cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r814485 - in /websites/production/cxf/content: cache/docs.pageCache docs/jax-rs-saml.html docs/jax-rs-xml-security.html
Date Wed, 25 Apr 2012 21:48:48 GMT
Author: buildbot
Date: Wed Apr 25 21:48:48 2012
New Revision: 814485

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/docs.pageCache
    websites/production/cxf/content/docs/jax-rs-saml.html
    websites/production/cxf/content/docs/jax-rs-xml-security.html

Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/docs/jax-rs-saml.html
==============================================================================
--- websites/production/cxf/content/docs/jax-rs-saml.html (original)
+++ websites/production/cxf/content/docs/jax-rs-saml.html Wed Apr 25 21:48:48 2012
@@ -466,7 +466,9 @@ Custom validators extending WSS4J SamlAs
 
 <h2><a shape="rect" name="JAX-RSSAML-ClaimsBasedAccessControl"></a>Claims
Based Access Control</h2>
 
-<p>CXF JAX-RS offers an extension letting users to enforce a new fine-grained Claims
Based Access Control (CBAC) based on <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/Claim.java">Claim</a>
and <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/Claims.java">Claims</a>
annotations as well as <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/ClaimMode.java">ClaimMode</a>
enum class.   </p>
+<p>CXF JAX-RS offers an extension letting users to enforce a new fine-grained Claims
Based Access Control (CBAC) based on <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/api/src/main/java/org/apache/cxf/security/claims/authorization/Claim.java">Claim</a>
and <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/api/src/main/java/org/apache/cxf/security/claims/authorization/Claims.java">Claims</a>
annotations as well as <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/api/src/main/java/org/apache/cxf/security/claims/authorization/ClaimMode.java">ClaimMode</a>
enum class.   </p>
+
+<p><b>Note</b> a package for Claim, Claims and ClaimMode annotations has
changed from "org.apache.cxf.rs.security.saml.authorization" to "org.apache.cxf.security.claims.authorization".</p>
 
 <p>Here is a simple code fragment:</p>
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
@@ -501,8 +503,8 @@ Custom validators extending WSS4J SamlAs
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
 <pre class="code-java">
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.saml.authorization.Claim;
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.saml.authorization.Claims;
+<span class="code-keyword">import</span> org.apache.cxf.security.claims.authorization.Claim;
+<span class="code-keyword">import</span> org.apache.cxf.security.claims.authorization.Claims;
 
 @Path(<span class="code-quote">"/bookstore"</span>)
 <span class="code-keyword">public</span> class SecureClaimBookStore {
@@ -530,8 +532,8 @@ Custom validators extending WSS4J SamlAs
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
 <pre class="code-java">
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.saml.authorization.Claim;
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.saml.authorization.Claims;
+<span class="code-keyword">import</span> org.apache.cxf.security.claims.authorization.Claim;
+<span class="code-keyword">import</span> org.apache.cxf.security.claims.authorization.Claims;
 
 @Path(<span class="code-quote">"/bookstore"</span>)
 @Claim({<span class="code-quote">"user"</span>})
@@ -637,7 +639,6 @@ If the assertion signature is verified l
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
 <pre class="code-java">
 <span class="code-keyword">import</span> org.springframework.security.annotation.Secured;
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.saml.authorization.Claims;
 
 @Path(<span class="code-quote">"/bookstore"</span>)
 @Claim({<span class="code-quote">"user"</span>})

Modified: websites/production/cxf/content/docs/jax-rs-xml-security.html
==============================================================================
--- websites/production/cxf/content/docs/jax-rs-xml-security.html (original)
+++ websites/production/cxf/content/docs/jax-rs-xml-security.html Wed Apr 25 21:48:48 2012
@@ -125,7 +125,7 @@ Apache CXF -- JAX-RS XML Security
 
 
 <div>
-<ul><li><a shape="rect" href="#JAX-RSXMLSecurity-Introduction">Introduction</a></li><li><a
shape="rect" href="#JAX-RSXMLSecurity-Mavendependencies">Maven dependencies</a></li><li><a
shape="rect" href="#JAX-RSXMLSecurity-XMLSignature">XML Signature</a></li><ul><li><a
shape="rect" href="#JAX-RSXMLSecurity-Envelopedsignatures">Enveloped signatures</a></li><li><a
shape="rect" href="#JAX-RSXMLSecurity-Envelopingsignatures">Enveloping signatures</a></li><li><a
shape="rect" href="#JAX-RSXMLSecurity-Detachedsignatures">Detached signatures</a></li><li><a
shape="rect" href="#JAX-RSXMLSecurity-Customizingthesignature">Customizing the signature</a></li></ul><li><a
shape="rect" href="#JAX-RSXMLSecurity-XMLEncryption">XML Encryption</a></li><ul><li><a
shape="rect" href="#JAX-RSXMLSecurity-Customizingtheencryption">Customizing the encryption</a></li></ul><li><a
shape="rect" href="#JAX-RSXMLSecurity-Interoperability">Interoperability</a></li></ul></div>
+<ul><li><a shape="rect" href="#JAX-RSXMLSecurity-Introduction">Introduction</a></li><li><a
shape="rect" href="#JAX-RSXMLSecurity-Mavendependencies">Maven dependencies</a></li><li><a
shape="rect" href="#JAX-RSXMLSecurity-XMLSignature">XML Signature</a></li><ul><li><a
shape="rect" href="#JAX-RSXMLSecurity-Envelopedsignatures">Enveloped signatures</a></li><li><a
shape="rect" href="#JAX-RSXMLSecurity-Envelopingsignatures">Enveloping signatures</a></li><li><a
shape="rect" href="#JAX-RSXMLSecurity-Detachedsignatures">Detached signatures</a></li><li><a
shape="rect" href="#JAX-RSXMLSecurity-Customizingthesignature">Customizing the signature</a></li></ul><li><a
shape="rect" href="#JAX-RSXMLSecurity-XMLEncryption">XML Encryption</a></li><ul><li><a
shape="rect" href="#JAX-RSXMLSecurity-Customizingtheencryption">Customizing the encryption</a></li><li><a
shape="rect" href="#JAX-RSXMLSecurity-GCMAlgorithmandBouncyCastleprovider">GCM Algorithm
and BouncyCastle provider</a></li></ul><li><a 
 shape="rect" href="#JAX-RSXMLSecurity-Interoperability">Interoperability</a></li></ul></div>
 
 <h1><a shape="rect" name="JAX-RSXMLSecurity-Introduction"></a>Introduction</h1>
 
@@ -598,6 +598,11 @@ The following properties can be set on i
 "keyEncAlgorithm": default is "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"<br clear="none">
 "keyIdentifierType": default is "X509_KEY", "X509_ISSUER_SERIAL" is also supported - useful
when the whole x509Certificate should not be embedded </p>
 
+<h2><a shape="rect" name="JAX-RSXMLSecurity-GCMAlgorithmandBouncyCastleprovider"></a>GCM
Algorithm and BouncyCastle provider</h2>
+
+<p>Please see Colm's <a shape="rect" class="external-link" href="http://coheigea.blogspot.com/2012/04/note-on-cve-2011-1096.html"
rel="nofollow">blog</a> for the information about the possible attack against XML
Encryption and the GCM algorithm which needs to be used in order to prevent it.</p>
+
+
 <h1><a shape="rect" name="JAX-RSXMLSecurity-Interoperability"></a>Interoperability</h1>
 
 <p>The payloads containing the enveloping XML Signatures are structured according to
the XML Signature specification and as such can be consumed by any XML Signature aware consumers
capable of handling the enveloping signatures and extracting the signed payload. </p>



Mime
View raw message