Sorry Dan, just looked at the svn logs and the strange "SoapPort9001" suffix came in a different commit (r502625 - "Apply patch for CXF-405 from Jonathan Anstey").
Looks like the "9001" is spurious, but I'll just check with Jon what the intention was before removing it. /Eoghan > -----Original Message----- > From: Dan Diephouse [mailto:[EMAIL PROTECTED] > Sent: 27 February 2007 15:54 > To: [email protected] > Subject: Re: svn commit: r512143 [Update HTTPS sample to > latest configuration syntax] > > Hi Eoghan, > > I think it must actually be the port name. I didn't actually > change any of the logic about the ID (although in retrospect > I wish I would have, it seems quite redundant to have > ".http-conduit" in there). I simply changed name->id in all > the examples. > > - Dan > > On 2/27/07, Glynn, Eoghan <[EMAIL PROTECTED]> wrote: > > > > > > > > Hi Dan, > > > > I noticed the other demos using the new config syntax have > what looks > > like a target port embedded in the conduit bean ID, e.g. > > > > <http:conduit id="{http://apache.org/foo}MyPort9001.http-conduit";> > > ^^^^ > > > > whereas this is missing in your change to the HTTPS sample. > > > > Is this optional, i.e. only required if the conduits for different > > target endpoints are to be configured differently. If so, would the > > target hostname as well as the port need to be encoded in > the conduit > > ID? > > > > Or maybe the embedded "9001" denotes something else? (as the target > > port for the relevant demos is actually 9000). > > > > Cheers, > > Eoghan > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > > Sent: 27 February 2007 05:45 > > > To: [email protected] > > > Subject: svn commit: r512143 - in > > > /incubator/cxf/trunk/distribution/src/main/release/samples/hel > > > lo_world_https: client.xml insecure_client.xml server.xml > > > > > > Author: dandiep > > > Date: Mon Feb 26 21:44:33 2007 > > > New Revision: 512143 > > > > > > URL: http://svn.apache.org/viewvc?view=rev&rev=512143 > > > Log: > > > Update HTTPS sample to latest configuration syntax. > > > > > > Modified: > > > > > > incubator/cxf/trunk/distribution/src/main/release/samples/hell > > > o_world_https/client.xml > > > > > > incubator/cxf/trunk/distribution/src/main/release/samples/hell > > > o_world_https/insecure_client.xml > > > > > > incubator/cxf/trunk/distribution/src/main/release/samples/hell > > > o_world_https/server.xml > > > > > > Modified: > > > incubator/cxf/trunk/distribution/src/main/release/samples/hell > > > o_world_https/client.xml > > > URL: > > > http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/ > > > src/main/release/samples/hello_world_https/client.xml?view=dif > > > f&rev=512143&r1=512142&r2=512143 > > > ============================================================== > > > ================ > > > --- > > > incubator/cxf/trunk/distribution/src/main/release/samples/hell > > > o_world_https/client.xml (original) > > > +++ > > > > incubator/cxf/trunk/distribution/src/main/release/samples/hello_worl > > > +++ d_https/client.xml Mon Feb 26 21:44:33 2007 > > > @@ -7,9 +7,9 @@ > > > to you under the Apache License, Version 2.0 (the > > > "License"); you may not use this file except in compliance > > > with the License. You may obtain a copy of the License at > > > - > > > + > > > http://www.apache.org/licenses/LICENSE-2.0 > > > - > > > + > > > Unless required by applicable law or agreed to in writing, > > > software distributed under the License is distributed on an > > > "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@ > > > -18,32 +18,32 @@ > > > under the License. > > > --> > > > <beans xmlns="http://www.springframework.org/schema/beans"; > > > - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > > > - xmlns:sec="http://cxf.apache.org/configuration/security"; > > > - xsi:schemaLocation=" > > > + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > > > + xmlns:sec="http://cxf.apache.org/configuration/security"; > > > + > xmlns:http="http://cxf.apache.org/transports/http/configuration"; > > > + xsi:schemaLocation=" > > > +http://cxf.apache.org/transports/http/configuration > > > +http://cxf.apache.org/schema/transports/http.xsd > > > http://www.springframework.org/schema/beans > > > http://www.springframework.org/schema/beans/spring-beans.xsd";> > > > > > > - <bean > > > name="{http://apache.org/hello_world_soap_http}SoapPort.http-c > > > onduit" abstract="true"> > > > - <property name="sslClient"> > > > - <value> > > > - <sec:sslClient> > > > - > > > > <sec:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore> > > > - > > > <sec:KeystorePassword>celtixpass</sec:KeystorePassword> > > > - <sec:KeyPassword>celtixpass</sec:KeyPassword> > > > - > > > <sec:TrustStore>src/demo/hw_https/resources/abigcompany_ca.pem > > > </sec:TrustStore> > > > - <sec:CiphersuiteFilters> > > > - <!-- these filters ensure that a > > > ciphersuite with > > > - export-suitable but non-null > > > encryption is used, > > > - and prefers the stronger SHA over MD5 > > > message digests --> > > > - <sec:include>.*_EXPORT_.*</sec:include> > > > - <sec:include>.*_EXPORT1024_.*</sec:include> > > > - <sec:include>.*_WITH_DES_.*</sec:include> > > > - <sec:exclude>.*_WITH_NULL_.*</sec:exclude> > > > - <sec:exclude>.*_MD5</sec:exclude> > > > - </sec:CiphersuiteFilters> > > > - </sec:sslClient> > > > - </value> > > > - </property> > > > - </bean> > > > + <http:conduit > > > + > id="{http://apache.org/hello_world_soap_http}SoapPort.http-conduit > > > + "> > > > + > > > + <http:sslClient> > > > + > > > > <sec:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore> > > > + <sec:KeystorePassword>celtixpass</sec:KeystorePassword> > > > + <sec:KeyPassword>celtixpass</sec:KeyPassword> > > > + > > > <sec:TrustStore>src/demo/hw_https/resources/abigcompany_ca.pem > > > </sec:TrustStore> > > > + <sec:CiphersuiteFilters> > > > + <!-- these filters ensure that a ciphersuite with > > > + export-suitable but non-null encryption is used, > > > + and prefers the stronger SHA over MD5 message > digests --> > > > + <sec:include>.*_EXPORT_.*</sec:include> > > > + <sec:include>.*_EXPORT1024_.*</sec:include> > > > + <sec:include>.*_WITH_DES_.*</sec:include> > > > + <sec:exclude>.*_WITH_NULL_.*</sec:exclude> > > > + <sec:exclude>.*_MD5</sec:exclude> > > > + </sec:CiphersuiteFilters> > > > + </http:sslClient> > > > + </http:conduit> > > > + > > > > > > </beans> > > > > > > Modified: > > > incubator/cxf/trunk/distribution/src/main/release/samples/hell > > > o_world_https/insecure_client.xml > > > URL: > > > http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/ > > > src/main/release/samples/hello_world_https/insecure_client.xml > > > ?view=diff&rev=512143&r1=512142&r2=512143 > > > ============================================================== > > > ================ > > > --- > > > incubator/cxf/trunk/distribution/src/main/release/samples/hell > > > o_world_https/insecure_client.xml (original) > > > +++ > > > > incubator/cxf/trunk/distribution/src/main/release/samples/hello_worl > > > +++ d_https/insecure_client.xml Mon Feb 26 21:44:33 2007 > > > @@ -7,9 +7,9 @@ > > > to you under the Apache License, Version 2.0 (the > > > "License"); you may not use this file except in compliance > > > with the License. You may obtain a copy of the License at > > > - > > > + > > > http://www.apache.org/licenses/LICENSE-2.0 > > > - > > > + > > > Unless required by applicable law or agreed to in writing, > > > software distributed under the License is distributed on an > > > "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@ > > > -18,11 +18,13 @@ > > > under the License. > > > --> > > > <beans xmlns="http://www.springframework.org/schema/beans"; > > > - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > > > - xsi:schemaLocation=" > > > + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > > > + > xmlns:http="http://cxf.apache.org/transports/http/configuration"; > > > + xsi:schemaLocation=" > > > +http://cxf.apache.org/transports/http/configuration > > > +http://cxf.apache.org/schema/transports/http.xsd > > > http://www.springframework.org/schema/beans > > > http://www.springframework.org/schema/beans/spring-beans.xsd";> > > > > > > - <bean > > > name="{http://apache.org/hello_world_soap_http}SoapPort.http-c > > > onduit" abstract="true"> > > > - </bean> > > > + <http:conduit > > > + > id="{http://apache.org/hello_world_soap_http}SoapPort.http-conduit > > > + "> > > > + </http:conduit> > > > > > > </beans> > > > > > > Modified: > > > incubator/cxf/trunk/distribution/src/main/release/samples/hell > > > o_world_https/server.xml > > > URL: > > > http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/ > > > src/main/release/samples/hello_world_https/server.xml?view=dif > > > f&rev=512143&r1=512142&r2=512143 > > > ============================================================== > > > ================ > > > --- > > > incubator/cxf/trunk/distribution/src/main/release/samples/hell > > > o_world_https/server.xml (original) > > > +++ > > > > incubator/cxf/trunk/distribution/src/main/release/samples/hello_worl > > > +++ d_https/server.xml Mon Feb 26 21:44:33 2007 > > > @@ -7,9 +7,9 @@ > > > to you under the Apache License, Version 2.0 (the > > > "License"); you may not use this file except in compliance > > > with the License. You may obtain a copy of the License at > > > - > > > + > > > http://www.apache.org/licenses/LICENSE-2.0 > > > - > > > + > > > Unless required by applicable law or agreed to in writing, > > > software distributed under the License is distributed on an > > > "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@ > > > -18,37 +18,34 @@ > > > under the License. > > > --> > > > <beans xmlns="http://www.springframework.org/schema/beans"; > > > - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > > > - xmlns:sec="http://cxf.apache.org/configuration/security"; > > > - xsi:schemaLocation=" > > > + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > > > + xmlns:sec="http://cxf.apache.org/configuration/security"; > > > + > xmlns:http="http://cxf.apache.org/transports/http/configuration"; > > > + xsi:schemaLocation=" > > > +http://cxf.apache.org/transports/http/configuration > > > +http://cxf.apache.org/schema/transports/http.xsd > > > http://www.springframework.org/schema/beans > > > http://www.springframework.org/schema/beans/spring-beans.xsd";> > > > > > > - <bean > > > name="{http://apache.org/hello_world_soap_http}GreeterImplPort > > > .http-destination" abstract="true"> > > > - > > > - <property name="sslServer"> > > > - <value> > > > - <sec:sslServer> > > > - > > > > <sec:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore> > > > - <sec:KeystoreType>PKCS12</sec:KeystoreType> > > > - > > > <sec:KeystorePassword>celtixpass</sec:KeystorePassword> > > > - <sec:KeyPassword>celtixpass</sec:KeyPassword> > > > - > > > <sec:WantClientAuthentication>true</sec:WantClientAuthentication> > > > - > > > <sec:RequireClientAuthentication>true</sec:RequireClientAuthen > > > tication> > > > - > > > <sec:TrustStore>src/demo/hw_https/resources/celtixp12.truststo > > > re</sec:TrustStore> > > > - <sec:CiphersuiteFilters> > > > - <!-- these filters ensure that a > > > ciphersuite with > > > - export-suitable or null encryption is used, > > > - but exclude anonymous Diffie-Hellman > > > key change as > > > - this is vulnerable to > > > man-in-the-middle attacks --> > > > - <sec:include>.*_EXPORT_.*</sec:include> > > > - <sec:include>.*_EXPORT1024_.*</sec:include> > > > - <sec:include>.*_WITH_DES_.*</sec:include> > > > - <sec:include>.*_WITH_NULL_.*</sec:include> > > > - <sec:exclude>.*_DH_anon_.*</sec:exclude> > > > - </sec:CiphersuiteFilters> > > > - </sec:sslServer> > > > - </value> > > > - </property> > > > - </bean> > > > - > > > + <http:destination > > > id="{http://apache.org/hello_world_soap_http}GreeterImplPort.h > > > ttp-destination"> > > > + <http:sslServer> > > > + > > > > <sec:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore> > > > + <sec:KeystoreType>PKCS12</sec:KeystoreType> > > > + <sec:KeystorePassword>celtixpass</sec:KeystorePassword> > > > + <sec:KeyPassword>celtixpass</sec:KeyPassword> > > > + > > > <sec:WantClientAuthentication>true</sec:WantClientAuthentication> > > > + > > > <sec:RequireClientAuthentication>true</sec:RequireClientAuthen > > > tication> > > > + > > > <sec:TrustStore>src/demo/hw_https/resources/celtixp12.truststo > > > re</sec:TrustStore> > > > + <sec:CiphersuiteFilters> > > > + <!-- these filters ensure that a ciphersuite with > > > + export-suitable or null encryption is used, > > > + but exclude anonymous Diffie-Hellman key change as > > > + this is vulnerable to man-in-the-middle attacks --> > > > + <sec:include>.*_EXPORT_.*</sec:include> > > > + <sec:include>.*_EXPORT1024_.*</sec:include> > > > + <sec:include>.*_WITH_DES_.*</sec:include> > > > + <sec:include>.*_WITH_NULL_.*</sec:include> > > > + <sec:exclude>.*_DH_anon_.*</sec:exclude> > > > + </sec:CiphersuiteFilters> > > > + </http:sslServer> > > > + </http:destination> > > > + > > > </beans> > > > > > > > > > > > > > > > -- > Dan Diephouse > Envoi Solutions > http://envoisolutions.com | http://netzooid.com/blog >
