cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "vlad.balan" <vlad.ba...@gmail.com>
Subject transportBinding httpsToken not taken from conduit tlsClientParameters
Date Mon, 22 Jan 2018 14:49:06 GMT
Hello 

can soneone help me and tell me why HttpsToken policy 

                <sp:TransportBinding
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
                    <wsp:Policy>
                        <sp:TransportToken>
                            <wsp:Policy>
                                <sp:HttpsToken>
                                    <wsp:Policy>
                                    	<sp:RequireClientCertificate/>
                                    </wsp:Policy>
                                </sp:HttpsToken>
                            </wsp:Policy>
                        </sp:TransportToken>
                        <sp:Layout>
                            <wsp:Policy>
                                <sp:Strict/>
                            </wsp:Policy>
                        </sp:Layout>
                        <sp:IncludeTimestamp/>
                        <sp:AlgorithmSuite>
                            <wsp:Policy>
                                <sp:Basic128/>
                            </wsp:Policy>
                        </sp:AlgorithmSuite>
                    </wsp:Policy>
                </sp:TransportBinding>



does not take its parameters (certificates,etc) from conduit (client
side)/engine (server side) 

http:tlsClientParameters element

( sample:


    <http:conduit
name="{http://apache.org/hello_world_soap_http}SoapPort.http-conduit">
        <http:tlsClientParameters  disableCNCheck="true">
            <sec:keyManagers keyPassword="ckpass">
                <sec:keyStore file="src/main/config/clientKeystore.jks"
password="cspass" type="JKS"/>
            </sec:keyManagers>
            <sec:trustManagers>
                <sec:keyStore file="src/main/config/clientKeystore.jks"
password="cspass" type="JKS"/>
            </sec:trustManagers>
            
        </http:tlsClientParameters>
    </http:conduit>
)


and instead needs exlicitly specify them (in properties of client or server
endpoint)




    <jaxws:client name="{http://apache.org/hello_world_soap_http}SoapPort" >
        <jaxws:properties>

            <entry key="security.signature.properties"
value="security.signature.properties"/>
            <entry key="security.encryption.properties"
value="security.signature.properties"/>

....


Thanks




--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html

Mime
View raw message