cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r817002 - in /websites/production/cxf/content: cache/docs.pageCache docs/ws-security.html
Date Wed, 09 May 2012 21:48:08 GMT
Author: buildbot
Date: Wed May  9 21:48:08 2012
New Revision: 817002

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/docs.pageCache
    websites/production/cxf/content/docs/ws-security.html

Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/docs/ws-security.html
==============================================================================
--- websites/production/cxf/content/docs/ws-security.html (original)
+++ websites/production/cxf/content/docs/ws-security.html Wed May  9 21:48:08 2012
@@ -374,7 +374,7 @@ CryptoCoverageChecker checker = <span cl
 
 <h2><a shape="rect" name="WS-Security-UsernameTokenAuthentication"></a>Username
Token Authentication</h2>
 
-<p>WS-Security supports many ways of specifying tokens. One of these is the UsernameToken
header. It is a standard way to communicate a username and password or password digest to
another endpoint.  Be sure to review the OASIS <a shape="rect" class="external-link" href="http://tinyurl.com/65n78j"
rel="nofollow">UsernameToken Profile Specification</a> for important security considerations
when using UsernameTokens.  Note that the nonce support recommended by the specification for
guarding against replay attacks has not yet been implemented either in CXF or WSS4J.</p>
+<p>WS-Security supports many ways of specifying tokens. One of these is the UsernameToken
header. It is a standard way to communicate a username and password or password digest to
another endpoint.  Be sure to review the OASIS <a shape="rect" class="external-link" href="http://tinyurl.com/65n78j"
rel="nofollow">UsernameToken Profile Specification</a> for important security considerations
when using UsernameTokens.  Note that the nonce support necessary for guarding against replay
attacks is active by default starting with CXF 2.6.0 but unavailable in versions prior to
that.</p>
 
 <p>For the server side, you'll want to set up the following properties on your WSS4JInInterceptor
(see <a shape="rect" href="#WS-Security-addinterceptors">above</a> for code sample):</p>
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">



Mime
View raw message