[jboss-cvs] JBossAS SVN: r83682 - projects/security/security-negotiation/branches/Branch_2_0/docs/userguide/en/modules.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Fri Jan 30 08:52:42 EST 2009
Author: darran.lofthouse at jboss.com
Date: 2009-01-30 08:52:42 -0500 (Fri, 30 Jan 2009)
New Revision: 83682
Modified:
projects/security/security-negotiation/branches/Branch_2_0/docs/userguide/en/modules/general_installation.xml
Log:
[SECURITY-279] Documentation second pass updates.
Modified: projects/security/security-negotiation/branches/Branch_2_0/docs/userguide/en/modules/general_installation.xml
===================================================================
--- projects/security/security-negotiation/branches/Branch_2_0/docs/userguide/en/modules/general_installation.xml 2009-01-30 13:29:34 UTC (rev 83681)
+++ projects/security/security-negotiation/branches/Branch_2_0/docs/userguide/en/modules/general_installation.xml 2009-01-30 13:52:42 UTC (rev 83682)
@@ -78,7 +78,7 @@
<![CDATA[
<java:property>
<java:key>SPNEGO</java:key>
- <java:value>org.jboss.security.negotiation.spnego.SPNEGOAuthenticator</java:value>
+ <java:value>org.jboss.security.negotiation.NegotiationAuthenticator</java:value>
</java:property>
]]>
</programlisting>
@@ -91,7 +91,20 @@
</para>
</tip>
+ <warning>
+ <para>
+ If you have been using the Beta releases then you may have
+ been using the authenticator called
+ <code>
+ org.jboss.security.negotiation.spnego.SPNEGOAuthenticator
+ </code>
+ this authenticator is now deprecated and will be removed in a
+ future release so you should switch to the
+ NegotiationAuthenticator as shown above.
+ </para>
+ </warning>
+
<para>
The key can be any value you choose, however using SPNEGO is
recommended to be consistent with the rest of this document,
@@ -169,8 +182,7 @@
<para>
The properties service is documented in the Wiki at
- <ulink
- url="http://wiki.jboss.org/wiki/PropertiesService">
+ <ulink url="http://wiki.jboss.org/wiki/PropertiesService">
http://wiki.jboss.org/wiki/PropertiesService
</ulink>
</para>
@@ -275,7 +287,9 @@
<itemizedlist>
<listitem>
- <para>storeKey - cache the key obtained locally</para>
+ <para>
+ storeKey - cache the private key within the Subject.
+ </para>
</listitem>
<listitem>
<para>
@@ -315,6 +329,15 @@
</para>
</note>
+ <caution>
+ <para>
+ The Krb5LoginModule does have an option to be configured to
+ use a local credentials cache, this should be avoided as it is
+ incompatible with the storKey option which is required for
+ SPNEGO negotiation.
+ </para>
+ </caution>
+
</section>
<section>
@@ -323,8 +346,8 @@
<para>
The application also requires it's own security domain to be
defined with a login module to work in connection with the
- SPNEGOAuthenticator and a second login module to load the roles
- of the authenticated user.
+ NegotiationAuthenticator and a second login module to load the
+ roles of the authenticated user.
</para>
<para>An example security domain is shown below.</para>
More information about the jboss-cvs-commits
mailing list