svn commit: r823586 - in /websites/production/cxf/content: cache/docs.pageCache docs/jax-rs.html docs/secure-jax-rs-services.html

Thu, 28 Jun 2012 02:48:37 -0700 

Author: buildbot
Date: Thu Jun 28 09:48:08 2012
New Revision: 823586

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/docs.pageCache
    websites/production/cxf/content/docs/jax-rs.html
    websites/production/cxf/content/docs/secure-jax-rs-services.html

Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/docs/jax-rs.html
==============================================================================
--- websites/production/cxf/content/docs/jax-rs.html (original)
+++ websites/production/cxf/content/docs/jax-rs.html Thu Jun 28 09:48:08 2012
@@ -459,7 +459,7 @@ by Java HTTPUrlConnection. When needed, 
 
 <p>Please see the <a shape="rect" href="secure-jax-rs-services.html" 
title="Secure JAX-RS Services">Secure JAX-RS Services</a> page for more 
information.</p>
 
-<p>Please also check <a shape="rect" class="external-link" 
href="https://cwiki.apache.org/confluence/display/CXF20DOC/JAX-RS+XML+Security";>JAX-RS
 XML Security</a>, <a shape="rect" href="jax-rs-saml.html" title="JAX-RS 
SAML">JAX-RS SAML</a> and <a shape="rect" href="jax-rs-oauth.html" 
title="JAX-RS OAuth">JAX-RS OAuth</a> pages for more information about the 
advanced security topics.</p>
+<p>Please also check <a shape="rect" class="external-link" 
href="https://cwiki.apache.org/confluence/display/CXF20DOC/JAX-RS+XML+Security";>JAX-RS
 XML Security</a>, <a shape="rect" href="jax-rs-saml.html" title="JAX-RS 
SAML">JAX-RS SAML</a> and <a shape="rect" href="jax-rs-oauth2.html" 
title="JAX-RS OAuth2">JAX-RS OAuth2</a> pages for more information about the 
advanced security topics.</p>
 
 <h2><a shape="rect" 
name="JAX-RS-FailoverandLoadDistributionFeatures"></a>Failover and Load 
Distribution Features</h2>
 

Modified: websites/production/cxf/content/docs/secure-jax-rs-services.html
==============================================================================
--- websites/production/cxf/content/docs/secure-jax-rs-services.html (original)
+++ websites/production/cxf/content/docs/secure-jax-rs-services.html Thu Jun 28 
09:48:08 2012
@@ -124,7 +124,7 @@ Apache CXF -- Secure JAX-RS Services
 <div id="ConfluenceContent"><p><span style="font-size:2em;font-weight:bold"> 
JAX-RS: Security </span></p>
 
 <div>
-<ul><li><a shape="rect" 
href="#SecureJAX-RSServices-HTTPS">HTTPS</a></li><ul><li><a shape="rect" 
href="#SecureJAX-RSServices-Configuringendpoints">Configuring 
endpoints</a></li><li><a shape="rect" 
href="#SecureJAX-RSServices-Configuringclients">Configuring 
clients</a></li></ul><li><a shape="rect" 
href="#SecureJAX-RSServices-Authentication">Authentication</a></li><li><a 
shape="rect" 
href="#SecureJAX-RSServices-Authorization">Authorization</a></li><li><a 
shape="rect" href="#SecureJAX-RSServices-WSTrustintegration">WS-Trust 
integration</a></li><ul><li><a shape="rect" 
href="#SecureJAX-RSServices-ValidatingBasicAuthcredentialswithSTS">Validating 
BasicAuth credentials with STS</a></li></ul><li><a shape="rect" 
href="#SecureJAX-RSServices-NoteaboutSecurityManager">Note about 
SecurityManager</a></li></ul></div>
+<ul><li><a shape="rect" 
href="#SecureJAX-RSServices-HTTPS">HTTPS</a></li><ul><li><a shape="rect" 
href="#SecureJAX-RSServices-Configuringendpoints">Configuring 
endpoints</a></li><li><a shape="rect" 
href="#SecureJAX-RSServices-Configuringclients">Configuring 
clients</a></li></ul><li><a shape="rect" 
href="#SecureJAX-RSServices-Authentication">Authentication</a></li><li><a 
shape="rect" 
href="#SecureJAX-RSServices-Authorization">Authorization</a></li><li><a 
shape="rect" href="#SecureJAX-RSServices-WSTrustintegration">WS-Trust 
integration</a></li><ul><li><a shape="rect" 
href="#SecureJAX-RSServices-ValidatingBasicAuthcredentialswithSTS">Validating 
BasicAuth credentials with STS</a></li><li><a shape="rect" 
href="#SecureJAX-RSServices-UsingSTStovalidateSAMLassertions">Using STS to 
validate SAML assertions</a></li></ul><li><a shape="rect" 
href="#SecureJAX-RSServices-NoteaboutSecurityManager">Note about 
SecurityManager</a></li><li><a shape="rect" 
href="#SecureJAX-RSServices-AdvancedSec
 urity">Advanced Security</a></li><li><a shape="rect" 
href="#SecureJAX-RSServices-Restrictinglargepayloads">Restricting large 
payloads</a></li><li><a shape="rect" 
href="#SecureJAX-RSServices-CrossOriginResourceSharing">Cross Origin Resource 
Sharing</a></li></ul></div>
 
 <h1><a shape="rect" name="SecureJAX-RSServices-HTTPS"></a>HTTPS</h1>
 
@@ -231,6 +231,8 @@ WebClient client = WebClient.create(addr
 
 <p>HTTPConduits can also be 'bound' to proxies or WebClients using expanded 
QNames. Please see this <a shape="rect" 
href="http://cxf.apache.org/docs/jax-rs-client-api.html#JAX-RSClientAPI-ConfiguringanHTTPConduitfromSpring";>section</a>
 for more information.</p>
 
+<p>Please see <a shape="rect" class="external-link" 
href="http://aruld.info/programming-ssl-for-jetty-based-cxf-services/"; 
rel="nofollow">this blog entry</a> on how the HTTPConduit TLS properties can be 
set up from the code. In the code, do 
WebClient.getConfig(myClient).getHTTPConduit() and proceed from there.</p>
+
 <h1><a shape="rect" 
name="SecureJAX-RSServices-Authentication"></a>Authentication</h1>
 
 <p>It is often containers like Tomcat or frameworks like Spring Security which 
handle the user authentication. Sometimes you might want to do the custom 
authentication instead. CXF HTTP Transport adds decoded Basic Authentication 
credentials into an instance of AuthorizationPolicy extension and sets it on 
the current message. Thus the easiest way is to register a custom invoker or 
<tt>RequestHandler</tt> filter which will extract a user name and password like 
this:</p>
@@ -330,8 +332,6 @@ CXF JAX-RS SimpleAuthorizingFilter can b
 
 <p>One of the requirements for deploying CXF endpoints into secure web service 
environments is to ensure that existing WS-Trust STS services can be used to 
protect the endpoints. JAX-WS endpoints can rely on CXF WS-Security and 
WS-Trust support. Making sure CXF JAX-RS endpoints can be additionally secured 
by STS is strategically important task. CXF provides close integration between 
JAX-WS and JAX-RS frontends thus reusing CXF JAX-WS and WS-Security is the most 
effective way toward achieving this integration.</p>
 
-<p>At the moment what can be done is to have Basic Authentication credentials 
validated with STS. The next step is to provide a more advanced integration 
with STS, stay tuned.     </p>
-
 <h2><a shape="rect" 
name="SecureJAX-RSServices-ValidatingBasicAuthcredentialswithSTS"></a>Validating
 BasicAuth credentials with STS</h2>
 
 <p>Validating Basic Authentication credentials with STS is possible starting 
from CXF 2.4.1. JAX-RS and JAX-WS services can rely on this feature. Here is an 
example on how a jaxrs endpoint can be configured:</p>
@@ -403,6 +403,10 @@ CXF JAX-RS SimpleAuthorizingFilter can b
 
 <p>AuthPolicyValidatingInterceptor converts Basic Auth info into WSS4J 
UsernameToken and delegates to STS to validate.</p>
 
+<h2><a shape="rect" 
name="SecureJAX-RSServices-UsingSTStovalidateSAMLassertions"></a>Using STS to 
validate SAML assertions</h2>
+
+<p>Please see <a shape="rect" 
href="http://cxf.apache.org/docs/jax-rs-saml.html#JAX-RSSAML-SAMLAssertionValidation";>this
 section</a> for more information on how STSSamlAssertionValidator can be used 
to validate the inbound SAML assertions.</p>
+
 <h1><a shape="rect" 
name="SecureJAX-RSServices-NoteaboutSecurityManager"></a>Note about 
SecurityManager</h1>
 
 <p>If <tt>java.lang.SecurityManager</tt> is installed then you'll likely need 
to configure the trusted JAX-RS codebase with a 'suppressAccessChecks' 
permission for the injection of JAXRS context or parameter fields to succeed. 
For example, you may want to update a Tomcat <a shape="rect" 
class="external-link" 
href="http://tomcat.apache.org/tomcat-5.5-doc/security-manager-howto.html";>catalina.policy</a>
 with the following permission :</p>
@@ -414,7 +418,18 @@ grant codeBase <span class="code-quote">
 };
 </pre>
 </div></div>
-</div>
+
+<h1><a shape="rect" name="SecureJAX-RSServices-AdvancedSecurity"></a>Advanced 
Security</h1>
+
+<p>Please check <a shape="rect" href="jax-rs-xml-security.html" title="JAX-RS 
XML Security">JAX-RS XML Security</a>, <a shape="rect" href="jax-rs-saml.html" 
title="JAX-RS SAML">JAX-RS SAML</a> and <a shape="rect" 
href="jax-rs-oauth2.html" title="JAX-RS OAuth2">JAX-RS OAuth2</a> pages for 
more information about the advanced security topics.</p>
+
+<h1><a shape="rect" 
name="SecureJAX-RSServices-Restrictinglargepayloads"></a>Restricting large 
payloads</h1>
+
+<p>Please see <a shape="rect" class="external-link" 
href="https://cwiki.apache.org/confluence/display/CXF20DOC/JAX-RS+Data+Bindings#JAX-RSDataBindings-ControllingLargeJAXBXMLandJSONinputpayloads";>this
 section</a> for more information.</p>
+
+<h1><a shape="rect" 
name="SecureJAX-RSServices-CrossOriginResourceSharing"></a>Cross Origin 
Resource Sharing</h1>
+
+<p>Please see <a shape="rect" href="jax-rs-cors.html" title="JAX-RS CORS">this 
section</a> for more information. Also check <a shape="rect" 
href="http://cxf.apache.org/docs/jax-rs-data-bindings.html#JAX-RSDataBindings-JSONWithPadding";>the
 section</a> about JSONP.</p></div>
            </div>
            <!-- Content -->
          </td>

Reply via email to