Re: cxf client with conduit and dynamic endpoint

Thu, 14 Jun 2018 23:14:53 -0700 

Hello!
-Need the same WS service in different endpoint.
-both need to set up to use client certification but different one. (maybe good if the boot client cert is similar as it can be) -put the certs and the server certs into different keystore (one keystore for each endpoint) 
-set up the conduits in the cxf-config
-create a client (proxy client), and make it, can change the endpoint.
-call endpoint 1
-call endpoint 2 without restart the environment.

I did a full ssl debug and its clearly visible, it use the wrong cert .
What I didnt find, how choose a client cert the ssl framework? because all the endpoint run the same company, everything is very similar (endpoints, certs, everything), maybe the key attributes are the same, and the framework think, use the right one cert. 

Thanx
Csaba

On 2018-06-14 10:56, Colm O hEigeartaigh wrote:

Do you have a test-case to reproduce the issue?

Colm.

On Wed, Jun 13, 2018 at 4:18 PM, Tóth Csaba <ig...@domen.hu> wrote:


Hello!
I need to put a client into the webapp what communicate over ssl and
before every call need to evaluate and maybe change the endpoint url.
I set up the system via cxf-servlet.xml:

     <jaxws:client id="LDAPRequesterBean"
serviceClass="ihe.iti.hpd._2010.ProviderInformationDirectoryPortType"
         address="https://myserver.com/mypath";>

         <jaxws:binding>
         <soap:soapBinding version="1.2" mtomEnabled="true" />
         </jaxws:binding>
       </jaxws:client>

       <bean id="LDAPClientBean" class="mypackage.LDAPClient" >
           <property name="lDapRequesterBean" ref="LDAPRequesterBean"/>
       </bean>

      <http:conduit name="https://myserver_1/.*";>
     <http:tlsClientParameters>
     ...
     </http:conduit>

      <http:conduit name="https://myserver_1/.*";>
     <http:tlsClientParameters>
     ...
     </http:conduit>

and in the client I change the endpoint:

                 endpoint = //evaluate and change it, if needed

                 BindingProvider bindingProvider = (BindingProvider)
lDapRequesterBean;
                 bindingProvider.getRequestContext()
.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, endpoint);

And its working, for the first time. (endpoint A)
If It changed the url (endpoint B) (the 2nd call must go to another
endpoint), I get SSL error.
After I restart the tomcat, and try first with this url (endpoint B), its
working, but next not working with the first URL (endpoint A)

I think, its some caching problem, but not find where, and how can I turn
off

Thanx
Csaba

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

Reply via email to