You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by bu...@apache.org on 2013/06/21 12:48:03 UTC
svn commit: r866777 - in /websites/production/cxf/content:
cache/docs.pageCache docs/ws-security.html
docs/xml-key-management-service-xkms.html
Author: buildbot
Date: Fri Jun 21 10:48:02 2013
New Revision: 866777
Log:
Production update by buildbot for cxf
Modified:
websites/production/cxf/content/cache/docs.pageCache
websites/production/cxf/content/docs/ws-security.html
websites/production/cxf/content/docs/xml-key-management-service-xkms.html
Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/cxf/content/docs/ws-security.html
==============================================================================
--- websites/production/cxf/content/docs/ws-security.html (original)
+++ websites/production/cxf/content/docs/ws-security.html Fri Jun 21 10:48:02 2013
@@ -25,6 +25,8 @@
<meta http-equiv="Content-type" content="text/html;charset=UTF-8">
<meta name="keywords" content="business integration, EAI, SOA, Service Oriented Architecture, web services, SOAP, JBI, JMS, WSDL, XML, EDI, Electronic Data Interchange, standards support, integration standards, application integration, middleware, software, solutions, services, CXF, open source">
<meta name="description" content="Apache CXF, Services Framework - WS-Security">
+
+
<title>
Apache CXF -- WS-Security
</title>
@@ -124,7 +126,7 @@ Apache CXF -- WS-Security
<div id="ConfluenceContent"><h1><a shape="rect" name="WS-Security-WSSecurity"></a>WS-Security</h1>
<p>WS-Security provides means to secure your services above and beyond transport level protocols such as HTTPS. Through a number of standards such as XML-Encryption, and headers defined in the WS-Security standard, it allows you to:</p>
-<ul><li>Pass authentication tokens between services</li><li>Encrypt messages or parts of messages</li><li>Sign messages</li><li>Timestamp messages</li></ul>
+<ul><li>Pass authentication tokens between services</li><li>Encrypt messages or parts of messages</li><li>Sign messages</li><li>Timestamp messages</li><li>Manage public keys using <a shape="rect" href="http://cxf.apache.org/docs/xml-key-management-service-xkms.html">XKMS</a></li></ul>
<p>CXF relies on <a shape="rect" class="external-link" href="http://ws.apache.org/wss4j">WSS4J</a> in large part to implement WS-Security. Within your own services, WS-Security can be activated by using <a shape="rect" href="http://cxf.apache.org/docs/ws-securitypolicy.html">WS-SecurityPolicy</a>, which provides a comprehensive and sophisticated validation of the security properties of a received message. A non-WS-SecurityPolicy approach is usually also possible by way of CXF interceptors added to your service and/or client as detailed in this article.</p>
Modified: websites/production/cxf/content/docs/xml-key-management-service-xkms.html
==============================================================================
--- websites/production/cxf/content/docs/xml-key-management-service-xkms.html (original)
+++ websites/production/cxf/content/docs/xml-key-management-service-xkms.html Fri Jun 21 10:48:02 2013
@@ -246,6 +246,7 @@ Sample spring configuration of XKMS hand
</pre>
</div></div>
+
<p>dateValidator and trustedAuthorityValidator beans are implementations of Validator interface for validity date and trusted chain validation. <br clear="none">
x509Locator and x509Register are implementations of Locator and Register interfaces for X509 certificates.<br clear="none">
certificateRepo is repository implementation for LDAP backend. LdapSearch and LdapSchemaConfig contain LDAP configuration described in the following table:</p>
@@ -262,6 +263,37 @@ certificateRepo is repository implementa
</div>
+<p>XKMS service endpoint is configured in following way:</p>
+
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-xml">
+ <span class="code-tag"><bean id=<span class="code-quote">"xkmsProviderBean"</span> class=<span class="code-quote">"org.apache.cxf.xkms.service.XKMSService"</span>></span>
+ <span class="code-tag"><property name=<span class="code-quote">"validators"</span>></span>
+ <span class="code-tag"><list></span>
+ <span class="code-tag"><ref bean=<span class="code-quote">"dateValidator"</span> /></span>
+ <span class="code-tag"><ref bean=<span class="code-quote">"trustedAuthorityValidator"</span> /></span>
+ <span class="code-tag"></list></span>
+ <span class="code-tag"></property></span>
+ <span class="code-tag"><property name=<span class="code-quote">"locators"</span>></span>
+ <span class="code-tag"><list></span>
+ <span class="code-tag"><ref bean=<span class="code-quote">"x509Locator"</span> /></span>
+ <span class="code-tag"></list></span>
+ <span class="code-tag"></property></span>
+ <span class="code-tag"><property name=<span class="code-quote">"keyRegisterHandlers"</span>></span>
+ <span class="code-tag"><list></span>
+ <span class="code-tag"><ref bean=<span class="code-quote">"x509Register"</span> /></span>
+ <span class="code-tag"></list></span>
+ <span class="code-tag"></property></span>
+ <span class="code-tag"></bean></span>
+
+ <jaxws:endpoint id=<span class="code-quote">"XKMSService"</span>
+ <span class="code-keyword">xmlns:serviceNamespace</span>=<span class="code-quote">"http://www.w3.org/2002/03/xkms#wsdl"</span>
+ serviceName=<span class="code-quote">"serviceNamespace:XKMSService"</span> endpointName=<span class="code-quote">"serviceNamespace:XKMSPort"</span>
+ implementor=<span class="code-quote">"#xkmsProviderBean"</span> address=<span class="code-quote">"/XKMS"</span>>
+ <span class="code-tag"></jaxws:endpoint></span>
+</pre>
+</div></div>
+
<h4><a shape="rect" name="XMLKeyManagementService%28XKMS%29-IntegrationXKMSclientintoCXFruntime."></a>Integration XKMS client into CXF runtime.</h4>
<p>XKMS client can be integrated into CXF and WSS4J using custom Crypto provider implementation. In this case XKMS service will be automatically invoked when WSS4J requires or validates certificate. Details are described in this <a shape="rect" class="external-link" href="http://ashakirin.blogspot.de/2013/04/cxf-security-getting-certificates-from.html" rel="nofollow">blog</a>. Sample XKMS based implementation of WSS4J Crypto interface is contributed into XKMS Client component. </p>