svn commit: r817002 - in /websites/production/cxf/content: cache/docs.pageCache docs/ws-security.html

Wed, 09 May 2012 14:48:31 -0700 

Author: buildbot
Date: Wed May  9 21:48:08 2012
New Revision: 817002

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/docs.pageCache
    websites/production/cxf/content/docs/ws-security.html

Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/docs/ws-security.html
==============================================================================
--- websites/production/cxf/content/docs/ws-security.html (original)
+++ websites/production/cxf/content/docs/ws-security.html Wed May  9 21:48:08 
2012
@@ -374,7 +374,7 @@ CryptoCoverageChecker checker = <span cl
 
 <h2><a shape="rect" 
name="WS-Security-UsernameTokenAuthentication"></a>Username Token 
Authentication</h2>
 
-<p>WS-Security supports many ways of specifying tokens. One of these is the 
UsernameToken header. It is a standard way to communicate a username and 
password or password digest to another endpoint.  Be sure to review the OASIS 
<a shape="rect" class="external-link" href="http://tinyurl.com/65n78j"; 
rel="nofollow">UsernameToken Profile Specification</a> for important security 
considerations when using UsernameTokens.  Note that the nonce support 
recommended by the specification for guarding against replay attacks has not 
yet been implemented either in CXF or WSS4J.</p>
+<p>WS-Security supports many ways of specifying tokens. One of these is the 
UsernameToken header. It is a standard way to communicate a username and 
password or password digest to another endpoint.  Be sure to review the OASIS 
<a shape="rect" class="external-link" href="http://tinyurl.com/65n78j"; 
rel="nofollow">UsernameToken Profile Specification</a> for important security 
considerations when using UsernameTokens.  Note that the nonce support 
necessary for guarding against replay attacks is active by default starting 
with CXF 2.6.0 but unavailable in versions prior to that.</p>
 
 <p>For the server side, you'll want to set up the following properties on your 
WSS4JInInterceptor (see <a shape="rect" 
href="#WS-Security-addinterceptors">above</a> for code sample):</p>
 <div class="code panel" style="border-width: 1px;"><div class="codeContent 
panelContent">

Reply via email to