dcvezzani · May 31, 2013 19:51
diff --git a/apache-cxf-java-client-app-spring-configuration-ClientConfig.xml b/apache-cxf-java-client-app-spring-configuration-ClientConfig.xml
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
  Licensed to the Apache Software Foundation (ASF) under one
  or more contributor license agreements. See the NOTICE file
  distributed with this work for additional information
  regarding copyright ownership. The ASF licenses this file
  to you under the Apache License, Version 2.0 (the
  "License"); you may not use this file except in compliance
  with the License. You may obtain a copy of the License at
  
  http://www.apache.org/licenses/LICENSE-2.0
  
  Unless required by applicable law or agreed to in writing,
  software distributed under the License is distributed on an
  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  KIND, either express or implied. See the License for the
  specific language governing permissions and limitations
  under the License.
 -->

 <!-- 
  ** This file configures the Wibble Client
  -->

 <beans xmlns="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:sec="http://cxf.apache.org/configuration/security"
  xmlns:http="http://cxf.apache.org/transports/http/configuration"
  xsi:schemaLocation="
           http://cxf.apache.org/configuration/security
           http://cxf.apache.org/schemas/configuration/security.xsd
           http://cxf.apache.org/transports/http/configuration
           http://cxf.apache.org/schemas/configuration/http-conf.xsd
           http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans.xsd">


  <http:conduit name="{http://www.universityofcalifornia.edu/UCPath/IDM}UCIDMServiceSOAP.http-conduit">
    <http:tlsClientParameters disableCNCheck="false">
      <sec:keyManagers keyPassword="cspass">
          <sec:keyStore file="src/main/config/client-keystore.jks" password="pass" type="JKS"/>
      </sec:keyManagers>
      <sec:trustManagers>
          <sec:keyStore file="src/main/config/client-keystore.jks" password="pass" type="JKS"/>
      </sec:trustManagers>

      <sec:cipherSuitesFilter>
        <!-- these filters ensure that a ciphersuite with
          export-suitable or null encryption is used,
          but exclude anonymous Diffie-Hellman key change as
          this is vulnerable to man-in-the-middle attacks -->
        <sec:include>.*_EXPORT_.*</sec:include>
        <sec:include>.*_EXPORT1024_.*</sec:include>
        <sec:include>.*_WITH_DES_.*</sec:include>
        <sec:include>.*_WITH_AES_.*</sec:include>
        <sec:include>.*_WITH_NULL_.*</sec:include>
        <sec:exclude>.*_DH_anon_.*</sec:exclude>
      </sec:cipherSuitesFilter>
    </http:tlsClientParameters>
   </http:conduit>
 </beans>
	<?xml version="1.0" encoding="UTF-8"?>
	<!--
	Licensed to the Apache Software Foundation (ASF) under one
	or more contributor license agreements. See the NOTICE file
	distributed with this work for additional information
	regarding copyright ownership. The ASF licenses this file
	to you under the Apache License, Version 2.0 (the
	"License"); you may not use this file except in compliance
	with the License. You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE-2.0

	Unless required by applicable law or agreed to in writing,
	software distributed under the License is distributed on an
	"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	KIND, either express or implied. See the License for the
	specific language governing permissions and limitations
	under the License.
	-->

	<!--
	** This file configures the Wibble Client
	-->

	<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:sec="http://cxf.apache.org/configuration/security"
	xmlns:http="http://cxf.apache.org/transports/http/configuration"
	xsi:schemaLocation="
	http://cxf.apache.org/configuration/security
	http://cxf.apache.org/schemas/configuration/security.xsd
	http://cxf.apache.org/transports/http/configuration
	http://cxf.apache.org/schemas/configuration/http-conf.xsd
	http://www.springframework.org/schema/beans
	http://www.springframework.org/schema/beans/spring-beans.xsd">


	<http:conduit name="{http://www.universityofcalifornia.edu/UCPath/IDM}UCIDMServiceSOAP.http-conduit">
	<http:tlsClientParameters disableCNCheck="false">
	<sec:keyManagers keyPassword="cspass">
	<sec:keyStore file="src/main/config/client-keystore.jks" password="pass" type="JKS"/>
	</sec:keyManagers>
	<sec:trustManagers>
	<sec:keyStore file="src/main/config/client-keystore.jks" password="pass" type="JKS"/>
	</sec:trustManagers>

	<sec:cipherSuitesFilter>
	<!-- these filters ensure that a ciphersuite with
	export-suitable or null encryption is used,
	but exclude anonymous Diffie-Hellman key change as
	this is vulnerable to man-in-the-middle attacks -->
	<sec:include>._EXPORT_.</sec:include>
	<sec:include>._EXPORT1024_.</sec:include>
	<sec:include>._WITH_DES_.</sec:include>
	<sec:include>._WITH_AES_.</sec:include>
	<sec:include>._WITH_NULL_.</sec:include>
	<sec:exclude>._DH_anon_.</sec:exclude>
	</sec:cipherSuitesFilter>
	</http:tlsClientParameters>
	</http:conduit>
	</beans>