You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2014/10/14 18:18:05 UTC

git commit: Reshuffling SecurityConstants

Repository: cxf
Updated Branches:
  refs/heads/master 92502a5e2 -> e3a8f6787


Reshuffling SecurityConstants


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e3a8f678
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e3a8f678
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e3a8f678

Branch: refs/heads/master
Commit: e3a8f678750ccd776be8715f552934f46603f3f9
Parents: 92502a5
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Oct 14 17:13:07 2014 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Oct 14 17:13:23 2014 +0100

----------------------------------------------------------------------
 .../cxf/ws/security/SecurityConstants.java      | 98 ++++++++++----------
 1 file changed, 51 insertions(+), 47 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/e3a8f678/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
index 6ecaee2..bc286b6 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
@@ -209,19 +209,19 @@ public final class SecurityConstants {
     public static final String RETURN_SECURITY_ERROR = "ws-security.return.security.error";
     
     /**
-     * Whether to use credential delegation or not in the KerberosClient. If this is set to "true",
-     * then it tries to get a GSSCredential Object from the Message Context using the 
-     * DELEGATED_CREDENTIAL configuration tag below, and then use this to obtain a service ticket.
-     * The default is "false".
+     * Set this to "false" in order to remove the SOAP mustUnderstand header from security headers generated based on
+     * a WS-SecurityPolicy.
+     *
+     * The default value is "true" which included the SOAP mustUnderstand header.
      */
-    public static final String KERBEROS_USE_CREDENTIAL_DELEGATION = 
-        "ws-security.kerberos.use.credential.delegation";
-    
+    public static final String MUST_UNDERSTAND = "ws-security.must-understand";
+
     /**
-     * Whether the Kerberos username is in servicename form or not. The default is "false".
+     * Set this to "false" if security context must not be created from JAAS Subject.
+     *
+     * The default value is "true".
      */
-    public static final String KERBEROS_IS_USERNAME_IN_SERVICENAME_FORM = 
-        "ws-security.kerberos.is.username.in.servicename.form";
+    public static final String SC_FROM_JAAS_SUBJECT = "ws-security.sc.jaas-subject";
     
     //
     // Non-boolean WS-Security Configuration parameters
@@ -260,27 +260,12 @@ public final class SecurityConstants {
     public static final String SAML_ROLE_ATTRIBUTENAME = "ws-security.saml-role-attributename";
     
     /**
-     * A reference to the KerberosClient class used to obtain a service ticket. 
-     */
-    public static final String KERBEROS_CLIENT = "ws-security.kerberos.client";
-    
-    /**
      * The SpnegoClientAction implementation to use for SPNEGO. This allows the user to plug in
      * a different implementation to obtain a service ticket.
      */
     public static final String SPNEGO_CLIENT_ACTION = "ws-security.spnego.client.action";
     
     /**
-     * The JAAS Context name to use for Kerberos.
-     */
-    public static final String KERBEROS_JAAS_CONTEXT_NAME = "ws-security.kerberos.jaas.context";
-    
-    /**
-     * The Kerberos Service Provider Name (spn) to use.
-     */
-    public static final String KERBEROS_SPN = "ws-security.kerberos.spn";
-    
-    /**
      * This holds a reference to a ReplayCache instance used to cache UsernameToken nonces. The
      * default instance that is used is the EHCacheReplayCache.
      */
@@ -373,6 +358,13 @@ public final class SecurityConstants {
     public static final String PASSWORD_ENCRYPTOR_INSTANCE = 
         "ws-security.password.encryptor.instance";
     
+    /**
+     * A delegated credential to use for WS-Security. Currently only a Kerberos GSSCredential
+     * Object is supported. This is used to retrieve a service ticket instead of using the
+     * client credentials.
+     */
+    public static final String DELEGATED_CREDENTIAL = "ws-security.delegated.credential";
+    
     //
     // Validator implementations for validating received security tokens
     //
@@ -550,28 +542,6 @@ public final class SecurityConstants {
     public static final String STS_TOKEN_ON_BEHALF_OF = "ws-security.sts.token.on-behalf-of";
 
     /**
-     * Set this to "false" in order to remove the SOAP mustUnderstand header from security headers generated based on
-     * a WS-SecurityPolicy.
-     *
-     * The default value is "true" which included the SOAP mustUnderstand header.
-     */
-    public static final String MUST_UNDERSTAND = "ws-security.must-understand";
-
-    /**
-     * Set this to "false" if security context must not be created from JAAS Subject.
-     *
-     * The default value is "true".
-     */
-    public static final String SC_FROM_JAAS_SUBJECT = "ws-security.sc.jaas-subject";
-    
-    /**
-     * A delegated credential to use for WS-Security. Currently only a Kerberos GSSCredential
-     * Object is supported. This is used to retrieve a service ticket instead of using the
-     * client credentials.
-     */
-    public static final String DELEGATED_CREDENTIAL = "ws-security.delegated.credential";
-    
-    /**
      * This is the value in seconds within which a token is considered to be expired by the
      * client. When a cached token (from a STS) is retrieved by the client, it is considered
      * to be expired if it will expire in a time less than the value specified by this tag.
@@ -582,6 +552,40 @@ public final class SecurityConstants {
      */
     public static final String STS_TOKEN_IMMINENT_EXPIRY_VALUE =
         "ws-security.sts.token.imminent-expiry-value";
+    
+    //
+    // Kerberos Configuration tags
+    //
+    
+    /**
+     * Whether to use credential delegation or not in the KerberosClient. If this is set to "true",
+     * then it tries to get a GSSCredential Object from the Message Context using the 
+     * DELEGATED_CREDENTIAL configuration tag below, and then use this to obtain a service ticket.
+     * The default is "false".
+     */
+    public static final String KERBEROS_USE_CREDENTIAL_DELEGATION = 
+        "ws-security.kerberos.use.credential.delegation";
+    
+    /**
+     * Whether the Kerberos username is in servicename form or not. The default is "false".
+     */
+    public static final String KERBEROS_IS_USERNAME_IN_SERVICENAME_FORM = 
+        "ws-security.kerberos.is.username.in.servicename.form";
+    
+    /**
+     * The JAAS Context name to use for Kerberos.
+     */
+    public static final String KERBEROS_JAAS_CONTEXT_NAME = "ws-security.kerberos.jaas.context";
+    
+    /**
+     * The Kerberos Service Provider Name (spn) to use.
+     */
+    public static final String KERBEROS_SPN = "ws-security.kerberos.spn";
+    
+    /**
+     * A reference to the KerberosClient class used to obtain a service ticket. 
+     */
+    public static final String KERBEROS_CLIENT = "ws-security.kerberos.client";
 
     //
     // Internal tags