cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dan Diephouse" <...@envoisolutions.com>
Subject Re: svn commit: r512143 [Update HTTPS sample to latest configuration syntax]
Date Tue, 27 Feb 2007 15:54:17 GMT
Hi Eoghan,

I think it must actually be the port name. I didn't actually change any of
the logic about the ID (although in retrospect I wish I would have, it seems
quite redundant to have ".http-conduit" in there). I simply changed name->id
in all the examples.

- Dan

On 2/27/07, Glynn, Eoghan <eoghan.glynn@iona.com> wrote:
>
>
>
> Hi Dan,
>
> I noticed the other demos using the new config syntax have what looks
> like a target port embedded in the conduit bean ID, e.g.
>
> <http:conduit id="{http://apache.org/foo}MyPort9001.http-conduit">
>                                                ^^^^
>
> whereas this is missing in your change to the HTTPS sample.
>
> Is this optional, i.e. only required if the conduits for different
> target endpoints are to be configured differently. If so, would the
> target hostname as well as the port need to be encoded in the conduit
> ID?
>
> Or maybe the embedded "9001" denotes something else? (as the target port
> for the relevant demos is actually 9000).
>
> Cheers,
> Eoghan
>
> > -----Original Message-----
> > From: dandiep@apache.org [mailto:dandiep@apache.org]
> > Sent: 27 February 2007 05:45
> > To: cxf-commits@incubator.apache.org
> > Subject: svn commit: r512143 - in
> > /incubator/cxf/trunk/distribution/src/main/release/samples/hel
> > lo_world_https: client.xml insecure_client.xml server.xml
> >
> > Author: dandiep
> > Date: Mon Feb 26 21:44:33 2007
> > New Revision: 512143
> >
> > URL: http://svn.apache.org/viewvc?view=rev&rev=512143
> > Log:
> > Update HTTPS sample to latest configuration syntax.
> >
> > Modified:
> >
> > incubator/cxf/trunk/distribution/src/main/release/samples/hell
> > o_world_https/client.xml
> >
> > incubator/cxf/trunk/distribution/src/main/release/samples/hell
> > o_world_https/insecure_client.xml
> >
> > incubator/cxf/trunk/distribution/src/main/release/samples/hell
> > o_world_https/server.xml
> >
> > Modified:
> > incubator/cxf/trunk/distribution/src/main/release/samples/hell
> > o_world_https/client.xml
> > URL:
> > http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/
> > src/main/release/samples/hello_world_https/client.xml?view=dif
> > f&rev=512143&r1=512142&r2=512143
> > ==============================================================
> > ================
> > ---
> > incubator/cxf/trunk/distribution/src/main/release/samples/hell
> > o_world_https/client.xml (original)
> > +++
> > incubator/cxf/trunk/distribution/src/main/release/samples/hello_worl
> > +++ d_https/client.xml Mon Feb 26 21:44:33 2007
> > @@ -7,9 +7,9 @@
> >    to you under the Apache License, Version 2.0 (the
> >    "License"); you may not use this file except in compliance
> >    with the License. You may obtain a copy of the License at
> > -
> > +
> >    http://www.apache.org/licenses/LICENSE-2.0
> > -
> > +
> >    Unless required by applicable law or agreed to in writing,
> >    software distributed under the License is distributed on an
> >    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@
> > -18,32 +18,32 @@
> >    under the License.
> >  -->
> >  <beans xmlns="http://www.springframework.org/schema/beans"
> > -       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> > -       xmlns:sec="http://cxf.apache.org/configuration/security"
> > -       xsi:schemaLocation="
> > +  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> > +  xmlns:sec="http://cxf.apache.org/configuration/security"
> > +  xmlns:http="http://cxf.apache.org/transports/http/configuration"
> > +  xsi:schemaLocation="
> > +http://cxf.apache.org/transports/http/configuration
> > +http://cxf.apache.org/schema/transports/http.xsd
> >  http://www.springframework.org/schema/beans
> > http://www.springframework.org/schema/beans/spring-beans.xsd">
> >
> > -    <bean
> > name="{http://apache.org/hello_world_soap_http}SoapPort.http-c
> > onduit" abstract="true">
> > -      <property name="sslClient">
> > -          <value>
> > -              <sec:sslClient>
> > -
> > <sec:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore>
> > -
> > <sec:KeystorePassword>celtixpass</sec:KeystorePassword>
> > -                  <sec:KeyPassword>celtixpass</sec:KeyPassword>
> > -
> > <sec:TrustStore>src/demo/hw_https/resources/abigcompany_ca.pem
> > </sec:TrustStore>
> > -                  <sec:CiphersuiteFilters>
> > -                      <!-- these filters ensure that a
> > ciphersuite with
> > -                      export-suitable but non-null
> > encryption is used,
> > -                      and prefers the stronger SHA over MD5
> > message digests -->
> > -                      <sec:include>.*_EXPORT_.*</sec:include>
> > -                      <sec:include>.*_EXPORT1024_.*</sec:include>
> > -                      <sec:include>.*_WITH_DES_.*</sec:include>
> > -                      <sec:exclude>.*_WITH_NULL_.*</sec:exclude>
> > -                      <sec:exclude>.*_MD5</sec:exclude>
> > -                  </sec:CiphersuiteFilters>
> > -              </sec:sslClient>
> > -          </value>
> > -      </property>
> > -    </bean>
> > +  <http:conduit
> > + id="{http://apache.org/hello_world_soap_http}SoapPort.http-conduit">
> > +
> > +    <http:sslClient>
> > +
> > <sec:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore>
> > +      <sec:KeystorePassword>celtixpass</sec:KeystorePassword>
> > +      <sec:KeyPassword>celtixpass</sec:KeyPassword>
> > +
> > <sec:TrustStore>src/demo/hw_https/resources/abigcompany_ca.pem
> > </sec:TrustStore>
> > +      <sec:CiphersuiteFilters>
> > +        <!-- these filters ensure that a ciphersuite with
> > +          export-suitable but non-null encryption is used,
> > +          and prefers the stronger SHA over MD5 message digests -->
> > +        <sec:include>.*_EXPORT_.*</sec:include>
> > +        <sec:include>.*_EXPORT1024_.*</sec:include>
> > +        <sec:include>.*_WITH_DES_.*</sec:include>
> > +        <sec:exclude>.*_WITH_NULL_.*</sec:exclude>
> > +        <sec:exclude>.*_MD5</sec:exclude>
> > +      </sec:CiphersuiteFilters>
> > +    </http:sslClient>
> > +  </http:conduit>
> > +
> >
> >  </beans>
> >
> > Modified:
> > incubator/cxf/trunk/distribution/src/main/release/samples/hell
> > o_world_https/insecure_client.xml
> > URL:
> > http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/
> > src/main/release/samples/hello_world_https/insecure_client.xml
> > ?view=diff&rev=512143&r1=512142&r2=512143
> > ==============================================================
> > ================
> > ---
> > incubator/cxf/trunk/distribution/src/main/release/samples/hell
> > o_world_https/insecure_client.xml (original)
> > +++
> > incubator/cxf/trunk/distribution/src/main/release/samples/hello_worl
> > +++ d_https/insecure_client.xml Mon Feb 26 21:44:33 2007
> > @@ -7,9 +7,9 @@
> >    to you under the Apache License, Version 2.0 (the
> >    "License"); you may not use this file except in compliance
> >    with the License. You may obtain a copy of the License at
> > -
> > +
> >    http://www.apache.org/licenses/LICENSE-2.0
> > -
> > +
> >    Unless required by applicable law or agreed to in writing,
> >    software distributed under the License is distributed on an
> >    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@
> > -18,11 +18,13 @@
> >    under the License.
> >  -->
> >  <beans xmlns="http://www.springframework.org/schema/beans"
> > -       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> > -       xsi:schemaLocation="
> > +  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> > +  xmlns:http="http://cxf.apache.org/transports/http/configuration"
> > +  xsi:schemaLocation="
> > +http://cxf.apache.org/transports/http/configuration
> > +http://cxf.apache.org/schema/transports/http.xsd
> >  http://www.springframework.org/schema/beans
> > http://www.springframework.org/schema/beans/spring-beans.xsd">
> >
> > -    <bean
> > name="{http://apache.org/hello_world_soap_http}SoapPort.http-c
> > onduit" abstract="true">
> > -    </bean>
> > +  <http:conduit
> > + id="{http://apache.org/hello_world_soap_http}SoapPort.http-conduit">
> > +  </http:conduit>
> >
> >  </beans>
> >
> > Modified:
> > incubator/cxf/trunk/distribution/src/main/release/samples/hell
> > o_world_https/server.xml
> > URL:
> > http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/
> > src/main/release/samples/hello_world_https/server.xml?view=dif
> > f&rev=512143&r1=512142&r2=512143
> > ==============================================================
> > ================
> > ---
> > incubator/cxf/trunk/distribution/src/main/release/samples/hell
> > o_world_https/server.xml (original)
> > +++
> > incubator/cxf/trunk/distribution/src/main/release/samples/hello_worl
> > +++ d_https/server.xml Mon Feb 26 21:44:33 2007
> > @@ -7,9 +7,9 @@
> >    to you under the Apache License, Version 2.0 (the
> >    "License"); you may not use this file except in compliance
> >    with the License. You may obtain a copy of the License at
> > -
> > +
> >    http://www.apache.org/licenses/LICENSE-2.0
> > -
> > +
> >    Unless required by applicable law or agreed to in writing,
> >    software distributed under the License is distributed on an
> >    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@
> > -18,37 +18,34 @@
> >    under the License.
> >  -->
> >  <beans xmlns="http://www.springframework.org/schema/beans"
> > -       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> > -       xmlns:sec="http://cxf.apache.org/configuration/security"
> > -       xsi:schemaLocation="
> > +  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> > +  xmlns:sec="http://cxf.apache.org/configuration/security"
> > +  xmlns:http="http://cxf.apache.org/transports/http/configuration"
> > +  xsi:schemaLocation="
> > +http://cxf.apache.org/transports/http/configuration
> > +http://cxf.apache.org/schema/transports/http.xsd
> >  http://www.springframework.org/schema/beans
> > http://www.springframework.org/schema/beans/spring-beans.xsd">
> >
> > -  <bean
> > name="{http://apache.org/hello_world_soap_http}GreeterImplPort
> > .http-destination" abstract="true">
> > -
> > -      <property name="sslServer">
> > -          <value>
> > -              <sec:sslServer>
> > -
> > <sec:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore>
> > -                  <sec:KeystoreType>PKCS12</sec:KeystoreType>
> > -
> > <sec:KeystorePassword>celtixpass</sec:KeystorePassword>
> > -                  <sec:KeyPassword>celtixpass</sec:KeyPassword>
> > -
> > <sec:WantClientAuthentication>true</sec:WantClientAuthentication>
> > -
> > <sec:RequireClientAuthentication>true</sec:RequireClientAuthen
> > tication>
> > -
> > <sec:TrustStore>src/demo/hw_https/resources/celtixp12.truststo
> > re</sec:TrustStore>
> > -                  <sec:CiphersuiteFilters>
> > -                      <!-- these filters ensure that a
> > ciphersuite with
> > -                      export-suitable or null encryption is used,
> > -                      but exclude anonymous Diffie-Hellman
> > key change as
> > -                      this is vulnerable to
> > man-in-the-middle attacks -->
> > -                      <sec:include>.*_EXPORT_.*</sec:include>
> > -                      <sec:include>.*_EXPORT1024_.*</sec:include>
> > -                      <sec:include>.*_WITH_DES_.*</sec:include>
> > -                      <sec:include>.*_WITH_NULL_.*</sec:include>
> > -                      <sec:exclude>.*_DH_anon_.*</sec:exclude>
> > -                  </sec:CiphersuiteFilters>
> > -              </sec:sslServer>
> > -          </value>
> > -      </property>
> > -  </bean>
> > -
> > +  <http:destination
> > id="{http://apache.org/hello_world_soap_http}GreeterImplPort.h
> > ttp-destination">
> > +    <http:sslServer>
> > +
> > <sec:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore>
> > +      <sec:KeystoreType>PKCS12</sec:KeystoreType>
> > +      <sec:KeystorePassword>celtixpass</sec:KeystorePassword>
> > +      <sec:KeyPassword>celtixpass</sec:KeyPassword>
> > +
> > <sec:WantClientAuthentication>true</sec:WantClientAuthentication>
> > +
> > <sec:RequireClientAuthentication>true</sec:RequireClientAuthen
> > tication>
> > +
> > <sec:TrustStore>src/demo/hw_https/resources/celtixp12.truststo
> > re</sec:TrustStore>
> > +      <sec:CiphersuiteFilters>
> > +        <!-- these filters ensure that a ciphersuite with
> > +          export-suitable or null encryption is used,
> > +          but exclude anonymous Diffie-Hellman key change as
> > +          this is vulnerable to man-in-the-middle attacks -->
> > +        <sec:include>.*_EXPORT_.*</sec:include>
> > +        <sec:include>.*_EXPORT1024_.*</sec:include>
> > +        <sec:include>.*_WITH_DES_.*</sec:include>
> > +        <sec:include>.*_WITH_NULL_.*</sec:include>
> > +        <sec:exclude>.*_DH_anon_.*</sec:exclude>
> > +      </sec:CiphersuiteFilters>
> > +    </http:sslServer>
> > +  </http:destination>
> > +
> >  </beans>
> >
> >
> >
>



-- 
Dan Diephouse
Envoi Solutions
http://envoisolutions.com | http://netzooid.com/blog

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message