Configuring SSL Support
To configure you're client to use SSL, you'll need to add an <http:conduit> definition to your XML configuration file.
A "hello_world_https" sample can be found in the CXF distribution with more detail.
Here is a sample of what your conduit definition might look like:
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:http="http://cxf.apache.org/transports/http/configuration" xsi:schemaLocation=" http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schema/transports/http.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd"> <http:conduit id="{http://apache.org/hello_world_soap_http}SoapPort.http-conduit"> <http:sslClient> <sec:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore> <sec:KeystorePassword>celtixpass</sec:KeystorePassword> <sec:KeyPassword>celtixpass</sec:KeyPassword> <sec:TrustStore>src/demo/hw_https/resources/abigcompany_ca.pem</sec:TrustStore> <sec:CiphersuiteFilters> <!-- these filters ensure that a ciphersuite with export-suitable but non-null encryption is used, and prefers the stronger SHA over MD5 message digests --> <sec:include>.*_EXPORT_.*</sec:include> <sec:include>.*_EXPORT1024_.*</sec:include> <sec:include>.*_WITH_DES_.*</sec:include> <sec:exclude>.*_WITH_NULL_.*</sec:exclude> <sec:exclude>.*_MD5</sec:exclude> </sec:CiphersuiteFilters> </http:sslClient> </http:conduit> </beans>
The first thing to notice is the "id" attribute on <http:conduit>. This allows CXF to associate this HTTP Conduit configuration with a particular WSDL Port. The id includes the service's namespace, the WSDL port name, and ".http-conduit". It follows this template: "{serviceNamespace}portName.http-conduit".