From commits-return-49960-archive-asf-public=cust-asf.ponee.io@cxf.apache.org  Thu Sep 13 12:58:05 2018
Return-Path: <commits-return-49960-archive-asf-public=cust-asf.ponee.io@cxf.apache.org>
X-Original-To: archive-asf-public@cust-asf.ponee.io
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by mx-eu-01.ponee.io (Postfix) with SMTP id 2002118067E
	for <archive-asf-public@cust-asf.ponee.io>; Thu, 13 Sep 2018 12:58:03 +0200 (CEST)
Received: (qmail 82709 invoked by uid 500); 13 Sep 2018 10:58:03 -0000
Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cxf.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cxf.apache.org>
List-Post: <mailto:commits@cxf.apache.org>
List-Id: <commits.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list commits@cxf.apache.org
Received: (qmail 82689 invoked by uid 99); 13 Sep 2018 10:58:02 -0000
Received: from Unknown (HELO svn01-us-west.apache.org) (209.188.14.144)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 13 Sep 2018 10:58:02 +0000
Received: from svn01-us-west.apache.org (localhost [127.0.0.1])
	by svn01-us-west.apache.org (ASF Mail Server at svn01-us-west.apache.org) with ESMTP id 4C13A3A0057
	for <commits@cxf.apache.org>; Thu, 13 Sep 2018 10:58:02 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1035113 - in /websites/production/cxf/content:
 cache/docs.pageCache docs/33-migration-guide.html docs/jax-rs-saml.html
Date: Thu, 13 Sep 2018 10:58:01 -0000
To: commits@cxf.apache.org
From: buildbot@apache.org
X-Mailer: svnmailer-1.0.9
Message-Id: <20180913105802.4C13A3A0057@svn01-us-west.apache.org>

Author: buildbot
Date: Thu Sep 13 10:58:01 2018
New Revision: 1035113

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/docs.pageCache
    websites/production/cxf/content/docs/33-migration-guide.html
    websites/production/cxf/content/docs/jax-rs-saml.html

Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/docs/33-migration-guide.html
==============================================================================
--- websites/production/cxf/content/docs/33-migration-guide.html (original)
+++ websites/production/cxf/content/docs/33-migration-guide.html Thu Sep 13 10:58:01 2018
@@ -107,7 +107,7 @@ Apache CXF -- 3.3 Migration Guide
          <td height="100%">
            <!-- Content -->
            <div class="wiki-content">
-<div id="ConfluenceContent"><h3 id="id-3.3MigrationGuide-MajorNotes:">Major Notes:</h3><ul><li>The claimType of the <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/security/src/main/java/org/apache/cxf/rt/security/claims/Claim.java" rel="nofollow">Claim</a> class is now a "String" instead of a "URI".&#160; This might break existing ClaimsHandler implementations in the STS. In addition, the ClaimsHandler interface now returns a List&lt;String&gt; for getSupportedClaimTypes() instead of List&lt;URI&gt;.</li><li>The package name of the ClaimsAuthorizingInterceptor has changed: from org.apache.cxf.rt.security.saml.interceptor.ClaimsAuthorizingInterceptor to org.apache.cxf.rt.security.claims.interceptor.ClaimsAuthorizingInterceptor.</li></ul><h3 id="id-3.3MigrationGuide-NewFeatures:">New Features:</h3><h3 id="id-3.3MigrationGuide-Majordependencychanges:">Major dependency changes:</h3></div>
+<div id="ConfluenceContent"><h3 id="id-3.3MigrationGuide-MajorNotes:">Major Notes:</h3><h3 id="id-3.3MigrationGuide-ClaimsHandling:">Claims Handling:</h3><ul><li>The claimType of the <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/security/src/main/java/org/apache/cxf/rt/security/claims/Claim.java" rel="nofollow">Claim</a> class is now a "String" instead of a "URI".&#160; This might break existing ClaimsHandler implementations in the STS. In addition, the ClaimsHandler interface now returns a List&lt;String&gt; for getSupportedClaimTypes() instead of List&lt;URI&gt;.</li><li>The Claims access control annotations/interceptors <a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/CXF-6727">now work</a> with JWT tokens (as well as SAML tokens). This resulted in the following package changes:<br clear="none"><ul><li>The package name of the ClaimsAuthorizingInterceptor has changed: from org.apache.cxf.rt.security.saml.i
 nterceptor.ClaimsAuthorizingInterceptor to org.apache.cxf.rt.security.claims.interceptor.ClaimsAuthorizingInterceptor.</li><li>The package name of the ClaimsAuthorizingFilter&#160; has changed: from org.apache.cxf.rs.security.saml.authorization.ClaimsAuthorizingFilter to org.apache.cxf.rs.security.claims.ClaimsAuthorizingFilter</li></ul></li></ul><h3 id="id-3.3MigrationGuide-NewFeatures:">New Features:</h3><h3 id="id-3.3MigrationGuide-Majordependencychanges:">Major dependency changes:</h3></div>
            </div>
            <!-- Content -->
          </td>

Modified: websites/production/cxf/content/docs/jax-rs-saml.html
==============================================================================
--- websites/production/cxf/content/docs/jax-rs-saml.html (original)
+++ websites/production/cxf/content/docs/jax-rs-saml.html Thu Sep 13 10:58:01 2018
@@ -121,11 +121,11 @@ Apache CXF -- JAX-RS SAML
 
 
 <br clear="none"></p><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1536760574759 {padding: 0px;}
-div.rbtoc1536760574759 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1536760574759 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1536836242269 {padding: 0px;}
+div.rbtoc1536836242269 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1536836242269 li {margin-left: 0px;padding-left: 0px;}
 
-/*]]>*/</style></p><div class="toc-macro rbtoc1536760574759">
+/*]]>*/</style></p><div class="toc-macro rbtoc1536836242269">
 <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSSAML-Introduction">Introduction</a></li><li><a shape="rect" href="#JAX-RSSAML-Backwardscompatibilityconfigurationnote">Backwards compatibility configuration note</a></li><li><a shape="rect" href="#JAX-RSSAML-Mavendependencies">Maven dependencies</a></li><li><a shape="rect" href="#JAX-RSSAML-EnvelopedSAMLassertions">Enveloped SAML assertions</a></li><li><a shape="rect" href="#JAX-RSSAML-SAMLassertionsinAuthorizationheader">SAML assertions in Authorization header</a></li><li><a shape="rect" href="#JAX-RSSAML-SAMLassertionsasFormvalues">SAML assertions as Form values</a></li><li><a shape="rect" href="#JAX-RSSAML-CreatingSAMLAssertions">Creating SAML Assertions</a></li><li><a shape="rect" href="#JAX-RSSAML-SAMLAssertionValidation">SAML Assertion Validation</a></li><li><a shape="rect" href="#JAX-RSSAML-SAMLAuthorization">SAML Authorization</a>
 <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSSAML-ClaimsBasedAccessControl">Claims Based Access Control</a></li><li><a shape="rect" href="#JAX-RSSAML-RoleBasedAccessControl">Role Based Access Control</a></li></ul>
 </li><li><a shape="rect" href="#JAX-RSSAML-SAMLWebSSOProfile">SAML Web SSO Profile</a></li></ul>
@@ -489,7 +489,7 @@ public class SecureClaimBookStore {
        &lt;/jaxrs:providers&gt;
 &lt;/jaxrs:server&gt;
 </pre>
-</div></div><p>An instance of org.apache.cxf.rs.security.saml.authorization.ClaimsAuthorizingFilter is used to enforce CBAC. It's a simple JAX-RS filter wrapper around ClaimsAuthorizingInterceptor. SamlEnvelopedInHandler processes and validates SAML assertions and it also relies on a simple <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/CustomSecurityContextProvider.java" rel="nofollow">CustomSecurityContextProvider</a> to help it to figure out what the actual Subject name is. A more involved implementation can do some additional validation as well as override few more super class methods, more on it next. The claims themselves have already been parsed and will be made available to a resulting SecurityContext which ClaimsAuthorizingFilter will rely upon.</p><h2 id="JAX-RSSAML-RoleBasedAccessControl">Role Based Access Control</h2><p>If you have an existing RBAC system 
 (based on javax.annotation.security.RolesAllowed or even org.springframework.security.annotation.Secured annotations) in place and have SAML assertions with claims that are known to represent roles, then making those claims work with the RBAC system can be achieved easily.</p><p>For example, given this code:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div><p>An instance of org.apache.cxf.rs.security.saml.authorization.ClaimsAuthorizingFilter (note org.apache.cxf.rs.security.claims.ClaimsAuthorizingFilter from CXF 3.3.0) is used to enforce CBAC. It's a simple JAX-RS filter wrapper around ClaimsAuthorizingInterceptor. SamlEnvelopedInHandler processes and validates SAML assertions and it also relies on a simple <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/CustomSecurityContextProvider.java" rel="nofollow">CustomSecurityContextProvider</a> to help it to figure out what the actual Subject name is. A more involved implementation can do some additional validation as well as override few more super class methods, more on it next. The claims themselves have already been parsed and will be made available to a resulting SecurityContext which ClaimsAuthorizingFilter will rely upon.</p><h2 id="JAX-RSSAML-RoleBasedAcce
 ssControl">Role Based Access Control</h2><p>If you have an existing RBAC system (based on javax.annotation.security.RolesAllowed or even org.springframework.security.annotation.Secured annotations) in place and have SAML assertions with claims that are known to represent roles, then making those claims work with the RBAC system can be achieved easily.</p><p>For example, given this code:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <pre class="brush: java; gutter: false; theme: Default">import org.springframework.security.annotation.Secured;
 
 @Path("/bookstore")