Return-Path: X-Original-To: apmail-chemistry-dev-archive@www.apache.org Delivered-To: apmail-chemistry-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E55F1180DC for ; Wed, 28 Oct 2015 22:44:16 +0000 (UTC) Received: (qmail 50862 invoked by uid 500); 28 Oct 2015 22:44:16 -0000 Delivered-To: apmail-chemistry-dev-archive@chemistry.apache.org Received: (qmail 50796 invoked by uid 500); 28 Oct 2015 22:44:16 -0000 Mailing-List: contact dev-help@chemistry.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@chemistry.apache.org Delivered-To: mailing list dev@chemistry.apache.org Received: (qmail 50784 invoked by uid 99); 28 Oct 2015 22:44:16 -0000 Received: from mail-relay.apache.org (HELO mail-relay.apache.org) (140.211.11.15) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 28 Oct 2015 22:44:16 +0000 Received: from [192.168.178.23] (unknown [95.91.202.136]) by mail-relay.apache.org (ASF Mail Server at mail-relay.apache.org) with ESMTPSA id 1BBBF1A0230; Wed, 28 Oct 2015 22:44:15 +0000 (UTC) Subject: Re: SSL support in AtomPub To: dev@chemistry.apache.org, Darren Hartford References: <962748611.4823226.1446069155875.JavaMail.yahoo@mail.yahoo.com> <962748611.4823226.1446069155875.JavaMail.yahoo@mail.yahoo.com> From: =?UTF-8?Q?Florian_M=c3=bcller?= X-Enigmail-Draft-Status: N1110 Message-ID: <56314FBD.2060107@apache.org> Date: Wed, 28 Oct 2015 23:44:13 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: <962748611.4823226.1446069155875.JavaMail.yahoo@mail.yahoo.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Hi Darren, That is probably a problem on the server side. The collection URLs are taken from the AtomPub service document. If the server provides a HTTP URL, for example for the query collection, even if everything else is HTTPS then the OpenCMIS client library will use this HTTP URL. The client does not derive URLs from the entry URL. It will only follow the URLs provided by the server. Open your HTTPS AtomPub URL in a web browser. It should return a XML document, which contains several URLs. If at least one of the URLs is not a HTTPS URL, contact your server vendor. It's very likely that this is not intended. - Florian > Hi all,I'm doing some digging on a project that is using openCMIS 0.12, and having a lot of issues when trying to get HTTPS (SSL) support to work correctly when using the library. I'm using a custom AuthenticationProvider with the getSSLSocketFactory() method to allow self-signed certs. > From what I can tell, all the AtomPub GET methods work correctly, but the POST's are switching from HTTPS to just http://:80/ POST responses seemingly out of nowhere (even though all the CMIS Session's are using https). > I've traced to the following location where a seemingly *new* URL value is pulled out of the loadCollection method and then creates a url that is *not* the HTTPS version, but I'm hoping someone with more experience can make sense of things: > org/apache/chemistry/opencmis/client/bindings/spi/atompub/DiscoveryServiceImpl.java > > ==============public ObjectList query(String repositoryId, String statement, Boolean searchAllVersions, > Boolean includeAllowableActions, IncludeRelationships includeRelationships, String renditionFilter, > BigInteger maxItems, BigInteger skipCount, ExtensionsData extension) {... // find the link...DRH NOTE that this is not an HTTPS result like originally configured for the CMIS Session... > String link = loadCollection(repositoryId, Constants.COLLECTION_QUERY); > > if (link == null) { > throw new CmisObjectNotFoundException("Unknown repository or query not supported!"); > } > > UrlBuilder url = new UrlBuilder(link);.... Response resp = post(url,...============== > Thanks for any assistance,-D >