Author: buildbot
Date: Fri Aug 3 11:47:25 2012
New Revision: 827806
Log:
Production update by buildbot for cxf
Modified:
websites/production/cxf/content/cache/docs.pageCache
websites/production/cxf/content/docs/jaxrs-kerberos.html
Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/cxf/content/docs/jaxrs-kerberos.html
==============================================================================
--- websites/production/cxf/content/docs/jaxrs-kerberos.html (original)
+++ websites/production/cxf/content/docs/jaxrs-kerberos.html Fri Aug 3
11:47:25 2012
@@ -124,7 +124,7 @@ Apache CXF -- JAXRS Kerberos
<div id="ConfluenceContent"><p><span style="font-size:2em;font-weight:bold">
JAX-RS Kerberos Support </span></p>
<div>
-<ul><li><a shape="rect"
href="#JAXRSKerberos-Introduction">Introduction</a></li><ul><li><a shape="rect"
href="#JAXRSKerberos-Setup">Setup</a></li><ul><li><a shape="rect"
href="#JAXRSKerberos-Unix">Unix</a></li><li><a shape="rect"
href="#JAXRSKerberos-Windows">Windows</a></li></ul><li><a shape="rect"
href="#JAXRSKerberos-HTTPNegotiatescheme">HTTP Negotiate scheme</a></li><li><a
shape="rect" href="#JAXRSKerberos-GSSAPI">GSS API</a></li><li><a shape="rect"
href="#JAXRSKerberos-JAASKerberosModuleConfiguration">JAAS Kerberos Module
Configuration</a></li></ul><li><a shape="rect"
href="#JAXRSKerberos-Clientconfiguration">Client
configuration</a></li><ul><li><a shape="rect"
href="#JAXRSKerberos-HTTPConduit">HTTPConduit</a></li><li><a shape="rect"
href="#JAXRSKerberos-Interceptor">Interceptor</a></li><ul><li><a shape="rect"
href="#JAXRSKerberos-AuthorizationPolicy">Authorization Policy</a></li><li><a
shape="rect"
href="#JAXRSKerberos-Configuringtheserviceprincipalname">Configuring th
e service principal name</a></li><li><a shape="rect"
href="#JAXRSKerberos-UsingJAASConfiguration">Using JAAS
Configuration</a></li></ul></ul><li><a shape="rect"
href="#JAXRSKerberos-Serverconfiguration">Server
configuration</a></li><ul><li><a shape="rect"
href="#JAXRSKerberos-ServiceprincipalnameandJAASConfiguration">Service
principal name and JAAS Configuration</a></li><li><a shape="rect"
href="#JAXRSKerberos-CallbackHandler">CallbackHandler</a></li></ul><li><a
shape="rect" href="#JAXRSKerberos-CredentialDelegation">Credential
Delegation</a></li></ul></div>
+<ul><li><a shape="rect"
href="#JAXRSKerberos-Introduction">Introduction</a></li><ul><li><a shape="rect"
href="#JAXRSKerberos-Setup">Setup</a></li><ul><li><a shape="rect"
href="#JAXRSKerberos-Unix">Unix</a></li><li><a shape="rect"
href="#JAXRSKerberos-Windows">Windows</a></li></ul><li><a shape="rect"
href="#JAXRSKerberos-HTTPNegotiatescheme">HTTP Negotiate scheme</a></li><li><a
shape="rect" href="#JAXRSKerberos-GSSAPI">GSS API</a></li><li><a shape="rect"
href="#JAXRSKerberos-JAASKerberosModuleConfiguration">JAAS Kerberos Module
Configuration</a></li></ul><li><a shape="rect"
href="#JAXRSKerberos-Clientconfiguration">Client
configuration</a></li><ul><li><a shape="rect"
href="#JAXRSKerberos-HTTPConduit">HTTPConduit</a></li><li><a shape="rect"
href="#JAXRSKerberos-Interceptor">Interceptor</a></li><ul><li><a shape="rect"
href="#JAXRSKerberos-AuthorizationPolicy">Authorization Policy</a></li><li><a
shape="rect"
href="#JAXRSKerberos-Configuringtheserviceprincipalname">Configuring th
e service principal name</a></li><li><a shape="rect"
href="#JAXRSKerberos-UsingJAASConfiguration">Using JAAS
Configuration</a></li><li><a shape="rect"
href="#JAXRSKerberos-Howtoavoidsettingusernameandpasswordproperties">How to
avoid setting username and password properties</a></li></ul></ul><li><a
shape="rect" href="#JAXRSKerberos-Serverconfiguration">Server
configuration</a></li><ul><li><a shape="rect"
href="#JAXRSKerberos-ServiceprincipalnameandJAASConfiguration">Service
principal name and JAAS Configuration</a></li><li><a shape="rect"
href="#JAXRSKerberos-CallbackHandler">CallbackHandler</a></li></ul><li><a
shape="rect" href="#JAXRSKerberos-CredentialDelegation">Credential
Delegation</a></li></ul></div>
<h1><a shape="rect" name="JAXRSKerberos-Introduction"></a>Introduction</h1>
@@ -245,6 +245,8 @@ Book b = wc.get(Book.class);
<h3><a shape="rect"
name="JAXRSKerberos-Configuringtheserviceprincipalname"></a>Configuring the
service principal name</h3>
+<p>Service principal identifies a target service.</p>
+
<p>By default, the service principal name is calculated by concatenating
"HTTP", "/" and the name of the target host, example, when invoking on
"http://localhost:8080/services";, the service principal name is set to
"HTTP/localhost".</p>
<p>The "servicePrincipalName" and "realm" properties can be used to customize
it, example, setting "servicePrincipalName" to "HTTP/www.mycompany.com" and
realm to "services.org" will result in the
"HTTP/[email protected]" service principal name being used. </p>
@@ -255,6 +257,14 @@ Book b = wc.get(Book.class);
<p>Instead of setting this system property and maintaining a configuration
file, one might want to use an implementation of
javax.security.auth.login.Configuration and set it on the interceptor as a
"loginConfig" property. </p>
+<h3><a shape="rect"
name="JAXRSKerberos-Howtoavoidsettingusernameandpasswordproperties"></a>How to
avoid setting username and password properties</h3>
+
+<p>Typically, one may have to set AuthorizationPolicy UserName and Password
properties for the Kerberos login module to authenticate the user.</p>
+
+<p>The next option is to create a keytab as noted in the Setup section, which
will let one to avoid specifying a password property.<br clear="none">
+Finally, if the user actually owns the Java process which runs the code then
no username and password properties have to be provided, assuming the Kerberos
login configuration has 'useTicketCache' and possibly 'renewTGT' properties set
to "true" </p>
+
+
<h1><a shape="rect" name="JAXRSKerberos-Serverconfiguration"></a>Server
configuration</h1>
<p>org.apache.cxf.jaxrs.security.KerberosAuthenticationFilter can be used to
protected JAX-RS endpoints and enforce that a Negotiate authentication scheme
is used by clients, example:</p>
