cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Kulp <dk...@apache.org>
Subject Re: TLSClientParameters
Date Mon, 08 Aug 2011 16:29:47 GMT
On Monday, August 08, 2011 8:42:53 AM Penmatsa, Vinay wrote:
> Hi Dan,
> Thanks.
> How can I set the TLS params in the STSClient? Is there an example of using
> STSClient this way?

I just checked the code and there isn't a way to access the underlying client 
from the STSClient.   I just added a getClient call which can be used in the 
future and that will be in CXF 2.4.2, but right now, the only way is through 
configuration.  :-(    (or use some reflection magic to call the private 
createClient() call and grab the client field, but that really sucks)

Dan



> -Vinay
> 
> 
> 
> -----Original Message-----
> From: Daniel Kulp [mailto:dkulp@apache.org]
> Sent: Friday, August 05, 2011 5:29 PM
> To: users@cxf.apache.org
> Cc: Penmatsa, Vinay
> Subject: Re: TLSClientParameters
> 
> > Client client = ClientProxy.getClient(port);
> > STSClient stsClient = new STSClient(client.getBus());
> 
> You have two separate clients there....   the client from the port and an
> STSClient.   You are setting the TLS stuff on the port's client, but not the
> STSClient.   That's likely the issue.
> 
> Dan
> 
> On Friday, August 05, 2011 12:11:43 PM Penmatsa, Vinay wrote:
> > Hi Dan,
> > No. But not sure if I'm affecting it somehow. Here's my code:
> > 
> > ------
> > Client client = ClientProxy.getClient(port);
> > STSClient stsClient = new STSClient(client.getBus());
> > HTTPConduit http = (HTTPConduit) client.getConduit();
> > TLSClientParameters param = new TLSClientParameters();
> > param.setDisableCNCheck(true);
> > Properties cProps = new Properties();
> > cProps.load(new FileReader("client.properties"));
> > Merlin m = new Merlin(cProps);
> > KeyManagerFactory kmf =
> > KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
> > TrustManagerFactory tmf =
> > TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm(
> > )); kmf.init(m.getKeyStore(), "password1".toCharArray());
> > tmf.init(m.getTrustStore());
> > param.setKeyManagers(kmf.getKeyManagers());
> > param.setTrustManagers(tmf.getTrustManagers());
> > http.setTlsClientParameters(param);
> > 
> > stsClient.setWsdlLocation("<wsdl url>");
> > stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200
> > 512} STS");
> > stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/20
> > 051 2}UT"); Map<String,Object> stsProps = new HashMap<String,Object>();
> > stsProps.put("ws-security.username", "user");
> > stsProps.put("ws-security.password", "password");
> > stsClient.setProperties(stsProps);
> > SecurityToken st = stsClient.requestSecurityToken();
> > -----
> > 
> > I'm using cxf 2.4.
> > 
> > 
> > 
> > 
> > -----Original Message-----
> > From: Daniel Kulp [mailto:dkulp@apache.org]
> > Sent: Friday, August 05, 2011 11:49 AM
> > To: users@cxf.apache.org
> > Cc: Penmatsa, Vinay
> > Subject: Re: TLSClientParameters
> > 
> > On Friday, August 05, 2011 11:32:08 AM Penmatsa, Vinay wrote:
> > > Hi Prisca,
> > > Thanks for the link.
> > > This can be fallback solution, but I prefer to do it
> > > programmatically.
> > > While debugging the source, it seems a new conduit object is created
> > > in
> > > HttpTransportFactory.getConduit(). So, the client.getConduit() in my
> > > code
> > > is ignored. Not sure how to fix that
> > 
> > Do you have a different ConduitSelector installed on the client?   The
> > default one should just be creating a single Conduit for the client and
> > re-using it. I'm not sure why a second call to
> > HttpTransportFactory.getConduit would be occuring.
> > 
> > Dan
> > 
> > > Regards,
> > > Vinay
> > > 
> > > -----Original Message-----
> > > From: Prisca POLYTE [mailto:polyte.p@gmail.com]
> > > Sent: Friday, August 05, 2011 11:18 AM
> > > To: users@cxf.apache.org
> > > Subject: Re: TLSClientParameters
> > > 
> > > Hey,
> > > 
> > > is it possible for you to use Spring for instance ?
> > > 
> > > If it is then you should have a look to
> > > http://cxf.apache.org/docs/client-http-transport-including-ssl-suppo
> > > rt.h tml#
> > > ClientHTTPTransport%28includingSSLsupport%29-ConfiguringSSLSupport
> > > 
> > > HTH
> > > 
> > > Regards
> > > --
> > > Prisca
> > > 
> > > On Fri, Aug 5, 2011 at 5:10 PM, Penmatsa, Vinay
> > 
> > <vinay.penmatsa@sap.com>wrote:
> > > > I'm unable to set the 'disableCNCheck' programmatically as
> > > > below:
> > > > 
> > > > HTTPConduit http = (HTTPConduit) client.getConduit();
> > > > TLSClientParameters param = new TLSClientParameters();
> > > > param.setDisableCNCheck(true);
> > > > http.setTlsClientParameters(param);
> > > > 
> > > > 
> > > > What's the correct way to do this?
> > > > 
> > > > 
> > > > Thanks,
> > > > Vinay
-- 
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog
Talend - http://www.talend.com

Mime
View raw message