You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2012/08/01 17:39:00 UTC

svn commit: r1368060 - /cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java

Author: coheigea
Date: Wed Aug  1 15:39:00 2012
New Revision: 1368060

URL: http://svn.apache.org/viewvc?rev=1368060&view=rev
Log:
Merged revisions 1368015 via  git cherry-pick from
https://svn.apache.org/repos/asf/cxf/trunk

........
  r1368015 | coheigea | 2012-08-01 15:24:01 +0100 (Wed, 01 Aug 2012) | 2 lines

  More updates to WS-SecurityPolicy configuration

........

Conflicts:

	rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java


Conflicts:

	rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java

Modified:
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=1368060&r1=1368059&r2=1368060&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java Wed Aug  1 15:39:00 2012
@@ -123,17 +123,27 @@ public final class SecurityConstants {
     public static final String ENCRYPT_CRYPTO = "ws-security.encryption.crypto";
     
     //
-    // Boolean WS-Security configuration tags, e.g. the value should be "true" or "false".
+    // Boolean configuration tags, e.g. the value should be "true" or "false".
     //
     
+    /**
+     * Whether to validate the password of a received UsernameToken or not. The default is true.
+     */
     public static final String VALIDATE_TOKEN = "ws-security.validate.token";
     
+    /**
+     * Whether to enable Certificate Revocation List (CRL) checking or not when verifying trust 
+     * in a certificate. The default value is "false".
+     */
     public static final String ENABLE_REVOCATION = "ws-security.enableRevocation";
     
-    //WebLogic and WCF always encrypt UsernameTokens whenever possible
+    // WebLogic and WCF always encrypt UsernameTokens whenever possible
     //See:  http://e-docs.bea.com/wls/docs103/webserv_intro/interop.html
     //Be default, we will encrypt as well for interop reasons.  However, this
-    //setting can be set to false to turn that off. 
+    //setting can be set to false to turn that off.
+    /**
+     * Whether to always encrypt UsernameTokens whenever possible. The default is true.
+     */
     public static final String ALWAYS_ENCRYPT_UT = "ws-security.username-token.always.encrypted";
     
     /**
@@ -143,27 +153,24 @@ public final class SecurityConstants {
     public static final String IS_BSP_COMPLIANT = "ws-security.is-bsp-compliant";
     
     /**
-     * This configuration tag specifies whether to self-sign a SAML Assertion or not. If this
-     * is set to true, then an enveloped signature will be generated when the SAML Assertion is
-     * constructed. The default is false.
+     * Whether to self-sign a SAML Assertion or not. If this is set to true, then an enveloped signature 
+     * will be generated when the SAML Assertion is constructed. The default is false.
      */
     public static final String SELF_SIGN_SAML_ASSERTION = "ws-security.self-sign-saml-assertion";
     
     /**
-     * Set this to "false" to not cache UsernameToken nonces. The default value is "true" for
-     * message recipients, and "false" for message initiators. Set it to true to cache for
-     * both cases.
+     * Whether to cache UsernameToken nonces. The default value is "true" for message recipients, and 
+     * "false" for message initiators. Set it to true to cache for both cases. Set this to "false" to
+     * not cache UsernameToken nonces. 
      */
-    public static final String ENABLE_NONCE_CACHE = 
-        "ws-security.enable.nonce.cache";
+    public static final String ENABLE_NONCE_CACHE = "ws-security.enable.nonce.cache";
     
     /**
-     * Set this to "false" to not cache Timestamp Created Strings (these are only cached in 
-     * conjunction with a message Signature). The default value is "true" for message recipients, 
-     * and "false" for message initiators. Set it to true to cache for both cases.
+     * Whether to cache Timestamp Created Strings (these are only cached in conjunction with a message 
+     * Signature).The default value is "true" for message recipients, and "false" for message initiators.
+     * Set it to true to cache for both cases. Set this to "false" to not cache Timestamp Created Strings.
      */
-    public static final String ENABLE_TIMESTAMP_CACHE = 
-        "ws-security.enable.timestamp.cache";
+    public static final String ENABLE_TIMESTAMP_CACHE = "ws-security.enable.timestamp.cache";
     
     //
     // (Non-boolean) Configuration parameters
@@ -266,6 +273,16 @@ public final class SecurityConstants {
         "ws-security.cache.issued.token.in.endpoint";
     
     /**
+<<<<<<< HEAD
+=======
+     * Set this property to avoid STS client trying send WS-MetadataExchange call using
+     * STS EPR WSA address when the endpoint contract contains no WS-MetadataExchange info.
+     */
+    public static final String DISABLE_STS_CLIENT_WSMEX_CALL_USING_EPR_ADDRESS =
+        "ws-security.sts.disable-wsmex-call-using-epr-address";
+    
+    /**
+>>>>>>> 0d7ae81... Merged revisions 1368015 via  git cherry-pick from
      * WCF's trust server sometimes will encrypt the token in the response IN ADDITION TO
      * the full security on the message. These properties control the way the STS client
      * will decrypt the EncryptedData elements in the response
@@ -292,19 +309,23 @@ public final class SecurityConstants {
     
     static {
         Set<String> s = new HashSet<String>(Arrays.asList(new String[] {
-            USERNAME, PASSWORD, CALLBACK_HANDLER, 
-            SIGNATURE_USERNAME, SIGNATURE_PROPERTIES, SIGNATURE_CRYPTO,
-            ENCRYPT_USERNAME, ENCRYPT_PROPERTIES, ENCRYPT_CRYPTO,
-            TOKEN, TOKEN_ID, STS_CLIENT, STS_TOKEN_PROPERTIES, STS_TOKEN_CRYPTO,
-            STS_TOKEN_DO_CANCEL, TIMESTAMP_TTL, ALWAYS_ENCRYPT_UT,
+            USERNAME, PASSWORD, SIGNATURE_USERNAME, ENCRYPT_USERNAME,
+            CALLBACK_HANDLER, SAML_CALLBACK_HANDLER, SIGNATURE_PROPERTIES, 
+            SIGNATURE_CRYPTO, ENCRYPT_PROPERTIES, ENCRYPT_CRYPTO,
+            VALIDATE_TOKEN, ENABLE_REVOCATION, ALWAYS_ENCRYPT_UT, IS_BSP_COMPLIANT, 
+            SELF_SIGN_SAML_ASSERTION, ENABLE_NONCE_CACHE, ENABLE_TIMESTAMP_CACHE,
+            STS_CLIENT, STS_TOKEN_PROPERTIES, STS_TOKEN_CRYPTO,
+            STS_TOKEN_DO_CANCEL, TIMESTAMP_TTL, 
             STS_TOKEN_ACT_AS, STS_TOKEN_USERNAME, STS_TOKEN_USE_CERT_FOR_KEYINFO,
             SAML1_TOKEN_VALIDATOR, SAML2_TOKEN_VALIDATOR, TIMESTAMP_TOKEN_VALIDATOR,
-            SIGNATURE_TOKEN_VALIDATOR, IS_BSP_COMPLIANT, TIMESTAMP_FUTURE_TTL,
+            SIGNATURE_TOKEN_VALIDATOR, TIMESTAMP_FUTURE_TTL,
             BST_TOKEN_VALIDATOR, SAML_CALLBACK_HANDLER, STS_TOKEN_ON_BEHALF_OF,
             KERBEROS_CLIENT, SCT_TOKEN_VALIDATOR, CACHE_ISSUED_TOKEN_IN_ENDPOINT,
             KERBEROS_JAAS_CONTEXT_NAME, KERBEROS_SPN, SPNEGO_CLIENT_ACTION,
-            ENABLE_NONCE_CACHE, NONCE_CACHE_INSTANCE, ENABLE_TIMESTAMP_CACHE,
-            TIMESTAMP_CACHE_INSTANCE, CACHE_CONFIG_FILE, SUBJECT_CERT_CONSTRAINTS
+            NONCE_CACHE_INSTANCE, 
+            TIMESTAMP_CACHE_INSTANCE, CACHE_CONFIG_FILE, DISABLE_STS_CLIENT_WSMEX_CALL_USING_EPR_ADDRESS,
+            SUBJECT_CERT_CONSTRAINTS,
+            TOKEN, TOKEN_ID
         }));
         ALL_PROPERTIES = Collections.unmodifiableSet(s);
     }