cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r823586 - in /websites/production/cxf/content: cache/docs.pageCache docs/jax-rs.html docs/secure-jax-rs-services.html
Date Thu, 28 Jun 2012 09:48:09 GMT
Author: buildbot
Date: Thu Jun 28 09:48:08 2012
New Revision: 823586

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/docs.pageCache
    websites/production/cxf/content/docs/jax-rs.html
    websites/production/cxf/content/docs/secure-jax-rs-services.html

Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/docs/jax-rs.html
==============================================================================
--- websites/production/cxf/content/docs/jax-rs.html (original)
+++ websites/production/cxf/content/docs/jax-rs.html Thu Jun 28 09:48:08 2012
@@ -459,7 +459,7 @@ by Java HTTPUrlConnection. When needed, 
 
 <p>Please see the <a shape="rect" href="secure-jax-rs-services.html" title="Secure
JAX-RS Services">Secure JAX-RS Services</a> page for more information.</p>
 
-<p>Please also check <a shape="rect" class="external-link" href="https://cwiki.apache.org/confluence/display/CXF20DOC/JAX-RS+XML+Security">JAX-RS
XML Security</a>, <a shape="rect" href="jax-rs-saml.html" title="JAX-RS SAML">JAX-RS
SAML</a> and <a shape="rect" href="jax-rs-oauth.html" title="JAX-RS OAuth">JAX-RS
OAuth</a> pages for more information about the advanced security topics.</p>
+<p>Please also check <a shape="rect" class="external-link" href="https://cwiki.apache.org/confluence/display/CXF20DOC/JAX-RS+XML+Security">JAX-RS
XML Security</a>, <a shape="rect" href="jax-rs-saml.html" title="JAX-RS SAML">JAX-RS
SAML</a> and <a shape="rect" href="jax-rs-oauth2.html" title="JAX-RS OAuth2">JAX-RS
OAuth2</a> pages for more information about the advanced security topics.</p>
 
 <h2><a shape="rect" name="JAX-RS-FailoverandLoadDistributionFeatures"></a>Failover
and Load Distribution Features</h2>
 

Modified: websites/production/cxf/content/docs/secure-jax-rs-services.html
==============================================================================
--- websites/production/cxf/content/docs/secure-jax-rs-services.html (original)
+++ websites/production/cxf/content/docs/secure-jax-rs-services.html Thu Jun 28 09:48:08 2012
@@ -124,7 +124,7 @@ Apache CXF -- Secure JAX-RS Services
 <div id="ConfluenceContent"><p><span style="font-size:2em;font-weight:bold">
JAX-RS: Security </span></p>
 
 <div>
-<ul><li><a shape="rect" href="#SecureJAX-RSServices-HTTPS">HTTPS</a></li><ul><li><a
shape="rect" href="#SecureJAX-RSServices-Configuringendpoints">Configuring endpoints</a></li><li><a
shape="rect" href="#SecureJAX-RSServices-Configuringclients">Configuring clients</a></li></ul><li><a
shape="rect" href="#SecureJAX-RSServices-Authentication">Authentication</a></li><li><a
shape="rect" href="#SecureJAX-RSServices-Authorization">Authorization</a></li><li><a
shape="rect" href="#SecureJAX-RSServices-WSTrustintegration">WS-Trust integration</a></li><ul><li><a
shape="rect" href="#SecureJAX-RSServices-ValidatingBasicAuthcredentialswithSTS">Validating
BasicAuth credentials with STS</a></li></ul><li><a shape="rect"
href="#SecureJAX-RSServices-NoteaboutSecurityManager">Note about SecurityManager</a></li></ul></div>
+<ul><li><a shape="rect" href="#SecureJAX-RSServices-HTTPS">HTTPS</a></li><ul><li><a
shape="rect" href="#SecureJAX-RSServices-Configuringendpoints">Configuring endpoints</a></li><li><a
shape="rect" href="#SecureJAX-RSServices-Configuringclients">Configuring clients</a></li></ul><li><a
shape="rect" href="#SecureJAX-RSServices-Authentication">Authentication</a></li><li><a
shape="rect" href="#SecureJAX-RSServices-Authorization">Authorization</a></li><li><a
shape="rect" href="#SecureJAX-RSServices-WSTrustintegration">WS-Trust integration</a></li><ul><li><a
shape="rect" href="#SecureJAX-RSServices-ValidatingBasicAuthcredentialswithSTS">Validating
BasicAuth credentials with STS</a></li><li><a shape="rect" href="#SecureJAX-RSServices-UsingSTStovalidateSAMLassertions">Using
STS to validate SAML assertions</a></li></ul><li><a shape="rect"
href="#SecureJAX-RSServices-NoteaboutSecurityManager">Note about SecurityManager</a></li><li><a
shape="rect" href="#SecureJAX-RSServices-AdvancedSec
 urity">Advanced Security</a></li><li><a shape="rect" href="#SecureJAX-RSServices-Restrictinglargepayloads">Restricting
large payloads</a></li><li><a shape="rect" href="#SecureJAX-RSServices-CrossOriginResourceSharing">Cross
Origin Resource Sharing</a></li></ul></div>
 
 <h1><a shape="rect" name="SecureJAX-RSServices-HTTPS"></a>HTTPS</h1>
 
@@ -231,6 +231,8 @@ WebClient client = WebClient.create(addr
 
 <p>HTTPConduits can also be 'bound' to proxies or WebClients using expanded QNames.
Please see this <a shape="rect" href="http://cxf.apache.org/docs/jax-rs-client-api.html#JAX-RSClientAPI-ConfiguringanHTTPConduitfromSpring">section</a>
for more information.</p>
 
+<p>Please see <a shape="rect" class="external-link" href="http://aruld.info/programming-ssl-for-jetty-based-cxf-services/"
rel="nofollow">this blog entry</a> on how the HTTPConduit TLS properties can be set
up from the code. In the code, do WebClient.getConfig(myClient).getHTTPConduit() and proceed
from there.</p>
+
 <h1><a shape="rect" name="SecureJAX-RSServices-Authentication"></a>Authentication</h1>
 
 <p>It is often containers like Tomcat or frameworks like Spring Security which handle
the user authentication. Sometimes you might want to do the custom authentication instead.
CXF HTTP Transport adds decoded Basic Authentication credentials into an instance of AuthorizationPolicy
extension and sets it on the current message. Thus the easiest way is to register a custom
invoker or <tt>RequestHandler</tt> filter which will extract a user name and password
like this:</p>
@@ -330,8 +332,6 @@ CXF JAX-RS SimpleAuthorizingFilter can b
 
 <p>One of the requirements for deploying CXF endpoints into secure web service environments
is to ensure that existing WS-Trust STS services can be used to protect the endpoints. JAX-WS
endpoints can rely on CXF WS-Security and WS-Trust support. Making sure CXF JAX-RS endpoints
can be additionally secured by STS is strategically important task. CXF provides close integration
between JAX-WS and JAX-RS frontends thus reusing CXF JAX-WS and WS-Security is the most effective
way toward achieving this integration.</p>
 
-<p>At the moment what can be done is to have Basic Authentication credentials validated
with STS. The next step is to provide a more advanced integration with STS, stay tuned.  
  </p>
-
 <h2><a shape="rect" name="SecureJAX-RSServices-ValidatingBasicAuthcredentialswithSTS"></a>Validating
BasicAuth credentials with STS</h2>
 
 <p>Validating Basic Authentication credentials with STS is possible starting from CXF
2.4.1. JAX-RS and JAX-WS services can rely on this feature. Here is an example on how a jaxrs
endpoint can be configured:</p>
@@ -403,6 +403,10 @@ CXF JAX-RS SimpleAuthorizingFilter can b
 
 <p>AuthPolicyValidatingInterceptor converts Basic Auth info into WSS4J UsernameToken
and delegates to STS to validate.</p>
 
+<h2><a shape="rect" name="SecureJAX-RSServices-UsingSTStovalidateSAMLassertions"></a>Using
STS to validate SAML assertions</h2>
+
+<p>Please see <a shape="rect" href="http://cxf.apache.org/docs/jax-rs-saml.html#JAX-RSSAML-SAMLAssertionValidation">this
section</a> for more information on how STSSamlAssertionValidator can be used to validate
the inbound SAML assertions.</p>
+
 <h1><a shape="rect" name="SecureJAX-RSServices-NoteaboutSecurityManager"></a>Note
about SecurityManager</h1>
 
 <p>If <tt>java.lang.SecurityManager</tt> is installed then you'll likely
need to configure the trusted JAX-RS codebase with a 'suppressAccessChecks' permission for
the injection of JAXRS context or parameter fields to succeed. For example, you may want to
update a Tomcat <a shape="rect" class="external-link" href="http://tomcat.apache.org/tomcat-5.5-doc/security-manager-howto.html">catalina.policy</a>
with the following permission :</p>
@@ -414,7 +418,18 @@ grant codeBase <span class="code-quote">
 };
 </pre>
 </div></div>
-</div>
+
+<h1><a shape="rect" name="SecureJAX-RSServices-AdvancedSecurity"></a>Advanced
Security</h1>
+
+<p>Please check <a shape="rect" href="jax-rs-xml-security.html" title="JAX-RS XML
Security">JAX-RS XML Security</a>, <a shape="rect" href="jax-rs-saml.html" title="JAX-RS
SAML">JAX-RS SAML</a> and <a shape="rect" href="jax-rs-oauth2.html" title="JAX-RS
OAuth2">JAX-RS OAuth2</a> pages for more information about the advanced security
topics.</p>
+
+<h1><a shape="rect" name="SecureJAX-RSServices-Restrictinglargepayloads"></a>Restricting
large payloads</h1>
+
+<p>Please see <a shape="rect" class="external-link" href="https://cwiki.apache.org/confluence/display/CXF20DOC/JAX-RS+Data+Bindings#JAX-RSDataBindings-ControllingLargeJAXBXMLandJSONinputpayloads">this
section</a> for more information.</p>
+
+<h1><a shape="rect" name="SecureJAX-RSServices-CrossOriginResourceSharing"></a>Cross
Origin Resource Sharing</h1>
+
+<p>Please see <a shape="rect" href="jax-rs-cors.html" title="JAX-RS CORS">this
section</a> for more information. Also check <a shape="rect" href="http://cxf.apache.org/docs/jax-rs-data-bindings.html#JAX-RSDataBindings-JSONWithPadding">the
section</a> about JSONP.</p></div>
            </div>
            <!-- Content -->
          </td>



Mime
View raw message