cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fred Dushin <f...@dushin.net>
Subject Re: Ensuring CXF soap is behind SSL
Date Wed, 06 Feb 2008 16:11:25 GMT
Apropos to that, the TLSSessionInfo structure on the message should  
give you everything you want:

http://svn.apache.org/repos/asf/incubator/cxf/trunk/api/src/main/java/org/apache/cxf/security/transport/TLSSessionInfo.java

Currently this is plumbed through only for HTTP, though it should work  
in both transports (jetty and servlet)

-Fred

On Feb 5, 2008, at 2:28 PM, Daniel Kulp wrote:

>
> You may need to write a simple interceptor that would grab the
> HttpServletRequest object out  of the message and checks the security
> stuff.   It shouldn't be too hard to write.
>
> There might be some policy things along with the ws-security stuff  
> that
> could enforce it with the ws-security module, but that would  
> definitely
> cause a performance hit due to the security module dropping to saaj
> mode.   I'm not really sure anyway.   Fred may need to answer that  
> one.
>
>
> Dan
>
>
> On Tuesday 05 February 2008, quakexpert@aol.com wrote:
>> I want to make sure any messages not encrypted with SSL are rejected
>> by the CXF container. What configuration is neccessary for this?
>>
>> I've tried setting the location to an https address but this is
>> unsufficient. The only documentation I've found on the subject refers
>> to client, not server, configuration.
>>
>> ? <wsdl:service name="HelloWorldService">
>> ??? <wsdl:port binding="impl:HelloWorldServiceSoapBinding"
>> name="HelloWorldService"> ????? <wsdlsoap:address
>> location="https://localhost:8080/HelloWorldService"/> ??? </ 
>> wsdl:port>
>> ? </wsdl:service>
>>
>> Thanks!
>>
>>
>>
>> ______________________________________________________________________
>> __ More new features than ever.  Check out the new AOL Mail ! -
>> http://webmail.aol.com
>
>
>
> -- 
> J. Daniel Kulp
> Principal Engineer, IONA
> dkulp@apache.org
> http://www.dankulp.com/blog
>


Mime
View raw message