cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r827806 - in /websites/production/cxf/content: cache/docs.pageCache docs/jaxrs-kerberos.html
Date Fri, 03 Aug 2012 11:47:25 GMT
Author: buildbot
Date: Fri Aug  3 11:47:25 2012
New Revision: 827806

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/docs.pageCache
    websites/production/cxf/content/docs/jaxrs-kerberos.html

Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/docs/jaxrs-kerberos.html
==============================================================================
--- websites/production/cxf/content/docs/jaxrs-kerberos.html (original)
+++ websites/production/cxf/content/docs/jaxrs-kerberos.html Fri Aug  3 11:47:25 2012
@@ -124,7 +124,7 @@ Apache CXF -- JAXRS Kerberos
 <div id="ConfluenceContent"><p><span style="font-size:2em;font-weight:bold">
JAX-RS Kerberos Support </span></p>
 
 <div>
-<ul><li><a shape="rect" href="#JAXRSKerberos-Introduction">Introduction</a></li><ul><li><a
shape="rect" href="#JAXRSKerberos-Setup">Setup</a></li><ul><li><a
shape="rect" href="#JAXRSKerberos-Unix">Unix</a></li><li><a shape="rect"
href="#JAXRSKerberos-Windows">Windows</a></li></ul><li><a shape="rect"
href="#JAXRSKerberos-HTTPNegotiatescheme">HTTP Negotiate scheme</a></li><li><a
shape="rect" href="#JAXRSKerberos-GSSAPI">GSS API</a></li><li><a shape="rect"
href="#JAXRSKerberos-JAASKerberosModuleConfiguration">JAAS Kerberos Module Configuration</a></li></ul><li><a
shape="rect" href="#JAXRSKerberos-Clientconfiguration">Client configuration</a></li><ul><li><a
shape="rect" href="#JAXRSKerberos-HTTPConduit">HTTPConduit</a></li><li><a
shape="rect" href="#JAXRSKerberos-Interceptor">Interceptor</a></li><ul><li><a
shape="rect" href="#JAXRSKerberos-AuthorizationPolicy">Authorization Policy</a></li><li><a
shape="rect" href="#JAXRSKerberos-Configuringtheserviceprincipalname">Configuring th
 e service principal name</a></li><li><a shape="rect" href="#JAXRSKerberos-UsingJAASConfiguration">Using
JAAS Configuration</a></li></ul></ul><li><a shape="rect"
href="#JAXRSKerberos-Serverconfiguration">Server configuration</a></li><ul><li><a
shape="rect" href="#JAXRSKerberos-ServiceprincipalnameandJAASConfiguration">Service principal
name and JAAS Configuration</a></li><li><a shape="rect" href="#JAXRSKerberos-CallbackHandler">CallbackHandler</a></li></ul><li><a
shape="rect" href="#JAXRSKerberos-CredentialDelegation">Credential Delegation</a></li></ul></div>
+<ul><li><a shape="rect" href="#JAXRSKerberos-Introduction">Introduction</a></li><ul><li><a
shape="rect" href="#JAXRSKerberos-Setup">Setup</a></li><ul><li><a
shape="rect" href="#JAXRSKerberos-Unix">Unix</a></li><li><a shape="rect"
href="#JAXRSKerberos-Windows">Windows</a></li></ul><li><a shape="rect"
href="#JAXRSKerberos-HTTPNegotiatescheme">HTTP Negotiate scheme</a></li><li><a
shape="rect" href="#JAXRSKerberos-GSSAPI">GSS API</a></li><li><a shape="rect"
href="#JAXRSKerberos-JAASKerberosModuleConfiguration">JAAS Kerberos Module Configuration</a></li></ul><li><a
shape="rect" href="#JAXRSKerberos-Clientconfiguration">Client configuration</a></li><ul><li><a
shape="rect" href="#JAXRSKerberos-HTTPConduit">HTTPConduit</a></li><li><a
shape="rect" href="#JAXRSKerberos-Interceptor">Interceptor</a></li><ul><li><a
shape="rect" href="#JAXRSKerberos-AuthorizationPolicy">Authorization Policy</a></li><li><a
shape="rect" href="#JAXRSKerberos-Configuringtheserviceprincipalname">Configuring th
 e service principal name</a></li><li><a shape="rect" href="#JAXRSKerberos-UsingJAASConfiguration">Using
JAAS Configuration</a></li><li><a shape="rect" href="#JAXRSKerberos-Howtoavoidsettingusernameandpasswordproperties">How
to avoid setting username and password properties</a></li></ul></ul><li><a
shape="rect" href="#JAXRSKerberos-Serverconfiguration">Server configuration</a></li><ul><li><a
shape="rect" href="#JAXRSKerberos-ServiceprincipalnameandJAASConfiguration">Service principal
name and JAAS Configuration</a></li><li><a shape="rect" href="#JAXRSKerberos-CallbackHandler">CallbackHandler</a></li></ul><li><a
shape="rect" href="#JAXRSKerberos-CredentialDelegation">Credential Delegation</a></li></ul></div>
 
 <h1><a shape="rect" name="JAXRSKerberos-Introduction"></a>Introduction</h1>
 
@@ -245,6 +245,8 @@ Book b = wc.get(Book.class);
 
 <h3><a shape="rect" name="JAXRSKerberos-Configuringtheserviceprincipalname"></a>Configuring
the service principal name</h3>
 
+<p>Service principal identifies a target service.</p>
+
 <p>By default, the service principal name is calculated by concatenating "HTTP", "/"
and the name of the target host, example, when invoking on "http://localhost:8080/services",
the service principal name is set to "HTTP/localhost".</p>
 
 <p>The "servicePrincipalName" and "realm" properties can be used to customize it, example,
setting "servicePrincipalName" to "HTTP/www.mycompany.com" and realm to "services.org" will
result in the "HTTP/www.mycompany.com@services.org" service principal name being used. </p>
@@ -255,6 +257,14 @@ Book b = wc.get(Book.class);
 
 <p>Instead of setting this system property and maintaining a configuration file, one
might want to use an implementation of javax.security.auth.login.Configuration and set it
on the interceptor as a "loginConfig" property.    </p>
 
+<h3><a shape="rect" name="JAXRSKerberos-Howtoavoidsettingusernameandpasswordproperties"></a>How
to avoid setting username and password properties</h3>
+
+<p>Typically, one may have to set AuthorizationPolicy UserName and Password properties
for the Kerberos login module to authenticate the user.</p>
+
+<p>The next option is to create a keytab as noted in the Setup section, which will
let one to avoid specifying a password property.<br clear="none">
+Finally, if the user actually owns the Java process which runs the code then no username
and password properties have to be provided, assuming the Kerberos login configuration has
'useTicketCache' and possibly 'renewTGT' properties set to "true" </p>
+
+
 <h1><a shape="rect" name="JAXRSKerberos-Serverconfiguration"></a>Server
configuration</h1>
 
 <p>org.apache.cxf.jaxrs.security.KerberosAuthenticationFilter can be used to protected
JAX-RS endpoints and enforce that a Negotiate authentication scheme is used by clients, example:</p>



Mime
View raw message