You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by ow...@apache.org on 2013/05/15 23:17:36 UTC
svn commit: r1483086 - in /cxf/fediz/trunk/services/idp/src/main:
java/org/apache/cxf/fediz/service/idp/
java/org/apache/cxf/fediz/service/idp/model/
java/org/apache/cxf/fediz/service/idp/service/ webapp/WEB-INF/
Author: owulff
Date: Wed May 15 21:17:35 2013
New Revision: 1483086
URL: http://svn.apache.org/r1483086
Log:
[FEDIZ-3] added configuration beans
Added:
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/FederationEntryPoint.java
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/IDPConfig.java
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/RequestClaim.java
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/ServiceConfig.java
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/TrustedIDPConfig.java
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigService.java
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigServiceJPA.java
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigServiceSpring.java
cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realma.xml
cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realmb.xml
Modified:
cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml
Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/FederationEntryPoint.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/FederationEntryPoint.java?rev=1483086&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/FederationEntryPoint.java (added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/FederationEntryPoint.java Wed May 15 21:17:35 2013
@@ -0,0 +1,149 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp;
+
+import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.URL;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.cxf.fediz.core.FederationConstants;
+import org.apache.cxf.fediz.service.idp.model.IDPConfig;
+import org.apache.cxf.fediz.service.idp.service.ConfigService;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import org.springframework.beans.BeansException;
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.ApplicationContextAware;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.util.Assert;
+
+
+/**
+ * Used by the <code>ExceptionTranslationFilter</code> to commence authentication via the
+ * WS-Federation protocol.
+ * <p>
+ * The user's browser will be redirected to the IDP.
+ *
+ */
+public class FederationEntryPoint implements AuthenticationEntryPoint,
+ InitializingBean, ApplicationContextAware {
+
+ private static final Logger LOG = LoggerFactory.getLogger(FederationEntryPoint.class);
+
+ private ApplicationContext appContext;
+ private ConfigService configService;
+ private String realm;
+ private IDPConfig idpConfig;
+
+ public ConfigService getConfigService() {
+ return configService;
+ }
+
+ public void setConfigService(ConfigService configService) {
+ this.configService = configService;
+ }
+
+ public String getRealm() {
+ return realm;
+ }
+
+ public void setRealm(String realm) {
+ this.realm = realm;
+ }
+
+ public void afterPropertiesSet() throws Exception {
+ Assert.notNull(this.appContext, "ApplicationContext cannot be null.");
+ Assert.notNull(this.configService, "ConfigService cannot be null.");
+ Assert.notNull(this.realm, "realm cannot be null.");
+ idpConfig = configService.getIDPConfig(realm);
+ Assert.notNull(this.idpConfig, "idpConfig cannot be null. Check realm and config service implementation");
+ }
+
+ public final void commence(final HttpServletRequest servletRequest, final HttpServletResponse response,
+ final AuthenticationException authenticationException) throws IOException, ServletException {
+
+ String redirectUrl = null;
+ String wauth = servletRequest.getParameter(FederationConstants.PARAM_AUTH_TYPE);
+ if (wauth == null) {
+ wauth = "default";
+ }
+ String loginUri = idpConfig.getAuthenticationURIs().get(wauth);
+ if (loginUri == null) {
+ LOG.warn("wauth value '" + wauth + "' not supported");
+ response.sendError(
+ HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "wauth value '" + wauth + "' not supported");
+ }
+ redirectUrl = new StringBuffer(extractFullContextPath(servletRequest))
+ .append(realm).append(loginUri).toString();
+
+ preCommence(servletRequest, response);
+ if (LOG.isInfoEnabled()) {
+ LOG.info("Redirect to " + redirectUrl);
+ }
+ response.sendRedirect(redirectUrl);
+ }
+
+
+ /**
+ * Template method for you to do your own pre-processing before the redirect occurs.
+ *
+ * @param request the HttpServletRequest
+ * @param response the HttpServletResponse
+ */
+ protected void preCommence(final HttpServletRequest request, final HttpServletResponse response) {
+
+ }
+
+ @Override
+ public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
+ this.appContext = applicationContext;
+ }
+
+ protected String extractFullContextPath(HttpServletRequest request) throws MalformedURLException {
+ String result = null;
+ String contextPath = request.getContextPath();
+ String requestUrl = request.getRequestURL().toString();
+ String requestPath = new URL(requestUrl).getPath();
+ // Cut request path of request url and add context path if not ROOT
+ if (requestPath != null && requestPath.length() > 0) {
+ int lastIndex = requestUrl.lastIndexOf(requestPath);
+ result = requestUrl.substring(0, lastIndex);
+ } else {
+ result = requestUrl;
+ }
+ if (contextPath != null && contextPath.length() > 0) {
+ // contextPath contains starting slash
+ result = result + contextPath + "/";
+ } else {
+ result = result + "/";
+ }
+ return result;
+ }
+
+
+
+}
Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/IDPConfig.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/IDPConfig.java?rev=1483086&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/IDPConfig.java (added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/IDPConfig.java Wed May 15 21:17:35 2013
@@ -0,0 +1,230 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.model;
+
+import java.util.List;
+import java.util.Map;
+
+//import javax.persistence.Column;
+//import javax.persistence.Entity;
+//import javax.persistence.Id;
+//import javax.persistence.Table;
+
+//@Entity
+//@Table(name = "IDP")
+public class IDPConfig {
+
+ //@Id
+ //private Long id;
+
+ //@Column(name = "REALM", nullable = false, length = FIELD_LENGTH)
+ //Unique
+ //fed:TargetScope
+ private String realm; //wtrealm, whr
+
+ //Unique
+ //https://<host>:<port>/fediz-idp/<IDP uri>/
+ private String uri;
+
+ //Home Realm Discovery Service
+ //Spring EL
+ private String hrds;
+
+ //@Column(name = "INACTIVE", nullable = true, length = FIELD_LENGTH)
+ //if HRDS can't determine the home realm, should
+ //the list of trusted IDPs be shown to make a choice
+ private boolean provideIDPList;
+
+ //If HRDS can't discover a home realm and displaying IDP list is not enabled
+ //it falls back to current IDP if an authentication domain is configured
+ private boolean useCurrentIDP;
+
+ //Store certificate in DB or filesystem, provide options?
+ //md:KeyDescriptor, use="signing"
+ private String certificate;
+
+ //fed:SecurityTokenSerivceEndpoint
+ private String stsUrl;
+
+ //fed:PassiveRequestorEndpoint
+ //published hostname, port must be configured
+ private String idpUrl;
+
+ //RoleDescriptor protocolSupportEnumeration=
+ // "http://docs.oasis-open.org/wsfed/federation/200706"
+ // "http://docs.oasis-open.org/ws-sx/ws-trust/200512"
+ // Could be more in the future
+ private List<String> supportedProtocols;
+
+ //list of RPs and RP-IDPs from whom we accept SignInResponse
+ //which includes RP IDPs
+ //key: wtrealm
+ private Map<String, ServiceConfig> services;
+
+ //list of trusted IDP from whom we accept SignInResponse
+ //key: whr
+ private Map<String, TrustedIDPConfig> trustedIDPs;
+
+ //which URI to redirect for authentication
+ //fediz-idp/<IDP uri>/login/auth/<auth URI>
+ //wauth to auth URI mapping
+ private Map<String, String> authenticationURIs;
+
+ //required to create Federation Metadata document
+ //fed:TokenTypesOffered
+ private List<String> tokenTypesOffered;
+
+ //fed:ClaimTypesOffered
+ private List<String> claimTypesOffered;
+
+ //ServiceDisplayName
+ private String serviceDisplayName;
+
+ //ServiceDescription
+ private String serviceDescription;
+
+ public String getRealm() {
+ return realm;
+ }
+
+ public void setRealm(String realm) {
+ this.realm = realm;
+ }
+
+ public String getUri() {
+ return uri;
+ }
+
+ public void setUri(String uri) {
+ this.uri = uri;
+ }
+
+ public String getHrds() {
+ return hrds;
+ }
+
+ public void setHrds(String hrds) {
+ this.hrds = hrds;
+ }
+
+ public boolean isProvideIDPList() {
+ return provideIDPList;
+ }
+
+ public void setProvideIDPList(boolean provideIDPList) {
+ this.provideIDPList = provideIDPList;
+ }
+
+ public boolean isUseCurrentIDP() {
+ return useCurrentIDP;
+ }
+
+ public void setUseCurrentIDP(boolean useCurrentIDP) {
+ this.useCurrentIDP = useCurrentIDP;
+ }
+
+ public String getCertificate() {
+ return certificate;
+ }
+
+ public void setCertificate(String certificate) {
+ this.certificate = certificate;
+ }
+
+ public String getStsUrl() {
+ return stsUrl;
+ }
+
+ public void setStsUrl(String stsUrl) {
+ this.stsUrl = stsUrl;
+ }
+
+ public String getIdpUrl() {
+ return idpUrl;
+ }
+
+ public void setIdpUrl(String idpUrl) {
+ this.idpUrl = idpUrl;
+ }
+
+ public List<String> getSupportedProtocols() {
+ return supportedProtocols;
+ }
+
+ public void setSupportedProtocols(List<String> supportedProtocols) {
+ this.supportedProtocols = supportedProtocols;
+ }
+
+ public Map<String, ServiceConfig> getServices() {
+ return services;
+ }
+
+ public void setServices(Map<String, ServiceConfig> services) {
+ this.services = services;
+ }
+
+ public Map<String, TrustedIDPConfig> getTrustedIDPs() {
+ return trustedIDPs;
+ }
+
+ public void setTrustedIDPs(Map<String, TrustedIDPConfig> trustedIDPs) {
+ this.trustedIDPs = trustedIDPs;
+ }
+
+ public Map<String, String> getAuthenticationURIs() {
+ return authenticationURIs;
+ }
+
+ public void setAuthenticationURIs(Map<String, String> authenticationURIs) {
+ this.authenticationURIs = authenticationURIs;
+ }
+
+ public List<String> getTokenTypesOffered() {
+ return tokenTypesOffered;
+ }
+
+ public void setTokenTypesOffered(List<String> tokenTypesOffered) {
+ this.tokenTypesOffered = tokenTypesOffered;
+ }
+
+ public List<String> getClaimTypesOffered() {
+ return claimTypesOffered;
+ }
+
+ public void setClaimTypesOffered(List<String> claimTypesOffered) {
+ this.claimTypesOffered = claimTypesOffered;
+ }
+
+ public String getServiceDisplayName() {
+ return serviceDisplayName;
+ }
+
+ public void setServiceDisplayName(String serviceDisplayName) {
+ this.serviceDisplayName = serviceDisplayName;
+ }
+
+ public String getServiceDescription() {
+ return serviceDescription;
+ }
+
+ public void setServiceDescription(String serviceDescription) {
+ this.serviceDescription = serviceDescription;
+ }
+
+}
Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/RequestClaim.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/RequestClaim.java?rev=1483086&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/RequestClaim.java (added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/RequestClaim.java Wed May 15 21:17:35 2013
@@ -0,0 +1,42 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.model;
+
+import java.net.URI;
+
+public class RequestClaim {
+
+ private URI claimType;
+
+ private boolean optional;
+
+
+ public void setClaimType(URI claimType) {
+ this.claimType = claimType;
+ }
+ public URI getClaimType() {
+ return claimType;
+ }
+ public void setOptional(boolean optional) {
+ this.optional = optional;
+ }
+ public boolean isOptional() {
+ return optional;
+ }
+}
Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/ServiceConfig.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/ServiceConfig.java?rev=1483086&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/ServiceConfig.java (added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/ServiceConfig.java Wed May 15 21:17:35 2013
@@ -0,0 +1,146 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.model;
+
+import java.util.List;
+
+//import javax.persistence.Column;
+//import javax.persistence.Entity;
+//import javax.persistence.Id;
+//import javax.persistence.Table;
+
+//@Entity
+//@Table(name = "SERVICE")
+public class ServiceConfig {
+
+
+ //@Id
+ //private Long id;
+
+
+ //Could be imported from Metadata document or manually filled
+
+ //@Column(name = "REALM", nullable = true, length = FIELD_LENGTH)
+ private String realm; //wtrealm, whr
+
+ //Could be read from Metadata, RoleDescriptor protocolSupportEnumeration=
+ // "http://docs.oasis-open.org/wsfed/federation/200706"
+ // Metadata could provide more than one but one must be chosen
+ private String protocol;
+
+ // Public key only
+ // Could be read from Metadata, md:KeyDescriptor, use="encryption"
+ private String encryptionCertificate;
+
+ // Could be read from Metadata, fed:ClaimTypesRequested
+ private List<RequestClaim> requestedClaims;
+
+ //Could be read from Metadata, ServiceDisplayName
+ //usage for list of application where user is logged in
+ private String serviceDisplayName;
+
+ //Could be read from Metadata, ServiceDescription
+ //usage for list of application where user is logged in
+ private String serviceDescription;
+
+ //Could be read from Metadata, RoleDescriptor
+ //fed:ApplicationServiceType, fed:SecurityTokenServiceType
+ private String role;
+
+
+ // Not in Metadata, configured in IDP or passed in wreq parameter
+ private String tokenType;
+
+ // Not in Metadata, configured in IDP or passed in wreq parameter
+ private String lifeTime;
+
+ public String getRealm() {
+ return realm;
+ }
+
+ public void setRealm(String realm) {
+ this.realm = realm;
+ }
+
+ public String getProtocol() {
+ return protocol;
+ }
+
+ public void setProtocol(String protocol) {
+ this.protocol = protocol;
+ }
+
+ public String getEncryptionCertificate() {
+ return encryptionCertificate;
+ }
+
+ public void setEncryptionCertificate(String encryptionCertificate) {
+ this.encryptionCertificate = encryptionCertificate;
+ }
+
+ public List<RequestClaim> getRequestedClaims() {
+ return requestedClaims;
+ }
+
+ public void setRequestedClaims(List<RequestClaim> requestedClaims) {
+ this.requestedClaims = requestedClaims;
+ }
+
+ public String getServiceDisplayName() {
+ return serviceDisplayName;
+ }
+
+ public void setServiceDisplayName(String serviceDisplayName) {
+ this.serviceDisplayName = serviceDisplayName;
+ }
+
+ public String getServiceDescription() {
+ return serviceDescription;
+ }
+
+ public void setServiceDescription(String serviceDescription) {
+ this.serviceDescription = serviceDescription;
+ }
+
+ public String getRole() {
+ return role;
+ }
+
+ public void setRole(String role) {
+ this.role = role;
+ }
+
+ public String getTokenType() {
+ return tokenType;
+ }
+
+ public void setTokenType(String tokenType) {
+ this.tokenType = tokenType;
+ }
+
+ public String getLifeTime() {
+ return lifeTime;
+ }
+
+ public void setLifeTime(String lifeTime) {
+ this.lifeTime = lifeTime;
+ }
+
+
+}
Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/TrustedIDPConfig.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/TrustedIDPConfig.java?rev=1483086&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/TrustedIDPConfig.java (added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/TrustedIDPConfig.java Wed May 15 21:17:35 2013
@@ -0,0 +1,150 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.model;
+
+
+//import javax.persistence.Column;
+//import javax.persistence.Entity;
+//import javax.persistence.Id;
+//import javax.persistence.Table;
+
+//@Entity
+//@Table(name = "TRUSTEDIDP")
+public class TrustedIDPConfig {
+
+
+ //@Id
+ //private Long id;
+
+ //@Column(name = "REALM", nullable = true, length = FIELD_LENGTH)
+ private String realm; //wtrealm, whr
+
+ // Should tokens be cached from trusted IDPs
+ // to avoid redirection to the trusted IDP again for next SignIn request
+ private boolean cacheTokens;
+
+ //Could be read from Metadata, PassiveRequestorEndpoint
+ private String url;
+
+ //Could be read from Metadata, md:KeyDescriptor, use="signing"
+ //Store certificate in DB or filesystem, provide options?
+ private String certificate;
+
+ //Direct trust (signing cert imported), Indirect trust (CA certs imported, subject configured)
+ private String trustType;
+
+ //Could be read from Metadata, RoleDescriptor protocolSupportEnumeration=
+ // "http://docs.oasis-open.org/wsfed/federation/200706"
+ // Metadata could provide more than one but one must be chosen
+ private String protocol;
+
+ //FederateIdentity, FederateClaims
+ private String federationType;
+
+ //optional (to provide a list of IDPs)
+ private String name;
+
+ //optional (to provide a list of IDPs)
+ private String description;
+
+ //optional (to provide a list of IDPs)
+ private String logo;
+
+ public String getRealm() {
+ return realm;
+ }
+
+ public void setRealm(String realm) {
+ this.realm = realm;
+ }
+
+ public boolean isCacheTokens() {
+ return cacheTokens;
+ }
+
+ public void setCacheTokens(boolean cacheTokens) {
+ this.cacheTokens = cacheTokens;
+ }
+
+ public String getUrl() {
+ return url;
+ }
+
+ public void setUrl(String url) {
+ this.url = url;
+ }
+
+ public String getCertificate() {
+ return certificate;
+ }
+
+ public void setCertificate(String certificate) {
+ this.certificate = certificate;
+ }
+
+ public String getProtocol() {
+ return protocol;
+ }
+
+ public void setProtocol(String protocol) {
+ this.protocol = protocol;
+ }
+
+ public String getFederationType() {
+ return federationType;
+ }
+
+ public void setFederationType(String federationType) {
+ this.federationType = federationType;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ public String getDescription() {
+ return description;
+ }
+
+ public void setDescription(String description) {
+ this.description = description;
+ }
+
+ public String getLogo() {
+ return logo;
+ }
+
+ public void setLogo(String logo) {
+ this.logo = logo;
+ }
+
+ public String getTrustType() {
+ return trustType;
+ }
+
+ public void setTrustType(String trustType) {
+ this.trustType = trustType;
+ }
+
+
+}
Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigService.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigService.java?rev=1483086&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigService.java (added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigService.java Wed May 15 21:17:35 2013
@@ -0,0 +1,29 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.service;
+
+import org.apache.cxf.fediz.service.idp.model.IDPConfig;
+import org.apache.cxf.fediz.service.idp.model.ServiceConfig;
+
+public interface ConfigService {
+
+ ServiceConfig getServiceConfig(String realm);
+
+ IDPConfig getIDPConfig(String realm);
+}
Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigServiceJPA.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigServiceJPA.java?rev=1483086&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigServiceJPA.java (added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigServiceJPA.java Wed May 15 21:17:35 2013
@@ -0,0 +1,38 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.service;
+
+import org.apache.cxf.fediz.service.idp.model.IDPConfig;
+import org.apache.cxf.fediz.service.idp.model.ServiceConfig;
+
+public class ConfigServiceJPA implements ConfigService {
+
+ @Override
+ public ServiceConfig getServiceConfig(String realm) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public IDPConfig getIDPConfig(String realm) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+}
Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigServiceSpring.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigServiceSpring.java?rev=1483086&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigServiceSpring.java (added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigServiceSpring.java Wed May 15 21:17:35 2013
@@ -0,0 +1,69 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.service;
+
+import java.util.List;
+
+import org.apache.cxf.fediz.service.idp.model.IDPConfig;
+import org.apache.cxf.fediz.service.idp.model.ServiceConfig;
+
+public class ConfigServiceSpring implements ConfigService {
+
+ private List<ServiceConfig> serviceConfigs;
+ private List<IDPConfig> idpConfigs;
+
+
+
+ @Override
+ public ServiceConfig getServiceConfig(String realm) {
+ for (ServiceConfig cfg : serviceConfigs) {
+ if (realm.equals(cfg.getRealm())) {
+ return cfg;
+ }
+ }
+ return null;
+ }
+
+ @Override
+ public IDPConfig getIDPConfig(String realm) {
+ for (IDPConfig cfg : idpConfigs) {
+ if (realm.equals(cfg.getRealm())) {
+ return cfg;
+ }
+ }
+ return null;
+ }
+
+ public List<ServiceConfig> getServiceConfigs() {
+ return serviceConfigs;
+ }
+
+ public void setServiceConfigs(List<ServiceConfig> serviceConfigs) {
+ this.serviceConfigs = serviceConfigs;
+ }
+
+ public List<IDPConfig> getIdpConfigs() {
+ return idpConfigs;
+ }
+
+ public void setIdpConfigs(List<IDPConfig> idpConfigs) {
+ this.idpConfigs = idpConfigs;
+ }
+
+}
Modified: cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml?rev=1483086&r1=1483085&r2=1483086&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml (original)
+++ cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml Wed May 15 21:17:35 2013
@@ -21,6 +21,8 @@
<import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="security-config.xml" />
+ <import resource="idp-config-realma.xml" />
+ <!--<import resource="idp-config-realmb.xml" />-->
<cxf:bus>
<cxf:features>
Added: cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realma.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realma.xml?rev=1483086&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realma.xml (added)
+++ cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realma.xml Wed May 15 21:17:35 2013
@@ -0,0 +1,133 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:cxf="http://cxf.apache.org/core" xmlns:jaxws="http://cxf.apache.org/jaxws"
+ xmlns:test="http://apache.org/hello_world_soap_http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:util="http://www.springframework.org/schema/util" xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xsi:schemaLocation="
+ http://cxf.apache.org/core
+ http://cxf.apache.org/schemas/core.xsd
+ http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+ http://cxf.apache.org/jaxws
+ http://cxf.apache.org/schemas/jaxws.xsd
+ http://www.springframework.org/schema/util
+ http://www.springframework.org/schema/util/spring-util-2.0.xsd
+ http://cxf.apache.org/transports/http/configuration
+ http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/configuration/security
+ http://cxf.apache.org/schemas/configuration/security.xsd">
+
+
+ <bean id="config" class="org.apache.cxf.fediz.service.idp.service.ConfigServiceSpring">
+ <property name="idpConfigs">
+ <util:list>
+ <ref bean="idp-realmA" />
+ </util:list>
+ </property>
+ <property name="serviceConfigs">
+ <util:list>
+ <ref bean="srv-fedizhelloworld" />
+ </util:list>
+ </property>
+ </bean>
+
+ <bean id="idp-realmA" class="org.apache.cxf.fediz.service.idp.model.IDPConfig">
+ <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-A" />
+ <property name="uri" value="realma" />
+ <!--<property name="hrds" value="" />--> <!-- TBD, not defined, provide list if enabled -->
+ <property name="provideIDPList" value="true" />
+ <property name="useCurrentIDP" value="true" />
+ <!--<property name="certificate" value="" />--> <!-- STS will sign it -->
+ <property name="stsUrl" value="https://localhost:0/fediz-idp-sts/REALMA" />
+ <property name="idpUrl" value="https://localhost:9443/fediz-idp/federation" />
+ <property name="supportedProtocols">
+ <util:list>
+ <value>http://docs.oasis-open.org/wsfed/federation/200706</value>
+ <value>http://docs.oasis-open.org/ws-sx/ws-trust/200512</value>
+ </util:list>
+ </property>
+ <property name="services">
+ <util:map>
+ <entry key="urn:org:apache:cxf:fediz:fedizhelloworld" value-ref="srv-fedizhelloworld" />
+ </util:map>
+ </property>
+ <property name="trustedIDPs">
+ <util:map>
+ <entry key="urn:org:apache:cxf:fediz:idp:realm-B" value-ref="trusted-idp-realmB" />
+ </util:map>
+ </property>
+ <property name="serviceDisplayName" value="REALM A" />
+ <property name="serviceDescription" value="IDP of Realm A" />
+ </bean>
+
+
+ <bean id="trusted-idp-realmB" class="org.apache.cxf.fediz.service.idp.model.TrustedIDPConfig">
+ <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-B" />
+ <property name="cacheTokens" value="true" />
+ <property name="url" value="https://localhost:7443/fediz-idp/federation/REALMB" />
+ <property name="certificate" value="..." /> <!-- STS should now -->
+ <property name="trustType" value="PEER_TRUST" /> <!-- Required for Fediz Core, Process SignInResponse -->
+ <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706" />
+ <property name="federationType" value="FederateIdentity" /> <!-- Required for STS Relationship -->
+ <property name="name" value="REALM B" />
+ <property name="description" value="IDP of Realm B" />
+ <!--<property name="logo" value="true" />-->
+ </bean>
+
+
+ <bean id="srv-fedizhelloworld" class="org.apache.cxf.fediz.service.idp.model.ServiceConfig">
+ <property name="realm" value="urn:org:apache:cxf:fediz:fedizhelloworld" />
+ <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706" />
+ <property name="serviceDisplayName" value="Fedizhelloworld" />
+ <property name="serviceDescription" value="Web Application to illustrate WS-Federation" />
+ <property name="role" value="ApplicationServiceType" />
+ <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
+ <property name="lifeTime" value="1800" />
+ <!-- <property name="encryptionCertificate" value="" /> -->
+ <property name="requestedClaims">
+ <util:list>
+ <bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
+ <property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" />
+ <property name="optional" value="false" />
+ </bean>
+ <bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
+ <property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" />
+ <property name="optional" value="false" />
+ </bean>
+ <bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
+ <property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" />
+ <property name="optional" value="false" />
+ </bean>
+ <bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
+ <property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" />
+ <property name="optional" value="false" />
+ </bean>
+ </util:list>
+ </property>
+ </bean>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+</beans>
+
Added: cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realmb.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realmb.xml?rev=1483086&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realmb.xml (added)
+++ cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realmb.xml Wed May 15 21:17:35 2013
@@ -0,0 +1,118 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:cxf="http://cxf.apache.org/core" xmlns:jaxws="http://cxf.apache.org/jaxws"
+ xmlns:test="http://apache.org/hello_world_soap_http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:util="http://www.springframework.org/schema/util" xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xsi:schemaLocation="
+ http://cxf.apache.org/core
+ http://cxf.apache.org/schemas/core.xsd
+ http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+ http://cxf.apache.org/jaxws
+ http://cxf.apache.org/schemas/jaxws.xsd
+ http://www.springframework.org/schema/util
+ http://www.springframework.org/schema/util/spring-util-2.0.xsd
+ http://cxf.apache.org/transports/http/configuration
+ http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/configuration/security
+ http://cxf.apache.org/schemas/configuration/security.xsd">
+
+
+ <bean id="config" class="org.apache.cxf.fediz.service.idp.service.ConfigServiceSpring">
+ <property name="idpConfigs">
+ <util:list>
+ <ref bean="idp-realmB" />
+ </util:list>
+ </property>
+ <property name="serviceConfigs">
+ <util:list>
+ <ref bean="idp-realmA" />
+ </util:list>
+ </property>
+ </bean>
+
+ <bean id="idp-realmB" class="org.apache.cxf.fediz.service.idp.model.IDPConfig">
+ <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-B" />
+ <property name="uri" value="realmb" />
+ <!--<property name="hrds" value="" />--> <!-- TBD, not defined, provide list if enabled -->
+ <property name="provideIDPList" value="false" />
+ <property name="useCurrentIDP" value="true" />
+ <!--<property name="certificate" value="" />--> <!-- STS will sign it -->
+ <property name="stsUrl" value="https://localhost:0/fediz-idp-sts/REALMB" />
+ <property name="idpUrl" value="https://localhost:7443/fediz-idp/federation" />
+ <property name="supportedProtocols">
+ <util:list>
+ <value>http://docs.oasis-open.org/wsfed/federation/200706</value>
+ <value>http://docs.oasis-open.org/ws-sx/ws-trust/200512</value>
+ </util:list>
+ </property>
+ <property name="services">
+ <util:map>
+ <entry key="urn:org:apache:cxf:fediz:idp:realm-B" value-ref="idp-realmA" />
+ </util:map>
+ </property>
+ <property name="authenticationURIs">
+ <util:map>
+ <entry key="default" value="/login/default" />
+ </util:map>
+ </property>
+ <property name="serviceDisplayName" value="REALM B" />
+ <property name="serviceDescription" value="IDP of Realm B" />
+ </bean>
+
+ <bean id="idp-realmA" class="org.apache.cxf.fediz.service.idp.model.ServiceConfig">
+ <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-A" />
+ <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706" />
+ <property name="serviceDisplayName" value="Resource IDP Realm A" />
+ <property name="serviceDescription" value="Resource IDP Realm A" />
+ <property name="role" value="SecurityTokenServiceType" />
+ <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
+ <property name="lifeTime" value="3600" />
+ <!-- <property name="encryptionCertificate" value="" /> -->
+ <property name="requestedClaims">
+ <util:list>
+ <bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
+ <property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" />
+ <property name="optional" value="false" />
+ </bean>
+ <bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
+ <property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" />
+ <property name="optional" value="false" />
+ </bean>
+ <bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
+ <property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" />
+ <property name="optional" value="false" />
+ </bean>
+ <bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
+ <property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" />
+ <property name="optional" value="false" />
+ </bean>
+ </util:list>
+ </property>
+ </bean>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+</beans>
+