You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/10/12 13:51:40 UTC
cxf-fediz git commit: More STS Refactoring
Repository: cxf-fediz
Updated Branches:
refs/heads/master 32107856e -> af2ac3667
More STS Refactoring
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/af2ac366
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/af2ac366
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/af2ac366
Branch: refs/heads/master
Commit: af2ac36675f7db49f5fd6925896eed5ef5340bae
Parents: 3210785
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Oct 12 14:32:28 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Oct 12 14:32:36 2016 +0100
----------------------------------------------------------------------
.../service/sts/realms/UriRealmParser.java | 14 --
.../src/main/webapp/WEB-INF/cxf-transport.xml | 121 +---------------
.../sts/src/main/webapp/WEB-INF/data/realms.xml | 3 +
.../src/main/webapp/WEB-INF/endpoints/file.xml | 65 +++++++++
.../main/webapp/WEB-INF/endpoints/kerberos.xml | 49 +++++++
.../src/main/webapp/WEB-INF/endpoints/ldap.xml | 117 ++++++++++++++++
.../sts/src/main/webapp/WEB-INF/fediz-sts.xml | 140 +++++++++++++++++++
services/sts/src/main/webapp/WEB-INF/file.xml | 65 ---------
.../sts/src/main/webapp/WEB-INF/kerberos.xml | 49 -------
services/sts/src/main/webapp/WEB-INF/ldap.xml | 117 ----------------
.../src/test/resources/sts/cxf-transport.xml | 1 -
11 files changed, 378 insertions(+), 363 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/af2ac366/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/UriRealmParser.java
----------------------------------------------------------------------
diff --git a/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/UriRealmParser.java b/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/UriRealmParser.java
index c39dcd8..169cc54 100644
--- a/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/UriRealmParser.java
+++ b/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/UriRealmParser.java
@@ -31,8 +31,6 @@ public class UriRealmParser implements RealmParser {
private static final Logger LOG = LoggerFactory.getLogger(UriRealmParser.class);
- private Map<String, Object> realmMap;
-
@Override
public String parseRealm(Map<String, Object> messageContext) throws STSException {
String url = (String)messageContext.get("org.apache.cxf.request.url");
@@ -51,21 +49,9 @@ public class UriRealmParser implements RealmParser {
realm = st.nextToken();
}
realm = realm.toUpperCase();
- if (realmMap == null || !realmMap.containsKey(realm)) {
- LOG.warn("Unknown realm: " + realm);
- throw new STSException("Unknown realm: " + realm);
- }
LOG.debug("URI realm parsed: " + realm);
return realm;
}
- public Map<String, Object> getRealmMap() {
- return realmMap;
- }
-
- public void setRealmMap(Map<String, Object> realms) {
- this.realmMap = realms;
- }
-
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/af2ac366/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml b/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml
index b8d7b68..a51a582 100644
--- a/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml
+++ b/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml
@@ -39,132 +39,19 @@
http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd">
- <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
- <property name="location" value="classpath:./sts.properties"/>
- </bean>
-
<import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="data/realms.xml" />
+ <import resource="fediz-sts.xml" />
<!-- Per default the resource <file.xml> is imported.
If built with Maven Profile 'ldap', the resource <ldap.xml> is imported -->
- <import resource="./${adapter.resource}.xml" />
-
- <bean id="loggerListener" class="org.apache.cxf.sts.event.map.EventMapper">
- <constructor-arg>
- <bean class="org.apache.cxf.sts.event.map.MapEventLogger" />
- </constructor-arg>
- </bean>
-
- <util:list id="delegationHandlers">
- <bean id="samlDelegationHandler"
- class="org.apache.cxf.fediz.service.sts.FedizSAMLDelegationHandler" />
- <bean id="x509DelegationHandler"
- class="org.apache.cxf.fediz.service.sts.FedizX509DelegationHandler" />
- </util:list>
-
- <bean id="transportSTSProviderBean"
- class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider">
- <property name="issueOperation" ref="transportIssueDelegate" />
- <property name="validateOperation" ref="transportValidateDelegate" />
- </bean>
-
- <bean id="transportIssueDelegate" class="org.apache.cxf.sts.operation.TokenIssueOperation">
- <property name="tokenProviders" ref="transportTokenProviders" />
- <property name="services" ref="transportServices" />
- <property name="stsProperties" ref="transportSTSProperties" />
- <property name="claimsManager" ref="claimsManager" />
- <property name="tokenValidators" ref="transportTokenValidators" />
- <property name="eventListener" ref="loggerListener" />
- <property name="delegationHandlers" ref="delegationHandlers" />
- </bean>
-
- <bean id="transportValidateDelegate" class="org.apache.cxf.sts.operation.TokenValidateOperation">
- <property name="tokenValidators" ref="transportTokenValidators" />
- <property name="stsProperties" ref="transportSTSProperties" />
- <property name="eventListener" ref="loggerListener" />
- </bean>
-
- <util:list id="transportTokenProviders">
- <ref bean="transportSamlTokenProvider" />
- </util:list>
-
- <util:list id="transportTokenValidators">
- <ref bean="transportSamlTokenValidator" />
- <bean class="org.apache.cxf.sts.token.validator.X509TokenValidator" />
- </util:list>
-
- <bean id="transportSamlTokenProvider" class="org.apache.cxf.sts.token.provider.SAMLTokenProvider">
- <property name="attributeStatementProviders" ref="attributeStatementProvidersList" />
- <property name="realmMap" ref="realms" />
- <property name="conditionsProvider" ref="conditionsProvider" />
- <property name="subjectProvider" ref="subjectProvider" />
- </bean>
-
- <bean id="conditionsProvider"
- class="org.apache.cxf.sts.token.provider.DefaultConditionsProvider">
- <property name="lifetime" value="1200" />
- <property name="acceptClientLifetime" value="true" />
- </bean>
+ <import resource="./endpoints/${adapter.resource}.xml" />
- <bean id="subjectProvider"
- class="org.apache.cxf.sts.token.provider.DefaultSubjectProvider">
- <property name="subjectNameIDFormat"
- value="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />
- </bean>
-
- <util:list id="attributeStatementProvidersList">
- <ref bean="claimAttributeProvider" />
- </util:list>
-
- <bean id="claimAttributeProvider"
- class="org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider">
- </bean>
-
- <bean id="claimsManager" class="org.apache.cxf.sts.claims.ClaimsManager">
- <property name="claimHandlers" ref="claimHandlerList" />
- </bean>
-
- <bean id="identityMapper"
- class="org.apache.cxf.fediz.service.sts.realms.IdentityMapperImpl" />
-
- <bean id="samlRealmCodec"
- class="org.apache.cxf.fediz.service.sts.realms.SamlRealmCodec" />
-
- <bean id="customRealmParser" class="org.apache.cxf.fediz.service.sts.realms.UriRealmParser">
- <property name="realmMap" ref="realms" />
- </bean>
-
- <bean id="transportSamlTokenValidator"
- class="org.apache.cxf.sts.token.validator.SAMLTokenValidator">
- <property name="samlRealmCodec" ref="samlRealmCodec" />
- </bean>
-
- <bean id="transportUsernameTokenValidator"
- class="org.apache.cxf.sts.token.validator.UsernameTokenValidator">
- </bean>
-
- <util:list id="transportServices">
- <ref bean="transportService" />
- </util:list>
-
- <bean id="transportService" class="org.apache.cxf.sts.service.StaticService">
- <property name="endpoints">
- <util:list>
- <value>.*</value>
- </util:list>
- </property>
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
+ <property name="location" value="classpath:./sts.properties"/>
</bean>
- <bean id="transportSTSProperties" class="org.apache.cxf.sts.StaticSTSProperties">
- <property name="callbackHandlerClass" value="${callback.handler}" />
- <property name="issuer" value="${issuer}" />
- <property name="realmParser" ref="customRealmParser" />
- <property name="signatureCryptoProperties" value="${signature.properties}" />
- <property name="relationships" ref="relationships" />
- </bean>
-
<jaxws:endpoint id="transportSTSRealmA" implementor="#transportSTSProviderBean"
address="/REALMA/STSServiceTransport" wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/af2ac366/services/sts/src/main/webapp/WEB-INF/data/realms.xml
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/data/realms.xml b/services/sts/src/main/webapp/WEB-INF/data/realms.xml
index 2de07d7..c0b01a7 100644
--- a/services/sts/src/main/webapp/WEB-INF/data/realms.xml
+++ b/services/sts/src/main/webapp/WEB-INF/data/realms.xml
@@ -39,6 +39,9 @@
http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd">
+ <bean id="identityMapper"
+ class="org.apache.cxf.fediz.service.sts.realms.IdentityMapperImpl" />
+
<util:list id="relationships">
<bean class="org.apache.cxf.sts.token.realm.Relationship">
<property name="sourceRealm" value="REALMA" />
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/af2ac366/services/sts/src/main/webapp/WEB-INF/endpoints/file.xml
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/endpoints/file.xml b/services/sts/src/main/webapp/WEB-INF/endpoints/file.xml
new file mode 100644
index 0000000..34334e5
--- /dev/null
+++ b/services/sts/src/main/webapp/WEB-INF/endpoints/file.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xmlns:jaxws="http://cxf.apache.org/jaxws"
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+ http://www.springframework.org/schema/util
+ http://www.springframework.org/schema/util/spring-util-2.0.xsd
+ http://cxf.apache.org/jaxws
+ http://cxf.apache.org/schemas/jaxws.xsd">
+
+ <import resource="../data/userClaims.xml" />
+ <import resource="../data/passwords.xml" />
+
+ <bean id="upCallBackHandlerRealmA"
+ class="org.apache.cxf.fediz.service.sts.UsernamePasswordCallbackHandler">
+ <property name="passwords" ref="REALMA" />
+ </bean>
+
+ <bean id="upCallBackHandlerRealmB"
+ class="org.apache.cxf.fediz.service.sts.UsernamePasswordCallbackHandler">
+ <property name="passwords" ref="REALMB" />
+ </bean>
+
+ <jaxws:endpoint id="transportSTSRealmAUT"
+ implementor="#transportSTSProviderBean" address="/REALMA/STSServiceTransportUT"
+ wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
+ xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ serviceName="ns1:SecurityTokenService" endpointName="ns1:TransportUT_Port">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler" value-ref="upCallBackHandlerRealmA" />
+ </jaxws:properties>
+ </jaxws:endpoint>
+
+ <jaxws:endpoint id="transportSTSRealmBUT"
+ implementor="#transportSTSProviderBean" address="/REALMB/STSServiceTransportUT"
+ wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
+ xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ serviceName="ns1:SecurityTokenService" endpointName="ns1:TransportUT_Port">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler" value-ref="upCallBackHandlerRealmB" />
+ </jaxws:properties>
+ </jaxws:endpoint>
+
+</beans>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/af2ac366/services/sts/src/main/webapp/WEB-INF/endpoints/kerberos.xml
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/endpoints/kerberos.xml b/services/sts/src/main/webapp/WEB-INF/endpoints/kerberos.xml
new file mode 100644
index 0000000..c780c5c
--- /dev/null
+++ b/services/sts/src/main/webapp/WEB-INF/endpoints/kerberos.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xmlns:jaxws="http://cxf.apache.org/jaxws"
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+ http://www.springframework.org/schema/util
+ http://www.springframework.org/schema/util/spring-util-2.0.xsd
+ http://cxf.apache.org/jaxws
+ http://cxf.apache.org/schemas/jaxws.xsd">
+
+ <import resource="../data/userClaims.xml" />
+
+ <bean id="kerberosValidator" class="org.apache.wss4j.dom.validate.KerberosTokenValidator">
+ <property name="contextName" value="bob"/>
+ <property name="serviceName" value="bob@service.ws.apache.org"/>
+ </bean>
+
+ <jaxws:endpoint id="transportSTSRealmAKerberos"
+ implementor="#transportSTSProviderBean" address="/REALMA/STSServiceTransportKerberos"
+ wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
+ xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ serviceName="ns1:SecurityTokenService" endpointName="ns1:TransportKerberos_Port">
+ <jaxws:properties>
+ <entry key="ws-security.bst.validator" value-ref="kerberosValidator"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
+
+</beans>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/af2ac366/services/sts/src/main/webapp/WEB-INF/endpoints/ldap.xml
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/endpoints/ldap.xml b/services/sts/src/main/webapp/WEB-INF/endpoints/ldap.xml
new file mode 100644
index 0000000..dbd3265
--- /dev/null
+++ b/services/sts/src/main/webapp/WEB-INF/endpoints/ldap.xml
@@ -0,0 +1,117 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xmlns:jaxws="http://cxf.apache.org/jaxws"
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+ http://www.springframework.org/schema/util
+ http://www.springframework.org/schema/util/spring-util-2.0.xsd
+ http://cxf.apache.org/jaxws
+ http://cxf.apache.org/schemas/jaxws.xsd">
+
+ <util:list id="claimHandlerList">
+ <ref bean="userClaimsHandler" />
+ <ref bean="groupClaimsHandler" />
+ </util:list>
+
+ <bean id="contextSource"
+ class="org.springframework.ldap.core.support.LdapContextSource">
+ <property name="url" value="ldap://localhost:389/" />
+ <property name="userDn" value="uid=admin,ou=system" />
+ <property name="password" value="secret" />
+ </bean>
+
+ <bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
+ <constructor-arg ref="contextSource" />
+ </bean>
+
+ <util:map id="claimsToLdapAttributeMapping">
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+ value="givenName" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+ value="sn" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+ value="mail" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country"
+ value="c" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcode"
+ value="postalCode" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress"
+ value="postalAddress" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality"
+ value="town" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince"
+ value="st" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/gender"
+ value="gender" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth"
+ value="dateofbirth" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+ value="member" />
+ </util:map>
+
+ <bean id="userClaimsHandler" class="org.apache.cxf.sts.claims.LdapClaimsHandler">
+ <property name="ldapTemplate" ref="ldapTemplate" />
+ <property name="claimsLdapAttributeMapping" ref="claimsToLdapAttributeMapping" />
+ <property name="userBaseDN" value="ou=users,dc=fediz,dc=org" />
+ <property name="userNameAttribute" value="uid" />
+ </bean>
+
+ <util:map id="appliesToScopeMapping">
+ <entry key="urn:org:apache:cxf:fediz:fedizhelloworld"
+ value="Example" />
+ </util:map>
+
+ <bean id="groupClaimsHandler" class="org.apache.cxf.sts.claims.LdapGroupClaimsHandler">
+ <property name="ldapTemplate" ref="ldapTemplate" />
+ <property name="userBaseDN" value="ou=users,dc=fediz,dc=org" />
+ <property name="groupBaseDN" value="ou=groups,dc=fediz,dc=org" />
+ <property name="appliesToScopeMapping" ref="appliesToScopeMapping" />
+ <property name="userNameAttribute" value="uid" />
+ </bean>
+
+ <jaxws:endpoint id="transportSTS1" implementor="#transportSTSProviderBean"
+ address="/STSService" wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
+ xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ serviceName="ns1:SecurityTokenService" endpointName="ns1:TransportUT_Port">
+ <jaxws:properties>
+ <entry key="ws-security.ut.validator">
+ <bean class="org.apache.ws.security.validate.JAASUsernameTokenValidator">
+ <property name="contextName" value="LDAP" />
+ </bean>
+ </entry>
+ </jaxws:properties>
+ </jaxws:endpoint>
+
+</beans>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/af2ac366/services/sts/src/main/webapp/WEB-INF/fediz-sts.xml
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/fediz-sts.xml b/services/sts/src/main/webapp/WEB-INF/fediz-sts.xml
new file mode 100644
index 0000000..21919c7
--- /dev/null
+++ b/services/sts/src/main/webapp/WEB-INF/fediz-sts.xml
@@ -0,0 +1,140 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:cxf="http://cxf.apache.org/core"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xsi:schemaLocation="
+ http://cxf.apache.org/core
+ http://cxf.apache.org/schemas/core.xsd
+ http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+ http://www.springframework.org/schema/util
+ http://www.springframework.org/schema/util/spring-util-2.0.xsd">
+
+ <import resource="classpath:META-INF/cxf/cxf.xml" />
+
+ <bean id="loggerListener" class="org.apache.cxf.sts.event.map.EventMapper">
+ <constructor-arg>
+ <bean class="org.apache.cxf.sts.event.map.MapEventLogger" />
+ </constructor-arg>
+ </bean>
+
+ <util:list id="delegationHandlers">
+ <bean id="samlDelegationHandler"
+ class="org.apache.cxf.fediz.service.sts.FedizSAMLDelegationHandler" />
+ <bean id="x509DelegationHandler"
+ class="org.apache.cxf.fediz.service.sts.FedizX509DelegationHandler" />
+ </util:list>
+
+ <bean id="transportSTSProviderBean"
+ class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider">
+ <property name="issueOperation" ref="transportIssueDelegate" />
+ <property name="validateOperation" ref="transportValidateDelegate" />
+ </bean>
+
+ <bean id="transportIssueDelegate" class="org.apache.cxf.sts.operation.TokenIssueOperation">
+ <property name="tokenProviders" ref="transportTokenProviders" />
+ <property name="services" ref="transportServices" />
+ <property name="stsProperties" ref="transportSTSProperties" />
+ <property name="claimsManager" ref="claimsManager" />
+ <property name="tokenValidators" ref="transportTokenValidators" />
+ <property name="eventListener" ref="loggerListener" />
+ <property name="delegationHandlers" ref="delegationHandlers" />
+ </bean>
+
+ <bean id="transportValidateDelegate" class="org.apache.cxf.sts.operation.TokenValidateOperation">
+ <property name="tokenValidators" ref="transportTokenValidators" />
+ <property name="stsProperties" ref="transportSTSProperties" />
+ <property name="eventListener" ref="loggerListener" />
+ </bean>
+
+ <util:list id="transportTokenProviders">
+ <ref bean="transportSamlTokenProvider" />
+ </util:list>
+
+ <util:list id="transportTokenValidators">
+ <ref bean="transportSamlTokenValidator" />
+ <bean class="org.apache.cxf.sts.token.validator.X509TokenValidator" />
+ </util:list>
+
+ <bean id="transportSamlTokenProvider" class="org.apache.cxf.sts.token.provider.SAMLTokenProvider">
+ <property name="attributeStatementProviders" ref="attributeStatementProvidersList" />
+ <property name="realmMap" ref="realms" />
+ <property name="conditionsProvider" ref="conditionsProvider" />
+ <property name="subjectProvider" ref="subjectProvider" />
+ </bean>
+
+ <bean id="conditionsProvider"
+ class="org.apache.cxf.sts.token.provider.DefaultConditionsProvider">
+ <property name="lifetime" value="1200" />
+ <property name="acceptClientLifetime" value="true" />
+ </bean>
+
+ <bean id="subjectProvider"
+ class="org.apache.cxf.sts.token.provider.DefaultSubjectProvider">
+ <property name="subjectNameIDFormat"
+ value="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />
+ </bean>
+
+ <util:list id="attributeStatementProvidersList">
+ <ref bean="claimAttributeProvider" />
+ </util:list>
+
+ <bean id="claimAttributeProvider"
+ class="org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider">
+ </bean>
+
+ <bean id="claimsManager" class="org.apache.cxf.sts.claims.ClaimsManager">
+ <property name="claimHandlers" ref="claimHandlerList" />
+ </bean>
+
+ <bean id="samlRealmCodec"
+ class="org.apache.cxf.fediz.service.sts.realms.SamlRealmCodec" />
+
+ <bean id="customRealmParser" class="org.apache.cxf.fediz.service.sts.realms.UriRealmParser" />
+
+ <bean id="transportSamlTokenValidator"
+ class="org.apache.cxf.sts.token.validator.SAMLTokenValidator">
+ <property name="samlRealmCodec" ref="samlRealmCodec" />
+ </bean>
+
+ <util:list id="transportServices">
+ <ref bean="transportService" />
+ </util:list>
+
+ <bean id="transportService" class="org.apache.cxf.sts.service.StaticService">
+ <property name="endpoints">
+ <util:list>
+ <value>.*</value>
+ </util:list>
+ </property>
+ </bean>
+
+ <bean id="transportSTSProperties" class="org.apache.cxf.sts.StaticSTSProperties">
+ <property name="callbackHandlerClass" value="${callback.handler}" />
+ <property name="issuer" value="${issuer}" />
+ <property name="realmParser" ref="customRealmParser" />
+ <property name="signatureCryptoProperties" value="${signature.properties}" />
+ <property name="relationships" ref="relationships" />
+ </bean>
+
+</beans>
+
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/af2ac366/services/sts/src/main/webapp/WEB-INF/file.xml
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/file.xml b/services/sts/src/main/webapp/WEB-INF/file.xml
deleted file mode 100644
index 3c4ed06..0000000
--- a/services/sts/src/main/webapp/WEB-INF/file.xml
+++ /dev/null
@@ -1,65 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:jaxws="http://cxf.apache.org/jaxws"
- xsi:schemaLocation="
- http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
- http://www.springframework.org/schema/util
- http://www.springframework.org/schema/util/spring-util-2.0.xsd
- http://cxf.apache.org/jaxws
- http://cxf.apache.org/schemas/jaxws.xsd">
-
- <import resource="data/userClaims.xml" />
- <import resource="data/passwords.xml" />
-
- <bean id="upCallBackHandlerRealmA"
- class="org.apache.cxf.fediz.service.sts.UsernamePasswordCallbackHandler">
- <property name="passwords" ref="REALMA" />
- </bean>
-
- <bean id="upCallBackHandlerRealmB"
- class="org.apache.cxf.fediz.service.sts.UsernamePasswordCallbackHandler">
- <property name="passwords" ref="REALMB" />
- </bean>
-
- <jaxws:endpoint id="transportSTSRealmAUT"
- implementor="#transportSTSProviderBean" address="/REALMA/STSServiceTransportUT"
- wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
- xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
- serviceName="ns1:SecurityTokenService" endpointName="ns1:TransportUT_Port">
- <jaxws:properties>
- <entry key="ws-security.callback-handler" value-ref="upCallBackHandlerRealmA" />
- </jaxws:properties>
- </jaxws:endpoint>
-
- <jaxws:endpoint id="transportSTSRealmBUT"
- implementor="#transportSTSProviderBean" address="/REALMB/STSServiceTransportUT"
- wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
- xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
- serviceName="ns1:SecurityTokenService" endpointName="ns1:TransportUT_Port">
- <jaxws:properties>
- <entry key="ws-security.callback-handler" value-ref="upCallBackHandlerRealmB" />
- </jaxws:properties>
- </jaxws:endpoint>
-
-</beans>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/af2ac366/services/sts/src/main/webapp/WEB-INF/kerberos.xml
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/kerberos.xml b/services/sts/src/main/webapp/WEB-INF/kerberos.xml
deleted file mode 100644
index aaab490..0000000
--- a/services/sts/src/main/webapp/WEB-INF/kerberos.xml
+++ /dev/null
@@ -1,49 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:jaxws="http://cxf.apache.org/jaxws"
- xsi:schemaLocation="
- http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
- http://www.springframework.org/schema/util
- http://www.springframework.org/schema/util/spring-util-2.0.xsd
- http://cxf.apache.org/jaxws
- http://cxf.apache.org/schemas/jaxws.xsd">
-
- <import resource="data/userClaims.xml" />
-
- <bean id="kerberosValidator" class="org.apache.wss4j.dom.validate.KerberosTokenValidator">
- <property name="contextName" value="bob"/>
- <property name="serviceName" value="bob@service.ws.apache.org"/>
- </bean>
-
- <jaxws:endpoint id="transportSTSRealmAKerberos"
- implementor="#transportSTSProviderBean" address="/REALMA/STSServiceTransportKerberos"
- wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
- xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
- serviceName="ns1:SecurityTokenService" endpointName="ns1:TransportKerberos_Port">
- <jaxws:properties>
- <entry key="ws-security.bst.validator" value-ref="kerberosValidator"/>
- </jaxws:properties>
- </jaxws:endpoint>
-
-</beans>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/af2ac366/services/sts/src/main/webapp/WEB-INF/ldap.xml
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/ldap.xml b/services/sts/src/main/webapp/WEB-INF/ldap.xml
deleted file mode 100644
index dbd3265..0000000
--- a/services/sts/src/main/webapp/WEB-INF/ldap.xml
+++ /dev/null
@@ -1,117 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:jaxws="http://cxf.apache.org/jaxws"
- xsi:schemaLocation="
- http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
- http://www.springframework.org/schema/util
- http://www.springframework.org/schema/util/spring-util-2.0.xsd
- http://cxf.apache.org/jaxws
- http://cxf.apache.org/schemas/jaxws.xsd">
-
- <util:list id="claimHandlerList">
- <ref bean="userClaimsHandler" />
- <ref bean="groupClaimsHandler" />
- </util:list>
-
- <bean id="contextSource"
- class="org.springframework.ldap.core.support.LdapContextSource">
- <property name="url" value="ldap://localhost:389/" />
- <property name="userDn" value="uid=admin,ou=system" />
- <property name="password" value="secret" />
- </bean>
-
- <bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
- <constructor-arg ref="contextSource" />
- </bean>
-
- <util:map id="claimsToLdapAttributeMapping">
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
- value="givenName" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
- value="sn" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
- value="mail" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country"
- value="c" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcode"
- value="postalCode" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress"
- value="postalAddress" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality"
- value="town" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince"
- value="st" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/gender"
- value="gender" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth"
- value="dateofbirth" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
- value="member" />
- </util:map>
-
- <bean id="userClaimsHandler" class="org.apache.cxf.sts.claims.LdapClaimsHandler">
- <property name="ldapTemplate" ref="ldapTemplate" />
- <property name="claimsLdapAttributeMapping" ref="claimsToLdapAttributeMapping" />
- <property name="userBaseDN" value="ou=users,dc=fediz,dc=org" />
- <property name="userNameAttribute" value="uid" />
- </bean>
-
- <util:map id="appliesToScopeMapping">
- <entry key="urn:org:apache:cxf:fediz:fedizhelloworld"
- value="Example" />
- </util:map>
-
- <bean id="groupClaimsHandler" class="org.apache.cxf.sts.claims.LdapGroupClaimsHandler">
- <property name="ldapTemplate" ref="ldapTemplate" />
- <property name="userBaseDN" value="ou=users,dc=fediz,dc=org" />
- <property name="groupBaseDN" value="ou=groups,dc=fediz,dc=org" />
- <property name="appliesToScopeMapping" ref="appliesToScopeMapping" />
- <property name="userNameAttribute" value="uid" />
- </bean>
-
- <jaxws:endpoint id="transportSTS1" implementor="#transportSTSProviderBean"
- address="/STSService" wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
- xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
- serviceName="ns1:SecurityTokenService" endpointName="ns1:TransportUT_Port">
- <jaxws:properties>
- <entry key="ws-security.ut.validator">
- <bean class="org.apache.ws.security.validate.JAASUsernameTokenValidator">
- <property name="contextName" value="LDAP" />
- </bean>
- </entry>
- </jaxws:properties>
- </jaxws:endpoint>
-
-</beans>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/af2ac366/systests/kerberos/src/test/resources/sts/cxf-transport.xml
----------------------------------------------------------------------
diff --git a/systests/kerberos/src/test/resources/sts/cxf-transport.xml b/systests/kerberos/src/test/resources/sts/cxf-transport.xml
index be3fe02..6506b04 100644
--- a/systests/kerberos/src/test/resources/sts/cxf-transport.xml
+++ b/systests/kerberos/src/test/resources/sts/cxf-transport.xml
@@ -160,7 +160,6 @@
class="org.apache.cxf.fediz.service.sts.realms.SamlRealmCodec" />
<bean id="customRealmParser" class="org.apache.cxf.fediz.service.sts.realms.UriRealmParser">
- <property name="realmMap" ref="realms" />
</bean>
<bean id="transportSamlTokenValidator"