cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r828398 - in /websites/production/cxf/content: cache/docs.pageCache docs/ws-security.html
Date Wed, 08 Aug 2012 16:47:36 GMT
Author: buildbot
Date: Wed Aug  8 16:47:32 2012
New Revision: 828398

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/docs.pageCache
    websites/production/cxf/content/docs/ws-security.html

Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/docs/ws-security.html
==============================================================================
--- websites/production/cxf/content/docs/ws-security.html (original)
+++ websites/production/cxf/content/docs/ws-security.html Wed Aug  8 16:47:32 2012
@@ -127,7 +127,7 @@ Apache CXF -- WS-Security
 <ul><li>Pass authentication tokens between services</li><li>Encrypt
messages or parts of messages</li><li>Sign messages</li><li>Timestamp
messages</li></ul>
 
 
-<p>Currently, CXF implements WS-Security by integrating <a shape="rect" class="external-link"
href="http://ws.apache.org/wss4j">WSS4J</a>. To use the integration, you'll need
to configure these interceptors and add them to your service and/or client.</p>
+<p>Currently, CXF implements WS-Security by integrating <a shape="rect" class="external-link"
href="http://ws.apache.org/wss4j">WSS4J</a>. To use the integration, you'll need
to configure these interceptors and add them to your service and/or client as detailed in
this article. Alternatively, WS-Security can be implemented by using <a shape="rect" href="http://cxf.apache.org/docs/ws-securitypolicy.html">WS-SecurityPolicy</a>,
which provides a more comprehensive and sophisticated validation of the security properties
of a received message.</p>
 
 <h1><a shape="rect" name="WS-Security-Overviewofencryptionandsigning"></a>Overview
of encryption and signing</h1>
 
@@ -226,8 +226,6 @@ cxfEndpoint.getOutInterceptors().add(wss
       class=<span class="code-quote">"com.mycompany.webservice.ServerPasswordCallback"</span>/&gt;
 
    <span class="code-tag">&lt;jaxws:inInterceptors&gt;</span>
-      <span class="code-tag"><span class="code-comment">&lt;!-- SAAJ Interceptor
needs to be explicitly declared only in CXF 2.0.x --&gt;</span></span> 
-      <span class="code-tag">&lt;bean class=<span class="code-quote">"org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"</span>/&gt;</span>
       <span class="code-tag">&lt;bean class=<span class="code-quote">"org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"</span>&gt;</span>
          <span class="code-tag">&lt;constructor-arg&gt;</span>
             <span class="code-tag">&lt;map&gt;</span>
@@ -246,7 +244,7 @@ cxfEndpoint.getOutInterceptors().add(wss
 </pre>
 </div></div>
 
-<p>The entry keys and values given in the constructor-arg element above (action, signaturePropFile,
etc.) map to the text strings in WSS4J's <a shape="rect" class="external-link" href="http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/handler/WSHandlerConstants.html">WSHandlerConstants</a>
and <a shape="rect" class="external-link" href="http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/WSConstants.html">WSConstants</a>
classes for the corresponding WSHandlerConstants.XXXXX and WSConstants.XXXX constants you
see in the section below.  So by viewing WSHandlerConstants, for example, you can see that
the WSHandlerConstants.USERNAME_TOKEN value given below would need to be "UsernameToken" instead
when doing Spring configuration.</p>
+<p>The entry keys and values given in the constructor-arg element above (action, signaturePropFile,
etc.) map to the text strings in WSS4J's <a shape="rect" class="external-link" href="http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/handler/WSHandlerConstants.html">WSHandlerConstants</a>
and <a shape="rect" class="external-link" href="http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/WSConstants.html">WSConstants</a>
classes for the corresponding WSHandlerConstants.XXXXX and WSConstants.XXXX constants you
see in the section below (also see the WSS4J configuration <a shape="rect" class="external-link"
href="http://ws.apache.org/wss4j/config.html">page</a>).  So by viewing WSHandlerConstants,
for example, you can see that the WSHandlerConstants.USERNAME_TOKEN value given below would
need to be "UsernameToken" instead when doing Spring configuration.</p>
 
 <p>If you want to avoid looking up the text keys for the WSHandlerConstants.XXXXX and
WSConstants.XXXX constants, you can also use the Spring util namespace to reference static
constants in your Spring context as shown below.</p>
 
@@ -378,7 +376,7 @@ CryptoCoverageChecker checker = <span cl
 
 <p>If a nonce is present in a UsernameToken then it should be cached by the message
recipient to guard against replay attacks. This behaviour is enabled by default starting with
CXF 2.6.0. This functionality is also available from Apache CXF 2.4.7 and 2.5.3 onwards, but
is not enabled by default at all for backwards-compatibility reasons. The following properties
control nonce caching:</p>
 
-<ul><li>"ws-security.enable.nonce.cache" - The default value (for CXF 2.6.0)
is "true" for message recipients, and "false" for message initiators. Set it to true to cache
for both cases. The default value for CXF 2.4.x and 2.5.x is false.</li><li>"ws-security.nonce.cache.instance"
- This holds a reference to a ReplayCache instance used to cache UsernameToken nonces. The
default instance that is used is the EHCacheReplayCache, which uses Ehcache to cache the nonce
values.</li><li>"ws-security.cache.config.file" - Set this property to point to
a configuration file for the underlying caching implementation. By default the cxf-ehcache.xml
file in the CXF rt-ws-security module is used.</li></ul>
+<ul><li>"ws-security.enable.nonce.cache" - Whether to cache UsernameToken nonces.
The default value (for CXF 2.6.0) is "true" for message recipients, and "false" for message
initiators. Set it to true to cache for both cases. The default value for CXF 2.4.x and 2.5.x
is false. See <a shape="rect" href="http://cxf.apache.org/javadoc/latest/org/apache/cxf/ws/security/SecurityConstants.html#ENABLE_NONCE_CACHE">here</a>
for more information.</li><li>"ws-security.nonce.cache.instance" - This holds
a reference to a <a shape="rect" class="external-link" href="http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/cache/ReplayCache.html">ReplayCache</a>
instance used to cache UsernameToken nonces. The default instance that is used is the <a
shape="rect" class="external-link" href="http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/cache/EHCacheReplayCache.java?view=markup">EHCacheReplayCache</a>.</li><li>"ws-security.cache.config.file"

 - Set this property to point to a configuration file for the underlying caching implementation.
The default configuration file that is used is <a shape="rect" class="external-link" href="http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/resources/cxf-ehcache.xml?view=markup">cxf-ehcache.xml</a>
in the cxf-rt-ws-security module.</li></ul>
 
 
 <p>For the server side, you'll want to set up the following properties on your WSS4JInInterceptor
(see <a shape="rect" href="#WS-Security-addinterceptors">above</a> for code sample):</p>



Mime
View raw message