Author: buildbot Date: Mon Feb 19 10:57:21 2018 New Revision: 1025588 Log: Production update by buildbot for cxf
Modified: websites/production/cxf/content/cache/docs.pageCache websites/production/cxf/content/docs/securing-cxf-services.html Modified: websites/production/cxf/content/cache/docs.pageCache ============================================================================== Binary files - no diff available. Modified: websites/production/cxf/content/docs/securing-cxf-services.html ============================================================================== --- websites/production/cxf/content/docs/securing-cxf-services.html (original) +++ websites/production/cxf/content/docs/securing-cxf-services.html Mon Feb 19 10:57:21 2018 @@ -117,11 +117,11 @@ Apache CXF -- Securing CXF Services <!-- Content --> <div class="wiki-content"> <div id="ConfluenceContent"><p><style type="text/css">/*<![CDATA[*/ -div.rbtoc1508777279496 {padding: 0px;} -div.rbtoc1508777279496 ul {list-style: disc;margin-left: 0px;} -div.rbtoc1508777279496 li {margin-left: 0px;padding-left: 0px;} +div.rbtoc1519037802680 {padding: 0px;} +div.rbtoc1519037802680 ul {list-style: disc;margin-left: 0px;} +div.rbtoc1519037802680 li {margin-left: 0px;padding-left: 0px;} -/*]]>*/</style></p><div class="toc-macro rbtoc1508777279496"> +/*]]>*/</style></p><div class="toc-macro rbtoc1519037802680"> <ul class="toc-indentation"><li><a shape="rect" href="#SecuringCXFServices-Securetransports">Secure transports</a> <ul class="toc-indentation"><li><a shape="rect" href="#SecuringCXFServices-HTTPS">HTTPS</a></li></ul> </li><li><a shape="rect" href="#SecuringCXFServices-SecuringJAX-WSservices">Securing JAX-WS services</a> @@ -220,7 +220,7 @@ div.rbtoc1508777279496 li {margin-left: <jaxrs:server> </pre> -</div></div><p>When one of the limits is reached, the error is returned. JAX-WS consumers will receive 500, JAX-RS/HTTP consumers: 413.</p><p>The following system properties can also be set up for JAX-WS endpoints: "org.apache.cxf.staxutils.innerElementCountThreshold" and "org.apache.cxf.staxutils.innerElementLevelThreshold".</p><p>Please check this <a shape="rect" href="https://cwiki.apache.org/confluence/display/CXF20DOC/JAX-RS+Data+Bindings#JAX-RSDataBindings-ControllingLargeJAXBXMLandJSONinputpayloads">section</a> for the additional information on how JAX-RS JAXB-based providers can be configured.</p><h2 id="SecuringCXFServices-Multiparts">Multiparts</h2><p>The "org.apache.cxf.io.CachedOutputStream.MaxSize" system property or "attachment-max-size" per-endpoint contextual property can be used to control the size of large attachments. When the limits is reached, the error is returned. JAX-WS consumers will receive 500, JAX-RS/HTTP consumers: 413.</p><h1 id="SecuringCXFServices-Lar gedatastreamcaching">Large data stream caching</h1><p>A large stream based message or data will be cached in a temporary file. In default, this caching occurs at data size larger than 64K bytes and a temporary file is written in the system's temporary directory. You can change this behavior and other properties of the caching feature by explicitly setting the following properties.</p><p>To change the default behavior for the entire system, you can set the following system properties.</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Property Name</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Value</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>org.apache.cxf.io.CachedOutputStream.Threshold</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>The threshold value in bytes to switch from memory to file caching</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd "><p>org.apache.cxf.io.CachedOutputStream.MaxSize</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>The data size in bytes to limit the maximum data size to be cached</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>org.apache.cxf.io.CachedOutputStream.OutputDirectory</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>The directory name for storing the temporary files</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>org.apache.cxf.io.CachedOutputStream.CipherTransformation</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>The cipher transformation name for encryptiing the cached content</p></td></tr></tbody></table></div><p>To change the default behavior for a specific bus, you can set the corresponding bus.io.CachedOutputStream properties (e.g., bus.io.CachedOutputStream.Threshold for org.apache.cxf.io.CachedOutputStream.Threshold).</p><p>The encryption option, which is available from CXF 2.6.4 and 2.7.1, uses a s ymmetric encryption using a generated key and it can be used to protect the cached content from unauthorized access. To enable encryption, the CipherTransformation property can be set to the name of an appropriate stream or 8-bit block cipher transformation (e.g., RC4, AES/CTR/NoPadding, etc) that is supported by the environment. However, it is noted that enabling the encryption will result in an increased processing time and it is therefore recommended only in specific use cases where other means to protect the cached content is unavailable.</p></div> +</div></div><p>When one of the limits is reached, the error is returned. JAX-WS consumers will receive 500, JAX-RS/HTTP consumers: 413.</p><p>The following system properties can also be set up for JAX-WS endpoints: "org.apache.cxf.staxutils.innerElementCountThreshold" and "org.apache.cxf.staxutils.innerElementLevelThreshold".</p><p>Please check this <a shape="rect" href="https://cwiki.apache.org/confluence/display/CXF20DOC/JAX-RS+Data+Bindings#JAX-RSDataBindings-ControllingLargeJAXBXMLandJSONinputpayloads">section</a> for the additional information on how JAX-RS JAXB-based providers can be configured.</p><h2 id="SecuringCXFServices-Multiparts">Multiparts</h2><p>The "org.apache.cxf.io.CachedOutputStream.MaxSize" system property or "attachment-max-size" per-endpoint contextual property can be used to control the size of large attachments. When the limits is reached, the error is returned. JAX-WS consumers will receive 500, JAX-RS/HTTP consumers: 413.</p><h1 id="SecuringCXFServices-Lar gedatastreamcaching">Large data stream caching</h1><p>A large stream based message or data will be cached in a temporary file. In default, this caching occurs at data size larger than 64K bytes and a temporary file is written in the system's temporary directory. You can change this behavior and other properties of the caching feature by explicitly setting the following properties.</p><p>To change the default behavior for the entire system, you can set the following system properties.</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Property Name</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Value</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>org.apache.cxf.io.CachedOutputStream.Threshold</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>The threshold value in bytes to switch from memory to file caching. Note that if you are using attachments, the value (or default v alue) set for the "<code class="java string">attachment-memory-threshold</code>" property will override this value.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>org.apache.cxf.io.CachedOutputStream.MaxSize</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>The data size in bytes to limit the maximum data size to be cached</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>org.apache.cxf.io.CachedOutputStream.OutputDirectory</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>The directory name for storing the temporary files</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>org.apache.cxf.io.CachedOutputStream.CipherTransformation</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>The cipher transformation name for encryptiing the cached content</p></td></tr></tbody></table></div><p>To change the default behavior for a specific bus, you can set the corresponding bus.io.CachedOutputStream propertie s (e.g., bus.io.CachedOutputStream.Threshold for org.apache.cxf.io.CachedOutputStream.Threshold).</p><p>The encryption option, which is available from CXF 2.6.4 and 2.7.1, uses a symmetric encryption using a generated key and it can be used to protect the cached content from unauthorized access. To enable encryption, the CipherTransformation property can be set to the name of an appropriate stream or 8-bit block cipher transformation (e.g., RC4, AES/CTR/NoPadding, etc) that is supported by the environment. However, it is noted that enabling the encryption will result in an increased processing time and it is therefore recommended only in specific use cases where other means to protect the cached content is unavailable.</p></div> </div> <!-- Content --> </td>