You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by bu...@apache.org on 2013/08/16 13:20:41 UTC
svn commit: r874879 - in /websites/production/camel/content:
book-dataformat-appendix.html book-in-one-page.html cache/main.pageCache
camel-2120-release.html xmlsecurity-dataformat.html
Author: buildbot
Date: Fri Aug 16 11:20:40 2013
New Revision: 874879
Log:
Production update by buildbot for camel
Modified:
websites/production/camel/content/book-dataformat-appendix.html
websites/production/camel/content/book-in-one-page.html
websites/production/camel/content/cache/main.pageCache
websites/production/camel/content/camel-2120-release.html
websites/production/camel/content/xmlsecurity-dataformat.html
Modified: websites/production/camel/content/book-dataformat-appendix.html
==============================================================================
--- websites/production/camel/content/book-dataformat-appendix.html (original)
+++ websites/production/camel/content/book-dataformat-appendix.html Fri Aug 16 11:20:40 2013
@@ -2873,7 +2873,7 @@ The XMLSecurity Data Format supports asy
<p>These options can be applied in addition to relevant the Basic options to use asymmetric key encryption. </p>
<div class="table-wrap">
-<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"> Option </th><th colspan="1" rowspan="1" class="confluenceTh"> Default </th><th colspan="1" rowspan="1" class="confluenceTh"> Description </th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>recipientKeyAlias</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> The key alias to be used when retrieving the recipient's public or private key from a KeyStore when performing asymmetric key encryption or decryption. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>keyCipherAlgorithm</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> The cipher algorithm to be used for encryption/decryption of the asymmetric key. The available choices are:
+<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"> Option </th><th colspan="1" rowspan="1" class="confluenceTh"> Default </th><th colspan="1" rowspan="1" class="confluenceTh"> Description </th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>recipientKeyAlias</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> The key alias to be used when retrieving the recipient's public or private key from a KeyStore when performing asymmetric key encryption or decryption. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>keyCipherAlgorithm</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Camel 2.12</b> <tt>XMLCipher.RSA_OAEP</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> The cipher algorithm to be used for encryption/decryption of the asymmetric key. The available choices are:
<ul><li><tt>XMLCipher.RSA_v1dot5</tt></li><li><tt>XMLCipher.RSA_OAEP</tt></li><li><tt>XMLCipher.RSA_OAEP_11</tt></li></ul>
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>keyOrTrustStoreParameters</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> Configuration options for creating and loading a KeyStore instance that represents the sender's trustStore or recipient's keyStore. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>keyPassword</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Camel 2.10.2 / 2.11:</b> The password to be used for retrieving the private key from the KeyStore. This key is used for asymmetric decryption. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>digestAlgorithm</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> XMLCipher.SHA1 </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Camel 2.12</b> The digest algorithm to use with the RSA OAEP algorithm
. The available choices are:
<ul><li><tt>XMLCipher.SHA1</tt></li><li><tt>XMLCipher.SHA256</tt></li><li><tt>XMLCipher.SHA512</tt></li></ul>
@@ -2883,6 +2883,10 @@ The XMLSecurity Data Format supports asy
</div>
+<h4><a shape="rect" name="BookDataFormatAppendix-KeyCipherAlgorithm"></a>Key Cipher Algorithm</h4>
+
+<p>As of Camel 2.12.0, the default Key Cipher Algorithm is now XMLCipher.RSA_OAEP instead of XMLCipher.RSA_v1dot5. Usage of XMLCipher.RSA_v1dot5 is discouraged due to various attacks. Requests that use RSA v1.5 as the key cipher algorithm will be rejected unless it has been explicitly configured as the key cipher algorithm.</p>
+
<h3><a shape="rect" name="BookDataFormatAppendix-Marshal"></a>Marshal</h3>
<p>In order to encrypt the payload, the <tt>marshal</tt> processor needs to be applied on the route followed by the <b><tt>secureXML()</tt></b> tag.</p>
Modified: websites/production/camel/content/book-in-one-page.html
==============================================================================
--- websites/production/camel/content/book-in-one-page.html (original)
+++ websites/production/camel/content/book-in-one-page.html Fri Aug 16 11:20:40 2013
@@ -14268,7 +14268,7 @@ The XMLSecurity Data Format supports asy
<p>These options can be applied in addition to relevant the Basic options to use asymmetric key encryption. </p>
<div class="table-wrap">
-<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"> Option </th><th colspan="1" rowspan="1" class="confluenceTh"> Default </th><th colspan="1" rowspan="1" class="confluenceTh"> Description </th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>recipientKeyAlias</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> The key alias to be used when retrieving the recipient's public or private key from a KeyStore when performing asymmetric key encryption or decryption. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>keyCipherAlgorithm</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> The cipher algorithm to be used for encryption/decryption of the asymmetric key. The available choices are:
+<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"> Option </th><th colspan="1" rowspan="1" class="confluenceTh"> Default </th><th colspan="1" rowspan="1" class="confluenceTh"> Description </th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>recipientKeyAlias</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> The key alias to be used when retrieving the recipient's public or private key from a KeyStore when performing asymmetric key encryption or decryption. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>keyCipherAlgorithm</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Camel 2.12</b> <tt>XMLCipher.RSA_OAEP</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> The cipher algorithm to be used for encryption/decryption of the asymmetric key. The available choices are:
<ul><li><tt>XMLCipher.RSA_v1dot5</tt></li><li><tt>XMLCipher.RSA_OAEP</tt></li><li><tt>XMLCipher.RSA_OAEP_11</tt></li></ul>
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>keyOrTrustStoreParameters</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> Configuration options for creating and loading a KeyStore instance that represents the sender's trustStore or recipient's keyStore. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>keyPassword</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Camel 2.10.2 / 2.11:</b> The password to be used for retrieving the private key from the KeyStore. This key is used for asymmetric decryption. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>digestAlgorithm</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> XMLCipher.SHA1 </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Camel 2.12</b> The digest algorithm to use with the RSA OAEP algorithm
. The available choices are:
<ul><li><tt>XMLCipher.SHA1</tt></li><li><tt>XMLCipher.SHA256</tt></li><li><tt>XMLCipher.SHA512</tt></li></ul>
@@ -14278,6 +14278,10 @@ The XMLSecurity Data Format supports asy
</div>
+<h4><a shape="rect" name="BookInOnePage-KeyCipherAlgorithm"></a>Key Cipher Algorithm</h4>
+
+<p>As of Camel 2.12.0, the default Key Cipher Algorithm is now XMLCipher.RSA_OAEP instead of XMLCipher.RSA_v1dot5. Usage of XMLCipher.RSA_v1dot5 is discouraged due to various attacks. Requests that use RSA v1.5 as the key cipher algorithm will be rejected unless it has been explicitly configured as the key cipher algorithm.</p>
+
<h3><a shape="rect" name="BookInOnePage-Marshal"></a>Marshal</h3>
<p>In order to encrypt the payload, the <tt>marshal</tt> processor needs to be applied on the route followed by the <b><tt>secureXML()</tt></b> tag.</p>
Modified: websites/production/camel/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/camel/content/camel-2120-release.html
==============================================================================
--- websites/production/camel/content/camel-2120-release.html (original)
+++ websites/production/camel/content/camel-2120-release.html Fri Aug 16 11:20:40 2013
@@ -94,7 +94,7 @@
<p>Welcome to the 2.12.0 release which approx XXX issues resolved (new features, improvements and bug fixes such as...)</p>
-<ul><li><a shape="rect" href="endpoint-annotations.html" title="Endpoint Annotations">Endpoint Annotations</a> along with automatically created HTML documentation for the endpoint parameters; this makes it easier for component developers to add a few refactoring-safe annotations to their Endpoint or Consumer implementations and, (along with javadoc comments on the field or setter method), get nice user documentation on how to use the endpoint for free.</li><li><a shape="rect" href="componentconfiguration.html" title="ComponentConfiguration">ComponentConfiguration</a> API provides a handy API for tools developers to introspect on a Component to find all the possible parameters, their types and any extra annotations (like Bean Validation Annotations) to be able to create/edit endpoints or URI strings so that tools can generate nicer UIs for configuring endpoints than just letting folks edit Strings.</li><li><a shape="rect" href="endpointcompleter.html" title="EndpointCompleter">Endpoi
ntCompleter</a> API provides a hook so that command line tools (like <a shape="rect" class="external-link" href="http://karaf.apache.org/manual/latest-2.3.x/users-guide/using-console.html">Karaf's shell</a>), IDEs and web tools can get (bash tab like) auto-completion on endpoint paths (such as file or directory names, message queue names, database table names) when creating or using new endpoints</li><li>Reduced stack-frames in use during routing, that also makes Camel's stack traces being logged much less verbose. This also allows people to easier debug the internals of Camel as less <tt>AsyncCallback</tt> callbacks are in use during routing.</li><li>Easy to use <a shape="rect" href="message-history.html" title="Message History">Message History</a> out of the box. And included message history as "route stack-trace" when exceptions logged by <a shape="rect" href="error-handler.html" title="Error Handler">Error Handler</a> to make it easier for end users to spot where the exception o
ccurred.</li><li><a shape="rect" href="spring-web-services.html" title="Spring Web Services">Spring Web Services</a> now supports setting/receiving SOAP headers more easily using a header on the Camel <a shape="rect" href="message.html" title="Message">Message</a>.</li><li>Evaluating <a shape="rect" href="groovy.html" title="Groovy">Groovy</a> expressions is faster as we cache the compiled scripts.</li><li>Added <tt>base64</tt> option to <a shape="rect" href="shiro-security.html" title="Shiro Security">Shiro Security</a> to allow transferring security token over <a shape="rect" href="jms.html" title="JMS">JMS</a> and other transports as base64 encoded representation.</li><li>Made it easier to use <a shape="rect" href="shiro-security.html" title="Shiro Security">Shiro Security</a> as the credentials can be provided in headers, when sending a message to a secured route.</li><li><a shape="rect" href="bindy.html" title="Bindy">Bindy</a> now supports enums.</li><li>Added new <a shape="re
ct" href="backlogdebugger.html" title="BacklogDebugger">BacklogDebugger</a> to perform live debugging of messages during routing. The <a shape="rect" href="backlogdebugger.html" title="BacklogDebugger">BacklogDebugger</a> has JMX API allows tooling to control the debugger.</li><li>While using the <a shape="rect" class="external-link" href="http://xircles.codehaus.org/projects/jackson" rel="nofollow">Jackson library</a> through the <a shape="rect" href="json.html" title="JSON">JSON</a> Dataformat there's now a <tt>jsonView</tt> attribute you could make use of directly inside the <a shape="rect" href="dsl.html" title="DSL">DSL</a> itself.</li><li><a shape="rect" href="smpp.html" title="SMPP">SMPP</a> now supports optional parameters in all commands where they are possible.</li><li><a shape="rect" href="jdbc.html" title="JDBC">JDBC</a> now supports named parameters.</li><li>Added timeout support for <a shape="rect" href="direct.html" title="Direct">Direct</a> producers to wait for cons
umer to become active.</li><li>Added <tt>stats</tt> action to <a shape="rect" href="controlbus.html" title="ControlBus">ControlBus</a> to easily get performance statics in a single XML message.</li><li>Added support for request timeout on <a shape="rect" href="netty.html" title="Netty">Netty</a> producer, and to configure logging level on <a shape="rect" href="netty.html" title="Netty">Netty</a> consumer to be less noisy for ChannelClosedException which can flood the logs when client disconnects abruptly.</li><li><a shape="rect" href="springbatch.html" title="SpringBatch">Spring Batch</a> component producer now returns the <tt>JobExecution</tt> instance as the output message. Users can use the <tt>JobExecution</tt> instance to perform some operations using the Spring Batch API directly.</li><li>Added support for NULL values in <a shape="rect" href="sql-component.html" title="SQL Component">SQL</a> with named parameters.</li><li>Optimized <a shape="rect" href="jetty.html" title="Jett
y">Jetty</a> streaming responses in non-chunked mode; and as well using buffer sizes based on <tt>HttpServletResponse.getBufferSize()</tt> instead of fixed size of 4kb.</li><li>Added <tt>greedy</tt> option to <a shape="rect" href="polling-consumer.html" title="Polling Consumer">scheduled polling consumer</a>.</li><li>Added support for accessing the length field on Java arrays in <a shape="rect" href="simple.html" title="Simple">Simple</a> language.</li><li>Added support for using JAXB annotations with Camel's Jackson <a shape="rect" href="json.html" title="JSON">JSON</a> component.</li><li>Added the ability for <a shape="rect" href="bindy.html" title="Bindy">Bindy</a> to skip content when parsing fixed-length records.</li><li><a shape="rect" href="mongodb.html" title="MongoDB">MongoDB</a> now supports aggregation queries.</li><li><a shape="rect" href="netty.html" title="Netty">Netty</a> allows to use shared Netty boss and worker thread pools.</li><li>The <a shape="rect" href="camel-
maven-archetypes.html" title="Camel Maven Archetypes">Camel Maven Archetypes</a> for component and data format now packages as OSGi bundles out of the box.</li><li>Easier <a shape="rect" href="stream-caching.html" title="Stream caching">Stream caching</a> configuration using <tt>StreamCachingStrategy</tt>. Also allows spool directory per <a shape="rect" href="camelcontext.html" title="CamelContext">CamelContext</a> instead of shared per JVM. And insight at runtime using JMX management. As well allowing to plugin 3rd party implementations.</li><li>Improved <a shape="rect" href="netty.html" title="Netty">Netty</a> to be able to join an UDP multicast group.</li><li>Using Camel <a shape="rect" href="spring.html" title="Spring">Spring</a> is now setting up Camel routes later in the process allow Spring to complete all of its dependency injection, before Camel <tt>RouteBuilder</tt> instances is configured. This allows to safely use Spring dependency injection in these <tt>RouteBuilder</tt
> classes.</li><li>Services in a <a shape="rect" href="camelcontext.html" title="CamelContext">CamelContext</a> which can only be enlisted once (eg it similar to a static in a JVM) has simpler and fixed MBean names in JMX.</li><li><a shape="rect" href="sql-component.html" title="SQL Component">JDBC based aggregation repository</a> for the <a shape="rect" href="aggregator2.html" title="Aggregator2">Aggregate</a> EIP now supports optimistic locking, allows clustered Camel applications to use a shared database for the aggregation repository.</li><li><a shape="rect" href="recipient-list.html" title="Recipient List">Recipient List</a> stores a property (<tt>Exchange.RECIPIENT_LIST_ENDPOINT</tt>) on the <a shape="rect" href="exchange.html" title="Exchange">Exchange</a> with the <a shape="rect" href="uris.html" title="URIs">URIs</a> of the <a shape="rect" href="endpoint.html" title="Endpoint">Endpoint</a> the message was sent to.</li><li>Added <tt>mask</tt> option to <a shape="rect" href="
camel-jmx.html" title="Camel JMX">Camel JMX</a> to hide sensitive information such as passwords.</li><li>Added <tt>outputType</tt> option supporting <tt>SelectList</tt>, and <tt>SelectOne</tt> to <a shape="rect" href="sql-component.html" title="SQL Component">SQL Component</a> to dictate the output message body type when doing SQL SELECT queries.</li><li><a shape="rect" href="polling-consumer.html" title="Polling Consumer">Polling Consumer</a>s such as <a shape="rect" href="file2.html" title="File2">File</a>, and <a shape="rect" href="ftp2.html" title="FTP2">FTP</a> now supports using custom scheduler. Providing a new <a shape="rect" href="quartz2.html" title="Quartz2">Quartz2</a>, and <a shape="rect" href="spring.html" title="Spring">Spring</a> based out of the box, that allows to use CRON based scheduler.</li></ul>
+<ul><li><a shape="rect" href="endpoint-annotations.html" title="Endpoint Annotations">Endpoint Annotations</a> along with automatically created HTML documentation for the endpoint parameters; this makes it easier for component developers to add a few refactoring-safe annotations to their Endpoint or Consumer implementations and, (along with javadoc comments on the field or setter method), get nice user documentation on how to use the endpoint for free.</li><li><a shape="rect" href="componentconfiguration.html" title="ComponentConfiguration">ComponentConfiguration</a> API provides a handy API for tools developers to introspect on a Component to find all the possible parameters, their types and any extra annotations (like Bean Validation Annotations) to be able to create/edit endpoints or URI strings so that tools can generate nicer UIs for configuring endpoints than just letting folks edit Strings.</li><li><a shape="rect" href="endpointcompleter.html" title="EndpointCompleter">Endpoi
ntCompleter</a> API provides a hook so that command line tools (like <a shape="rect" class="external-link" href="http://karaf.apache.org/manual/latest-2.3.x/users-guide/using-console.html">Karaf's shell</a>), IDEs and web tools can get (bash tab like) auto-completion on endpoint paths (such as file or directory names, message queue names, database table names) when creating or using new endpoints</li><li>Reduced stack-frames in use during routing, that also makes Camel's stack traces being logged much less verbose. This also allows people to easier debug the internals of Camel as less <tt>AsyncCallback</tt> callbacks are in use during routing.</li><li>Easy to use <a shape="rect" href="message-history.html" title="Message History">Message History</a> out of the box. And included message history as "route stack-trace" when exceptions logged by <a shape="rect" href="error-handler.html" title="Error Handler">Error Handler</a> to make it easier for end users to spot where the exception o
ccurred.</li><li><a shape="rect" href="spring-web-services.html" title="Spring Web Services">Spring Web Services</a> now supports setting/receiving SOAP headers more easily using a header on the Camel <a shape="rect" href="message.html" title="Message">Message</a>.</li><li>Evaluating <a shape="rect" href="groovy.html" title="Groovy">Groovy</a> expressions is faster as we cache the compiled scripts.</li><li>Added <tt>base64</tt> option to <a shape="rect" href="shiro-security.html" title="Shiro Security">Shiro Security</a> to allow transferring security token over <a shape="rect" href="jms.html" title="JMS">JMS</a> and other transports as base64 encoded representation.</li><li>Made it easier to use <a shape="rect" href="shiro-security.html" title="Shiro Security">Shiro Security</a> as the credentials can be provided in headers, when sending a message to a secured route.</li><li><a shape="rect" href="bindy.html" title="Bindy">Bindy</a> now supports enums.</li><li>Added new <a shape="re
ct" href="backlogdebugger.html" title="BacklogDebugger">BacklogDebugger</a> to perform live debugging of messages during routing. The <a shape="rect" href="backlogdebugger.html" title="BacklogDebugger">BacklogDebugger</a> has JMX API allows tooling to control the debugger.</li><li>While using the <a shape="rect" class="external-link" href="http://xircles.codehaus.org/projects/jackson" rel="nofollow">Jackson library</a> through the <a shape="rect" href="json.html" title="JSON">JSON</a> Dataformat there's now a <tt>jsonView</tt> attribute you could make use of directly inside the <a shape="rect" href="dsl.html" title="DSL">DSL</a> itself.</li><li><a shape="rect" href="smpp.html" title="SMPP">SMPP</a> now supports optional parameters in all commands where they are possible.</li><li><a shape="rect" href="jdbc.html" title="JDBC">JDBC</a> now supports named parameters.</li><li>Added timeout support for <a shape="rect" href="direct.html" title="Direct">Direct</a> producers to wait for cons
umer to become active.</li><li>Added <tt>stats</tt> action to <a shape="rect" href="controlbus.html" title="ControlBus">ControlBus</a> to easily get performance statics in a single XML message.</li><li>Added support for request timeout on <a shape="rect" href="netty.html" title="Netty">Netty</a> producer, and to configure logging level on <a shape="rect" href="netty.html" title="Netty">Netty</a> consumer to be less noisy for ChannelClosedException which can flood the logs when client disconnects abruptly.</li><li><a shape="rect" href="springbatch.html" title="SpringBatch">Spring Batch</a> component producer now returns the <tt>JobExecution</tt> instance as the output message. Users can use the <tt>JobExecution</tt> instance to perform some operations using the Spring Batch API directly.</li><li>Added support for NULL values in <a shape="rect" href="sql-component.html" title="SQL Component">SQL</a> with named parameters.</li><li>Optimized <a shape="rect" href="jetty.html" title="Jett
y">Jetty</a> streaming responses in non-chunked mode; and as well using buffer sizes based on <tt>HttpServletResponse.getBufferSize()</tt> instead of fixed size of 4kb.</li><li>Added <tt>greedy</tt> option to <a shape="rect" href="polling-consumer.html" title="Polling Consumer">scheduled polling consumer</a>.</li><li>Added support for accessing the length field on Java arrays in <a shape="rect" href="simple.html" title="Simple">Simple</a> language.</li><li>Added support for using JAXB annotations with Camel's Jackson <a shape="rect" href="json.html" title="JSON">JSON</a> component.</li><li>Added the ability for <a shape="rect" href="bindy.html" title="Bindy">Bindy</a> to skip content when parsing fixed-length records.</li><li><a shape="rect" href="mongodb.html" title="MongoDB">MongoDB</a> now supports aggregation queries.</li><li><a shape="rect" href="netty.html" title="Netty">Netty</a> allows to use shared Netty boss and worker thread pools.</li><li>The <a shape="rect" href="camel-
maven-archetypes.html" title="Camel Maven Archetypes">Camel Maven Archetypes</a> for component and data format now packages as OSGi bundles out of the box.</li><li>Easier <a shape="rect" href="stream-caching.html" title="Stream caching">Stream caching</a> configuration using <tt>StreamCachingStrategy</tt>. Also allows spool directory per <a shape="rect" href="camelcontext.html" title="CamelContext">CamelContext</a> instead of shared per JVM. And insight at runtime using JMX management. As well allowing to plugin 3rd party implementations.</li><li>Improved <a shape="rect" href="netty.html" title="Netty">Netty</a> to be able to join an UDP multicast group.</li><li>Using Camel <a shape="rect" href="spring.html" title="Spring">Spring</a> is now setting up Camel routes later in the process allow Spring to complete all of its dependency injection, before Camel <tt>RouteBuilder</tt> instances is configured. This allows to safely use Spring dependency injection in these <tt>RouteBuilder</tt
> classes.</li><li>Services in a <a shape="rect" href="camelcontext.html" title="CamelContext">CamelContext</a> which can only be enlisted once (eg it similar to a static in a JVM) has simpler and fixed MBean names in JMX.</li><li><a shape="rect" href="sql-component.html" title="SQL Component">JDBC based aggregation repository</a> for the <a shape="rect" href="aggregator2.html" title="Aggregator2">Aggregate</a> EIP now supports optimistic locking, allows clustered Camel applications to use a shared database for the aggregation repository.</li><li><a shape="rect" href="recipient-list.html" title="Recipient List">Recipient List</a> stores a property (<tt>Exchange.RECIPIENT_LIST_ENDPOINT</tt>) on the <a shape="rect" href="exchange.html" title="Exchange">Exchange</a> with the <a shape="rect" href="uris.html" title="URIs">URIs</a> of the <a shape="rect" href="endpoint.html" title="Endpoint">Endpoint</a> the message was sent to.</li><li>Added <tt>mask</tt> option to <a shape="rect" href="
camel-jmx.html" title="Camel JMX">Camel JMX</a> to hide sensitive information such as passwords.</li><li>Added <tt>outputType</tt> option supporting <tt>SelectList</tt>, and <tt>SelectOne</tt> to <a shape="rect" href="sql-component.html" title="SQL Component">SQL Component</a> to dictate the output message body type when doing SQL SELECT queries.</li><li><a shape="rect" href="polling-consumer.html" title="Polling Consumer">Polling Consumer</a>s such as <a shape="rect" href="file2.html" title="File2">File</a>, and <a shape="rect" href="ftp2.html" title="FTP2">FTP</a> now supports using custom scheduler. Providing a new <a shape="rect" href="quartz2.html" title="Quartz2">Quartz2</a>, and <a shape="rect" href="spring.html" title="Spring">Spring</a> based out of the box, that allows to use CRON based scheduler.</li><li>Added support for XML Encryption 1.1 algorithms in the camel-xmlsecurity component. It is now possible to specify stronger digest algorithms when using RSA OAEP Key Trans
port algorithms.</li></ul>
<h3><a shape="rect" name="Camel2.12.0Release-FixedIssues"></a>Fixed Issues</h3>
@@ -132,7 +132,7 @@
<h2><a shape="rect" name="Camel2.12.0Release-KnownIssues"></a>Known Issues</h2>
<h2><a shape="rect" name="Camel2.12.0Release-DependencyUpgrades"></a>Dependency Upgrades</h2>
-<ul><li>AHC 1.7.11 to 1.7.19</li><li>AWS Java SDK 1.3.27 to 1.5.1</li><li>Beanio from 2.0.5 to 2.0.6</li><li>Bouncy Castle 1.47 to 1.49</li><li>Commons Codec 1.6 to 1.8</li><li>Commons Net 3.1 to 3.3</li><li>Commons Httpclient 4.2.3 to 4.2.5</li><li>Commons Httpcore 4.2.3 to 4.2.4</li><li>CXF 2.7.4 to 2.7.6</li><li>Disruptor 3.1.1 to 3.2.0</li><li>Ehcache 2.5.2 to 2.7.2</li><li>HAPI 2.0 to 2.1</li><li>Groovy 2.1.3 to 2.1.6</li><li>Hadoop 1.1.1 to 1.2.0</li><li>HBase 0.94.6 to 0.94.10</li><li>Hawtdispatch 1.13 to 1.17</li><li>Hibernate Validator 4.1.0.Final to 5.0.1.Final</li><li>Hibernate 4.2.3 to 4.2.4</li><li>Jackson 2.1.4 to 2.2.2</li><li>Jersey 1.13 to 1.17.1</li><li>Jettison 1.3.3 to 1.3.4</li><li>JRuby 1.7.2 to 1.7.4</li><li>Krati 0.4.8 to 0.4.9</li><li>Leveldbjni 1.6 to 1.7</li><li>Mail 1.4.5 to 1.4.7</li><li>MongoDB Java Driver 2.9.1 to 2.11.2</li><li>MQTT Client 1.4 to 1.5</li><li>MVEL 2.1.3.Final to 2.1.6.Final</li><li>Netty 3.6.5 to 3.6.6</li><li>OpenEJB 4.5.1 to 4.5.2</l
i><li>OpenJPA 2.2.1 to 2.2.2</li><li>Saxon 9.4.0.4 to 9.5.0.2</li><li>Scala 2.10.1 to 2.10.2</li><li>Shiro 1.2.1 to 1.2.2</li><li>SNMP4J 2.1.0 to 2.2.2</li><li>Spring 3.1.4.RELEASE to 3.2.4.RELEASE</li><li>Spring Batch 2.1.9.RELEASE to 2.2.1.RELEASE</li><li>Spring Data Redis 1.0.3.RELEASE to 1.0.4.RELEASE</li><li>Spring Security 3.1.3.RELEASE to 3.1.4.RELEASE</li><li>Spring Web Services 2.1.2 to 2.1.3</li><li>TestNG 6.8 to 6.8.5</li><li>XStream 1.4.3 to 1.4.4</li></ul>
+<ul><li>AHC 1.7.11 to 1.7.19</li><li>AWS Java SDK 1.3.27 to 1.5.1</li><li>Beanio from 2.0.5 to 2.0.6</li><li>Bouncy Castle 1.47 to 1.49</li><li>Commons Codec 1.6 to 1.8</li><li>Commons Net 3.1 to 3.3</li><li>Commons Httpclient 4.2.3 to 4.2.5</li><li>Commons Httpcore 4.2.3 to 4.2.4</li><li>CXF 2.7.4 to 2.7.6</li><li>Disruptor 3.1.1 to 3.2.0</li><li>Ehcache 2.5.2 to 2.7.2</li><li>HAPI 2.0 to 2.1</li><li>Groovy 2.1.3 to 2.1.6</li><li>Hadoop 1.1.1 to 1.2.0</li><li>HBase 0.94.6 to 0.94.10</li><li>Hawtdispatch 1.13 to 1.17</li><li>Hibernate Validator 4.1.0.Final to 5.0.1.Final</li><li>Hibernate 4.2.3 to 4.2.4</li><li>Jackson 2.1.4 to 2.2.2</li><li>Jersey 1.13 to 1.17.1</li><li>Jettison 1.3.3 to 1.3.4</li><li>JRuby 1.7.2 to 1.7.4</li><li>Krati 0.4.8 to 0.4.9</li><li>Leveldbjni 1.6 to 1.7</li><li>Mail 1.4.5 to 1.4.7</li><li>MongoDB Java Driver 2.9.1 to 2.11.2</li><li>MQTT Client 1.4 to 1.5</li><li>MVEL 2.1.3.Final to 2.1.6.Final</li><li>Netty 3.6.5 to 3.6.6</li><li>OpenEJB 4.5.1 to 4.5.2</l
i><li>OpenJPA 2.2.1 to 2.2.2</li><li>Saxon 9.4.0.4 to 9.5.0.2</li><li>Scala 2.10.1 to 2.10.2</li><li>Shiro 1.2.1 to 1.2.2</li><li>SNMP4J 2.1.0 to 2.2.2</li><li>Spring 3.1.4.RELEASE to 3.2.4.RELEASE</li><li>Spring Batch 2.1.9.RELEASE to 2.2.1.RELEASE</li><li>Spring Data Redis 1.0.3.RELEASE to 1.0.4.RELEASE</li><li>Spring Security 3.1.3.RELEASE to 3.1.4.RELEASE</li><li>Spring Web Services 2.1.2 to 2.1.3</li><li>TestNG 6.8 to 6.8.5</li><li>XML Security (Santuario) 1.5.2 to 1.5.5.</li><li>XStream 1.4.3 to 1.4.4</li></ul>
<h2><a shape="rect" name="Camel2.12.0Release-Internalchanges"></a>Internal changes</h2>
@@ -140,7 +140,7 @@
<h2><a shape="rect" name="Camel2.12.0Release-Changesthatmayaffectendusers"></a>Changes that may affect end users</h2>
-<ul><li>The <a shape="rect" href="file2.html" title="File2">File</a> and <a shape="rect" href="ftp2.html" title="FTP2">FTP</a> consumers when using idempotent repository will no longer invoke <tt>contains</tt> with a directory name; this has been changed to only be checked for files.</li><li>Shutting down using <a shape="rect" href="graceful-shutdown.html" title="Graceful Shutdown">Graceful Shutdown</a> now requires the timeout value to be positive. And improved logic to avoid getting stuck in waiting for inflight messages, and having counter go negative.</li><li><a shape="rect" href="tracer.html" title="Tracer">Tracer</a> now requires explicitly to be enabled on <tt>CamelContext</tt> to be available and in use.</li><li>The class <tt>org.apache.camel.processor.interceptor.BacklogTracerInterceptor</tt> has been removed as it was no longer needed due internal optimizations.</li><li>The <a shape="rect" href="stream-caching.html" title="Stream caching">Stream caching</a> default thresho
ld for spooling to disk has been changed from 64kb to 128kb.</li><li>The unary operators in <a shape="rect" href="simple.html" title="Simple">Simple</a> is now only applied on functions</li><li>Using Camel <a shape="rect" href="spring.html" title="Spring">Spring</a> is now setting up Camel routes later in the process allow Spring to complete all of its dependency injection, before Camel <tt>RouteBuilder</tt> instances is configured. This allows to safely use Spring dependency injection in these <tt>RouteBuilder</tt> classes.</li><li>Changing destination using JMX on <tt>org.apache.camel.api.management.mbean.ManagedSendProcessorMBean</tt> no longer supported.</li><li>Camel now uses <tt>xxxxxx</tt> instead of <tt>******</tt> when masking passwords (sanitize) when logging <a shape="rect" href="uris.html" title="URIs">URIs</a> in the log. Using <tt>xxxxx</tt> is more friendly with JMX naming.</li><li>The <tt>DefaultProducer</tt> now delegates to the <tt>Endpoint</tt> in the <tt>isSingle
ton()</tt> method call, to use the same value as its endpoint.</li></ul>
+<ul><li>The <a shape="rect" href="file2.html" title="File2">File</a> and <a shape="rect" href="ftp2.html" title="FTP2">FTP</a> consumers when using idempotent repository will no longer invoke <tt>contains</tt> with a directory name; this has been changed to only be checked for files.</li><li>Shutting down using <a shape="rect" href="graceful-shutdown.html" title="Graceful Shutdown">Graceful Shutdown</a> now requires the timeout value to be positive. And improved logic to avoid getting stuck in waiting for inflight messages, and having counter go negative.</li><li><a shape="rect" href="tracer.html" title="Tracer">Tracer</a> now requires explicitly to be enabled on <tt>CamelContext</tt> to be available and in use.</li><li>The class <tt>org.apache.camel.processor.interceptor.BacklogTracerInterceptor</tt> has been removed as it was no longer needed due internal optimizations.</li><li>The <a shape="rect" href="stream-caching.html" title="Stream caching">Stream caching</a> default thresho
ld for spooling to disk has been changed from 64kb to 128kb.</li><li>The unary operators in <a shape="rect" href="simple.html" title="Simple">Simple</a> is now only applied on functions</li><li>Using Camel <a shape="rect" href="spring.html" title="Spring">Spring</a> is now setting up Camel routes later in the process allow Spring to complete all of its dependency injection, before Camel <tt>RouteBuilder</tt> instances is configured. This allows to safely use Spring dependency injection in these <tt>RouteBuilder</tt> classes.</li><li>Changing destination using JMX on <tt>org.apache.camel.api.management.mbean.ManagedSendProcessorMBean</tt> no longer supported.</li><li>Camel now uses <tt>xxxxxx</tt> instead of <tt>******</tt> when masking passwords (sanitize) when logging <a shape="rect" href="uris.html" title="URIs">URIs</a> in the log. Using <tt>xxxxx</tt> is more friendly with JMX naming.</li><li>The <tt>DefaultProducer</tt> now delegates to the <tt>Endpoint</tt> in the <tt>isSingle
ton()</tt> method call, to use the same value as its endpoint.</li><li>Requests that use RSA v1.5 as the key transport algorithm will be rejected in the camel-xmlsecurity component, unless this algorithm has been explicitly configured.</li></ul>
Modified: websites/production/camel/content/xmlsecurity-dataformat.html
==============================================================================
--- websites/production/camel/content/xmlsecurity-dataformat.html (original)
+++ websites/production/camel/content/xmlsecurity-dataformat.html Fri Aug 16 11:20:40 2013
@@ -112,7 +112,7 @@ The XMLSecurity Data Format supports asy
<p>These options can be applied in addition to relevant the Basic options to use asymmetric key encryption. </p>
<div class="table-wrap">
-<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"> Option </th><th colspan="1" rowspan="1" class="confluenceTh"> Default </th><th colspan="1" rowspan="1" class="confluenceTh"> Description </th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>recipientKeyAlias</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> The key alias to be used when retrieving the recipient's public or private key from a KeyStore when performing asymmetric key encryption or decryption. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>keyCipherAlgorithm</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> The cipher algorithm to be used for encryption/decryption of the asymmetric key. The available choices are:
+<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"> Option </th><th colspan="1" rowspan="1" class="confluenceTh"> Default </th><th colspan="1" rowspan="1" class="confluenceTh"> Description </th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>recipientKeyAlias</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> The key alias to be used when retrieving the recipient's public or private key from a KeyStore when performing asymmetric key encryption or decryption. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>keyCipherAlgorithm</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Camel 2.12</b> <tt>XMLCipher.RSA_OAEP</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> The cipher algorithm to be used for encryption/decryption of the asymmetric key. The available choices are:
<ul><li><tt>XMLCipher.RSA_v1dot5</tt></li><li><tt>XMLCipher.RSA_OAEP</tt></li><li><tt>XMLCipher.RSA_OAEP_11</tt></li></ul>
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>keyOrTrustStoreParameters</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> Configuration options for creating and loading a KeyStore instance that represents the sender's trustStore or recipient's keyStore. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>keyPassword</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>null</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Camel 2.10.2 / 2.11:</b> The password to be used for retrieving the private key from the KeyStore. This key is used for asymmetric decryption. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>digestAlgorithm</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> XMLCipher.SHA1 </td><td colspan="1" rowspan="1" class="confluenceTd"> <b>Camel 2.12</b> The digest algorithm to use with the RSA OAEP algorithm
. The available choices are:
<ul><li><tt>XMLCipher.SHA1</tt></li><li><tt>XMLCipher.SHA256</tt></li><li><tt>XMLCipher.SHA512</tt></li></ul>
@@ -122,6 +122,10 @@ The XMLSecurity Data Format supports asy
</div>
+<h4><a shape="rect" name="XMLSecurityDataFormat-KeyCipherAlgorithm"></a>Key Cipher Algorithm</h4>
+
+<p>As of Camel 2.12.0, the default Key Cipher Algorithm is now XMLCipher.RSA_OAEP instead of XMLCipher.RSA_v1dot5. Usage of XMLCipher.RSA_v1dot5 is discouraged due to various attacks. Requests that use RSA v1.5 as the key cipher algorithm will be rejected unless it has been explicitly configured as the key cipher algorithm.</p>
+
<h3><a shape="rect" name="XMLSecurityDataFormat-Marshal"></a>Marshal</h3>
<p>In order to encrypt the payload, the <tt>marshal</tt> processor needs to be applied on the route followed by the <b><tt>secureXML()</tt></b> tag.</p>