cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Glynn, Eoghan" <eoghan.gl...@iona.com>
Subject RE: svn commit: r512143 [Update HTTPS sample to latest configuration syntax]
Date Tue, 27 Feb 2007 17:18:37 GMT


Sorry Dan, just looked at the svn logs and the strange "SoapPort9001"
suffix came in a different commit (r502625 - "Apply patch for CXF-405
from Jonathan Anstey").

Looks like the "9001" is spurious, but I'll just check with Jon what the
intention was before removing it.

/Eoghan

> -----Original Message-----
> From: Dan Diephouse [mailto:dan@envoisolutions.com] 
> Sent: 27 February 2007 15:54
> To: cxf-dev@incubator.apache.org
> Subject: Re: svn commit: r512143 [Update HTTPS sample to 
> latest configuration syntax]
> 
> Hi Eoghan,
> 
> I think it must actually be the port name. I didn't actually 
> change any of the logic about the ID (although in retrospect 
> I wish I would have, it seems quite redundant to have 
> ".http-conduit" in there). I simply changed name->id in all 
> the examples.
> 
> - Dan
> 
> On 2/27/07, Glynn, Eoghan <eoghan.glynn@iona.com> wrote:
> >
> >
> >
> > Hi Dan,
> >
> > I noticed the other demos using the new config syntax have 
> what looks 
> > like a target port embedded in the conduit bean ID, e.g.
> >
> > <http:conduit id="{http://apache.org/foo}MyPort9001.http-conduit">
> >                                                ^^^^
> >
> > whereas this is missing in your change to the HTTPS sample.
> >
> > Is this optional, i.e. only required if the conduits for different 
> > target endpoints are to be configured differently. If so, would the 
> > target hostname as well as the port need to be encoded in 
> the conduit 
> > ID?
> >
> > Or maybe the embedded "9001" denotes something else? (as the target 
> > port for the relevant demos is actually 9000).
> >
> > Cheers,
> > Eoghan
> >
> > > -----Original Message-----
> > > From: dandiep@apache.org [mailto:dandiep@apache.org]
> > > Sent: 27 February 2007 05:45
> > > To: cxf-commits@incubator.apache.org
> > > Subject: svn commit: r512143 - in
> > > /incubator/cxf/trunk/distribution/src/main/release/samples/hel
> > > lo_world_https: client.xml insecure_client.xml server.xml
> > >
> > > Author: dandiep
> > > Date: Mon Feb 26 21:44:33 2007
> > > New Revision: 512143
> > >
> > > URL: http://svn.apache.org/viewvc?view=rev&rev=512143
> > > Log:
> > > Update HTTPS sample to latest configuration syntax.
> > >
> > > Modified:
> > >
> > > incubator/cxf/trunk/distribution/src/main/release/samples/hell
> > > o_world_https/client.xml
> > >
> > > incubator/cxf/trunk/distribution/src/main/release/samples/hell
> > > o_world_https/insecure_client.xml
> > >
> > > incubator/cxf/trunk/distribution/src/main/release/samples/hell
> > > o_world_https/server.xml
> > >
> > > Modified:
> > > incubator/cxf/trunk/distribution/src/main/release/samples/hell
> > > o_world_https/client.xml
> > > URL:
> > > http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/
> > > src/main/release/samples/hello_world_https/client.xml?view=dif
> > > f&rev=512143&r1=512142&r2=512143
> > > ==============================================================
> > > ================
> > > ---
> > > incubator/cxf/trunk/distribution/src/main/release/samples/hell
> > > o_world_https/client.xml (original)
> > > +++
> > > 
> incubator/cxf/trunk/distribution/src/main/release/samples/hello_worl
> > > +++ d_https/client.xml Mon Feb 26 21:44:33 2007
> > > @@ -7,9 +7,9 @@
> > >    to you under the Apache License, Version 2.0 (the
> > >    "License"); you may not use this file except in compliance
> > >    with the License. You may obtain a copy of the License at
> > > -
> > > +
> > >    http://www.apache.org/licenses/LICENSE-2.0
> > > -
> > > +
> > >    Unless required by applicable law or agreed to in writing,
> > >    software distributed under the License is distributed on an
> > >    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@
> > > -18,32 +18,32 @@
> > >    under the License.
> > >  -->
> > >  <beans xmlns="http://www.springframework.org/schema/beans"
> > > -       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> > > -       xmlns:sec="http://cxf.apache.org/configuration/security"
> > > -       xsi:schemaLocation="
> > > +  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> > > +  xmlns:sec="http://cxf.apache.org/configuration/security"
> > > +  
> xmlns:http="http://cxf.apache.org/transports/http/configuration"
> > > +  xsi:schemaLocation="
> > > +http://cxf.apache.org/transports/http/configuration
> > > +http://cxf.apache.org/schema/transports/http.xsd
> > >  http://www.springframework.org/schema/beans
> > > http://www.springframework.org/schema/beans/spring-beans.xsd">
> > >
> > > -    <bean
> > > name="{http://apache.org/hello_world_soap_http}SoapPort.http-c
> > > onduit" abstract="true">
> > > -      <property name="sslClient">
> > > -          <value>
> > > -              <sec:sslClient>
> > > -
> > > 
> <sec:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore>
> > > -
> > > <sec:KeystorePassword>celtixpass</sec:KeystorePassword>
> > > -                  <sec:KeyPassword>celtixpass</sec:KeyPassword>
> > > -
> > > <sec:TrustStore>src/demo/hw_https/resources/abigcompany_ca.pem
> > > </sec:TrustStore>
> > > -                  <sec:CiphersuiteFilters>
> > > -                      <!-- these filters ensure that a
> > > ciphersuite with
> > > -                      export-suitable but non-null
> > > encryption is used,
> > > -                      and prefers the stronger SHA over MD5
> > > message digests -->
> > > -                      <sec:include>.*_EXPORT_.*</sec:include>
> > > -                      <sec:include>.*_EXPORT1024_.*</sec:include>
> > > -                      <sec:include>.*_WITH_DES_.*</sec:include>
> > > -                      <sec:exclude>.*_WITH_NULL_.*</sec:exclude>
> > > -                      <sec:exclude>.*_MD5</sec:exclude>
> > > -                  </sec:CiphersuiteFilters>
> > > -              </sec:sslClient>
> > > -          </value>
> > > -      </property>
> > > -    </bean>
> > > +  <http:conduit
> > > + 
> id="{http://apache.org/hello_world_soap_http}SoapPort.http-conduit
> > > + ">
> > > +
> > > +    <http:sslClient>
> > > +
> > > 
> <sec:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore>
> > > +      <sec:KeystorePassword>celtixpass</sec:KeystorePassword>
> > > +      <sec:KeyPassword>celtixpass</sec:KeyPassword>
> > > +
> > > <sec:TrustStore>src/demo/hw_https/resources/abigcompany_ca.pem
> > > </sec:TrustStore>
> > > +      <sec:CiphersuiteFilters>
> > > +        <!-- these filters ensure that a ciphersuite with
> > > +          export-suitable but non-null encryption is used,
> > > +          and prefers the stronger SHA over MD5 message 
> digests -->
> > > +        <sec:include>.*_EXPORT_.*</sec:include>
> > > +        <sec:include>.*_EXPORT1024_.*</sec:include>
> > > +        <sec:include>.*_WITH_DES_.*</sec:include>
> > > +        <sec:exclude>.*_WITH_NULL_.*</sec:exclude>
> > > +        <sec:exclude>.*_MD5</sec:exclude>
> > > +      </sec:CiphersuiteFilters>
> > > +    </http:sslClient>
> > > +  </http:conduit>
> > > +
> > >
> > >  </beans>
> > >
> > > Modified:
> > > incubator/cxf/trunk/distribution/src/main/release/samples/hell
> > > o_world_https/insecure_client.xml
> > > URL:
> > > http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/
> > > src/main/release/samples/hello_world_https/insecure_client.xml
> > > ?view=diff&rev=512143&r1=512142&r2=512143
> > > ==============================================================
> > > ================
> > > ---
> > > incubator/cxf/trunk/distribution/src/main/release/samples/hell
> > > o_world_https/insecure_client.xml (original)
> > > +++
> > > 
> incubator/cxf/trunk/distribution/src/main/release/samples/hello_worl
> > > +++ d_https/insecure_client.xml Mon Feb 26 21:44:33 2007
> > > @@ -7,9 +7,9 @@
> > >    to you under the Apache License, Version 2.0 (the
> > >    "License"); you may not use this file except in compliance
> > >    with the License. You may obtain a copy of the License at
> > > -
> > > +
> > >    http://www.apache.org/licenses/LICENSE-2.0
> > > -
> > > +
> > >    Unless required by applicable law or agreed to in writing,
> > >    software distributed under the License is distributed on an
> > >    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@
> > > -18,11 +18,13 @@
> > >    under the License.
> > >  -->
> > >  <beans xmlns="http://www.springframework.org/schema/beans"
> > > -       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> > > -       xsi:schemaLocation="
> > > +  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> > > +  
> xmlns:http="http://cxf.apache.org/transports/http/configuration"
> > > +  xsi:schemaLocation="
> > > +http://cxf.apache.org/transports/http/configuration
> > > +http://cxf.apache.org/schema/transports/http.xsd
> > >  http://www.springframework.org/schema/beans
> > > http://www.springframework.org/schema/beans/spring-beans.xsd">
> > >
> > > -    <bean
> > > name="{http://apache.org/hello_world_soap_http}SoapPort.http-c
> > > onduit" abstract="true">
> > > -    </bean>
> > > +  <http:conduit
> > > + 
> id="{http://apache.org/hello_world_soap_http}SoapPort.http-conduit
> > > + ">
> > > +  </http:conduit>
> > >
> > >  </beans>
> > >
> > > Modified:
> > > incubator/cxf/trunk/distribution/src/main/release/samples/hell
> > > o_world_https/server.xml
> > > URL:
> > > http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/
> > > src/main/release/samples/hello_world_https/server.xml?view=dif
> > > f&rev=512143&r1=512142&r2=512143
> > > ==============================================================
> > > ================
> > > ---
> > > incubator/cxf/trunk/distribution/src/main/release/samples/hell
> > > o_world_https/server.xml (original)
> > > +++
> > > 
> incubator/cxf/trunk/distribution/src/main/release/samples/hello_worl
> > > +++ d_https/server.xml Mon Feb 26 21:44:33 2007
> > > @@ -7,9 +7,9 @@
> > >    to you under the Apache License, Version 2.0 (the
> > >    "License"); you may not use this file except in compliance
> > >    with the License. You may obtain a copy of the License at
> > > -
> > > +
> > >    http://www.apache.org/licenses/LICENSE-2.0
> > > -
> > > +
> > >    Unless required by applicable law or agreed to in writing,
> > >    software distributed under the License is distributed on an
> > >    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@
> > > -18,37 +18,34 @@
> > >    under the License.
> > >  -->
> > >  <beans xmlns="http://www.springframework.org/schema/beans"
> > > -       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> > > -       xmlns:sec="http://cxf.apache.org/configuration/security"
> > > -       xsi:schemaLocation="
> > > +  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> > > +  xmlns:sec="http://cxf.apache.org/configuration/security"
> > > +  
> xmlns:http="http://cxf.apache.org/transports/http/configuration"
> > > +  xsi:schemaLocation="
> > > +http://cxf.apache.org/transports/http/configuration
> > > +http://cxf.apache.org/schema/transports/http.xsd
> > >  http://www.springframework.org/schema/beans
> > > http://www.springframework.org/schema/beans/spring-beans.xsd">
> > >
> > > -  <bean
> > > name="{http://apache.org/hello_world_soap_http}GreeterImplPort
> > > .http-destination" abstract="true">
> > > -
> > > -      <property name="sslServer">
> > > -          <value>
> > > -              <sec:sslServer>
> > > -
> > > 
> <sec:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore>
> > > -                  <sec:KeystoreType>PKCS12</sec:KeystoreType>
> > > -
> > > <sec:KeystorePassword>celtixpass</sec:KeystorePassword>
> > > -                  <sec:KeyPassword>celtixpass</sec:KeyPassword>
> > > -
> > > <sec:WantClientAuthentication>true</sec:WantClientAuthentication>
> > > -
> > > <sec:RequireClientAuthentication>true</sec:RequireClientAuthen
> > > tication>
> > > -
> > > <sec:TrustStore>src/demo/hw_https/resources/celtixp12.truststo
> > > re</sec:TrustStore>
> > > -                  <sec:CiphersuiteFilters>
> > > -                      <!-- these filters ensure that a
> > > ciphersuite with
> > > -                      export-suitable or null encryption is used,
> > > -                      but exclude anonymous Diffie-Hellman
> > > key change as
> > > -                      this is vulnerable to
> > > man-in-the-middle attacks -->
> > > -                      <sec:include>.*_EXPORT_.*</sec:include>
> > > -                      <sec:include>.*_EXPORT1024_.*</sec:include>
> > > -                      <sec:include>.*_WITH_DES_.*</sec:include>
> > > -                      <sec:include>.*_WITH_NULL_.*</sec:include>
> > > -                      <sec:exclude>.*_DH_anon_.*</sec:exclude>
> > > -                  </sec:CiphersuiteFilters>
> > > -              </sec:sslServer>
> > > -          </value>
> > > -      </property>
> > > -  </bean>
> > > -
> > > +  <http:destination
> > > id="{http://apache.org/hello_world_soap_http}GreeterImplPort.h
> > > ttp-destination">
> > > +    <http:sslServer>
> > > +
> > > 
> <sec:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore>
> > > +      <sec:KeystoreType>PKCS12</sec:KeystoreType>
> > > +      <sec:KeystorePassword>celtixpass</sec:KeystorePassword>
> > > +      <sec:KeyPassword>celtixpass</sec:KeyPassword>
> > > +
> > > <sec:WantClientAuthentication>true</sec:WantClientAuthentication>
> > > +
> > > <sec:RequireClientAuthentication>true</sec:RequireClientAuthen
> > > tication>
> > > +
> > > <sec:TrustStore>src/demo/hw_https/resources/celtixp12.truststo
> > > re</sec:TrustStore>
> > > +      <sec:CiphersuiteFilters>
> > > +        <!-- these filters ensure that a ciphersuite with
> > > +          export-suitable or null encryption is used,
> > > +          but exclude anonymous Diffie-Hellman key change as
> > > +          this is vulnerable to man-in-the-middle attacks -->
> > > +        <sec:include>.*_EXPORT_.*</sec:include>
> > > +        <sec:include>.*_EXPORT1024_.*</sec:include>
> > > +        <sec:include>.*_WITH_DES_.*</sec:include>
> > > +        <sec:include>.*_WITH_NULL_.*</sec:include>
> > > +        <sec:exclude>.*_DH_anon_.*</sec:exclude>
> > > +      </sec:CiphersuiteFilters>
> > > +    </http:sslServer>
> > > +  </http:destination>
> > > +
> > >  </beans>
> > >
> > >
> > >
> >
> 
> 
> 
> --
> Dan Diephouse
> Envoi Solutions
> http://envoisolutions.com | http://netzooid.com/blog
> 

Mime
View raw message