,11 +119,11 @@ Apache CXF -- Client HTTP Transport (inc
<!-- Content -->
<div class="wiki-content">
<div id="ConfluenceContent"><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1524513418287 {padding: 0px;}
-div.rbtoc1524513418287 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1524513418287 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1536659841013 {padding: 0px;}
+div.rbtoc1536659841013 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1536659841013 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style></p><div class="toc-macro rbtoc1524513418287">
+/*]]>*/</style></p><div class="toc-macro rbtoc1536659841013">
<ul class="toc-indentation"><li><a shape="rect"
href="#ClientHTTPTransport(includingSSLsupport)-Authentication">Authentication</a>
<ul class="toc-indentation"><li><a shape="rect"
href="#ClientHTTPTransport(includingSSLsupport)-BasicAuthentication">Basic
Authentication</a></li><li><a shape="rect"
href="#ClientHTTPTransport(includingSSLsupport)-DigestAuthentication">Digest
Authentication</a></li><li><a shape="rect"
href="#ClientHTTPTransport(includingSSLsupport)-Supplyingdynamicauthorization">Supplying
dynamic authorization</a></li><li><a shape="rect"
href="#ClientHTTPTransport(includingSSLsupport)-SpnegoAuthentication(Kerberos)">Spnego
Authentication (Kerberos)</a>
<ul class="toc-indentation"><li><a shape="rect"
href="#ClientHTTPTransport(includingSSLsupport)-CredentialDelegation">Credential
Delegation</a></li></ul>
@@ -140,7 +140,7 @@ div.rbtoc1524513418287 li {margin-left:
</li><li><a shape="rect"
href="#ClientHTTPTransport(includingSSLsupport)-ClientCacheControlDirectives">Client
Cache Control Directives</a></li></ul>
</li><li><a shape="rect"
href="#ClientHTTPTransport(includingSSLsupport)-ANoteAboutChunking">A Note
About Chunking</a></li><li><a shape="rect"
href="#ClientHTTPTransport(includingSSLsupport)-Whentosetcustomheaders">When to
set custom headers</a></li><li><a shape="rect"
href="#ClientHTTPTransport(includingSSLsupport)-AsynchronousHTTPConduit">Asynchronous
HTTP Conduit</a></li></ul>
</div><h1
id="ClientHTTPTransport(includingSSLsupport)-Authentication">Authentication</h1><h2
id="ClientHTTPTransport(includingSSLsupport)-BasicAuthentication">Basic
Authentication</h2><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
-<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"> <conduit
name="{http://example.com/}HelloWorldServicePort.http-conduit";
+<pre class="brush: java; gutter: false; theme: Default"> <conduit
name="{http://example.com/}HelloWorldServicePort.http-conduit";
xmlns:sec="http://cxf.apache.org/configuration/security";
xmlns="http://cxf.apache.org/transports/http/configuration">
<authorization>
@@ -151,12 +151,12 @@ div.rbtoc1524513418287 li {margin-left:
</conduit>
</pre>
</div></div><p>Note: The AuthorizationType element can be omitted if you're
using Basic authentication, as above.</p><h2
id="ClientHTTPTransport(includingSSLsupport)-DigestAuthentication">Digest
Authentication</h2><p>Same as above but use AuthorizationType "Digest".</p><h2
id="ClientHTTPTransport(includingSSLsupport)-Supplyingdynamicauthorization">Supplying
dynamic authorization</h2><p>You can implement the
org.apache.cxf.transport.http.auth.HttpAuthSupplier interface or one of its
implementations.</p><p>The main method this interface provides is:<br
clear="none"> public String getAuthorization(AuthorizationPolicy authPolicy,
URL currentURL, Message message, String fullHeader);</p><p>So you get the
HttpAuthPolicy, the service URL, the CXF message and the full Authorization
header. The fullHeader is the Authorization Header the server sent after the
last try. This way you can implement multi phase authentications. You are
expected to return the authorization Header to send to the ser
ver. For a simple implementation you can look at
org.apache.cxf.transport.http.auth.DefaultBasicAuthSupplier.</p><p>If you set
your implementation class as AuthSupplier on the conduit CXF will use
it.</p><h2
id="ClientHTTPTransport(includingSSLsupport)-SpnegoAuthentication(Kerberos)">Spnego
Authentication (Kerberos)</h2><p>Starting with CXF 2.4.0 CXF supports Spnego
authentication using the standard AuthPolicy mechanism. Spnego is activated by
setting the AuthPolicy.authorizationType to 'Negotiate'. If userName is left
blank then single sign on is used with the TGT from e.g. Windows Login. If
userName is set then a new LoginContext is established and the ticket is
created out of this.</p><p>By default the SpnegoAuthSupplier uses the OID for
Spnego. Some servers require the OID for Kerberos. This can be activated by
setting the contextual property auth.spnego.useKerberosOid to
'true'.</p><p>Kerberos Config:</p><p>Make sure that krb5.conf/krb5.ini is
configured correctly for the Kerbe
ros realm you want to authenticate against<br clear="none"> and supply it to
your application by setting the java.security.krb5.conf system
property</p><p>Login Config:</p><p>Create a file login.conf and supply it to
CXF using the System property java.security.auth.login.config.</p><p>The file
should contain:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
-<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">CXFClient {
+<pre class="brush: java; gutter: false; theme: Default">CXFClient {
com.sun.security.auth.module.Krb5LoginModule required client=TRUE
useTicketCache=true;
};
</pre>
</div></div><p>Sample config:</p><p>Make sure the Authorization element
contains the same name as the Section in the login.conf (here:
CXFClient).</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>HTTP
conduit configuration for spnego with single sign on</b></div><div
class="codeContent panelContent pdl">
-<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"> ...
+<pre class="brush: java; gutter: false; theme: Default"> ...
<conduit name="{http://example.com/}HelloWorldServicePort.http-conduit";
xmlns="http://cxf.apache.org/transports/http/configuration">
<authorization>
@@ -167,7 +167,7 @@ div.rbtoc1524513418287 li {margin-left:
...
</pre>
</div></div><p>You can use UserName and Password in the above xml config if
you want to log in explicitly. If you want to use the cached Ticket Granting
Ticket then do not supply them.</p><p>On windows you will also have to make
sure you allow the TGT to be used in Java. See: <a shape="rect"
class="external-link" href="http://www.javaactivedirectory.com/?page_id=93";
rel="nofollow">http://www.javaactivedirectory.com/?page_id=93</a></p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeHeader
panelHeader pdl" style="border-bottom-width: 1px;"><b>Switching to Kerberos OID
instead of Spnego</b></div><div class="codeContent panelContent pdl">
-<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"> ...
+<pre class="brush: java; gutter: false; theme: Default"> ...
<jaxws:client>
<jaxws:properties>
<entry key="auth.spnego.useKerberosOid" value="true"/>
@@ -176,7 +176,7 @@ div.rbtoc1524513418287 li {margin-left:
...
</pre>
</div></div><h3
id="ClientHTTPTransport(includingSSLsupport)-CredentialDelegation">Credential
Delegation</h3><p>Please set an "auth.spnego.requireCredDelegation" property to
"true" if you need to enable the credential delegation. Note that setting this
property will let the receiving service implement the credential
delegation.</p><p>If the Kerberos credential is already available in the
service request context then one can make this credential available to
Spnego/Kerberos authentication handler by setting it on the current CXF
message, using an 'org.ietf.jgss.GSSCredential' key.</p><p>This can be done
before a client invocation is made, by setting a client request context
property, or by extending
'org.apache.cxf.transport.http.auth.AbstractSpnegoAuthSupplier'. Please see
this <a shape="rect" class="external-link"
href="http://cxf.547215.n5.nabble.com/Kerberos-authentication-using-delegation-from-Principal-Ticket-td5711202.html";
rel="nofollow">thread</a> for more information on the
latter option.</p><p>Note in the case of reusing the existing credential, the
policy configuration does not need to reference a login module name:</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeHeader
panelHeader pdl" style="border-bottom-width: 1px;"><b>HTTP conduit
configuration for spnego with single sign on</b></div><div class="codeContent
panelContent pdl">
-<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"> ...
+<pre class="brush: java; gutter: false; theme: Default"> ...
<conduit name="{http://example.com/}HelloWorldServicePort.http-conduit";
xmlns="http://cxf.apache.org/transports/http/configuration">
<authorization>
@@ -186,7 +186,7 @@ div.rbtoc1524513418287 li {margin-left:
...
</pre>
</div></div><h2
id="ClientHTTPTransport(includingSSLsupport)-NTLMAuthentication">NTLM
Authentication</h2><p>CXF doesn't support NTLM authentication "out of the box"
on Java 5, but with some additional libraries and configuration, the standard
HttpURLConnection objects that we use can do the NTLM authentication. On Java
6, NTLM authentication is built into the Java runtime and you don't need to do
anything special.</p><p>On Java 5, you need a library that will augment the
HttpURLConnection to do it. See: <a shape="rect" class="external-link"
href="http://jcifs.samba.org/src/docs/httpclient.html";
rel="nofollow">http://jcifs.samba.org/src/docs/httpclient.html</a> Note: jcifs
is LGPL licensed, not Apache licensed.</p><p>Next, you need to configure jcifs
to use the correct domains, wins servers, etc... Notice that the<br
clear="none"> bit which sets the username/password to use for NTLM is commented
out. If credentials are<br clear="none"> missing jcifs will use the underlying
NT credent
ials.</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
-<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">//Set the jcifs properties
+<pre class="brush: java; gutter: false; theme: Default">//Set the jcifs
properties
jcifs.Config.setProperty("jcifs.smb.client.domain", "ben.com");
jcifs.Config.setProperty("jcifs.netbios.wins", "xxx.xxx.xxx.xxx");
jcifs.Config.setProperty("jcifs.smb.client.soTimeout", "300000"); // 5 minutes
@@ -198,7 +198,7 @@ jcifs.Config.setProperty("jcifs.netbios.
jcifs.Config.registerSmbURLHandler();
</pre>
</div></div><p>Finally, you need to setup the CXF client to turn off chunking.
The reason is that the NTLM authentication requires a 3 part handshake which
breaks the streaming.</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">//Turn off chunking so that NTLM can occur
+<pre class="brush: java; gutter: false; theme: Default">//Turn off chunking so
that NTLM can occur
Client client = ClientProxy.getClient(port);
HTTPConduit http = (HTTPConduit) client.getConduit();
HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
@@ -206,8 +206,8 @@ httpClientPolicy.setConnectionTimeout(36
httpClientPolicy.setAllowChunking(false);
http.setClient(httpClientPolicy);
</pre>
-</div></div><p>Please also see <a shape="rect"
href="https://cwiki.apache.org/confluence/display/CXF20DOC/Asynchronous+Client+HTTP+Transport";>Asynchronous
HTTP Conduit</a> for more information on NTLM.</p><h1
id="ClientHTTPTransport(includingSSLsupport)-ConfiguringSSLSupport">Configuring
SSL Support</h1><p>When using an "https" URL, CXF will, by default, use the
certs and keystores that are part of the JDK. For many HTTPs applications, that
is enough and no configuration is necessary. However, when using custom client
certificates or self signed server certificates or similar, you may need to
specifically configure in the keystores and trust managers and such to
establish the SSL connection.</p><p>To configure your client to use SSL, you'll
need to add an <http:conduit> definition to your XML configuration file.
See the <a shape="rect" href="configuration.html">Configuration</a> guide to
learn how to supply your own XML configuration file to CXF. If you are already
using Sprin
g, this can be added to your existing beans definitions.</p><p>A <a
shape="rect" class="external-link"
href="http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/";>wsdl_first_https</a>
sample can be found in the CXF distribution with more detail. Also see this <a
shape="rect" class="external-link"
href="http://techpolesen.blogspot.com/2007/08/using-ssl-with-xfirecxf-battling.html";
rel="nofollow">blog entry</a> for another example.</p><p>Here is a sample of
what your conduit definition might look like:</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"><beans
xmlns="http://www.springframework.org/schema/beans";
+</div></div><p>Please also see <a shape="rect"
href="https://cwiki.apache.org/confluence/display/CXF20DOC/Asynchronous+Client+HTTP+Transport";>Asynchronous
HTTP Conduit</a> for more information on NTLM.</p><h1
id="ClientHTTPTransport(includingSSLsupport)-ConfiguringSSLSupport">Configuring
SSL Support</h1><p>When using an "https" URL, CXF will, by default, use the
certs and keystores that are part of the JDK. For many HTTPs applications, that
is enough and no configuration is necessary. However, when using custom client
certificates or self signed server certificates or similar, you may need to
specifically configure in the keystores and trust managers and such to
establish the SSL connection.</p><p>To configure your client to use SSL, you'll
need to add an <http:conduit> definition to your XML configuration file.
See the <a shape="rect" href="configuration.html">Configuration</a> guide to
learn how to supply your own XML configuration file to CXF. If you are already
using Sprin
g, this can be added to your existing beans definitions.</p><p>A <a
shape="rect" class="external-link"
href="https://github.com/apache/cxf/tree/master/distribution/src/main/release/samples/wsdl_first_https/";
rel="nofollow">wsdl_first_https</a> sample can be found in the CXF
distribution with more detail. Also see this <a shape="rect"
class="external-link"
href="http://techpolesen.blogspot.com/2007/08/using-ssl-with-xfirecxf-battling.html";
rel="nofollow">blog entry</a> for another example.</p><p>Here is a sample of
what your conduit definition might look like:</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
+<pre class="brush: java; gutter: false; theme: Default"><beans
xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:sec="http://cxf.apache.org/configuration/security";
xmlns:http="http://cxf.apache.org/transports/http/configuration";
@@ -255,12 +255,12 @@ http.setClient(httpClientPolicy);
</beans>
</pre>
</div></div><p>The first thing to notice is the "name" attribute on
<http:conduit>. This allows CXF to associate this HTTP Conduit
configuration with a particular WSDL Port. The name includes the service's
namespace, the WSDL port name (as found in the wsdl:service section of the
WSDL), and ".http-conduit". It follows this template: "{WSDL
Namespace}portName.http-conduit". Note: it's the PORT name, not the service
name. Thus, it's likely something like "MyServicePort", not "MyService". If you
are having trouble getting the template to work, another (temporary) option for
the name value is simply "*.http-conduit".</p><p>Another option for the name
attribute is a reg-ex expression (e.g., "http://localhost:*";) for the ORIGINAL
URL of the endpoint. The configuration is matched at conduit creation so the
address used in the WSDL or used for the JAX-WS Service.create(...) call can be
used for the name. For example, you can do:</p><div class="code panel pdl"
style="border-width: 1px;
"><div class="codeContent panelContent pdl">
-<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"> <http:conduit name="http://localhost:8080/.*">
+<pre class="brush: java; gutter: false; theme: Default"> <http:conduit
name="http://localhost:8080/.*">
......
</http:conduit>
</pre>
</div></div><p>to configure a conduit for all interactions on localhost:8080.
If you have multiple clients interacting with different services on the same
server, this is probably the easiest way to configure it.</p><p>If your service
endpoint uses an SSL WSDL location (i.e., "https://xxx?wsdl";), you can
configure the http conduit to pick up the SSL configuration by using a
hardcoded http conduit name of "{<a shape="rect"
href="http://cxf.apache.org/";>http://cxf.apache.org/</a>}TransportURIResolver.http-conduit".
The specific HTTP conduit name or a reg-ex expression can still be
used.</p><p>Keystores (as identified by the sec:keyStore element above) can be
identified via any one of three ways: via a file, resource, or url attribute.
File locations are either an absolute path or relative to the working
directory, the resource attribute is relative to the classpath, and URLs must
be a valid URL such as "http://..."; "file:///...", etc. Only one attribute of
"url", "file", or "resource"
is allowed.</p><h1
id="ClientHTTPTransport(includingSSLsupport)-AdvancedConfiguration">Advanced
Configuration</h1><p>HTTP client endpoints can specify a number of HTTP
connection attributes including whether the endpoint automatically accepts
redirect responses, whether the endpoint can use chunking, whether the endpoint
will request a keep-alive, and how the endpoint interacts with proxies.</p><p>A
client endpoint can be configured using three
mechanisms:</p><ul><li>Configuration</li><li>WSDL</li><li>Java
code</li></ul><h2
id="ClientHTTPTransport(includingSSLsupport)-UsingConfiguration">Using
Configuration</h2><h3
id="ClientHTTPTransport(includingSSLsupport)-Namespace">Namespace</h3><p>The
elements used to configure an HTTP client are defined in the namespace <code><a
shape="rect"
href="http://cxf.apache.org/transports/http/configuration";>http://cxf.apache.org/transports/http/configuration</a></code>.
It is commonly referred to using the prefix <code>http-conf</code>. In order
to
use the HTTP configuration elements you will need to add the lines shown below
to the beans element of your endpoint's configuration file. In addition, you
will need to add the configuration elements' namespace to the
<code>xsi:schemaLocation</code> attribute.</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeHeader panelHeader pdl"
style="border-bottom-width: 1px;"><b>HTTP Consumer Configuration
Namespace</b></div><div class="codeContent panelContent pdl">
-<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"><beans ...
+<pre class="brush: java; gutter: false; theme: Default"><beans ...
xmlns:http-conf="http://cxf.apache.org/transports/http/configuration
...
xsi:schemaLocation="...
@@ -269,7 +269,7 @@ http.setClient(httpClientPolicy);
...">
</pre>
</div></div><h3
id="ClientHTTPTransport(includingSSLsupport)-Theconduitelement">The
<code>conduit</code> element</h3><p>You configure an HTTP client using the
<code>http-conf:conduit</code> element and its children. The
<code>http-conf:conduit</code> element takes a single attribute,
<code>name</code>, that specifies the WSDL port element that corresponds to the
endpoint. The value for the <code>name</code> attribute takes the form
<em>portQName</em><code>.http-conduit</code>. For example, the code below shows
the <code>http-conf:conduit</code> element that would be used to add
configuration for an endpoint that was specified by the WSDL fragment
<code><port binding="widgetSOAPBinding" name="widgetSOAPPort></code> if
the endpoint's target namespace was <code><a shape="rect" class="external-link"
href="http://widgets.widgetvendor.net";
rel="nofollow">http://widgets.widgetvendor.net</a></code>. Alternatively, the
<code>name</code> attribute can be a regular expression to match a
URL. This allows configuration of conduits that are not used for purposes of
WSDL based endpoints such as JAX-RS and for WSDL retrieval.</p><div class="code
panel pdl" style="border-width: 1px;"><div class="codeHeader panelHeader pdl"
style="border-bottom-width: 1px;"><b>http-conf:conduit Element</b></div><div
class="codeContent panelContent pdl">
-<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">...
+<pre class="brush: java; gutter: false; theme: Default">...
<http-conf:conduit
name="{http://widgets/widgetvendor.net}widgetSOAPPort.http-conduit">
...
</http-conf:conduit>
@@ -288,7 +288,7 @@ http.setClient(httpClientPolicy);
...
</pre>
</div></div><p>The <code>http-conf:conduit</code> element has a number of
child elements that specify configuration information. They are described
below. See also Sun's <a shape="rect" class="external-link"
href="http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html";
rel="nofollow">JSSE Guide</a> for more information on configuring SSL.</p><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Element</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>http-conf:client</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Specifies the HTTP connection
properties such as timeouts, keep-alive requests, content types,
etc.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>http-conf:authorization</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Sp
ecifies the the parameters for configuring the basic authentication method
that the endpoint uses preemptively.</p></td></tr><tr><td colspan="1"
rowspan="1"
class="confluenceTd"><p><code>http-conf:proxyAuthorization</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Specifies the parameters for
configuring basic authentication against outgoing HTTP proxy
servers.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>http-conf:tlsClientParameters</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Specifies the parameters used
to configure SSL/TLS.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>http-conf:authSupplier</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Specifies the bean reference or
class name of the object that supplies the authentication information used by
the endpoint both preemptively or in response to a 401 HTTP
challenge.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>http-conf:trustDecider</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Specifies the bean reference or
class name of the object that checks the HTTP(S) URLConnection object in order
to establish trust for a connection with an HTTPS service provider before any
information is transmitted.</p></td></tr></tbody></table></div><h3
id="ClientHTTPTransport(includingSSLsupport)-Theclientelement">The
<code>client</code> element</h3><p>The <code>http-conf:client</code> element is
used to configure the non-security properties of a client's HTTP connection.
Its attributes, described below, specify the connection's properties.</p><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Attribute</p></th><th colspan="1"
rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td
colspan="1" rowspan="1"
class="confluenceTd"><p><code>ConnectionTimeout</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Specifies the amount of time, in
milliseconds, that the client will attempt to establish a connection before it
times out. The default is 30000 (30 seconds). <br clear="none"
class="atl-forced-newline"> 0 specifies that the client will continue to
attempt to open a connection indefinitely.</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>ReceiveTimeout</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Specifies the amount of time,
in milliseconds, that the client will wait for a response before it times out.
The default is 60000. <br clear="none" class="atl-forced-newline"> 0 specifies
that the client will wait indefinitely.</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>AutoRedirect</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Specifies if the client will
automatically follow a server issued redirection. The default is
false.</p></td></tr><tr><td colspan=
"1" rowspan="1"
class="confluenceTd"><p><code>MaxRetransmits</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Specifies the maximum number of times a
client will retransmit a request to satisfy a redirect. The default is -1 which
specifies that unlimited retransmissions are allowed.</p></td></tr><tr><td
colspan="1" rowspan="1"
class="confluenceTd"><p><code>AllowChunking</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Specifies whether the client will send
requests using chunking. The default is true which specifies that the client
will use chunking when sending requests. <br clear="none"
class="atl-forced-newline"> Chunking cannot be used used if either of the
following are true:</p><ul><li><code>http-conf:basicAuthSupplier</code> is
configured to provide credentials
preemptively.</li><li><code>AutoRedirect</code> is set to true. <br
clear="none" class="atl-forced-newline"> In both cases the value of
<code>AllowChunking</code> is ignored and chun
king is disallowed. <br clear="none" class="atl-forced-newline"> See note
about chunking below.</li></ul></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>ChunkingThreshold</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Specifies the threshold at which CXF will
switch from non-chunking to chunking. By default, messages less than 4K are
buffered and sent non-chunked. Once this threshold is reached, the message is
chunked.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>Accept</code></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Specifies what media types the client is prepared to
handle. The value is used as the value of the HTTP <code>Accept</code>
property. The value of the attribute is specified using as multipurpose
internet mail extensions (MIME) types. See note about chunking
below.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>AcceptLanguage</code></p></td><td colspa
n="1" rowspan="1" class="confluenceTd"><p>Specifies what language (for
example, American English) the client prefers for the purposes of receiving a
response. The value is used as the value of the HTTP AcceptLanguage property.
<br clear="none" class="atl-forced-newline"> Language tags are regulated by the
International Organization for Standards (ISO) and are typically formed by
combining a language code, determined by the ISO-639 standard, and country
code, determined by the ISO-3166 standard, separated by a hyphen. For example,
en-US represents American English.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>AcceptEncoding</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Specifies what content encodings the client
is prepared to handle. Content encoding labels are regulated by the Internet
Assigned Numbers Authority (IANA). The value is used as the value of the HTTP
<code>AcceptEncoding</code> property.</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>ContentType</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Specifies the media type of the
data being sent in the body of a message. Media types are specified using
multipurpose internet mail extensions (MIME) types. The value is used as the
value of the HTTP <code>ContentType</code> property. The default is
<code>text/xml</code>. <br clear="none" class="atl-forced-newline">
<strong>Tip:</strong> For web services, this should be set to
<code>text/xml</code>. If the client is sending HTML form data to a CGI script,
this should be set to application/x-www-form-urlencoded. If the HTTP POST
request is bound to a fixed payload format (as opposed to SOAP), the content
type is typically set to application/octet-stream.</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>Host</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Specifies the Internet host and
port number of the resource on wh
ich the request is being invoked. The value is used as the value of the HTTP
<code>Host</code> property. <br clear="none" class="atl-forced-newline">
<strong>Tip:</strong> This attribute is typically not required. It is only
required by certain DNS scenarios or application designs. For example, it
indicates what host the client prefers for clusters (that is, for virtual
servers mapping to the same Internet protocol (IP)
address).</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>Connection</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Specifies whether a particular connection
is to be kept open or closed after each request/response dialog. There are two
valid values:</p><ul><li><code>Keep-Alive</code>(default) specifies that the
client wants to keep its connection open after the initial request/response
sequence. If the server honors it, the connection is kept open until the
consumer closes it.</li><li><code>close</code> specifies that t
he connection to the server is closed after each request/response
sequence.</li></ul></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>CacheControl</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Specifies directives about the behavior
that must be adhered to by caches involved in the chain comprising a request
from a client to a server.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>Cookie</code></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Specifies a static cookie to be sent with all
requests.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>BrowserType</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Specifies information about the browser
from which the request originates. In the HTTP specification from the World
Wide Web consortium (W3C) this is also known as the <em>user-agent</em>. Some
servers optimize based upon the client that is sending the requ
est.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>Referer</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Specifies the URL of the resource that
directed the consumer to make requests on a particular service. The value is
used as the value of the HTTP Referer property. <br clear="none"
class="atl-forced-newline"> <strong>Note:</strong> This HTTP property is used
when a request is the result of a browser user clicking on a hyperlink rather
than typing a URL. This can allow the server to optimize processing based upon
previous task flow, and to generate lists of back-links to resources for the
purposes of logging, optimized caching, tracing of obsolete or mistyped links,
and so on. However, it is typically not used in web services applications. <br
clear="none" class="atl-forced-newline"> <strong>Important:</strong> If the
AutoRedirect attribute is set to true and the request is redirected, any value
specified in the Refererattribute is
overridden. The value of the HTTP Referer property will be set to the URL of
the service who redirected the consumer's original
request.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>DecoupledEndpoint</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Specifies the URL of a decoupled endpoint
for the receipt of responses over a separate server->client connection. <br
clear="none" class="atl-forced-newline"> <strong>Warning:</strong> You must
configure both the client and server to use WS-Addressing for the decoupled
endpoint to work.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>ProxyServer</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Specifies the URL of the proxy server
through which requests are routed.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>ProxyServerPort</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Specifies the port numb
er of the proxy server through which requests are routed.</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd">NonProxyHosts</td><td colspan="1"
rowspan="1" class="confluenceTd">Specifies a list of hosts that should be
directly routed. This value is a list of patterns separated by '|', where each
pattern may start or end with a '*' for wildcard matching.</td></tr><tr><td
colspan="1" rowspan="1"
class="confluenceTd"><p><code>ProxyServerType</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Specifies the type of proxy server used to
route requests. Valid values
are:</p><ul><li>HTTP(default)</li><li>SOCKS</li></ul></td></tr></tbody></table></div><h4
id="ClientHTTPTransport(includingSSLsupport)-ExampleusingtheClientElement">Example
using the <code>Client</code> Element</h4><p>The example below shows a the
configuration for an HTTP client that wants to keep its connection to the
server open between requests, will only retransmit requests once per invocation,
and cannot use chunking streams.</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeHeader panelHeader pdl"
style="border-bottom-width: 1px;"><b>HTTP Consumer Endpoint
Configuration</b></div><div class="codeContent panelContent pdl">
-<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"><beans
xmlns="http://www.springframework.org/schema/beans";
+<pre class="brush: java; gutter: false; theme: Default"><beans
xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:http-conf="http://cxf.apache.org/transports/http/configuration";
xsi:schemaLocation="http://cxf.apache.org/transports/http/configuration
@@ -304,19 +304,19 @@ http.setClient(httpClientPolicy);
</beans>
</pre>
</div></div><p>Again, see the <a shape="rect"
href="configuration.html">Configuration page</a> for information on how to get
CXF to detect your configuration file.</p><h3
id="ClientHTTPTransport(includingSSLsupport)-ThetlsClientParameterselement">The
<code>tlsClientParameters</code> element</h3><p>Please see <a shape="rect"
href="tls-configuration.html">TLS Configuration</a> page for more
information.</p><h2
id="ClientHTTPTransport(includingSSLsupport)-UsingWSDL">Using WSDL</h2><h3
id="ClientHTTPTransport(includingSSLsupport)-Namespace.1">Namespace</h3><p>The
WSDL extension elements used to configure an HTTP client are defined in the
namespace <code><a shape="rect"
href="http://cxf.apache.org/transports/http/configuration";>http://cxf.apache.org/transports/http/configuration</a></code>.
It is commonly referred to using the prefix <code>http-conf</code>. In order
to use the HTTP configuration elements you will need to add the line shown
below to the <code>definitions</code> element of
your endpoint's WSDL document.</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeHeader panelHeader pdl"
style="border-bottom-width: 1px;"><b>HTTP Consumer WSDL Element's
Namespace</b></div><div class="codeContent panelContent pdl">
-<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"><definitions ...
+<pre class="brush: java; gutter: false; theme: Default"><definitions ...
xmlns:http-conf="http://cxf.apache.org/transports/http/configuration
</pre>
</div></div><h3
id="ClientHTTPTransport(includingSSLsupport)-Theclientelement.1">The
<code>client</code> element</h3><p>The <code>http-conf:client</code> element is
used to specify the connection properties of an HTTP client in a WSDL document.
The <code>http-conf:client</code> element is a child of the WSDL
<code>port</code> element. It has the same attributes as the
<code>client</code> element used in the configuration file.</p><h3
id="ClientHTTPTransport(includingSSLsupport)-Example">Example</h3><p>The
example below shows a WSDL fragment that configures an HTTP client to specify
that it will not interact with caches.</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeHeader panelHeader pdl"
style="border-bottom-width: 1px;"><b>WSDL to Configure an HTTP Consumer
Endpoint</b></div><div class="codeContent panelContent pdl">
-<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"><service ...>
+<pre class="brush: java; gutter: false; theme: Default"><service ...>
<port ...>
<soap:address ... />
<http-conf:client CacheControl="no-cache" />
</port>
</service>
</pre>
-</div></div><h2
id="ClientHTTPTransport(includingSSLsupport)-Usingjavacode">Using java
code</h2><h3
id="ClientHTTPTransport(includingSSLsupport)-HowtoconfiguretheHTTPConduitfortheSOAPClient?">How
to configure the HTTPConduit for the SOAP Client?</h3><p>First you need get
the <a shape="rect" class="external-link" href="http://tinyurl.com/285zll";
rel="nofollow">HTTPConduit</a> from the Proxy object or Client, then you can
set the <a shape="rect" class="external-link"
href="https://svn.apache.org/repos/asf/cxf/trunk/rt/transports/http/src/main/resources/schemas/configuration/http-conf.xsd";>HTTPClientPolicy</a>,
AuthorizationPolicy, ProxyAuthorizationPolicy, <a shape="rect"
class="external-link"
href="https://svn.apache.org/repos/asf/cxf/trunk/api/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java";>TLSClientParameters</a>,
and/or <a shape="rect" class="external-link"
href="https://svn.apache.org/repos/asf/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/trans
port/http/HttpBasicAuthSupplier.java">HttpBasicAuthSupplier</a>.</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"> import org.apache.cxf.endpoint.Client;
+</div></div><h2
id="ClientHTTPTransport(includingSSLsupport)-Usingjavacode">Using java
code</h2><h3
id="ClientHTTPTransport(includingSSLsupport)-HowtoconfiguretheHTTPConduitfortheSOAPClient?">How
to configure the HTTPConduit for the SOAP Client?</h3><p>First you need get
the <a shape="rect" class="external-link" href="http://tinyurl.com/285zll";
rel="nofollow">HTTPConduit</a> from the Proxy object or Client, then you can
set the <a shape="rect" class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/transports/http/src/main/resources/schemas/configuration/http-conf.xsd";
rel="nofollow">HTTPClientPolicy</a>, AuthorizationPolicy,
ProxyAuthorizationPolicy, <a shape="rect" class="external-link"
href="https://github.com/apache/cxf/blob/master/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java";
rel="nofollow">TLSClientParameters.</a></p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
+<pre class="brush: java; gutter: false; theme: Default"> import
org.apache.cxf.endpoint.Client;
import org.apache.cxf.frontend.ClientProxy;
import org.apache.cxf.transport.http.HTTPConduit;
import org.apache.cxf.transports.http.configuration.HTTPClientPolicy;
@@ -343,7 +343,7 @@ http.setClient(httpClientPolicy);
greeter.sayHi("Hello");
</pre>
</div></div><h3
id="ClientHTTPTransport(includingSSLsupport)-Howtooverridetheserviceaddress?">How
to override the service address ?</h3><p>If you are using JAXWS API to create
the proxy obejct, here is an example which is complete JAX-WS compliant
code</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
-<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"> URL wsdlURL = MyService.class.getClassLoader
+<pre class="brush: java; gutter: false; theme: Default"> URL wsdlURL =
MyService.class.getClassLoader
.getResource ("myService.wsdl");
QName serviceName = new QName("urn:myService", "MyService");
MyService service = new MyService(wsdlURL, serviceName);
@@ -356,7 +356,7 @@ http.setClient(httpClientPolicy);
</pre>
</div></div><p>If you are using CXF ProxyFactoryBean to create the proxy
object , you can do like this</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">
+<pre class="brush: java; gutter: false; theme: Default">
JaxWsProxyFactoryBean proxyFactory = new JaxWsProxyFactoryBean();
poxyFactory.setServiceClass(ServicePort.class);
// you could set the service address with this method
@@ -364,7 +364,7 @@ http.setClient(httpClientPolicy);
ServicePort client = (ServicePort) proxyFactory.create();
</pre>
</div></div><p>Here is another way which takes advantage of JAXWS's
Service.addPort() API</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"> URL wsdlURL =
MyService.class.getClassLoader.getResource("service2.wsdl");
+<pre class="brush: java; gutter: false; theme: Default"> URL wsdlURL =
MyService.class.getClassLoader.getResource("service2.wsdl");
QName serviceName = new QName("urn:service2", "MyService");
QName portName = new QName("urn:service2", "ServicePort");
MyService service = new MyService(wsdlURL, serviceName);
@@ -373,7 +373,7 @@ http.setClient(httpClientPolicy);
// Passing the SEI class that is generated by wsdl2java
ServicePort proxy = service.getPort(portName, SEI.class);
</pre>
-</div></div><h2
id="ClientHTTPTransport(includingSSLsupport)-ClientCacheControlDirectives">Client
Cache Control Directives</h2><p>The following table lists the cache control
directives supported by an HTTP client.</p><div class="table-wrap"><table
class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Directive</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Behavior</p></th></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>no-cache</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Caches cannot use a particular response to satisfy
subsequent requests without first revalidating that response with the server.
If specific response header fields are specified with this value, the
restriction applies only to those header fields within the response. If no
response header fields are specified, the restriction applies to the entire
response.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>no-store</p></td
><td colspan="1" rowspan="1" class="confluenceTd"><p>Caches must not store any
>part of a response or any part of the request that invoked
>it.</p></td></tr><tr><td colspan="1" rowspan="1"
>class="confluenceTd"><p>max-age</p></td><td colspan="1" rowspan="1"
>class="confluenceTd"><p>The consumer can accept a response whose age is no
>greater than the specified time in seconds.</p></td></tr><tr><td colspan="1"
>rowspan="1" class="confluenceTd"><p>max-stale</p></td><td colspan="1"
>rowspan="1" class="confluenceTd"><p>The consumer can accept a response that
>has exceeded its expiration time. If a value is assigned to max-stale, it
>represents the number of seconds beyond the expiration time of a response up
>to which the consumer can still accept that response. If no value is
>assigned, it means the consumer can accept a stale response of any
>age.</p></td></tr><tr><td colspan="1" rowspan="1"
>class="confluenceTd"><p>min-fresh</p></td><td colspan="1" rowspan="1"
>class="confluenceTd"><p>The consumer
wants a response that will be still be fresh for at least the specified number
of seconds indicated.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>no-transform</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Caches must not modify media type or location of the
content in a response between a provider and a consumer.</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p>only-if-cached</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Caches should return only
responses that are currently stored in the cache, and not responses that need
to be reloaded or revalidated.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>cache-extension</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Specifies additional extensions to the other cache
directives. Extensions might be informational or behavioral. An extended
directive is specified in the context of a standard directive, so that
applications not understa
nding the extended directive can at least adhere to the behavior mandated by
the standard directive.</p></td></tr></tbody></table></div><h1
id="ClientHTTPTransport(includingSSLsupport)-ANoteAboutChunking">A Note About
Chunking</h1><p>There are two ways of putting a body into an HTTP
stream:</p><ul><li>The "standard" way used by most browsers is to specify a
Content-Length header in the HTTP headers. This allows the receiver to know how
much data is coming and when to stop reading. The problem with this approach is
that the length needs to be pre-determined. The data cannot be streamed as
generated as the length needs to be calculated upfront. Thus, if chunking is
turned off, we need to buffer the data in a byte buffer (or temp file if too
large) so that the Content-Length can be calculated.</li><li>Chunked - with
this mode, the data is sent to the receiver in chunks. Each chunk is preceded
by a hexidecimal chunk size. When a chunk size is 0, the receiver knows all the
data has been
received. This mode allows better streaming as we just need to buffer a small
amount, up to 8K by default, and when the buffer fills, write out the
chunk.</li></ul><p>In general, Chunked will perform better as the streaming can
take place directly. HOWEVER, there are some problems with
chunking:</p><ul><li>Many proxy servers don't understand it, especially older
proxy servers. Many proxy servers want the Content-Length up front so they can
allocate a buffer to store the request before passing it onto the real
server.</li><li>Some of the older WebServices stacks also have problems with
Chunking. Specifically, older versions of .NET.</li></ul><p>If you are getting
strange errors (generally not soap faults, but other HTTP type errors) when
trying to interact with a service, try turning off chunking to see if that
helps.</p><h1
id="ClientHTTPTransport(includingSSLsupport)-Whentosetcustomheaders">When to
set custom headers</h1><p> </p><p>If you use a custom CXF interceptor to
set on
e or more outbound HTTP headers then it is recommended to get this interceptor
running at a stage preceding the WRITE stage, before the outbound body is
written out.</p><p>Otherwise the custom headers may get lost. The headers may
get retained in some cases even if they are added after the body is written
out, example, when a chunking threshold value (4K by default) has not been
reached,</p><p>but relying on it for the headers not to be lost is brittle and
should be avoided.</p><p> </p><h1
id="ClientHTTPTransport(includingSSLsupport)-AsynchronousHTTPConduit">Asynchronous
HTTP Conduit</h1><p>Please see <a shape="rect"
href="asynchronous-client-http-transport.html">Asynchronous HTTP Conduit</a>
page for more information.</p></div>
+</div></div><h2
id="ClientHTTPTransport(includingSSLsupport)-ClientCacheControlDirectives">Client
Cache Control Directives</h2><p>The following table lists the cache control
directives supported by an HTTP client.</p><div class="table-wrap"><table
class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Directive</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Behavior</p></th></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>no-cache</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Caches cannot use a particular response to satisfy
subsequent requests without first revalidating that response with the server.
If specific response header fields are specified with this value, the
restriction applies only to those header fields within the response. If no
response header fields are specified, the restriction applies to the entire
response.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>no-store</p></td
><td colspan="1" rowspan="1" class="confluenceTd"><p>Caches must not store any
>part of a response or any part of the request that invoked
>it.</p></td></tr><tr><td colspan="1" rowspan="1"
>class="confluenceTd"><p>max-age</p></td><td colspan="1" rowspan="1"
>class="confluenceTd"><p>The consumer can accept a response whose age is no
>greater than the specified time in seconds.</p></td></tr><tr><td colspan="1"
>rowspan="1" class="confluenceTd"><p>max-stale</p></td><td colspan="1"
>rowspan="1" class="confluenceTd"><p>The consumer can accept a response that
>has exceeded its expiration time. If a value is assigned to max-stale, it
>represents the number of seconds beyond the expiration time of a response up
>to which the consumer can still accept that response. If no value is
>assigned, it means the consumer can accept a stale response of any
>age.</p></td></tr><tr><td colspan="1" rowspan="1"
>class="confluenceTd"><p>min-fresh</p></td><td colspan="1" rowspan="1"
>class="confluenceTd"><p>The consumer
wants a response that will be still be fresh for at least the specified number
of seconds indicated.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>no-transform</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Caches must not modify media type or location of the
content in a response between a provider and a consumer.</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p>only-if-cached</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Caches should return only
responses that are currently stored in the cache, and not responses that need
to be reloaded or revalidated.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>cache-extension</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Specifies additional extensions to the other cache
directives. Extensions might be informational or behavioral. An extended
directive is specified in the context of a standard directive, so that
applications not understa
nding the extended directive can at least adhere to the behavior mandated by
the standard directive.</p></td></tr></tbody></table></div><h1
id="ClientHTTPTransport(includingSSLsupport)-ANoteAboutChunking">A Note About
Chunking</h1><p>There are two ways of putting a body into an HTTP
stream:</p><ul><li>The "standard" way used by most browsers is to specify a
Content-Length header in the HTTP headers. This allows the receiver to know how
much data is coming and when to stop reading. The problem with this approach is
that the length needs to be pre-determined. The data cannot be streamed as
generated as the length needs to be calculated upfront. Thus, if chunking is
turned off, we need to buffer the data in a byte buffer (or temp file if too
large) so that the Content-Length can be calculated.</li><li>Chunked - with
this mode, the data is sent to the receiver in chunks. Each chunk is preceded
by a hexidecimal chunk size. When a chunk size is 0, the receiver knows all the
data has been
received. This mode allows better streaming as we just need to buffer a small
amount, up to 8K by default, and when the buffer fills, write out the
chunk.</li></ul><p>In general, Chunked will perform better as the streaming can
take place directly. HOWEVER, there are some problems with
chunking:</p><ul><li>Many proxy servers don't understand it, especially older
proxy servers. Many proxy servers want the Content-Length up front so they can
allocate a buffer to store the request before passing it onto the real
server.</li><li>Some of the older WebServices stacks also have problems with
Chunking. Specifically, older versions of .NET.</li></ul><p>If you are getting
strange errors (generally not soap faults, but other HTTP type errors) when
trying to interact with a service, try turning off chunking to see if that
helps.</p><h1
id="ClientHTTPTransport(includingSSLsupport)-Whentosetcustomheaders">When to
set custom headers</h1><p>If you use a custom CXF interceptor to set one or
more out
bound HTTP headers then it is recommended to get this interceptor running at a
stage preceding the WRITE stage, before the outbound body is written
out.</p><p>Otherwise the custom headers may get lost. The headers may get
retained in some cases even if they are added after the body is written out,
example, when a chunking threshold value (4K by default) has not been
reached,</p><p>but relying on it for the headers not to be lost is brittle and
should be avoided.</p><h1
id="ClientHTTPTransport(includingSSLsupport)-AsynchronousHTTPConduit">Asynchronous
HTTP Conduit</h1><p>Please see <a shape="rect"
href="asynchronous-client-http-transport.html">Asynchronous HTTP Conduit</a>
page for more information.</p></div>
</div>
<!-- Content -->
</td>
