You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by ow...@apache.org on 2014/02/25 21:30:26 UTC
svn commit: r1571817 - in /cxf/fediz/trunk/services/idp/src: main/resources/
main/webapp/WEB-INF/
test/java/org/apache/cxf/fediz/service/idp/integrationtests/
Author: owulff
Date: Tue Feb 25 20:30:26 2014
New Revision: 1571817
URL: http://svn.apache.org/r1571817
Log:
REST services secured with Spring Security
Added:
cxf/fediz/trunk/services/idp/src/main/resources/restContext.xml
- copied, changed from r1571407, cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml
cxf/fediz/trunk/services/idp/src/main/resources/users.properties
Modified:
cxf/fediz/trunk/services/idp/src/main/resources/log4j.properties
cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml
cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/security-config.xml
cxf/fediz/trunk/services/idp/src/test/java/org/apache/cxf/fediz/service/idp/integrationtests/RestITTest.java
Modified: cxf/fediz/trunk/services/idp/src/main/resources/log4j.properties
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/resources/log4j.properties?rev=1571817&r1=1571816&r2=1571817&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/resources/log4j.properties (original)
+++ cxf/fediz/trunk/services/idp/src/main/resources/log4j.properties Tue Feb 25 20:30:26 2014
@@ -2,6 +2,7 @@
#log4j.rootCategory=FATAL, CONSOLE
log4j.rootCategory=INFO, CONSOLE, LOGFILE
log4j.logger.org.springframework.webflow=INFO,LOGFILE
+log4j.logger.org.springframework.security=DEBUG, CONSOLE, LOGFILE
# CONSOLE is set to be a ConsoleAppender using a PatternLayout.
log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
Copied: cxf/fediz/trunk/services/idp/src/main/resources/restContext.xml (from r1571407, cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml)
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/resources/restContext.xml?p2=cxf/fediz/trunk/services/idp/src/main/resources/restContext.xml&p1=cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml&r1=1571407&r2=1571817&rev=1571817&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml (original)
+++ cxf/fediz/trunk/services/idp/src/main/resources/restContext.xml Tue Feb 25 20:30:26 2014
@@ -18,66 +18,22 @@
under the License.
-->
<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:cxf="http://cxf.apache.org/core"
- xmlns:jaxws="http://cxf.apache.org/jaxws"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:http="http://cxf.apache.org/transports/http/configuration"
- xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:jaxrs="http://cxf.apache.org/jaxrs"
+ xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
- http://cxf.apache.org/core
- http://cxf.apache.org/schemas/core.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
- http://cxf.apache.org/jaxws
- http://cxf.apache.org/schemas/jaxws.xsd
- http://www.springframework.org/schema/util
- http://www.springframework.org/schema/util/spring-util-2.0.xsd
- http://cxf.apache.org/transports/http/configuration
- http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
- http://cxf.apache.org/configuration/security
- http://cxf.apache.org/schemas/configuration/security.xsd
http://cxf.apache.org/jaxrs
- http://cxf.apache.org/schemas/jaxrs.xsd">
-
- <!-- Use http://www.baeldung.com/2012/02/06/properties-with-spring/ instead -->
- <bean
- class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
- <property name="locations">
- <list>
- <value>classpath:persistence.properties</value>
- </list>
- </property>
- <property name="ignoreResourceNotFound" value="true" />
- <property name="ignoreUnresolvablePlaceholders" value="true" />
- </bean>
-
- <import resource="classpath:META-INF/cxf/cxf.xml" />
-
- <import resource="security-config.xml" />
- <import resource="${idp-config}" />
- <import resource="classpath:persistenceContext.xml" />
-
- <cxf:bus>
- <cxf:features>
- <cxf:logging />
- </cxf:features>
- </cxf:bus>
-
- <http:conduit name="*.http-conduit">
- <http:tlsClientParameters
- disableCNCheck="true">
- <sec:trustManagers>
- <sec:keyStore type="jks" password="ispass" resource="idp-ssl-trust.jks" />
- </sec:trustManagers>
- </http:tlsClientParameters>
- </http:conduit>
-
+ http://cxf.apache.org/schemas/jaxrs.xsd
+ http://www.springframework.org/schema/security
+ http://www.springframework.org/schema/security/spring-security-3.1.xsd">
+ <context:property-placeholder location="classpath:realm.properties"/>
+
<bean id="jaxbProvider" class="org.apache.cxf.jaxrs.provider.JAXBElementProvider">
<property name="depthProperties">
<bean id="depthProperties"
@@ -131,6 +87,40 @@
<bean id="trustedIdpServiceImpl"
class="org.apache.cxf.fediz.service.idp.rest.TrustedIdpServiceImpl" />
+
+ <security:http pattern="/services/rs/**" auto-config="false" use-expressions="true">
+ <security:custom-filter after="CHANNEL_FILTER" ref="stsPortFilter" />
+ <security:intercept-url pattern="/**" access="isAuthenticated()"/>
+ <security:http-basic />
+ </security:http>
+
+ <bean id="bCryptPasswordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />
+
+ <bean id="defaultPasswordEncoder" class="org.springframework.security.crypto.password.StandardPasswordEncoder" />
+
+ <security:authentication-manager>
+ <security:authentication-provider>
+ <!-- <security:password-encoder ref="defaultPasswordEncoder"/>-->
+ <!-- <security:password-encoder hash="sha-256" base64="true" />-->
+ <!--
+ <security:password-encoder hash="sha-256" base64="true">
+ <security:salt-source user-property="username"/>
+ </security:password-encoder>
+ -->
+ <security:user-service properties="classpath:/users.properties" />
+ </security:authentication-provider>
+ <security:authentication-provider ref="stsAuthProvider" />
+ </security:authentication-manager>
+
+ <bean id="stsPortFilter" class="org.apache.cxf.fediz.service.idp.STSPortFilter" />
+
+ <bean id="stsAuthProvider" class="org.apache.cxf.fediz.service.idp.STSAuthenticationProvider">
+ <property name="wsdlLocation" value="https://localhost:0/fediz-idp-sts/${realm.STS_URI}/STSServiceTransportUT?wsdl"/>
+ <property name="wsdlEndpoint" value="TransportUT_Port"/>
+ <property name="wsdlService" value="SecurityTokenService"/>
+ <property name="appliesTo" value="urn:fediz:idp"/>
+ <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"/>
+ </bean>
</beans>
Added: cxf/fediz/trunk/services/idp/src/main/resources/users.properties
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/resources/users.properties?rev=1571817&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/resources/users.properties (added)
+++ cxf/fediz/trunk/services/idp/src/main/resources/users.properties Tue Feb 25 20:30:26 2014
@@ -0,0 +1,2 @@
+user=password,ROLE_USER,enabled
+admin=password,ROLE_USER,ROLE_ADMIN,enabled
\ No newline at end of file
Modified: cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml?rev=1571817&r1=1571816&r2=1571817&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml (original)
+++ cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml Tue Feb 25 20:30:26 2014
@@ -61,6 +61,7 @@
<import resource="security-config.xml" />
<import resource="${idp-config}" />
<import resource="classpath:persistenceContext.xml" />
+ <import resource="classpath:restContext.xml" />
<cxf:bus>
<cxf:features>
@@ -76,61 +77,6 @@
</sec:trustManagers>
</http:tlsClientParameters>
</http:conduit>
-
-
- <bean id="jaxbProvider" class="org.apache.cxf.jaxrs.provider.JAXBElementProvider">
- <property name="depthProperties">
- <bean id="depthProperties"
- class="org.apache.cxf.staxutils.DocumentDepthProperties">
- <property name="innerElementCountThreshold" value="500" />
- </bean>
- </property>
- <property name="marshallerProperties">
- <map>
- <entry key="jaxb.formatted.output">
- <value type="java.lang.Boolean">true</value>
- </entry>
- </map>
- </property>
- </bean>
-
- <bean id="exceptionMapper"
- class="org.apache.cxf.fediz.service.idp.rest.RestServiceExceptionMapper" />
-
- <bean id="jsonProvider" class="org.codehaus.jackson.jaxrs.JacksonJaxbJsonProvider" />
-
- <jaxrs:server id="idpService" address="/rs">
- <jaxrs:serviceBeans>
- <ref bean="idpServiceImpl" />
- <ref bean="claimServiceImpl" />
- <ref bean="applicationServiceImpl" />
- <ref bean="trustedIdpServiceImpl" />
- <ref bean="rootServiceImpl" />
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="jaxbProvider" />
- <ref bean="jsonProvider" />
- <ref bean="exceptionMapper" />
- </jaxrs:providers>
- <jaxrs:extensionMappings>
- <entry key="json" value="application/json;charset=UTF-8" />
- <entry key="xml" value="application/xml;charset=UTF-8" />
- </jaxrs:extensionMappings>
- </jaxrs:server>
-
- <bean id="rootServiceImpl"
- class="org.apache.cxf.fediz.service.idp.rest.RootServiceImpl" />
-
- <bean id="idpServiceImpl" class="org.apache.cxf.fediz.service.idp.rest.IdpServiceImpl" />
-
- <bean id="claimServiceImpl"
- class="org.apache.cxf.fediz.service.idp.rest.ClaimServiceImpl" />
-
- <bean id="applicationServiceImpl"
- class="org.apache.cxf.fediz.service.idp.rest.ApplicationServiceImpl" />
-
- <bean id="trustedIdpServiceImpl"
- class="org.apache.cxf.fediz.service.idp.rest.TrustedIdpServiceImpl" />
</beans>
Modified: cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/security-config.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/security-config.xml?rev=1571817&r1=1571816&r2=1571817&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/security-config.xml (original)
+++ cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/security-config.xml Tue Feb 25 20:30:26 2014
@@ -31,11 +31,11 @@
<context:property-placeholder location="classpath:realm.properties"/>
- <!-- DIABLE in production as it might log confidential information about the user -->
+ <!-- DISABLE in production as it might log confidential information about the user -->
<!-- <security:debug /> -->
<!-- Configure Spring Security -->
- <security:http auto-config="false" use-expressions="true">
+ <security:http pattern="/federation/**" auto-config="false" use-expressions="true">
<security:custom-filter after="CHANNEL_FILTER" ref="stsPortFilter" />
<security:intercept-url pattern="/FederationMetadata/2007-06/FederationMetadata.xml" access="isAnonymous() or isAuthenticated()" />
Modified: cxf/fediz/trunk/services/idp/src/test/java/org/apache/cxf/fediz/service/idp/integrationtests/RestITTest.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/test/java/org/apache/cxf/fediz/service/idp/integrationtests/RestITTest.java?rev=1571817&r1=1571816&r2=1571817&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/test/java/org/apache/cxf/fediz/service/idp/integrationtests/RestITTest.java (original)
+++ cxf/fediz/trunk/services/idp/src/test/java/org/apache/cxf/fediz/service/idp/integrationtests/RestITTest.java Tue Feb 25 20:30:26 2014
@@ -18,6 +18,7 @@
*/
package org.apache.cxf.fediz.service.idp.integrationtests;
+import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URL;
@@ -34,6 +35,7 @@ import org.apache.cxf.fediz.service.idp.
import org.apache.cxf.fediz.service.idp.domain.Idp;
import org.apache.cxf.fediz.service.idp.domain.RequestClaim;
import org.apache.cxf.fediz.service.idp.rest.Idps;
+import org.apache.xml.security.utils.Base64;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
@@ -77,11 +79,12 @@ public class RestITTest {
}
@Test
- public void testGetAllIdps() {
+ public void testGetAllIdps() throws UnsupportedEncodingException {
String address = "https://localhost:" + idpHttpsPort + "/fediz-idp/services/rs";
Client client = ClientBuilder.newClient();
Idps idps = client.target(address).path("idps")
- .request("application/xml").get(Idps.class);
+ .request("application/xml").header("Authorization", getBasicAuthentication("admin", "password"))
+ .get(Idps.class);
Assert.assertEquals(1L, idps.getIdps().size());
Idp idp = idps.getIdps().iterator().next();
@@ -118,16 +121,17 @@ public class RestITTest {
}
@Test
- public void testReadExistingIdpEmbeddedTrustedIdps() {
+ public void testReadExistingIdpEmbeddedTrustedIdps() throws UnsupportedEncodingException {
String address = "https://localhost:" + idpHttpsPort + "/fediz-idp/services/rs";
Client client = ClientBuilder.newClient();
Idp idp = client.target(address).path("idps/").path("urn:org:apache:cxf:fediz:idp:realm-A")
- .request("application/xml").get(Idp.class);
+ .request("application/xml").header("Authorization", getBasicAuthentication("admin", "password"))
+ .get(Idp.class);
Assert.assertEquals("", "urn:org:apache:cxf:fediz:idp:realm-A", idp.getRealm());
}
@Test
- public void testAddClaimToApplication() {
+ public void testAddClaimToApplication() throws UnsupportedEncodingException {
String address = "https://localhost:" + idpHttpsPort + "/fediz-idp/services/rs";
Client client = ClientBuilder.newClient();
@@ -144,7 +148,8 @@ public class RestITTest {
application.setTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
Response response = client.target(address).path("applications/")
- .request("application/xml").post(Entity.entity(application, MediaType.APPLICATION_XML));
+ .request("application/xml").header("Authorization", getBasicAuthentication("admin", "password"))
+ .post(Entity.entity(application, MediaType.APPLICATION_XML));
Assert.assertEquals(Status.CREATED.getStatusCode(), response.getStatus());
//Testcase
@@ -153,14 +158,22 @@ public class RestITTest {
requestClaim.setClaimType(URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"));
response = client.target(address).path("applications").path(realm).path("claims")
- .request("application/xml").post(Entity.entity(requestClaim, MediaType.APPLICATION_XML));
+ .request("application/xml").header("Authorization", getBasicAuthentication("admin", "password"))
+ .post(Entity.entity(requestClaim, MediaType.APPLICATION_XML));
Assert.assertEquals(Status.NO_CONTENT.getStatusCode(), response.getStatus());
application = client.target(address).path("applications").path(realm).queryParam("expand", "claims")
- .request("application/xml").get(Application.class);
+ .request("application/xml").header("Authorization", getBasicAuthentication("admin", "password"))
+ .get(Application.class);
Assert.assertEquals("Claims size should be 1 instead of " + application.getRequestedClaims().size(),
1, application.getRequestedClaims().size());
}
+
+ private String getBasicAuthentication(String username, String password) throws UnsupportedEncodingException {
+ String token = username + ":" + password;
+ System.out.println("Basic " + Base64.encode(token.getBytes()));
+ return "Basic " + Base64.encode(token.getBytes());
+ }
}