cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1370166 - /cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
Date Tue, 07 Aug 2012 10:58:21 GMT
Author: coheigea
Date: Tue Aug  7 10:58:21 2012
New Revision: 1370166

URL: http://svn.apache.org/viewvc?rev=1370166&view=rev
Log:
Merged revisions 1370163 via  git cherry-pick from
https://svn.apache.org/repos/asf/cxf/branches/2.6.x-fixes

........
  r1370163 | coheigea | 2012-08-07 11:53:33 +0100 (Tue, 07 Aug 2012) | 10 lines

  Merged revisions 1370161 via  git cherry-pick from
  https://svn.apache.org/repos/asf/cxf/trunk

  ........
    r1370161 | coheigea | 2012-08-07 11:33:02 +0100 (Tue, 07 Aug 2012) | 2 lines

    Updated SecurityPolicy documentation.

  ........

........

Modified:
    cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java

Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=1370166&r1=1370165&r2=1370166&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
(original)
+++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
Tue Aug  7 10:58:21 2012
@@ -142,7 +142,9 @@ public final class SecurityConstants {
     //Be default, we will encrypt as well for interop reasons.  However, this
     //setting can be set to false to turn that off.
     /**
-     * Whether to always encrypt UsernameTokens whenever possible. The default is true.
+     * Whether to always encrypt UsernameTokens that are defined as a SupportingToken. The
default 
+     * is true. This should not be set to false in a production environment, as it exposes
the 
+     * password (or the digest of the password) on the wire.
      */
     public static final String ALWAYS_ENCRYPT_UT = "ws-security.username-token.always.encrypted";
     
@@ -177,8 +179,8 @@ public final class SecurityConstants {
     //
     
     /**
-     * The time in seconds after Creation that an incoming Timestamp is valid for. The default
-     * value is 300 seconds (5 minutes).
+     * The time in seconds to append to the Creation value of an incoming Timestamp to determine
+     * whether to accept the Timestamp as valid or not. The default value is 300 seconds
(5 minutes).
      */
     public static final String TIMESTAMP_TTL = "ws-security.timestamp.timeToLive";
     



Mime
View raw message