You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2014/02/14 19:09:13 UTC
svn commit: r1568418 - in /webservices/wss4j/site/src/site/xdoc:
migration.xml newfeatures20.xml user_guide.xml
Author: coheigea
Date: Fri Feb 14 18:09:13 2014
New Revision: 1568418
URL: http://svn.apache.org/r1568418
Log:
More updates to the user guide
Added:
webservices/wss4j/site/src/site/xdoc/newfeatures20.xml
Modified:
webservices/wss4j/site/src/site/xdoc/migration.xml
webservices/wss4j/site/src/site/xdoc/user_guide.xml
Modified: webservices/wss4j/site/src/site/xdoc/migration.xml
URL: http://svn.apache.org/viewvc/webservices/wss4j/site/src/site/xdoc/migration.xml?rev=1568418&r1=1568417&r2=1568418&view=diff
==============================================================================
--- webservices/wss4j/site/src/site/xdoc/migration.xml (original)
+++ webservices/wss4j/site/src/site/xdoc/migration.xml Fri Feb 14 18:09:13 2014
@@ -406,6 +406,16 @@ WSHandlerConstants.ALLOW_RSA15_KEY_TRANS
</p>
</subsection>
+<subsection name="InclusiveNamespaces PrefixList change">
+<p>
+In WSS4J 1.6.x, when BSP Compliance was switched off on the outbound side, it
+had the effect that an InclusiveNamespaces PrefixList was not generated as a
+CanonicalizationMethod child of a Signature Element (as required by the BSP
+specification). In WSS4J 2.0.0, this is now controlled by a separate
+configuration tag "addInclusivePrefixes", which defaults to true.
+</p>
+</subsection>
+
</section>
</body>
</document>
Added: webservices/wss4j/site/src/site/xdoc/newfeatures20.xml
URL: http://svn.apache.org/viewvc/webservices/wss4j/site/src/site/xdoc/newfeatures20.xml?rev=1568418&view=auto
==============================================================================
--- webservices/wss4j/site/src/site/xdoc/newfeatures20.xml (added)
+++ webservices/wss4j/site/src/site/xdoc/newfeatures20.xml Fri Feb 14 18:09:13 2014
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<document>
+<body>
+<section name="New features available in Apache WSS4J 2.0.0">
+
+<subsection name="Overview of new features">
+<p>
+Apache WSS4J 2.0.0 delivers the following major new features:
+</p>
+<ul>
+<li>Support for a <a href="streaming.html">streaming</a> (StAX) based
+WS-Security implementation that covers all of the main specifications.</li>
+<li>A WS-SecurityPolicy model that can be shared between both DOM + StAX
+implementations.</li>
+<li>Support for "real-time" WS-SecurityPolicy validation for the StAX
+implementation.</li>
+<li>Support for the SOAP with Attachments (SWA) Profile 1.1 specification.</li>
+<li>Support for caching based on EhCache.</li>
+<li>Support for encrypting passwords in Crypto properties files using Jasypt.
+</li>
+</ul>
+</subsection>
+
+<subsection name="Miscellaneous new features">
+<p>
+Support was added in WSS4J 1.6.x to obtain a Kerberos ticket from a KDC (Key
+Distribution Center) and include it in the security header of a request, as
+well as to process the received token. However, there was no built-in way to
+extract the secret key from the ticket to secure the request. Instead it was
+up to the user to plug in a custom "KerberosTokenDecoder" implementation to
+support this behaviour. In WSS4J 2.0.0, a default KerberosTokenDecoder
+implementation is provided, and so WSS4J now supports signing/encrypting using
+Kerberos tokens by default.
+</p>
+<p>
+A new "CustomToken" Action is defined in WSS4J 2.0.0. If this action is
+defined, a token (DOM Element) will be retrieved from a CallbackHandler via
+WSPasswordCallback.Usage.CUSTOM_TOKEN and written out as is in the security
+header. This provides for an easy way to write out tokens that have been
+retrieved out of band. Another related new feature is the ability to associate
+an action with a particular set of keys/algorithms. This means that it is now
+possible to configure two different Signature actions, that use different
+keys/algorithms.
+</p>
+<p>
+Support for enforcing the Basic Security Profile (BSP) 1.1 specification was
+added in WSS4J 1.6.x. In WSS4J 2.0.0, it is possible to disable individual
+BSP Rules for a non-compliant request, instead of having to disable BSP
+enforcement altogether as for WSS4J 1.6.x. The RequestData class has a
+setIgnoredBSPRules method, that takes a list of BSPRule Objects as an argument.
+The BSPRule class contains a complete list of Basic Security Profile rules
+that are enforced in WSS4J.
+</p>
+<p>
+WSS4J 2.0.0 now enforces the SubjectConfirmation requirements of an inbound
+SAML Token, instead of leaving it to the web services stack. For
+sender-vouches, a Signature must be present that covers both the SOAP Body and
+the SAML Assertion. For holder-of-key, a Signature must be present that signs
+some part of the SOAP request using the key information contained in the SAML
+Subject. Note that a Signature can be either a message or transport level
+Signature (i.e. using TLS is acceptable). A new configuration tag is defined
+that allows the user to switch off this validation if required
+(ConfigurationConstants.VALIDATE_SAML_SUBJECT_CONFIRMATION -
+"validateSamlSubjectConfirmation").
+</p>
+
+</subsection>
+
+</section>
+</body>
+</document>
Modified: webservices/wss4j/site/src/site/xdoc/user_guide.xml
URL: http://svn.apache.org/viewvc/webservices/wss4j/site/src/site/xdoc/user_guide.xml?rev=1568418&r1=1568417&r2=1568418&view=diff
==============================================================================
--- webservices/wss4j/site/src/site/xdoc/user_guide.xml (original)
+++ webservices/wss4j/site/src/site/xdoc/user_guide.xml Fri Feb 14 18:09:13 2014
@@ -9,10 +9,11 @@ by WSS4J and how to configure it.
<ul>
<li><a href="using.html">Using Apache WSS4J</a></li>
<li><a href="config.html">WSS4J Configuration</a></li>
-<li><a href="topics.html">Special Topics</a></li>
+<li><a href="newfeatures20.html">WSS4J 2.0.0 New Features</a></li>
<li><a href="streaming.html">Streaming WS-Security support</a></li>
<li><a href="migration.html">WSS4J 2.0.0 Migration Guide</a></li>
<li><a href="wss4j16.html">WSS4J 1.6.0 Migration Guide</a></li>
+<li><a href="topics.html">Special Topics</a></li>
<li><a href="best_practice.html">Security Best Practices</a></li>
<li><a href="resources.html">Further Resources</a></li>
</ul>