Hi, We tried to resolve this problem programmatically by detecting whether SSL is used or not in the service method or by adding an interceptor. The code checked whether SSL was used and interrupted the HTTP request if SSL was not used for a service. This did not work due to a bug in the HTTP Request object as the protocol used was only checked once on the first request and the result cached for future reference.
Due to another bug related to SSL which made the CPU hit the roof we then decided to terminate all SSL on the F5 load balancer in front of Servicemix. This enabled us to inject the protocol used to request the service as the X-Forwarded-Proto header and thus to detect what protocol was actually used by the client to request the service. Again an interceptor was used to block non-SSL requests to the service. Works fine, the only issue was that it took us forever getting operations configure the F5 in the right way, they won’t let us touch “their” network appliance (the F5 load balancer). Cheers, Chris On 19 dec 2013, at 10:50, amasse76 <[email protected]> wrote: > Hi, > > I'm trying to configure the Jetty.xml file in servicemix 4.4.x to resolve > the following situation : > > - bundle A which exposes a SAOP API ( /cxf/serviceA/* ). I use CXF and > blueprint. > > - bundle B which exposes a SAOP API ( /cxf/serviceB/* ). I use CXF and > blueprint. > > I would like to define http/https rules. > > the API bundle A could be access via HTTP or HTTPS and the API bundle B HAVE > TO BE accessible only via HTTPS (but I don't find any solution :( ). > > Today the two APIs are accessible via http and https. > > Is there someone to help me ? > > Thanks > Anthony > > > > > > -- > View this message in context: > http://servicemix.396122.n5.nabble.com/Jetty-complex-configuration-CXF-HTTP-HTTPS-tp5718501.html > Sent from the ServiceMix - User mailing list archive at Nabble.com.
signature.asc
Description: Message signed with OpenPGP using GPGMail
