Re: CXFServlet over https

Thu, 01 Oct 2009 14:37:29 -0700 

The security stuff for the http:conduit and stuff is client side stuff.  
Basically, how the client would talk to your server.   That wouldn't apply 
here where you are on the server side and are using tomcat to secure things.

In that case, you would need to configure a <security-contraints> section in 
your web.xml to make sure only https connections are allowed into the 
endpoints.   THat's definitely not my area, but I THINK it would look 
something like:

<security-constraint>
         <web-resource-collection>
            <web-resource-name>services</web-resource-name>
            <url-pattern>/services/*</url-pattern>
            <http-method>DELETE</http-method>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
            <http-method>PUT</http-method>
         </web-resource-collection>
         <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee> 
         </user-data-constraint>
      </security-constraint>



Dan



On Thu October 1 2009 1:50:32 pm conficio wrote:
> I need to operate my web service over ssl secured https. The service works
> fine over http, the overall app works fine over https. I have so far only
> configured the tomcat for https://myserver.example.com:8443/
> 
> The recommended config
> http://cwiki.apache.org/CXF20DOC/client-http-transport.html I don't
> understand as it seems to hard code the URLs for the service which I avoid
> by using the CXFServlet. It also seems to configure the keystore again,
> duplicating things that are already done in tomcat. And in addition the
> example does refer to authenticating via tls over ssl and I don't do that.
> The service authendicated to our app via WS-I Base profile Interceptors.
> 
> Here is the behavior that I can't get around:
> 
> The CXFServlet from 2.0.11 does serve its top level list of services under
> the URL https://myserver.example.com:8443/soap-services/
> 
> However, the URLS to the WSDL for each service is not https:// ==>
> http://myserver.example.com:8443/soap-services/my-service?wsdl and when I
> click on the link it does offer to save a binary file.
> 
> When I manually request
> https://myserver.example.com:8443/soap-services/my-service?wsdl I get the
> file but it's <soap:address
> location="http://myserver.example.com:8443/soap-services/my-service"/> is
> http again and that fails to import then any xsd files.
> 
> Any idea what to do to work around this?
> 

-- 
Daniel Kulp
[email protected]
http://www.dankulp.com/blog

Reply via email to