You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by ow...@apache.org on 2013/08/14 23:01:48 UTC
svn commit: r1514048 [2/2] - in /cxf/fediz/trunk:
examples/spring2Webapp/src/main/resources/
examples/spring2Webapp/src/main/webapp/WEB-INF/
examples/springWebapp/src/main/resources/
examples/springWebapp/src/main/webapp/WEB-INF/ plugins/core/src/test/...
Modified: cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/federation-webflow.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/federation-webflow.xml?rev=1514048&r1=1514047&r2=1514048&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/federation-webflow.xml (original)
+++ cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/federation-webflow.xml Wed Aug 14 21:01:46 2013
@@ -1,89 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<flow xmlns="http://www.springframework.org/schema/webflow"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/webflow
- http://www.springframework.org/schema/webflow/spring-webflow-2.0.xsd">
-
- <on-start>
- <evaluate expression="initialFlowSetupAction.submit(flowRequestContext)" />
- </on-start>
-
- <!-- protocol check -->
- <decision-state id="WSFederationRequestCheck">
- <on-entry>
- <set name="externalContext.sessionMap['wtrealm']" value="requestParameters.wtrealm" />
- <set name="externalContext.sessionMap['wreply']" value="requestParameters.wreply" />
- <set name="externalContext.sessionMap['wctx']" value="requestParameters.wctx" />
- <set name="externalContext.sessionMap['wfresh']" value="requestParameters.wfresh" />
- <set name="externalContext.sessionMap['wauth']" value="requestParameters.wauth" />
- </on-entry>
- <if test="requestParameters.wa == null" then="viewBadRequest" />
- <if test="requestParameters.wa != 'wsignin1.0' and requestParameters.wa != 'wsignout1.0' and requestParameters.wa != 'wsignoutcleanup1.0'" then="viewBadRequest" />
- <if test="requestParameters.wa == 'wsignout1.0' or requestParameters.wa == 'wsignoutcleanup1.0'" then="invalidateSessionAction" />
- <if test="requestParameters.wtrealm == null or requestParameters.wtrealm.length() == 0" then="viewBadRequest" />
-
-<!-- check if IDP token is expired -->
- <if test="externalContext.sessionMap['IDP_TOKEN'].isExpired() == true" then="invalidateSessionAction" />
-<!-- check if IDP token is still valid but relying party requested new authentication -->
- <if test="requestParameters.wfresh != null and requestParameters.wfresh.equals('0')" then="invalidateSessionAction" />
-<!-- check if IDP token is still valid but relying party requested new authentication via wfresh -->
- <if test="requestParameters.wfresh != null" then="wfreshParserAction" else="rpTokenAction" />
- </decision-state>
-
- <!-- parse wfresh parameter, provided by resource RP, overriding ttl from 'IDP_TOKEN' -->
- <action-state id="wfreshParserAction">
- <evaluate expression="wfreshParser.authenticationRequired(requestParameters.wfresh, flowRequestContext)" />
- <transition on="yes" to="invalidateSessionAction"/>
- <transition on="no" to="rpTokenAction"/>
-<!-- <transition on-exception="java.lang.Throwable" to="scInternalServerError" /> -->
-<!-- wfresh invalid, ignore exception, force authentication -->
- <transition on-exception="java.lang.Throwable" to="invalidateSessionAction" />
- </action-state>
-
- <!-- produce RP security token (as String type) -->
- <action-state id="rpTokenAction">
- <evaluate expression="stsClientForRpAction.submit(externalContext.sessionMap['wtrealm'], flowRequestContext)"
- result="flowScope.rpToken"
- result-type="java.lang.String" />
- <transition to="formResponseView" />
- <transition on-exception="java.lang.Throwable" to="scInternalServerError" />
- </action-state>
-
- <!-- normal exit point for login -->
- <!-- browser redirection (self-submitted form 'signinresponseform.jsp') -->
- <end-state id="formResponseView" view="signinresponseform">
- <on-entry>
- <evaluate expression="externalContext.sessionMap['wreply']" result="requestScope.fedAction" />
- <evaluate expression="externalContext.sessionMap['wtrealm']" result="requestScope.fedWTrealm" />
- <evaluate expression="externalContext.sessionMap['wctx']" result="requestScope.fedWCtx" />
- <evaluate expression="flowScope.rpToken" result="requestScope.fedWResult" />
- </on-entry>
- </end-state>
-
- <!-- abnormal exit point : Http 400 Bad Request -->
- <end-state id="viewBadRequest" view="genericerror">
- <on-entry>
- <evaluate expression="externalContext.nativeResponse.setStatus(400,flowRequestContext.currentTransition.toString())" />
- <set name="requestScope.reason" value="flowRequestContext.currentTransition" />
- </on-entry>
- </end-state>
-
- <!-- abnormal exit point : Http 500 Internal Server Error -->
- <end-state id="scInternalServerError" view="genericerror">
- <on-entry>
- <evaluate expression="externalContext.nativeResponse.setStatus(500,'IDP is unavailable, please contact the administrator')" />
- <set name="requestScope.reason" value="'IDP is unavailable, please contact the administrator'" />
- </on-entry>
- </end-state>
-
- <!-- invalidate IDP session -->
- <action-state id="invalidateSessionAction">
- <evaluate expression="logoutAction.submit(flowRequestContext)" />
- <transition on="success" to="endLogout" />
- <transition on-exception="java.lang.Throwable" to="scInternalServerError" />
- </action-state>
-
- <!-- normal exit point for logout -->
- <end-state id="endLogout" view="signoutresponse" />
-
-</flow>
Modified: cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realma.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realma.xml?rev=1514048&r1=1514047&r2=1514048&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realma.xml (original)
+++ cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realma.xml Wed Aug 14 21:01:46 2013
@@ -4,11 +4,14 @@
xmlns:test="http://apache.org/hello_world_soap_http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:util="http://www.springframework.org/schema/util" xmlns:http="http://cxf.apache.org/transports/http/configuration"
xmlns:sec="http://cxf.apache.org/configuration/security"
+ xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://cxf.apache.org/core
http://cxf.apache.org/schemas/core.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+ http://www.springframework.org/schema/context
+ http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd
http://www.springframework.org/schema/util
@@ -18,6 +21,7 @@
http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd">
+ <context:property-placeholder location="classpath:realm.properties"/>
<bean id="config" class="org.apache.cxf.fediz.service.idp.service.ConfigServiceSpring">
<property name="idpConfigs">
@@ -40,7 +44,7 @@
<property name="useCurrentIDP" value="true" />
<!--<property name="certificate" value="" />--> <!-- STS will sign it -->
<property name="stsUrl" value="https://localhost:0/fediz-idp-sts/REALMA" />
- <property name="idpUrl" value="https://localhost:9443/fediz-idp/federation" />
+ <property name="idpUrl" value="https://localhost:${realmA.port}/fediz-idp/federation" />
<property name="supportedProtocols">
<util:list>
<value>http://docs.oasis-open.org/wsfed/federation/200706</value>
@@ -50,8 +54,14 @@
<property name="services">
<util:map>
<entry key="urn:org:apache:cxf:fediz:fedizhelloworld" value-ref="srv-fedizhelloworld" />
+ <!-- <entry key="https://localhost:8443/fedizhelloworld/" value-ref="srv-fedizhelloworld" />--> <!-- temp -->
</util:map>
</property>
+ <property name="authenticationURIs">
+ <util:map>
+ <entry key="default" value="/login/default" />
+ </util:map>
+ </property>
<property name="trustedIDPs">
<util:map>
<entry key="urn:org:apache:cxf:fediz:idp:realm-B" value-ref="trusted-idp-realmB" />
@@ -65,8 +75,8 @@
<bean id="trusted-idp-realmB" class="org.apache.cxf.fediz.service.idp.model.TrustedIDPConfig">
<property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-B" />
<property name="cacheTokens" value="true" />
- <property name="url" value="https://localhost:7443/fediz-idp/federation/REALMB" />
- <property name="certificate" value="..." /> <!-- STS should now -->
+ <property name="url" value="https://localhost:${realmB.port}/fediz-idp-remote/federation" />
+ <property name="certificate" value="realmb.cert" />
<property name="trustType" value="PEER_TRUST" /> <!-- Required for Fediz Core, Process SignInResponse -->
<property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706" />
<property name="federationType" value="FederateIdentity" /> <!-- Required for STS Relationship -->
@@ -83,7 +93,7 @@
<property name="serviceDescription" value="Web Application to illustrate WS-Federation" />
<property name="role" value="ApplicationServiceType" />
<property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
- <property name="lifeTime" value="1800" />
+ <property name="lifeTime" value="3600" />
<!-- <property name="encryptionCertificate" value="" /> -->
<property name="requestedClaims">
<util:list>
@@ -101,7 +111,7 @@
</bean>
<bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
<property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" />
- <property name="optional" value="false" />
+ <property name="optional" value="true" />
</bean>
</util:list>
</property>
Modified: cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realmb.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realmb.xml?rev=1514048&r1=1514047&r2=1514048&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realmb.xml (original)
+++ cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realmb.xml Wed Aug 14 21:01:46 2013
@@ -4,11 +4,14 @@
xmlns:test="http://apache.org/hello_world_soap_http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:util="http://www.springframework.org/schema/util" xmlns:http="http://cxf.apache.org/transports/http/configuration"
xmlns:sec="http://cxf.apache.org/configuration/security"
+ xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://cxf.apache.org/core
http://cxf.apache.org/schemas/core.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+ http://www.springframework.org/schema/context
+ http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd
http://www.springframework.org/schema/util
@@ -18,6 +21,7 @@
http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd">
+ <context:property-placeholder location="classpath:realm.properties"/>
<bean id="config" class="org.apache.cxf.fediz.service.idp.service.ConfigServiceSpring">
<property name="idpConfigs">
@@ -39,8 +43,8 @@
<property name="provideIDPList" value="false" />
<property name="useCurrentIDP" value="true" />
<!--<property name="certificate" value="" />--> <!-- STS will sign it -->
- <property name="stsUrl" value="https://localhost:0/fediz-idp-sts/REALMB" />
- <property name="idpUrl" value="https://localhost:7443/fediz-idp/federation" />
+ <property name="stsUrl" value="https://localhost:0/fediz-idp-sts-remote/REALMB" />
+ <property name="idpUrl" value="https://localhost:${realmB.port}/fediz-idp-remote/federation" />
<property name="supportedProtocols">
<util:list>
<value>http://docs.oasis-open.org/wsfed/federation/200706</value>
@@ -49,7 +53,8 @@
</property>
<property name="services">
<util:map>
- <entry key="urn:org:apache:cxf:fediz:idp:realm-B" value-ref="idp-realmA" />
+<!-- <entry key="urn:org:apache:cxf:fediz:idp:realm-B" value-ref="idp-realmA" /> -->
+ <entry key="urn:org:apache:cxf:fediz:idp:realm-A" value-ref="idp-realmA" />
</util:map>
</property>
<property name="authenticationURIs">
Modified: cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-servlet.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-servlet.xml?rev=1514048&r1=1514047&r2=1514048&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-servlet.xml (original)
+++ cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-servlet.xml Wed Aug 14 21:01:46 2013
@@ -2,11 +2,17 @@
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:util="http://www.springframework.org/schema/util"
xmlns:webflow="http://www.springframework.org/schema/webflow-config"
- xmlns:p="http://www.springframework.org/schema/p"
+ xmlns:p="http://www.springframework.org/schema/p"
+ xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+ http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/webflow-config http://www.springframework.org/schema/webflow-config/spring-webflow-config-2.0.xsd">
-
+
+ <context:property-placeholder location="classpath:realm.properties"/>
+
<bean class="org.springframework.webflow.mvc.servlet.FlowHandlerMapping"
p:flowRegistry-ref="flowRegistry"
p:order="2">
@@ -22,10 +28,33 @@
<webflow:flow-execution-attributes>
<webflow:always-redirect-on-pause value="false" />
</webflow:flow-execution-attributes>
+
+ <webflow:flow-execution-listeners>
+ <webflow:listener ref="securityFlowExecutionListener" />
+ </webflow:flow-execution-listeners>
+
</webflow:flow-executor>
+ <bean id="securityFlowExecutionListener"
+ class="org.springframework.webflow.security.SecurityFlowExecutionListener">
+ <property name="accessDecisionManager" ref="accessDecisionManager" />
+ </bean>
+
+ <bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
+ <property name="decisionVoters">
+ <list>
+ <bean class="org.springframework.security.access.vote.RoleVoter">
+ <property name="rolePrefix" value="ROLE_"/>
+ </bean>
+ <bean class="org.springframework.security.access.vote.AuthenticatedVoter"/>
+ </list>
+ </property>
+ </bean>
+
<webflow:flow-registry id="flowRegistry" flow-builder-services="builder">
- <webflow:flow-location path="/WEB-INF/federation-webflow.xml" id="federation" />
+ <webflow:flow-location path="/WEB-INF/federation-validate-request.xml" id="federation" />
+ <webflow:flow-location path="/WEB-INF/federation-signin-request.xml" id="signinRequest" />
+ <webflow:flow-location path="/WEB-INF/federation-signin-response.xml" id="signinResponse" />
</webflow:flow-registry>
<webflow:flow-builder-services id="builder" view-factory-creator="viewFactoryCreator"
@@ -47,17 +76,24 @@
</bean>
<bean id="stsClientForRpAction" class="org.apache.cxf.fediz.service.idp.beans.STSClientAction">
- <property name="wsdlLocation" value="https://localhost:0/fediz-idp-sts/STSServiceTransport?wsdl"/>
+ <!--<property name="wsdlLocation" value="https://localhost:0/fediz-idp-sts/STSServiceTransport?wsdl"/>-->
+ <property name="wsdlLocation" value="https://localhost:0/fediz-idp-sts/${realm.STS_URI}/STSServiceTransport?wsdl"/>
<property name="wsdlEndpoint" value="Transport_Port"/>
<property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"/>
- <property name="claimsRequired" value="true"/>
</bean>
+ <bean id="signInParamCacheAction" class="org.apache.cxf.fediz.service.idp.beans.SigninParametersCacheAction" />
+
<bean id="logoutAction" class="org.apache.cxf.fediz.service.idp.beans.LogoutAction" />
<bean id="wfreshParser" class="org.apache.cxf.fediz.service.idp.beans.WfreshParser" />
- <bean id="initialFlowSetupAction" class="org.apache.cxf.fediz.service.idp.beans.InitialFlowSetupAction" >
- </bean>
-
+ <bean id="cacheTokenForWauthAction" class="org.apache.cxf.fediz.service.idp.beans.CacheTokenForWauthAction" />
+
+ <bean id="processHRDSExpressionAction" class="org.apache.cxf.fediz.service.idp.beans.ProcessHRDSExpressionAction" />
+
+ <bean id="validateTokenAction" class="org.apache.cxf.fediz.service.idp.beans.ValidateTokenAction" />
+
+ <bean id="homeRealmReminder" class="org.apache.cxf.fediz.service.idp.beans.HomeRealmReminder" />
+
</beans>
Added: cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idplist.jsp
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idplist.jsp?rev=1514048&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idplist.jsp (added)
+++ cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idplist.jsp Wed Aug 14 21:01:46 2013
@@ -0,0 +1,31 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<%@page import="java.util.Map"%>
+<%@page import="org.apache.cxf.fediz.service.idp.model.IDPConfig"%>
+<%@page import="org.apache.cxf.fediz.service.idp.model.TrustedIDPConfig"%>
+<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
+<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
+<html>
+<head>
+<title>Trusted IDP List</title>
+</head>
+<body>
+ <h1>Trusted IDP List</h1>
+ <i>What are you from ? Please, select one Identity Provider in list which is able to recognize you. </i>
+ <form:form method="POST" id="idplist" name="idplist">
+ <br />
+ <% IDPConfig idpConfig = (IDPConfig)request.getAttribute("idpConfig");
+ Map<String, TrustedIDPConfig> trustedIDPs = idpConfig.getTrustedIDPs(); %>
+ <select name="whr">
+ <option value="<%=idpConfig.getRealm()%>" selected="selected" ><%=idpConfig.getServiceDescription()%></option>
+ <% for (TrustedIDPConfig trustedIDP : trustedIDPs.values()) { %>
+ <option value="<%=trustedIDP.getRealm()%>"><%=trustedIDP.getDescription()%></option>
+ <% } %>
+ </select>
+ <br />
+ <input type="hidden" id="execution" name="execution" value="${flowExecutionKey}"/>
+ <br />
+ <input type="submit" name="_eventId_submit" value="Select Home Realm" />
+ <input type="submit" name="_eventId_cancel" value="Cancel" />
+ </form:form>
+</body>
+</html>
\ No newline at end of file
Modified: cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/security-config.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/security-config.xml?rev=1514048&r1=1514047&r2=1514048&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/security-config.xml (original)
+++ cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/security-config.xml Wed Aug 14 21:01:46 2013
@@ -8,8 +8,10 @@
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
+ <context:property-placeholder location="classpath:realm.properties"/>
+
<context:component-scan base-package="org.apache.cxf.fediz.service.idp"/>
-
+
<!-- DIABLE in production as it might log confidential information about the user -->
<security:debug />
@@ -21,7 +23,10 @@
default-target-url="/spring/main" authentication-failure-url="/spring/login?login_error=1" />
<security:logout logout-url="/spring/logout" logout-success-url="/spring/logoutSuccess" />
-->
- <security:intercept-url pattern="/federation" access="isAuthenticated()"/>
+ <!--
+ <security:intercept-url pattern="/federation" access="isAuthenticated()"/>
+ -->
+ <!-- MUST be http-basic thus systests run fine -->
<security:http-basic />
<!--<security:form-login />-->
</security:http>
@@ -33,11 +38,11 @@
<bean id="stsPortFilter" class="org.apache.cxf.fediz.service.idp.STSPortFilter" />
<bean id="stsAuthProvider" class="org.apache.cxf.fediz.service.idp.STSAuthenticationProvider">
- <property name="wsdlLocation" value="https://localhost:0/fediz-idp-sts/STSService?wsdl"/>
+ <property name="wsdlLocation" value="https://localhost:0/fediz-idp-sts/${realm.STS_URI}/STSServiceTransportUT?wsdl"/>
<property name="wsdlEndpoint" value="TransportUT_Port"/>
<property name="wsdlService" value="SecurityTokenService"/>
<property name="appliesTo" value="urn:fediz:idp"/>
<property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"/>
</bean>
-</beans>
\ No newline at end of file
+</beans>
Modified: cxf/fediz/trunk/services/sts/pom.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/pom.xml?rev=1514048&r1=1514047&r2=1514048&view=diff
==============================================================================
--- cxf/fediz/trunk/services/sts/pom.xml (original)
+++ cxf/fediz/trunk/services/sts/pom.xml Wed Aug 14 21:01:46 2013
@@ -166,6 +166,9 @@
<profile>
<id>realms</id>
+ <activation>
+ <activeByDefault>true</activeByDefault>
+ </activation>
<properties>
</properties>
Modified: cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/userClaims.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/userClaims.xml?rev=1514048&r1=1514047&r2=1514048&view=diff
==============================================================================
--- cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/userClaims.xml (original)
+++ cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/userClaims.xml Wed Aug 14 21:01:46 2013
@@ -36,7 +36,7 @@
<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
value="bobwindsor@realma.org" />
<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
- value="user,manager,admin" />
+ value="User,Manager,Admin" />
</util:map>
<util:map id="REALMA_tedClaims">
Modified: cxf/fediz/trunk/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyTest.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyTest.java?rev=1514048&r1=1514047&r2=1514048&view=diff
==============================================================================
--- cxf/fediz/trunk/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyTest.java (original)
+++ cxf/fediz/trunk/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyTest.java Wed Aug 14 21:01:46 2013
@@ -37,7 +37,9 @@ public class JettyTest extends AbstractT
System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient", "debug");
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "debug");
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "debug");
- System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "debug");
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security", "debug");
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "debug");
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "debug");
idpHttpsPort = System.getProperty("idp.https.port");
Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
@@ -70,4 +72,5 @@ public class JettyTest extends AbstractT
public String getServletContextName() {
return "fedizhelloworld";
}
+
}
Modified: cxf/fediz/trunk/systests/jetty8/src/test/resources/fediz_config.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/jetty8/src/test/resources/fediz_config.xml?rev=1514048&r1=1514047&r2=1514048&view=diff
==============================================================================
--- cxf/fediz/trunk/systests/jetty8/src/test/resources/fediz_config.xml (original)
+++ cxf/fediz/trunk/systests/jetty8/src/test/resources/fediz_config.xml Wed Aug 14 21:01:46 2013
@@ -16,6 +16,8 @@
<trustedIssuers>
<issuer subject=".*CN=www.sts.com.*" certificateValidation="ChainTrust"
name="DoubleItSTSIssuer" />
+ <issuer subject=".*CN=REALMA.*" certificateValidation="ChainTrust"
+ name="REALM A"/>
</trustedIssuers>
<maximumClockSkew>1000</maximumClockSkew>
<protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
@@ -25,6 +27,7 @@
<roleDelimiter>,</roleDelimiter>
<roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
<freshness>10</freshness>
+ <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-A</homeRealm>
<claimTypesRequested>
<claimType type="a particular claim type" optional="true" />
</claimTypesRequested>
@@ -42,6 +45,8 @@
<trustedIssuers>
<issuer subject=".*CN=www.sts.com.*" certificateValidation="ChainTrust"
name="DoubleItSTSIssuer" />
+ <issuer subject=".*CN=REALMA.*" certificateValidation="ChainTrust"
+ name="REALM A"/>
</trustedIssuers>
<maximumClockSkew>1000</maximumClockSkew>
<protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
@@ -50,6 +55,7 @@
<issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer>
<roleDelimiter>,</roleDelimiter>
<roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+ <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-A</homeRealm>
<claimTypesRequested>
<claimType type="a particular claim type" optional="true" />
</claimTypesRequested>
Modified: cxf/fediz/trunk/systests/jetty8/src/test/resources/stsstore.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/jetty8/src/test/resources/stsstore.jks?rev=1514048&r1=1514047&r2=1514048&view=diff
==============================================================================
Files cxf/fediz/trunk/systests/jetty8/src/test/resources/stsstore.jks (original) and cxf/fediz/trunk/systests/jetty8/src/test/resources/stsstore.jks Wed Aug 14 21:01:46 2013 differ
Modified: cxf/fediz/trunk/systests/spring/src/test/resources/fediz_config.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/spring/src/test/resources/fediz_config.xml?rev=1514048&r1=1514047&r2=1514048&view=diff
==============================================================================
--- cxf/fediz/trunk/systests/spring/src/test/resources/fediz_config.xml (original)
+++ cxf/fediz/trunk/systests/spring/src/test/resources/fediz_config.xml Wed Aug 14 21:01:46 2013
@@ -16,6 +16,8 @@
<trustedIssuers>
<issuer subject=".*CN=www.sts.com.*" certificateValidation="ChainTrust"
name="DoubleItSTSIssuer" />
+ <issuer subject=".*CN=REALMA.*" certificateValidation="ChainTrust"
+ name="REALM A"/>
</trustedIssuers>
<maximumClockSkew>1000</maximumClockSkew>
<protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
@@ -30,6 +32,7 @@
<!--<freshness>0</freshness>-->
<!--<reply>reply value</reply>-->
<!--<request>REQUEST</request>-->
+ <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-A</homeRealm>
<claimTypesRequested>
<claimType type="a particular claim type" optional="true" />
</claimTypesRequested>
@@ -47,6 +50,8 @@
<trustedIssuers>
<issuer subject=".*CN=www.sts.com.*" certificateValidation="ChainTrust"
name="DoubleItSTSIssuer" />
+ <issuer subject=".*CN=REALMA.*" certificateValidation="ChainTrust"
+ name="REALM A"/>
</trustedIssuers>
<maximumClockSkew>1000</maximumClockSkew>
<protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
@@ -61,6 +66,7 @@
<!--<freshness>0</freshness>-->
<!--<reply>reply value</reply>-->
<!--<request>REQUEST</request>-->
+ <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-A</homeRealm>
<claimTypesRequested>
<claimType type="a particular claim type" optional="true" />
</claimTypesRequested>
Modified: cxf/fediz/trunk/systests/spring2Webapp/src/main/resources/stsstore.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/spring2Webapp/src/main/resources/stsstore.jks?rev=1514048&r1=1514047&r2=1514048&view=diff
==============================================================================
Files cxf/fediz/trunk/systests/spring2Webapp/src/main/resources/stsstore.jks (original) and cxf/fediz/trunk/systests/spring2Webapp/src/main/resources/stsstore.jks Wed Aug 14 21:01:46 2013 differ
Modified: cxf/fediz/trunk/systests/springWebapp/src/main/resources/stsstore.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/springWebapp/src/main/resources/stsstore.jks?rev=1514048&r1=1514047&r2=1514048&view=diff
==============================================================================
Files cxf/fediz/trunk/systests/springWebapp/src/main/resources/stsstore.jks (original) and cxf/fediz/trunk/systests/springWebapp/src/main/resources/stsstore.jks Wed Aug 14 21:01:46 2013 differ
Modified: cxf/fediz/trunk/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java?rev=1514048&r1=1514047&r2=1514048&view=diff
==============================================================================
--- cxf/fediz/trunk/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java (original)
+++ cxf/fediz/trunk/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java Wed Aug 14 21:01:46 2013
@@ -79,8 +79,8 @@ public abstract class AbstractTests {
Assert.assertTrue("User " + user + " claim " + claim + " is not 'Smith'",
response.indexOf(claim + "=Smith") > 0);
claim = ClaimTypes.EMAILADDRESS.toString();
- Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@mycompany.org'",
- response.indexOf(claim + "=alice@mycompany.org") > 0);
+ Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'",
+ response.indexOf(claim + "=alice@realma.org") > 0);
}
@@ -103,8 +103,8 @@ public abstract class AbstractTests {
Assert.assertTrue("User " + user + " claim " + claim + " is not 'Windsor'",
response.indexOf(claim + "=Windsor") > 0);
claim = ClaimTypes.EMAILADDRESS.toString();
- Assert.assertTrue("User " + user + " claim " + claim + " is not 'bobwindsor@idp.org'",
- response.indexOf(claim + "=bobwindsor@idp.org") > 0);
+ Assert.assertTrue("User " + user + " claim " + claim + " is not 'bobwindsor@realma.org'",
+ response.indexOf(claim + "=bobwindsor@realma.org") > 0);
}
@org.junit.Test
@@ -126,8 +126,8 @@ public abstract class AbstractTests {
Assert.assertTrue("User " + user + " claim " + claim + " is not 'Cooper'",
response.indexOf(claim + "=Cooper") > 0);
claim = ClaimTypes.EMAILADDRESS.toString();
- Assert.assertTrue("User " + user + " claim " + claim + " is not 'tcooper@hereiam.org'",
- response.indexOf(claim + "=tcooper@hereiam.org") > 0);
+ Assert.assertTrue("User " + user + " claim " + claim + " is not 'tcooper@realma.org'",
+ response.indexOf(claim + "=tcooper@realma.org") > 0);
}
@org.junit.Test
Modified: cxf/fediz/trunk/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java?rev=1514048&r1=1514047&r2=1514048&view=diff
==============================================================================
--- cxf/fediz/trunk/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java (original)
+++ cxf/fediz/trunk/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java Wed Aug 14 21:01:46 2013
@@ -223,8 +223,8 @@ public class TomcatTest extends Abstract
Assert.assertTrue("User " + user + " claim " + claim + " is not 'Smith'",
response.indexOf(claim + "=Smith") > 0);
claim = ClaimTypes.EMAILADDRESS.toString();
- Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@mycompany.org'",
- response.indexOf(claim + "=alice@mycompany.org") > 0);
+ Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'",
+ response.indexOf(claim + "=alice@realma.org") > 0);
}
Modified: cxf/fediz/trunk/systests/tomcat7/src/test/resources/fediz_config.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/tomcat7/src/test/resources/fediz_config.xml?rev=1514048&r1=1514047&r2=1514048&view=diff
==============================================================================
--- cxf/fediz/trunk/systests/tomcat7/src/test/resources/fediz_config.xml (original)
+++ cxf/fediz/trunk/systests/tomcat7/src/test/resources/fediz_config.xml Wed Aug 14 21:01:46 2013
@@ -16,6 +16,8 @@
<trustedIssuers>
<issuer subject=".*CN=www.sts.com.*" certificateValidation="ChainTrust"
name="DoubleItSTSIssuer" />
+ <issuer subject=".*CN=REALMA.*" certificateValidation="ChainTrust"
+ name="REALM A"/>
</trustedIssuers>
<maximumClockSkew>1000</maximumClockSkew>
<protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
@@ -25,6 +27,7 @@
<roleDelimiter>,</roleDelimiter>
<roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
<freshness>10</freshness>
+ <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-A</homeRealm>
<claimTypesRequested>
<claimType type="a particular claim type" optional="true" />
</claimTypesRequested>
Modified: cxf/fediz/trunk/systests/tomcat7/src/test/resources/stsstore.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/tomcat7/src/test/resources/stsstore.jks?rev=1514048&r1=1514047&r2=1514048&view=diff
==============================================================================
Files cxf/fediz/trunk/systests/tomcat7/src/test/resources/stsstore.jks (original) and cxf/fediz/trunk/systests/tomcat7/src/test/resources/stsstore.jks Wed Aug 14 21:01:46 2013 differ