cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (Confluence)" <conflue...@apache.org>
Subject [CONF] Apache CXF Documentation > WS-SecurityPolicy
Date Thu, 09 Jan 2014 16:09:00 GMT
<html>
    <head>
        <meta name="viewport" content="width=device-width" />
        <base href="https://cwiki.apache.org/confluence" />
        <style type="text/css">
    body, #email-content, #email-content-inner { font-family: Arial,FreeSans,Helvetica,sans-serif; }
    body, p, blockquote, pre, code, td, th, li, dt, dd { font-size: 13px; }
    small { font-size: 11px; }

    body { width:100% !important; -webkit-font-smoothing: antialiased; }

    body,
    #email-wrapper { background-color: #f0f0f0; }
    #email-wrapper-inner { padding: 20px; text-align: center; }
    #email-content-inner { background-color: #fff; border: 1px solid #bbb; color: $menuTxtColour; padding:20px; text-align:left; }
    #email-wrapper-inner > table { width: 100%; }
    #email-wrapper-inner.thin > table { margin: 0 auto; width: 50%; }
    #email-footer { padding: 0 16px 32px 16px; margin: 0; }

    .email-indent { margin: 8px 0 16px 0; }
    .email-comment { margin: 0 0 0 56px; }
    .email-comment.removed { background-color: #ffe7e7; border: 1px solid #df9898; padding: 0 8px;}

    #email-title-avatar { text-align: left; vertical-align: top; width: 48px; padding-right: 8px; }
    #email-title-flavor { margin: 0; padding: 0 0 4px 0; }
    #email-title-heading { font-size: 16px; line-height: 20px; min-height: 20px; margin: 0; padding: 0; }
    #email-title .icon { border: 0; padding: 0 5px 0 0; text-align: left; vertical-align: middle; }

    #email-actions { border-top: 1px solid #bbb; color: #505050; margin: 8px 0 0 0; padding: 0; }
    #email-actions td { padding-top: 8px; }
    #email-actions .left { max-width: 45%; text-align: left; }
    #email-actions .right { text-align: right; }
    .email-reply-divider { border-top: 1px solid #bbb; color: #505050; margin: 32px 0 8px 0; padding: 8px 0; }
    .email-section-title { border-bottom: 1px solid #bbb; margin: 8px 0; padding: 8px 0 0 0; }

    .email-metadata { color: #505050; }

    a { color: #326ca6; text-decoration: none; }
    a:hover { color: #336ca6; text-decoration: underline; }
    a:active {color: #326ca6; }

    a.email-footer-link { color: #505050; font-size: 11px; }

    .email-item-list { list-style: none; margin: 4px 0; padding-left: 0; }
    .email-item-list li { list-style: none; margin: 0; padding: 4px 0; }
    .email-list-divider { color: #505050; padding: 0 0.35em; }
    .email-operation-icon { padding-right: 5px; }

    .avatar { -ms-interpolation-mode: bicubic; border-radius: 3px;}
    .avatar-link { margin: 2px; }

    .tableview th { border-bottom: 1px solid #69C; font-weight: bold; text-align: left; }
    .tableview td { border-bottom: 1px solid #bbbbbb; text-align: left; padding: 4px 16px 4px 0; }

    .aui-message {  margin: 1em 0; padding: 8px; }
    .aui-message.info { background-color: #e0f0ff; border: 1px solid #9eb6d4; }
    .aui-message.success { background-color: #ddfade; border: 1px solid #93c49f; }
    .aui-message.error,
    .aui-message.removed { background-color: #ffe7e7; border: 1px solid #df9898; color: #000; }

    .call-to-action-table { margin: 10px 1px 1px 1px;}
    .call-to-cancel-container, .call-to-action-container { padding: 5px 20px; }
    .call-to-cancel-container { border: 1px solid #aaa; background-color: #eee; border-radius: 3px; }
    .call-to-cancel-container a.call-to-cancel-button { background-color: #eee; font-size: 14px; line-height: 1; padding: 0; margin: 0; color: #666; font-family: sans-serif;}
    .call-to-action-container { border: 1px solid #486582;  background-color: #3068A2; border-radius: 3px; padding: 4px 10px; }
    .call-to-action-container a.call-to-action-button { background-color: #3068A2; font-size: 14px; line-height: 1; padding: 0; margin: 0; color: #fff; font-weight: bold; font-family: sans-serif; }

    /** The span around the inline task checkbox image */
    .diff-inline-task-overlay {
        display: inline-block;
        text-align: center;
        height: 1.5em;
        padding: 5px 0px 1px 5px;
        margin-right: 5px;
        /** Unfortunately, the negative margin-left is stripped out in gmail */
        margin-left: -5px;
    }

            @media handheld, only screen and (max-device-width: 480px) {
        div, a, p, td, th, li, dt, dd { -webkit-text-size-adjust: auto; }
        small, small a { -webkit-text-size-adjust: 90%; }

        td[id=email-wrapper-inner] { padding: 2px !important; }
        td[id=email-content-inner] { padding: 8px !important; }
        td[id="email-wrapper-inner"][class="thin"] > table { text-align: left !important; width: 100% !important; }
        td[id=email-footer] { padding: 8px 12px !important; }
        div[class=email-indent] { margin: 8px 0px !important; }
        div[class=email-comment] { margin: 0 !important; }

        p[id=email-title-flavor] a { display: block; } /* puts the username and the action on separate lines */
        p[id=email-permalink] { padding: 4px 0 0 0 !important; }

        table[id=email-actions] td { padding-top: 0 !important; }
        table[id=email-actions] td.right { text-align: right !important; }
        table[id=email-actions] .email-list-item { display: block; margin: 1em 0 !important; word-wrap: normal !important; }
        span[class=email-list-divider] { display: none; }
    }



        </style>
    </head>
    <body style="font-family: Arial, FreeSans, Helvetica, sans-serif; font-size: 13px; width: 100%; -webkit-font-smoothing: antialiased; background-color: #f0f0f0">
        <table id="email-wrapper" width="100%" cellspacing="0" cellpadding="0" border="0" style="background-color: #f0f0f0">
            <tbody>
                <tr valign="middle">
                    <td id="email-wrapper-inner" style="font-size: 13px; padding: 20px; text-align: center">
                        <table id="email-content" cellspacing="0" cellpadding="0" border="0" style="font-family: Arial, FreeSans, Helvetica, sans-serif; width: 100%">
                            <tbody>
                                <tr valign="top">
                                    <td id="email-content-inner" align="left" style="font-family: Arial, FreeSans, Helvetica, sans-serif; font-size: 13px; background-color: #fff; border: 1px solid #bbb; padding: 20px; text-align: left">
                                        <table id="email-title" cellpadding="0" cellspacing="0" border="0" width="100%">
                                            <tbody>
                                                <tr>
                                                    <td id="email-title-avatar" rowspan="2" style="font-size: 13px; text-align: left; vertical-align: top; width: 48px; padding-right: 8px"> <img class="avatar" src="cid:avatar_9d57f4bd06048e7223da0909722fb7c3" border="0" height="48" width="48" style="-ms-interpolation-mode: bicubic; border-radius: 3px" /> </td>
                                                    <td valign="top" style="font-size: 13px">
                                                        <div id="email-title-flavor" class="email-metadata" style="margin: 0; padding: 0 0 4px 0; color: #505050">
                                                            <a href="    https://cwiki.apache.org/confluence/display/~coheigea@apache.org " style="color:#326ca6;text-decoration:none;; color: #326ca6; text-decoration: none">Colm O hEigeartaigh</a> edited the page:
                                                        </div> </td>
                                                </tr>
                                                <tr>
                                                    <td valign="top" style="font-size: 13px"> <h2 id="email-title-heading" style="font-size: 16px; line-height: 20px; min-height: 20px; margin: 0; padding: 0"> <a href="https://cwiki.apache.org/confluence/display/CXF20DOC/WS-SecurityPolicy" style="color: #326ca6; text-decoration: none"> <img class="icon" src="cid:page-icon" alt="" style="border: 0; padding: 0 5px 0 0; text-align: left; vertical-align: middle" /> <strong style="font-size:16px;line-height:20px;vertical-align:top;">WS-SecurityPolicy</strong> </a> </h2> </td>
                                                </tr>
                                            </tbody>
                                        </table>
                                        <div class="email-indent" style="margin: 8px 0 16px 0">
                                            <div class="email-diff">
                                                <div id="page-diffs" class="wiki-content">
                                                    <p class="diff-context-placeholder" style="font-size: 13px">...</p>
                                                    <div class="table-wrap diff-block-target">
                                                        <table class="confluenceTable" style="border-collapse: collapse; border: 1px solid #ddd;">
                                                            <tbody>
                                                                <tr>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">constant</p> </td>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">default</p> </td>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">definition</p> </td>
                                                                </tr>
                                                                <tr>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">ws-security.validate.token</p> </td>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">true</p> </td>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">Whether to validate the password of a received UsernameToken or not.</p> </td>
                                                                </tr>
                                                                <tr>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">ws-security.enableRevocation</p> </td>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">false</p> </td>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">Whether to enable Certificate Revocation List (CRL) checking or not when verifying trust in a certificate.</p> </td>
                                                                </tr>
                                                                <tr>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">ws-security.username-token.always.encrypted</p> </td>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">true</p> </td>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">Whether to always encrypt UsernameTokens that are defined as a SupportingToken. This should not be set to false in a production environment, as it exposes the password (or the digest of the password) on the wire.</p> </td>
                                                                </tr>
                                                                <tr>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">ws-security.is-bsp-compliant</p> </td>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">true</p> </td>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">Whether to ensure compliance with the Basic Security Profile (BSP) 1.1 or not.</p> </td>
                                                                </tr>
                                                                <tr>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">ws-security.self-sign-saml-assertion</p> </td>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">false</p> </td>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">Whether to self-sign a SAML Assertion or not. If this is set to true, then an enveloped signature will be generated when the SAML Assertion is constructed.</p> </td>
                                                                </tr>
                                                                <tr>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">ws-security.enable.nonce.cache</p> </td>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">(varies)</p> </td>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">Whether to cache UsernameToken nonces. See <a href="http://cxf.apache.org/javadoc/latest/org/apache/cxf/ws/security/SecurityConstants.html#ENABLE_NONCE_CACHE" class="external-link" rel="nofollow" style="color: #326ca6; text-decoration: none">here</a> for more information.</p> </td>
                                                                </tr>
                                                                <tr>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">ws-security.enable.timestamp.cache</p> </td>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">(varies)</p> </td>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">Whether to cache Timestamp Created Strings. See <a href="http://cxf.apache.org/javadoc/latest/org/apache/cxf/ws/security/SecurityConstants.html#ENABLE_TIMESTAMP_CACHE" class="external-link" rel="nofollow" style="color: #326ca6; text-decoration: none">here</a> for more information.</p> </td>
                                                                </tr>
                                                                <tr>
                                                                    <td colspan="1" class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"><span class="diff-html-added" id="added-diff-0" style="font-size: 100%; background-color: #ddfade;">ws-security.enable.saml.cache</span></td>
                                                                    <td colspan="1" class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"><span class="diff-html-added" style="font-size: 100%; background-color: #ddfade;">(varies)</span></td>
                                                                    <td colspan="1" class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"><span class="diff-html-added" style="font-size: 100%; background-color: #ddfade;">Whether to cache SAML2 Token Identifiers, if the token contains a &quot;OneTimeUse&quot; Condition.</span></td>
                                                                </tr>
                                                            </tbody>
                                                        </table>
                                                    </div>
                                                    <h4 id="WS-SecurityPolicy-Non-booleanWS-SecurityConfigurationparameters" class="diff-block-context">Non-boolean WS-Security Configuration parameters</h4>
                                                    <div class="table-wrap diff-block-target">
                                                        <table class="confluenceTable" style="border-collapse: collapse; border: 1px solid #ddd;">
                                                            <tbody>
                                                                <tr>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">ws-security.timestamp.timeToLive</p> </td>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">The time in seconds to append to the Creation value of an incoming Timestamp to determine whether to accept the Timestamp as valid or not. The default value is 300 seconds (5 minutes).</p> </td>
                                                                </tr>
                                                                <tr>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">ws-security.timestamp.futureTimeToLive</p> </td>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">The time in seconds in the future within which the Created time of an incoming Timestamp is valid. The default value is &quot;60&quot;. See <a href="http://cxf.apache.org/javadoc/latest/org/apache/cxf/ws/security/SecurityConstants.html#TIMESTAMP_FUTURE_TTL" class="external-link" rel="nofollow" style="color: #326ca6; text-decoration: none">here</a> for more information.</p> </td>
                                                                </tr>
                                                                <tr>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">ws-security.saml-role-attributename</p> </td>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">The attribute URI of the SAML AttributeStatement where the role information is stored. The default is &quot;http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role&quot;.</p> </td>
                                                                </tr>
                                                                <tr>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">ws-security.kerberos.client</p> </td>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">A reference to the <a href="http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java?view=markup" class="external-link" rel="nofollow" style="color: #326ca6; text-decoration: none">KerberosClient</a> class used to obtain a service ticket.</p> </td>
                                                                </tr>
                                                                <tr>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">ws-security.spnego.client.action</p> </td>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">The <a href="http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/spnego/SpnegoClientAction.html" class="external-link" rel="nofollow" style="color: #326ca6; text-decoration: none">SpnegoClientAction</a> implementation to use for SPNEGO. This allows the user to plug in a different implementation to obtain a service ticket.</p> </td>
                                                                </tr>
                                                                <tr>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">ws-security.kerberos.jaas.context</p> </td>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">The JAAS Context name to use for Kerberos. This is currently only supported for SPNEGO.</p> </td>
                                                                </tr>
                                                                <tr>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">ws-security.kerberos.spn</p> </td>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">The Kerberos Service Provider Name (spn) to use. This is currently only supported for SPNEGO.</p> </td>
                                                                </tr>
                                                                <tr>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">ws-security.nonce.cache.instance</p> </td>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">This holds a reference to a <a href="http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/cache/ReplayCache.html" class="external-link" rel="nofollow" style="color: #326ca6; text-decoration: none">ReplayCache</a> instance used to cache UsernameToken nonces. The default instance that is used is the <a href="http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/cache/EHCacheReplayCache.java?view=markup" class="external-link" rel="nofollow" style="color: #326ca6; text-decoration: none">EHCacheReplayCache</a>.</p> </td>
                                                                </tr>
                                                                <tr>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">ws-security.timestamp.cache.instance</p> </td>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">This holds a reference to a <a href="http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/cache/ReplayCache.html" class="external-link" rel="nofollow" style="color: #326ca6; text-decoration: none">ReplayCache</a> instance used to cache Timestamp Created Strings. The default instance that is used is the <a href="http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/cache/EHCacheReplayCache.java?view=markup" class="external-link" rel="nofollow" style="color: #326ca6; text-decoration: none">EHCacheReplayCache</a>.</p> </td>
                                                                </tr>
                                                                <tr>
                                                                    <td colspan="1" class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"><span class="diff-html-changed" id="changed-diff-0" style="background-color: #d6f0ff;">ws-security.</span><span class="diff-html-added" id="added-diff-1" style="font-size: 100%; background-color: #ddfade;">saml.</span><span class="diff-html-changed" id="changed-diff-1" style="background-color: #d6f0ff;">cache.</span><span class="diff-html-added" id="added-diff-2" style="font-size: 100%; background-color: #ddfade;">instance</span></td>
                                                                    <td colspan="1" class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"><span class="diff-html-added" style="font-size: 100%; background-color: #ddfade;">This holds a reference to a </span><a href="http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/cache/ReplayCache.html" class="external-link" rel="nofollow" style="color: #326ca6; text-decoration: none"><span class="diff-html-added" style="font-size: 100%; background-color: #ddfade;">ReplayCache</span></a><span class="diff-html-added" style="font-size: 100%; background-color: #ddfade;"> instance used to cache SAML2 Token Identifiers, when the token has a &quot;OneTimeUse&quot; Condition. The default instance that is used is the </span><a href="http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/cache/EHCacheReplayCache.java?view=markup" class="external-link" rel="nofollow" style="color: #326ca6; text-decoration: none"><span class="diff-html-added" style="font-size: 100%; background-color: #ddfade;">EHCacheReplayCache</span></a><span class="diff-html-added" style="font-size: 100%; background-color: #ddfade;">.</span></td>
                                                                </tr>
                                                                <tr>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px"> <span class="diff-html-added" style="font-size: 100%; background-color: #ddfade;">ws-security.cache.</span>config.file</p> </td>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">Set this property to point to a configuration file for the underlying caching implementation. The default configuration file that is used is <a href="http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/resources/cxf-ehcache.xml?view=markup" class="external-link" rel="nofollow" style="color: #326ca6; text-decoration: none">cxf-ehcache.xml</a> in the cxf-rt-ws-security module.</p> </td>
                                                                </tr>
                                                                <tr>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">org.apache.cxf.ws.security.tokenstore.TokenStore</p> </td>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">The <a href="http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java?view=markup" class="external-link" rel="nofollow" style="color: #326ca6; text-decoration: none">TokenStore</a> instance to use to cache security tokens. By default this uses the <a href="http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStore.java?view=markup" class="external-link" rel="nofollow" style="color: #326ca6; text-decoration: none">EHCacheTokenStore</a> if EhCache is available. Otherwise it uses the <a href="http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java?view=markup" class="external-link" rel="nofollow" style="color: #326ca6; text-decoration: none">MemoryTokenStore</a>.</p> </td>
                                                                </tr>
                                                                <tr>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">ws-security.subject.cert.constraints</p> </td>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">A comma separated String of regular expressions which will be applied to the subject DN of the certificate used for signature validation, after trust verification of the certificate chain associated with the certificate. These constraints are not used when the certificate is contained in the keystore (direct trust).</p> </td>
                                                                </tr>
                                                                <tr>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">ws-security.role.classifier</p> </td>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">If one of the WSS4J Validators returns a JAAS Subject from Validation, then the WSS4JInInterceptor will attempt to create a SecurityContext based on this Subject. If this value is not specified, then it tries to get roles using the DefaultSecurityContext in cxf-rt-core. Otherwise it uses this value in combination with the SUBJECT_ROLE_CLASSIFIER_TYPE to get the roles from the Subject.</p> </td>
                                                                </tr>
                                                                <tr>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">ws-security.role.classifier.type</p> </td>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">If one of the WSS4J Validators returns a JAAS Subject from Validation, then the WSS4JInInterceptor will attempt to create a SecurityContext based on this Subject. Currently accepted values are &quot;prefix&quot; or &quot;classname&quot;. Must be used in conjunction with the SUBJECT_ROLE_CLASSIFIER. The default value is &quot;prefix&quot;.</p> </td>
                                                                </tr>
                                                                <tr>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">ws-security.asymmetric.signature.algorithm</p> </td>
                                                                    <td class="confluenceTd" style="border: 1px solid #DDD; padding: 5px 7px; min-width: 0.6em; text-align: left; vertical-align: top;; font-size: 13px"> <p style="font-size: 13px">This configuration tag overrides the default Asymmetric Signature algorithm (RSA-SHA1) for use in WS-SecurityPolicy, as the WS-SecurityPolicy specification does not allow the use of other algorithms at present.</p> </td>
                                                                </tr>
                                                            </tbody>
                                                        </table>
                                                    </div>
                                                    <p class="diff-context-placeholder" style="font-size: 13px">...</p>
                                                    <p class="diff-block-context" style="font-size: 13px">The properties are easily configured as client or endpoint properties--use the former for the SOAP client, the latter for the web service provider.</p>
                                                    <table class="diff-macro diff-block-target" style="background-color: #f0f0f0;border: 1px solid #dddddd;margin: 10px 1px;padding: 0 2px 2px;width: 100%;">
                                                        <thead>
                                                            <tr>
                                                                <th class="diff-macro-title" style="background-color: transparent; text-align: left; font-weight: normal;padding: 5px;; font-size: 13px"><span class="icon macro-placeholder-icon" style="background-color: ;line-height: 20px;"><img src="https://cwiki.apache.org/confluence/s/en_GB-1988229788/4109/76e0dbb30bc8580e459c201f3535d84f9283a9ac.1/_/plugins/servlet/confluence/placeholder/macro-icon?name=code" style="padding-right: 5px; vertical-align: text-bottom;" /> </span>Code Block</th>
                                                            </tr>
                                                        </thead>
                                                        <tbody>
                                                            <tr>
                                                                <td class="diff-macro-properties" style="background-color: #fafafa; padding: 0 0 0 5px; font-size: 12px; text-align: left;padding: 0; border: 1px solid #dddddd;; font-size: 13px">
                                                                    <table>
                                                                        <tbody>
                                                                            <tr>
                                                                                <td style="background-color: #fafafa; padding: 0 0 0 5px; font-size: 12px; text-align: left;; font-size: 13px"></td>
                                                                                <td style="background-color: #fafafa; padding: 0 0 0 5px; font-size: 12px; text-align: left;; font-size: 13px">xml</td>
                                                                            </tr>
                                                                        </tbody>
                                                                    </table> </td>
                                                            </tr>
                                                        </tbody>
                                                        <tbody>
                                                            <tr>
                                                                <td class="diff-macro-body" style="background-color: #fff;border: 1px solid #dddddd;padding: 10px;; font-size: 13px"> <pre style="font-size: 13px">
<span class="diff-html-removed" id="removed-diff-0" style="font-size: 100%; background-color: #ffe7e7; text-decoration: line-through;">
</span>&lt;beans xmlns=&quot;http://www.springframework.org/schema/beans&quot;
   xmlns:xsi=&quot;http://www.w3.org/2001/XMLSchema-instance&quot;
   xmlns:jaxws=&quot;http://cxf.apache.org/jaxws&quot;
   xsi:schemaLocation=&quot;http://www.springframework.org/schema/beans
   http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
   http://cxf.apache.org/jaxws
   http://cxf.apache.org/schemas/jaxws.xsd&quot;&gt;

   &lt;jaxws:client name=&quot;{http://cxf.apache.org}MyPortName&quot;
      createdFromAPI=&quot;true&quot;&gt;
      &lt;jaxws:properties&gt;
         &lt;entry key=&quot;ws-security.callback-handler&quot;
             value=&quot;interop.client.KeystorePasswordCallback&quot;/&gt;
         &lt;entry key=&quot;ws-security.signature.properties&quot;
             value=&quot;etc/client.properties&quot;/&gt;
         &lt;entry key=&quot;ws-security.encryption.properties&quot;
             value=&quot;etc/service.properties&quot;/&gt;
         &lt;entry key=&quot;ws-security.encryption.username&quot;
             value=&quot;servicekeyalias&quot;/&gt;
      &lt;/jaxws:properties&gt;
   &lt;/jaxws:client&gt;

&lt;/beans&gt;
</pre> </td>
                                                            </tr>
                                                        </tbody>
                                                    </table>
                                                    <p class="diff-block-context" style="font-size: 13px">For the jaxws:client's <em>name</em> attribute above, use the namespace of the WSDL along with the <em>name</em> attribute of the desired wsdl:port element under the WSDL's service section. (See <a href="http://tinyurl.com/yatskw4" class="external-link" rel="nofollow" style="color: #326ca6; text-decoration: none">here</a> and <a href="http://tinyurl.com/y9e7rjf" class="external-link" rel="nofollow" style="color: #326ca6; text-decoration: none">here</a> for an example.)</p>
                                                    <table class="diff-macro diff-block-target" style="background-color: #f0f0f0;border: 1px solid #dddddd;margin: 10px 1px;padding: 0 2px 2px;width: 100%;">
                                                        <thead>
                                                            <tr>
                                                                <th class="diff-macro-title" style="background-color: transparent; text-align: left; font-weight: normal;padding: 5px;; font-size: 13px"><span class="icon macro-placeholder-icon" style="background-color: ;line-height: 20px;"><img src="https://cwiki.apache.org/confluence/s/en_GB-1988229788/4109/76e0dbb30bc8580e459c201f3535d84f9283a9ac.1/_/plugins/servlet/confluence/placeholder/macro-icon?name=code" style="padding-right: 5px; vertical-align: text-bottom;" /> </span>Code Block</th>
                                                            </tr>
                                                        </thead>
                                                        <tbody>
                                                            <tr>
                                                                <td class="diff-macro-properties" style="background-color: #fafafa; padding: 0 0 0 5px; font-size: 12px; text-align: left;padding: 0; border: 1px solid #dddddd;; font-size: 13px">
                                                                    <table>
                                                                        <tbody>
                                                                            <tr>
                                                                                <td style="background-color: #fafafa; padding: 0 0 0 5px; font-size: 12px; text-align: left;; font-size: 13px"></td>
                                                                                <td style="background-color: #fafafa; padding: 0 0 0 5px; font-size: 12px; text-align: left;; font-size: 13px">xml</td>
                                                                            </tr>
                                                                        </tbody>
                                                                    </table> </td>
                                                            </tr>
                                                        </tbody>
                                                        <tbody>
                                                            <tr>
                                                                <td class="diff-macro-body" style="background-color: #fff;border: 1px solid #dddddd;padding: 10px;; font-size: 13px"> <pre style="font-size: 13px">
<span class="diff-html-removed" id="removed-diff-1" style="font-size: 100%; background-color: #ffe7e7; text-decoration: line-through;">
</span>&lt;beans xmlns=&quot;http://www.springframework.org/schema/beans&quot;
   xmlns:xsi=&quot;http://www.w3.org/2001/XMLSchema-instance&quot;
   xmlns:jaxws=&quot;http://cxf.apache.org/jaxws&quot;
   xsi:schemaLocation=&quot;http://www.springframework.org/schema/beans
   http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
   http://cxf.apache.org/jaxws
   http://cxf.apache.org/schemas/jaxws.xsd&quot;&gt;

   &lt;jaxws:endpoint
      id=&quot;MyService&quot;
      address=&quot;https://localhost:9001/MyService&quot;
      serviceName=&quot;interop:MyService&quot;
      endpointName=&quot;interop:MyServiceEndpoint&quot;
      implementor=&quot;com.foo.MyService&quot;&gt;

      &lt;jaxws:properties&gt;
         &lt;entry key=&quot;ws-security.callback-handler&quot;
             value=&quot;interop.client.UTPasswordCallback&quot;/&gt;
         &lt;entry key=&quot;ws-security.signature.properties&quot;
             value=&quot;etc/keystore.properties&quot;/&gt;
         &lt;entry key=&quot;ws-security.encryption.properties&quot;
             value=&quot;etc/truststore.properties&quot;/&gt;
         &lt;entry key=&quot;ws-security.encryption.username&quot;
             value=&quot;useReqSigCert&quot;/&gt;
      &lt;/jaxws:properties&gt;

   &lt;/jaxws:endpoint&gt;
&lt;/beans&gt;
</pre> </td>
                                                            </tr>
                                                        </tbody>
                                                    </table>
                                                    <p class="diff-context-placeholder" style="font-size: 13px">...</p>
                                                    <p class="diff-block-context" style="font-size: 13px">Configuring the properties for the client just involves setting the properties in the client's RequestContext:</p>
                                                    <table class="diff-macro diff-block-target" style="background-color: #f0f0f0;border: 1px solid #dddddd;margin: 10px 1px;padding: 0 2px 2px;width: 100%;">
                                                        <thead>
                                                            <tr>
                                                                <th class="diff-macro-title" style="background-color: transparent; text-align: left; font-weight: normal;padding: 5px;; font-size: 13px"><span class="icon macro-placeholder-icon" style="background-color: ;line-height: 20px;"><img src="https://cwiki.apache.org/confluence/s/en_GB-1988229788/4109/76e0dbb30bc8580e459c201f3535d84f9283a9ac.1/_/plugins/servlet/confluence/placeholder/macro-icon?name=code" style="padding-right: 5px; vertical-align: text-bottom;" /> </span>Code Block</th>
                                                            </tr>
                                                        </thead>
                                                        <tbody>
                                                            <tr>
                                                                <td class="diff-macro-properties" style="background-color: #fafafa; padding: 0 0 0 5px; font-size: 12px; text-align: left;padding: 0; border: 1px solid #dddddd;; font-size: 13px">
                                                                    <table>
                                                                        <tbody>
                                                                            <tr>
                                                                                <td style="background-color: #fafafa; padding: 0 0 0 5px; font-size: 12px; text-align: left;; font-size: 13px"></td>
                                                                                <td style="background-color: #fafafa; padding: 0 0 0 5px; font-size: 12px; text-align: left;; font-size: 13px">java</td>
                                                                            </tr>
                                                                        </tbody>
                                                                    </table> </td>
                                                            </tr>
                                                        </tbody>
                                                        <tbody>
                                                            <tr>
                                                                <td class="diff-macro-body" style="background-color: #fff;border: 1px solid #dddddd;padding: 10px;; font-size: 13px"> <pre style="font-size: 13px">
<span class="diff-html-removed" id="removed-diff-2" style="font-size: 100%; background-color: #ffe7e7; text-decoration: line-through;">
</span>Map&lt;String, Object&gt; ctx = ((BindingProvider)port).getRequestContext();
ctx.put(&quot;ws-security.encryption.properties&quot;, properties);
port.echoString(&quot;hello&quot;);
</pre> </td>
                                                            </tr>
                                                        </tbody>
                                                    </table>
                                                </div>
                                            </div>
                                        </div>
                                        <table id="email-actions" class="email-metadata" cellspacing="0" cellpadding="0" border="0" width="100%" style="border-top: 1px solid #bbb; color: #505050; margin: 8px 0 0 0; padding: 0; color: #505050">
                                            <tbody>
                                                <tr>
                                                    <td class="left" valign="top" style="font-size: 13px; padding-top: 8px; max-width: 45%; text-align: left"> <span class="email-list-item"><a href="https://cwiki.apache.org/confluence/display/CXF20DOC/WS-SecurityPolicy" style="color: #326ca6; text-decoration: none">View Online</a> </span> <span class="email-list-divider" style="color: #505050; padding: 0 0.350em">&middot;</span> <span class="email-list-item"><a href="https://cwiki.apache.org/confluence/plugins/likes/like.action?contentId=112639" style="color: #326ca6; text-decoration: none">Like</a> </span> <span class="email-list-divider" style="color: #505050; padding: 0 0.350em">&middot;</span> <span class="email-list-item"><a href="https://cwiki.apache.org/confluence/pages/diffpagesbyversion.action?pageId=112639&amp;revisedVersion=33&amp;originalVersion=32" style="color: #326ca6; text-decoration: none">View Changes</a> </span> </td>
                                                    <td class="right" width="50%" valign="top" style="font-size: 13px; padding-top: 8px; text-align: right"> <span class="email-list-item"><a href="https://cwiki.apache.org/confluence/users/removespacenotification.action?spaceKey=CXF20DOC" style="color: #326ca6; text-decoration: none">Stop watching space</a> </span> <span class="email-list-divider" style="color: #505050; padding: 0 0.350em">&middot;</span> <span class="email-list-item"><a href="https://cwiki.apache.org/confluence/users/editmyemailsettings.action" style="color: #326ca6; text-decoration: none">Manage Notifications</a> </span> </td>
                                                </tr>
                                            </tbody>
                                        </table> </td>
                                </tr>
                            </tbody>
                        </table> </td>
                </tr>
                <tr>
                    <td id="email-footer" align="center" style="font-size: 13px; padding: 0 16px 32px 16px; margin: 0"> <small style="font-size: 11px"> This message was sent by <a class="email-footer-link" style="color:#505050;font-size:11px;text-decoration:none;; color: #326ca6; text-decoration: none; color: #505050; font-size: 11px" href="http://www.atlassian.com/software/confluence">Atlassian Confluence</a> 5.0.3, <a class="email-footer-link" style="color:#505050;font-size:11px;text-decoration:none;; color: #326ca6; text-decoration: none; color: #505050; font-size: 11px" href="http://www.atlassian.com/software/confluence/overview/team-collaboration-software?utm_source=email-footer">Team Collaboration Software</a> </small> </td>
                </tr>
            </tbody>
        </table>
    </body>
</html>
Mime
View raw message