Dear Forum,

using XML DSl, I'm experiencing difficulties to use property placeholders accessed via the

in attributes nested in the http-conduit configuration. Placeholders work fine on the bean level, but trying to specifiy, for example, paths to key stores and passwords in the http conduit does not work - the properties are not being resolved.

-

<http:tlsClientParameters disableCNCheck="true">

            <sec:keyManagers keyPassword="${pmfacade.ssl.keypass}">

                <sec:keyStore type="JKS" password="${pmfacade.ssl.keystorepass}"

                                 file="${pmfacade.ssl.keystore}"/>

            </sec:keyManagers>

            <sec:trustManagers>

                <sec:keyStore type="JKS" password="${pmfacade.ssl.truststorepass}"

                                file="${pmfacade.ssl.truststore}"/>

            </sec:trustManagers>

            <sec:cipherSuitesFilter>

                <!-- these filters ensure that a ciphersuite with

                    export-suitable or null encryption is used,

                    but exclude anonymous Diffie-Hellman key change as

                    this is vulnerable to man-in-the-middle attacks -->

                <sec:include>.EXPORT.</sec:include>

                <sec:include>.EXPORT1024.</sec:include>

                <sec:include>.WITHDES_.</sec:include>

                <sec:include>.WITHAES_.</sec:include>

                <sec:include>.WITHNULL_.</sec:include>

                <sec:exclude>.DHanon_.(FileInputStream.java:79)[:1.6.0_37]

        at org.apache.cxf.configuration.jsse.spring.TLSParameterJaxBUtils.getKeyStore(TLSParameterJaxBUtils.java:123)[170:org.apache.cxf.bundle:2.

Hard-coding paths to keystores and passwords in the blueprint.xml is a no-go - credentials are defintely something the IT production department wants to have their hands on.

Is it just not possible in blueprint and I would have to "fall back" to Spring or am I doing some mistake here?

kind regards

Michael