You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by dk...@apache.org on 2013/06/24 19:10:57 UTC
svn commit: r867253 [35/46] - in /websites/production/cxf/content: ./ 2008/04/28/ 2008/06/20/ 2009/02/10/ 2009/08/04/ cache/ docs/ docs/cxf-architecture.thumbs/ docs/cxf-dependency-graphs.thumbs/ docs/logbrowser-configuration.thumbs/ docs/logbrowser-so...

Modified: websites/production/cxf/content/docs/saml-web-sso.html
==============================================================================
--- websites/production/cxf/content/docs/saml-web-sso.html (original)
+++ websites/production/cxf/content/docs/saml-web-sso.html Mon Jun 24 17:10:51 2013
@@ -25,6 +25,18 @@
 <meta http-equiv="Content-type" content="text/html;charset=UTF-8">
 <meta name="keywords" content="business integration, EAI, SOA, Service Oriented Architecture, web services, SOAP, JBI, JMS, WSDL, XML, EDI, Electronic Data Interchange, standards support, integration standards, application integration, middleware, software, solutions, services, CXF, open source">
 <meta name="description" content="Apache CXF, Services Framework - SAML Web SSO">
+
+  <link href='http://cxf.apache.org/resources/highlighter/styles/shCore.css' rel='stylesheet' type='text/css' />
+  <link href='http://cxf.apache.org/resources/highlighter/styles/shThemeCXF.css' rel='stylesheet' type='text/css' />
+  <script src='http://cxf.apache.org/resources/highlighter/scripts/shCore.js' type='text/javascript'></script>
+  <script src='http://cxf.apache.org/resources/highlighter/scripts/shBrushJava.js' type='text/javascript'></script>
+  <script src='http://cxf.apache.org/resources/highlighter/scripts/shBrushXml.js' type='text/javascript'></script>
+  
+  <script type="text/javascript">
+  SyntaxHighlighter.defaults['toolbar'] = false;
+  SyntaxHighlighter.all();
+  </script>
+ 
     <title>
 Apache CXF -- SAML Web SSO
     </title>
@@ -42,19 +54,15 @@ Apache CXF -- SAML Web SSO
     <td id="cell-1-0">&nbsp;</td>
     <td id="cell-1-1">&nbsp;</td>
     <td id="cell-1-2">
-      <div style="padding: 5px;">
-        <div id="banner">
-          <!-- Banner -->
-<div id="banner-content">
+      <!-- Banner -->
+<div class="banner" id="banner"><p>
 <table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td align="left" colspan="1" nowrap>
 <a shape="rect" href="http://cxf.apache.org/" title="Apache CXF"><span style="font-weight: bold; font-size: 170%; color: white">Apache CXF</span></a>
 </td><td align="right" colspan="1" nowrap>
 <a shape="rect" href="http://www.apache.org/" title="The Apache Sofware Foundation"><img border="0" alt="ASF Logo" src="http://cxf.apache.org/images/asf-logo.png"></a>
 </td></tr></table>
-</div>
-          <!-- Banner -->
-        </div>
-      </div>
+</p></div>
+      <!-- Banner -->
       <div id="top-menu">
         <table border="0" cellpadding="1" cellspacing="0" width="100%">
           <tr>
@@ -94,7 +102,7 @@ Apache CXF -- SAML Web SSO
 
 
 <hr>
-<ul class="alternate" type="square"><li>Search
+<ul class="alternate" type="square"><li>Search<br clear="none">
 
 <form enctype="application/x-www-form-urlencoded" method="get" id="cse-search-box" action="http://www.google.com/cse">
   <div>
@@ -159,13 +167,13 @@ Apache CXF -- SAML Web SSO
 <h1><a shape="rect" name="SAMLWebSSO-Mavendependencies"></a>Maven dependencies</h1>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
-<span class="code-tag">&lt;dependency&gt;</span>
-  <span class="code-tag">&lt;groupId&gt;</span>org.apache.cxf<span class="code-tag">&lt;/groupId&gt;</span>
-  <span class="code-tag">&lt;artifactId&gt;</span>cxf-rt-rs-security-sso-saml<span class="code-tag">&lt;/artifactId&gt;</span>
-  <span class="code-tag">&lt;version&gt;</span>2.6.1<span class="code-tag">&lt;/version&gt;</span>
-<span class="code-tag">&lt;/dependency&gt;</span>
-</pre>
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
+&lt;dependency&gt;
+  &lt;groupId&gt;org.apache.cxf&lt;/groupId&gt;
+  &lt;artifactId&gt;cxf-rt-rs-security-sso-saml&lt;/artifactId&gt;
+  &lt;version&gt;2.6.1&lt;/version&gt;
+&lt;/dependency&gt;
+]]></script>
 </div></div>
 
 <h1><a shape="rect" name="SAMLWebSSO-IdentityProvider"></a>Identity Provider</h1>
@@ -192,31 +200,31 @@ return to Request Assertion Consumer Ser
 
 <p>Here is an example of a typical filter protecting a custom JAX-RS endpoint:</p>
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
-<span class="code-tag">&lt;bean id=<span class="code-quote">"serviceBean"</span> class=<span class="code-quote">"org.apache.cxf.samlp.sso.BookStore"</span>/&gt;</span>
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
+&lt;bean id="serviceBean" class="org.apache.cxf.samlp.sso.BookStore"/&gt;
 
-<span class="code-tag">&lt;jaxrs:server address=<span class="code-quote">"/app1"</span>&gt;</span> 
-       <span class="code-tag">&lt;jaxrs:serviceBeans&gt;</span>
-          <span class="code-tag">&lt;ref bean=<span class="code-quote">"serviceBean"</span>/&gt;</span>
-       <span class="code-tag">&lt;/jaxrs:serviceBeans&gt;</span>
-       <span class="code-tag">&lt;jaxrs:providers&gt;</span>
-          <span class="code-tag">&lt;ref bean=<span class="code-quote">"redirectGetFilter"</span>/&gt;</span>
-       <span class="code-tag">&lt;/jaxrs:providers&gt;</span>
-<span class="code-tag">&lt;/jaxrs:server&gt;</span>
-
-<span class="code-tag">&lt;bean id=<span class="code-quote">"redirectGetFilter"</span> class=<span class="code-quote">"org.apache.cxf.rs.security.saml.sso.SamlRedirectBindingFilter"</span>&gt;</span>
-      <span class="code-tag">&lt;property name=<span class="code-quote">"idpServiceAddress"</span> value=<span class="code-quote">"https://localhost:9443/idp"</span>/&gt;</span>
-      <span class="code-tag"><span class="code-comment">&lt;!-- both relative and absolute URIs are supported --&gt;</span></span>
-      <span class="code-tag">&lt;property name=<span class="code-quote">"assertionConsumerServiceAddress"</span> value=<span class="code-quote">"/racs/sso"</span>/&gt;</span>
-      <span class="code-tag">&lt;property name=<span class="code-quote">"stateProvider"</span> ref=<span class="code-quote">"stateManager"</span>/&gt;</span>
-<span class="code-tag">&lt;/bean&gt;</span>
-
-
-<span class="code-tag">&lt;bean id=<span class="code-quote">"stateManager"</span> class=<span class="code-quote">"org.apache.cxf.rs.security.saml.sso.state.EHCacheSPStateManager"</span>&gt;</span>
-    <span class="code-tag">&lt;constructor-arg ref=<span class="code-quote">"cxf"</span>/&gt;</span>
-<span class="code-tag">&lt;/bean&gt;</span>
+&lt;jaxrs:server address="/app1"&gt; 
+       &lt;jaxrs:serviceBeans&gt;
+          &lt;ref bean="serviceBean"/&gt;
+       &lt;/jaxrs:serviceBeans&gt;
+       &lt;jaxrs:providers&gt;
+          &lt;ref bean="redirectGetFilter"/&gt;
+       &lt;/jaxrs:providers&gt;
+&lt;/jaxrs:server&gt;
+
+&lt;bean id="redirectGetFilter" class="org.apache.cxf.rs.security.saml.sso.SamlRedirectBindingFilter"&gt;
+      &lt;property name="idpServiceAddress" value="https://localhost:9443/idp"/&gt;
+      &lt;!-- both relative and absolute URIs are supported --&gt;
+      &lt;property name="assertionConsumerServiceAddress" value="/racs/sso"/&gt;
+      &lt;property name="stateProvider" ref="stateManager"/&gt;
+&lt;/bean&gt;
+
+
+&lt;bean id="stateManager" class="org.apache.cxf.rs.security.saml.sso.state.EHCacheSPStateManager"&gt;
+    &lt;constructor-arg ref="cxf"/&gt;
+&lt;/bean&gt;
 
-</pre>
+]]></script>
 </div></div>
 
 <p>Note that at the very minimum the filter needs to have 3 properties set-up:<br clear="none">
@@ -238,38 +246,38 @@ RACS will set up a security context and 
 
 <p>Here is an example of a typical filter protecting a custom JAX-RS endpoint.</p>
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
-<span class="code-tag">&lt;bean id=<span class="code-quote">"serviceBean"</span> class=<span class="code-quote">"org.apache.cxf.samlp.sso.BookStore"</span>/&gt;</span>
-<span class="code-tag">&lt;jaxrs:server address=<span class="code-quote">"/app2"</span>&gt;</span> 
-    <span class="code-tag">&lt;jaxrs:serviceBeans&gt;</span>
-       <span class="code-tag">&lt;ref bean=<span class="code-quote">"serviceBean"</span>/&gt;</span>
-     <span class="code-tag">&lt;/jaxrs:serviceBeans&gt;</span>
-     <span class="code-tag">&lt;jaxrs:providers&gt;</span>
-          <span class="code-tag">&lt;ref bean=<span class="code-quote">"ssoRedirectPOST"</span>/&gt;</span>
-          <span class="code-tag">&lt;ref bean=<span class="code-quote">"samlRequestFormCreator"</span>/&gt;</span> 
-     <span class="code-tag">&lt;/jaxrs:providers&gt;</span>
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
+&lt;bean id="serviceBean" class="org.apache.cxf.samlp.sso.BookStore"/&gt;
+&lt;jaxrs:server address="/app2"&gt; 
+    &lt;jaxrs:serviceBeans&gt;
+       &lt;ref bean="serviceBean"/&gt;
+     &lt;/jaxrs:serviceBeans&gt;
+     &lt;jaxrs:providers&gt;
+          &lt;ref bean="ssoRedirectPOST"/&gt;
+          &lt;ref bean="samlRequestFormCreator"/&gt; 
+     &lt;/jaxrs:providers&gt;
        
-<span class="code-tag">&lt;/jaxrs:server&gt;</span>
+&lt;/jaxrs:server&gt;
 
-<span class="code-tag">&lt;bean id=<span class="code-quote">"ssoRedirectPOST"</span> class=<span class="code-quote">"org.apache.cxf.rs.security.saml.sso.SamlPostBindingFilter"</span>&gt;</span>
-        <span class="code-tag">&lt;property name=<span class="code-quote">"idpServiceAddress"</span> value=<span class="code-quote">"https://localhost:9443/idp"</span>/&gt;</span>
-        <span class="code-tag">&lt;property name=<span class="code-quote">"assertionConsumerServiceAddress"</span> value=<span class="code-quote">"/racs/sso"</span>/&gt;</span>
-        <span class="code-tag">&lt;property name=<span class="code-quote">"stateProvider"</span> ref=<span class="code-quote">"stateManager"</span>/&gt;</span>
-
-        <span class="code-tag">&lt;property name=<span class="code-quote">"useDeflateEncoding"</span> value=<span class="code-quote">"true"</span>/&gt;</span>
-<span class="code-tag">&lt;/bean&gt;</span>
-
-<span class="code-tag">&lt;bean id=<span class="code-quote">"samlRequestFormCreator"</span> class=<span class="code-quote">"org.apache.cxf.jaxrs.provider.RequestDispatcherProvider"</span>&gt;</span>
-      <span class="code-tag">&lt;property name=<span class="code-quote">"dispatcherName"</span> value=<span class="code-quote">"jsp"</span>/&gt;</span>
-      <span class="code-tag">&lt;property name=<span class="code-quote">"useClassNames"</span> value=<span class="code-quote">"true"</span>/&gt;</span>
-<span class="code-tag">&lt;/bean&gt;</span>
+&lt;bean id="ssoRedirectPOST" class="org.apache.cxf.rs.security.saml.sso.SamlPostBindingFilter"&gt;
+        &lt;property name="idpServiceAddress" value="https://localhost:9443/idp"/&gt;
+        &lt;property name="assertionConsumerServiceAddress" value="/racs/sso"/&gt;
+        &lt;property name="stateProvider" ref="stateManager"/&gt;
+
+        &lt;property name="useDeflateEncoding" value="true"/&gt;
+&lt;/bean&gt;
+
+&lt;bean id="samlRequestFormCreator" class="org.apache.cxf.jaxrs.provider.RequestDispatcherProvider"&gt;
+      &lt;property name="dispatcherName" value="jsp"/&gt;
+      &lt;property name="useClassNames" value="true"/&gt;
+&lt;/bean&gt;
     
-<span class="code-tag">&lt;bean id=<span class="code-quote">"stateManager"</span> class=<span class="code-quote">"org.apache.cxf.rs.security.saml.sso.state.EHCacheSPStateManager"</span>&gt;</span>
-    <span class="code-tag">&lt;constructor-arg ref=<span class="code-quote">"cxf"</span>/&gt;</span>
-<span class="code-tag">&lt;/bean&gt;</span>
+&lt;bean id="stateManager" class="org.apache.cxf.rs.security.saml.sso.state.EHCacheSPStateManager"&gt;
+    &lt;constructor-arg ref="cxf"/&gt;
+&lt;/bean&gt;
 
 
-</pre>
+]]></script>
 </div></div>
 
 <p>Note that the POST binding filter has the same 3 required properties as org.apache.cxf.rs.security.saml.sso.SamlRedirectBindingFilter has but also sets a "useDeflateEncoding" property for getting a SAML request deflated. Some IDPs might not be able to process deflated SAML requests with POST binding redirects thus the compression may be optionally disabled.</p>
@@ -281,29 +289,29 @@ RACS will set up a security context and 
 <p>Here is a typical JSP handler for binding org.apache.cxf.rs.security.saml.sso.SAMLRequestInfo to the view:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
-<span class="code-tag">&lt;%@ page import=<span class="code-quote">"javax.servlet.http.HttpServletRequest,org.apache.cxf.rs.security.saml.sso.SamlRequestInfo"</span> %&gt;</span>
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
+&lt;%@ page import="javax.servlet.http.HttpServletRequest,org.apache.cxf.rs.security.saml.sso.SamlRequestInfo" %&gt;
 
 &lt;%
-    SamlRequestInfo data = (SamlRequestInfo)request.getAttribute(<span class="code-quote">"samlrequestinfo"</span>);
+    SamlRequestInfo data = (SamlRequestInfo)request.getAttribute("samlrequestinfo");
 %&gt;
-<span class="code-tag">&lt;html xmlns=<span class="code-quote">"http://www.w3.org/1999/xhtml"</span>&gt;</span>
-<span class="code-tag">&lt;body onLoad=<span class="code-quote">"document.forms[0].submit();"</span>&gt;</span>
-   <span class="code-tag">&lt;form action=<span class="code-quote">"&lt;%= data.getIdpServiceAddress() %&gt;</span>"</span> method=<span class="code-quote">"POST"</span>&gt;
-       <span class="code-tag">&lt;div&gt;</span>             
-        &lt;input type=<span class="code-quote">"hidden"</span> name=<span class="code-quote">"SAMLRequest"</span>
-                value=<span class="code-quote">"<span class="code-tag">&lt;%= data.getSamlRequest() %&gt;</span>"</span>/&gt;
-        &lt;input type=<span class="code-quote">"hidden"</span> name=<span class="code-quote">"RelayState"</span>
-                value=<span class="code-quote">"<span class="code-tag">&lt;%= data.getRelayState() %&gt;</span>"</span>/&gt;
-       <span class="code-tag">&lt;/div&gt;</span>
-        <span class="code-tag">&lt;div&gt;</span>
-         <span class="code-tag">&lt;input type=<span class="code-quote">"submit"</span> value=<span class="code-quote">"Continue"</span>/&gt;</span>
-       <span class="code-tag">&lt;/div&gt;</span>
-   <span class="code-tag">&lt;/form&gt;</span>
+&lt;html xmlns="http://www.w3.org/1999/xhtml"&gt;
+&lt;body onLoad="document.forms[0].submit();"&gt;
+   &lt;form action="&lt;%= data.getIdpServiceAddress() %&gt;" method="POST"&gt;
+       &lt;div&gt;             
+        &lt;input type="hidden" name="SAMLRequest"
+                value="&lt;%= data.getSamlRequest() %&gt;"/&gt;
+        &lt;input type="hidden" name="RelayState"
+                value="&lt;%= data.getRelayState() %&gt;"/&gt;
+       &lt;/div&gt;
+        &lt;div&gt;
+         &lt;input type="submit" value="Continue"/&gt;
+       &lt;/div&gt;
+   &lt;/form&gt;
  
-<span class="code-tag">&lt;/body&gt;</span>
-<span class="code-tag">&lt;/html&gt;</span>
-</pre>
+&lt;/body&gt;
+&lt;/html&gt;
+]]></script>
 </div></div>
 
 <h2><a shape="rect" name="SAMLWebSSO-SigningSAMLAuthenticationRequests"></a>Signing SAML Authentication Requests</h2>
@@ -318,24 +326,24 @@ RACS will set up a security context and 
 <p>Example:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
-<span class="code-tag">&lt;bean id=<span class="code-quote">"ssoSignedRedirectPOST"</span> class=<span class="code-quote">"org.apache.cxf.rs.security.saml.sso.SamlPostBindingFilter"</span>&gt;</span>
-        <span class="code-tag">&lt;property name=<span class="code-quote">"idpServiceAddress"</span> value=<span class="code-quote">"https://localhost:9443/idp"</span>/&gt;</span>
-        <span class="code-tag">&lt;property name=<span class="code-quote">"assertionConsumerServiceAddress"</span> value=<span class="code-quote">"/racs/sso"</span>/&gt;</span>
-        <span class="code-tag">&lt;property name=<span class="code-quote">"stateProvider"</span> ref=<span class="code-quote">"stateManager"</span>/&gt;</span>
-
-        <span class="code-tag">&lt;property name=<span class="code-quote">"signRequest"</span> value=<span class="code-quote">"true"</span>/&gt;</span>
-
-        <span class="code-tag">&lt;property name=<span class="code-quote">"callbackHandlerClass"</span> value=<span class="code-quote">"org.apache.cxf.samlp.sso.SSOCallbackHandler"</span>/&gt;</span>
-        <span class="code-tag">&lt;property name=<span class="code-quote">"signatureUsername"</span> value=<span class="code-quote">"myservicekey"</span>/&gt;</span>
-        <span class="code-tag">&lt;property name=<span class="code-quote">"signaturePropertiesFile"</span> value=<span class="code-quote">"serviceKeystore.properties"</span>/&gt;</span>
-<span class="code-tag">&lt;/bean&gt;</span> 
-
-<span class="code-tag">&lt;bean id=<span class="code-quote">"stateManager"</span> class=<span class="code-quote">"org.apache.cxf.rs.security.saml.sso.state.EHCacheSPStateManager"</span>&gt;</span>
-    <span class="code-tag">&lt;constructor-arg ref=<span class="code-quote">"cxf"</span>/&gt;</span>
-<span class="code-tag">&lt;/bean&gt;</span>
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
+&lt;bean id="ssoSignedRedirectPOST" class="org.apache.cxf.rs.security.saml.sso.SamlPostBindingFilter"&gt;
+        &lt;property name="idpServiceAddress" value="https://localhost:9443/idp"/&gt;
+        &lt;property name="assertionConsumerServiceAddress" value="/racs/sso"/&gt;
+        &lt;property name="stateProvider" ref="stateManager"/&gt;
+
+        &lt;property name="signRequest" value="true"/&gt;
+
+        &lt;property name="callbackHandlerClass" value="org.apache.cxf.samlp.sso.SSOCallbackHandler"/&gt;
+        &lt;property name="signatureUsername" value="myservicekey"/&gt;
+        &lt;property name="signaturePropertiesFile" value="serviceKeystore.properties"/&gt;
+&lt;/bean&gt; 
+
+&lt;bean id="stateManager" class="org.apache.cxf.rs.security.saml.sso.state.EHCacheSPStateManager"&gt;
+    &lt;constructor-arg ref="cxf"/&gt;
+&lt;/bean&gt;
 
-</pre>
+]]></script>
 </div></div>
 
 <h2><a shape="rect" name="SAMLWebSSO-FiltersandStateManagement"></a>Filters and State Management</h2>
@@ -353,9 +361,9 @@ RACS will set up a security context and 
 
 <p>For example, here is a typical Set Cookie request issued by a web application to the browser:</p>
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-java">
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
 Set-Cookie: value; Domain=mydomain; Path=/accounts; Expires=Wed, 13-Jan-2021 22:23:01 GMT;
-</pre>
+]]></script>
 </div></div>
 
 <p>By default, CXF will get a Cookie 'Path' property set to something like "/services", where 'services' is the actual name of the war archive.<br clear="none">
@@ -377,30 +385,30 @@ the current user, persists it and redire
 <p>Here is a typical RACS consfiguration:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
 
-<span class="code-tag">&lt;bean id=<span class="code-quote">"consumerService"</span> class=<span class="code-quote">"org.apache.cxf.rs.security.saml.sso.RequestAssertionConsumerService"</span>&gt;</span>
-        <span class="code-tag">&lt;property name=<span class="code-quote">"stateProvider"</span> ref=<span class="code-quote">"stateManager"</span>/&gt;</span>
+&lt;bean id="consumerService" class="org.apache.cxf.rs.security.saml.sso.RequestAssertionConsumerService"&gt;
+        &lt;property name="stateProvider" ref="stateManager"/&gt;
         &lt;!-- responses are expected to be deflated by default
-        <span class="code-tag">&lt;property name=<span class="code-quote">"supportDeflateEncoding"</span> value=<span class="code-quote">"false"</span>/&gt;</span>
+        &lt;property name="supportDeflateEncoding" value="false"/&gt;
         --&gt;
         &lt;!-- 
            responses are expected to be base64 encoded by default
         --&gt;
-        <span class="code-tag">&lt;property name=<span class="code-quote">"supportBase64Encoding"</span> value=<span class="code-quote">"false"</span>/&gt;</span>
-<span class="code-tag">&lt;/bean&gt;</span>
+        &lt;property name="supportBase64Encoding" value="false"/&gt;
+&lt;/bean&gt;
 
-<span class="code-tag">&lt;bean id=<span class="code-quote">"stateManager"</span> class=<span class="code-quote">"org.apache.cxf.rs.security.saml.sso.state.EHCacheSPStateManager"</span>&gt;</span>
-    <span class="code-tag">&lt;constructor-arg ref=<span class="code-quote">"cxf"</span>/&gt;</span>
-<span class="code-tag">&lt;/bean&gt;</span>
+&lt;bean id="stateManager" class="org.apache.cxf.rs.security.saml.sso.state.EHCacheSPStateManager"&gt;
+    &lt;constructor-arg ref="cxf"/&gt;
+&lt;/bean&gt;
 
 
-<span class="code-tag">&lt;jaxrs:server address=<span class="code-quote">"/racs"</span>&gt;</span> 
-   <span class="code-tag">&lt;jaxrs:serviceBeans&gt;</span>
-       <span class="code-tag">&lt;ref bean=<span class="code-quote">"consumerService"</span>/&gt;</span> 
-   <span class="code-tag">&lt;/jaxrs:serviceBeans&gt;</span>
-<span class="code-tag">&lt;/jaxrs:server&gt;</span>
-</pre>
+&lt;jaxrs:server address="/racs"&gt; 
+   &lt;jaxrs:serviceBeans&gt;
+       &lt;ref bean="consumerService"/&gt; 
+   &lt;/jaxrs:serviceBeans&gt;
+&lt;/jaxrs:server&gt;
+]]></script>
 </div></div>
 
 <p>RACS is implemented as a JAX-RS server endpoint. It needs a reference to the SSO State Manager and by default it expects that SAML Response is deflated and Base64 encoded which can be changed. It shares the same 'stateTimeToLive' property with the filters which can be used to restrict the time the security context state is kept for.</p>
@@ -415,16 +423,16 @@ the current user, persists it and redire
 <p>RACS can be setup to support verifying signed Responses, or signed Assertions contained in a Response. Similarly, either "callbackHandler" or "callbackHandlerClass" must be configured if you wish to support decrypting encrypted Assertions. For example:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
-<span class="code-tag">&lt;bean id=<span class="code-quote">"consumerService"</span> class=<span class="code-quote">"org.apache.cxf.rs.security.saml.sso.RequestAssertionConsumerService"</span>&gt;</span>
-        <span class="code-tag">&lt;property name=<span class="code-quote">"stateProvider"</span> ref=<span class="code-quote">"stateManager"</span>/&gt;</span>
-        <span class="code-tag">&lt;property name=<span class="code-quote">"supportBase64Encoding"</span> value=<span class="code-quote">"false"</span>/&gt;</span>
-
-        <span class="code-tag">&lt;property name=<span class="code-quote">"signaturePropertiesFile"</span> value=<span class="code-quote">"serviceKeystore.properties"</span>/&gt;</span>
-        <span class="code-tag">&lt;property name=<span class="code-quote">"enforceAssertionsSigned"</span> value=<span class="code-quote">"false"</span>/&gt;</span>
-        <span class="code-tag">&lt;property name=<span class="code-quote">"callbackHandlerClass"</span> value=<span class="code-quote">"org.apache.cxf.samlp.sso.SSOCallbackHandler"</span>/&gt;</span>
-<span class="code-tag">&lt;/bean&gt;</span>
-</pre>
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
+&lt;bean id="consumerService" class="org.apache.cxf.rs.security.saml.sso.RequestAssertionConsumerService"&gt;
+        &lt;property name="stateProvider" ref="stateManager"/&gt;
+        &lt;property name="supportBase64Encoding" value="false"/&gt;
+
+        &lt;property name="signaturePropertiesFile" value="serviceKeystore.properties"/&gt;
+        &lt;property name="enforceAssertionsSigned" value="false"/&gt;
+        &lt;property name="callbackHandlerClass" value="org.apache.cxf.samlp.sso.SSOCallbackHandler"/&gt;
+&lt;/bean&gt;
+]]></script>
 </div></div>
 
 <p>In this example the "enforceAssertionsSigned" enforcing that signed Assertions are contained in a Response is disabled by default and RACS will only verify that the actual Responses are signed.</p>
@@ -437,30 +445,30 @@ the current user, persists it and redire
 
 <p>For example, by default, the EhCache provider will overflow the data to the system temp directory and will not persist the data across restarts. The following EhCache configuration can be used to change it:</p>
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
-<span class="code-tag">&lt;ehcache xsi:noNamespaceSchemaLocation=<span class="code-quote">"ehcache.xsd"</span> updateCheck=<span class="code-quote">"false"</span> monitoring=<span class="code-quote">"autodetect"</span> dynamicConfig=<span class="code-quote">"true"</span>&gt;</span>
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
+&lt;ehcache xsi:noNamespaceSchemaLocation="ehcache.xsd" updateCheck="false" monitoring="autodetect" dynamicConfig="true"&gt;
 
-    <span class="code-tag">&lt;diskStore path=<span class="code-quote">"/home/username/work/ehcache"</span>/&gt;</span>
+    &lt;diskStore path="/home/username/work/ehcache"/&gt;
 
     &lt;defaultCache
-            maxEntriesLocalHeap=<span class="code-quote">"5000"</span>
-            timeToIdleSeconds=<span class="code-quote">"3600"</span>
-            timeToLiveSeconds=<span class="code-quote">"3600"</span>
-            overflowToDisk=<span class="code-quote">"true"</span>
-            maxElementsOnDisk=<span class="code-quote">"10000000"</span>
-            diskPersistent=<span class="code-quote">"true"</span>
-            diskExpiryThreadIntervalSeconds=<span class="code-quote">"120"</span>
-            memoryStoreEvictionPolicy=<span class="code-quote">"LRU"</span>
+            maxEntriesLocalHeap="5000"
+            timeToIdleSeconds="3600"
+            timeToLiveSeconds="3600"
+            overflowToDisk="true"
+            maxElementsOnDisk="10000000"
+            diskPersistent="true"
+            diskExpiryThreadIntervalSeconds="120"
+            memoryStoreEvictionPolicy="LRU"
             /&gt;
-<span class="code-tag">&lt;/ehcache&gt;</span>
+&lt;/ehcache&gt;
 
 Assuming this configuration is saved in WEB-INF/ehcache.xml, the EhCache provider can be configured as follows:
 
 {code:xml}
-<span class="code-tag">&lt;bean id=<span class="code-quote">"stateManager"</span> class=<span class="code-quote">"org.apache.cxf.rs.security.saml.sso.state.EHCacheSPStateManager"</span>&gt;</span>
-    <span class="code-tag">&lt;constructor-arg value=<span class="code-quote">"/WEB-INF/ehcache.xml"</span>/&gt;</span>
-<span class="code-tag">&lt;/bean&gt;</span>
-</pre>
+&lt;bean id="stateManager" class="org.apache.cxf.rs.security.saml.sso.state.EHCacheSPStateManager"&gt;
+    &lt;constructor-arg value="/WEB-INF/ehcache.xml"/&gt;
+&lt;/bean&gt;
+]]></script>
 </div></div>
 
 <h2><a shape="rect" name="SAMLWebSSO-DistributedStateManagement"></a>Distributed State Management</h2>
@@ -476,43 +484,43 @@ One approach is to setup the Ehcache pro
 
 <p>For example, the following jaxrs:endpoint can be deployed alongside the RACS endpoint running in its own web application:</p>
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
-    <span class="code-tag">&lt;bean id=<span class="code-quote">"stateManager"</span> class=<span class="code-quote">"org.apache.cxf.rs.security.saml.sso.state.HTTPSPStateManager"</span>/&gt;</span>
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
+    &lt;bean id="stateManager" class="org.apache.cxf.rs.security.saml.sso.state.HTTPSPStateManager"/&gt;
 
-    <span class="code-tag">&lt;bean id=<span class="code-quote">"consumerService"</span> class=<span class="code-quote">"org.apache.cxf.rs.security.saml.sso.RequestAssertionConsumerService"</span>&gt;</span>
-        <span class="code-tag">&lt;property name=<span class="code-quote">"stateProvider"</span> ref=<span class="code-quote">"stateManager"</span>/&gt;</span>
-        <span class="code-tag">&lt;property name=<span class="code-quote">"signaturePropertiesFile"</span> value=<span class="code-quote">"serviceKeystore.properties"</span>/&gt;</span>
-        <span class="code-tag">&lt;property name=<span class="code-quote">"callbackHandlerClass"</span> value=<span class="code-quote">"oauth2.sso.SSOCallbackHandler"</span>/&gt;</span>
-    <span class="code-tag">&lt;/bean&gt;</span>
+    &lt;bean id="consumerService" class="org.apache.cxf.rs.security.saml.sso.RequestAssertionConsumerService"&gt;
+        &lt;property name="stateProvider" ref="stateManager"/&gt;
+        &lt;property name="signaturePropertiesFile" value="serviceKeystore.properties"/&gt;
+        &lt;property name="callbackHandlerClass" value="oauth2.sso.SSOCallbackHandler"/&gt;
+    &lt;/bean&gt;
     
-    <span class="code-tag">&lt;jaxrs:server address=<span class="code-quote">"/"</span>&gt;</span> 
-       <span class="code-tag">&lt;jaxrs:serviceBeans&gt;</span>
-          <span class="code-tag">&lt;ref bean=<span class="code-quote">"consumerService"</span>/&gt;</span>
-          <span class="code-tag">&lt;ref bean=<span class="code-quote">"stateManager"</span>/&gt;</span> 
-       <span class="code-tag">&lt;/jaxrs:serviceBeans&gt;</span>
-    <span class="code-tag">&lt;/jaxrs:server&gt;</span>
-</pre>
+    &lt;jaxrs:server address="/"&gt; 
+       &lt;jaxrs:serviceBeans&gt;
+          &lt;ref bean="consumerService"/&gt;
+          &lt;ref bean="stateManager"/&gt; 
+       &lt;/jaxrs:serviceBeans&gt;
+    &lt;/jaxrs:server&gt;
+]]></script>
 </div></div>
 
 <p>Note that the RACS bean itself directly uses HTTPSPStateManager which is also available as an HTTP endpoint for all the SSO security filters to work with.<br clear="none">
 Here is an example of how the SPStateManagers at the individual SSO filter end can use this HTTP endpoint:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
 
-&lt;jaxrs:client id=<span class="code-quote">"stateManager"</span>
-         address=<span class="code-quote">"https://localhost:${racs.port}/racs"</span>
-         serviceClass=<span class="code-quote">"org.apache.cxf.rs.security.saml.sso.state.HTTPSPStateManager"</span>/&gt;
+&lt;jaxrs:client id="stateManager"
+         address="https://localhost:${racs.port}/racs"
+         serviceClass="org.apache.cxf.rs.security.saml.sso.state.HTTPSPStateManager"/&gt;
          
- <span class="code-tag">&lt;bean id=<span class="code-quote">"ssoRedirectURI"</span> class=<span class="code-quote">"org.apache.cxf.rs.security.saml.sso.SamlRedirectBindingFilter"</span>&gt;</span>
-    <span class="code-tag">&lt;property name=<span class="code-quote">"idpServiceAddress"</span> value=<span class="code-quote">"${idp.address}"</span>/&gt;</span>
-    &lt;property name=<span class="code-quote">"assertionConsumerServiceAddress"</span> 
-               value=<span class="code-quote">"https://localhost:${racs.port}/racs/sso"</span>/&gt;
-    <span class="code-tag">&lt;property name=<span class="code-quote">"stateProvider"</span> ref=<span class="code-quote">"stateManager"</span>/&gt;</span>
-    <span class="code-tag">&lt;property name=<span class="code-quote">"addWebAppContext"</span> value=<span class="code-quote">"false"</span>/&gt;</span> 
- <span class="code-tag">&lt;/bean&gt;</span>
+ &lt;bean id="ssoRedirectURI" class="org.apache.cxf.rs.security.saml.sso.SamlRedirectBindingFilter"&gt;
+    &lt;property name="idpServiceAddress" value="${idp.address}"/&gt;
+    &lt;property name="assertionConsumerServiceAddress" 
+               value="https://localhost:${racs.port}/racs/sso"/&gt;
+    &lt;property name="stateProvider" ref="stateManager"/&gt;
+    &lt;property name="addWebAppContext" value="false"/&gt; 
+ &lt;/bean&gt;
 
-</pre>
+]]></script>
 </div></div>
 
 

Modified: websites/production/cxf/content/docs/sample-projects.html
==============================================================================
--- websites/production/cxf/content/docs/sample-projects.html (original)
+++ websites/production/cxf/content/docs/sample-projects.html Mon Jun 24 17:10:51 2013
@@ -25,6 +25,8 @@
 <meta http-equiv="Content-type" content="text/html;charset=UTF-8">
 <meta name="keywords" content="business integration, EAI, SOA, Service Oriented Architecture, web services, SOAP, JBI, JMS, WSDL, XML, EDI, Electronic Data Interchange, standards support, integration standards, application integration, middleware, software, solutions, services, CXF, open source">
 <meta name="description" content="Apache CXF, Services Framework - Sample Projects">
+
+
     <title>
 Apache CXF -- Sample Projects
     </title>
@@ -42,19 +44,15 @@ Apache CXF -- Sample Projects
     <td id="cell-1-0">&nbsp;</td>
     <td id="cell-1-1">&nbsp;</td>
     <td id="cell-1-2">
-      <div style="padding: 5px;">
-        <div id="banner">
-          <!-- Banner -->
-<div id="banner-content">
+      <!-- Banner -->
+<div class="banner" id="banner"><p>
 <table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td align="left" colspan="1" nowrap>
 <a shape="rect" href="http://cxf.apache.org/" title="Apache CXF"><span style="font-weight: bold; font-size: 170%; color: white">Apache CXF</span></a>
 </td><td align="right" colspan="1" nowrap>
 <a shape="rect" href="http://www.apache.org/" title="The Apache Sofware Foundation"><img border="0" alt="ASF Logo" src="http://cxf.apache.org/images/asf-logo.png"></a>
 </td></tr></table>
-</div>
-          <!-- Banner -->
-        </div>
-      </div>
+</p></div>
+      <!-- Banner -->
       <div id="top-menu">
         <table border="0" cellpadding="1" cellspacing="0" width="100%">
           <tr>
@@ -94,7 +92,7 @@ Apache CXF -- Sample Projects
 
 
 <hr>
-<ul class="alternate" type="square"><li>Search
+<ul class="alternate" type="square"><li>Search<br clear="none">
 
 <form enctype="application/x-www-form-urlencoded" method="get" id="cse-search-box" action="http://www.google.com/cse">
   <div>

Modified: websites/production/cxf/content/docs/schemas-and-namespaces.html
==============================================================================
--- websites/production/cxf/content/docs/schemas-and-namespaces.html (original)
+++ websites/production/cxf/content/docs/schemas-and-namespaces.html Mon Jun 24 17:10:51 2013
@@ -25,6 +25,18 @@
 <meta http-equiv="Content-type" content="text/html;charset=UTF-8">
 <meta name="keywords" content="business integration, EAI, SOA, Service Oriented Architecture, web services, SOAP, JBI, JMS, WSDL, XML, EDI, Electronic Data Interchange, standards support, integration standards, application integration, middleware, software, solutions, services, CXF, open source">
 <meta name="description" content="Apache CXF, Services Framework - Schemas and Namespaces">
+
+  <link href='http://cxf.apache.org/resources/highlighter/styles/shCore.css' rel='stylesheet' type='text/css' />
+  <link href='http://cxf.apache.org/resources/highlighter/styles/shThemeCXF.css' rel='stylesheet' type='text/css' />
+  <script src='http://cxf.apache.org/resources/highlighter/scripts/shCore.js' type='text/javascript'></script>
+  <script src='http://cxf.apache.org/resources/highlighter/scripts/shBrushJava.js' type='text/javascript'></script>
+  <script src='http://cxf.apache.org/resources/highlighter/scripts/shBrushXml.js' type='text/javascript'></script>
+  
+  <script type="text/javascript">
+  SyntaxHighlighter.defaults['toolbar'] = false;
+  SyntaxHighlighter.all();
+  </script>
+ 
     <title>
 Apache CXF -- Schemas and Namespaces
     </title>
@@ -42,19 +54,15 @@ Apache CXF -- Schemas and Namespaces
     <td id="cell-1-0">&nbsp;</td>
     <td id="cell-1-1">&nbsp;</td>
     <td id="cell-1-2">
-      <div style="padding: 5px;">
-        <div id="banner">
-          <!-- Banner -->
-<div id="banner-content">
+      <!-- Banner -->
+<div class="banner" id="banner"><p>
 <table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td align="left" colspan="1" nowrap>
 <a shape="rect" href="http://cxf.apache.org/" title="Apache CXF"><span style="font-weight: bold; font-size: 170%; color: white">Apache CXF</span></a>
 </td><td align="right" colspan="1" nowrap>
 <a shape="rect" href="http://www.apache.org/" title="The Apache Sofware Foundation"><img border="0" alt="ASF Logo" src="http://cxf.apache.org/images/asf-logo.png"></a>
 </td></tr></table>
-</div>
-          <!-- Banner -->
-        </div>
-      </div>
+</p></div>
+      <!-- Banner -->
       <div id="top-menu">
         <table border="0" cellpadding="1" cellspacing="0" width="100%">
           <tr>
@@ -94,7 +102,7 @@ Apache CXF -- Schemas and Namespaces
 
 
 <hr>
-<ul class="alternate" type="square"><li>Search
+<ul class="alternate" type="square"><li>Search<br clear="none">
 
 <form enctype="application/x-www-form-urlencoded" method="get" id="cse-search-box" action="http://www.google.com/cse">
   <div>
@@ -156,27 +164,27 @@ Apache CXF -- Schemas and Namespaces
 
 <p>The following is an example of a valid Spring configuration file. Using the table above, there is no magic involved in setting the correct value for the schemaLocation attribute!</p>
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
-&lt;beans xmlns=<span class="code-quote">"http://www.springframework.org/schema/beans"</span>
-    <span class="code-keyword">xmlns:xsi</span>=<span class="code-quote">"http://www.w3.org/2001/XMLSchema-instance"</span>
-    <span class="code-keyword">xmlns:http-conf</span>=<span class="code-quote">"http://cxf.apache.org/transports/http/configuration"</span>
-    <span class="code-keyword">xmlns:jaxws</span>=<span class="code-quote">"http://cxf.apache.org/jaxws"</span>
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
+&lt;beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:http-conf="http://cxf.apache.org/transports/http/configuration"
+    xmlns:jaxws="http://cxf.apache.org/jaxws"
     xsi:schemaLocation="
 http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
 http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd
 http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd"&gt;
 
-    <span class="code-tag">&lt;http-conf:conduit name=<span class="code-quote">"{http://cxf.apache.org/hello_world_soap_http}SoapPort.http-conduit"</span>&gt;</span>
-        <span class="code-tag">&lt;http-conf:client DecoupledEndpoint=<span class="code-quote">"http://localhost:9999/decoupled_endpoint"</span>/&gt;</span>
-    <span class="code-tag">&lt;/http-conf:conduit&gt;</span>
-
-    <span class="code-tag">&lt;jaxws:client name=<span class="code-quote">"{http://cxf.apache.org/hello_world_soap_http}SoapPort"</span> createdFromAPI=<span class="code-quote">"true"</span>&gt;</span>
-        <span class="code-tag">&lt;jaxws:conduitSelector&gt;</span>
-            <span class="code-tag">&lt;bean class=<span class="code-quote">"org.apache.cxf.endpoint.DeferredConduitSelector"</span>/&gt;</span>
-        <span class="code-tag">&lt;/jaxws:conduitSelector&gt;</span>
-    <span class="code-tag">&lt;/jaxws:client&gt;</span>
-<span class="code-tag">&lt;/beans&gt;</span>
-</pre>
+    &lt;http-conf:conduit name="{http://cxf.apache.org/hello_world_soap_http}SoapPort.http-conduit"&gt;
+        &lt;http-conf:client DecoupledEndpoint="http://localhost:9999/decoupled_endpoint"/&gt;
+    &lt;/http-conf:conduit&gt;
+
+    &lt;jaxws:client name="{http://cxf.apache.org/hello_world_soap_http}SoapPort" createdFromAPI="true"&gt;
+        &lt;jaxws:conduitSelector&gt;
+            &lt;bean class="org.apache.cxf.endpoint.DeferredConduitSelector"/&gt;
+        &lt;/jaxws:conduitSelector&gt;
+    &lt;/jaxws:client&gt;
+&lt;/beans&gt;
+]]></script>
 </div></div>
 <p><b>Other Schemas</b></p>
 
@@ -188,9 +196,9 @@ http://www.springframework.org/schema/be
 
 <p>Note for Developers: If you define your own configuration schema, place it in the schemas subdirectory of the resources directory, then combine <a shape="rect" href="http://cxf.apache.org/">http://cxf.apache.org/</a> and the path of the schema relative to the resources directory to form the system ID, and make the latter known to Spring by adding a line similar to the following to the <b>spring.schemas</b> file in your module's META-INF directory (note the escaped : character):</p>
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
 http\://cxf.apache.org/schemas/wsdl/http-conf.xsd=schemas/wsdl/http-conf.xsd
-</pre>
+]]></script>
 </div></div></div>
            </div>
            <!-- Content -->

Modified: websites/production/cxf/content/docs/sdo.html
==============================================================================
--- websites/production/cxf/content/docs/sdo.html (original)
+++ websites/production/cxf/content/docs/sdo.html Mon Jun 24 17:10:51 2013
@@ -25,6 +25,17 @@
 <meta http-equiv="Content-type" content="text/html;charset=UTF-8">
 <meta name="keywords" content="business integration, EAI, SOA, Service Oriented Architecture, web services, SOAP, JBI, JMS, WSDL, XML, EDI, Electronic Data Interchange, standards support, integration standards, application integration, middleware, software, solutions, services, CXF, open source">
 <meta name="description" content="Apache CXF, Services Framework - SDO">
+
+  <link href='http://cxf.apache.org/resources/highlighter/styles/shCore.css' rel='stylesheet' type='text/css' />
+  <link href='http://cxf.apache.org/resources/highlighter/styles/shThemeCXF.css' rel='stylesheet' type='text/css' />
+  <script src='http://cxf.apache.org/resources/highlighter/scripts/shCore.js' type='text/javascript'></script>
+  <script src='http://cxf.apache.org/resources/highlighter/scripts/shBrushJava.js' type='text/javascript'></script>
+  
+  <script type="text/javascript">
+  SyntaxHighlighter.defaults['toolbar'] = false;
+  SyntaxHighlighter.all();
+  </script>
+ 
     <title>
 Apache CXF -- SDO
     </title>
@@ -42,19 +53,15 @@ Apache CXF -- SDO
     <td id="cell-1-0">&nbsp;</td>
     <td id="cell-1-1">&nbsp;</td>
     <td id="cell-1-2">
-      <div style="padding: 5px;">
-        <div id="banner">
-          <!-- Banner -->
-<div id="banner-content">
+      <!-- Banner -->
+<div class="banner" id="banner"><p>
 <table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td align="left" colspan="1" nowrap>
 <a shape="rect" href="http://cxf.apache.org/" title="Apache CXF"><span style="font-weight: bold; font-size: 170%; color: white">Apache CXF</span></a>
 </td><td align="right" colspan="1" nowrap>
 <a shape="rect" href="http://www.apache.org/" title="The Apache Sofware Foundation"><img border="0" alt="ASF Logo" src="http://cxf.apache.org/images/asf-logo.png"></a>
 </td></tr></table>
-</div>
-          <!-- Banner -->
-        </div>
-      </div>
+</p></div>
+      <!-- Banner -->
       <div id="top-menu">
         <table border="0" cellpadding="1" cellspacing="0" width="100%">
           <tr>
@@ -94,7 +101,7 @@ Apache CXF -- SDO
 
 
 <hr>
-<ul class="alternate" type="square"><li>Search
+<ul class="alternate" type="square"><li>Search<br clear="none">
 
 <form enctype="application/x-www-form-urlencoded" method="get" id="cse-search-box" action="http://www.google.com/cse">
   <div>
@@ -127,7 +134,7 @@ Apache CXF -- SDO
 <p>By default, CXF does not ship with the Tuscany SDO jars.   You will need to acquire them elsewhere and add them to the classpath for the SDO databinding to work.  The list of required jars are:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-java">
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
 backport-util-concurrent-3.0.jar
 codegen-2.2.3.jar
 codegen-ecore-2.2.3.jar
@@ -140,7 +147,7 @@ tuscany-sdo-impl-1.1.1.jar
 tuscany-sdo-lib-1.1.1.jar
 tuscany-sdo-tools-1.1.1.jar
 xsd-2.2.3.jar
-</pre>
+]]></script>
 </div></div>
 
 <h3><a shape="rect" name="SDO-CodeGeneration"></a>Code Generation</h3>

Modified: websites/production/cxf/content/docs/secure-jax-rs-services.html
==============================================================================
--- websites/production/cxf/content/docs/secure-jax-rs-services.html (original)
+++ websites/production/cxf/content/docs/secure-jax-rs-services.html Mon Jun 24 17:10:51 2013
@@ -25,6 +25,18 @@
 <meta http-equiv="Content-type" content="text/html;charset=UTF-8">
 <meta name="keywords" content="business integration, EAI, SOA, Service Oriented Architecture, web services, SOAP, JBI, JMS, WSDL, XML, EDI, Electronic Data Interchange, standards support, integration standards, application integration, middleware, software, solutions, services, CXF, open source">
 <meta name="description" content="Apache CXF, Services Framework - Secure JAX-RS Services">
+
+  <link href='http://cxf.apache.org/resources/highlighter/styles/shCore.css' rel='stylesheet' type='text/css' />
+  <link href='http://cxf.apache.org/resources/highlighter/styles/shThemeCXF.css' rel='stylesheet' type='text/css' />
+  <script src='http://cxf.apache.org/resources/highlighter/scripts/shCore.js' type='text/javascript'></script>
+  <script src='http://cxf.apache.org/resources/highlighter/scripts/shBrushJava.js' type='text/javascript'></script>
+  <script src='http://cxf.apache.org/resources/highlighter/scripts/shBrushXml.js' type='text/javascript'></script>
+  
+  <script type="text/javascript">
+  SyntaxHighlighter.defaults['toolbar'] = false;
+  SyntaxHighlighter.all();
+  </script>
+ 
     <title>
 Apache CXF -- Secure JAX-RS Services
     </title>
@@ -42,19 +54,15 @@ Apache CXF -- Secure JAX-RS Services
     <td id="cell-1-0">&nbsp;</td>
     <td id="cell-1-1">&nbsp;</td>
     <td id="cell-1-2">
-      <div style="padding: 5px;">
-        <div id="banner">
-          <!-- Banner -->
-<div id="banner-content">
+      <!-- Banner -->
+<div class="banner" id="banner"><p>
 <table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td align="left" colspan="1" nowrap>
 <a shape="rect" href="http://cxf.apache.org/" title="Apache CXF"><span style="font-weight: bold; font-size: 170%; color: white">Apache CXF</span></a>
 </td><td align="right" colspan="1" nowrap>
 <a shape="rect" href="http://www.apache.org/" title="The Apache Sofware Foundation"><img border="0" alt="ASF Logo" src="http://cxf.apache.org/images/asf-logo.png"></a>
 </td></tr></table>
-</div>
-          <!-- Banner -->
-        </div>
-      </div>
+</p></div>
+      <!-- Banner -->
       <div id="top-menu">
         <table border="0" cellpadding="1" cellspacing="0" width="100%">
           <tr>
@@ -94,7 +102,7 @@ Apache CXF -- Secure JAX-RS Services
 
 
 <hr>
-<ul class="alternate" type="square"><li>Search
+<ul class="alternate" type="square"><li>Search<br clear="none">
 
 <form enctype="application/x-www-form-urlencoded" method="get" id="cse-search-box" action="http://www.google.com/cse">
   <div>
@@ -137,12 +145,12 @@ Apache CXF -- Secure JAX-RS Services
 <p>JAX-RS endpoints using embedded Jetty can rely on the configuration like this one:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
-&lt;beans xmlns=<span class="code-quote">"http://www.springframework.org/schema/beans"</span>
-       <span class="code-keyword">xmlns:xsi</span>=<span class="code-quote">"http://www.w3.org/2001/XMLSchema-instance"</span>
-       <span class="code-keyword">xmlns:http</span>=<span class="code-quote">"http://cxf.apache.org/transports/http/configuration"</span>
-       <span class="code-keyword">xmlns:httpj</span>=<span class="code-quote">"http://cxf.apache.org/transports/http-jetty/configuration"</span>
-       <span class="code-keyword">xmlns:sec</span>=<span class="code-quote">"http://cxf.apache.org/configuration/security"</span>
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
+&lt;beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xmlns:http="http://cxf.apache.org/transports/http/configuration"
+       xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+       xmlns:sec="http://cxf.apache.org/configuration/security"
        xsi:schemaLocation="
         http://www.springframework.org/schema/beans                 http://www.springframework.org/schema/beans/spring-beans.xsd
         http://cxf.apache.org/transports/http/configuration         http://cxf.apache.org/schemas/configuration/http-conf.xsd
@@ -150,59 +158,59 @@ Apache CXF -- Secure JAX-RS Services
         http://cxf.apache.org/configuration/security                http://cxf.apache.org/schemas/configuration/security.xsd"&gt;
 
 
-    <span class="code-tag">&lt;httpj:engine-factory id=<span class="code-quote">"port-9095-tls-config"</span>&gt;</span>
-        <span class="code-tag">&lt;httpj:engine port=<span class="code-quote">"9095"</span>&gt;</span>
-            <span class="code-tag">&lt;httpj:tlsServerParameters&gt;</span>
-                <span class="code-tag">&lt;sec:keyManagers keyPassword=<span class="code-quote">"password"</span>&gt;</span>
-	            &lt;sec:keyStore type=<span class="code-quote">"JKS"</span> password=<span class="code-quote">"password"</span> 
-	                file=<span class="code-quote">"src/test/java/org/apache/cxf/systest/http/resources/Bethal.jks"</span>/&gt;
-	        <span class="code-tag">&lt;/sec:keyManagers&gt;</span>
-	        <span class="code-tag">&lt;sec:trustManagers&gt;</span>
-	            &lt;sec:keyStore type=<span class="code-quote">"JKS"</span> password=<span class="code-quote">"password"</span>
-	                file=<span class="code-quote">"src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"</span>/&gt;
-	     	<span class="code-tag">&lt;/sec:trustManagers&gt;</span>
-            <span class="code-tag">&lt;/httpj:tlsServerParameters&gt;</span>
-        <span class="code-tag">&lt;/httpj:engine&gt;</span>
-    <span class="code-tag">&lt;/httpj:engine-factory&gt;</span>
-<span class="code-tag">&lt;/beans&gt;</span>
-</pre>
+    &lt;httpj:engine-factory id="port-9095-tls-config"&gt;
+        &lt;httpj:engine port="9095"&gt;
+            &lt;httpj:tlsServerParameters&gt;
+                &lt;sec:keyManagers keyPassword="password"&gt;
+	            &lt;sec:keyStore type="JKS" password="password" 
+	                file="src/test/java/org/apache/cxf/systest/http/resources/Bethal.jks"/&gt;
+	        &lt;/sec:keyManagers&gt;
+	        &lt;sec:trustManagers&gt;
+	            &lt;sec:keyStore type="JKS" password="password"
+	                file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/&gt;
+	     	&lt;/sec:trustManagers&gt;
+            &lt;/httpj:tlsServerParameters&gt;
+        &lt;/httpj:engine&gt;
+    &lt;/httpj:engine-factory&gt;
+&lt;/beans&gt;
+]]></script>
 </div></div>
 
 <p>If you use JAXRSServerFactoryBean to create and start JAX-RS endpoints from the code then the above configuration can be utilized like this:</p>
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-java">
-JAXRSServerFactoryBean bean = <span class="code-keyword">new</span> JAXRSServerFactoryBean();
-SpringBusFactory bf = <span class="code-keyword">new</span> SpringBusFactory();
-Bus bus = bf.createBus(<span class="code-quote">"configuration/beans.xml"</span>);
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
+JAXRSServerFactoryBean bean = new JAXRSServerFactoryBean();
+SpringBusFactory bf = new SpringBusFactory();
+Bus bus = bf.createBus("configuration/beans.xml");
 bean.setBus(bus);
-bean.setAddress(<span class="code-quote">"http:<span class="code-comment">//localhost:9095/<span class="code-keyword">rest</span>"</span>);
-</span>bean.setServiceClass(CustomerService.class);
-</pre>
+bean.setAddress("http://localhost:9095/rest");
+bean.setServiceClass(CustomerService.class);
+]]></script>
 </div></div>
 
 <p>If you also have a jaxrs:server endpoint declared in the above beans.xml, then make sure you have a 'depends-on' attribute set:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
-&lt;jaxrs:server serviceClass=<span class="code-quote">"CustomerService.class"</span> address=<span class="code-quote">"http://localhost:9095/rest"</span>
-   depends-on=<span class="code-quote">"port-9095-tls-config"</span>/&gt;
-</pre>
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
+&lt;jaxrs:server serviceClass="CustomerService.class" address="http://localhost:9095/rest"
+   depends-on="port-9095-tls-config"/&gt;
+]]></script>
 </div></div> 
 
 <p>Once you have JAX-RS and Jetty HTTPS combined then you can get the application context initiated like this:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-java">
-<span class="code-keyword">public</span> class Server {
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
+public class Server {
 
-    <span class="code-keyword">public</span> void main(<span class="code-object">String</span>[] args) <span class="code-keyword">throws</span> Exception {
-        Bus busLocal = <span class="code-keyword">new</span> SpringBusFactory().createBus(<span class="code-quote">"configuration/beans.xml"</span>);
+    public void main(String[] args) throws Exception {
+        Bus busLocal = new SpringBusFactory().createBus("configuration/beans.xml");
         BusFactory.setDefaultBus(busLocal);
-        <span class="code-keyword">new</span> Server();
-        <span class="code-object">Thread</span>.sleep(60000);
+        new Server();
+        Thread.sleep(60000);
     }
 }
-</pre>
+]]></script>
 </div></div>
 
 <p>Having JAX-RS endpoints declared alongside CXF Jetty HTTPS configuration is only needed when an embedded Jetty container is used. If you have application WARs deployed into Tomcat or Jetty then please follow container-specific guides on how to set up SSL.</p>
@@ -219,14 +227,14 @@ bean.setAddress(<span class="code-quote"
 
 <p>The configuration file can be referenced during the proxy or WebClient creation:</p>
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-java">
-<span class="code-keyword">final</span> <span class="code-object">String</span> address = <span class="code-quote">"http:<span class="code-comment">//localhost:9095/<span class="code-keyword">rest</span>"</span>;
-</span><span class="code-keyword">final</span> <span class="code-object">String</span> configLocation;
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
+final String address = "http://localhost:9095/rest";
+final String configLocation;
 
 WebClient client = WebClient.create(address, configLocation);
-<span class="code-comment">// or
-</span>BookStore proxy = JAXRSClientFactory.create(address, configLocation, BookStore.class);
-</pre>
+// or
+BookStore proxy = JAXRSClientFactory.create(address, configLocation, BookStore.class);
+]]></script>
 </div></div>
 
 <p>HTTPConduits can also be 'bound' to proxies or WebClients using expanded QNames. Please see this <a shape="rect" href="http://cxf.apache.org/docs/jax-rs-client-api.html#JAX-RSClientAPI-ConfiguringanHTTPConduitfromSpring">section</a> for more information.</p>
@@ -238,24 +246,24 @@ WebClient client = WebClient.create(addr
 <p>It is often containers like Tomcat or frameworks like Spring Security which handle the user authentication. Sometimes you might want to do the custom authentication instead. CXF HTTP Transport adds decoded Basic Authentication credentials into an instance of AuthorizationPolicy extension and sets it on the current message. Thus the easiest way is to register a custom invoker or <tt>RequestHandler</tt> filter which will extract a user name and password like this:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-java">
-<span class="code-keyword">public</span> class AuthenticationHandler <span class="code-keyword">implements</span> RequestHandler {
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
+public class AuthenticationHandler implements RequestHandler {
 
-    <span class="code-keyword">public</span> Response handleRequest(Message m, ClassResourceInfo resourceClass) {
+    public Response handleRequest(Message m, ClassResourceInfo resourceClass) {
         AuthorizationPolicy policy = (AuthorizationPolicy)m.get(AuthorizationPolicy.class);
-        <span class="code-object">String</span> username = policy.getUserName();
-        <span class="code-object">String</span> password = policy.getPassword(); 
-        <span class="code-keyword">if</span> (isAuthenticated(username, password)) {
-            <span class="code-comment">// let request to <span class="code-keyword">continue</span>
-</span>            <span class="code-keyword">return</span> <span class="code-keyword">null</span>;
-        } <span class="code-keyword">else</span> {
-            <span class="code-comment">// authentication failed, request the authetication, add the realm name <span class="code-keyword">if</span> needed to the value of WWW-Authenticate 
-</span>            <span class="code-keyword">return</span> Response.status(401).header(<span class="code-quote">"WWW-Authenticate"</span>, <span class="code-quote">"Basic"</span>).build();
+        String username = policy.getUserName();
+        String password = policy.getPassword(); 
+        if (isAuthenticated(username, password)) {
+            // let request to continue
+            return null;
+        } else {
+            // authentication failed, request the authetication, add the realm name if needed to the value of WWW-Authenticate 
+            return Response.status(401).header("WWW-Authenticate", "Basic").build();
         }
     }
 
 }
-</pre>
+]]></script>
 </div></div> 
 
 <p>One other thing you may want to do, after authenticating a user, is to initialize org.apache.cxf.security.SecurityContext with Principals representing the user and its roles (if available).</p>
@@ -269,26 +277,26 @@ WebClient client = WebClient.create(addr
 <p>For example, see how a JAX-RS filter can be used to wrap CXF JAASLoginInterceptor:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
-<span class="code-tag">&lt;jaxrs:server address=<span class="code-quote">"/jaas"</span>&gt;</span>
-    <span class="code-tag">&lt;jaxrs:serviceBeans&gt;</span>
-        <span class="code-tag">&lt;bean class=<span class="code-quote">"org.apache.cxf.systest.jaxrs.security.SecureBookStoreNoAnnotations"</span>/&gt;</span>
-    <span class="code-tag">&lt;/jaxrs:serviceBeans&gt;</span>		   
-    <span class="code-tag">&lt;jaxrs:providers&gt;</span>
-        <span class="code-tag">&lt;ref bean=<span class="code-quote">"authenticationFilter"</span>/&gt;</span>
-    <span class="code-tag">&lt;/jaxrs:providers&gt;</span>
-<span class="code-tag">&lt;/jaxrs:server&gt;</span>
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
+&lt;jaxrs:server address="/jaas"&gt;
+    &lt;jaxrs:serviceBeans&gt;
+        &lt;bean class="org.apache.cxf.systest.jaxrs.security.SecureBookStoreNoAnnotations"/&gt;
+    &lt;/jaxrs:serviceBeans&gt;		   
+    &lt;jaxrs:providers&gt;
+        &lt;ref bean="authenticationFilter"/&gt;
+    &lt;/jaxrs:providers&gt;
+&lt;/jaxrs:server&gt;
   
-<span class="code-tag">&lt;bean id=<span class="code-quote">"authenticationFilter"</span> class=<span class="code-quote">"org.apache.cxf.jaxrs.security.JAASAuthenticationFilter"</span>&gt;</span>
-    <span class="code-tag"><span class="code-comment">&lt;!-- Name of the JAAS Context --&gt;</span></span>
-    <span class="code-tag">&lt;property name=<span class="code-quote">"contextName"</span> value=<span class="code-quote">"BookLogin"</span>/&gt;</span>
+&lt;bean id="authenticationFilter" class="org.apache.cxf.jaxrs.security.JAASAuthenticationFilter"&gt;
+    &lt;!-- Name of the JAAS Context --&gt;
+    &lt;property name="contextName" value="BookLogin"/&gt;
     &lt;!-- Hint to the filter on how to have Principals representing users and roles separated 
          while initializing a SecurityContext --&gt;
-    <span class="code-tag">&lt;property name=<span class="code-quote">"rolePrefix"</span> value=<span class="code-quote">"ROLE_"</span>/&gt;</span>
+    &lt;property name="rolePrefix" value="ROLE_"/&gt;
         
-    <span class="code-tag">&lt;property name=<span class="code-quote">"redirectURI"</span> value=<span class="code-quote">"/login.jsp"</span>/&gt;</span>
-<span class="code-tag">&lt;/bean&gt;</span>
-</pre>
+    &lt;property name="redirectURI" value="/login.jsp"/&gt;
+&lt;/bean&gt;
+]]></script>
 </div></div>
 
 <p>The filter will redirect the client to "/login.jsp" if the authentication fails. If no 'redirectURI' property is set then 401 will be returned. A "realmName" property can also be set. </p>
@@ -303,25 +311,25 @@ WebClient client = WebClient.create(addr
 CXF JAX-RS SimpleAuthorizingFilter can be used to wrap those interceptors and return 403 in case of failures:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
-<span class="code-tag">&lt;jaxrs:server address=<span class="code-quote">"/jaas"</span>&gt;</span>
-    <span class="code-tag">&lt;jaxrs:serviceBeans&gt;</span>
-        <span class="code-tag">&lt;bean class=<span class="code-quote">"org.apache.cxf.systest.jaxrs.security.SecureBookStoreNoAnnotations"</span>/&gt;</span>
-    <span class="code-tag">&lt;/jaxrs:serviceBeans&gt;</span>		   
-    <span class="code-tag">&lt;jaxrs:providers&gt;</span>
-        <span class="code-tag">&lt;ref bean=<span class="code-quote">"authorizationFilter"</span>/&gt;</span>
-    <span class="code-tag">&lt;/jaxrs:providers&gt;</span>
-<span class="code-tag">&lt;/jaxrs:server&gt;</span>
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
+&lt;jaxrs:server address="/jaas"&gt;
+    &lt;jaxrs:serviceBeans&gt;
+        &lt;bean class="org.apache.cxf.systest.jaxrs.security.SecureBookStoreNoAnnotations"/&gt;
+    &lt;/jaxrs:serviceBeans&gt;		   
+    &lt;jaxrs:providers&gt;
+        &lt;ref bean="authorizationFilter"/&gt;
+    &lt;/jaxrs:providers&gt;
+&lt;/jaxrs:server&gt;
  
-<span class="code-tag">&lt;bean id=<span class="code-quote">"authorizationFilter"</span> class=<span class="code-quote">"org.apache.cxf.jaxrs.security.SimpleAuthorizingFilter"</span>&gt;</span>
-    <span class="code-tag">&lt;property name=<span class="code-quote">"methodRolesMap"</span> ref=<span class="code-quote">"rolesMap"</span>/&gt;</span>
-<span class="code-tag">&lt;/bean&gt;</span>
+&lt;bean id="authorizationFilter" class="org.apache.cxf.jaxrs.security.SimpleAuthorizingFilter"&gt;
+    &lt;property name="methodRolesMap" ref="rolesMap"/&gt;
+&lt;/bean&gt;
   
-<span class="code-tag">&lt;util:map id=<span class="code-quote">"rolesMap"</span>&gt;</span>
-    <span class="code-tag">&lt;entry key=<span class="code-quote">"getThatBook"</span> value=<span class="code-quote">"ROLE_BOOK_OWNER"</span>/&gt;</span>
-    <span class="code-tag">&lt;entry key=<span class="code-quote">"getBook"</span> value=<span class="code-quote">"ROLE_BOOK_OWNER"</span>/&gt;</span>
-<span class="code-tag">&lt;/util:map&gt;</span>
-</pre>
+&lt;util:map id="rolesMap"&gt;
+    &lt;entry key="getThatBook" value="ROLE_BOOK_OWNER"/&gt;
+    &lt;entry key="getBook" value="ROLE_BOOK_OWNER"/&gt;
+&lt;/util:map&gt;
+]]></script>
 </div></div>
 
 <p>SimpleAuthorizingFilter can also wrap CXF SecureAnnotationsInterceptor.</p>
@@ -337,68 +345,68 @@ CXF JAX-RS SimpleAuthorizingFilter can b
 <p>Validating Basic Authentication credentials with STS is possible starting from CXF 2.4.1. JAX-RS and JAX-WS services can rely on this feature. Here is an example on how a jaxrs endpoint can be configured:</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
-&lt;jaxrs:server serviceClass=<span class="code-quote">"org.customers.CustomerService"</span>
-    depends-on=<span class="code-quote">"ClientAuthHttpsSettings"</span>
-    address=<span class="code-quote">"https://localhost:8081/rest"</span>&gt;
-
-    <span class="code-tag">&lt;jaxrs:inInterceptors&gt;</span>
-        <span class="code-tag">&lt;ref bean=<span class="code-quote">"basicAuthValidator"</span>/&gt;</span>
-    <span class="code-tag">&lt;/jaxrs:inInterceptors&gt;</span>
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
+&lt;jaxrs:server serviceClass="org.customers.CustomerService"
+    depends-on="ClientAuthHttpsSettings"
+    address="https://localhost:8081/rest"&gt;
+
+    &lt;jaxrs:inInterceptors&gt;
+        &lt;ref bean="basicAuthValidator"/&gt;
+    &lt;/jaxrs:inInterceptors&gt;
   
-    <span class="code-tag">&lt;jaxrs:properties&gt;</span>
-         <span class="code-tag">&lt;entry key=<span class="code-quote">"ws-security.sts.client"</span>&gt;</span>
-            <span class="code-tag">&lt;ref bean=<span class="code-quote">"stsclient"</span>/&gt;</span>
-         <span class="code-tag">&lt;/entry&gt;</span>
-    <span class="code-tag">&lt;/jaxrs:properties&gt;</span>
+    &lt;jaxrs:properties&gt;
+         &lt;entry key="ws-security.sts.client"&gt;
+            &lt;ref bean="stsclient"/&gt;
+         &lt;/entry&gt;
+    &lt;/jaxrs:properties&gt;
 
-<span class="code-tag">&lt;/jaxrs:server&gt;</span>
+&lt;/jaxrs:server&gt;
    
-<span class="code-tag">&lt;bean id=<span class="code-quote">"basicAuthValidator"</span> class=<span class="code-quote">"org.apache.cxf.ws.security.trust.AuthPolicyValidatingInterceptor"</span>&gt;</span>
-   <span class="code-tag">&lt;property name=<span class="code-quote">"validator"</span>&gt;</span>
-        <span class="code-tag">&lt;bean class=<span class="code-quote">"org.apache.cxf.ws.security.trust.STSTokenValidator"</span>&gt;</span>
-             <span class="code-tag">&lt;constructor-arg value=<span class="code-quote">"true"</span>/&gt;</span>
-        <span class="code-tag">&lt;/bean&gt;</span>
-   <span class="code-tag">&lt;/property&gt;</span>
-<span class="code-tag">&lt;/bean&gt;</span>
-
-<span class="code-tag">&lt;bean id=<span class="code-quote">"stsclient"</span> class=<span class="code-quote">"org.apache.cxf.ws.security.trust.STSClient"</span>&gt;</span>
-    <span class="code-tag">&lt;constructor-arg ref=<span class="code-quote">"cxf"</span>/&gt;</span>
-    <span class="code-tag">&lt;property name=<span class="code-quote">"wsdlLocation"</span> value=<span class="code-quote">"https://localhost:8083/sts?wsdl"</span>/&gt;</span>
-    <span class="code-tag">&lt;property name=<span class="code-quote">"serviceName"</span> value=<span class="code-quote">"{http://tempuri.org/}STSService"</span>/&gt;</span>
-    <span class="code-tag">&lt;property name=<span class="code-quote">"endpointName"</span> value=<span class="code-quote">"{http://tempuri.org/STSServicePort"</span>/&gt;</span>
-<span class="code-tag">&lt;/bean&gt;</span> 
-
-<span class="code-tag"><span class="code-comment">&lt;!-- jaxrs:server depends on this SSL configuration --&gt;</span></span>
-<span class="code-tag">&lt;httpj:engine-factory id=<span class="code-quote">"ClientAuthHttpsSettings"</span> bus=<span class="code-quote">"cxf"</span>&gt;</span>
-  <span class="code-tag">&lt;httpj:engine port=<span class="code-quote">"8081"</span>&gt;</span>
-    <span class="code-tag">&lt;httpj:tlsServerParameters&gt;</span>
-      <span class="code-tag">&lt;sec:keyManagers keyPassword=<span class="code-quote">"skpass"</span>&gt;</span>
-        <span class="code-tag">&lt;sec:keyStore type=<span class="code-quote">"jks"</span> password=<span class="code-quote">"sspass"</span> resource=<span class="code-quote">"servicestore.jks"</span>/&gt;</span>
-      <span class="code-tag">&lt;/sec:keyManagers&gt;</span>
-      <span class="code-tag">&lt;sec:cipherSuitesFilter&gt;</span>
-        <span class="code-tag">&lt;sec:include&gt;</span>.*_EXPORT_.*<span class="code-tag">&lt;/sec:include&gt;</span>
-        <span class="code-tag">&lt;sec:include&gt;</span>.*_EXPORT1024_.*<span class="code-tag">&lt;/sec:include&gt;</span>
-        <span class="code-tag">&lt;sec:include&gt;</span>.*_WITH_DES_.*<span class="code-tag">&lt;/sec:include&gt;</span>
-        <span class="code-tag">&lt;sec:include&gt;</span>.*_WITH_NULL_.*<span class="code-tag">&lt;/sec:include&gt;</span>
-        <span class="code-tag">&lt;sec:exclude&gt;</span>.*_DH_anon_.*<span class="code-tag">&lt;/sec:exclude&gt;</span>
-        <span class="code-tag">&lt;/sec:cipherSuitesFilter&gt;</span>
-      <span class="code-tag">&lt;sec:clientAuthentication want=<span class="code-quote">"false"</span> required=<span class="code-quote">"false"</span>/&gt;</span>
-   <span class="code-tag">&lt;/httpj:tlsServerParameters&gt;</span>
-<span class="code-tag">&lt;/httpj:engine&gt;</span>
+&lt;bean id="basicAuthValidator" class="org.apache.cxf.ws.security.trust.AuthPolicyValidatingInterceptor"&gt;
+   &lt;property name="validator"&gt;
+        &lt;bean class="org.apache.cxf.ws.security.trust.STSTokenValidator"&gt;
+             &lt;constructor-arg value="true"/&gt;
+        &lt;/bean&gt;
+   &lt;/property&gt;
+&lt;/bean&gt;
+
+&lt;bean id="stsclient" class="org.apache.cxf.ws.security.trust.STSClient"&gt;
+    &lt;constructor-arg ref="cxf"/&gt;
+    &lt;property name="wsdlLocation" value="https://localhost:8083/sts?wsdl"/&gt;
+    &lt;property name="serviceName" value="{http://tempuri.org/}STSService"/&gt;
+    &lt;property name="endpointName" value="{http://tempuri.org/STSServicePort"/&gt;
+&lt;/bean&gt; 
+
+&lt;!-- jaxrs:server depends on this SSL configuration --&gt;
+&lt;httpj:engine-factory id="ClientAuthHttpsSettings" bus="cxf"&gt;
+  &lt;httpj:engine port="8081"&gt;
+    &lt;httpj:tlsServerParameters&gt;
+      &lt;sec:keyManagers keyPassword="skpass"&gt;
+        &lt;sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/&gt;
+      &lt;/sec:keyManagers&gt;
+      &lt;sec:cipherSuitesFilter&gt;
+        &lt;sec:include&gt;.*_EXPORT_.*&lt;/sec:include&gt;
+        &lt;sec:include&gt;.*_EXPORT1024_.*&lt;/sec:include&gt;
+        &lt;sec:include&gt;.*_WITH_DES_.*&lt;/sec:include&gt;
+        &lt;sec:include&gt;.*_WITH_NULL_.*&lt;/sec:include&gt;
+        &lt;sec:exclude&gt;.*_DH_anon_.*&lt;/sec:exclude&gt;
+        &lt;/sec:cipherSuitesFilter&gt;
+      &lt;sec:clientAuthentication want="false" required="false"/&gt;
+   &lt;/httpj:tlsServerParameters&gt;
+&lt;/httpj:engine&gt;
   
-<span class="code-tag"><span class="code-comment">&lt;!-- STSClient depends on this SSL configuration --&gt;</span></span>
-<span class="code-tag">&lt;http:conduit name=<span class="code-quote">"https://localhost:8083/.*"</span>&gt;</span>
-  <span class="code-tag">&lt;http:tlsClientParameters disableCNCheck=<span class="code-quote">"true"</span>&gt;</span>
-    <span class="code-tag">&lt;sec:trustManagers&gt;</span>
-      <span class="code-tag">&lt;sec:keyStore type=<span class="code-quote">"jks"</span> password=<span class="code-quote">"sspass"</span> resource=<span class="code-quote">"servicestore.jks"</span>/&gt;</span>
-    <span class="code-tag">&lt;/sec:trustManagers&gt;</span>
-    <span class="code-tag">&lt;sec:keyManagers keyPassword=<span class="code-quote">"skpass"</span>&gt;</span>
-       <span class="code-tag">&lt;sec:keyStore type=<span class="code-quote">"jks"</span> password=<span class="code-quote">"sspass"</span> resource=<span class="code-quote">"servicestore.jks"</span>/&gt;</span>
-    <span class="code-tag">&lt;/sec:keyManagers&gt;</span>
-  <span class="code-tag">&lt;/http:tlsClientParameters&gt;</span>
-<span class="code-tag">&lt;/http:conduit&gt;</span>
-</pre>
+&lt;!-- STSClient depends on this SSL configuration --&gt;
+&lt;http:conduit name="https://localhost:8083/.*"&gt;
+  &lt;http:tlsClientParameters disableCNCheck="true"&gt;
+    &lt;sec:trustManagers&gt;
+      &lt;sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/&gt;
+    &lt;/sec:trustManagers&gt;
+    &lt;sec:keyManagers keyPassword="skpass"&gt;
+       &lt;sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/&gt;
+    &lt;/sec:keyManagers&gt;
+  &lt;/http:tlsClientParameters&gt;
+&lt;/http:conduit&gt;
+]]></script>
 </div></div>
 
 <p>AuthPolicyValidatingInterceptor converts Basic Auth info into WSS4J UsernameToken and delegates to STS to validate.</p>
@@ -412,11 +420,11 @@ CXF JAX-RS SimpleAuthorizingFilter can b
 <p>If <tt>java.lang.SecurityManager</tt> is installed then you'll likely need to configure the trusted JAX-RS codebase with a 'suppressAccessChecks' permission for the injection of JAXRS context or parameter fields to succeed. For example, you may want to update a Tomcat <a shape="rect" class="external-link" href="http://tomcat.apache.org/tomcat-5.5-doc/security-manager-howto.html">catalina.policy</a> with the following permission :</p>
 
 <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-java">
-grant codeBase <span class="code-quote">"file:${catalina.home}/webapps/yourwebapp/lib/cxf.jar"</span> {
-    permission java.lang.reflect.ReflectPermission <span class="code-quote">"suppressAccessChecks"</span>;
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
+grant codeBase "file:${catalina.home}/webapps/yourwebapp/lib/cxf.jar" {
+    permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
 };
-</pre>
+]]></script>
 </div></div>
 
 <h1><a shape="rect" name="SecureJAX-RSServices-AdvancedSecurity"></a>Advanced Security</h1>