You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2019/11/01 14:32:35 UTC

[ws-wss4j] 02/02: Updating website

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git

commit 68285b9dac84ac5cfce5e7dbe0d3dec2a15bbf44
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Fri Nov 1 14:32:06 2019 +0000

    Updating website
---
 src/site/asciidoc/config.adoc  |  8 ++++----
 src/site/asciidoc/topics.adoc  | 18 +++++++++---------
 src/site/asciidoc/using.adoc   | 12 ++++++------
 src/site/asciidoc/wss4j20.adoc |  2 +-
 src/site/asciidoc/wss4j21.adoc |  4 ++--
 5 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/src/site/asciidoc/config.adoc b/src/site/asciidoc/config.adoc
index c4bd776..8b7b19c 100644
--- a/src/site/asciidoc/config.adoc
+++ b/src/site/asciidoc/config.adoc
@@ -28,13 +28,13 @@ Apache WSS4J uses the Crypto interface to get keys and certificates for
 encryption/decryption and for signature creation/verification. WSS4J ships
 with three implementations:
 
- * http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java?view=markup[
+ * https://github.com/apache/ws-wss4j/tree/master/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java?view=markup[
 Merlin]: The standard implementation, based around two JDK keystores for
 key/cert retrieval, and trust verification.
- * http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CertificateStore.java?view=markup[
+ * https://github.com/apache/ws-wss4j/tree/master/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CertificateStore.java?view=markup[
 CertificateStore]: Holds an array of X509 Certificates. Can only be used
 for encryption and signature verification.
- * http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/MerlinDevice.java?view=markup[
+ * https://github.com/apache/ws-wss4j/tree/master/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/MerlinDevice.java?view=markup[
 MerlinDevice]: Based on Merlin, allows loading of keystores using a null
 InputStream - for example on a smart-card device.
 
@@ -102,7 +102,7 @@ be signed.
 Apache WSS4J provides a set of configuration tags that can be used to configure
 both the DOM-based and StAX-based (WSS4J 2.0.0 onwards) outbound and inbound
 processing. As both DOM and StAX code are very similar, both approaches share
-a set of common configuration tags given in http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java?view=markup[ConfigurationConstants]. Note
+a set of common configuration tags given in https://github.com/apache/ws-wss4j/tree/master/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java?view=markup[ConfigurationConstants]. Note
 that the WSS4J 1.6.x configuration class (WSHandlerConstants) extends this
 class in WSS4J 2.0.0, so there is no need to change any configuration code
 when upgrading.
diff --git a/src/site/asciidoc/topics.adoc b/src/site/asciidoc/topics.adoc
index 22b3087..7e789a5 100644
--- a/src/site/asciidoc/topics.adoc
+++ b/src/site/asciidoc/topics.adoc
@@ -25,11 +25,11 @@ This section discusses various topics regarding usage of WSS4J.  See the link:us
 
 WSS4J uses the Crypto interface to provide a pluggable way of retrieving and converting certificates, verifying trust on certificates etc. Three implementations are provided out of the box by WSS4J:
 
- * http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java?view=markup[Merlin]: The standard implementation, based around two JDK keystores for key/cert retrieval, and trust verification.
- * http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CertificateStore.java?view=markup[CertificateStore]: Holds an array of X509 Certificates. Can only be used for encryption and signature verification.
- * http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/MerlinDevice.java?view=markup[MerlinDevice]: Based on Merlin, allows loading of keystores using a null InputStream - for example on a smart-card device.
+ * https://github.com/apache/ws-wss4j/tree/master/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java?view=markup[Merlin]: The standard implementation, based around two JDK keystores for key/cert retrieval, and trust verification.
+ * https://github.com/apache/ws-wss4j/tree/master/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CertificateStore.java?view=markup[CertificateStore]: Holds an array of X509 Certificates. Can only be used for encryption and signature verification.
+ * https://github.com/apache/ws-wss4j/tree/master/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/MerlinDevice.java?view=markup[MerlinDevice]: Based on Merlin, allows loading of keystores using a null InputStream - for example on a smart-card device.
 
-Typically, a Crypto implementation is loaded and configured via a Crypto properties file. This tells WSS4J what Crypto implementation to load, as well as implementation-specific properties such as a keystore location, password, default alias to use, etc. A typical example of the contents of a Crypto properties file for Signature creation is as http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/resources/wss40.properties?view=markup[follows]:
+Typically, a Crypto implementation is loaded and configured via a Crypto properties file. This tells WSS4J what Crypto implementation to load, as well as implementation-specific properties such as a keystore location, password, default alias to use, etc. A typical example of the contents of a Crypto properties file for Signature creation is as https://github.com/apache/ws-wss4j/tree/master/ws-security-dom/src/test/resources/wss40.properties?view=markup[follows]:
 
  * org.apache.wss4j.crypto.provider=org.apache.wss4j.common.crypto.Merlin
  * org.apache.wss4j.crypto.merlin.keystore.type=jks
@@ -94,7 +94,7 @@ The DOM element(s) that is(are) found are stored for retrieval, so that we don't
 
 === WSPasswordCallback identifiers
 
-The http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ext/WSPasswordCallback.java?view=markup[WSPasswordCallback class] defines a set of integers which correspond to usage instructions for the CallbackHandler.  In WSS4J 1.6, the following WSPasswordCallback identifiers are used:
+The hhttps://github.com/apache/ws-wss4j/tree/master/ws-security-common/src/main/java/org/apache/wss4j/common/ext/WSPasswordCallback.java?view=markup[WSPasswordCallback class] defines a set of integers which correspond to usage instructions for the CallbackHandler.  In WSS4J 1.6, the following WSPasswordCallback identifiers are used:
 
  * WSPasswordCallback.DECRYPT - DECRYPT usage is used when the calling code needs a password to get the private key of this identifier (alias) from a keystore. This is only used for the inbound case of decrypting a session (symmetric) key, and not for the case of getting a private key to sign the message. The CallbackHandler must set the password via the setPassword(String) method.
  * WSPasswordCallback.USERNAME_TOKEN - USERNAME_TOKEN usage is used to obtain a password for either creating a Username Token (whether plaintext or digest), or for validating it. It is also used for the case of deriving a key from a Username Token. The CallbackHandler must set the password via the setPassword(String) method.
@@ -128,7 +128,7 @@ Several patches were submitted to http://issues.apache.org/jira/browse/WSS-146[W
  * This extensibility is achieved by letting the user implement a CallbackHandler instance.
  * The SAMLTokenProcessor can now process any type of assertion, verify an enveloped signature on it, and verify trust on the signature. It also verifies some holder-of-key requirements, e.g. that the Subject contains a KeyInfo element, and that the assertion is signed and trusted etc.
 
-WSS4J 1.6 contains an http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/[extensive set of tests] for both creating and processing different type of assertions. To illustrate the flexibility and simplicity of the CallbackHandler approach for constructing assertions, take a look at an abstract CallbackHandler http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLC [...]
+WSS4J 1.6 contains an https://github.com/apache/ws-wss4j/tree/master/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/[extensive set of tests] for both creating and processing different type of assertions. To illustrate the flexibility and simplicity of the CallbackHandler approach for constructing assertions, take a look at an abstract CallbackHandler https://github.com/apache/ws-wss4j/tree/master/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandl [...]
 
 Opensaml2 has a very large set of dependencies, but through some judicious pom exclusions, as well replacing the Opensaml DefaultBootstrap code to avoid loading velocity, the following dependencies are introduced in WSS4J via Opensaml (snippet from mvn dependency):
 
@@ -155,13 +155,13 @@ WSS4J 1.6 has a minimum requirement of JDK 1.5 (note that WSS4J 1.5.x supports J
 
 The Apache Santuario XML Security jar is still required for the JDK 1.6 case, as there are compile-time dependencies in WSS4J for encryption/decryption, as well as for some algorithm parsing, and resource resolver stuff. One downside to the Santuario jar, is its dependence on Xalan for a small subset of operations. This dependency is https://issues.apache.org/jira/browse/SANTUARIO-252[removed] for the 1.5 release of that library.
 
-It is worth noting some changes to the main http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java?view=markup[class] used in WSS4J for signature creation as a result of the JSR-105 port. In WSS4J 1.5.x, after the signature certs and list of references to sign had been configured, the "computeSignature" method was called to compute the signature. The DOM element corresponding to the signature was independent of  [...]
+It is worth noting some changes to the main https://github.com/apache/ws-wss4j/tree/master/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java?view=markup[class] used in WSS4J for signature creation as a result of the JSR-105 port. In WSS4J 1.5.x, after the signature certs and list of references to sign had been configured, the "computeSignature" method was called to compute the signature. The DOM element corresponding to the signature was independent of the pr [...]
 
 In WSS4J 1.6, you must tell "computeSignature" where to insert the signature element. A boolean "prepend" argument allows you to configure whether to prepend the generated Signature element to the security header, or whether to append it. If prepend is true, then an optional siblingElement argument can be used to prepend the signature element before this sibling element. Once computeSignature has been called, you have no control over where the signature element is inserted into the secur [...]
 
 === Basic Security Profile 1.1 compliance
 
-The Basic Security Profile (BSP) 1.1 http://www.ws-i.org/Profiles/BasicSecurityProfile-1.1.html[specification] provides an industry-standard way of making sure that different WS-Security stacks can communicate with each other, by clarifying and narrowing the scope of the various WS-Security standards. WSS4J 1.5.x does not implement the BSP in any meaningful way. The http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSSConfig.java?view=markup[W [...]
+The Basic Security Profile (BSP) 1.1 http://www.ws-i.org/Profiles/BasicSecurityProfile-1.1.html[specification] provides an industry-standard way of making sure that different WS-Security stacks can communicate with each other, by clarifying and narrowing the scope of the various WS-Security standards. WSS4J 1.5.x does not implement the BSP in any meaningful way. The https://github.com/apache/ws-wss4j/tree/1_5_x-fixes/src/org/apache/ws/security/WSSConfig.java?view=markup[WSSConfig] class  [...]
 
-WSS4J 1.6 provides https://issues.apache.org/jira/browse/WSS-256[support] for the BSP 1.1 specification, in so far as it pertains to the core WS-Security specifications that WSS4J supports. The enforcing of BSP compliance for inbound messages is controlled by the WSSConfig class, as per WSS4J 1.5.x. An important change is that BSP compliance is now turned *on* by default. In addition, a new http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4 [...]
+WSS4J 1.6 provides https://issues.apache.org/jira/browse/WSS-256[support] for the BSP 1.1 specification, in so far as it pertains to the core WS-Security specifications that WSS4J supports. The enforcing of BSP compliance for inbound messages is controlled by the WSSConfig class, as per WSS4J 1.5.x. An important change is that BSP compliance is now turned *on* by default. In addition, a new https://github.com/apache/ws-wss4j/tree/master/ws-security-dom/src/main/java/org/apache/wss4j/dom/ [...]
 
diff --git a/src/site/asciidoc/using.adoc b/src/site/asciidoc/using.adoc
index 6470f69..762382c 100644
--- a/src/site/asciidoc/using.adoc
+++ b/src/site/asciidoc/using.adoc
@@ -40,7 +40,7 @@ outbound SOAP request, by parsing configuration that is supplied to it via
 a subclass. Typically a web services stack that uses WSS4J for WS-Security
 will subclass WSHandler. An example of a subclass is the
 http://cxf.apache.org/docs/ws-security.html[WSS4JOutInterceptor]
-in Apache CXF. The configuration tags are defined in the http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java?view=markup[ConfigurationConstants] class (WSHandlerConstants in WSS4J 1.6.x). For a more detailed explanation
+in Apache CXF. The configuration tags are defined in the https://github.com/apache/ws-wss4j/tree/master/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java?view=markup[ConfigurationConstants] class (WSHandlerConstants in WSS4J 1.6.x). For a more detailed explanation
 of the configuration tags, please refer to the link:config.html[configuration] page. The next few paragraphs will
 describe the most fundamental configuration tags that are used in most
 cases.
@@ -137,11 +137,11 @@ WS-SecurityPolicy based approaches. This functionality is only available for
 the DOM code. The best way of finding out how to do this is to take a look at
 the test sources. For example: 
 
- * http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/UsernameTokenTest.java?view=markup[Username Token Test]
- * http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionTest.java?view=markup[Encryption Test]
- * http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureTest.java?view=markup[Signature Test]
- * http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/TimestampTest.java?view=markup[Timestamp Test]
- * http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java?view=markup[SAML Token Test]
+ * https://github.com/apache/ws-wss4j/tree/master/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/UsernameTokenTest.java?view=markup[Username Token Test]
+ * https://github.com/apache/ws-wss4j/tree/master/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/EncryptionTest.java?view=markup[Encryption Test]
+ * https://github.com/apache/ws-wss4j/tree/master/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureTest.java?view=markup[Signature Test]
+ * https://github.com/apache/ws-wss4j/tree/master/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/TimestampTest.java?view=markup[Timestamp Test]
+ * https://github.com/apache/ws-wss4j/tree/master/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java?view=markup[SAML Token Test]
 
 === SOAP Stacks
 
diff --git a/src/site/asciidoc/wss4j20.adoc b/src/site/asciidoc/wss4j20.adoc
index b6c7bb7..ef8f819 100644
--- a/src/site/asciidoc/wss4j20.adoc
+++ b/src/site/asciidoc/wss4j20.adoc
@@ -110,7 +110,7 @@ can be set to sign the Assertion:
 In WSS4J 1.6.x, configuration tags were configured in the WSHandlerConstants
 class. In WSS4J 2.0.0, both the DOM and StAX-based code largely share the 
 same configuration options, and so the configuration tags are defined in
-http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java?view=markup[ConfigurationConstants]. Note that the WSS4J 1.6.x configuration class
+https://github.com/apache/ws-wss4j/tree/master/ws-security-common/src/main/java/org/apache/wss4j/common/ConfigurationConstants.java?view=markup[ConfigurationConstants]. Note that the WSS4J 1.6.x configuration class
 (WSHandlerConstants) extends this class in WSS4J 2.0.0, so there is no need to
 change any configuration code when upgrading.
 
diff --git a/src/site/asciidoc/wss4j21.adoc b/src/site/asciidoc/wss4j21.adoc
index d59335f..b693c81 100644
--- a/src/site/asciidoc/wss4j21.adoc
+++ b/src/site/asciidoc/wss4j21.adoc
@@ -37,8 +37,8 @@ used to create SAML Assertions in WSS4J, code changes will be required.
 
 The most common OpenSAML dependency is to include a "SAMLVersion" to tell
 the SAMLCallback whether to create a SAML 2.0 or 1.1 Assertion. WSS4J 2.1
-provides an alternative way of specifying the SAML Version, via a https://svn.apache.org/repos/asf/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/Version.java[Version] bean. See
-https://svn.apache.org/repos/asf/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAML2CallbackHandler.java[here] for an example.
+provides an alternative way of specifying the SAML Version, via a https://github.com/apache/ws-wss4j/tree/master/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/Version.java[Version] bean. See
+https://github.com/apache/ws-wss4j/tree/master/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAML2CallbackHandler.java[here] for an example.
 
 ==== Custom processor changes