Hi Eoghan,
I think it must actually be the port name. I didn't actually change any of
the logic about the ID (although in retrospect I wish I would have, it seems
quite redundant to have ".http-conduit" in there). I simply changed name->id
in all the examples.
- Dan
On 2/27/07, Glynn, Eoghan <[EMAIL PROTECTED]> wrote:
Hi Dan,
I noticed the other demos using the new config syntax have what looks
like a target port embedded in the conduit bean ID, e.g.
<http:conduit id="{http://apache.org/foo}MyPort9001.http-conduit";>
^^^^
whereas this is missing in your change to the HTTPS sample.
Is this optional, i.e. only required if the conduits for different
target endpoints are to be configured differently. If so, would the
target hostname as well as the port need to be encoded in the conduit
ID?
Or maybe the embedded "9001" denotes something else? (as the target port
for the relevant demos is actually 9000).
Cheers,
Eoghan
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: 27 February 2007 05:45
> To: [email protected]
> Subject: svn commit: r512143 - in
> /incubator/cxf/trunk/distribution/src/main/release/samples/hel
> lo_world_https: client.xml insecure_client.xml server.xml
>
> Author: dandiep
> Date: Mon Feb 26 21:44:33 2007
> New Revision: 512143
>
> URL: http://svn.apache.org/viewvc?view=rev&rev=512143
> Log:
> Update HTTPS sample to latest configuration syntax.
>
> Modified:
>
> incubator/cxf/trunk/distribution/src/main/release/samples/hell
> o_world_https/client.xml
>
> incubator/cxf/trunk/distribution/src/main/release/samples/hell
> o_world_https/insecure_client.xml
>
> incubator/cxf/trunk/distribution/src/main/release/samples/hell
> o_world_https/server.xml
>
> Modified:
> incubator/cxf/trunk/distribution/src/main/release/samples/hell
> o_world_https/client.xml
> URL:
> http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/
> src/main/release/samples/hello_world_https/client.xml?view=dif
> f&rev=512143&r1=512142&r2=512143
> ==============================================================
> ================
> ---
> incubator/cxf/trunk/distribution/src/main/release/samples/hell
> o_world_https/client.xml (original)
> +++
> incubator/cxf/trunk/distribution/src/main/release/samples/hello_worl
> +++ d_https/client.xml Mon Feb 26 21:44:33 2007
> @@ -7,9 +7,9 @@
> to you under the Apache License, Version 2.0 (the
> "License"); you may not use this file except in compliance
> with the License. You may obtain a copy of the License at
> -
> +
> http://www.apache.org/licenses/LICENSE-2.0
> -
> +
> Unless required by applicable law or agreed to in writing,
> software distributed under the License is distributed on an
> "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@
> -18,32 +18,32 @@
> under the License.
> -->
> <beans xmlns="http://www.springframework.org/schema/beans";
> - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> - xmlns:sec="http://cxf.apache.org/configuration/security";
> - xsi:schemaLocation="
> + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> + xmlns:sec="http://cxf.apache.org/configuration/security";
> + xmlns:http="http://cxf.apache.org/transports/http/configuration";
> + xsi:schemaLocation="
> +http://cxf.apache.org/transports/http/configuration
> +http://cxf.apache.org/schema/transports/http.xsd
> http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans.xsd";>
>
> - <bean
> name="{http://apache.org/hello_world_soap_http}SoapPort.http-c
> onduit" abstract="true">
> - <property name="sslClient">
> - <value>
> - <sec:sslClient>
> -
> <sec:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore>
> -
> <sec:KeystorePassword>celtixpass</sec:KeystorePassword>
> - <sec:KeyPassword>celtixpass</sec:KeyPassword>
> -
> <sec:TrustStore>src/demo/hw_https/resources/abigcompany_ca.pem
> </sec:TrustStore>
> - <sec:CiphersuiteFilters>
> - <!-- these filters ensure that a
> ciphersuite with
> - export-suitable but non-null
> encryption is used,
> - and prefers the stronger SHA over MD5
> message digests -->
> - <sec:include>.*_EXPORT_.*</sec:include>
> - <sec:include>.*_EXPORT1024_.*</sec:include>
> - <sec:include>.*_WITH_DES_.*</sec:include>
> - <sec:exclude>.*_WITH_NULL_.*</sec:exclude>
> - <sec:exclude>.*_MD5</sec:exclude>
> - </sec:CiphersuiteFilters>
> - </sec:sslClient>
> - </value>
> - </property>
> - </bean>
> + <http:conduit
> + id="{http://apache.org/hello_world_soap_http}SoapPort.http-conduit";>
> +
> + <http:sslClient>
> +
> <sec:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore>
> + <sec:KeystorePassword>celtixpass</sec:KeystorePassword>
> + <sec:KeyPassword>celtixpass</sec:KeyPassword>
> +
> <sec:TrustStore>src/demo/hw_https/resources/abigcompany_ca.pem
> </sec:TrustStore>
> + <sec:CiphersuiteFilters>
> + <!-- these filters ensure that a ciphersuite with
> + export-suitable but non-null encryption is used,
> + and prefers the stronger SHA over MD5 message digests -->
> + <sec:include>.*_EXPORT_.*</sec:include>
> + <sec:include>.*_EXPORT1024_.*</sec:include>
> + <sec:include>.*_WITH_DES_.*</sec:include>
> + <sec:exclude>.*_WITH_NULL_.*</sec:exclude>
> + <sec:exclude>.*_MD5</sec:exclude>
> + </sec:CiphersuiteFilters>
> + </http:sslClient>
> + </http:conduit>
> +
>
> </beans>
>
> Modified:
> incubator/cxf/trunk/distribution/src/main/release/samples/hell
> o_world_https/insecure_client.xml
> URL:
> http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/
> src/main/release/samples/hello_world_https/insecure_client.xml
> ?view=diff&rev=512143&r1=512142&r2=512143
> ==============================================================
> ================
> ---
> incubator/cxf/trunk/distribution/src/main/release/samples/hell
> o_world_https/insecure_client.xml (original)
> +++
> incubator/cxf/trunk/distribution/src/main/release/samples/hello_worl
> +++ d_https/insecure_client.xml Mon Feb 26 21:44:33 2007
> @@ -7,9 +7,9 @@
> to you under the Apache License, Version 2.0 (the
> "License"); you may not use this file except in compliance
> with the License. You may obtain a copy of the License at
> -
> +
> http://www.apache.org/licenses/LICENSE-2.0
> -
> +
> Unless required by applicable law or agreed to in writing,
> software distributed under the License is distributed on an
> "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@
> -18,11 +18,13 @@
> under the License.
> -->
> <beans xmlns="http://www.springframework.org/schema/beans";
> - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> - xsi:schemaLocation="
> + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> + xmlns:http="http://cxf.apache.org/transports/http/configuration";
> + xsi:schemaLocation="
> +http://cxf.apache.org/transports/http/configuration
> +http://cxf.apache.org/schema/transports/http.xsd
> http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans.xsd";>
>
> - <bean
> name="{http://apache.org/hello_world_soap_http}SoapPort.http-c
> onduit" abstract="true">
> - </bean>
> + <http:conduit
> + id="{http://apache.org/hello_world_soap_http}SoapPort.http-conduit";>
> + </http:conduit>
>
> </beans>
>
> Modified:
> incubator/cxf/trunk/distribution/src/main/release/samples/hell
> o_world_https/server.xml
> URL:
> http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/
> src/main/release/samples/hello_world_https/server.xml?view=dif
> f&rev=512143&r1=512142&r2=512143
> ==============================================================
> ================
> ---
> incubator/cxf/trunk/distribution/src/main/release/samples/hell
> o_world_https/server.xml (original)
> +++
> incubator/cxf/trunk/distribution/src/main/release/samples/hello_worl
> +++ d_https/server.xml Mon Feb 26 21:44:33 2007
> @@ -7,9 +7,9 @@
> to you under the Apache License, Version 2.0 (the
> "License"); you may not use this file except in compliance
> with the License. You may obtain a copy of the License at
> -
> +
> http://www.apache.org/licenses/LICENSE-2.0
> -
> +
> Unless required by applicable law or agreed to in writing,
> software distributed under the License is distributed on an
> "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@
> -18,37 +18,34 @@
> under the License.
> -->
> <beans xmlns="http://www.springframework.org/schema/beans";
> - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> - xmlns:sec="http://cxf.apache.org/configuration/security";
> - xsi:schemaLocation="
> + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> + xmlns:sec="http://cxf.apache.org/configuration/security";
> + xmlns:http="http://cxf.apache.org/transports/http/configuration";
> + xsi:schemaLocation="
> +http://cxf.apache.org/transports/http/configuration
> +http://cxf.apache.org/schema/transports/http.xsd
> http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans.xsd";>
>
> - <bean
> name="{http://apache.org/hello_world_soap_http}GreeterImplPort
> .http-destination" abstract="true">
> -
> - <property name="sslServer">
> - <value>
> - <sec:sslServer>
> -
> <sec:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore>
> - <sec:KeystoreType>PKCS12</sec:KeystoreType>
> -
> <sec:KeystorePassword>celtixpass</sec:KeystorePassword>
> - <sec:KeyPassword>celtixpass</sec:KeyPassword>
> -
> <sec:WantClientAuthentication>true</sec:WantClientAuthentication>
> -
> <sec:RequireClientAuthentication>true</sec:RequireClientAuthen
> tication>
> -
> <sec:TrustStore>src/demo/hw_https/resources/celtixp12.truststo
> re</sec:TrustStore>
> - <sec:CiphersuiteFilters>
> - <!-- these filters ensure that a
> ciphersuite with
> - export-suitable or null encryption is used,
> - but exclude anonymous Diffie-Hellman
> key change as
> - this is vulnerable to
> man-in-the-middle attacks -->
> - <sec:include>.*_EXPORT_.*</sec:include>
> - <sec:include>.*_EXPORT1024_.*</sec:include>
> - <sec:include>.*_WITH_DES_.*</sec:include>
> - <sec:include>.*_WITH_NULL_.*</sec:include>
> - <sec:exclude>.*_DH_anon_.*</sec:exclude>
> - </sec:CiphersuiteFilters>
> - </sec:sslServer>
> - </value>
> - </property>
> - </bean>
> -
> + <http:destination
> id="{http://apache.org/hello_world_soap_http}GreeterImplPort.h
> ttp-destination">
> + <http:sslServer>
> +
> <sec:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore>
> + <sec:KeystoreType>PKCS12</sec:KeystoreType>
> + <sec:KeystorePassword>celtixpass</sec:KeystorePassword>
> + <sec:KeyPassword>celtixpass</sec:KeyPassword>
> +
> <sec:WantClientAuthentication>true</sec:WantClientAuthentication>
> +
> <sec:RequireClientAuthentication>true</sec:RequireClientAuthen
> tication>
> +
> <sec:TrustStore>src/demo/hw_https/resources/celtixp12.truststo
> re</sec:TrustStore>
> + <sec:CiphersuiteFilters>
> + <!-- these filters ensure that a ciphersuite with
> + export-suitable or null encryption is used,
> + but exclude anonymous Diffie-Hellman key change as
> + this is vulnerable to man-in-the-middle attacks -->
> + <sec:include>.*_EXPORT_.*</sec:include>
> + <sec:include>.*_EXPORT1024_.*</sec:include>
> + <sec:include>.*_WITH_DES_.*</sec:include>
> + <sec:include>.*_WITH_NULL_.*</sec:include>
> + <sec:exclude>.*_DH_anon_.*</sec:exclude>
> + </sec:CiphersuiteFilters>
> + </http:sslServer>
> + </http:destination>
> +
> </beans>
>
>
>
--
Dan Diephouse
Envoi Solutions
http://envoisolutions.com | http://netzooid.com/blog
