svn commit: r1568945 - in /webservices/wss4j/site/src/site/xdoc: migration.xml newfeatures20.xml

[co...@apache.org]

Author: coheigea
Date: Mon Feb 17 11:34:46 2014
New Revision: 1568945

URL: http://svn.apache.org/r1568945
Log:
Added Replay Attack detection section to the user guide

Modified:
    webservices/wss4j/site/src/site/xdoc/migration.xml
    webservices/wss4j/site/src/site/xdoc/newfeatures20.xml

Modified: webservices/wss4j/site/src/site/xdoc/migration.xml
URL: http://svn.apache.org/viewvc/webservices/wss4j/site/src/site/xdoc/migration.xml?rev=1568945&r1=1568944&r2=1568945&view=diff
==============================================================================
--- webservices/wss4j/site/src/site/xdoc/migration.xml (original)
+++ webservices/wss4j/site/src/site/xdoc/migration.xml Mon Feb 17 11:34:46 2014
@@ -4,7 +4,9 @@
 <section name="WSS4J 2.0.0 Migration Guide">
 <p>
 This page is a migration guide for helping Apache WSS4J 1.6.X users to migrate
-to the 2.0.X releases.
+to the 2.0.X releases. Also see the <a href="newfeatures20.html">new
+features</a> page for more information about the new functionality available in
+WSS4J 2.0.X.
 </p>
 <subsection name="Migrating to using the streaming (StAX) code">
 <p>

Modified: webservices/wss4j/site/src/site/xdoc/newfeatures20.xml
URL: http://svn.apache.org/viewvc/webservices/wss4j/site/src/site/xdoc/newfeatures20.xml?rev=1568945&r1=1568944&r2=1568945&view=diff
==============================================================================
--- webservices/wss4j/site/src/site/xdoc/newfeatures20.xml (original)
+++ webservices/wss4j/site/src/site/xdoc/newfeatures20.xml Mon Feb 17 11:34:46 2014
@@ -21,6 +21,46 @@ implementation.</li>
 </ul>
 </subsection>
 
+<subsection name="Replay Attack detection using EhCache">
+<p>
+In WSS4J 1.6.x, a "ReplayCache" interface was introduced to cache tokens to
+guard against replay attacks for the following scenarios:
+</p>
+<ul>
+<li>Signed Timestamps</li>
+<li>UsernameToken nonces</li>
+<li>SAML OneTimeUse Assertions</li>
+</ul>
+<p>
+However, replay attack detection was not "switched on" by default in WSS4J
+1.6.x. In WSS4J 2.0.x, replay attack detection is enabled by default using
+an implementation of the "ReplayCache" interface based on EhCache. The 
+following configuration tags can be used to configure caching:
+</p>
+<ul>
+<li>ConfigurationConstants.TIMESTAMP_CACHE_INSTANCE ("timestampCacheInstance"):
+This holds a reference to a ReplayCache instance used to cache Timestamp
+Created Strings. The default instance that is used is the EHCacheReplayCache.
+</li>
+<li>ConfigurationConstants.ENABLE_TIMESTAMP_CACHE ("enableTimestampCache"):
+Whether to cache Timestamp Created Strings (these are only cached in
+conjunction with a message Signature). The default value is "true".</li>
+<li>ConfigurationConstants.NONCE_CACHE_INSTANCE ("nonceCacheInstance"): This
+holds a reference to a ReplayCache instance used to cache UsernameToken
+nonces. The default instance that is used is the EHCacheReplayCache.</li>
+<li>ConfigurationConstants.ENABLE_NONCE_CACHE ("enableNonceCache"): Whether to
+cache UsernameToken nonces. The default value is "true".</li>
+<li>ConfigurationConstants. SAML_ONE_TIME_USE_CACHE_INSTANCE
+("samlOneTimeUseCacheInstance"): This holds a reference to a ReplayCache
+instance used to cache SAML2 Token Identifier Strings (if the token contains a
+OneTimeUse Condition). The default instance that is used is the
+EHCacheReplayCache.</li>
+<li>ConfigurationConstants.ENABLE_SAML_ONE_TIME_USE_CACHE
+("enableSamlOneTimeUseCache"):  Whether to cache SAML2 Token Identifiers, if
+the token contains a "OneTimeUse" Condition. The default value is "true".</li>
+</ul>
+</subsection>
+
 <subsection name="Miscellaneous new features">
 <p>
 Support was added in WSS4J 1.6.x to obtain a Kerberos ticket from a KDC (Key