cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Glynn, Eoghan" <eoghan.gl...@iona.com>
Subject RE: svn commit: r512143 [Update HTTPS sample to latest configuration syntax]
Date Tue, 27 Feb 2007 10:57:45 GMT


Hi Dan,

I noticed the other demos using the new config syntax have what looks
like a target port embedded in the conduit bean ID, e.g.

<http:conduit id="{http://apache.org/foo}MyPort9001.http-conduit"> 
                                               ^^^^

whereas this is missing in your change to the HTTPS sample.

Is this optional, i.e. only required if the conduits for different
target endpoints are to be configured differently. If so, would the
target hostname as well as the port need to be encoded in the conduit
ID?

Or maybe the embedded "9001" denotes something else? (as the target port
for the relevant demos is actually 9000).

Cheers,
Eoghan

> -----Original Message-----
> From: dandiep@apache.org [mailto:dandiep@apache.org] 
> Sent: 27 February 2007 05:45
> To: cxf-commits@incubator.apache.org
> Subject: svn commit: r512143 - in 
> /incubator/cxf/trunk/distribution/src/main/release/samples/hel
> lo_world_https: client.xml insecure_client.xml server.xml
> 
> Author: dandiep
> Date: Mon Feb 26 21:44:33 2007
> New Revision: 512143
> 
> URL: http://svn.apache.org/viewvc?view=rev&rev=512143
> Log:
> Update HTTPS sample to latest configuration syntax.
> 
> Modified:
>     
> incubator/cxf/trunk/distribution/src/main/release/samples/hell
> o_world_https/client.xml
>     
> incubator/cxf/trunk/distribution/src/main/release/samples/hell
> o_world_https/insecure_client.xml
>     
> incubator/cxf/trunk/distribution/src/main/release/samples/hell
> o_world_https/server.xml
> 
> Modified: 
> incubator/cxf/trunk/distribution/src/main/release/samples/hell
> o_world_https/client.xml
> URL: 
> http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/
> src/main/release/samples/hello_world_https/client.xml?view=dif
> f&rev=512143&r1=512142&r2=512143
> ==============================================================
> ================
> --- 
> incubator/cxf/trunk/distribution/src/main/release/samples/hell
> o_world_https/client.xml (original)
> +++ 
> incubator/cxf/trunk/distribution/src/main/release/samples/hello_worl
> +++ d_https/client.xml Mon Feb 26 21:44:33 2007
> @@ -7,9 +7,9 @@
>    to you under the Apache License, Version 2.0 (the
>    "License"); you may not use this file except in compliance
>    with the License. You may obtain a copy of the License at
> - 
> +  
>    http://www.apache.org/licenses/LICENSE-2.0
> - 
> +  
>    Unless required by applicable law or agreed to in writing,
>    software distributed under the License is distributed on an
>    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@ 
> -18,32 +18,32 @@
>    under the License.
>  -->
>  <beans xmlns="http://www.springframework.org/schema/beans"
> -       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> -       xmlns:sec="http://cxf.apache.org/configuration/security"
> -       xsi:schemaLocation="
> +  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> +  xmlns:sec="http://cxf.apache.org/configuration/security"
> +  xmlns:http="http://cxf.apache.org/transports/http/configuration"
> +  xsi:schemaLocation="
> +http://cxf.apache.org/transports/http/configuration 
> +http://cxf.apache.org/schema/transports/http.xsd
>  http://www.springframework.org/schema/beans 
> http://www.springframework.org/schema/beans/spring-beans.xsd">
>  
> -    <bean 
> name="{http://apache.org/hello_world_soap_http}SoapPort.http-c
> onduit" abstract="true">
> -      <property name="sslClient">
> -          <value>
> -              <sec:sslClient>
> -                  
> <sec:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore> 
> -                  
> <sec:KeystorePassword>celtixpass</sec:KeystorePassword>
> -                  <sec:KeyPassword>celtixpass</sec:KeyPassword>
> -                  
> <sec:TrustStore>src/demo/hw_https/resources/abigcompany_ca.pem
> </sec:TrustStore>
> -                  <sec:CiphersuiteFilters>
> -                      <!-- these filters ensure that a 
> ciphersuite with
> -                      export-suitable but non-null 
> encryption is used,
> -                      and prefers the stronger SHA over MD5 
> message digests -->
> -                      <sec:include>.*_EXPORT_.*</sec:include>
> -                      <sec:include>.*_EXPORT1024_.*</sec:include>
> -                      <sec:include>.*_WITH_DES_.*</sec:include>
> -                      <sec:exclude>.*_WITH_NULL_.*</sec:exclude>
> -                      <sec:exclude>.*_MD5</sec:exclude>
> -                  </sec:CiphersuiteFilters>
> -              </sec:sslClient>
> -          </value>
> -      </property> 
> -    </bean>
> +  <http:conduit 
> + id="{http://apache.org/hello_world_soap_http}SoapPort.http-conduit">
> +
> +    <http:sslClient>
> +      
> <sec:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore>
> +      <sec:KeystorePassword>celtixpass</sec:KeystorePassword>
> +      <sec:KeyPassword>celtixpass</sec:KeyPassword>
> +      
> <sec:TrustStore>src/demo/hw_https/resources/abigcompany_ca.pem
> </sec:TrustStore>
> +      <sec:CiphersuiteFilters>
> +        <!-- these filters ensure that a ciphersuite with
> +          export-suitable but non-null encryption is used,
> +          and prefers the stronger SHA over MD5 message digests -->
> +        <sec:include>.*_EXPORT_.*</sec:include>
> +        <sec:include>.*_EXPORT1024_.*</sec:include>
> +        <sec:include>.*_WITH_DES_.*</sec:include>
> +        <sec:exclude>.*_WITH_NULL_.*</sec:exclude>
> +        <sec:exclude>.*_MD5</sec:exclude>
> +      </sec:CiphersuiteFilters>
> +    </http:sslClient>
> +  </http:conduit>
> +
>  
>  </beans>
> 
> Modified: 
> incubator/cxf/trunk/distribution/src/main/release/samples/hell
> o_world_https/insecure_client.xml
> URL: 
> http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/
> src/main/release/samples/hello_world_https/insecure_client.xml
> ?view=diff&rev=512143&r1=512142&r2=512143
> ==============================================================
> ================
> --- 
> incubator/cxf/trunk/distribution/src/main/release/samples/hell
> o_world_https/insecure_client.xml (original)
> +++ 
> incubator/cxf/trunk/distribution/src/main/release/samples/hello_worl
> +++ d_https/insecure_client.xml Mon Feb 26 21:44:33 2007
> @@ -7,9 +7,9 @@
>    to you under the Apache License, Version 2.0 (the
>    "License"); you may not use this file except in compliance
>    with the License. You may obtain a copy of the License at
> - 
> +  
>    http://www.apache.org/licenses/LICENSE-2.0
> - 
> +  
>    Unless required by applicable law or agreed to in writing,
>    software distributed under the License is distributed on an
>    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@ 
> -18,11 +18,13 @@
>    under the License.
>  -->
>  <beans xmlns="http://www.springframework.org/schema/beans"
> -       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> -       xsi:schemaLocation="
> +  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> +  xmlns:http="http://cxf.apache.org/transports/http/configuration"
> +  xsi:schemaLocation="
> +http://cxf.apache.org/transports/http/configuration 
> +http://cxf.apache.org/schema/transports/http.xsd
>  http://www.springframework.org/schema/beans 
> http://www.springframework.org/schema/beans/spring-beans.xsd">
>  
> -    <bean 
> name="{http://apache.org/hello_world_soap_http}SoapPort.http-c
> onduit" abstract="true">
> -    </bean>
> +  <http:conduit 
> + id="{http://apache.org/hello_world_soap_http}SoapPort.http-conduit">
> +  </http:conduit>
>  
>  </beans>
> 
> Modified: 
> incubator/cxf/trunk/distribution/src/main/release/samples/hell
> o_world_https/server.xml
> URL: 
> http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/
> src/main/release/samples/hello_world_https/server.xml?view=dif
> f&rev=512143&r1=512142&r2=512143
> ==============================================================
> ================
> --- 
> incubator/cxf/trunk/distribution/src/main/release/samples/hell
> o_world_https/server.xml (original)
> +++ 
> incubator/cxf/trunk/distribution/src/main/release/samples/hello_worl
> +++ d_https/server.xml Mon Feb 26 21:44:33 2007
> @@ -7,9 +7,9 @@
>    to you under the Apache License, Version 2.0 (the
>    "License"); you may not use this file except in compliance
>    with the License. You may obtain a copy of the License at
> - 
> +  
>    http://www.apache.org/licenses/LICENSE-2.0
> - 
> +  
>    Unless required by applicable law or agreed to in writing,
>    software distributed under the License is distributed on an
>    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@ 
> -18,37 +18,34 @@
>    under the License.
>  -->
>  <beans xmlns="http://www.springframework.org/schema/beans"
> -       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> -       xmlns:sec="http://cxf.apache.org/configuration/security"
> -       xsi:schemaLocation="
> +  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> +  xmlns:sec="http://cxf.apache.org/configuration/security"
> +  xmlns:http="http://cxf.apache.org/transports/http/configuration"
> +  xsi:schemaLocation="
> +http://cxf.apache.org/transports/http/configuration 
> +http://cxf.apache.org/schema/transports/http.xsd
>  http://www.springframework.org/schema/beans 
> http://www.springframework.org/schema/beans/spring-beans.xsd">
>  
> -  <bean 
> name="{http://apache.org/hello_world_soap_http}GreeterImplPort
> .http-destination" abstract="true">
> - 
> -      <property name="sslServer">
> -          <value>
> -              <sec:sslServer>
> -                  
> <sec:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore>
> -                  <sec:KeystoreType>PKCS12</sec:KeystoreType>
> -                  
> <sec:KeystorePassword>celtixpass</sec:KeystorePassword>
> -                  <sec:KeyPassword>celtixpass</sec:KeyPassword>
> -                  
> <sec:WantClientAuthentication>true</sec:WantClientAuthentication>
> -                  
> <sec:RequireClientAuthentication>true</sec:RequireClientAuthen
> tication>
> -                  
> <sec:TrustStore>src/demo/hw_https/resources/celtixp12.truststo
> re</sec:TrustStore>
> -                  <sec:CiphersuiteFilters>
> -                      <!-- these filters ensure that a 
> ciphersuite with
> -                      export-suitable or null encryption is used,
> -                      but exclude anonymous Diffie-Hellman 
> key change as
> -                      this is vulnerable to 
> man-in-the-middle attacks --> 
> -                      <sec:include>.*_EXPORT_.*</sec:include>
> -                      <sec:include>.*_EXPORT1024_.*</sec:include>
> -                      <sec:include>.*_WITH_DES_.*</sec:include>
> -                      <sec:include>.*_WITH_NULL_.*</sec:include>
> -                      <sec:exclude>.*_DH_anon_.*</sec:exclude>
> -                  </sec:CiphersuiteFilters>
> -              </sec:sslServer>
> -          </value>
> -      </property>
> -  </bean>
> - 
> +  <http:destination 
> id="{http://apache.org/hello_world_soap_http}GreeterImplPort.h
> ttp-destination">
> +    <http:sslServer>
> +      
> <sec:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore>
> +      <sec:KeystoreType>PKCS12</sec:KeystoreType>
> +      <sec:KeystorePassword>celtixpass</sec:KeystorePassword>
> +      <sec:KeyPassword>celtixpass</sec:KeyPassword>
> +      
> <sec:WantClientAuthentication>true</sec:WantClientAuthentication>
> +      
> <sec:RequireClientAuthentication>true</sec:RequireClientAuthen
> tication>
> +      
> <sec:TrustStore>src/demo/hw_https/resources/celtixp12.truststo
> re</sec:TrustStore>
> +      <sec:CiphersuiteFilters>
> +        <!-- these filters ensure that a ciphersuite with
> +          export-suitable or null encryption is used,
> +          but exclude anonymous Diffie-Hellman key change as
> +          this is vulnerable to man-in-the-middle attacks -->
> +        <sec:include>.*_EXPORT_.*</sec:include>
> +        <sec:include>.*_EXPORT1024_.*</sec:include>
> +        <sec:include>.*_WITH_DES_.*</sec:include>
> +        <sec:include>.*_WITH_NULL_.*</sec:include>
> +        <sec:exclude>.*_DH_anon_.*</sec:exclude>
> +      </sec:CiphersuiteFilters>
> +    </http:sslServer>
> +  </http:destination>
> +
>  </beans>
> 
> 
> 

Mime
View raw message