Dear All,
Ok, I think that I finally found it.
On wsdl_first_https I've modified this line in CherryServer.cxf:
from: <sec:clientAuthentication want="true" required="true"/>
to: <sec:clientAuthentication want="false" required="false"/>
And in InsecureClient.cxf i've added this:
<http:tlsClientParameters disableCNCheck="true">
<sec:trustManagers>
<sec:keyStore type="JKS" password="password"
file="certs/truststore.jks"/>
</sec:trustManagers>
<sec:cipherSuitesFilter>
<!-- these filters ensure that a ciphersuite with
export-suitable or null encryption is used,
but exclude anonymous Diffie-Hellman key change as
this is vulnerable to man-in-the-middle attacks -->
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
</http:tlsClientParameters>
</http:conduit>
<bean id="cxf" class="org.apache.cxf.bus.CXFBusImpl">
</bean>
Now it works, without using a client certificate! (I only want to encrypt
the HTTP transport).
On thing that I've found doing this test is that the wsdl_first_https
sample doesn't work using jdk 6, neither using CXF v2.0.6 nor using CXF
v2.1!
Regards,
Agusti Dosaiguas
PS: Hope that this helps someone!
On Thu, Maig 15, 2008 15:51, Agustí wrote:
> Dear All,
>
> I can't find it in the docs.
>
> How can I configure CXF's embedded Jetty to only accept connections over
> HTTPS, but without the need of client certificates?
>
> I mean, like the wsdl_first_https, but without the need of a client
> certificate, I don't need to autheticate the client...
>
> Thanks,
>
> Agusti Dosaiguas
>
>
