cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r1035113 - in /websites/production/cxf/content: cache/docs.pageCache docs/33-migration-guide.html docs/jax-rs-saml.html
Date Thu, 13 Sep 2018 10:58:01 GMT
Author: buildbot
Date: Thu Sep 13 10:58:01 2018
New Revision: 1035113

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/docs.pageCache
    websites/production/cxf/content/docs/33-migration-guide.html
    websites/production/cxf/content/docs/jax-rs-saml.html

Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/docs/33-migration-guide.html
==============================================================================
--- websites/production/cxf/content/docs/33-migration-guide.html (original)
+++ websites/production/cxf/content/docs/33-migration-guide.html Thu Sep 13 10:58:01 2018
@@ -107,7 +107,7 @@ Apache CXF -- 3.3 Migration Guide
          <td height="100%">
            <!-- Content -->
            <div class="wiki-content">
-<div id="ConfluenceContent"><h3 id="id-3.3MigrationGuide-MajorNotes:">Major Notes:</h3><ul><li>The
claimType of the <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/security/src/main/java/org/apache/cxf/rt/security/claims/Claim.java"
rel="nofollow">Claim</a> class is now a "String" instead of a "URI".&#160; This
might break existing ClaimsHandler implementations in the STS. In addition, the ClaimsHandler
interface now returns a List&lt;String&gt; for getSupportedClaimTypes() instead of
List&lt;URI&gt;.</li><li>The package name of the ClaimsAuthorizingInterceptor
has changed: from org.apache.cxf.rt.security.saml.interceptor.ClaimsAuthorizingInterceptor
to org.apache.cxf.rt.security.claims.interceptor.ClaimsAuthorizingInterceptor.</li></ul><h3
id="id-3.3MigrationGuide-NewFeatures:">New Features:</h3><h3 id="id-3.3MigrationGuide-Majordependencychanges:">Major
dependency changes:</h3></div>
+<div id="ConfluenceContent"><h3 id="id-3.3MigrationGuide-MajorNotes:">Major Notes:</h3><h3
id="id-3.3MigrationGuide-ClaimsHandling:">Claims Handling:</h3><ul><li>The
claimType of the <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/security/src/main/java/org/apache/cxf/rt/security/claims/Claim.java"
rel="nofollow">Claim</a> class is now a "String" instead of a "URI".&#160; This
might break existing ClaimsHandler implementations in the STS. In addition, the ClaimsHandler
interface now returns a List&lt;String&gt; for getSupportedClaimTypes() instead of
List&lt;URI&gt;.</li><li>The Claims access control annotations/interceptors
<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/CXF-6727">now
work</a> with JWT tokens (as well as SAML tokens). This resulted in the following package
changes:<br clear="none"><ul><li>The package name of the ClaimsAuthorizingInterceptor
has changed: from org.apache.cxf.rt.security.saml.i
 nterceptor.ClaimsAuthorizingInterceptor to org.apache.cxf.rt.security.claims.interceptor.ClaimsAuthorizingInterceptor.</li><li>The
package name of the ClaimsAuthorizingFilter&#160; has changed: from org.apache.cxf.rs.security.saml.authorization.ClaimsAuthorizingFilter
to org.apache.cxf.rs.security.claims.ClaimsAuthorizingFilter</li></ul></li></ul><h3
id="id-3.3MigrationGuide-NewFeatures:">New Features:</h3><h3 id="id-3.3MigrationGuide-Majordependencychanges:">Major
dependency changes:</h3></div>
            </div>
            <!-- Content -->
          </td>

Modified: websites/production/cxf/content/docs/jax-rs-saml.html
==============================================================================
--- websites/production/cxf/content/docs/jax-rs-saml.html (original)
+++ websites/production/cxf/content/docs/jax-rs-saml.html Thu Sep 13 10:58:01 2018
@@ -121,11 +121,11 @@ Apache CXF -- JAX-RS SAML
 
 
 <br clear="none"></p><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1536760574759 {padding: 0px;}
-div.rbtoc1536760574759 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1536760574759 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1536836242269 {padding: 0px;}
+div.rbtoc1536836242269 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1536836242269 li {margin-left: 0px;padding-left: 0px;}
 
-/*]]>*/</style></p><div class="toc-macro rbtoc1536760574759">
+/*]]>*/</style></p><div class="toc-macro rbtoc1536836242269">
 <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSSAML-Introduction">Introduction</a></li><li><a
shape="rect" href="#JAX-RSSAML-Backwardscompatibilityconfigurationnote">Backwards compatibility
configuration note</a></li><li><a shape="rect" href="#JAX-RSSAML-Mavendependencies">Maven
dependencies</a></li><li><a shape="rect" href="#JAX-RSSAML-EnvelopedSAMLassertions">Enveloped
SAML assertions</a></li><li><a shape="rect" href="#JAX-RSSAML-SAMLassertionsinAuthorizationheader">SAML
assertions in Authorization header</a></li><li><a shape="rect" href="#JAX-RSSAML-SAMLassertionsasFormvalues">SAML
assertions as Form values</a></li><li><a shape="rect" href="#JAX-RSSAML-CreatingSAMLAssertions">Creating
SAML Assertions</a></li><li><a shape="rect" href="#JAX-RSSAML-SAMLAssertionValidation">SAML
Assertion Validation</a></li><li><a shape="rect" href="#JAX-RSSAML-SAMLAuthorization">SAML
Authorization</a>
 <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSSAML-ClaimsBasedAccessControl">Claims
Based Access Control</a></li><li><a shape="rect" href="#JAX-RSSAML-RoleBasedAccessControl">Role
Based Access Control</a></li></ul>
 </li><li><a shape="rect" href="#JAX-RSSAML-SAMLWebSSOProfile">SAML Web
SSO Profile</a></li></ul>
@@ -489,7 +489,7 @@ public class SecureClaimBookStore {
        &lt;/jaxrs:providers&gt;
 &lt;/jaxrs:server&gt;
 </pre>
-</div></div><p>An instance of org.apache.cxf.rs.security.saml.authorization.ClaimsAuthorizingFilter
is used to enforce CBAC. It's a simple JAX-RS filter wrapper around ClaimsAuthorizingInterceptor.
SamlEnvelopedInHandler processes and validates SAML assertions and it also relies on a simple
<a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/CustomSecurityContextProvider.java"
rel="nofollow">CustomSecurityContextProvider</a> to help it to figure out what the
actual Subject name is. A more involved implementation can do some additional validation as
well as override few more super class methods, more on it next. The claims themselves have
already been parsed and will be made available to a resulting SecurityContext which ClaimsAuthorizingFilter
will rely upon.</p><h2 id="JAX-RSSAML-RoleBasedAccessControl">Role Based Access
Control</h2><p>If you have an existing RBAC system 
 (based on javax.annotation.security.RolesAllowed or even org.springframework.security.annotation.Secured
annotations) in place and have SAML assertions with claims that are known to represent roles,
then making those claims work with the RBAC system can be achieved easily.</p><p>For
example, given this code:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
+</div></div><p>An instance of org.apache.cxf.rs.security.saml.authorization.ClaimsAuthorizingFilter
(note org.apache.cxf.rs.security.claims.ClaimsAuthorizingFilter from CXF 3.3.0) is used to
enforce CBAC. It's a simple JAX-RS filter wrapper around ClaimsAuthorizingInterceptor. SamlEnvelopedInHandler
processes and validates SAML assertions and it also relies on a simple <a shape="rect"
class="external-link" href="https://github.com/apache/cxf/blob/master/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/CustomSecurityContextProvider.java"
rel="nofollow">CustomSecurityContextProvider</a> to help it to figure out what the
actual Subject name is. A more involved implementation can do some additional validation as
well as override few more super class methods, more on it next. The claims themselves have
already been parsed and will be made available to a resulting SecurityContext which ClaimsAuthorizingFilter
will rely upon.</p><h2 id="JAX-RSSAML-RoleBasedAcce
 ssControl">Role Based Access Control</h2><p>If you have an existing RBAC system
(based on javax.annotation.security.RolesAllowed or even org.springframework.security.annotation.Secured
annotations) in place and have SAML assertions with claims that are known to represent roles,
then making those claims work with the RBAC system can be achieved easily.</p><p>For
example, given this code:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
 <pre class="brush: java; gutter: false; theme: Default">import org.springframework.security.annotation.Secured;
 
 @Path("/bookstore")



Mime
View raw message