Author: buildbot
Date: Mon Oct 15 10:47:35 2012
New Revision: 835114
Log:
Production update by buildbot for cxf
Modified:
websites/production/cxf/content/cache/docs.pageCache
websites/production/cxf/content/docs/jax-rs-saml.html
Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/cxf/content/docs/jax-rs-saml.html
==============================================================================
--- websites/production/cxf/content/docs/jax-rs-saml.html (original)
+++ websites/production/cxf/content/docs/jax-rs-saml.html Mon Oct 15 10:47:35
2012
@@ -468,7 +468,7 @@ Custom validators extending WSS4J SamlAs
<p>CXF JAX-RS offers an extension letting users to enforce a new fine-grained
Claims Based Access Control (CBAC) based on <a shape="rect"
class="external-link"
href="http://svn.apache.org/repos/asf/cxf/trunk/api/src/main/java/org/apache/cxf/security/claims/authorization/Claim.java";>Claim</a>
and <a shape="rect" class="external-link"
href="http://svn.apache.org/repos/asf/cxf/trunk/api/src/main/java/org/apache/cxf/security/claims/authorization/Claims.java";>Claims</a>
annotations as well as <a shape="rect" class="external-link"
href="http://svn.apache.org/repos/asf/cxf/trunk/api/src/main/java/org/apache/cxf/security/claims/authorization/ClaimMode.java";>ClaimMode</a>
enum class. </p>
-<p><b>Note</b> a package for Claim, Claims and ClaimMode annotations has
changed from "org.apache.cxf.rs.security.saml.authorization" to
"org.apache.cxf.security.claims.authorization".</p>
+<p><b>Note</b> a package for Claim, Claims and ClaimMode annotations has
changed from "org.apache.cxf.rs.security.saml.authorization" to
"org.apache.cxf.security.claims.authorization". Starting from CXF 2.7.1, the
default name format for claims is
"urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" instead of
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims";.</p>
<p>Here is a simple code fragment:</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent
panelContent">
@@ -497,7 +497,9 @@ Custom validators extending WSS4J SamlAs
</pre>
</div></div>
-<p>SecureClaimBookStore.addBook(Book) can only be invoked if Subject meets the
following requirement: it needs to have a Claim with a value "admin" and
another Claim confirming that it got authenticated using either a 'fingertip'
or 'smartcard' method. Note that @Claim({"admin"}) has no name and format
classifiers set - it relies on default name and format values, namely
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; and
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims"; respectively. These
default values may change in the future depending on which claims are found to
be used most often - but as you can see you can always provide name and format
values which will scope a given claim value.</p>
+<p>SecureClaimBookStore.addBook(Book) can only be invoked if Subject meets the
following requirement: it needs to have a Claim with a value "admin" and
another Claim confirming that it got authenticated using either a 'fingertip'
or 'smartcard' method. Note that @Claim({"admin"}) has no name and format
classifiers set - it relies on default name and format values, namely
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; and
"urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
("http://schemas.xmlsoap.org/ws/2005/05/identity/claims"; before CXF 2.7.1)
respectively. These default values may change in the future depending on which
claims are found to be used most often - but as you can see you can always
provide name and format values which will scope a given claim value.</p>
+
+
<p>Note that in the above example, a Claim with the name
"http://claims/authentication-format"; has two values, 'fingertip' and
'smartcard'. By default, in order to meet this Claim, Subject needs to have a
Claim which has either a 'fingertip' or 'smartcard' value. If it is expected
that Subject needs to have a Claim which has both 'fingertip' and 'smartcard'
values, then the following change needs to be done:</p>
