Apropos to that, the TLSSessionInfo structure on the message should
give you everything you want:
http://svn.apache.org/repos/asf/incubator/cxf/trunk/api/src/main/java/org/apache/cxf/security/transport/TLSSessionInfo.java
Currently this is plumbed through only for HTTP, though it should work
in both transports (jetty and servlet)
-Fred
On Feb 5, 2008, at 2:28 PM, Daniel Kulp wrote:
You may need to write a simple interceptor that would grab the
HttpServletRequest object out of the message and checks the security
stuff. It shouldn't be too hard to write.
There might be some policy things along with the ws-security stuff
that
could enforce it with the ws-security module, but that would
definitely
cause a performance hit due to the security module dropping to saaj
mode. I'm not really sure anyway. Fred may need to answer that
one.
Dan
On Tuesday 05 February 2008, [EMAIL PROTECTED] wrote:
I want to make sure any messages not encrypted with SSL are rejected
by the CXF container. What configuration is neccessary for this?
I've tried setting the location to an https address but this is
unsufficient. The only documentation I've found on the subject refers
to client, not server, configuration.
? <wsdl:service name="HelloWorldService">
??? <wsdl:port binding="impl:HelloWorldServiceSoapBinding"
name="HelloWorldService"> ????? <wsdlsoap:address
location="https://localhost:8080/HelloWorldService"/> ??? </
wsdl:port>
? </wsdl:service>
Thanks!
______________________________________________________________________
__ More new features than ever. Check out the new AOL Mail ! -
http://webmail.aol.com
--
J. Daniel Kulp
Principal Engineer, IONA
[EMAIL PROTECTED]
http://www.dankulp.com/blog
