Hi,

If you would like to force client authentication, the property 
org.ops4j.pax.web.ssl.clientauthneeded is more appropriate, I guess.

That means, the OSGi container will accept only client calls containing 
certificate trusted on container side.
The property will activate client authentication for all SSL endpoints are 
registered with relative URLs.

Regards,
Andrei. 

> -----Original Message-----
> From: Martin Nielsen [mailto:mny...@gmail.com]
> Sent: Freitag, 16. September 2016 21:18
> To: users@cxf.apache.org
> Subject: Re: Configuring 2way SSL on a REST endpoint in an OSGi container
> 
> I think I figured that out myself actually. Setting
> org.ops4j.pax.web.ssl.clientauthwanted = true Should enable two way ssl if the
> client has anything to send.
> At least that is what I am hoping. Does anyone have any experience about
> whether this is a correct assumption?
> 
> If that is correctly understood,  I can just reject all calls without a valid 
> client
> cert in that specific endpoint.
> 
> On 16 Sep 2016 8:45 p.m., "Martin Nielsen" <mny...@gmail.com> wrote:
> 
> > That looks very much like what I would need.  The only issue is that I
> > will need 2way ssl for only a select few endpoints. It looks to me
> > like the pax web configuration is global. Is that right?
> >
> > On 16 Sep 2016 10:21, "Christian Schneider" <ch...@die-schneider.net>
> > wrote:
> >
> >> I am not sure about reading the client certificate in an interceptor
> >> but that part should be for the most part unrelated to OSGi. Maybe
> >> you can ask that as a separate question so people without OSGi
> >> knowledge tune in.
> >>
> >> Christian
> >>
> >> On 16.09.2016 08:42, Martin Nielsen wrote:
> >>
> >>> Hello everyone.
> >>>
> >>> I have a question about using CXF in an OSGi container. More
> >>> specifically using it via Declarative Services.
> >>>
> >>> I need to create a REST endpoint, that is secured by 2way SSL, as
> >>> well as an interceptor which can read the incomming client
> >>> certificate after the handshake in order to perform authentication
> >>> inside the application itself.
> >>>
> >>> But how do i do this? I found a demo to make CXF register a
> >>> component as a rest service here.
> >>> http://cxf.apache.org/dosgi-ds-demo-page.html
> >>>
> >>> But i still can't resources on how to do the 2way ssl part.
> >>> I know i need to setup trust and keystores on the HTTPConduit, but i
> >>> have no idea how or where to do that in an OSGi environment.
> >>>
> >>> I am using Karaf for the OSGi container, if that has any relevance.
> >>>
> >>> Thank you in advance
> >>>
> >>> -Martin
> >>>
> >>>
> >>
> >> --
> >> Christian Schneider
> >> http://www.liquid-reality.de
> >>
> >> Open Source Architect
> >> http://www.talend.com
> >>
> >>

Reply via email to