[jira] Created: (CXF-2142) HTTPS: custom keystore: regression in 2.2 from 2.1.3

Mon, 30 Mar 2009 01:37:23 -0700 

HTTPS: custom keystore: regression in 2.2 from 2.1.3
----------------------------------------------------

                 Key: CXF-2142
                 URL: https://issues.apache.org/jira/browse/CXF-2142
             Project: CXF
          Issue Type: Bug
    Affects Versions: 2.2
         Environment: debian linux java jre 1.5 unstable
            Reporter: Vassilis Virvilis


I have the following regression in https usage. My previous setup in 2.1.3 was 
working correctly with a custom keystore in resources. My cxf.xml was like this

<beans xmlns="http://www.springframework.org/schema/beans";
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
        xmlns:sec="http://cxf.apache.org/configuration/security";
        xmlns:http="http://cxf.apache.org/transports/http/configuration";
        xsi:schemaLocation="http://cxf.apache.org/configuration/security
                http://cxf.apache.org/schemas/configuration/security.xsd
                http://cxf.apache.org/transports/http/configuration
                http://cxf.apache.org/schemas/configuration/http-conf.xsd
                http://www.springframework.org/schema/beans
                http://www.springframework.org/schema/beans/spring-beans.xsd";>

  <http:conduit 
name="{http://lib.biovista.com/}UserSessionManagerPort.http-conduit";>
    <http:tlsClientParameters secureSocketProtocol="SSL">
      <sec:trustManagers>
        <sec:keyStore resource="resources/keystore.jks" />
      </sec:trustManagers>
      <sec:cipherSuitesFilter>
        <sec:include>.*</sec:include>
        <sec:exclude>.*_DH_anon_.*</sec:exclude>
      </sec:cipherSuitesFilter>
    </http:tlsClientParameters>
    <http:client Connection="Keep-Alive"/>
  </http:conduit>

</beans>

With 2.2 cxf doesn't pickup the correct keystore. It uses JRE's original 
keystore.
Looks like that something has changed. Following  Dan Kulp's  advise I was
able to get it working by specifying

 <http:conduit name="https://host.foo.com.*";>

Also it worked the following so I don't need to have the same xml configuration 
for multiple servers
 <http:conduit name="https://.*.foo.com.*";>
so it looks to me that now we CXF matches against urls instead of wsdl stuff 
(port names, ifnames etc) like
name="{http://lib.foo.com/}UserSessionManagerPort.http-conduit";>
                ^               ^
                |____ java package name
                                |___ java interface





-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to