cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fred Dushin <f...@dushin.net>
Subject Re: My own TrustManager
Date Fri, 14 Dec 2007 13:34:11 GMT
I'm pretty sure we won't be able to do this declaratively, at least  
in the current code.

You should have some avenues for doing this programmatically,  
however.  On the client side, see the HTTPConduitTest [1] in the CXF  
systests.

I'm a bit less certain about the server side, though it should be  
possible (this was an initial design requirement).  If you can get  
your hands on the Destination, you can downcast it to a  
JettyHTTPDestination, and from there you should be able to get the  
JettyHTTPServerEngine, on which you can set a collection of TLS  
parameters.

There are some caveats, of course.  For one, you probably need to do  
this before publishing the endpoint -- you can't change TLS  
parameters on an already-open socket.  Also, these are all internal  
types, which require a lot of casts down to implementation-specific  
types.  So you have no guarantee that these types will be supported  
across changes to CXF.  And this stuff is only relevant to using the  
Jetty HTTP stack on the server side.  YMMV with the servlet stack, or  
anything else that comes down the pipe.

Hope that helps.  Let us know if this works.  If it does, feel free  
to contribute a test!

Thanks,
-Fred

[1] https://svn.apache.org/repos/asf/incubator/cxf/trunk/systests/src/ 
test/java/org/apache/cxf/systest/http/HTTPConduitTest.java


On Dec 13, 2007, at 10:12 AM, Bc. Jiří Mikulášek wrote:

> Hi all,
> I need to add some spicific features to my SSL communictaion - so  
> basically I
> would like to implement my own TrustManager.
>
> But when using CXF the code suplying TrustManagers is not under my  
> control. Is
> there any way how to do it ofr CXF?
>
> thanks for any hints
> -- 
> Jiri Mikulasek
> ---------------------------------
> Developer
>
> AURA, s.r.o.
> Uvoz 499/56; 602 00 Brno
> ISO 9001 certified company
> AQAP 2110 (ČOS 051622)
> tel./fax: +420 544 508 115
> e-mail:  mikulasek@aura.cz
> http://www.aura.cz
> ---------------------------------
>


Mime
View raw message