You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by ow...@apache.org on 2013/09/09 23:46:14 UTC
svn commit: r1521297 - in /cxf/fediz/trunk/services/idp/src/main:
java/org/apache/cxf/fediz/service/idp/beans/
java/org/apache/cxf/fediz/service/idp/util/ webapp/WEB-INF/
Author: owulff
Date: Mon Sep 9 21:46:14 2013
New Revision: 1521297
URL: http://svn.apache.org/r1521297
Log:
Applies Thierry's cleanup patch. Thanks
Modified:
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/HomeRealmReminder.java
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/LogoutAction.java
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/WfreshParser.java
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/WebUtils.java
cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml
cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/federation-signin-request.xml
cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/federation-signin-response.xml
cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml
cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realma.xml
cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realmb.xml
cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-servlet.xml
cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/security-config.xml
Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/HomeRealmReminder.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/HomeRealmReminder.java?rev=1521297&r1=1521296&r2=1521297&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/HomeRealmReminder.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/HomeRealmReminder.java Mon Sep 9 21:46:14 2013
@@ -29,11 +29,6 @@ public class HomeRealmReminder {
public static final String FEDIZ_HOME_REALM = "FEDIZ_HOME_REALM";
-
-// public boolean alreadyAuthenticated() {
-// return SecurityContextHolder.getContext().getAuthentication().isAuthenticated();
-// }
-
public Cookie readCookie(RequestContext requestContext) {
return WebUtils.readCookie(requestContext, FEDIZ_HOME_REALM);
}
Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/LogoutAction.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/LogoutAction.java?rev=1521297&r1=1521296&r2=1521297&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/LogoutAction.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/LogoutAction.java Mon Sep 9 21:46:14 2013
@@ -27,10 +27,9 @@ import org.springframework.security.core
import org.springframework.webflow.execution.RequestContext;
/**
- * This class is responsible to invalidate IDP session.
+ * This class is responsible to clear security context and invalidate IDP session.
*/
-
public class LogoutAction {
private static final Logger LOG = LoggerFactory.getLogger(LogoutAction.class);
Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java?rev=1521297&r1=1521296&r2=1521297&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java Mon Sep 9 21:46:14 2013
@@ -264,8 +264,6 @@ public class STSClientAction {
}
private SecurityToken getSecurityToken(RequestContext context) throws ProcessingException {
-// String whr = (String) WebUtils.
-// getAttributeFromExternalContext(context, FederationConstants.PARAM_HOME_REALM);
String whr = (String) WebUtils.
getAttributeFromFlowScope(context, FederationConstants.PARAM_HOME_REALM);
SecurityToken idpToken = null;
@@ -305,21 +303,6 @@ public class STSClientAction {
}
}
- /**
- * Usage of 'wfresh' parameter, picked up from the webflow context,
- * like time-to-live of security token to be issued..
- */
-// private void configureTTL(STSClient sts, RequestContext requestContext) {
-// String wfresh = (String)WebUtils.getAttributeFromExternalContext(requestContext, "wfresh");
-// if (wfresh != null) {
-// int ttl = Integer.parseInt(wfresh);
-// if (ttl > 0) {
-// sts.setTtl(ttl * 60);
-// sts.setEnableLifetime(true);
-// }
-// }
-// }
-
private void addClaims(STSClient sts, List<RequestClaim> requestClaimList)
throws ParserConfigurationException, XMLStreamException {
Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/WfreshParser.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/WfreshParser.java?rev=1521297&r1=1521296&r2=1521297&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/WfreshParser.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/WfreshParser.java Mon Sep 9 21:46:14 2013
@@ -32,7 +32,6 @@ import org.springframework.webflow.execu
public class WfreshParser {
-// private static final String IDP_CONFIG = "idpConfig";
private static final Logger LOG = LoggerFactory
.getLogger(WfreshParser.class);
@@ -41,10 +40,8 @@ public class WfreshParser {
SecurityToken idpToken =
(SecurityToken) WebUtils.getAttributeFromExternalContext(context, whr);
-// if ("1".equals(wfresh)) {
if (idpToken.isExpired()) {
LOG.info("[IDP_TOKEN=" + idpToken.getId() + "] is expired.");
-// forceFurtherAuthentication(context, whr, idpToken);
return true;
}
@@ -70,7 +67,6 @@ public class WfreshParser {
+ idpToken.getId()
+ "] is valid but relying party requested new authentication caused by wfresh="
+ wfresh + " outdated.");
-// forceFurtherAuthentication(context, whr, idpToken);
return true;
}
} else {
@@ -82,20 +78,4 @@ public class WfreshParser {
return false;
}
-// private void forceFurtherAuthentication(RequestContext context, String whr, SecurityToken idpToken) {
-// if (isThisRealm(context, whr)) {
-// SecurityContextHolder.clearContext();
-// LOG.info("Security context has been cleared");
-// WebUtils.removeAttributeFromExternalContext(context, whr);
-// LOG.info("[IDP_TOKEN=" + idpToken.getId() + "] has been uncached.");
-// }
-// }
-//
-// private boolean isThisRealm(RequestContext context, String whr) {
-// IDPConfig idpConfig = (IDPConfig)WebUtils.getAttributeFromFlowScope(context, IDP_CONFIG);
-// if (idpConfig.getRealm().equals(whr)) {
-// return true;
-// }
-// return false;
-// }
}
Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/WebUtils.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/WebUtils.java?rev=1521297&r1=1521296&r2=1521297&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/WebUtils.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/WebUtils.java Mon Sep 9 21:46:14 2013
@@ -83,16 +83,11 @@ public final class WebUtils {
public static void putAttribute(final RequestContext context,
final String attributeKey, final Object attributeValue,
boolean storeInSession) {
- // Object oldValue = null;
if (storeInSession) {
- // oldValue = getAttributeFromExternalContext(context,
- // attributeKey);
putAttributeInExternalContext(context, attributeKey, attributeValue);
} else {
- // oldValue = getAttributeFromRequestScope(context, attributeKey);
putAttributeInRequestScope(context, attributeKey, attributeValue);
}
- // return oldValue;
}
public static Object getAttributeFromRequestScope(
Modified: cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml?rev=1521297&r1=1521296&r2=1521297&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml (original)
+++ cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml Mon Sep 9 21:46:14 2013
@@ -1,11 +1,29 @@
<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:cxf="http://cxf.apache.org/core" xmlns:jaxws="http://cxf.apache.org/jaxws"
- xmlns:test="http://apache.org/hello_world_soap_http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:util="http://www.springframework.org/schema/util" xmlns:http="http://cxf.apache.org/transports/http/configuration"
- xmlns:sec="http://cxf.apache.org/configuration/security"
- xmlns:context="http://www.springframework.org/schema/context"
- xsi:schemaLocation="
+ xmlns:cxf="http://cxf.apache.org/core" xmlns:jaxws="http://cxf.apache.org/jaxws"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:util="http://www.springframework.org/schema/util" xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xsi:schemaLocation="
http://cxf.apache.org/core
http://cxf.apache.org/schemas/core.xsd
http://www.springframework.org/schema/beans
@@ -22,30 +40,27 @@
http://cxf.apache.org/schemas/configuration/security.xsd">
<context:property-placeholder location="classpath:realm.properties"/>
-
- <import resource="classpath:META-INF/cxf/cxf.xml" />
+
+ <import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="security-config.xml" />
- <!--<import resource="${realm.idp_configfile}" />-->
- <!--<import resource="idp-config-realma.xml" />-->
- <!--<import resource="idp-config-realmb.xml" />-->
<import resource="${idp-config}" />
- <cxf:bus>
- <cxf:features>
- <cxf:logging />
- </cxf:features>
- </cxf:bus>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging />
+ </cxf:features>
+ </cxf:bus>
<http:conduit name="*.http-conduit">
- <http:tlsClientParameters disableCNCheck="true">
- <sec:trustManagers>
- <sec:keyStore type="jks" password="ispass" resource="idpstore.jks"/>
- </sec:trustManagers>
- </http:tlsClientParameters>
- </http:conduit>
+ <http:tlsClientParameters disableCNCheck="true">
+ <sec:trustManagers>
+ <sec:keyStore type="jks" password="ispass" resource="idpstore.jks"/>
+ </sec:trustManagers>
+ </http:tlsClientParameters>
+ </http:conduit>
- <import resource="RPClaims.xml" />
+<!-- <import resource="RPClaims.xml" />-->
</beans>
Modified: cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/federation-signin-request.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/federation-signin-request.xml?rev=1521297&r1=1521296&r2=1521297&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/federation-signin-request.xml (original)
+++ cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/federation-signin-request.xml Mon Sep 9 21:46:14 2013
@@ -13,8 +13,6 @@
<input name="whr" />
<decision-state id="checkHRDSEnabled">
-<!-- <if test="idpConfig.getHrds() != null" then="checkWhrInSigninRequest" else="checkWauthTypeSupported" /> -->
-<!-- <if test="true" then="checkWhrInSigninRequest" else="checkWauthTypeSupported" /> -->
<if test="true" then="checkWhrInSigninRequest" else="checkDefaultToThisIDP" />
</decision-state>
@@ -66,23 +64,17 @@
<!-- Home Realm is known then we can store it in cookie -->
<decision-state id="checkIsThisIDP">
-<!-- <on-entry> -->
-<!-- <evaluate expression="homeRealmReminder.addCookie(flowRequestContext, flowScope.whr)" /> -->
-<!-- </on-entry> -->
<if test="flowScope.idpConfig.realm.equals(flowScope.whr)" then="checkWauthTypeSupported" else="checkIdpTokenWhrWauth" />
</decision-state>
<!-- ============================================================================================================= -->
<!-- Is 'wresult/RP-IDP token' already received and validated (then stored in session) from requestor IDP ? -->
- <!-- question : is freshness to be checked ? -->
<decision-state id="checkIdpTokenWhrWauth">
-<!-- <if test="externalContext.sessionMap[flowScope.whr] != null" then="requestRpToken" else="redirectToTrustedIDP" /> -->
<if test="externalContext.sessionMap[flowScope.whr] != null" then="wfreshParserRemoteAction" else="redirectToTrustedIDP" />
</decision-state>
<action-state id="wfreshParserRemoteAction">
-<!-- <evaluate expression="wfreshParser.authenticationRequired(flowScope.wfresh, flowRequestContext)" /> -->
<evaluate expression="wfreshParser.authenticationRequired(flowScope.wfresh, flowScope.whr, flowRequestContext)" />
<transition on="yes" to="redirectToTrustedIDP"/>
<transition on="no" to="requestRpToken"/>
@@ -105,7 +97,6 @@
<!-- parse wfresh parameter, provided by resource RP, overriding ttl from 'IDP_TOKEN' -->
<action-state id="wfreshParserAction">
-<!-- <evaluate expression="wfreshParser.authenticationRequired(flowScope.wfresh, flowRequestContext)" /> -->
<evaluate expression="wfreshParser.authenticationRequired(flowScope.wfresh, flowScope.whr, flowRequestContext)" />
<transition on="yes" to="redirectToLocalIDP"/>
<transition on="no" to="requestRpToken"/>
@@ -145,5 +136,4 @@
<output name="wctx" value="flowScope.wctx" />
</end-state>
-
</flow>
Modified: cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/federation-signin-response.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/federation-signin-response.xml?rev=1521297&r1=1521296&r2=1521297&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/federation-signin-response.xml (original)
+++ cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/federation-signin-response.xml Mon Sep 9 21:46:14 2013
@@ -1,23 +1,38 @@
<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
<flow xmlns="http://www.springframework.org/schema/webflow"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/webflow
http://www.springframework.org/schema/webflow/spring-webflow-2.0.xsd">
<input name="idpConfig" />
-<!-- <input name="wreply" /> not needed cached in session under key = value of key 'wctx' -->
-<!-- <input name="wtrealm" /> not needed cached in session under key = value of key 'wctx' -->
<input name="wctx" />
<input name="wauth" />
-<!-- <input name="whr" /> not needed cached in session under key = value of key 'wctx' -->
<input name="wresult" />
<on-start>
- <!-- restore 'wreply','wtrealm','whr' for current 'wctx' -->
+ <!-- restore 'wreply','wtrealm','whr' for current 'wctx' -->
<evaluate expression="signInParamCacheAction.restore(flowRequestContext)" />
</on-start>
- <!-- validate token issued by requestor IDP ('wresult') given its 'whr' -->
+ <!-- validate token issued by requestor IDP ('wresult') given its 'whr' -->
<action-state id="validateToken">
<evaluate expression="validateTokenAction.submit(flowRequestContext)"
result="flowScope.rpIdpToken"
Modified: cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml?rev=1521297&r1=1521296&r2=1521297&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml (original)
+++ cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml Mon Sep 9 21:46:14 2013
@@ -1,11 +1,27 @@
<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
<flow xmlns="http://www.springframework.org/schema/webflow"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/webflow
http://www.springframework.org/schema/webflow/spring-webflow-2.0.xsd">
- <var name="idpConfig" class="org.apache.cxf.fediz.service.idp.model.IDPConfig"/>
-
<!-- protocol check -->
<decision-state id="WSFederationRequestCheck">
<on-entry>
@@ -57,12 +73,9 @@
<subflow-state id="signinResponse" subflow="signinResponse">
<input name="idpConfig" value="flowScope.idpConfig" />
- <!-- <input name="wtrealm" value="flowScope.wtrealm" /> not needed cached in session under key = value of key 'wctx' -->
- <!-- <input name="wreply" value="flowScope.wreply" /> not needed cached in session under key = value of key 'wctx' -->
<input name="wfresh" value="flowScope.wfresh" />
<input name="wctx" value="flowScope.wctx" />
<input name="wauth" value="flowScope.wauth" />
- <!-- <input name="whr" value="flowScope.whr" /> not needed cached in session under key = value of key 'wctx' -->
<input name="wresult" value="flowScope.wresult" />
<output name="wtrealm" />
@@ -148,6 +161,5 @@
</set>
</on-entry>
</end-state>
-
</flow>
Modified: cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realma.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realma.xml?rev=1521297&r1=1521296&r2=1521297&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realma.xml (original)
+++ cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realma.xml Mon Sep 9 21:46:14 2013
@@ -1,39 +1,57 @@
<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:cxf="http://cxf.apache.org/core" xmlns:jaxws="http://cxf.apache.org/jaxws"
- xmlns:test="http://apache.org/hello_world_soap_http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:util="http://www.springframework.org/schema/util" xmlns:http="http://cxf.apache.org/transports/http/configuration"
- xmlns:sec="http://cxf.apache.org/configuration/security"
- xmlns:context="http://www.springframework.org/schema/context"
- xsi:schemaLocation="
- http://cxf.apache.org/core
- http://cxf.apache.org/schemas/core.xsd
- http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
- http://www.springframework.org/schema/context
- http://www.springframework.org/schema/context/spring-context-3.0.xsd
- http://cxf.apache.org/jaxws
- http://cxf.apache.org/schemas/jaxws.xsd
- http://www.springframework.org/schema/util
- http://www.springframework.org/schema/util/spring-util-2.0.xsd
- http://cxf.apache.org/transports/http/configuration
- http://cxf.apache.org/schemas/configuration/http-conf.xsd
- http://cxf.apache.org/configuration/security
- http://cxf.apache.org/schemas/configuration/security.xsd">
+ xmlns:cxf="http://cxf.apache.org/core" xmlns:jaxws="http://cxf.apache.org/jaxws"
+ xmlns:test="http://apache.org/hello_world_soap_http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:util="http://www.springframework.org/schema/util" xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xsi:schemaLocation="
+ http://cxf.apache.org/core
+ http://cxf.apache.org/schemas/core.xsd
+ http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+ http://www.springframework.org/schema/context
+ http://www.springframework.org/schema/context/spring-context-3.0.xsd
+ http://cxf.apache.org/jaxws
+ http://cxf.apache.org/schemas/jaxws.xsd
+ http://www.springframework.org/schema/util
+ http://www.springframework.org/schema/util/spring-util-2.0.xsd
+ http://cxf.apache.org/transports/http/configuration
+ http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/configuration/security
+ http://cxf.apache.org/schemas/configuration/security.xsd">
- <context:property-placeholder location="classpath:realm.properties"/>
+ <context:property-placeholder location="classpath:realm.properties"/>
<bean id="config" class="org.apache.cxf.fediz.service.idp.service.ConfigServiceSpring">
- <property name="idpConfigs">
- <util:list>
- <ref bean="idp-realmA" />
- </util:list>
- </property>
- <property name="serviceConfigs">
- <util:list>
- <ref bean="srv-fedizhelloworld" />
- </util:list>
- </property>
+ <property name="idpConfigs">
+ <util:list>
+ <ref bean="idp-realmA" />
+ </util:list>
+ </property>
+ <property name="serviceConfigs">
+ <util:list>
+ <ref bean="srv-fedizhelloworld" />
+ </util:list>
+ </property>
</bean>
<bean id="idp-realmA" class="org.apache.cxf.fediz.service.idp.model.IDPConfig">
@@ -47,31 +65,30 @@
<property name="stsUrl" value="https://localhost:0/fediz-idp-sts/REALMA" />
<property name="idpUrl" value="https://localhost:${realmA.port}/fediz-idp/federation" />
<property name="supportedProtocols">
- <util:list>
- <value>http://docs.oasis-open.org/wsfed/federation/200706</value>
- <value>http://docs.oasis-open.org/ws-sx/ws-trust/200512</value>
- </util:list>
+ <util:list>
+ <value>http://docs.oasis-open.org/wsfed/federation/200706</value>
+ <value>http://docs.oasis-open.org/ws-sx/ws-trust/200512</value>
+ </util:list>
</property>
<property name="services">
- <util:map>
- <entry key="urn:org:apache:cxf:fediz:fedizhelloworld" value-ref="srv-fedizhelloworld" />
- </util:map>
+ <util:map>
+ <entry key="urn:org:apache:cxf:fediz:fedizhelloworld" value-ref="srv-fedizhelloworld" />
+ </util:map>
</property>
<property name="authenticationURIs">
- <util:map>
- <entry key="default" value="/login/default" />
- </util:map>
+ <util:map>
+ <entry key="default" value="/login/default" />
+ </util:map>
</property>
<property name="trustedIDPs">
- <util:map>
- <entry key="urn:org:apache:cxf:fediz:idp:realm-B" value-ref="trusted-idp-realmB" />
- </util:map>
+ <util:map>
+ <entry key="urn:org:apache:cxf:fediz:idp:realm-B" value-ref="trusted-idp-realmB" />
+ </util:map>
</property>
<property name="serviceDisplayName" value="REALM A" />
<property name="serviceDescription" value="IDP of Realm A" />
</bean>
-
<bean id="trusted-idp-realmB" class="org.apache.cxf.fediz.service.idp.model.TrustedIDPConfig">
<property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-B" />
<property name="cacheTokens" value="true" />
@@ -82,10 +99,8 @@
<property name="federationType" value="FederateIdentity" /> <!-- Required for STS Relationship -->
<property name="name" value="REALM B" />
<property name="description" value="IDP of Realm B" />
- <!--<property name="logo" value="true" />-->
</bean>
-
<bean id="srv-fedizhelloworld" class="org.apache.cxf.fediz.service.idp.model.ServiceConfig">
<property name="realm" value="urn:org:apache:cxf:fediz:fedizhelloworld" />
<property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706" />
@@ -96,48 +111,26 @@
<property name="lifeTime" value="3600" />
<!-- <property name="encryptionCertificate" value="" /> -->
<property name="requestedClaims">
- <util:list>
- <bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
- <property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" />
- <property name="optional" value="false" />
- </bean>
- <bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
- <property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" />
- <property name="optional" value="false" />
- </bean>
- <bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
- <property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" />
- <property name="optional" value="false" />
- </bean>
- <bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
- <property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" />
- <property name="optional" value="true" />
- </bean>
- </util:list>
+ <util:list>
+ <bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
+ <property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" />
+ <property name="optional" value="false" />
+ </bean>
+ <bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
+ <property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" />
+ <property name="optional" value="false" />
+ </bean>
+ <bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
+ <property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" />
+ <property name="optional" value="false" />
+ </bean>
+ <bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
+ <property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" />
+ <property name="optional" value="true" />
+ </bean>
+ </util:list>
</property>
</bean>
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
</beans>
Modified: cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realmb.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realmb.xml?rev=1521297&r1=1521296&r2=1521297&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realmb.xml (original)
+++ cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realmb.xml Mon Sep 9 21:46:14 2013
@@ -1,39 +1,57 @@
<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:cxf="http://cxf.apache.org/core" xmlns:jaxws="http://cxf.apache.org/jaxws"
- xmlns:test="http://apache.org/hello_world_soap_http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:util="http://www.springframework.org/schema/util" xmlns:http="http://cxf.apache.org/transports/http/configuration"
- xmlns:sec="http://cxf.apache.org/configuration/security"
- xmlns:context="http://www.springframework.org/schema/context"
- xsi:schemaLocation="
- http://cxf.apache.org/core
- http://cxf.apache.org/schemas/core.xsd
- http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
- http://www.springframework.org/schema/context
- http://www.springframework.org/schema/context/spring-context-3.0.xsd
- http://cxf.apache.org/jaxws
- http://cxf.apache.org/schemas/jaxws.xsd
- http://www.springframework.org/schema/util
- http://www.springframework.org/schema/util/spring-util-2.0.xsd
- http://cxf.apache.org/transports/http/configuration
- http://cxf.apache.org/schemas/configuration/http-conf.xsd
- http://cxf.apache.org/configuration/security
- http://cxf.apache.org/schemas/configuration/security.xsd">
+ xmlns:cxf="http://cxf.apache.org/core" xmlns:jaxws="http://cxf.apache.org/jaxws"
+ xmlns:test="http://apache.org/hello_world_soap_http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:util="http://www.springframework.org/schema/util" xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xsi:schemaLocation="
+ http://cxf.apache.org/core
+ http://cxf.apache.org/schemas/core.xsd
+ http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+ http://www.springframework.org/schema/context
+ http://www.springframework.org/schema/context/spring-context-3.0.xsd
+ http://cxf.apache.org/jaxws
+ http://cxf.apache.org/schemas/jaxws.xsd
+ http://www.springframework.org/schema/util
+ http://www.springframework.org/schema/util/spring-util-2.0.xsd
+ http://cxf.apache.org/transports/http/configuration
+ http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/configuration/security
+ http://cxf.apache.org/schemas/configuration/security.xsd">
+
+ <context:property-placeholder location="classpath:realm.properties"/>
- <context:property-placeholder location="classpath:realm.properties"/>
-
<bean id="config" class="org.apache.cxf.fediz.service.idp.service.ConfigServiceSpring">
- <property name="idpConfigs">
- <util:list>
- <ref bean="idp-realmB" />
- </util:list>
- </property>
- <property name="serviceConfigs">
- <util:list>
- <ref bean="idp-realmA" />
- </util:list>
- </property>
+ <property name="idpConfigs">
+ <util:list>
+ <ref bean="idp-realmB" />
+ </util:list>
+ </property>
+ <property name="serviceConfigs">
+ <util:list>
+ <ref bean="idp-realmA" />
+ </util:list>
+ </property>
</bean>
<bean id="idp-realmB" class="org.apache.cxf.fediz.service.idp.model.IDPConfig">
@@ -47,21 +65,20 @@
<property name="stsUrl" value="https://localhost:0/fediz-idp-sts/REALMB" />
<property name="idpUrl" value="https://localhost:${realmB.port}/fediz-idp-remote/federation" />
<property name="supportedProtocols">
- <util:list>
- <value>http://docs.oasis-open.org/wsfed/federation/200706</value>
- <value>http://docs.oasis-open.org/ws-sx/ws-trust/200512</value>
- </util:list>
+ <util:list>
+ <value>http://docs.oasis-open.org/wsfed/federation/200706</value>
+ <value>http://docs.oasis-open.org/ws-sx/ws-trust/200512</value>
+ </util:list>
</property>
<property name="services">
- <util:map>
-<!-- <entry key="urn:org:apache:cxf:fediz:idp:realm-B" value-ref="idp-realmA" /> -->
- <entry key="urn:org:apache:cxf:fediz:idp:realm-A" value-ref="idp-realmA" />
- </util:map>
+ <util:map>
+ <entry key="urn:org:apache:cxf:fediz:idp:realm-A" value-ref="idp-realmA" />
+ </util:map>
</property>
<property name="authenticationURIs">
- <util:map>
- <entry key="default" value="/login/default" />
- </util:map>
+ <util:map>
+ <entry key="default" value="/login/default" />
+ </util:map>
</property>
<property name="serviceDisplayName" value="REALM B" />
<property name="serviceDescription" value="IDP of Realm B" />
@@ -77,48 +94,26 @@
<property name="lifeTime" value="3600" />
<!-- <property name="encryptionCertificate" value="" /> -->
<property name="requestedClaims">
- <util:list>
- <bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
- <property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" />
- <property name="optional" value="false" />
- </bean>
- <bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
- <property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" />
- <property name="optional" value="false" />
- </bean>
- <bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
- <property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" />
- <property name="optional" value="false" />
- </bean>
- <bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
- <property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" />
- <property name="optional" value="false" />
- </bean>
- </util:list>
+ <util:list>
+ <bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
+ <property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" />
+ <property name="optional" value="false" />
+ </bean>
+ <bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
+ <property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" />
+ <property name="optional" value="false" />
+ </bean>
+ <bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
+ <property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" />
+ <property name="optional" value="false" />
+ </bean>
+ <bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
+ <property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" />
+ <property name="optional" value="false" />
+ </bean>
+ </util:list>
</property>
</bean>
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
</beans>
Modified: cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-servlet.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-servlet.xml?rev=1521297&r1=1521296&r2=1521297&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-servlet.xml (original)
+++ cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-servlet.xml Mon Sep 9 21:46:14 2013
@@ -1,24 +1,38 @@
<?xml version="1.0" encoding="UTF-8"?>
-
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:webflow="http://www.springframework.org/schema/webflow-config"
- xmlns:p="http://www.springframework.org/schema/p"
- xmlns:context="http://www.springframework.org/schema/context"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
- http://www.springframework.org/schema/webflow-config http://www.springframework.org/schema/webflow-config/spring-webflow-config-2.0.xsd">
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xmlns:webflow="http://www.springframework.org/schema/webflow-config"
+ xmlns:p="http://www.springframework.org/schema/p"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+ http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
+ http://www.springframework.org/schema/webflow-config http://www.springframework.org/schema/webflow-config/spring-webflow-config-2.0.xsd">
<context:property-placeholder location="classpath:realm.properties"/>
- <bean class="org.springframework.webflow.mvc.servlet.FlowHandlerMapping"
- p:flowRegistry-ref="flowRegistry"
+ <bean class="org.springframework.webflow.mvc.servlet.FlowHandlerMapping"
+ p:flowRegistry-ref="flowRegistry"
p:order="2">
-<!-- <property name="interceptors"> -->
-<!-- <ref local="localeChangeInterceptor" /> -->
-<!-- </property> -->
</bean>
<bean class="org.springframework.webflow.mvc.servlet.FlowHandlerAdapter"
@@ -29,18 +43,16 @@
<webflow:always-redirect-on-pause value="false" />
</webflow:flow-execution-attributes>
- <webflow:flow-execution-listeners>
- <webflow:listener ref="securityFlowExecutionListener" />
- </webflow:flow-execution-listeners>
-
+ <webflow:flow-execution-listeners>
+ <webflow:listener ref="securityFlowExecutionListener" />
+ </webflow:flow-execution-listeners>
</webflow:flow-executor>
- <bean id="securityFlowExecutionListener"
- class="org.springframework.webflow.security.SecurityFlowExecutionListener">
- <property name="accessDecisionManager" ref="accessDecisionManager" />
+ <bean id="securityFlowExecutionListener" class="org.springframework.webflow.security.SecurityFlowExecutionListener">
+ <property name="accessDecisionManager" ref="accessDecisionManager" />
</bean>
- <bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
+ <bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
<property name="decisionVoters">
<list>
<bean class="org.springframework.security.access.vote.RoleVoter">
@@ -57,8 +69,8 @@
<webflow:flow-location path="/WEB-INF/federation-signin-response.xml" id="signinResponse" />
</webflow:flow-registry>
- <webflow:flow-builder-services id="builder" view-factory-creator="viewFactoryCreator"
- expression-parser="expressionParser"/>
+ <webflow:flow-builder-services id="builder" view-factory-creator="viewFactoryCreator"
+ expression-parser="expressionParser"/>
<bean id="expressionParser" class="org.springframework.webflow.expression.WebFlowOgnlExpressionParser" />
@@ -70,28 +82,27 @@
</property>
</bean>
- <bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
- <property name="prefix" value="/WEB-INF/"/>
- <property name="suffix" value=".jsp"/>
- </bean>
+ <bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
+ <property name="prefix" value="/WEB-INF/"/>
+ <property name="suffix" value=".jsp"/>
+ </bean>
- <bean id="stsClientForRpAction" class="org.apache.cxf.fediz.service.idp.beans.STSClientAction">
- <!--<property name="wsdlLocation" value="https://localhost:0/fediz-idp-sts/STSServiceTransport?wsdl"/>-->
+ <bean id="stsClientForRpAction" class="org.apache.cxf.fediz.service.idp.beans.STSClientAction">
<property name="wsdlLocation" value="https://localhost:0/fediz-idp-sts/${realm.STS_URI}/STSServiceTransport?wsdl"/>
- <property name="wsdlEndpoint" value="Transport_Port"/>
- <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"/>
- </bean>
-
- <bean id="signInParamCacheAction" class="org.apache.cxf.fediz.service.idp.beans.SigninParametersCacheAction" />
-
- <bean id="logoutAction" class="org.apache.cxf.fediz.service.idp.beans.LogoutAction" />
-
+ <property name="wsdlEndpoint" value="Transport_Port"/>
+ <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"/>
+ </bean>
+
+ <bean id="signInParamCacheAction" class="org.apache.cxf.fediz.service.idp.beans.SigninParametersCacheAction" />
+
+ <bean id="logoutAction" class="org.apache.cxf.fediz.service.idp.beans.LogoutAction" />
+
<bean id="wfreshParser" class="org.apache.cxf.fediz.service.idp.beans.WfreshParser" />
-
+
<bean id="cacheTokenForWauthAction" class="org.apache.cxf.fediz.service.idp.beans.CacheTokenForWauthAction" />
-
+
<bean id="processHRDSExpressionAction" class="org.apache.cxf.fediz.service.idp.beans.ProcessHRDSExpressionAction" />
-
+
<bean id="validateTokenAction" class="org.apache.cxf.fediz.service.idp.beans.ValidateTokenAction" />
<bean id="homeRealmReminder" class="org.apache.cxf.fediz.service.idp.beans.HomeRealmReminder" />
Modified: cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/security-config.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/security-config.xml?rev=1521297&r1=1521296&r2=1521297&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/security-config.xml (original)
+++ cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/security-config.xml Mon Sep 9 21:46:14 2013
@@ -1,44 +1,54 @@
<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:security="http://www.springframework.org/schema/security"
- xmlns:context="http://www.springframework.org/schema/context"
- xsi:schemaLocation="
- http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:security="http://www.springframework.org/schema/security"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
+ http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
- <context:property-placeholder location="classpath:realm.properties"/>
-
+ <context:property-placeholder location="classpath:realm.properties"/>
<context:component-scan base-package="org.apache.cxf.fediz.service.idp"/>
<!-- DIABLE in production as it might log confidential information about the user -->
<security:debug />
<!-- Configure Spring Security -->
- <security:http auto-config="false" use-expressions="true">
- <security:custom-filter after="CHANNEL_FILTER" ref="stsPortFilter" />
- <!--
- <security:form-login login-page="/spring/login" login-processing-url="/spring/loginProcess"
- default-target-url="/spring/main" authentication-failure-url="/spring/login?login_error=1" />
- <security:logout logout-url="/spring/logout" logout-success-url="/spring/logoutSuccess" />
- -->
- <!--
- <security:intercept-url pattern="/federation" access="isAuthenticated()"/>
- -->
- <!-- MUST be http-basic thus systests run fine -->
- <security:intercept-url pattern="/FederationMetadata/2007-06/FederationMetadata.xml" access="isAnonymous()" />
- <security:http-basic />
- <!--<security:form-login />-->
- </security:http>
-
- <security:authentication-manager>
- <security:authentication-provider ref="stsAuthProvider" />
- </security:authentication-manager>
+ <security:http auto-config="false" use-expressions="true">
+ <security:custom-filter after="CHANNEL_FILTER" ref="stsPortFilter" />
+ <security:intercept-url pattern="/FederationMetadata/2007-06/FederationMetadata.xml" access="isAnonymous()" />
+
+ <!-- MUST be http-basic thus systests run fine -->
+ <security:http-basic />
+ <!--<security:form-login />-->
+ </security:http>
+
+ <security:authentication-manager>
+ <security:authentication-provider ref="stsAuthProvider" />
+ </security:authentication-manager>
- <bean id="stsPortFilter" class="org.apache.cxf.fediz.service.idp.STSPortFilter" />
+ <bean id="stsPortFilter" class="org.apache.cxf.fediz.service.idp.STSPortFilter" />
- <bean id="stsAuthProvider" class="org.apache.cxf.fediz.service.idp.STSAuthenticationProvider">
+ <bean id="stsAuthProvider" class="org.apache.cxf.fediz.service.idp.STSAuthenticationProvider">
<property name="wsdlLocation" value="https://localhost:0/fediz-idp-sts/${realm.STS_URI}/STSServiceTransportUT?wsdl"/>
<property name="wsdlEndpoint" value="TransportUT_Port"/>
<property name="wsdlService" value="SecurityTokenService"/>