Author: buildbot
Date: Tue Jun 26 14:48:00 2012
New Revision: 823299
Log:
Production update by buildbot for cxf
Modified:
websites/production/cxf/content/cache/docs.pageCache
websites/production/cxf/content/docs/ws-securitypolicy.html
Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/cxf/content/docs/ws-securitypolicy.html
==============================================================================
--- websites/production/cxf/content/docs/ws-securitypolicy.html (original)
+++ websites/production/cxf/content/docs/ws-securitypolicy.html Tue Jun 26
14:48:00 2012
@@ -139,10 +139,11 @@ Apache CXF -- WS-SecurityPolicy
<h3><a shape="rect"
name="WS-SecurityPolicy-Configuringtheextraproperties"></a>Configuring the
extra properties</h3>
-<p>With CXF 2.2, there are several extra properties that may need to be set to
provide the additional bits of information to the runtime:</p>
+<p>There are several extra properties that may need to be set to provide the
additional bits of information to the runtime. Note that you should check that
a particular property is supported in the version of CXF you are using.</p>
<div class="table-wrap">
-<table class="confluenceTable"><tbody><tr><td colspan="1" rowspan="1"
class="confluenceTd"> ws-security.username </td><td colspan="1" rowspan="1"
class="confluenceTd"> The username used for UsernameToken policy assertions
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
ws-security.password </td><td colspan="1" rowspan="1" class="confluenceTd"> The
password used for UsernameToken policy assertions. If not specified, the
callback handler will be called. </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> ws-security.callback-handler </td><td colspan="1"
rowspan="1" class="confluenceTd"> The WSS4J security CallbackHandler that will
be used to retrieve passwords for keystores and UsernameTokens.
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
ws-security.signature.properties </td><td colspan="1" rowspan="1"
class="confluenceTd"> The properties file/object that contains the WSS4J
properties for configuring the signature keystore and c
rypto objects </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
ws-security.encryption.properties </td><td colspan="1" rowspan="1"
class="confluenceTd"> The properties file/object that contains the WSS4J
properties for configuring the encryption keystore and crypto objects
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
ws-security.signature.username </td><td colspan="1" rowspan="1"
class="confluenceTd"> The username or alias for the key in the signature
keystore that will be used. If not specified, it uses the the default alias
set in the properties file. If that's also not set, and the keystore only
contains a single key, that key will be used. </td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"> ws-security.encryption.username </td><td
colspan="1" rowspan="1" class="confluenceTd"> The username or alias for the key
in the encryption keystore that will be used. If not specified, it uses the
the default alias set in the propertie
s file. If that's also not set, and the keystore only contains a single key,
that key will be used. For the web service provider, the useReqSigCert keyword
can be used to accept (encrypt to) any client whose public key is in the
service's truststore (defined in ws-security.encryption.properties.)
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
ws-security.signature.crypto </td><td colspan="1" rowspan="1"
class="confluenceTd"> Instead of specifying the signature properties, this can
point to the full <a shape="rect" class="external-link"
href="http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/components/crypto/Crypto.html";>WSS4J
Crypto</a> object. This can allow easier "programmatic" configuration of the
Crypto information."</td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> ws-security.encryption.crypto </td><td colspan="1"
rowspan="1" class="confluenceTd"> Instead of specifying the encryption
properties, this can point to the full <a s
hape="rect" class="external-link"
href="http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/components/crypto/Crypto.html";>WSS4J
Crypto</a> object. This can allow easier "programmatic" configuration of the
Crypto information." </td></tr></tbody></table>
+<table class="confluenceTable"><tbody><tr><td colspan="1" rowspan="1"
class="confluenceTd"> ws-security.username </td><td colspan="1" rowspan="1"
class="confluenceTd"> The username used for UsernameToken policy assertions
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
ws-security.password </td><td colspan="1" rowspan="1" class="confluenceTd"> The
password used for UsernameToken policy assertions. If not specified, the
callback handler will be called. </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> ws-security.callback-handler </td><td colspan="1"
rowspan="1" class="confluenceTd"> The WSS4J security CallbackHandler that will
be used to retrieve passwords for keystores and UsernameTokens.
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
ws-security.signature.properties </td><td colspan="1" rowspan="1"
class="confluenceTd"> The properties file/object that contains the WSS4J
properties for configuring the signature keystore and c
rypto objects </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
ws-security.encryption.properties </td><td colspan="1" rowspan="1"
class="confluenceTd"> The properties file/object that contains the WSS4J
properties for configuring the encryption keystore and crypto objects
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
ws-security.signature.username </td><td colspan="1" rowspan="1"
class="confluenceTd"> The username or alias for the key in the signature
keystore that will be used. If not specified, it uses the the default alias
set in the properties file. If that's also not set, and the keystore only
contains a single key, that key will be used. </td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"> ws-security.encryption.username </td><td
colspan="1" rowspan="1" class="confluenceTd"> The username or alias for the key
in the encryption keystore that will be used. If not specified, it uses the
the default alias set in the propertie
s file. If that's also not set, and the keystore only contains a single key,
that key will be used. For the web service provider, the useReqSigCert keyword
can be used to accept (encrypt to) any client whose public key is in the
service's truststore (defined in ws-security.encryption.properties.)
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
ws-security.signature.crypto </td><td colspan="1" rowspan="1"
class="confluenceTd"> Instead of specifying the signature properties, this can
point to the full <a shape="rect" class="external-link"
href="http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/components/crypto/Crypto.html";>WSS4J
Crypto</a> object. This can allow easier "programmatic" configuration of the
Crypto information."</td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> ws-security.encryption.crypto </td><td colspan="1"
rowspan="1" class="confluenceTd"> Instead of specifying the encryption
properties, this can point to the full <a s
hape="rect" class="external-link"
href="http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/components/crypto/Crypto.html";>WSS4J
Crypto</a> object. This can allow easier "programmatic" configuration of the
Crypto information." </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> ws-security.subject.cert.constraints </td><td colspan="1"
rowspan="1" class="confluenceTd"> This configuration tag is a comma separated
String of regular expressions which will be applied to the subject DN of the
certificate used for signature validation, after trust verification of the
certificate chain associated with the certificate. These constraints are not
used when the certificate is contained in the keystore (direct
trust).</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
ws-security.is-bsp-compliant </td><td colspan="1" rowspan="1"
class="confluenceTd"> Whether to ensure compliance with the Basic Security
Profile (BSP) 1.1 or not. The default value is "true".
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
ws-security.timestamp.futureTimeToLive </td><td colspan="1" rowspan="1"
class="confluenceTd"> This configuration tag specifies the time in seconds in
the future within which the Created time of an incoming Timestamp is valid.
WSS4J rejects by default any timestamp which is "Created" in the future, and so
there could potentially be<br clear="none">
+problems in a scenario where a client's clock is slightly askew. The default
value for this parameter is "0", meaning that no future-created Timestamps are
allowed.</td></tr></tbody></table>
</div>
