Hello Daniel Kulp schrieb: > On Thursday 15 January 2009 4:02:46 pm Jaroslav Libak wrote: >> Another setting that I think is not thread safe, is configuring http >> conduit, to use/not use TLS on the fly for every call. This is a serious >> limitation of Apache CXF, as one cannot use the same client for http and >> https, with some addresses using http, others https. I already had to write >> a patch for HTTPConduit, to allow it work with both http and https once >> https conduit is configured (but not vice versa), simply because its needed >> and configuration options in CXF are insufficient. > > Submit the patch back? >
My patch is only temporary until this situation is solved in CXF in some acceptable way. The patch used 2 connection factories in HTTPConduit if https was configured, so that we also have http connection factory for getting http connections if supplied address is http. I think first it should be defined how this should work, and then we may have patches. From mailinglist I read that the fact you cannot use http for https conduit and vice versa was intentional. The argument was, that if you configure https, you should not use unsecured connections. But there are scenarios where this is needed, when a list of addresses (both https & http) are discovered in some way, and multiple web services need to be invoked with different security parameters in paralel. Some web services support https, and others don't. Some may use authentication, others maybe don't. All this is discovered on the fly. I think we could have some option to use the current behaviour (so that once endpoint is secured, http calls cannot be made), and to allow http calls once https is configured. For using https, https would need to be configured just like now (unless a static address is configured in xml, when this seems to be automatic). Jaro
