Hi Dan,
Over Ubuntu Hardy:
$ java -version
java version "1.6.0_06"
Java(TM) SE Runtime Environment (build 1.6.0_06-b02)
Java HotSpot(TM) Client VM (build 10.0-b22, mixed mode, sharing)
Over Windows
> java -version
java version "1.6.0_05"
Java(TM) SE Runtime Environment (build 1.6.0_05-b13)
Java HotSpot(TM) Client VM (build 10.0-b19, mixed mode, sharing)
It fails the same way on both platforms. Although without using a client
certificate it works!
Thanks,
Agusti
En/na Daniel Kulp ha escrit:
Which version of java 6 and on which platform?
I believe all the samples in 2.1 were tested on java6 update 4 at one
point (I think on Windows, Sean?), but maybe something crept into the
code at the last minute or so that broke that sample.
Dan
On May 15, 2008, at 10:25 AM, Agustí wrote:
Dear All,
Ok, I think that I finally found it.
On wsdl_first_https I've modified this line in CherryServer.cxf:
from: <sec:clientAuthentication want="true" required="true"/>
to: <sec:clientAuthentication want="false" required="false"/>
And in InsecureClient.cxf i've added this:
<http:tlsClientParameters disableCNCheck="true">
<sec:trustManagers>
<sec:keyStore type="JKS" password="password"
file="certs/truststore.jks"/>
</sec:trustManagers>
<sec:cipherSuitesFilter>
<!-- these filters ensure that a ciphersuite with
export-suitable or null encryption is used,
but exclude anonymous Diffie-Hellman key change as
this is vulnerable to man-in-the-middle attacks -->
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
</http:tlsClientParameters>
</http:conduit>
<bean id="cxf" class="org.apache.cxf.bus.CXFBusImpl">
</bean>
Now it works, without using a client certificate! (I only want to
encrypt
the HTTP transport).
On thing that I've found doing this test is that the wsdl_first_https
sample doesn't work using jdk 6, neither using CXF v2.0.6 nor using CXF
v2.1!
Regards,
Agusti Dosaiguas
PS: Hope that this helps someone!
On Thu, Maig 15, 2008 15:51, Agustí wrote:
Dear All,
I can't find it in the docs.
How can I configure CXF's embedded Jetty to only accept connections
over
HTTPS, but without the need of client certificates?
I mean, like the wsdl_first_https, but without the need of a client
certificate, I don't need to autheticate the client...
Thanks,
Agusti Dosaiguas
---
Daniel Kulp
[EMAIL PROTECTED]
http://www.dankulp.com/blog