cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r823299 - in /websites/production/cxf/content: cache/docs.pageCache docs/ws-securitypolicy.html
Date Tue, 26 Jun 2012 14:48:02 GMT
Author: buildbot
Date: Tue Jun 26 14:48:00 2012
New Revision: 823299

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/docs.pageCache
    websites/production/cxf/content/docs/ws-securitypolicy.html

Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/docs/ws-securitypolicy.html
==============================================================================
--- websites/production/cxf/content/docs/ws-securitypolicy.html (original)
+++ websites/production/cxf/content/docs/ws-securitypolicy.html Tue Jun 26 14:48:00 2012
@@ -139,10 +139,11 @@ Apache CXF -- WS-SecurityPolicy
 
 
 <h3><a shape="rect" name="WS-SecurityPolicy-Configuringtheextraproperties"></a>Configuring
the extra properties</h3>
-<p>With CXF 2.2, there are several extra properties that may need to be set to provide
the additional bits of information to the runtime:</p>
+<p>There are several extra properties that may need to be set to provide the additional
bits of information to the runtime. Note that you should check that a particular property
is supported in the version of CXF you are using.</p>
 
 <div class="table-wrap">
-<table class="confluenceTable"><tbody><tr><td colspan="1" rowspan="1"
class="confluenceTd"> ws-security.username </td><td colspan="1" rowspan="1" class="confluenceTd">
The username used for UsernameToken policy assertions </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> ws-security.password </td><td colspan="1"
rowspan="1" class="confluenceTd"> The password used for UsernameToken policy assertions.
  If not specified, the callback handler will be called. </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> ws-security.callback-handler </td><td
colspan="1" rowspan="1" class="confluenceTd"> The WSS4J security CallbackHandler that will
be used to retrieve passwords for keystores and UsernameTokens. </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> ws-security.signature.properties </td><td
colspan="1" rowspan="1" class="confluenceTd"> The properties file/object that contains
the WSS4J properties for configuring the signature keystore and c
 rypto objects </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
ws-security.encryption.properties </td><td colspan="1" rowspan="1" class="confluenceTd">
The properties file/object that contains the WSS4J properties for configuring the encryption
keystore and crypto objects </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> ws-security.signature.username </td><td colspan="1" rowspan="1"
class="confluenceTd"> The username or alias for the key in the signature keystore that
will be used.   If not specified, it uses the the default alias set in the properties file.
 If that's also not set, and the keystore only contains a single key, that key will be used.
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> ws-security.encryption.username
</td><td colspan="1" rowspan="1" class="confluenceTd"> The username or alias for
the key in the encryption keystore that will be used.   If not specified, it uses the the
default alias set in the propertie
 s file.  If that's also not set, and the keystore only contains a single key, that key will
be used.  For the web service provider, the useReqSigCert keyword can be used to accept (encrypt
to) any client whose public key is in the service's truststore (defined in ws-security.encryption.properties.)
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> ws-security.signature.crypto
</td><td colspan="1" rowspan="1" class="confluenceTd"> Instead of specifying the
signature properties, this can point to the full <a shape="rect" class="external-link"
href="http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/components/crypto/Crypto.html">WSS4J
Crypto</a> object.  This can allow easier "programmatic" configuration of the Crypto
information."</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
ws-security.encryption.crypto </td><td colspan="1" rowspan="1" class="confluenceTd">
Instead of specifying the encryption properties, this can point to the full <a s
 hape="rect" class="external-link" href="http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/components/crypto/Crypto.html">WSS4J
Crypto</a> object.  This can allow easier "programmatic" configuration of the Crypto
information." </td></tr></tbody></table>
+<table class="confluenceTable"><tbody><tr><td colspan="1" rowspan="1"
class="confluenceTd"> ws-security.username </td><td colspan="1" rowspan="1" class="confluenceTd">
The username used for UsernameToken policy assertions </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> ws-security.password </td><td colspan="1"
rowspan="1" class="confluenceTd"> The password used for UsernameToken policy assertions.
  If not specified, the callback handler will be called. </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> ws-security.callback-handler </td><td
colspan="1" rowspan="1" class="confluenceTd"> The WSS4J security CallbackHandler that will
be used to retrieve passwords for keystores and UsernameTokens. </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> ws-security.signature.properties </td><td
colspan="1" rowspan="1" class="confluenceTd"> The properties file/object that contains
the WSS4J properties for configuring the signature keystore and c
 rypto objects </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
ws-security.encryption.properties </td><td colspan="1" rowspan="1" class="confluenceTd">
The properties file/object that contains the WSS4J properties for configuring the encryption
keystore and crypto objects </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> ws-security.signature.username </td><td colspan="1" rowspan="1"
class="confluenceTd"> The username or alias for the key in the signature keystore that
will be used.   If not specified, it uses the the default alias set in the properties file.
 If that's also not set, and the keystore only contains a single key, that key will be used.
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> ws-security.encryption.username
</td><td colspan="1" rowspan="1" class="confluenceTd"> The username or alias for
the key in the encryption keystore that will be used.   If not specified, it uses the the
default alias set in the propertie
 s file.  If that's also not set, and the keystore only contains a single key, that key will
be used.  For the web service provider, the useReqSigCert keyword can be used to accept (encrypt
to) any client whose public key is in the service's truststore (defined in ws-security.encryption.properties.)
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> ws-security.signature.crypto
</td><td colspan="1" rowspan="1" class="confluenceTd"> Instead of specifying the
signature properties, this can point to the full <a shape="rect" class="external-link"
href="http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/components/crypto/Crypto.html">WSS4J
Crypto</a> object.  This can allow easier "programmatic" configuration of the Crypto
information."</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
ws-security.encryption.crypto </td><td colspan="1" rowspan="1" class="confluenceTd">
Instead of specifying the encryption properties, this can point to the full <a s
 hape="rect" class="external-link" href="http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/components/crypto/Crypto.html">WSS4J
Crypto</a> object.  This can allow easier "programmatic" configuration of the Crypto
information." </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
ws-security.subject.cert.constraints </td><td colspan="1" rowspan="1" class="confluenceTd">
This configuration tag is a comma separated String of regular expressions which will be applied
to the subject DN of the certificate used for signature validation, after trust verification
of the certificate chain associated with the  certificate. These constraints are not used
when the certificate is contained in the keystore (direct trust).</td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> ws-security.is-bsp-compliant </td><td
colspan="1" rowspan="1" class="confluenceTd"> Whether to ensure compliance with the Basic
Security Profile (BSP) 1.1 or not. The default value is "true".
 </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> ws-security.timestamp.futureTimeToLive
</td><td colspan="1" rowspan="1" class="confluenceTd">  This configuration tag
specifies the time in seconds in the future within which the Created time of an incoming Timestamp
is valid. WSS4J rejects by default any timestamp which is "Created" in the future, and so
there could potentially be<br clear="none">
+problems in a scenario where a client's clock is slightly askew. The default value for this
parameter is "0", meaning that no future-created Timestamps are allowed.</td></tr></tbody></table>
 </div>
 
 



Mime
View raw message