[jboss-cvs] JBossAS SVN: r83682 - projects/security/security-negotiation/branches/Branch_2_0/docs/userguide/en/modules.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Fri Jan 30 08:52:42 EST 2009 

Author: darran.lofthouse at jboss.com
Date: 2009-01-30 08:52:42 -0500 (Fri, 30 Jan 2009)
New Revision: 83682

Modified:
   projects/security/security-negotiation/branches/Branch_2_0/docs/userguide/en/modules/general_installation.xml
Log:
[SECURITY-279] Documentation second pass updates.

Modified: projects/security/security-negotiation/branches/Branch_2_0/docs/userguide/en/modules/general_installation.xml
===================================================================
--- projects/security/security-negotiation/branches/Branch_2_0/docs/userguide/en/modules/general_installation.xml	2009-01-30 13:29:34 UTC (rev 83681)
+++ projects/security/security-negotiation/branches/Branch_2_0/docs/userguide/en/modules/general_installation.xml	2009-01-30 13:52:42 UTC (rev 83682)
@@ -78,7 +78,7 @@
         <![CDATA[
 <java:property>
   <java:key>SPNEGO</java:key>
-  <java:value>org.jboss.security.negotiation.spnego.SPNEGOAuthenticator</java:value>
+  <java:value>org.jboss.security.negotiation.NegotiationAuthenticator</java:value>
 </java:property>
       ]]>
       </programlisting>
@@ -91,7 +91,20 @@
         </para>
       </tip>
 
+      <warning>
+        <para>
+          If you have been using the Beta releases then you may have
+          been using the authenticator called
+          <code>
+            org.jboss.security.negotiation.spnego.SPNEGOAuthenticator
+          </code>
+          this authenticator is now deprecated and will be removed in a
+          future release so you should switch to the
+          NegotiationAuthenticator as shown above.
+        </para>
+      </warning>
 
+
       <para>
         The key can be any value you choose, however using SPNEGO is
         recommended to be consistent with the rest of this document,
@@ -169,8 +182,7 @@
 
         <para>
           The properties service is documented in the Wiki at
-          <ulink
-            url="http://wiki.jboss.org/wiki/PropertiesService">
+          <ulink url="http://wiki.jboss.org/wiki/PropertiesService">
             http://wiki.jboss.org/wiki/PropertiesService
           </ulink>
         </para>
@@ -275,7 +287,9 @@
 
       <itemizedlist>
         <listitem>
-          <para>storeKey - cache the key obtained locally</para>
+          <para>
+            storeKey - cache the private key within the Subject.
+          </para>
         </listitem>
         <listitem>
           <para>
@@ -315,6 +329,15 @@
         </para>
       </note>
 
+      <caution>
+        <para>
+          The Krb5LoginModule does have an option to be configured to
+          use a local credentials cache, this should be avoided as it is
+          incompatible with the storKey option which is required for
+          SPNEGO negotiation.
+        </para>
+      </caution>
+
     </section>
 
     <section>
@@ -323,8 +346,8 @@
       <para>
         The application also requires it's own security domain to be
         defined with a login module to work in connection with the
-        SPNEGOAuthenticator and a second login module to load the roles
-        of the authenticated user.
+        NegotiationAuthenticator and a second login module to load the
+        roles of the authenticated user.
       </para>
 
       <para>An example security domain is shown below.</para>

More information about the jboss-cvs-commits mailing list