You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2014/02/05 18:14:20 UTC
svn commit: r1564837 - in /webservices/wss4j/site/src/site/xdoc: config.xml
topics.xml
Author: coheigea
Date: Wed Feb 5 17:14:19 2014
New Revision: 1564837
URL: http://svn.apache.org/r1564837
Log:
More work on updating the website
Modified:
webservices/wss4j/site/src/site/xdoc/config.xml
webservices/wss4j/site/src/site/xdoc/topics.xml
Modified: webservices/wss4j/site/src/site/xdoc/config.xml
URL: http://svn.apache.org/viewvc/webservices/wss4j/site/src/site/xdoc/config.xml?rev=1564837&r1=1564836&r2=1564837&view=diff
==============================================================================
--- webservices/wss4j/site/src/site/xdoc/config.xml (original)
+++ webservices/wss4j/site/src/site/xdoc/config.xml Wed Feb 5 17:14:19 2014
@@ -35,14 +35,6 @@ General properties:
"org.apache.wss4j.common.crypto.Merlin".</td>
</tr>
<tr>
-<td>${PREFIX}.merlin.keystore.provider</td>
-<td>The provider used to load keystores. Defaults to installed provider.</td>
-</tr>
-<tr>
-<td>${PREFIX}.merlin.cert.provider</td>
-<td>The provider used to load certificates. Defaults to keystore provider.</td>
-</tr>
-<tr>
<td>${PREFIX}.merlin.x509crl.file</td>
<td>The location of an (X509) CRL file to use.</td>
</tr>
@@ -56,6 +48,14 @@ Keystore properties:
<th>Property value</th>
</tr>
<tr>
+<td>${PREFIX}.merlin.keystore.provider</td>
+<td>The provider used to load keystores. Defaults to installed provider.</td>
+</tr>
+<tr>
+<td>${PREFIX}.merlin.cert.provider</td>
+<td>The provider used to load certificates. Defaults to keystore provider.</td>
+</tr>
+<tr>
<td>${PREFIX}.merlin.keystore.file</td>
<td>The location of the keystore</td>
</tr>
@@ -177,6 +177,11 @@ The configuration tags for WSHandler Act
<td>Do not perform any action, do nothing.</td>
</tr>
<tr>
+<td><b>WSS4J 2.0.0</b> USERNAME_TOKEN_SIGNATURE</td>
+<td>UsernameTokenSignature</td>
+<td>Perform a UsernameTokenSignature action.</td>
+</tr>
+<tr>
<td>USERNAME_TOKEN</td>
<td>UsernameToken</td>
<td>Perform a UsernameToken action.</td>
@@ -212,9 +217,34 @@ The configuration tags for WSHandler Act
<td>Perform a Timestamp action.</td>
</tr>
<tr>
-<td>SIGN_WITH_UT_KEY</td>
-<td>UsernameTokenSignature</td>
-<td>Perform a .NET specific signature using a Username Token action.</td>
+<td><b>WSS4J 2.0.0</b> SIGNATURE_DERIVED</td>
+<td>SignatureDerived</td>
+<td>Perform a Signature action with derived keys. Only for StAX code.</td>
+</tr>
+<tr>
+<td><b>WSS4J 2.0.0</b> ENCRYPT_DERIVED</td>
+<td>EncryptDerived</td>
+<td>Perform a Encryption action with derived keys. Only for StAX code.</td>
+</tr>
+<tr>
+<td><b>WSS4J 2.0.0</b> SIGNATURE_WITH_KERBEROS_TOKEN</td>
+<td>SignatureWithKerberosToken</td>
+<td>Perform a Signature action with a kerberos token. Only for StAX code.</td>
+</tr>
+<tr>
+<td><b>WSS4J 2.0.0</b> ENCRYPT_WITH_KERBEROS_TOKEN</td>
+<td>EncryptWithKerberosToken</td>
+<td>Perform a Encryption action with a kerberos token. Only for StAX code.</td>
+</tr>
+<tr>
+<td><b>WSS4J 2.0.0</b> KERBEROS_TOKEN</td>
+<td>KerberosToken</td>
+<td>Add a kerberos token.</td>
+</tr>
+<tr>
+<td><b>WSS4J 2.0.0</b> CUSTOM_TOKEN</td>
+<td>CustomToken</td>
+<td>Add a "Custom" token from a CallbackHandler</td>
</tr>
</table>
<p>
@@ -306,6 +336,18 @@ object for Signature.
</td>
</tr>
<tr>
+<td><b>WSS4J 2.0.0</b> SIG_VER_PROP_FILE</td>
+<td>signatureVerificationPropFile</td>
+<td>The path of the crypto property file to use for Signature verification.</td>
+</tr>
+<tr>
+<td><b>WSS4J 2.0.0</b> SIG_VER_PROP_REF_ID</td>
+<td>signatureVerificationPropRefId</td>
+<td>The String ID that is used to store a reference to the Crypto object or the Crypto Properties
+object for Signature verification.
+</td>
+</tr>
+<tr>
<td>DEC_PROP_FILE</td>
<td>decryptionPropFile</td>
<td>The path of the crypto property file to use for Decryption.</td>
@@ -359,14 +401,29 @@ The configuration tags for WSHandler pro
<td>Whether or not to ensure compliance with the BSP 1.1 spec. Default is "true".</td>
</tr>
<tr>
+<td><b>WSS4J 2.0.0</b> ADD_INCLUSIVE_PREFIXES</td>
+<td>addInclusivePrefixes</td>
+<td> Whether to add an InclusiveNamespaces PrefixList as a CanonicalizationMethod child when generating Signatures using WSConstants.C14N_EXCL_OMIT_COMMENTS. Default is "true".</td>
+</tr>
+<tr>
+<td><b>WSS4J 2.0.0</b> ADD_USERNAMETOKEN_NONCE</td>
+<td>addUsernameTokenNonce</td>
+<td>Whether to add a Nonce Element to a UsernameToken (for plaintext). Default is "false"</td>
+</tr>
+<tr>
+<td><b>WSS4J 2.0.0</b> ADD_USERNAMETOKEN_CREATED</td>
+<td>addUsernameTokenCreated</td>
+<td>Whether to add a Created Element to a UsernameToken (for plaintext). Default is "false"</td>
+</tr>
+<tr>
<td>HANDLE_CUSTOM_PASSWORD_TYPES</td>
<td>handleCustomPasswordTypes</td>
<td>Whether to allow non-standard password types in a UsernameToken. Default is "false".</td>
</tr>
<tr>
-<td>PASSWORD_TYPE_STRICT</td>
-<td>passwordTypeStrict</td>
-<td>Whether to enable strict Username Token password type handling. Default is "false".</td>
+<td><b>WSS4J 2.0.0</b> ALLOW_USERNAMETOKEN_NOPASSWORD</td>
+<td>allowUsernameTokenNoPassword</td>
+<td>Whether a UsernameToken with no password element is allowed. Default is "false".</td>
</tr>
<tr>
<td>REQUIRE_SIGNED_ENCRYPTED_DATA_ELEMENTS</td>
@@ -398,11 +455,6 @@ certificate. Default is "false".</td>
BinarySecurityToken. Default is "true".</td>
</tr>
<tr>
-<td>USE_DERIVED_KEY</td>
-<td>useDerivedKey</td>
-<td>Whether to use the standard UsernameToken Key Derivation algorithm. Default is "true".</td>
-</tr>
-<tr>
<td>USE_DERIVED_KEY_FOR_MAC</td>
<td>useDerivedKeyForMAC</td>
<td>Whether to use the Username Token derived key for a MAC. Default is "true".</td>
@@ -422,6 +474,41 @@ BinarySecurityToken. Default is "true".<
<td>encryptSymmetricEncryptionKey</td>
<td>Set whether to encrypt the symmetric encryption key or not. Default is "true".</td>
</tr>
+<tr>
+<td>ALLOW_RSA15_KEY_TRANSPORT_ALGORITHM</td>
+<td>allowRSA15KeyTransportAlgorithm</td>
+<td>Whether to allow the RSA v1.5 Key Transport Algorithm or not. Default is "false".</td>
+</tr>
+<tr>
+<td><b>WSS4J 2.0.0</b> VALIDATE_SAML_SUBJECT_CONFIRMATION</td>
+<td>validateSamlSubjectConfirmation</td>
+<td>Whether to validate the SubjectConfirmation requirements of a received SAML Token (sender-vouches or holder-of-key). Default is "true".</td>
+</tr>
+<tr>
+<td><b>WSS4J 2.0.0</b> INCLUDE_SIGNATURE_TOKEN</td>
+<td>includeSignatureToken</td>
+<td>Whether to include the Signature Token in the security header as well or not (for IssuerSerial + Thumbprint cases). Default is "false"</td>
+</tr>
+<tr>
+<td><b>WSS4J 2.0.0</b> ENABLE_NONCE_CACHE</td>
+<td>enableNonceCache</td>
+<td>Whether to cache UsernameToken nonces. Default is "true"</td>
+</tr>
+<tr>
+<td><b>WSS4J 2.0.0</b> ENABLE_TIMESTAMP_CACHE</td>
+<td>enableTimestampCache</td>
+<td>Whether to cache Timestamp Created Strings (these are only cached in conjunction with a message Signature). Default is "true"</td>
+</tr>
+<tr>
+<td><b>WSS4J 2.0.0</b> ENABLE_SAML_ONE_TIME_USE_CACHE</td>
+<td>enableSamlOneTimeUseCache</td>
+<td>Whether to cache SAML2 Token Identifiers, if the token contains a "OneTimeUse" Condition. Default is "true". </td>
+</tr>
+<tr>
+<td><b>WSS4J 2.0.0</b> USE_2005_12_NAMESPACE</td>
+<td>use200512Namespace</td>
+<td>Whether to use the 2005/12 namespace for SecureConveration + DerivedKeys, or the older namespace. The default is "true"</td>
+</tr>
</table>
<p>
The configuration tags for WSHandler properties that are configured via a non-boolean parameter
@@ -434,21 +521,11 @@ are as follows:
<th>Tag meaning</th>
</tr>
<tr>
-<td>ENC_KEY_NAME</td>
-<td>embeddedKeyName</td>
-<td>The text of the key name to be sent in the KeyInfo for encryption</td>
-</tr>
-<tr>
<td>PASSWORD_TYPE</td>
<td>passwordType</td>
<td>The encoding of the password for a Username Token. The default is WSConstants.PW_DIGEST.</td>
</tr>
<tr>
-<td>ADD_UT_ELEMENTS</td>
-<td>addUTElements</td>
-<td>Additional elements to add to a Username Token, i.e. "nonce" and "created".</td>
-</tr>
-<tr>
<td>SIG_KEY_ID</td>
<td>signatureKeyIdentifier</td>
<td>The key identifier type to use for signature. The default is "IssuerSerial".</td>
@@ -476,9 +553,9 @@ are as follows:
by default.</td>
</tr>
<tr>
-<td>WSE_SECRET_KEY_LENGTH</td>
-<td>wseSecretKeyLength</td>
-<td>The length of the secret (derived) key to use for the WSE UT_SIGN functionality.</td>
+<td><b>WSS4J 2.0.0</b> OPTIONAL_SIGNATURE_PARTS</td>
+<td>optionalSignatureParts</td>
+<td>Parameter to define which parts of the request shall be signed, if they exist in the request.</td>
</tr>
<tr>
<td>DERIVED_KEY_ITERATIONS</td>
@@ -514,6 +591,16 @@ is SHA-1.</td>
in "Content" mode by default.</td>
</tr>
<tr>
+<td><b>WSS4J 2.0.0</b> OPTIONAL_ENCRYPTION_PARTS</td>
+<td>optionalEncryptionParts</td>
+<td>Parameter to define which parts of the request shall be encrypted, if they exist in the request.</td>
+</tr>
+<tr>
+<td><b>WSS4J 2.0.0</b> ENC_MGF_ALGO</td>
+<td>encryptionMGFAlgorithm</td>
+<td>Defines which encryption mgf algorithm to use with the RSA OAEP Key Transport algorithm for encryption. The default is mgfsha1.</td>
+</tr>
+<tr>
<td>TTL_TIMESTAMP</td>
<td>timeToLive</td>
<td>The time difference between creation and expiry time in seconds in the WSS Timestamp. The
Modified: webservices/wss4j/site/src/site/xdoc/topics.xml
URL: http://svn.apache.org/viewvc/webservices/wss4j/site/src/site/xdoc/topics.xml?rev=1564837&r1=1564836&r2=1564837&view=diff
==============================================================================
--- webservices/wss4j/site/src/site/xdoc/topics.xml (original)
+++ webservices/wss4j/site/src/site/xdoc/topics.xml Wed Feb 5 17:14:19 2014
@@ -93,7 +93,7 @@ Note that in WSS4J 2.0.0 the "org.apache
</subsection>
<subsection name="WSPasswordCallback identifiers">
-<p>The <a href="http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSPasswordCallback.java?view=markup">WSPasswordCallback class</a> defines a set of integers which correspond to usage instructions for the CallbackHandler. In WSS4J 1.6, the following WSPasswordCallback identifiers are used:</p>
+<p>The <a href="http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/ext/WSPasswordCallback.java?view=markup">WSPasswordCallback class</a> defines a set of integers which correspond to usage instructions for the CallbackHandler. In WSS4J 1.6, the following WSPasswordCallback identifiers are used:</p>
<ul>
<li>WSPasswordCallback.DECRYPT - DECRYPT usage is used when the calling code needs a password to get the private key of this identifier (alias) from a keystore. This is only used for the inbound case of decrypting a session (symmetric) key, and not for the case of getting a private key to sign the message. The CallbackHandler must set the password via the setPassword(String) method.</li>
@@ -103,6 +103,12 @@ Note that in WSS4J 2.0.0 the "org.apache
<li>WSPasswordCallback.CUSTOM_TOKEN - CUSTOM_TOKEN usage is used for the case that we want the CallbackHandler to supply a token as a DOM Element. For example, this is used for the case of a reference to a SAML Assertion or Security Context Token that is not in the message. The CallbackHandler must set the token via the setCustomToken(Element) method.</li>
<li>WSPasswordCallback.SECRET_KEY - SECRET_KEY usage is used for the case that we want to obtain a secret key for encryption or signature on the outbound side, or for decryption or verification on the inbound side. The CallbackHandler must set the key via the setKey(byte[]) method.</li>
</ul>
+<p>
+In WSS4J 2.0, the following additional WSPasswordCallback identifier is:
+</p>
+<ul>
+<li>WSPasswordCallback.PASSWORD_ENCRYPTOR_PASSWORD - PASSWORD_ENCRYPTOR_PASSWORD usage is used to return the password used with a PasswordEncryptor implementation to decrypt encrypted passwords stored in Crypto properties files</li>
+</ul>
</subsection>