-----Original Message-----
From: Dan Diephouse [mailto:[EMAIL PROTECTED]
Sent: 27 February 2007 15:54
To: [email protected]
Subject: Re: svn commit: r512143 [Update HTTPS sample to
latest configuration syntax]
Hi Eoghan,
I think it must actually be the port name. I didn't actually
change any of the logic about the ID (although in retrospect
I wish I would have, it seems quite redundant to have
".http-conduit" in there). I simply changed name->id in all
the examples.
- Dan
On 2/27/07, Glynn, Eoghan <[EMAIL PROTECTED]> wrote:
Hi Dan,
I noticed the other demos using the new config syntax have
what looks
like a target port embedded in the conduit bean ID, e.g.
<http:conduit id="{http://apache.org/foo}MyPort9001.http-conduit";>
^^^^
whereas this is missing in your change to the HTTPS sample.
Is this optional, i.e. only required if the conduits for different
target endpoints are to be configured differently. If so, would the
target hostname as well as the port need to be encoded in
the conduit
ID?
Or maybe the embedded "9001" denotes something else? (as the target
port for the relevant demos is actually 9000).
Cheers,
Eoghan
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: 27 February 2007 05:45
To: [email protected]
Subject: svn commit: r512143 - in
/incubator/cxf/trunk/distribution/src/main/release/samples/hel
lo_world_https: client.xml insecure_client.xml server.xml
Author: dandiep
Date: Mon Feb 26 21:44:33 2007
New Revision: 512143
URL: http://svn.apache.org/viewvc?view=rev&rev=512143
Log:
Update HTTPS sample to latest configuration syntax.
Modified:
incubator/cxf/trunk/distribution/src/main/release/samples/hell
o_world_https/client.xml
incubator/cxf/trunk/distribution/src/main/release/samples/hell
o_world_https/insecure_client.xml
incubator/cxf/trunk/distribution/src/main/release/samples/hell
o_world_https/server.xml
Modified:
incubator/cxf/trunk/distribution/src/main/release/samples/hell
o_world_https/client.xml
URL:
http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/
src/main/release/samples/hello_world_https/client.xml?view=dif
f&rev=512143&r1=512142&r2=512143
==============================================================
================
---
incubator/cxf/trunk/distribution/src/main/release/samples/hell
o_world_https/client.xml (original)
+++
incubator/cxf/trunk/distribution/src/main/release/samples/hello_worl
+++ d_https/client.xml Mon Feb 26 21:44:33 2007
@@ -7,9 +7,9 @@
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
-
+
http://www.apache.org/licenses/LICENSE-2.0
-
+
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@
-18,32 +18,32 @@
under the License.
-->
<beans xmlns="http://www.springframework.org/schema/beans";
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
- xmlns:sec="http://cxf.apache.org/configuration/security";
- xsi:schemaLocation="
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xmlns:sec="http://cxf.apache.org/configuration/security";
+
xmlns:http="http://cxf.apache.org/transports/http/configuration";
+ xsi:schemaLocation="
+http://cxf.apache.org/transports/http/configuration
+http://cxf.apache.org/schema/transports/http.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd";>
- <bean
name="{http://apache.org/hello_world_soap_http}SoapPort.http-c
onduit" abstract="true">
- <property name="sslClient">
- <value>
- <sec:sslClient>
-
<sec:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore>
-
<sec:KeystorePassword>celtixpass</sec:KeystorePassword>
- <sec:KeyPassword>celtixpass</sec:KeyPassword>
-
<sec:TrustStore>src/demo/hw_https/resources/abigcompany_ca.pem
</sec:TrustStore>
- <sec:CiphersuiteFilters>
- <!-- these filters ensure that a
ciphersuite with
- export-suitable but non-null
encryption is used,
- and prefers the stronger SHA over MD5
message digests -->
- <sec:include>.*_EXPORT_.*</sec:include>
- <sec:include>.*_EXPORT1024_.*</sec:include>
- <sec:include>.*_WITH_DES_.*</sec:include>
- <sec:exclude>.*_WITH_NULL_.*</sec:exclude>
- <sec:exclude>.*_MD5</sec:exclude>
- </sec:CiphersuiteFilters>
- </sec:sslClient>
- </value>
- </property>
- </bean>
+ <http:conduit
+
id="{http://apache.org/hello_world_soap_http}SoapPort.http-conduit
+ ">
+
+ <http:sslClient>
+
<sec:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore>
+ <sec:KeystorePassword>celtixpass</sec:KeystorePassword>
+ <sec:KeyPassword>celtixpass</sec:KeyPassword>
+
<sec:TrustStore>src/demo/hw_https/resources/abigcompany_ca.pem
</sec:TrustStore>
+ <sec:CiphersuiteFilters>
+ <!-- these filters ensure that a ciphersuite with
+ export-suitable but non-null encryption is used,
+ and prefers the stronger SHA over MD5 message
digests -->
+ <sec:include>.*_EXPORT_.*</sec:include>
+ <sec:include>.*_EXPORT1024_.*</sec:include>
+ <sec:include>.*_WITH_DES_.*</sec:include>
+ <sec:exclude>.*_WITH_NULL_.*</sec:exclude>
+ <sec:exclude>.*_MD5</sec:exclude>
+ </sec:CiphersuiteFilters>
+ </http:sslClient>
+ </http:conduit>
+
</beans>
Modified:
incubator/cxf/trunk/distribution/src/main/release/samples/hell
o_world_https/insecure_client.xml
URL:
http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/
src/main/release/samples/hello_world_https/insecure_client.xml
?view=diff&rev=512143&r1=512142&r2=512143
==============================================================
================
---
incubator/cxf/trunk/distribution/src/main/release/samples/hell
o_world_https/insecure_client.xml (original)
+++
incubator/cxf/trunk/distribution/src/main/release/samples/hello_worl
+++ d_https/insecure_client.xml Mon Feb 26 21:44:33 2007
@@ -7,9 +7,9 @@
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
-
+
http://www.apache.org/licenses/LICENSE-2.0
-
+
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@
-18,11 +18,13 @@
under the License.
-->
<beans xmlns="http://www.springframework.org/schema/beans";
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
- xsi:schemaLocation="
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+
xmlns:http="http://cxf.apache.org/transports/http/configuration";
+ xsi:schemaLocation="
+http://cxf.apache.org/transports/http/configuration
+http://cxf.apache.org/schema/transports/http.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd";>
- <bean
name="{http://apache.org/hello_world_soap_http}SoapPort.http-c
onduit" abstract="true">
- </bean>
+ <http:conduit
+
id="{http://apache.org/hello_world_soap_http}SoapPort.http-conduit
+ ">
+ </http:conduit>
</beans>
Modified:
incubator/cxf/trunk/distribution/src/main/release/samples/hell
o_world_https/server.xml
URL:
http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/
src/main/release/samples/hello_world_https/server.xml?view=dif
f&rev=512143&r1=512142&r2=512143
==============================================================
================
---
incubator/cxf/trunk/distribution/src/main/release/samples/hell
o_world_https/server.xml (original)
+++
incubator/cxf/trunk/distribution/src/main/release/samples/hello_worl
+++ d_https/server.xml Mon Feb 26 21:44:33 2007
@@ -7,9 +7,9 @@
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
-
+
http://www.apache.org/licenses/LICENSE-2.0
-
+
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@
-18,37 +18,34 @@
under the License.
-->
<beans xmlns="http://www.springframework.org/schema/beans";
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
- xmlns:sec="http://cxf.apache.org/configuration/security";
- xsi:schemaLocation="
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xmlns:sec="http://cxf.apache.org/configuration/security";
+
xmlns:http="http://cxf.apache.org/transports/http/configuration";
+ xsi:schemaLocation="
+http://cxf.apache.org/transports/http/configuration
+http://cxf.apache.org/schema/transports/http.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd";>
- <bean
name="{http://apache.org/hello_world_soap_http}GreeterImplPort
.http-destination" abstract="true">
-
- <property name="sslServer">
- <value>
- <sec:sslServer>
-
<sec:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore>
- <sec:KeystoreType>PKCS12</sec:KeystoreType>
-
<sec:KeystorePassword>celtixpass</sec:KeystorePassword>
- <sec:KeyPassword>celtixpass</sec:KeyPassword>
-
<sec:WantClientAuthentication>true</sec:WantClientAuthentication>
-
<sec:RequireClientAuthentication>true</sec:RequireClientAuthen
tication>
-
<sec:TrustStore>src/demo/hw_https/resources/celtixp12.truststo
re</sec:TrustStore>
- <sec:CiphersuiteFilters>
- <!-- these filters ensure that a
ciphersuite with
- export-suitable or null encryption is used,
- but exclude anonymous Diffie-Hellman
key change as
- this is vulnerable to
man-in-the-middle attacks -->
- <sec:include>.*_EXPORT_.*</sec:include>
- <sec:include>.*_EXPORT1024_.*</sec:include>
- <sec:include>.*_WITH_DES_.*</sec:include>
- <sec:include>.*_WITH_NULL_.*</sec:include>
- <sec:exclude>.*_DH_anon_.*</sec:exclude>
- </sec:CiphersuiteFilters>
- </sec:sslServer>
- </value>
- </property>
- </bean>
-
+ <http:destination
id="{http://apache.org/hello_world_soap_http}GreeterImplPort.h
ttp-destination">
+ <http:sslServer>
+
<sec:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore>
+ <sec:KeystoreType>PKCS12</sec:KeystoreType>
+ <sec:KeystorePassword>celtixpass</sec:KeystorePassword>
+ <sec:KeyPassword>celtixpass</sec:KeyPassword>
+
<sec:WantClientAuthentication>true</sec:WantClientAuthentication>
+
<sec:RequireClientAuthentication>true</sec:RequireClientAuthen
tication>
+
<sec:TrustStore>src/demo/hw_https/resources/celtixp12.truststo
re</sec:TrustStore>
+ <sec:CiphersuiteFilters>
+ <!-- these filters ensure that a ciphersuite with
+ export-suitable or null encryption is used,
+ but exclude anonymous Diffie-Hellman key change as
+ this is vulnerable to man-in-the-middle attacks -->
+ <sec:include>.*_EXPORT_.*</sec:include>
+ <sec:include>.*_EXPORT1024_.*</sec:include>
+ <sec:include>.*_WITH_DES_.*</sec:include>
+ <sec:include>.*_WITH_NULL_.*</sec:include>
+ <sec:exclude>.*_DH_anon_.*</sec:exclude>
+ </sec:CiphersuiteFilters>
+ </http:sslServer>
+ </http:destination>
+
</beans>
--
Dan Diephouse
Envoi Solutions
http://envoisolutions.com | http://netzooid.com/blog
