I do that in cxf 2.7.4 and oracle jdk1.7, it looks very similar to
what you're doing although maybe in a different order :
AccountWsService service = new AccountWsService(myServiceUrl);
AccountWs wsPort = service.getAccountWsPort();
Client cxfClient = ClientProxy.getClient(wsPort);
HTTPConduit httpConduit = (HTTPConduit) cxfClient.getConduit();
TLSClientParameters tslClientParameters =
httpConduit.getTlsClientParameters();
if (tslClientParameters == null) tslClientParameters = new
TLSClientParameters();
tslClientParameters.setDisableCNCheck(true);
TrustAllManager[] tam = { new TrustAllManager() };
tslClientParameters.setTrustManagers(tam);
tslClientParameters.setSecureSocketProtocol("SSLv3");
httpConduit.setTlsClientParameters(tslClientParameters);
HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
httpClientPolicy.setConnection(ConnectionType.KEEP_ALIVE);
httpClientPolicy.setConnectionTimeout(connectionTimeout);
httpClientPolicy.setAllowChunking(false);
httpClientPolicy.setReceiveTimeout(receiveTimeout);
httpConduit.setClient(httpClientPolicy);
On 5/15/13, Stepan Seycek <[email protected]> wrote:
> Hallo,
>
> I run into problems when I try to set TLSClientParameters ond the HTTP
> Conduit of a client where I also override the ENDPOINT_ADDRESS. The result
> is that my TLSClientParameters are not considered at all (certificate
> validation error). If I do not override the ENDPOINT_ADDRESS, it works as
> expected. Could anybody point me to a solution that allows me to set both,
> the endpoint and a cutstom trust manager?
>
> Code (tested with CXF 2.7.4, Java 7):
>
> private <PortT> void setupSoapPort(PortT soapPort) {
> Client soapClient = ClientProxy.getClient(soapPort);
>
> // set endpoint and timeouts
> soapClient.getRequestContext().put(Message.ENDPOINT_ADDRESS,
> this.endpoint);
> HTTPConduit conduit = (HTTPConduit) soapClient.getConduit();
> HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
> httpClientPolicy.setConnectionTimeout(this.connectTimeout);
> httpClientPolicy.setReceiveTimeout(this.receiveTimeout);
> conduit.setClient(httpClientPolicy);
>
> // enable cookie based sessions
> ((BindingProvider)soapPort).getRequestContext().put(
> BindingProvider.SESSION_MAINTAIN_PROPERTY, "true");
>
> // disable server certificate validation if requested
> if (false == this.sslValidateServerCert &&
> this.endpoint.toLowerCase().startsWith("https://";)) {
> TrustManager[] trustAllCerts = new TrustManager[]{
> new javax.net.ssl.X509TrustManager() {
> public X509Certificate[] getAcceptedIssuers() {return null;}
> public void checkClientTrusted(X509Certificate[] certs, String
> authType) {}
> public void checkServerTrusted(X509Certificate[] certs, String
> authType) {}
> }
> };
> TLSClientParameters tlsParams = new TLSClientParameters();
> tlsParams.setTrustManagers(trustAllCerts);
> tlsParams.setDisableCNCheck(true);
> conduit.setTlsClientParameters(tlsParams);
> }
> }
>
> Thanks in advance,
> Stepan
>
--
Ted.
