On Monday, August 08, 2011 8:42:53 AM Penmatsa, Vinay wrote: > Hi Dan, > Thanks. > How can I set the TLS params in the STSClient? Is there an example of using > STSClient this way?
I just checked the code and there isn't a way to access the underlying client from the STSClient. I just added a getClient call which can be used in the future and that will be in CXF 2.4.2, but right now, the only way is through configuration. :-( (or use some reflection magic to call the private createClient() call and grab the client field, but that really sucks) Dan > -Vinay > > > > -----Original Message----- > From: Daniel Kulp [mailto:[email protected]] > Sent: Friday, August 05, 2011 5:29 PM > To: [email protected] > Cc: Penmatsa, Vinay > Subject: Re: TLSClientParameters > > > Client client = ClientProxy.getClient(port); > > STSClient stsClient = new STSClient(client.getBus()); > > You have two separate clients there.... the client from the port and an > STSClient. You are setting the TLS stuff on the port's client, but not the > STSClient. That's likely the issue. > > Dan > > On Friday, August 05, 2011 12:11:43 PM Penmatsa, Vinay wrote: > > Hi Dan, > > No. But not sure if I'm affecting it somehow. Here's my code: > > > > ------ > > Client client = ClientProxy.getClient(port); > > STSClient stsClient = new STSClient(client.getBus()); > > HTTPConduit http = (HTTPConduit) client.getConduit(); > > TLSClientParameters param = new TLSClientParameters(); > > param.setDisableCNCheck(true); > > Properties cProps = new Properties(); > > cProps.load(new FileReader("client.properties")); > > Merlin m = new Merlin(cProps); > > KeyManagerFactory kmf = > > KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); > > TrustManagerFactory tmf = > > TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm( > > )); kmf.init(m.getKeyStore(), "password1".toCharArray()); > > tmf.init(m.getTrustStore()); > > param.setKeyManagers(kmf.getKeyManagers()); > > param.setTrustManagers(tmf.getTrustManagers()); > > http.setTlsClientParameters(param); > > > > stsClient.setWsdlLocation("<wsdl url>"); > > stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200 > > 512} STS"); > > stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/20 > > 051 2}UT"); Map<String,Object> stsProps = new HashMap<String,Object>(); > > stsProps.put("ws-security.username", "user"); > > stsProps.put("ws-security.password", "password"); > > stsClient.setProperties(stsProps); > > SecurityToken st = stsClient.requestSecurityToken(); > > ----- > > > > I'm using cxf 2.4. > > > > > > > > > > -----Original Message----- > > From: Daniel Kulp [mailto:[email protected]] > > Sent: Friday, August 05, 2011 11:49 AM > > To: [email protected] > > Cc: Penmatsa, Vinay > > Subject: Re: TLSClientParameters > > > > On Friday, August 05, 2011 11:32:08 AM Penmatsa, Vinay wrote: > > > Hi Prisca, > > > Thanks for the link. > > > This can be fallback solution, but I prefer to do it > > > programmatically. > > > While debugging the source, it seems a new conduit object is created > > > in > > > HttpTransportFactory.getConduit(). So, the client.getConduit() in my > > > code > > > is ignored. Not sure how to fix that > > > > Do you have a different ConduitSelector installed on the client? The > > default one should just be creating a single Conduit for the client and > > re-using it. I'm not sure why a second call to > > HttpTransportFactory.getConduit would be occuring. > > > > Dan > > > > > Regards, > > > Vinay > > > > > > -----Original Message----- > > > From: Prisca POLYTE [mailto:[email protected]] > > > Sent: Friday, August 05, 2011 11:18 AM > > > To: [email protected] > > > Subject: Re: TLSClientParameters > > > > > > Hey, > > > > > > is it possible for you to use Spring for instance ? > > > > > > If it is then you should have a look to > > > http://cxf.apache.org/docs/client-http-transport-including-ssl-suppo > > > rt.h tml# > > > ClientHTTPTransport%28includingSSLsupport%29-ConfiguringSSLSupport > > > > > > HTH > > > > > > Regards > > > -- > > > Prisca > > > > > > On Fri, Aug 5, 2011 at 5:10 PM, Penmatsa, Vinay > > > > <[email protected]>wrote: > > > > I'm unable to set the 'disableCNCheck' programmatically as > > > > below: > > > > > > > > HTTPConduit http = (HTTPConduit) client.getConduit(); > > > > TLSClientParameters param = new TLSClientParameters(); > > > > param.setDisableCNCheck(true); > > > > http.setTlsClientParameters(param); > > > > > > > > > > > > What's the correct way to do this? > > > > > > > > > > > > Thanks, > > > > Vinay -- Daniel Kulp [email protected] http://dankulp.com/blog Talend - http://www.talend.com
