svn commit: r1341646 - in /cxf/fediz/trunk: examples/README.txt examples/simpleWebapp/README.txt examples/simpleWebapp/src/main/webapp/WEB-INF/web.xml examples/wsclientWebapp/README.txt plugins/tomcat/README.txt plugins/tomcat/docs/

[ow...@apache.org]

Author: owulff
Date: Tue May 22 21:35:42 2012
New Revision: 1341646

URL: http://svn.apache.org/viewvc?rev=1341646&view=rev
Log:
README added and synced url of the demos

Added:
    cxf/fediz/trunk/examples/README.txt
    cxf/fediz/trunk/examples/simpleWebapp/README.txt
    cxf/fediz/trunk/examples/wsclientWebapp/README.txt
    cxf/fediz/trunk/plugins/tomcat/README.txt
      - copied, changed from r1340545, cxf/fediz/trunk/plugins/tomcat/docs/readme.txt
Removed:
    cxf/fediz/trunk/plugins/tomcat/docs/
Modified:
    cxf/fediz/trunk/examples/simpleWebapp/src/main/webapp/WEB-INF/web.xml

Added: cxf/fediz/trunk/examples/README.txt
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/README.txt?rev=1341646&view=auto
==============================================================================
--- cxf/fediz/trunk/examples/README.txt (added)
+++ cxf/fediz/trunk/examples/README.txt Tue May 22 21:35:42 2012
@@ -0,0 +1,30 @@
+Basic Setup for Building and Running the Demos
+==============================================
+
+As described in the installation notes, extract the Apache CXF Fediz
+binary distribution archive into an installation directory
+under the root drive.  This creates the apache-fediz-x.x.x folder,
+which includes all of the product subdirectories.
+
+To build and run the demos, you must install the J2SE Development
+Kit (JDK) 6.0 or later.
+
+All of the samples are built using Apache Maven, version 2.2.x or 3.x.
+You can build the samples all at once by running 
+"mvn clean install" from the samples root folder or by running
+the same command within individual sample folders.  For running
+each sample, follow the READMEs located in each sample's folder.
+
+"mvn clean install" will generate a WAR file for the servlet-based
+examples.  Either the WAR can be manually copied to your servlet
+container's war deployment directory (webapps by default with Tomcat)
+or the Tomcat Maven Plugin (http://tomcat.apache.org/maven-plugin.html) 
+can be used to auto-install the WAR onto Tomcat.
+
+To be able to run the Maven "mvn" command from any folder, be
+sure to add the MAVEN_HOME/bin directory to your system PATH
+variable.
+
+
+
+

Added: cxf/fediz/trunk/examples/simpleWebapp/README.txt
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/simpleWebapp/README.txt?rev=1341646&view=auto
==============================================================================
--- cxf/fediz/trunk/examples/simpleWebapp/README.txt (added)
+++ cxf/fediz/trunk/examples/simpleWebapp/README.txt Tue May 22 21:35:42 2012
@@ -0,0 +1,94 @@
+Simple Web Application Demo
+===========================
+
+This demo shows how to build and deploy an SSO protected using Apache CXF Fediz web application.
+
+The Demo consist of three parts:
+
+- Enable Fediz in Servlet Container (ex. Tomcat)
+- Install the Fediz Identity Provider (IDP)
+- Build the Demo Web Application
+
+
+Fediz configuration in Tomcat
+-----------------------------
+
+The Tomcat installation must be updated before a Web Application can be deployed.
+
+The following wiki page gives instructions how to do that:
+http://cxf.apache.org/fediz-tomcat.html
+
+
+Fediz Identity Provider (IDP)
+-----------------------------
+
+The IDP is the central security server to whom unauthenticated requests are redirected. Its responsibility is
+to authenticate the browser user and issue a security token which fulfills the Web Application requirements.
+
+The following wiki page gives instructions how to set up the IDP:
+http://cxf.apache.org/fediz-idp.html
+
+
+Demo Web Application
+---------------------
+
+The main code lives in the class FederationServlet. This Servlet is protected and can only be accessed if the
+browser user is authenticated. The purpose of the FederationServlet is to illustrate the usage of the
+Java Servlet Security API to get the authenticated user and to check the roles he has.
+Further, the FederationServlet shows how to access claims data (user data) which were store in the SAML token
+by using the Fediz interface FederationPrincipal.
+Beyond that, the FederationServlet illustrates how to access the SAML token if required. The classes 
+SecurityTokenThreadLocal.java and FederationFilter.java can be used to achieve that. You could get this information
+directly from the HTTP session.
+
+
+Prerequisite
+------------
+Please review the README in the samples main directory before continuing.
+
+
+Building the demo using Maven
+-----------------------------
+
+From the base directory of this sample (i.e., where this README file is
+located), the pom.xml file is used to build and run the demo. 
+
+Using either UNIX or Windows:
+
+  mvn clean install   (builds the demo and creates a WAR file for Servlet deployment)
+
+
+Deploying the demo to Tomcat
+----------------------------
+
+You can manually copy the generated WAR file to the Tomcat webapps folder, or, if you
+have Maven and Tomcat set up to use the Tomcat Maven Plugin (http://mojo.codehaus.org/tomcat-maven-plugin/)
+you can use the mvn tomcat:redeploy command instead.  Important: if you're using this 
+command, and are using Tomcat 6 instead of Tomcat 7, update the tomcat-maven-plugin configuration 
+in the pom.xml, switching to the the Tomcat 6-specific "url" element.
+
+
+Test the demo
+-------------
+
+Enter the following URL into the browser (TCP port depends on your HTTP settings):
+
+https://localhost:8443/fedizhelloworld/secure/fedservlet
+
+The browser is redirected to the IDP and prompts for username and password. As described in the IDP installation,
+the following users are already set up:
+
+User: alice   Password: ecila
+User: bob     Password: bob
+User: ted     Password: det
+
+
+Using Eclipse to run and test the demo
+--------------------------------------
+
+run the following in the demo base directory
+
+mvn eclipse:eclipse
+
+Then use Import / Existing projects into workspace and browse to the simpleWebapp directory. Import the project.
+

Modified: cxf/fediz/trunk/examples/simpleWebapp/src/main/webapp/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/simpleWebapp/src/main/webapp/WEB-INF/web.xml?rev=1341646&r1=1341645&r2=1341646&view=diff
==============================================================================
--- cxf/fediz/trunk/examples/simpleWebapp/src/main/webapp/WEB-INF/web.xml (original)
+++ cxf/fediz/trunk/examples/simpleWebapp/src/main/webapp/WEB-INF/web.xml Tue May 22 21:35:42 2012
@@ -32,7 +32,7 @@
 
 	<servlet-mapping>
 		<servlet-name>FederationServlet</servlet-name>
-		<url-pattern>/secureservlet/fed</url-pattern>
+		<url-pattern>/secure/fedservlet</url-pattern>
 	</servlet-mapping>
 
 	<security-role>

Added: cxf/fediz/trunk/examples/wsclientWebapp/README.txt
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/wsclientWebapp/README.txt?rev=1341646&view=auto
==============================================================================
--- cxf/fediz/trunk/examples/wsclientWebapp/README.txt (added)
+++ cxf/fediz/trunk/examples/wsclientWebapp/README.txt Tue May 22 21:35:42 2012
@@ -0,0 +1,128 @@
+Web Service Client Web Application Demo
+=======================================
+
+This demo shows a more complext scenario where a Web Application is deployed as in the example 'simpleWebapp'.
+The difference is that this demo Web Application calls a Web Services which is protected by a SAML token which
+must be issued by a Security Token Service (STS). The STS is part of the Fediz Identity Provider (IDP).
+The Web Application requests a SAML token for the Web Service *on behalf of* the user who logged into the 
+Web Application. Finally, the Web Service knows which browser user triggered the Web Service call.
+
+The Demo consist of three parts:
+
+- Enable Fediz in Servlet Container (ex. Tomcat)
+- Install the Fediz Identity Provider (IDP)
+- Build the Demo Web Application
+- Build the Demo Web Service
+
+
+Fediz configuration in Tomcat
+-----------------------------
+
+The Tomcat installation must be updated before a Web Application can be deployed.
+
+The following wiki page gives instructions how to do that:
+http://cxf.apache.org/fediz-tomcat.html
+
+
+Fediz Identity Provider (IDP)
+-----------------------------
+
+The IDP is the central security server to whom unauthenticated requests are redirected. Its responsibility is
+to authenticate the browser user and issue a security token which fulfills the Web Application requirements.
+
+The following wiki page gives instructions how to set up the IDP:
+http://cxf.apache.org/fediz-idp.html
+
+
+Demo Web Application
+---------------------
+
+The main code lives in the class FederationServlet. This class has been extended by an implementation of the method doPost().
+The doGet implementation is the same as in the demo 'simpleWebapp'.
+The Web Application contains a service.jsp which provides a button to trigger the Web Service call which is in the
+doPost implementation. CXF requests a SAML token from the STS on behalf of the security token used during the
+Web Application Login before sending the SOAP request to the Web Service.
+
+The FederationServlet prints the String returned from the Web Service (which is the authenticated Browser user).
+
+There is not security related programming required. CXF processes the information in the Spring configuration and
+the policy document and enforces that.
+
+
+Demo Web Service
+---------------------
+
+The main and only code lives in the class GreeterImpl. It reads the authenticated principal from the JAX-WS WebServiceContext
+and returns the principal name to the Web Service Client (Web Application).
+
+The interesting pieces are in beans.xml and the WS-SecurityPolicy definition in the WSDL hello_world.wsdl.
+
+There is no security related programming required. CXF processes the information in the Spring configuration and
+the policy document and enforces that.
+
+
+More details are provided on this blog:
+http://owulff.blogspot.com/2012/04/sso-across-web-applications-and-web_16.html
+
+
+Prerequisite
+------------
+Please review the README in the samples main directory before continuing.
+It's recommended to run the demo simpleWebapp first as this is an extended demo.
+
+
+Building the demo using Maven
+-----------------------------
+
+From the base directory of this sample (i.e., where this README file is
+located), the pom.xml file is used to build and run the demo. 
+
+Using either UNIX or Windows:
+
+  mvn clean install   (builds the demo and creates a WAR file for Servlet deployment)
+
+
+Deploying the demo to Tomcat
+----------------------------
+
+You can manually copy the generated WAR file to the Tomcat webapps folder, or, if you
+have Maven and Tomcat set up to use the Tomcat Maven Plugin (http://mojo.codehaus.org/tomcat-maven-plugin/)
+you can use the mvn tomcat:redeploy command instead.  Important: if you're using this 
+command, and are using Tomcat 6 instead of Tomcat 7, update the tomcat-maven-plugin configuration 
+in the pom.xml, switching to the the Tomcat 6-specific "url" element.
+
+It's recommended to deploy the Web Service into a different Container instance than the Web Application.
+
+
+Test the demo
+-------------
+
+Enter the following URL into the browser (TCP port depends on your HTTP settings):
+
+1)
+https://localhost:8443/fedizhelloworld/secure/fedservlet
+
+The browser is redirected to the IDP and prompts for username and password. As described in the IDP installation,
+the following users are already set up:
+
+User: alice   Password: ecila
+User: bob     Password: bob
+User: ted     Password: det
+
+2)
+https://localhost:8443/fedizhelloworld/secure/service.jsp
+
+Click "Call Service"
+
+Your authenticated user must be printed again.
+
+
+Using Eclipse to run and test the demo
+--------------------------------------
+
+run the following in the demo base directory
+
+mvn eclipse:eclipse
+
+Then use Import / Existing projects into workspace and browse to the wsclientWebapp directory. Import the project.
+

Copied: cxf/fediz/trunk/plugins/tomcat/README.txt (from r1340545, cxf/fediz/trunk/plugins/tomcat/docs/readme.txt)
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/tomcat/README.txt?p2=cxf/fediz/trunk/plugins/tomcat/README.txt&p1=cxf/fediz/trunk/plugins/tomcat/docs/readme.txt&r1=1340545&r2=1341646&rev=1341646&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/tomcat/docs/readme.txt (original)
+++ cxf/fediz/trunk/plugins/tomcat/README.txt Tue May 22 21:35:42 2012
@@ -1,58 +1,10 @@
-Deploy WS-Federation plugin in tomcat 7
+Fediz configuration in Tomcat
+-----------------------------
 
-1) Pre-requisites:
-- Tomcat 7.0.x
-- JDK 1.6
+The Tomcat installation must be updated before a Web Application can be deployed.
 
-2) Prepare tomcat
-- create a sub-directory  in ${catalina.home}/lib
-- update catalina.properties in ${catalina.home}/conf (see last directory added in the comma seperated list)
-common.loader=${catalina.base}/lib,${catalina.base}/lib/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar,${catalina.home}/lib/fediz/*.jar
-
-3) Deploy Federation plugin
-
-a) Deploy the JAR's built as part of fediz-core and fediz-tomcat:
-fediz-core-*.jar
-fediz-tomcat-*.jar
-
-b) deploy the following third party libraries (tested with the mentioned version)
-- commons-logging-1.1.1.jar
-- joda-time-1.6.2.jar
-- opensaml-2.4.1.jar
-- openws-1.4.1.jar
-- slf4j-api-1.6.1.jar
-- slf4j-jdk14-1.6.1.jar
-- wss4j-1.6.2.jar
-- xmlsec-1.4.5.jar
-- xmltooling-1.3.1.jar
-
-c) configure the CA certificates:
-
-- Deploy the keystore (configured in above properties) to the configured location
-keystore can be found in fediz-idp-sts/src/test/resources/stsstore.jks
-(hint: you can ignore that the private key is contained in this keystore which must not be the case for production)
-
-
-4) Configure Federation plugin
-- Update the web application context configuration either in server.xml or in your web META-INF/context.xml:
-
-Ex. in server.xml:
-
-        <Context path="/fedizhelloworld" docBase="fedizhelloworld">
-                <Valve className="org.apache.cxf.fediz.tomcat.FederationAuthenticator"
-                       issuerURL="https://localhost:9443/fedizidp/"
-                       truststoreFile="conf/signature.properties"
-                       truststorePassword="stsspass"
-                       trustedIssuer="DoubleItSTSIssuer" />
-        </Context>
-        
-        or embed a context.xml in your WAR in META-INF which contains this (see fediz-tomcat-example):
-        (tomcat:redeploy doesn't work 
-        <Context>
-        	<Valve className="org.apache.cxf.fediz.tomcat.FederationAuthenticator"
-                       issuerURL="https://localhost:9443/fedizidp/"
-                       truststoreFile="conf/signature.properties"
-                       truststorePassword="stsspass"
-                       trustedIssuer="DoubleItSTSIssuer" />
-		</Context>
+The following wiki page gives instructions how to do that:
+http://cxf.apache.org/fediz-tomcat.html
 
+The following wiki page explains the fediz configuration which is Container independent:
+http://cxf.apache.org/fediz-configuration.html