I'm not arguing that there shouldn't be a mechanism to improve the SSL configuration, I'm suggesting that the product is overly difficult to use becasue it does not support basic SSL out of the box - which is the basic requirement for most people. Given I found myself researching this issue by reading a post only a few days old, from someone who was equally puzzled that effort was required to use an HTTPs URL, I can not help thinking CXF should support basic SSL out of the box.
Write a little warning to the logs if you must, but introducing effort for something so common place does not make life easier for the developer. It only cost me a morning of my time, and I'm still not finished because of the cipher bug... John Baker -- Web SSO IT Infrastructure Deutsche Bank London URL: http://websso.cto.gt.intranet.db.com "Arundel, Donal" <[EMAIL PROTECTED]> 05/03/2008 12:11 Please respond to [email protected] To <[email protected]> cc Subject RE: HTTPs and CXF Yes, for clients who have no strong requirements for SSL themselves (i.e. are happy to use insecure HTTP if they ca get away with it) it would be reasonable to expect to be able to use SSL without being required to have per-conduit config if the other required SSL config was defaulted or otherwise specified at a higher level (or via appropriate defaults). Every SSL application in the world does have SSL configuration its just a matter of how its picked up :-) --- However for clients that DO have specific security requirements one would also want to be able to enforce the use of SSL in some fashion. For these types of secure apps though : basing the decision purely on the URL which might even have been retrieved dynamically over an insecure connection would be inappropriate. In general this (fairly typical) type of secure application would like to be able to specify this type of strictly secure behaviour at a high level (not per conduit/endpoint). Cheers, Donal -----Original Message----- From: John-M Baker [mailto:[EMAIL PROTECTED] Sent: 05 March 2008 10:44 To: [email protected] Cc: [email protected] Subject: Re: HTTPs and CXF Isn't that an awful lot of effort? Shouldn't it "just work" like any other application in the world? John Baker -- Web SSO IT Infrastructure Deutsche Bank London URL: http://websso.cto.gt.intranet.db.com "Christian Vest Hansen" <[EMAIL PROTECTED]> 05/03/2008 10:43 Please respond to [email protected] To [email protected] cc Subject Re: HTTPs and CXF You are expected to configure a http conduit so that it will make proper use of SSL: http://cwiki.apache.org/CXF20DOC/client-http-transport.html :) On 3/5/08, John-M Baker <[EMAIL PROTECTED]> wrote: > Hello, > > I see the topic of HTTPs has been discussed very recently, however has > there been a conclusion? I've created a CXF client stub that operates > correctly with HTTP, but when I do nothing more than change the location > in the WSDL to an HTTPs URL, and generate stubs, I receive the following > runtime exception: > > Caused by: java.io.IOException: Illegal Protocol https for HTTP > URLConnection Factory. > at > org.apache.cxf.transport.http.HttpURLConnectionFactoryImpl.createConnect ion(HttpURLConnectionFactoryImpl.java:44) > at > org.apache.cxf.transport.http.HTTPConduit.prepare(HTTPConduit.java:474) > at > org.apache.cxf.interceptor.MessageSenderInterceptor.handleMessage(Messag eSenderInterceptor.java:46) > ... 8 more > > Is this a bug? Surely CXF is able to handle an HTTPs URL? If it's not a > bug, what am I expected to do? > > Thanks, > > > John Baker > -- > Web SSO > IT Infrastructure > Deutsche Bank London > > URL: http://websso.cto.gt.intranet.db.com > > > --- > > This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. > > Please refer to http://www.db.com/en/content/eu_disclosures.htm for additional EU corporate and regulatory disclosures. -- Venlig hilsen / Kind regards, Christian Vest Hansen. --- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Please refer to http://www.db.com/en/content/eu_disclosures.htm for additional EU corporate and regulatory disclosures. ---------------------------- IONA Technologies PLC (registered in Ireland) Registered Number: 171387 Registered Address: The IONA Building, Shelbourne Road, Dublin 4, Ireland --- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Please refer to http://www.db.com/en/content/eu_disclosures.htm for additional EU corporate and regulatory disclosures.
