CXF configuration to use a p12 or jks personal key and a public key
<beans xmlns="http://www.springframework.org/schema/beans" | |
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
xmlns:sec="http://cxf.apache.org/configuration/security" | |
xmlns:http="http://cxf.apache.org/transports/http/configuration" | |
xmlns:jaxws="http://java.sun.com/xml/ns/jaxws" | |
xsi:schemaLocation=" | |
http://cxf.apache.org/configuration/security | |
http://cxf.apache.org/schemas/configuration/security.xsd | |
http://cxf.apache.org/transports/http/configuration | |
http://cxf.apache.org/schemas/configuration/http-conf.xsd | |
http://www.springframework.org/schema/beans | |
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd"> | |
<http:conduit name="*.http-conduit"> | |
<http:tlsClientParameters> | |
<sec:keyManagers keyPassword="personalKeyPassword"> | |
<sec:keyStore type="JKS" password="storePassword" | |
file="/Users/java/personalKeyStore.jks" | |
/> | |
</sec:keyManagers> | |
<sec:trustManagers> | |
<sec:keyStore type="JKS" password="changeit" | |
file="/Users/java/jre/bin/cacerts"/> | |
</sec:trustManagers> | |
<sec:cipherSuitesFilter> | |
<!-- these filters ensure that a ciphersuite with | |
export-suitable or null encryption is used, | |
but exclude anonymous Diffie-Hellman key change as | |
this is vulnerable to man-in-the-middle attacks --> | |
<sec:include>.*_EXPORT_.*</sec:include> | |
<sec:include>.*_EXPORT1024_.*</sec:include> | |
<sec:include>.*_WITH_DES_.*</sec:include> | |
<sec:include>.*_WITH_AES_.*</sec:include> | |
<sec:include>.*_WITH_NULL_.*</sec:include> | |
<sec:exclude>.*_DH_anon_.*</sec:exclude> | |
</sec:cipherSuitesFilter> | |
</http:tlsClientParameters> | |
<http:client AutoRedirect="true" Connection="Keep-Alive"/> | |
</http:conduit> | |
</beans> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment