META-INF.spring.cxf-endpoints.xml Maven / Gradle / Ivy
<?xml version="1.0" encoding="UTF-8"?>
<!--
Unless explicitly acquired and licensed from Licensor under another license, the contents of
this file are subject to the Reciprocal Public License ("RPL") Version 1.5, or subsequent
versions as allowed by the RPL, and You may not copy or use this file in either source code
or executable form, except in compliance with the terms and conditions of the RPL
All software distributed under the RPL is provided strictly on an "AS IS" basis, WITHOUT
WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, AND LICENSOR HEREBY DISCLAIMS ALL SUCH
WARRANTIES, INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE, QUIET ENJOYMENT, OR NON-INFRINGEMENT. See the RPL for specific language
governing rights and limitations under the RPL.
http://opensource.org/licenses/RPL-1.5
Copyright 2012-2015 Open Justice Broker Consortium
-->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:cxf="http://camel.apache.org/schema/cxf"
xmlns:policy="http://cxf.apache.org/policy"
xmlns:wsp="http://www.w3.org/2006/07/ws-policy"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:http="http://cxf.apache.org/transports/http/configuration"
xsi:schemaLocation="
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd
http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd
http://www.w3.org/2006/07/ws-policy http://www.w3.org/2006/07/ws-policy.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://camel.apache.org/schema/spring http://camel.apache.org/schema/spring/camel-spring.xsd
http://camel.apache.org/schema/cxf http://camel.apache.org/schema/cxf/camel-cxf.xsd
http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd
http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd">
<!--
Rapback Search Request Service
-->
<cxf:cxfEndpoint
id="rapbackSearchRequestService"
address="${rapbackSearchIntermediary.rapbackSearchRequestEndpoint}"
wsdlURL="classpath:ssp/Organization_Identification_Results_Search_Request/schema/SIP_WS_1.2/Organization_Identification_Results_Search_Request_Service.wsdl"
serviceName="ojbc:Organization_Identification_Results_Search_Request_Service_Service"
endpointName="ojbc:Organization_Identification_Results_Search_Request_Secure_Service"
xmlns:ojbc="http://ojbc.org/Services/WSDL/OrganizationIdentificationResultsSearchRequestService/1.0">
<cxf:properties>
<entry key="ws-security.callback-handler" value-ref="passwordCallbackHandler" />
<entry key="ws-security.signature.properties" value-ref="rapbackSearchKeystoreProperties" />
<entry key="ws-security.signature.username" value="${rapbackSearchIntermediary.keystoreCertificateAlias}" />
<entry key="ws-security.saml2.validator" value-ref="OJBSimpleWSPSamlTokenValidator" />
<entry key="ws-security.validate.audience-restriction" value="false" />
</cxf:properties>
</cxf:cxfEndpoint>
<!-- Rapback Data Store Adapter, called by the intermediary -->
<cxf:cxfEndpoint id="rapbackDataStoreAdapter"
address="${rapbackSearchIntermediary.rapbackDataStoreEndpoint}"
wsdlURL="classpath:ssp/Organization_Identification_Results_Search_Request/schema/SIP_WS_1.2/Organization_Identification_Results_Search_Request_Service.wsdl"
serviceName="ojbc:Organization_Identification_Results_Search_Request_Service_Service"
endpointName="ojbc:Organization_Identification_Results_Search_Request_Secure_Service"
xmlns:ojbc="http://ojbc.org/Services/WSDL/OrganizationIdentificationResultsSearchRequestService/1.0">
<cxf:properties>
<entry key="ws-security.saml-callback-handler" value-ref="ojbSamlCallbackHandler"/>
<entry key="ws-security.callback-handler" value-ref="passwordCallbackHandler" />
<entry key="ws-security.signature.properties" value-ref="rapbackSearchKeystoreProperties" />
<entry key="ws-security.signature.username" value="${rapbackSearchIntermediary.keystoreCertificateAlias}" />
</cxf:properties>
</cxf:cxfEndpoint>
<!-- Rapback Search Results Handler Service, hosted by OJB, called by rapback adapter -->
<cxf:cxfEndpoint id="rapbackSearchResultsHandlerService"
address="${rapbackSearchIntermediary.rapbackSearchResultsEndpoint}"
wsdlURL="classpath:ssp/Organization_Identification_Results_Search_Results/schema/SIP_WS_1.2/Organization_Identification_Results_Search_Results_Service.wsdl"
serviceName="ojbc:OrganizationIdentificationResults_Search_Results_Service_Service"
endpointName="ojbc:OrganizationIdentificationResults_Search_Results_Secure_Service"
xmlns:ojbc="http://ojbc.org/Services/WSDL/OrganizationIdentificationResultsSearchResultsService/1.0">
<cxf:features>
<policy:policies>
<wsp:Policy xmlns:wsam="http://www.w3.org/2007/02/addressing/metadata">
<wsam:Addressing>
<wsp:Policy />
</wsam:Addressing>
</wsp:Policy>
</policy:policies>
</cxf:features>
</cxf:cxfEndpoint>
<!--
Rapback Search Response Service
-->
<cxf:cxfEndpoint
id="presentRapbackSearchResultService"
address="${rapbackSearchIntermediary.presentRapbackSearchResultEndpoint}"
wsdlURL="classpath:ssp/Organization_Identification_Results_Search_Results/schema/SIP_WS_1.2/Organization_Identification_Results_Search_Results_Service.wsdl"
serviceName="ojbc:OrganizationIdentificationResults_Search_Results_Service_Service"
endpointName="ojbc:OrganizationIdentificationResults_Search_Results_Secure_Service"
xmlns:ojbc="http://ojbc.org/Services/WSDL/OrganizationIdentificationResultsSearchResultsService/1.0"
>
<cxf:features>
<policy:policies>
<wsp:Policy xmlns:wsam="http://www.w3.org/2007/02/addressing/metadata">
<wsam:Addressing>
<wsp:Policy/>
</wsam:Addressing>
</wsp:Policy>
</policy:policies>
</cxf:features>
</cxf:cxfEndpoint>
<bean id="OJBSimpleWSPSamlTokenValidator" class="org.ojbc.util.validator.OJBSimpleWSPSamlTokenValidator"/>
<bean id="passwordCallbackHandler" class="org.ojbc.util.ws.security.ClientCallbackMap">
<property name="passwords">
<map>
<entry key="${rapbackSearchIntermediary.keystoreCertificateAlias}" value="${rapbackSearchIntermediary.keyPassword}"/>
</map>
</property>
</bean>
<util:properties id= "rapbackSearchKeystoreProperties">
<prop key="org.apache.ws.security.crypto.provider">org.apache.ws.security.components.crypto.Merlin</prop>
<prop key="org.apache.ws.security.crypto.merlin.keystore.type">jks</prop>
<prop key="org.apache.ws.security.crypto.merlin.keystore.password">${rapbackSearchIntermediary.keystorePassword}</prop>
<prop key="org.apache.ws.security.crypto.merlin.keystore.alias">${rapbackSearchIntermediary.keystoreCertificateAlias}</prop>
<prop key="org.apache.ws.security.crypto.merlin.keystore.file">${rapbackSearchIntermediary.keystoreLocation}</prop>
</util:properties>
<!--
Used for OUTBOUND SSL/TLS Connection. No CCA, just SSL. Client side SSL connection
-->
<http:conduit
name="https://.*">
<http:tlsClientParameters disableCNCheck="true">
<sec:trustManagers>
<sec:keyStore type="JKS"
password="${rapbackSearchIntermediary.truststorePassword}"
file="${rapbackSearchIntermediary.truststoreLocation}" />
</sec:trustManagers>
<sec:cipherSuitesFilter>
<!-- these filters ensure that a strong ciphersuite will be used -->
<sec:include>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</sec:include>
<sec:include>SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA</sec:include>
<sec:include>TLS_RSA_WITH_AES_128_CBC_SHA</sec:include>
<sec:include>SSL_RSA_WITH_3DES_EDE_CBC_SHA</sec:include>
</sec:cipherSuitesFilter>
</http:tlsClientParameters>
<http:client AutoRedirect="true" Connection="Keep-Alive" />
</http:conduit>
</beans>