svn commit: r1305043 - in /axis/axis1/java/trunk: docs/security.html src/site/xdoc/security.xml
Author: veithen Date: Sun Mar 25 14:16:48 2012 New Revision: 1305043 URL: http://svn.apache.org/viewvc?rev=1305043&view=rev Log: Migrated a document to the new Axis site. Added: axis/axis1/java/trunk/src/site/xdoc/security.xml - copied, changed from r1304929, webservices/axis/trunk/site/src/java/src/documentation/content/xdocs/java/security.xml Removed: axis/axis1/java/trunk/docs/security.html Copied: axis/axis1/java/trunk/src/site/xdoc/security.xml (from r1304929, webservices/axis/trunk/site/src/java/src/documentation/content/xdocs/java/security.xml) URL: http://svn.apache.org/viewvc/axis/axis1/java/trunk/src/site/xdoc/security.xml?p2=axis/axis1/java/trunk/src/site/xdoc/security.xml&p1=webservices/axis/trunk/site/src/java/src/documentation/content/xdocs/java/security.xml&r1=1304929&r2=1305043&rev=1305043&view=diff == --- webservices/axis/trunk/site/src/java/src/documentation/content/xdocs/java/security.xml (original) +++ axis/axis1/java/trunk/src/site/xdoc/security.xml Sun Mar 25 14:16:48 2012 @@ -1,61 +1,37 @@  - - - -WebServices - Axis - + +http://maven.apache.org/XDOC/2.0"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="http://maven.apache.org/XDOC/2.0 http://maven.apache.org/xsd/xdoc-2.0.xsd";> + +Web Service Security + - - -Web Service Security - - - -Table of Contents + - - The challenge of server security - Is SOAP fundamentally insecure? - Common Attack Types - -Special XML attacks - - Authenticating the caller - Securing your Services - -XML attacks -Session Theft -DOS attacks via load-intensive operations -Parameter Attacks -Cross Site Scripting - - Securing Axis - -Disguise -Cut down the build -Rename things -Stop AxisServlet listing services -Keep stack traces out of the responses -Stop autogenerating WSDL -Servlets2.3UseFiltersForExtraAuthentication -Log things -Run Axis with reduced Java rights -Run the web server with reduced rights -Monitor Load -Consider 'tripwire' and 'honeypot' endpoints -Monitor the Mailing Lists - - What to do if you find a security hole in Axis - Automate Security Tests - Conclusions - + - - -The challenge of server security + A standard attack on a web site is usually that of identifying and abusing badly written CGI scripts. Anything that gives read access to the file system is a security hole, letting people get at the code behind the site, often including database passwords and other sensitive data, plus of course there are the core parts of the underlying platform, which may contain important information: passwords, credit card lists, user-private information, and the like. Unauthorized access to this data can be embarrasing and expensive. @@ -63,9 +39,7 @@ - - -Is SOAP fundamentally insecure? + Some people, such as http://www.counterpane.com/crypto-gram-0006.html";>Bruce Schneier, have claimed that SOAP is a security disaster in the making, because of its ability to punch through firewalls. However, because in SOAP over HTTP the client can only make SOAP calls, not receive them, SOAP is no more insecure than any other application which POSTs XML files to a web server. The clients are safe unless the server (or its DNS address) have been subverted; the server is vulnerable, and does need to be secured. @@ -75,9 +49,7 @@ - - -Common Attack Types + Denial of Service to a server @@ -89,11 +61,10 @@ The most significant security risk comes from the fact that you are writing code to provide functionality to calling programs. If that functionality is offered to the wrong people, or if the code you wrote creates a security hole, "unexpected functionality", then you have a problem. + There is a large body of literature which covers securing web sites, such as the http://www.owasp.org/";>Open Web Application Security Project Top Ten List of vulnerabilities, and their Guide to Building Secure Web Applications. - - -Special XML attacks + XML messages have a few intrinsic weakness, that Web Service creators should know about. None of these problems are unique to SOAP; anyone processing incoming XML needs to know and resist these. @@ -108,13 +79,11 @@ Here you declare an entity referring to The other thing to know about XML is that string matching is not enough to be sure that the content is safe, because of the many ways to reformat the same XML. - + - - -Authenticating the caller + The new Web Service security proposals offer to authenticate your callers to your end point, and vice-versa. Axis does not yet implement these, but we do support XML signatures via http://xml.apache.org/security/index.html";>a sister project. @@ -129,41 +98,31 @@ authentication stuff. Although the forms - - -Securing your Services + One
svn commit: r1305049 - in /axis/axis1/java/trunk/src/site/xdoc: overview.xml overview.xml.vm
Author: veithen
Date: Sun Mar 25 14:21:18 2012
New Revision: 1305049
URL: http://svn.apache.org/viewvc?rev=1305049&view=rev
Log:
Automatically update version numbers in the documentation.
Added:
axis/axis1/java/trunk/src/site/xdoc/overview.xml.vm
- copied, changed from r1304728,
axis/axis1/java/trunk/src/site/xdoc/overview.xml
Removed:
axis/axis1/java/trunk/src/site/xdoc/overview.xml
Copied: axis/axis1/java/trunk/src/site/xdoc/overview.xml.vm (from r1304728,
axis/axis1/java/trunk/src/site/xdoc/overview.xml)
URL:
http://svn.apache.org/viewvc/axis/axis1/java/trunk/src/site/xdoc/overview.xml.vm?p2=axis/axis1/java/trunk/src/site/xdoc/overview.xml.vm&p1=axis/axis1/java/trunk/src/site/xdoc/overview.xml&r1=1304728&r2=1305049&rev=1305049&view=diff
==
--- axis/axis1/java/trunk/src/site/xdoc/overview.xml (original)
+++ axis/axis1/java/trunk/src/site/xdoc/overview.xml.vm Sun Mar 25 14:21:18 2012
@@ -27,7 +27,7 @@
-This is the documentation for http://ws.apache.org/axis/";>Apache
Axis 1.4. If the version of Axis you are using is older or newer than this
version, then this is the wrong documentation to be using. Read the version
that came with your copy of Axis.
+This is the documentation for Apache Axis ${project.version}. If the
version of Axis you are using is older or newer than this version, then this is
the wrong documentation to be using. Read the version that came with your copy
of Axis.
svn commit: r1305072 - /axis/axis1/java/trunk/pom.xml
Author: veithen Date: Sun Mar 25 16:23:09 2012 New Revision: 1305072 URL: http://svn.apache.org/viewvc?rev=1305072&view=rev Log: Fixed the inception year. Modified: axis/axis1/java/trunk/pom.xml Modified: axis/axis1/java/trunk/pom.xml URL: http://svn.apache.org/viewvc/axis/axis1/java/trunk/pom.xml?rev=1305072&r1=1305071&r2=1305072&view=diff == --- axis/axis1/java/trunk/pom.xml (original) +++ axis/axis1/java/trunk/pom.xml Sun Mar 25 16:23:09 2012 @@ -55,7 +55,7 @@ http://mail-archives.apache.org/mod_mbox/axis-axis1-java-user/ -2001 +2000 axis axis-jaxrpc
svn commit: r1305080 - in /axis/axis1/java/trunk: axis-castor/pom.xml axis-jms/pom.xml axis-rt-transports-http-javanet/pom.xml src/site/resources/images/axis-small.png src/site/resources/images/axis.j
Author: veithen Date: Sun Mar 25 17:10:20 2012 New Revision: 1305080 URL: http://svn.apache.org/viewvc?rev=1305080&view=rev Log: Added logo and fixed Maven project names. Added: axis/axis1/java/trunk/src/site/resources/images/axis-small.png (with props) axis/axis1/java/trunk/src/site/resources/images/axis.jpg - copied unchanged from r1304929, webservices/axis/trunk/site/src/java/src/documentation/content/xdocs/java/images/axis.jpg Modified: axis/axis1/java/trunk/axis-castor/pom.xml axis/axis1/java/trunk/axis-jms/pom.xml axis/axis1/java/trunk/axis-rt-transports-http-javanet/pom.xml axis/axis1/java/trunk/src/site/site.xml Modified: axis/axis1/java/trunk/axis-castor/pom.xml URL: http://svn.apache.org/viewvc/axis/axis1/java/trunk/axis-castor/pom.xml?rev=1305080&r1=1305079&r2=1305080&view=diff == --- axis/axis1/java/trunk/axis-castor/pom.xml (original) +++ axis/axis1/java/trunk/axis-castor/pom.xml Sun Mar 25 17:10:20 2012 @@ -26,7 +26,7 @@ ../pom.xml axis-castor -Castor support +Axis :: Castor support Contains serializers and deserializers for Castor. Modified: axis/axis1/java/trunk/axis-jms/pom.xml URL: http://svn.apache.org/viewvc/axis/axis1/java/trunk/axis-jms/pom.xml?rev=1305080&r1=1305079&r2=1305080&view=diff == --- axis/axis1/java/trunk/axis-jms/pom.xml (original) +++ axis/axis1/java/trunk/axis-jms/pom.xml Sun Mar 25 17:10:20 2012 @@ -26,7 +26,7 @@ ../pom.xml axis-jms -JMS support +Axis :: JMS transport Contains the Axis JMS transport. Modified: axis/axis1/java/trunk/axis-rt-transports-http-javanet/pom.xml URL: http://svn.apache.org/viewvc/axis/axis1/java/trunk/axis-rt-transports-http-javanet/pom.xml?rev=1305080&r1=1305079&r2=1305080&view=diff == --- axis/axis1/java/trunk/axis-rt-transports-http-javanet/pom.xml (original) +++ axis/axis1/java/trunk/axis-rt-transports-http-javanet/pom.xml Sun Mar 25 17:10:20 2012 @@ -26,7 +26,7 @@ ../pom.xml axis-rt-transports-http-javanet -java.net HTTP Transport +Axis :: java.net HTTP Transport An alternative HTTP transport that uses the java.net.HttpURLConnection API. This transport only works with Java 1.5. Added: axis/axis1/java/trunk/src/site/resources/images/axis-small.png URL: http://svn.apache.org/viewvc/axis/axis1/java/trunk/src/site/resources/images/axis-small.png?rev=1305080&view=auto == Binary file - no diff available. Propchange: axis/axis1/java/trunk/src/site/resources/images/axis-small.png -- svn:mime-type = application/octet-stream Modified: axis/axis1/java/trunk/src/site/site.xml URL: http://svn.apache.org/viewvc/axis/axis1/java/trunk/src/site/site.xml?rev=1305080&r1=1305079&r2=1305080&view=diff == --- axis/axis1/java/trunk/src/site/site.xml (original) +++ axis/axis1/java/trunk/src/site/site.xml Sun Mar 25 17:10:20 2012 @@ -30,6 +30,11 @@ true + +Apache Axis +images/axis-small.png +http://axis.apache.org/axis/java + http://www.apache.org/"/>
svn commit: r1305088 - in /axis/axis1/java/trunk: pom.xml src/site/site.xml
Author: veithen Date: Sun Mar 25 18:09:00 2012 New Revision: 1305088 URL: http://svn.apache.org/viewvc?rev=1305088&view=rev Log: Configured Javadoc. Modified: axis/axis1/java/trunk/pom.xml axis/axis1/java/trunk/src/site/site.xml Modified: axis/axis1/java/trunk/pom.xml URL: http://svn.apache.org/viewvc/axis/axis1/java/trunk/pom.xml?rev=1305088&r1=1305087&r2=1305088&view=diff == --- axis/axis1/java/trunk/pom.xml (original) +++ axis/axis1/java/trunk/pom.xml Sun Mar 25 18:09:00 2012 @@ -158,6 +158,24 @@ + +org.apache.maven.plugins +maven-javadoc-plugin +2.8.1 + + +aggregate + +aggregate + + +1.4 + test.*:samples.* +apiDocs + + + + Modified: axis/axis1/java/trunk/src/site/site.xml URL: http://svn.apache.org/viewvc/axis/axis1/java/trunk/src/site/site.xml?rev=1305088&r1=1305087&r2=1305088&view=diff == --- axis/axis1/java/trunk/src/site/site.xml (original) +++ axis/axis1/java/trunk/src/site/site.xml Sun Mar 25 18:09:00 2012 @@ -48,6 +48,7 @@ +
svn commit: r1305091 - in /axis/axis1/java/trunk/maven: maven-axis-server-plugin/src/main/java/org/apache/axis/maven/ maven-axis-server-plugin/src/main/java/org/apache/axis/tools/ maven-axis-server-pl
Author: veithen Date: Sun Mar 25 18:55:24 2012 New Revision: 1305091 URL: http://svn.apache.org/viewvc?rev=1305091&view=rev Log: Renamed the Java packages of the Maven plugins for consistency with the Ant tasks. Added: axis/axis1/java/trunk/maven/maven-axis-server-plugin/src/main/java/org/apache/axis/tools/ axis/axis1/java/trunk/maven/maven-axis-server-plugin/src/main/java/org/apache/axis/tools/maven/ axis/axis1/java/trunk/maven/maven-axis-server-plugin/src/main/java/org/apache/axis/tools/maven/server/ - copied from r1304728, axis/axis1/java/trunk/maven/maven-axis-server-plugin/src/main/java/org/apache/axis/maven/server/ axis/axis1/java/trunk/maven/maven-java2wsdl-plugin/src/main/java/org/apache/axis/tools/ axis/axis1/java/trunk/maven/maven-java2wsdl-plugin/src/main/java/org/apache/axis/tools/maven/ axis/axis1/java/trunk/maven/maven-java2wsdl-plugin/src/main/java/org/apache/axis/tools/maven/java2wsdl/ - copied from r1304728, axis/axis1/java/trunk/maven/maven-java2wsdl-plugin/src/main/java/org/apache/axis/maven/java2wsdl/ axis/axis1/java/trunk/maven/maven-wsdl2java-plugin/src/main/java/org/apache/axis/tools/ axis/axis1/java/trunk/maven/maven-wsdl2java-plugin/src/main/java/org/apache/axis/tools/maven/ axis/axis1/java/trunk/maven/maven-wsdl2java-plugin/src/main/java/org/apache/axis/tools/maven/wsdl2java/ - copied from r1304728, axis/axis1/java/trunk/maven/maven-wsdl2java-plugin/src/main/java/org/apache/axis/maven/wsdl2java/ axis/axis1/java/trunk/maven/nsmap/src/main/java/org/apache/axis/tools/ axis/axis1/java/trunk/maven/nsmap/src/main/java/org/apache/axis/tools/maven/ axis/axis1/java/trunk/maven/nsmap/src/main/java/org/apache/axis/tools/maven/shared/ axis/axis1/java/trunk/maven/nsmap/src/main/java/org/apache/axis/tools/maven/shared/nsmap/ - copied from r1304728, axis/axis1/java/trunk/maven/nsmap/src/main/java/org/apache/axis/maven/shared/nsmap/ Removed: axis/axis1/java/trunk/maven/maven-axis-server-plugin/src/main/java/org/apache/axis/maven/ axis/axis1/java/trunk/maven/maven-java2wsdl-plugin/src/main/java/org/apache/axis/maven/ axis/axis1/java/trunk/maven/maven-wsdl2java-plugin/src/main/java/org/apache/axis/maven/ axis/axis1/java/trunk/maven/nsmap/src/main/java/org/apache/axis/maven/ Modified: axis/axis1/java/trunk/maven/maven-axis-server-plugin/src/main/java/org/apache/axis/tools/maven/server/AbstractServerMojo.java axis/axis1/java/trunk/maven/maven-axis-server-plugin/src/main/java/org/apache/axis/tools/maven/server/AbstractStartProcessMojo.java axis/axis1/java/trunk/maven/maven-axis-server-plugin/src/main/java/org/apache/axis/tools/maven/server/AdminClientUtils.java axis/axis1/java/trunk/maven/maven-axis-server-plugin/src/main/java/org/apache/axis/tools/maven/server/AxisServerStartAction.java axis/axis1/java/trunk/maven/maven-axis-server-plugin/src/main/java/org/apache/axis/tools/maven/server/AxisServerStopAction.java axis/axis1/java/trunk/maven/maven-axis-server-plugin/src/main/java/org/apache/axis/tools/maven/server/DefaultProcessManager.java axis/axis1/java/trunk/maven/maven-axis-server-plugin/src/main/java/org/apache/axis/tools/maven/server/FileSet.java axis/axis1/java/trunk/maven/maven-axis-server-plugin/src/main/java/org/apache/axis/tools/maven/server/ManagedProcess.java axis/axis1/java/trunk/maven/maven-axis-server-plugin/src/main/java/org/apache/axis/tools/maven/server/ProcessManager.java axis/axis1/java/trunk/maven/maven-axis-server-plugin/src/main/java/org/apache/axis/tools/maven/server/ProcessStartAction.java axis/axis1/java/trunk/maven/maven-axis-server-plugin/src/main/java/org/apache/axis/tools/maven/server/ProcessStopAction.java axis/axis1/java/trunk/maven/maven-axis-server-plugin/src/main/java/org/apache/axis/tools/maven/server/StartProcessMojo.java axis/axis1/java/trunk/maven/maven-axis-server-plugin/src/main/java/org/apache/axis/tools/maven/server/StartServerMojo.java axis/axis1/java/trunk/maven/maven-axis-server-plugin/src/main/java/org/apache/axis/tools/maven/server/StopAllMojo.java axis/axis1/java/trunk/maven/maven-axis-server-plugin/src/main/java/org/apache/axis/tools/maven/server/StreamPump.java axis/axis1/java/trunk/maven/maven-axis-server-plugin/src/main/resources/META-INF/plexus/components.xml axis/axis1/java/trunk/maven/maven-java2wsdl-plugin/src/main/java/org/apache/axis/tools/maven/java2wsdl/AbstractGenerateWsdlMojo.java axis/axis1/java/trunk/maven/maven-java2wsdl-plugin/src/main/java/org/apache/axis/tools/maven/java2wsdl/DeployMojo.java axis/axis1/java/trunk/maven/maven-java2wsdl-plugin/src/main/java/org/apache/axis/tools/maven/java2wsdl/GenerateWsdlMojo.java axis/axis1/java/trunk/maven/maven-wsdl2java-plugin/src/main/java/org/apache/axis/tools/maven/wsdl2java/AbstractWsdl2JavaMojo.java axis/axis1/java/trunk/maven/maven-wsdl2java-plugin/src/main/java/org/apache/ax
svn commit: r1305129 - in /axis/axis1/java/trunk/src/site: apt/snapshots.apt xdoc/releases.xml
Author: veithen
Date: Sun Mar 25 20:59:18 2012
New Revision: 1305129
URL: http://svn.apache.org/viewvc?rev=1305129&view=rev
Log:
Adding the snapshots.html page.
Added:
axis/axis1/java/trunk/src/site/apt/snapshots.apt
Modified:
axis/axis1/java/trunk/src/site/xdoc/releases.xml
Added: axis/axis1/java/trunk/src/site/apt/snapshots.apt
URL:
http://svn.apache.org/viewvc/axis/axis1/java/trunk/src/site/apt/snapshots.apt?rev=1305129&view=auto
==
--- axis/axis1/java/trunk/src/site/apt/snapshots.apt (added)
+++ axis/axis1/java/trunk/src/site/apt/snapshots.apt Sun Mar 25 20:59:18 2012
@@ -0,0 +1,43 @@
+~~ Licensed to the Apache Software Foundation (ASF) under one
+~~ or more contributor license agreements. See the NOTICE file
+~~ distributed with this work for additional information
+~~ regarding copyright ownership. The ASF licenses this file
+~~ to you under the Apache License, Version 2.0 (the
+~~ "License"); you may not use this file except in compliance
+~~ with the License. You may obtain a copy of the License at
+~~
+~~ http://www.apache.org/licenses/LICENSE-2.0
+~~
+~~ Unless required by applicable law or agreed to in writing,
+~~ software distributed under the License is distributed on an
+~~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+~~ KIND, either express or implied. See the License for the
+~~ specific language governing permissions and limitations
+~~ under the License.
+
+ -
+ Snapshots
+ -
+
+ Snapshot builds are created from the current source in the SVN repository.
They are assembled
+ automatically by {{{http://jenkins-ci.org/}Jenkins}} and become available a
few hours after
+ the last change. They can be downloaded from
+
{{{https://builds.apache.org/job/axis-trunk/lastSuccessfulBuild/org.apache.axis$distribution/}here}}.
+ In addition, the corresponding Maven artifacts are deployed automatically to
the Apache snapshot repository.
+ To use them as dependencies in your Maven project, add the following
repository configuration to your POM file:
+
+-
+
+
+apache.snapshots
+Apache Snapshot Repository
+http://repository.apache.org/snapshots
+
+false
+
+
+
+-
+
+ If you also want to use snapshot versions of the Maven plugins for Axis,
then you need to add that
+ repository as a <<>> as well.
\ No newline at end of file
Modified: axis/axis1/java/trunk/src/site/xdoc/releases.xml
URL:
http://svn.apache.org/viewvc/axis/axis1/java/trunk/src/site/xdoc/releases.xml?rev=1305129&r1=1305128&r2=1305129&view=diff
==
--- axis/axis1/java/trunk/src/site/xdoc/releases.xml (original)
+++ axis/axis1/java/trunk/src/site/xdoc/releases.xml Sun Mar 25 20:59:18 2012
@@ -65,7 +65,7 @@
-For nightly builds, see the Interim Drops
page.
+For nightly builds, see the Snapshots page.
