You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by bu...@apache.org on 2012/08/09 20:47:36 UTC
svn commit: r828499 - in /websites/production/cxf/content:
cache/docs.pageCache docs/ws-securitypolicy.html
Author: buildbot
Date: Thu Aug 9 18:47:35 2012
New Revision: 828499
Log:
Production update by buildbot for cxf
Modified:
websites/production/cxf/content/cache/docs.pageCache
websites/production/cxf/content/docs/ws-securitypolicy.html
Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/cxf/content/docs/ws-securitypolicy.html
==============================================================================
--- websites/production/cxf/content/docs/ws-securitypolicy.html (original)
+++ websites/production/cxf/content/docs/ws-securitypolicy.html Thu Aug 9 18:47:35 2012
@@ -170,7 +170,7 @@ Apache CXF -- WS-SecurityPolicy
<h4><a shape="rect" name="WS-SecurityPolicy-NonbooleanWSSecurityConfigurationparameters"></a>Non-boolean WS-Security Configuration parameters</h4>
<div class="table-wrap">
-<table class="confluenceTable"><tbody><tr><td colspan="1" rowspan="1" class="confluenceTd"> ws-security.timestamp.timeToLive </td><td colspan="1" rowspan="1" class="confluenceTd"> The time in seconds to append to the Creation value of an incoming Timestamp to determine whether to accept the Timestamp as valid or not. The default value is 300 seconds (5 minutes).</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> ws-security.timestamp.futureTimeToLive </td><td colspan="1" rowspan="1" class="confluenceTd"> The time in seconds in the future within which the Created time of an incoming Timestamp is valid. The default value is "60". See <a shape="rect" href="http://cxf.apache.org/javadoc/latest/org/apache/cxf/ws/security/SecurityConstants.html#TIMESTAMP_FUTURE_TTL">here</a> for more information.</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> ws-security.saml-role-attributename </td><td colspan="1" rowspan="1" class="confluenceTd"> The attribute URI of
the SAML AttributeStatement where the role information is stored. The default is "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role".</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> ws-security.kerberos.client </td><td colspan="1" rowspan="1" class="confluenceTd"> A reference to the <a shape="rect" class="external-link" href="http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java?view=markup">KerberosClient</a> class used to obtain a service ticket.</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> ws-security.spnego.client.action </td><td colspan="1" rowspan="1" class="confluenceTd"> The <a shape="rect" class="external-link" href="http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/spnego/SpnegoClientAction.html">SpnegoClientAction</a> implementation to use for SPNEGO. This allows the user to plug in a different implementation to obtain a service ticket.</td></tr>
<tr><td colspan="1" rowspan="1" class="confluenceTd"> ws-security.kerberos.jaas.context </td><td colspan="1" rowspan="1" class="confluenceTd"> The JAAS Context name to use for Kerberos. This is currently only supported for SPNEGO.</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> ws-security.kerberos.spn </td><td colspan="1" rowspan="1" class="confluenceTd"> The Kerberos Service Provider Name (spn) to use. This is currently only supported for SPNEGO.</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> ws-security.nonce.cache.instance </td><td colspan="1" rowspan="1" class="confluenceTd"> This holds a reference to a <a shape="rect" class="external-link" href="http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/cache/ReplayCache.html">ReplayCache</a> instance used to cache UsernameToken nonces. The default instance that is used is the <a shape="rect" class="external-link" href="http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/or
g/apache/cxf/ws/security/cache/EHCacheReplayCache.java?view=markup">EHCacheReplayCache</a>.</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> ws-security.timestamp.cache.instance </td><td colspan="1" rowspan="1" class="confluenceTd"> This holds a reference to a <a shape="rect" class="external-link" href="http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/cache/ReplayCache.html">ReplayCache</a> instance used to cache Timestamp Created Strings. The default instance that is used is the <a shape="rect" class="external-link" href="http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/cache/EHCacheReplayCache.java?view=markup">EHCacheReplayCache</a>.</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> ws-security.cache.config.file </td><td colspan="1" rowspan="1" class="confluenceTd"> Set this property to point to a configuration file for the underlying caching implementation. The default configuration file th
at is used is <a shape="rect" class="external-link" href="http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/resources/cxf-ehcache.xml?view=markup">cxf-ehcache.xml</a> in the cxf-rt-ws-security module.</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> org.apache.cxf.ws.security.tokenstore.TokenStore </td><td colspan="1" rowspan="1" class="confluenceTd"> The <a shape="rect" class="external-link" href="http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java?view=markup">TokenStore</a> instance to use to cache security tokens. By default this uses the <a shape="rect" class="external-link" href="http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStore.java?view=markup">EHCacheTokenStore</a> if EhCache is available. Otherwise it uses the <a shape="rect" class="external-link" href="http://svn.apache.org/viewvc/cxf/trunk/rt/w
s/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java?view=markup">MemoryTokenStore</a>.</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> ws-security.subject.cert.constraints </td><td colspan="1" rowspan="1" class="confluenceTd"> A comma separated String of regular expressions which will be applied to the subject DN of the certificate used for signature validation, after trust verification of the certificate chain associated with the certificate. These constraints are not used when the certificate is contained in the keystore (direct trust). </td></tr></tbody></table>
+<table class="confluenceTable"><tbody><tr><td colspan="1" rowspan="1" class="confluenceTd"> ws-security.timestamp.timeToLive </td><td colspan="1" rowspan="1" class="confluenceTd"> The time in seconds to append to the Creation value of an incoming Timestamp to determine whether to accept the Timestamp as valid or not. The default value is 300 seconds (5 minutes).</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> ws-security.timestamp.futureTimeToLive </td><td colspan="1" rowspan="1" class="confluenceTd"> The time in seconds in the future within which the Created time of an incoming Timestamp is valid. The default value is "60". See <a shape="rect" href="http://cxf.apache.org/javadoc/latest/org/apache/cxf/ws/security/SecurityConstants.html#TIMESTAMP_FUTURE_TTL">here</a> for more information.</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> ws-security.saml-role-attributename </td><td colspan="1" rowspan="1" class="confluenceTd"> The attribute URI of
the SAML AttributeStatement where the role information is stored. The default is "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role".</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> ws-security.kerberos.client </td><td colspan="1" rowspan="1" class="confluenceTd"> A reference to the <a shape="rect" class="external-link" href="http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java?view=markup">KerberosClient</a> class used to obtain a service ticket.</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> ws-security.spnego.client.action </td><td colspan="1" rowspan="1" class="confluenceTd"> The <a shape="rect" class="external-link" href="http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/spnego/SpnegoClientAction.html">SpnegoClientAction</a> implementation to use for SPNEGO. This allows the user to plug in a different implementation to obtain a service ticket.</td></tr>
<tr><td colspan="1" rowspan="1" class="confluenceTd"> ws-security.kerberos.jaas.context </td><td colspan="1" rowspan="1" class="confluenceTd"> The JAAS Context name to use for Kerberos. This is currently only supported for SPNEGO.</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> ws-security.kerberos.spn </td><td colspan="1" rowspan="1" class="confluenceTd"> The Kerberos Service Provider Name (spn) to use. This is currently only supported for SPNEGO.</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> ws-security.nonce.cache.instance </td><td colspan="1" rowspan="1" class="confluenceTd"> This holds a reference to a <a shape="rect" class="external-link" href="http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/cache/ReplayCache.html">ReplayCache</a> instance used to cache UsernameToken nonces. The default instance that is used is the <a shape="rect" class="external-link" href="http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/or
g/apache/cxf/ws/security/cache/EHCacheReplayCache.java?view=markup">EHCacheReplayCache</a>.</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> ws-security.timestamp.cache.instance </td><td colspan="1" rowspan="1" class="confluenceTd"> This holds a reference to a <a shape="rect" class="external-link" href="http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/cache/ReplayCache.html">ReplayCache</a> instance used to cache Timestamp Created Strings. The default instance that is used is the <a shape="rect" class="external-link" href="http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/cache/EHCacheReplayCache.java?view=markup">EHCacheReplayCache</a>.</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> ws-security.cache.config.file </td><td colspan="1" rowspan="1" class="confluenceTd"> Set this property to point to a configuration file for the underlying caching implementation. The default configuration file th
at is used is <a shape="rect" class="external-link" href="http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/resources/cxf-ehcache.xml?view=markup">cxf-ehcache.xml</a> in the cxf-rt-ws-security module.</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> org.apache.cxf.ws.security.tokenstore.TokenStore </td><td colspan="1" rowspan="1" class="confluenceTd"> The <a shape="rect" class="external-link" href="http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java?view=markup">TokenStore</a> instance to use to cache security tokens. By default this uses the <a shape="rect" class="external-link" href="http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStore.java?view=markup">EHCacheTokenStore</a> if EhCache is available. Otherwise it uses the <a shape="rect" class="external-link" href="http://svn.apache.org/viewvc/cxf/trunk/rt/w
s/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java?view=markup">MemoryTokenStore</a>.</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> ws-security.subject.cert.constraints </td><td colspan="1" rowspan="1" class="confluenceTd"> A comma separated String of regular expressions which will be applied to the subject DN of the certificate used for signature validation, after trust verification of the certificate chain associated with the certificate. These constraints are not used when the certificate is contained in the keystore (direct trust). </td></tr></tbody></table>
</div>