cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r835114 - in /websites/production/cxf/content: cache/docs.pageCache docs/jax-rs-saml.html
Date Mon, 15 Oct 2012 10:47:35 GMT
Author: buildbot
Date: Mon Oct 15 10:47:35 2012
New Revision: 835114

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/docs.pageCache
    websites/production/cxf/content/docs/jax-rs-saml.html

Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/docs/jax-rs-saml.html
==============================================================================
--- websites/production/cxf/content/docs/jax-rs-saml.html (original)
+++ websites/production/cxf/content/docs/jax-rs-saml.html Mon Oct 15 10:47:35 2012
@@ -468,7 +468,7 @@ Custom validators extending WSS4J SamlAs
 
 <p>CXF JAX-RS offers an extension letting users to enforce a new fine-grained Claims
Based Access Control (CBAC) based on <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/api/src/main/java/org/apache/cxf/security/claims/authorization/Claim.java">Claim</a>
and <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/api/src/main/java/org/apache/cxf/security/claims/authorization/Claims.java">Claims</a>
annotations as well as <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/api/src/main/java/org/apache/cxf/security/claims/authorization/ClaimMode.java">ClaimMode</a>
enum class.   </p>
 
-<p><b>Note</b> a package for Claim, Claims and ClaimMode annotations has
changed from "org.apache.cxf.rs.security.saml.authorization" to "org.apache.cxf.security.claims.authorization".</p>
+<p><b>Note</b> a package for Claim, Claims and ClaimMode annotations has
changed from "org.apache.cxf.rs.security.saml.authorization" to "org.apache.cxf.security.claims.authorization".
Starting from CXF 2.7.1, the default name format for claims is "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
instead of "http://schemas.xmlsoap.org/ws/2005/05/identity/claims".</p>
 
 <p>Here is a simple code fragment:</p>
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
@@ -497,7 +497,9 @@ Custom validators extending WSS4J SamlAs
 </pre>
 </div></div>
 
-<p>SecureClaimBookStore.addBook(Book) can only be invoked if Subject meets the following
requirement: it needs to have a Claim with a value "admin" and another Claim confirming that
it got authenticated using either a 'fingertip' or 'smartcard' method. Note that @Claim({"admin"})
has no name and format classifiers set - it relies on default name and format values, namely
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" and "http://schemas.xmlsoap.org/ws/2005/05/identity/claims"
respectively. These default values may change in the future depending on which claims are
found to be used most often - but as you can see you can always provide name and format values
which will scope a given claim value.</p>
+<p>SecureClaimBookStore.addBook(Book) can only be invoked if Subject meets the following
requirement: it needs to have a Claim with a value "admin" and another Claim confirming that
it got authenticated using either a 'fingertip' or 'smartcard' method. Note that @Claim({"admin"})
has no name and format classifiers set - it relies on default name and format values, namely
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" and "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
("http://schemas.xmlsoap.org/ws/2005/05/identity/claims" before CXF 2.7.1) respectively. These
default values may change in the future depending on which claims are found to be used most
often - but as you can see you can always provide name and format values which will scope
a given claim value.</p>
+
+
 
 <p>Note that in the above example, a Claim with the name "http://claims/authentication-format"
has two values, 'fingertip' and 'smartcard'. By default, in order to meet this Claim, Subject
needs to have a Claim which has either a 'fingertip' or 'smartcard' value. If it is expected
that Subject needs to have a Claim which has both 'fingertip' and 'smartcard' values, then
the following change needs to be done:</p>
 



Mime
View raw message