cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: transportBinding httpsToken not taken from conduit tlsClientParameters
Date Mon, 22 Jan 2018 14:55:48 GMT
The properties you're referring to ("security.signature.properties") are
used for WS-Security (e.g. signing/encrypting the SOAP message). The TLS
keys/certs are used for the Transport layer. In the policy example you
gave, you don't need to configure "security.signature.properties" at all,
as there are no message signing policies.

Colm.

On Mon, Jan 22, 2018 at 2:49 PM, vlad.balan <vlad.balan@gmail.com> wrote:

> Hello
>
> can soneone help me and tell me why HttpsToken policy
>
>                 <sp:TransportBinding
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
>                     <wsp:Policy>
>                         <sp:TransportToken>
>                             <wsp:Policy>
>                                 <sp:HttpsToken>
>                                     <wsp:Policy>
>                                         <sp:RequireClientCertificate/>
>                                     </wsp:Policy>
>                                 </sp:HttpsToken>
>                             </wsp:Policy>
>                         </sp:TransportToken>
>                         <sp:Layout>
>                             <wsp:Policy>
>                                 <sp:Strict/>
>                             </wsp:Policy>
>                         </sp:Layout>
>                         <sp:IncludeTimestamp/>
>                         <sp:AlgorithmSuite>
>                             <wsp:Policy>
>                                 <sp:Basic128/>
>                             </wsp:Policy>
>                         </sp:AlgorithmSuite>
>                     </wsp:Policy>
>                 </sp:TransportBinding>
>
>
>
> does not take its parameters (certificates,etc) from conduit (client
> side)/engine (server side)
>
> http:tlsClientParameters element
>
> ( sample:
>
>
>     <http:conduit
> name="{http://apache.org/hello_world_soap_http}SoapPort.http-conduit">
>         <http:tlsClientParameters  disableCNCheck="true">
>             <sec:keyManagers keyPassword="ckpass">
>                 <sec:keyStore file="src/main/config/clientKeystore.jks"
> password="cspass" type="JKS"/>
>             </sec:keyManagers>
>             <sec:trustManagers>
>                 <sec:keyStore file="src/main/config/clientKeystore.jks"
> password="cspass" type="JKS"/>
>             </sec:trustManagers>
>
>         </http:tlsClientParameters>
>     </http:conduit>
> )
>
>
> and instead needs exlicitly specify them (in properties of client or server
> endpoint)
>
>
>
>
>     <jaxws:client name="{http://apache.org/hello_world_soap_http}SoapPort"
> >
>         <jaxws:properties>
>
>             <entry key="security.signature.properties"
> value="security.signature.properties"/>
>             <entry key="security.encryption.properties"
> value="security.signature.properties"/>
>
> ....
>
>
> Thanks
>
>
>
>
> --
> Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message