cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Polar Humenn <>
Subject Re: CXF-438 Patch; HTTP(S) Trust Decision
Date Tue, 20 Mar 2007 13:02:45 GMT

I'm just trying to be thorough, from low level to high level. The trust 
decider is issued the conduit name, then upwards, URL Connection(info), 
endpoint (for addressing information), binding, service. I actually got 
the BindingInfo, and ServiceInfo off the Exchange object.

I'm trying to keep the Trust Decider (architecturally) clean from being 
able to influence any CXF internals, since it is a piece of user code. 
The EndpointInfo object is even too general and dangerous, and it should 
be that only parts of the EndpointInfo need be exposed (no "set" 
methods). So, maybe replace EndpointInfo with:

   QName          endpointName <--   EndpointInfo.getName()
   String            endpointAddress  <- EndpointInfo.getAddress() 

However, now I see that the internal architecture is such that even the 
BindingInfo and ServiceInfo has a bunch of set methods that the 
TrustDecider can go off and violate all kinds of things if it wants to. 
Oh well.

So, what does the Trust Decider really need?

It definitely needs the URLConnection Info. And it needs some "other" 
things for figuring out whether it should be trusted for the Message in 

It maybe that this architecture is so general in that maybe we should 
just have

         void establishTrust(
                    String                       conduitName,
                    URLConnectionInfo connInfo,
                    Message                   message
        ) ....

and leave it at that, with a stipulation that the implementation of 
establishTrust must play *nice* and not change anything on the message.


Dan Diephouse wrote:
> Only had a moment to look at this, butt: Do we need to pass in the
> BindingInfo/ServiceInfo as well to the trust decider? Those are easily
> accessible via endpointInfo.getService() and endpointInfo.getBinding();
> - Dan
> On 3/19/07, Polar Humenn <> wrote:
>> Greetings,
>> I have submitted a patch for JIRA-CXF-438. This patch handles the 
>> issue of
>> making a Trust Decision in the rt-transports-http module. It is attached
>> to the JIRA
>> issue. I hope someone will review. Although I have applications that
>> test this, I will
>> organize them into a system test shortly.
>> Cheers,
>> -Polar

View raw message