Author: buildbot
Date: Wed Aug 8 16:47:32 2012
New Revision: 828398
Log:
Production update by buildbot for cxf
Modified:
websites/production/cxf/content/cache/docs.pageCache
websites/production/cxf/content/docs/ws-security.html
Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/cxf/content/docs/ws-security.html
==============================================================================
--- websites/production/cxf/content/docs/ws-security.html (original)
+++ websites/production/cxf/content/docs/ws-security.html Wed Aug 8 16:47:32
2012
@@ -127,7 +127,7 @@ Apache CXF -- WS-Security
<ul><li>Pass authentication tokens between services</li><li>Encrypt messages
or parts of messages</li><li>Sign messages</li><li>Timestamp messages</li></ul>
-<p>Currently, CXF implements WS-Security by integrating <a shape="rect"
class="external-link" href="http://ws.apache.org/wss4j";>WSS4J</a>. To use the
integration, you'll need to configure these interceptors and add them to your
service and/or client.</p>
+<p>Currently, CXF implements WS-Security by integrating <a shape="rect"
class="external-link" href="http://ws.apache.org/wss4j";>WSS4J</a>. To use the
integration, you'll need to configure these interceptors and add them to your
service and/or client as detailed in this article. Alternatively, WS-Security
can be implemented by using <a shape="rect"
href="http://cxf.apache.org/docs/ws-securitypolicy.html";>WS-SecurityPolicy</a>,
which provides a more comprehensive and sophisticated validation of the
security properties of a received message.</p>
<h1><a shape="rect"
name="WS-Security-Overviewofencryptionandsigning"></a>Overview of encryption
and signing</h1>
@@ -226,8 +226,6 @@ cxfEndpoint.getOutInterceptors().add(wss
class=<span
class="code-quote">"com.mycompany.webservice.ServerPasswordCallback"</span>/>
<span class="code-tag"><jaxws:inInterceptors></span>
- <span class="code-tag"><span class="code-comment"><!-- SAAJ
Interceptor needs to be explicitly declared only in CXF 2.0.x
--></span></span>
- <span class="code-tag"><bean class=<span
class="code-quote">"org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"</span>/></span>
<span class="code-tag"><bean class=<span
class="code-quote">"org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"</span>></span>
<span class="code-tag"><constructor-arg></span>
<span class="code-tag"><map></span>
@@ -246,7 +244,7 @@ cxfEndpoint.getOutInterceptors().add(wss
</pre>
</div></div>
-<p>The entry keys and values given in the constructor-arg element above
(action, signaturePropFile, etc.) map to the text strings in WSS4J's <a
shape="rect" class="external-link"
href="http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/handler/WSHandlerConstants.html";>WSHandlerConstants</a>
and <a shape="rect" class="external-link"
href="http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/WSConstants.html";>WSConstants</a>
classes for the corresponding WSHandlerConstants.XXXXX and WSConstants.XXXX
constants you see in the section below. So by viewing WSHandlerConstants, for
example, you can see that the WSHandlerConstants.USERNAME_TOKEN value given
below would need to be "UsernameToken" instead when doing Spring
configuration.</p>
+<p>The entry keys and values given in the constructor-arg element above
(action, signaturePropFile, etc.) map to the text strings in WSS4J's <a
shape="rect" class="external-link"
href="http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/handler/WSHandlerConstants.html";>WSHandlerConstants</a>
and <a shape="rect" class="external-link"
href="http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/WSConstants.html";>WSConstants</a>
classes for the corresponding WSHandlerConstants.XXXXX and WSConstants.XXXX
constants you see in the section below (also see the WSS4J configuration <a
shape="rect" class="external-link"
href="http://ws.apache.org/wss4j/config.html";>page</a>). So by viewing
WSHandlerConstants, for example, you can see that the
WSHandlerConstants.USERNAME_TOKEN value given below would need to be
"UsernameToken" instead when doing Spring configuration.</p>
<p>If you want to avoid looking up the text keys for the
WSHandlerConstants.XXXXX and WSConstants.XXXX constants, you can also use the
Spring util namespace to reference static constants in your Spring context as
shown below.</p>
@@ -378,7 +376,7 @@ CryptoCoverageChecker checker = <span cl
<p>If a nonce is present in a UsernameToken then it should be cached by the
message recipient to guard against replay attacks. This behaviour is enabled by
default starting with CXF 2.6.0. This functionality is also available from
Apache CXF 2.4.7 and 2.5.3 onwards, but is not enabled by default at all for
backwards-compatibility reasons. The following properties control nonce
caching:</p>
-<ul><li>"ws-security.enable.nonce.cache" - The default value (for CXF 2.6.0)
is "true" for message recipients, and "false" for message initiators. Set it to
true to cache for both cases. The default value for CXF 2.4.x and 2.5.x is
false.</li><li>"ws-security.nonce.cache.instance" - This holds a reference to a
ReplayCache instance used to cache UsernameToken nonces. The default instance
that is used is the EHCacheReplayCache, which uses Ehcache to cache the nonce
values.</li><li>"ws-security.cache.config.file" - Set this property to point to
a configuration file for the underlying caching implementation. By default the
cxf-ehcache.xml file in the CXF rt-ws-security module is used.</li></ul>
+<ul><li>"ws-security.enable.nonce.cache" - Whether to cache UsernameToken
nonces. The default value (for CXF 2.6.0) is "true" for message recipients, and
"false" for message initiators. Set it to true to cache for both cases. The
default value for CXF 2.4.x and 2.5.x is false. See <a shape="rect"
href="http://cxf.apache.org/javadoc/latest/org/apache/cxf/ws/security/SecurityConstants.html#ENABLE_NONCE_CACHE";>here</a>
for more information.</li><li>"ws-security.nonce.cache.instance" - This holds
a reference to a <a shape="rect" class="external-link"
href="http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/cache/ReplayCache.html";>ReplayCache</a>
instance used to cache UsernameToken nonces. The default instance that is used
is the <a shape="rect" class="external-link"
href="http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/cache/EHCacheReplayCache.java?view=markup";>EHCacheReplayCache</a>.</li><li>"ws-security.cache.config.file"
- Set this property to point to a configuration file for the underlying
caching implementation. The default configuration file that is used is <a
shape="rect" class="external-link"
href="http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/resources/cxf-ehcache.xml?view=markup";>cxf-ehcache.xml</a>
in the cxf-rt-ws-security module.</li></ul>
<p>For the server side, you'll want to set up the following properties on your
WSS4JInInterceptor (see <a shape="rect"
href="#WS-Security-addinterceptors">above</a> for code sample):</p>
