cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrei Shakirin (Confluence)" <conflue...@apache.org>
Subject [CONF] Apache CXF Documentation > WS-Trust
Date Fri, 03 Jan 2014 11:19:00 GMT
<html>
    <head>
        <meta name="viewport" content="width=device-width" />
        <base href="https://cwiki.apache.org/confluence" />
        <style type="text/css">
    body, #email-content, #email-content-inner { font-family: Arial,FreeSans,Helvetica,sans-serif; }
    body, p, blockquote, pre, code, td, th, li, dt, dd { font-size: 13px; }
    small { font-size: 11px; }

    body { width:100% !important; -webkit-font-smoothing: antialiased; }

    body,
    #email-wrapper { background-color: #f0f0f0; }
    #email-wrapper-inner { padding: 20px; text-align: center; }
    #email-content-inner { background-color: #fff; border: 1px solid #bbb; color: $menuTxtColour; padding:20px; text-align:left; }
    #email-wrapper-inner > table { width: 100%; }
    #email-wrapper-inner.thin > table { margin: 0 auto; width: 50%; }
    #email-footer { padding: 0 16px 32px 16px; margin: 0; }

    .email-indent { margin: 8px 0 16px 0; }
    .email-comment { margin: 0 0 0 56px; }
    .email-comment.removed { background-color: #ffe7e7; border: 1px solid #df9898; padding: 0 8px;}

    #email-title-avatar { text-align: left; vertical-align: top; width: 48px; padding-right: 8px; }
    #email-title-flavor { margin: 0; padding: 0 0 4px 0; }
    #email-title-heading { font-size: 16px; line-height: 20px; min-height: 20px; margin: 0; padding: 0; }
    #email-title .icon { border: 0; padding: 0 5px 0 0; text-align: left; vertical-align: middle; }

    #email-actions { border-top: 1px solid #bbb; color: #505050; margin: 8px 0 0 0; padding: 0; }
    #email-actions td { padding-top: 8px; }
    #email-actions .left { max-width: 45%; text-align: left; }
    #email-actions .right { text-align: right; }
    .email-reply-divider { border-top: 1px solid #bbb; color: #505050; margin: 32px 0 8px 0; padding: 8px 0; }
    .email-section-title { border-bottom: 1px solid #bbb; margin: 8px 0; padding: 8px 0 0 0; }

    .email-metadata { color: #505050; }

    a { color: #326ca6; text-decoration: none; }
    a:hover { color: #336ca6; text-decoration: underline; }
    a:active {color: #326ca6; }

    a.email-footer-link { color: #505050; font-size: 11px; }

    .email-item-list { list-style: none; margin: 4px 0; padding-left: 0; }
    .email-item-list li { list-style: none; margin: 0; padding: 4px 0; }
    .email-list-divider { color: #505050; padding: 0 0.35em; }
    .email-operation-icon { padding-right: 5px; }

    .avatar { -ms-interpolation-mode: bicubic; border-radius: 3px;}
    .avatar-link { margin: 2px; }

    .tableview th { border-bottom: 1px solid #69C; font-weight: bold; text-align: left; }
    .tableview td { border-bottom: 1px solid #bbbbbb; text-align: left; padding: 4px 16px 4px 0; }

    .aui-message {  margin: 1em 0; padding: 8px; }
    .aui-message.info { background-color: #e0f0ff; border: 1px solid #9eb6d4; }
    .aui-message.success { background-color: #ddfade; border: 1px solid #93c49f; }
    .aui-message.error,
    .aui-message.removed { background-color: #ffe7e7; border: 1px solid #df9898; color: #000; }

    .call-to-action-table { margin: 10px 1px 1px 1px;}
    .call-to-cancel-container, .call-to-action-container { padding: 5px 20px; }
    .call-to-cancel-container { border: 1px solid #aaa; background-color: #eee; border-radius: 3px; }
    .call-to-cancel-container a.call-to-cancel-button { background-color: #eee; font-size: 14px; line-height: 1; padding: 0; margin: 0; color: #666; font-family: sans-serif;}
    .call-to-action-container { border: 1px solid #486582;  background-color: #3068A2; border-radius: 3px; padding: 4px 10px; }
    .call-to-action-container a.call-to-action-button { background-color: #3068A2; font-size: 14px; line-height: 1; padding: 0; margin: 0; color: #fff; font-weight: bold; font-family: sans-serif; }

    /** The span around the inline task checkbox image */
    .diff-inline-task-overlay {
        display: inline-block;
        text-align: center;
        height: 1.5em;
        padding: 5px 0px 1px 5px;
        margin-right: 5px;
        /** Unfortunately, the negative margin-left is stripped out in gmail */
        margin-left: -5px;
    }

            @media handheld, only screen and (max-device-width: 480px) {
        div, a, p, td, th, li, dt, dd { -webkit-text-size-adjust: auto; }
        small, small a { -webkit-text-size-adjust: 90%; }

        td[id=email-wrapper-inner] { padding: 2px !important; }
        td[id=email-content-inner] { padding: 8px !important; }
        td[id="email-wrapper-inner"][class="thin"] > table { text-align: left !important; width: 100% !important; }
        td[id=email-footer] { padding: 8px 12px !important; }
        div[class=email-indent] { margin: 8px 0px !important; }
        div[class=email-comment] { margin: 0 !important; }

        p[id=email-title-flavor] a { display: block; } /* puts the username and the action on separate lines */
        p[id=email-permalink] { padding: 4px 0 0 0 !important; }

        table[id=email-actions] td { padding-top: 0 !important; }
        table[id=email-actions] td.right { text-align: right !important; }
        table[id=email-actions] .email-list-item { display: block; margin: 1em 0 !important; word-wrap: normal !important; }
        span[class=email-list-divider] { display: none; }
    }



        </style>
    </head>
    <body style="font-family: Arial, FreeSans, Helvetica, sans-serif; font-size: 13px; width: 100%; -webkit-font-smoothing: antialiased; background-color: #f0f0f0">
        <table id="email-wrapper" width="100%" cellspacing="0" cellpadding="0" border="0" style="background-color: #f0f0f0">
            <tbody>
                <tr valign="middle">
                    <td id="email-wrapper-inner" style="font-size: 13px; padding: 20px; text-align: center">
                        <table id="email-content" cellspacing="0" cellpadding="0" border="0" style="font-family: Arial, FreeSans, Helvetica, sans-serif; width: 100%">
                            <tbody>
                                <tr valign="top">
                                    <td id="email-content-inner" align="left" style="font-family: Arial, FreeSans, Helvetica, sans-serif; font-size: 13px; background-color: #fff; border: 1px solid #bbb; padding: 20px; text-align: left">
                                        <table id="email-title" cellpadding="0" cellspacing="0" border="0" width="100%">
                                            <tbody>
                                                <tr>
                                                    <td id="email-title-avatar" rowspan="2" style="font-size: 13px; text-align: left; vertical-align: top; width: 48px; padding-right: 8px"> <img class="avatar" src="cid:avatar_d3f34650e92c4382fb4c4dca616d06e7" border="0" height="48" width="48" style="-ms-interpolation-mode: bicubic; border-radius: 3px" /> </td>
                                                    <td valign="top" style="font-size: 13px">
                                                        <div id="email-title-flavor" class="email-metadata" style="margin: 0; padding: 0 0 4px 0; color: #505050">
                                                            <a href="    https://cwiki.apache.org/confluence/display/~ashakirin " style="color:#326ca6;text-decoration:none;; color: #326ca6; text-decoration: none">Andrei Shakirin</a> edited the page:
                                                        </div> </td>
                                                </tr>
                                                <tr>
                                                    <td valign="top" style="font-size: 13px"> <h2 id="email-title-heading" style="font-size: 16px; line-height: 20px; min-height: 20px; margin: 0; padding: 0"> <a href="https://cwiki.apache.org/confluence/display/CXF20DOC/WS-Trust" style="color: #326ca6; text-decoration: none"> <img class="icon" src="cid:page-icon" alt="" style="border: 0; padding: 0 5px 0 0; text-align: left; vertical-align: middle" /> <strong style="font-size:16px;line-height:20px;vertical-align:top;">WS-Trust</strong> </a> </h2> </td>
                                                </tr>
                                            </tbody>
                                        </table>
                                        <div class="email-indent" style="margin: 8px 0 16px 0">
                                            <div class="email-diff">
                                                <div id="page-diffs" class="wiki-content">
                                                    <p class="diff-context-placeholder" style="font-size: 13px">...</p>
                                                    <p class="diff-block-context" style="font-size: 13px"> <strong>Direct configuration of an STSClient bean in the properties:</strong> <br /> In this scenario, a STSClient object is created directly as a property of the client object. The wsdlLocation, service/endpoint names, etc... are all configured in line for that client.</p>
                                                    <table class="diff-macro diff-block-target" style="background-color: #f0f0f0;border: 1px solid #dddddd;margin: 10px 1px;padding: 0 2px 2px;width: 100%;">
                                                        <thead>
                                                            <tr>
                                                                <th class="diff-macro-title" style="background-color: transparent; text-align: left; font-weight: normal;padding: 5px;; font-size: 13px"><span class="icon macro-placeholder-icon" style="background-color: ;line-height: 20px;"><img src="https://cwiki.apache.org/confluence/s/en_GB-1988229788/4109/76e0dbb30bc8580e459c201f3535d84f9283a9ac.1/_/plugins/servlet/confluence/placeholder/macro-icon?name=code" style="padding-right: 5px; vertical-align: text-bottom;" /> </span>Code Block</th>
                                                            </tr>
                                                        </thead>
                                                        <tbody>
                                                            <tr>
                                                                <td class="diff-macro-properties" style="background-color: #fafafa; padding: 0 0 0 5px; font-size: 12px; text-align: left;padding: 0; border: 1px solid #dddddd;; font-size: 13px">
                                                                    <table>
                                                                        <tbody>
                                                                            <tr>
                                                                                <td style="background-color: #fafafa; padding: 0 0 0 5px; font-size: 12px; text-align: left;; font-size: 13px"></td>
                                                                                <td style="background-color: #fafafa; padding: 0 0 0 5px; font-size: 12px; text-align: left;; font-size: 13px">xml</td>
                                                                            </tr>
                                                                        </tbody>
                                                                    </table> </td>
                                                            </tr>
                                                        </tbody>
                                                        <tbody>
                                                            <tr>
                                                                <td class="diff-macro-body" style="background-color: #fff;border: 1px solid #dddddd;padding: 10px;; font-size: 13px"> <pre style="font-size: 13px">
<span class="diff-html-removed" id="removed-diff-0" style="font-size: 100%; background-color: #ffe7e7; text-decoration: line-through;">
</span>&lt;jaxws:client name=&quot;{http://cxf.apache.org/}MyService&quot; createdFromAPI=&quot;true&quot;&gt;
    &lt;jaxws:properties&gt;
        &lt;entry key=&quot;ws-security.sts.client&quot;&gt;
            &lt;!-- direct STSClient config and creation --&gt;
            &lt;bean class=&quot;org.apache.cxf.ws.security.trust.STSClient&quot;&gt;
                &lt;constructor-arg ref=&quot;cxf&quot;/&gt;
                &lt;property name=&quot;wsdlLocation&quot;
                   value=&quot;target/wsdl/trust.wsdl&quot;/&gt;
                &lt;property name=&quot;serviceName&quot;
                   value=&quot;{http://cxf.apache.org/securitytokenservice}SecurityTokenService&quot;/&gt;
                &lt;property name=&quot;endpointName&quot;
                   value=&quot;{http://cxf.apache.org/securitytokenservice}SecurityTokenEndpoint&quot;/&gt;
                &lt;property name=&quot;properties&quot;&gt;
                    &lt;map&gt;
                       &lt;entry key=&quot;ws-security.username&quot; value=&quot;alice&quot;/&gt;
                       &lt;entry key=&quot;ws-security.callback-handler&quot;
                          value=&quot;client.MyCallbackHandler&quot;/&gt;
                       &lt;entry key=&quot;ws-security.signature.properties&quot;
                          value=&quot;clientKeystore.properties&quot;/&gt;
                       &lt;entry key=&quot;ws-security.encryption.properties&quot;
                          value=&quot;clientKeystore.properties&quot;/&gt;
                       &lt;entry key=&quot;ws-security.encryption.username&quot;
                          value=&quot;mystskey&quot;/&gt;
                    &lt;/map&gt;
                &lt;/property&gt;
            &lt;/bean&gt;
        &lt;/entry&gt;
    &lt;/jaxws:properties&gt;
&lt;/jaxws:client&gt;
</pre> </td>
                                                            </tr>
                                                        </tbody>
                                                    </table>
                                                    <p class="diff-context-placeholder" style="font-size: 13px">...</p>
                                                    <p class="diff-block-context" style="font-size: 13px">This also works for &quot;code first&quot; cases as you can do:</p>
                                                    <table class="diff-macro diff-block-target" style="background-color: #f0f0f0;border: 1px solid #dddddd;margin: 10px 1px;padding: 0 2px 2px;width: 100%;">
                                                        <thead>
                                                            <tr>
                                                                <th class="diff-macro-title" style="background-color: transparent; text-align: left; font-weight: normal;padding: 5px;; font-size: 13px"><span class="icon macro-placeholder-icon" style="background-color: ;line-height: 20px;"><img src="https://cwiki.apache.org/confluence/s/en_GB-1988229788/4109/76e0dbb30bc8580e459c201f3535d84f9283a9ac.1/_/plugins/servlet/confluence/placeholder/macro-icon?name=code" style="padding-right: 5px; vertical-align: text-bottom;" /> </span>Code Block</th>
                                                            </tr>
                                                        </thead>
                                                        <tbody>
                                                            <tr>
                                                                <td class="diff-macro-properties" style="background-color: #fafafa; padding: 0 0 0 5px; font-size: 12px; text-align: left;padding: 0; border: 1px solid #dddddd;; font-size: 13px">
                                                                    <table>
                                                                        <tbody>
                                                                            <tr>
                                                                                <td style="background-color: #fafafa; padding: 0 0 0 5px; font-size: 12px; text-align: left;; font-size: 13px"></td>
                                                                                <td style="background-color: #fafafa; padding: 0 0 0 5px; font-size: 12px; text-align: left;; font-size: 13px">java</td>
                                                                            </tr>
                                                                        </tbody>
                                                                    </table> </td>
                                                            </tr>
                                                        </tbody>
                                                        <tbody>
                                                            <tr>
                                                                <td class="diff-macro-body" style="background-color: #fff;border: 1px solid #dddddd;padding: 10px;; font-size: 13px"> <pre style="font-size: 13px">
<span class="diff-html-removed" id="removed-diff-1" style="font-size: 100%; background-color: #ffe7e7; text-decoration: line-through;">
</span>STSClient sts = new STSClient(...);
sts.setXXXX(....)
.....
((BindingProvider)port).getRequestContext().put(&quot;ws-security.sts.client&quot;, sts);
</pre> </td>
                                                            </tr>
                                                        </tbody>
                                                    </table>
                                                    <p class="diff-block-context" style="font-size: 13px">Sample clientKeystore.properties format:</p>
                                                    <table class="diff-macro diff-block-target" style="background-color: #f0f0f0;border: 1px solid #dddddd;margin: 10px 1px;padding: 0 2px 2px;width: 100%;">
                                                        <thead>
                                                            <tr>
                                                                <th class="diff-macro-title" style="background-color: transparent; text-align: left; font-weight: normal;padding: 5px;; font-size: 13px"><span class="icon macro-placeholder-icon" style="background-color: ;line-height: 20px;"><img src="https://cwiki.apache.org/confluence/s/en_GB-1988229788/4109/76e0dbb30bc8580e459c201f3535d84f9283a9ac.1/_/plugins/servlet/confluence/placeholder/macro-icon?name=code" style="padding-right: 5px; vertical-align: text-bottom;" /> </span>Code Block</th>
                                                            </tr>
                                                        </thead>
                                                        <tbody>
                                                            <tr>
                                                                <td class="diff-macro-properties" style="background-color: #fafafa; padding: 0 0 0 5px; font-size: 12px; text-align: left;padding: 0; border: 1px solid #dddddd;; font-size: 13px">
                                                                    <table>
                                                                        <tbody>
                                                                            <tr>
                                                                                <td style="background-color: #fafafa; padding: 0 0 0 5px; font-size: 12px; text-align: left;; font-size: 13px"></td>
                                                                                <td style="background-color: #fafafa; padding: 0 0 0 5px; font-size: 12px; text-align: left;; font-size: 13px">xml</td>
                                                                            </tr>
                                                                        </tbody>
                                                                    </table> </td>
                                                            </tr>
                                                        </tbody>
                                                        <tbody>
                                                            <tr>
                                                                <td class="diff-macro-body" style="background-color: #fff;border: 1px solid #dddddd;padding: 10px;; font-size: 13px"> <pre style="font-size: 13px">
<span class="diff-html-removed" id="removed-diff-2" style="font-size: 100%; background-color: #ffe7e7; text-decoration: line-through;">
</span>org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=KeystorePasswordHere
org.apache.ws.security.crypto.merlin.keystore.alias=ClientKeyAlias
org.apache.ws.security.crypto.merlin.keystore.file=NameOfKeystore.jks
</pre> </td>
                                                            </tr>
                                                        </tbody>
                                                    </table>
                                                    <p class="diff-block-context" style="font-size: 13px"> <strong>Indirect configuration based on endpoint name:</strong> <br /> If the runtime does not find a STSClient bean configured directly on the client, it checks the configuration for a STSClient bean with the name of the endpoint appended with &quot;.sts-client&quot;. For example, if the endpoint name for your client is &quot;{<a class="external-link" href="http://cxf.apache.org/" rel="nofollow" style="color: #326ca6; text-decoration: none">http://cxf.apache.org/</a>}TestEndpoint&quot;, then it can be configured as:</p>
                                                    <table class="diff-macro diff-block-target" style="background-color: #f0f0f0;border: 1px solid #dddddd;margin: 10px 1px;padding: 0 2px 2px;width: 100%;">
                                                        <thead>
                                                            <tr>
                                                                <th class="diff-macro-title" style="background-color: transparent; text-align: left; font-weight: normal;padding: 5px;; font-size: 13px"><span class="icon macro-placeholder-icon" style="background-color: ;line-height: 20px;"><img src="https://cwiki.apache.org/confluence/s/en_GB-1988229788/4109/76e0dbb30bc8580e459c201f3535d84f9283a9ac.1/_/plugins/servlet/confluence/placeholder/macro-icon?name=code" style="padding-right: 5px; vertical-align: text-bottom;" /> </span>Code Block</th>
                                                            </tr>
                                                        </thead>
                                                        <tbody>
                                                            <tr>
                                                                <td class="diff-macro-properties" style="background-color: #fafafa; padding: 0 0 0 5px; font-size: 12px; text-align: left;padding: 0; border: 1px solid #dddddd;; font-size: 13px">
                                                                    <table>
                                                                        <tbody>
                                                                            <tr>
                                                                                <td style="background-color: #fafafa; padding: 0 0 0 5px; font-size: 12px; text-align: left;; font-size: 13px"></td>
                                                                                <td style="background-color: #fafafa; padding: 0 0 0 5px; font-size: 12px; text-align: left;; font-size: 13px">xml</td>
                                                                            </tr>
                                                                        </tbody>
                                                                    </table> </td>
                                                            </tr>
                                                        </tbody>
                                                        <tbody>
                                                            <tr>
                                                                <td class="diff-macro-body" style="background-color: #fff;border: 1px solid #dddddd;padding: 10px;; font-size: 13px"> <pre style="font-size: 13px">
<span class="diff-html-removed" id="removed-diff-3" style="font-size: 100%; background-color: #ffe7e7; text-decoration: line-through;">
</span>&lt;bean name=&quot;{http://cxf.apache.org/}TestEndpoint.sts-client&quot;
    class=&quot;org.apache.cxf.ws.security.trust.STSClient&quot; abstract=&quot;true&quot;&gt;
    &lt;property name=&quot;wsdlLocation&quot; value=&quot;WSDL/wsdl/trust.wsdl&quot;/&gt;
    &lt;property name=&quot;serviceName&quot;
        value=&quot;{http://cxf.apache.org/securitytokenservice}SecurityTokenService&quot;/&gt;
    &lt;property name=&quot;endpointName&quot;
        value=&quot;{http://cxf.apache.org/securitytokenservice}SecurityTokenEndpoint&quot;/&gt;
    &lt;property name=&quot;properties&quot;&gt;
        &lt;map&gt;
            &lt;entry key=&quot;ws-security.signature.properties&quot;
                value=&quot;etc/alice.properties&quot;/&gt;
            &lt;entry key=&quot;ws-security.encryption.properties&quot;
                value=&quot;etc/bob.properties&quot;/&gt;	
            &lt;entry key=&quot;ws-security.encryption.username&quot; value=&quot;stskeyname&quot;/&gt;	
        &lt;/map&gt;
    &lt;/property&gt;
&lt;/bean&gt;
</pre> </td>
                                                            </tr>
                                                        </tbody>
                                                    </table>
                                                    <p class="diff-context-placeholder" style="font-size: 13px">...</p>
                                                    <p class="diff-block-context" style="font-size: 13px">For example, the following code fragment demonstrates how to use an interceptor to dynamically set the content of the ActAs element in the STS RST, by specifying a value for SecurityConstants.STS_TOKEN_ACT_AS. Note that this interceptor is applied to the secured client, the initiator, and not to the STSClient's interceptor chain.</p>
                                                    <table class="diff-macro diff-block-target" style="background-color: #f0f0f0;border: 1px solid #dddddd;margin: 10px 1px;padding: 0 2px 2px;width: 100%;">
                                                        <thead>
                                                            <tr>
                                                                <th class="diff-macro-title" style="background-color: transparent; text-align: left; font-weight: normal;padding: 5px;; font-size: 13px"><span class="icon macro-placeholder-icon" style="background-color: ;line-height: 20px;"><img src="https://cwiki.apache.org/confluence/s/en_GB-1988229788/4109/76e0dbb30bc8580e459c201f3535d84f9283a9ac.1/_/plugins/servlet/confluence/placeholder/macro-icon?name=code" style="padding-right: 5px; vertical-align: text-bottom;" /> </span>Code Block</th>
                                                            </tr>
                                                        </thead>
                                                        <tbody>
                                                            <tr>
                                                                <td class="diff-macro-properties" style="background-color: #fafafa; padding: 0 0 0 5px; font-size: 12px; text-align: left;padding: 0; border: 1px solid #dddddd;; font-size: 13px">
                                                                    <table>
                                                                        <tbody>
                                                                            <tr>
                                                                                <td style="background-color: #fafafa; padding: 0 0 0 5px; font-size: 12px; text-align: left;; font-size: 13px"></td>
                                                                                <td style="background-color: #fafafa; padding: 0 0 0 5px; font-size: 12px; text-align: left;; font-size: 13px">java</td>
                                                                            </tr>
                                                                        </tbody>
                                                                    </table> </td>
                                                            </tr>
                                                        </tbody>
                                                        <tbody>
                                                            <tr>
                                                                <td class="diff-macro-body" style="background-color: #fff;border: 1px solid #dddddd;padding: 10px;; font-size: 13px"> <pre style="font-size: 13px">
<span class="diff-html-removed" id="removed-diff-4" style="font-size: 100%; background-color: #ffe7e7; text-decoration: line-through;">
</span>public class ActAsOutInterceptor extends AbstractPhaseInterceptor&lt;Message&gt; {

    ActAsOutInterceptor () {
        // This can be in any stage before the WS-SP interceptors
        // setup the STS client and issued token interceptor.
        super(Phase.SETUP);
    }

    @Override
    public void handleMessage(Message message) throws Fault {
        message.put(SecurityConstants.STS_TOKEN_ACT_AS, ...);
    }
}
</pre> </td>
                                                            </tr>
                                                        </tbody>
                                                    </table>
                                                    <p class="diff-block-context" style="font-size: 13px">Alternatively, the ActAs content may be set directly on the STS as shown below.</p>
                                                    <table class="diff-macro diff-block-target" style="background-color: #f0f0f0;border: 1px solid #dddddd;margin: 10px 1px;padding: 0 2px 2px;width: 100%;">
                                                        <thead>
                                                            <tr>
                                                                <th class="diff-macro-title" style="background-color: transparent; text-align: left; font-weight: normal;padding: 5px;; font-size: 13px"><span class="icon macro-placeholder-icon" style="background-color: ;line-height: 20px;"><img src="https://cwiki.apache.org/confluence/s/en_GB-1988229788/4109/76e0dbb30bc8580e459c201f3535d84f9283a9ac.1/_/plugins/servlet/confluence/placeholder/macro-icon?name=code" style="padding-right: 5px; vertical-align: text-bottom;" /> </span>Code Block</th>
                                                            </tr>
                                                        </thead>
                                                        <tbody>
                                                            <tr>
                                                                <td class="diff-macro-properties" style="background-color: #fafafa; padding: 0 0 0 5px; font-size: 12px; text-align: left;padding: 0; border: 1px solid #dddddd;; font-size: 13px">
                                                                    <table>
                                                                        <tbody>
                                                                            <tr>
                                                                                <td style="background-color: #fafafa; padding: 0 0 0 5px; font-size: 12px; text-align: left;; font-size: 13px"></td>
                                                                                <td style="background-color: #fafafa; padding: 0 0 0 5px; font-size: 12px; text-align: left;; font-size: 13px">xml</td>
                                                                            </tr>
                                                                        </tbody>
                                                                    </table> </td>
                                                            </tr>
                                                        </tbody>
                                                        <tbody>
                                                            <tr>
                                                                <td class="diff-macro-body" style="background-color: #fff;border: 1px solid #dddddd;padding: 10px;; font-size: 13px"> <pre style="font-size: 13px">
<span class="diff-html-removed" id="removed-diff-5" style="font-size: 100%; background-color: #ffe7e7; text-decoration: line-through;">
</span>&lt;bean name=&quot;{http://cxf.apache.org/}TestEndpoint.sts-client&quot;
    class=&quot;org.apache.cxf.ws.security.trust.STSClient&quot; abstract=&quot;true&quot;&gt;
    &lt;property name=&quot;wsdlLocation&quot; value=&quot;WSDL/wsdl/trust.wsdl&quot;/&gt;
    &lt;property name=&quot;serviceName&quot;
        value=&quot;{http://cxf.apache.org/securitytokenservice}SecurityTokenService&quot;/&gt;
    &lt;property name=&quot;endpointName&quot;
        value=&quot;{http://cxf.apache.org/securitytokenservice}SecurityTokenEndpoint&quot;/&gt;
    &lt;property name=&quot;actAs&quot; value=&quot;...&quot;/&gt;
    &lt;property name=&quot;properties&quot;&gt;
        &lt;map&gt;
            ...	
        &lt;/map&gt;
    &lt;/property&gt;
&lt;/bean&gt;
</pre> </td>
                                                            </tr>
                                                        </tbody>
                                                    </table>
                                                    <p class="diff-context-placeholder" style="font-size: 13px">...</p>
                                                    <p class="diff-block-context" style="font-size: 13px">As of CXF 2.4.7 and 2.5.3, CXF contains (client) support for WS-Trust using SPNego. See the following <a href="http://coheigea.blogspot.com/2012/02/ws-trust-spnego-support-in-apache-cxf.html" class="external-link" rel="nofollow" style="color: #326ca6; text-decoration: none">blog</a> for an explanation of what this entails, and how to run some system tests in CXF for this feature.</p>
                                                    <h2 id="WS-Trust-WS-TrustusingXKMS" class="diff-block-target diff-block-context"> <span class="diff-html-added" id="added-diff-0" style="font-size: 100%; background-color: #ddfade;">WS-Trust using XKMS</span> </h2>
                                                    <p class="diff-block-target diff-block-context" style="font-size: 13px"> <span class="diff-html-added" style="font-size: 100%; background-color: #ddfade;">Since CXF 2.7.7 Security Token Service (STS) can be configured to use </span><a class="confluence-link unresolved" href="#" style="color: #326ca6; text-decoration: none"><span class="diff-html-added" style="font-size: 100%; background-color: #ddfade;">XKMS </span></a><span class="diff-html-added" style="font-size: 100%; background-color: #ddfade;">Crypto provider. In this case X509 certificates can be located centrally and managed using standard XKMS interface. STS will automatically invoke XKMS client for locate or validate corresponded X509 certificate. See the following </span><a href="http://ashakirin.blogspot.de/2013/07/cxf-security-integrate-pki-to-security.html" class="external-link" rel="nofollow" style="color: #326ca6; text-decoration: none"><span class="diff-html-added" style="font-size: 100%; background-color: #ddfade;">blog</span></a><span class="diff-html-added" style="font-size: 100%; background-color: #ddfade;"> for the details and sample.</span> </p>
                                                    <p class="diff-block-target diff-block-context" style="font-size: 13px"> <span class="diff-html-added" style="font-size: 100%; background-color: #ddfade;">This feature can be especially useful for STS scenario with SymmetricKey. With this scenario, the STS and the WS consumer negotiate a symmetric key:</span> </p>
                                                    <ol class="diff-block-target diff-block-context">
                                                        <li style="font-size: 13px"> <span class="diff-html-added" style="font-size: 100%; background-color: #ddfade;">The WS-Client authenticates himself to STS and contributes material to the creation of symmetric key.</span> </li>
                                                        <li style="font-size: 13px"> <span class="diff-html-added" style="font-size: 100%; background-color: #ddfade;">The STS verifies WS-Client authentication and generates symmetric key using material received from WS-Client</span> </li>
                                                        <li style="font-size: 13px"> <span class="diff-html-added" style="font-size: 100%; background-color: #ddfade;">The STS encrypts symmetric key using WS-Service public key and inserts the encrypted key together with security token into SAML assertion</span> </li>
                                                        <li style="font-size: 13px"> <span class="diff-html-added" style="font-size: 100%; background-color: #ddfade;">The STS signs SAML assertion and sends it together with key material for generation symmetric key to the WS-Client.</span> </li>
                                                        <li style="font-size: 13px"> <span class="diff-html-added" style="font-size: 100%; background-color: #ddfade;">The WS-Client generates short-lived symmetric key from own material and the key material from the STS.</span> </li>
                                                        <li style="font-size: 13px"> <span class="diff-html-added" style="font-size: 100%; background-color: #ddfade;">The WS-Client inserts the SAML token, into the message header. It encrypts the message texts or/and signs the message with the generated symmetric key. It then sends the user's message to the WS-Service.</span> </li>
                                                        <li style="font-size: 13px"> <span class="diff-html-added" style="font-size: 100%; background-color: #ddfade;">The WS-Service checks the signature in the SAML token and uses its private key to decrypt the symmetric key contained in the SAML token.</span> </li>
                                                        <li style="font-size: 13px"> <span class="diff-html-added" style="font-size: 100%; background-color: #ddfade;">The WS-Service verifies the signature of the WS-Client (Holder-of-Key) with the decrypted symmetric key. In this way, the STS confirms that the Holder-of-Key is the subject (the user) in the assertion.</span> </li>
                                                        <li style="font-size: 13px"> <span class="diff-html-added" style="font-size: 100%; background-color: #ddfade;">The WS-Service uses the symmetric key to decrypt the message text.</span> </li>
                                                    </ol>
                                                    <p class="diff-block-target diff-block-context" style="font-size: 13px"> <span class="diff-html-added" style="font-size: 100%; background-color: #ddfade;">On the step (3) STS needs the public key (certificate) of target WS-Service. Normally STS servers not only one, but multiple services (restricted by url patterns in TokenServiceProvider). This can be a serious drawback to manage public certificates of all services into STS local keystore.</span> </p>
                                                    <p class="diff-block-target diff-block-context" style="font-size: 13px"> <span class="diff-html-added" style="font-size: 100%; background-color: #ddfade;">XKMS Crypto provider provides elegant solution of this using following configuration:</span> </p>
                                                    <ul class="diff-block-target diff-block-context">
                                                        <li style="font-size: 13px"> <span class="diff-html-added" style="font-size: 100%; background-color: #ddfade;">encryptionUsername (in StaticSTSProperties or jaxws:endpoint properties) should be set into special value: </span><em><span class="diff-html-added" style="font-size: 100%; background-color: #ddfade;">useEndpointAsCertAlias</span></em><span class="diff-html-added" style="font-size: 100%; background-color: #ddfade;"> (STSConstants.USE_ENDPOINT_AS_CERT_ALIAS)</span> </li>
                                                        <li style="font-size: 13px"> <span class="diff-html-added" style="font-size: 100%; background-color: #ddfade;">encryptionCrypto should be set to XKMS Crypto implementation</span> </li>
                                                        <li style="font-size: 13px"> <span class="diff-html-added" style="font-size: 100%; background-color: #ddfade;">Service certificates should be saved into XKMS under service endpoint (use Application </span><a href="http://urnapachecxfservice:endpoint" class="external-link" rel="nofollow" style="color: #326ca6; text-decoration: none"><span class="diff-html-added" style="font-size: 100%; background-color: #ddfade;">&quot;</span><em><span class="diff-html-added" style="font-size: 100%; background-color: #ddfade;">urn:apache:cxf:service:endpoint</span></em></a><span class="diff-html-added" style="font-size: 100%; background-color: #ddfade;">&quot; and service endpoint as identifier)</span> </li>
                                                    </ul>
                                                    <p class="diff-block-target diff-block-context" style="font-size: 13px"> <span class="diff-html-added" style="font-size: 100%; background-color: #ddfade;">In this case STS recognizes encryptionName constant and will ask XKMS Crypto for the service certificate using AppliesTo endpoint address.&nbsp;XKMS will locate service certificate using this endpoint address.</span> </p>
                                                    <p class="diff-block-target diff-block-context" style="font-size: 13px"> <span class="diff-html-added" style="font-size: 100%; background-color: #ddfade;">STS can server multiple WS-Services and doesn't care about services certificates locally - they are stored and managed in central XKMS repository.</span> </p>
                                                    <p class="diff-block-target diff-block-context" style="font-size: 13px"> <span class="diff-html-added" style="font-size: 100%; background-color: #ddfade;">The following </span><a href="http://ashakirin.blogspot.de/2013/07/cxf-security-integrate-pki-to-security.html" class="external-link" rel="nofollow" style="color: #326ca6; text-decoration: none"><span class="diff-html-added" style="font-size: 100%; background-color: #ddfade;">blog</span></a><span class="diff-html-added" style="font-size: 100%; background-color: #ddfade;"> explains the details and contains the sample code.</span> </p>
                                                    <h2 id="WS-Trust-BlogsonWS-TrustinCXF" class="diff-block-context">Blogs on WS-Trust in CXF</h2>
                                                    <p class="diff-block-context" style="font-size: 13px">Some blogs for up-to-date information about WS-Trust and other security topics in CXF:<br /> <a href="http://coheigea.blogspot.com/" class="external-link" rel="nofollow" style="color: #326ca6; text-decoration: none">http://coheigea.blogspot.com/</a> <br /> <a href="http://owulff.blogspot.com/" class="external-link" rel="nofollow" style="color: #326ca6; text-decoration: none">http://owulff.blogspot.com/</a> </p>
                                                </div>
                                            </div>
                                        </div>
                                        <table id="email-actions" class="email-metadata" cellspacing="0" cellpadding="0" border="0" width="100%" style="border-top: 1px solid #bbb; color: #505050; margin: 8px 0 0 0; padding: 0; color: #505050">
                                            <tbody>
                                                <tr>
                                                    <td class="left" valign="top" style="font-size: 13px; padding-top: 8px; max-width: 45%; text-align: left"> <span class="email-list-item"><a href="https://cwiki.apache.org/confluence/display/CXF20DOC/WS-Trust" style="color: #326ca6; text-decoration: none">View Online</a> </span> <span class="email-list-divider" style="color: #505050; padding: 0 0.350em">&middot;</span> <span class="email-list-item"><a href="https://cwiki.apache.org/confluence/plugins/likes/like.action?contentId=112641" style="color: #326ca6; text-decoration: none">Like</a> </span> <span class="email-list-divider" style="color: #505050; padding: 0 0.350em">&middot;</span> <span class="email-list-item"><a href="https://cwiki.apache.org/confluence/pages/diffpagesbyversion.action?pageId=112641&amp;revisedVersion=20&amp;originalVersion=19" style="color: #326ca6; text-decoration: none">View Changes</a> </span> </td>
                                                    <td class="right" width="50%" valign="top" style="font-size: 13px; padding-top: 8px; text-align: right"> <span class="email-list-item"><a href="https://cwiki.apache.org/confluence/users/removespacenotification.action?spaceKey=CXF20DOC" style="color: #326ca6; text-decoration: none">Stop watching space</a> </span> <span class="email-list-divider" style="color: #505050; padding: 0 0.350em">&middot;</span> <span class="email-list-item"><a href="https://cwiki.apache.org/confluence/users/editmyemailsettings.action" style="color: #326ca6; text-decoration: none">Manage Notifications</a> </span> </td>
                                                </tr>
                                            </tbody>
                                        </table> </td>
                                </tr>
                            </tbody>
                        </table> </td>
                </tr>
                <tr>
                    <td id="email-footer" align="center" style="font-size: 13px; padding: 0 16px 32px 16px; margin: 0"> <small style="font-size: 11px"> This message was sent by <a class="email-footer-link" style="color:#505050;font-size:11px;text-decoration:none;; color: #326ca6; text-decoration: none; color: #505050; font-size: 11px" href="http://www.atlassian.com/software/confluence">Atlassian Confluence</a> 5.0.3, <a class="email-footer-link" style="color:#505050;font-size:11px;text-decoration:none;; color: #326ca6; text-decoration: none; color: #505050; font-size: 11px" href="http://www.atlassian.com/software/confluence/overview/team-collaboration-software?utm_source=email-footer">Team Collaboration Software</a> </small> </td>
                </tr>
            </tbody>
        </table>
    </body>
</html>
Mime
View raw message