cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jonathan Anstey <jans...@iona.com>
Subject Re: svn commit: r512143 [Update HTTPS sample to latest configuration syntax]
Date Mon, 05 Mar 2007 15:12:40 GMT
Hmmm... it appears I skimmed this email too quickly last week! Yeah, the 
"9001" was not intended to go there. It was a copy and paste error :-)

Cheers,
Jon

Glynn, Eoghan wrote:
> Sorry Dan, just looked at the svn logs and the strange "SoapPort9001"
> suffix came in a different commit (r502625 - "Apply patch for CXF-405
> from Jonathan Anstey").
>
> Looks like the "9001" is spurious, but I'll just check with Jon what the
> intention was before removing it.
>
> /Eoghan
>
>   
>> -----Original Message-----
>> From: Dan Diephouse [mailto:dan@envoisolutions.com] 
>> Sent: 27 February 2007 15:54
>> To: cxf-dev@incubator.apache.org
>> Subject: Re: svn commit: r512143 [Update HTTPS sample to 
>> latest configuration syntax]
>>
>> Hi Eoghan,
>>
>> I think it must actually be the port name. I didn't actually 
>> change any of the logic about the ID (although in retrospect 
>> I wish I would have, it seems quite redundant to have 
>> ".http-conduit" in there). I simply changed name->id in all 
>> the examples.
>>
>> - Dan
>>
>> On 2/27/07, Glynn, Eoghan <eoghan.glynn@iona.com> wrote:
>>     
>>>
>>> Hi Dan,
>>>
>>> I noticed the other demos using the new config syntax have 
>>>       
>> what looks 
>>     
>>> like a target port embedded in the conduit bean ID, e.g.
>>>
>>> <http:conduit id="{http://apache.org/foo}MyPort9001.http-conduit">
>>>                                                ^^^^
>>>
>>> whereas this is missing in your change to the HTTPS sample.
>>>
>>> Is this optional, i.e. only required if the conduits for different 
>>> target endpoints are to be configured differently. If so, would the 
>>> target hostname as well as the port need to be encoded in 
>>>       
>> the conduit 
>>     
>>> ID?
>>>
>>> Or maybe the embedded "9001" denotes something else? (as the target 
>>> port for the relevant demos is actually 9000).
>>>
>>> Cheers,
>>> Eoghan
>>>
>>>       
>>>> -----Original Message-----
>>>> From: dandiep@apache.org [mailto:dandiep@apache.org]
>>>> Sent: 27 February 2007 05:45
>>>> To: cxf-commits@incubator.apache.org
>>>> Subject: svn commit: r512143 - in
>>>> /incubator/cxf/trunk/distribution/src/main/release/samples/hel
>>>> lo_world_https: client.xml insecure_client.xml server.xml
>>>>
>>>> Author: dandiep
>>>> Date: Mon Feb 26 21:44:33 2007
>>>> New Revision: 512143
>>>>
>>>> URL: http://svn.apache.org/viewvc?view=rev&rev=512143
>>>> Log:
>>>> Update HTTPS sample to latest configuration syntax.
>>>>
>>>> Modified:
>>>>
>>>> incubator/cxf/trunk/distribution/src/main/release/samples/hell
>>>> o_world_https/client.xml
>>>>
>>>> incubator/cxf/trunk/distribution/src/main/release/samples/hell
>>>> o_world_https/insecure_client.xml
>>>>
>>>> incubator/cxf/trunk/distribution/src/main/release/samples/hell
>>>> o_world_https/server.xml
>>>>
>>>> Modified:
>>>> incubator/cxf/trunk/distribution/src/main/release/samples/hell
>>>> o_world_https/client.xml
>>>> URL:
>>>> http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/
>>>> src/main/release/samples/hello_world_https/client.xml?view=dif
>>>> f&rev=512143&r1=512142&r2=512143
>>>> ==============================================================
>>>> ================
>>>> ---
>>>> incubator/cxf/trunk/distribution/src/main/release/samples/hell
>>>> o_world_https/client.xml (original)
>>>> +++
>>>>
>>>>         
>> incubator/cxf/trunk/distribution/src/main/release/samples/hello_worl
>>     
>>>> +++ d_https/client.xml Mon Feb 26 21:44:33 2007
>>>> @@ -7,9 +7,9 @@
>>>>    to you under the Apache License, Version 2.0 (the
>>>>    "License"); you may not use this file except in compliance
>>>>    with the License. You may obtain a copy of the License at
>>>> -
>>>> +
>>>>    http://www.apache.org/licenses/LICENSE-2.0
>>>> -
>>>> +
>>>>    Unless required by applicable law or agreed to in writing,
>>>>    software distributed under the License is distributed on an
>>>>    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@
>>>> -18,32 +18,32 @@
>>>>    under the License.
>>>>  -->
>>>>  <beans xmlns="http://www.springframework.org/schema/beans"
>>>> -       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>>> -       xmlns:sec="http://cxf.apache.org/configuration/security"
>>>> -       xsi:schemaLocation="
>>>> +  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>>> +  xmlns:sec="http://cxf.apache.org/configuration/security"
>>>> +  
>>>>         
>> xmlns:http="http://cxf.apache.org/transports/http/configuration"
>>     
>>>> +  xsi:schemaLocation="
>>>> +http://cxf.apache.org/transports/http/configuration
>>>> +http://cxf.apache.org/schema/transports/http.xsd
>>>>  http://www.springframework.org/schema/beans
>>>> http://www.springframework.org/schema/beans/spring-beans.xsd">
>>>>
>>>> -    <bean
>>>> name="{http://apache.org/hello_world_soap_http}SoapPort.http-c
>>>> onduit" abstract="true">
>>>> -      <property name="sslClient">
>>>> -          <value>
>>>> -              <sec:sslClient>
>>>> -
>>>>
>>>>         
>> <sec:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore>
>>     
>>>> -
>>>> <sec:KeystorePassword>celtixpass</sec:KeystorePassword>
>>>> -                  <sec:KeyPassword>celtixpass</sec:KeyPassword>
>>>> -
>>>> <sec:TrustStore>src/demo/hw_https/resources/abigcompany_ca.pem
>>>> </sec:TrustStore>
>>>> -                  <sec:CiphersuiteFilters>
>>>> -                      <!-- these filters ensure that a
>>>> ciphersuite with
>>>> -                      export-suitable but non-null
>>>> encryption is used,
>>>> -                      and prefers the stronger SHA over MD5
>>>> message digests -->
>>>> -                      <sec:include>.*_EXPORT_.*</sec:include>
>>>> -                      <sec:include>.*_EXPORT1024_.*</sec:include>
>>>> -                      <sec:include>.*_WITH_DES_.*</sec:include>
>>>> -                      <sec:exclude>.*_WITH_NULL_.*</sec:exclude>
>>>> -                      <sec:exclude>.*_MD5</sec:exclude>
>>>> -                  </sec:CiphersuiteFilters>
>>>> -              </sec:sslClient>
>>>> -          </value>
>>>> -      </property>
>>>> -    </bean>
>>>> +  <http:conduit
>>>> + 
>>>>         
>> id="{http://apache.org/hello_world_soap_http}SoapPort.http-conduit
>>     
>>>> + ">
>>>> +
>>>> +    <http:sslClient>
>>>> +
>>>>
>>>>         
>> <sec:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore>
>>     
>>>> +      <sec:KeystorePassword>celtixpass</sec:KeystorePassword>
>>>> +      <sec:KeyPassword>celtixpass</sec:KeyPassword>
>>>> +
>>>> <sec:TrustStore>src/demo/hw_https/resources/abigcompany_ca.pem
>>>> </sec:TrustStore>
>>>> +      <sec:CiphersuiteFilters>
>>>> +        <!-- these filters ensure that a ciphersuite with
>>>> +          export-suitable but non-null encryption is used,
>>>> +          and prefers the stronger SHA over MD5 message 
>>>>         
>> digests -->
>>     
>>>> +        <sec:include>.*_EXPORT_.*</sec:include>
>>>> +        <sec:include>.*_EXPORT1024_.*</sec:include>
>>>> +        <sec:include>.*_WITH_DES_.*</sec:include>
>>>> +        <sec:exclude>.*_WITH_NULL_.*</sec:exclude>
>>>> +        <sec:exclude>.*_MD5</sec:exclude>
>>>> +      </sec:CiphersuiteFilters>
>>>> +    </http:sslClient>
>>>> +  </http:conduit>
>>>> +
>>>>
>>>>  </beans>
>>>>
>>>> Modified:
>>>> incubator/cxf/trunk/distribution/src/main/release/samples/hell
>>>> o_world_https/insecure_client.xml
>>>> URL:
>>>> http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/
>>>> src/main/release/samples/hello_world_https/insecure_client.xml
>>>> ?view=diff&rev=512143&r1=512142&r2=512143
>>>> ==============================================================
>>>> ================
>>>> ---
>>>> incubator/cxf/trunk/distribution/src/main/release/samples/hell
>>>> o_world_https/insecure_client.xml (original)
>>>> +++
>>>>
>>>>         
>> incubator/cxf/trunk/distribution/src/main/release/samples/hello_worl
>>     
>>>> +++ d_https/insecure_client.xml Mon Feb 26 21:44:33 2007
>>>> @@ -7,9 +7,9 @@
>>>>    to you under the Apache License, Version 2.0 (the
>>>>    "License"); you may not use this file except in compliance
>>>>    with the License. You may obtain a copy of the License at
>>>> -
>>>> +
>>>>    http://www.apache.org/licenses/LICENSE-2.0
>>>> -
>>>> +
>>>>    Unless required by applicable law or agreed to in writing,
>>>>    software distributed under the License is distributed on an
>>>>    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@
>>>> -18,11 +18,13 @@
>>>>    under the License.
>>>>  -->
>>>>  <beans xmlns="http://www.springframework.org/schema/beans"
>>>> -       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>>> -       xsi:schemaLocation="
>>>> +  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>>> +  
>>>>         
>> xmlns:http="http://cxf.apache.org/transports/http/configuration"
>>     
>>>> +  xsi:schemaLocation="
>>>> +http://cxf.apache.org/transports/http/configuration
>>>> +http://cxf.apache.org/schema/transports/http.xsd
>>>>  http://www.springframework.org/schema/beans
>>>> http://www.springframework.org/schema/beans/spring-beans.xsd">
>>>>
>>>> -    <bean
>>>> name="{http://apache.org/hello_world_soap_http}SoapPort.http-c
>>>> onduit" abstract="true">
>>>> -    </bean>
>>>> +  <http:conduit
>>>> + 
>>>>         
>> id="{http://apache.org/hello_world_soap_http}SoapPort.http-conduit
>>     
>>>> + ">
>>>> +  </http:conduit>
>>>>
>>>>  </beans>
>>>>
>>>> Modified:
>>>> incubator/cxf/trunk/distribution/src/main/release/samples/hell
>>>> o_world_https/server.xml
>>>> URL:
>>>> http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/
>>>> src/main/release/samples/hello_world_https/server.xml?view=dif
>>>> f&rev=512143&r1=512142&r2=512143
>>>> ==============================================================
>>>> ================
>>>> ---
>>>> incubator/cxf/trunk/distribution/src/main/release/samples/hell
>>>> o_world_https/server.xml (original)
>>>> +++
>>>>
>>>>         
>> incubator/cxf/trunk/distribution/src/main/release/samples/hello_worl
>>     
>>>> +++ d_https/server.xml Mon Feb 26 21:44:33 2007
>>>> @@ -7,9 +7,9 @@
>>>>    to you under the Apache License, Version 2.0 (the
>>>>    "License"); you may not use this file except in compliance
>>>>    with the License. You may obtain a copy of the License at
>>>> -
>>>> +
>>>>    http://www.apache.org/licenses/LICENSE-2.0
>>>> -
>>>> +
>>>>    Unless required by applicable law or agreed to in writing,
>>>>    software distributed under the License is distributed on an
>>>>    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@
>>>> -18,37 +18,34 @@
>>>>    under the License.
>>>>  -->
>>>>  <beans xmlns="http://www.springframework.org/schema/beans"
>>>> -       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>>> -       xmlns:sec="http://cxf.apache.org/configuration/security"
>>>> -       xsi:schemaLocation="
>>>> +  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>>> +  xmlns:sec="http://cxf.apache.org/configuration/security"
>>>> +  
>>>>         
>> xmlns:http="http://cxf.apache.org/transports/http/configuration"
>>     
>>>> +  xsi:schemaLocation="
>>>> +http://cxf.apache.org/transports/http/configuration
>>>> +http://cxf.apache.org/schema/transports/http.xsd
>>>>  http://www.springframework.org/schema/beans
>>>> http://www.springframework.org/schema/beans/spring-beans.xsd">
>>>>
>>>> -  <bean
>>>> name="{http://apache.org/hello_world_soap_http}GreeterImplPort
>>>> .http-destination" abstract="true">
>>>> -
>>>> -      <property name="sslServer">
>>>> -          <value>
>>>> -              <sec:sslServer>
>>>> -
>>>>
>>>>         
>> <sec:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore>
>>     
>>>> -                  <sec:KeystoreType>PKCS12</sec:KeystoreType>
>>>> -
>>>> <sec:KeystorePassword>celtixpass</sec:KeystorePassword>
>>>> -                  <sec:KeyPassword>celtixpass</sec:KeyPassword>
>>>> -
>>>> <sec:WantClientAuthentication>true</sec:WantClientAuthentication>
>>>> -
>>>> <sec:RequireClientAuthentication>true</sec:RequireClientAuthen
>>>> tication>
>>>> -
>>>> <sec:TrustStore>src/demo/hw_https/resources/celtixp12.truststo
>>>> re</sec:TrustStore>
>>>> -                  <sec:CiphersuiteFilters>
>>>> -                      <!-- these filters ensure that a
>>>> ciphersuite with
>>>> -                      export-suitable or null encryption is used,
>>>> -                      but exclude anonymous Diffie-Hellman
>>>> key change as
>>>> -                      this is vulnerable to
>>>> man-in-the-middle attacks -->
>>>> -                      <sec:include>.*_EXPORT_.*</sec:include>
>>>> -                      <sec:include>.*_EXPORT1024_.*</sec:include>
>>>> -                      <sec:include>.*_WITH_DES_.*</sec:include>
>>>> -                      <sec:include>.*_WITH_NULL_.*</sec:include>
>>>> -                      <sec:exclude>.*_DH_anon_.*</sec:exclude>
>>>> -                  </sec:CiphersuiteFilters>
>>>> -              </sec:sslServer>
>>>> -          </value>
>>>> -      </property>
>>>> -  </bean>
>>>> -
>>>> +  <http:destination
>>>> id="{http://apache.org/hello_world_soap_http}GreeterImplPort.h
>>>> ttp-destination">
>>>> +    <http:sslServer>
>>>> +
>>>>
>>>>         
>> <sec:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore>
>>     
>>>> +      <sec:KeystoreType>PKCS12</sec:KeystoreType>
>>>> +      <sec:KeystorePassword>celtixpass</sec:KeystorePassword>
>>>> +      <sec:KeyPassword>celtixpass</sec:KeyPassword>
>>>> +
>>>> <sec:WantClientAuthentication>true</sec:WantClientAuthentication>
>>>> +
>>>> <sec:RequireClientAuthentication>true</sec:RequireClientAuthen
>>>> tication>
>>>> +
>>>> <sec:TrustStore>src/demo/hw_https/resources/celtixp12.truststo
>>>> re</sec:TrustStore>
>>>> +      <sec:CiphersuiteFilters>
>>>> +        <!-- these filters ensure that a ciphersuite with
>>>> +          export-suitable or null encryption is used,
>>>> +          but exclude anonymous Diffie-Hellman key change as
>>>> +          this is vulnerable to man-in-the-middle attacks -->
>>>> +        <sec:include>.*_EXPORT_.*</sec:include>
>>>> +        <sec:include>.*_EXPORT1024_.*</sec:include>
>>>> +        <sec:include>.*_WITH_DES_.*</sec:include>
>>>> +        <sec:include>.*_WITH_NULL_.*</sec:include>
>>>> +        <sec:exclude>.*_DH_anon_.*</sec:exclude>
>>>> +      </sec:CiphersuiteFilters>
>>>> +    </http:sslServer>
>>>> +  </http:destination>
>>>> +
>>>>  </beans>
>>>>
>>>>
>>>>
>>>>         
>>
>> --
>> Dan Diephouse
>> Envoi Solutions
>> http://envoisolutions.com | http://netzooid.com/blog
>>
>>     
>
>
>   


Mime
View raw message