You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by tb...@apache.org on 2006/12/12 16:24:14 UTC
svn commit: r486187 [40/49] - in /directory/trunks/triplesec: ./ admin-api/
admin-api/src/ admin-api/src/main/ admin-api/src/main/java/
admin-api/src/main/java/org/ admin-api/src/main/java/org/safehaus/
admin-api/src/main/java/org/safehaus/triplesec/ a...
Added: directory/trunks/triplesec/webapp-changelog/src/test/resources/server.ldif
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/webapp-changelog/src/test/resources/server.ldif?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/webapp-changelog/src/test/resources/server.ldif (added)
+++ directory/trunks/triplesec/webapp-changelog/src/test/resources/server.ldif Tue Dec 12 07:23:31 2006
@@ -0,0 +1,545 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+#
+# EXAMPLE.COM is freely and reserved for testing according to this RFC:
+#
+# http://www.rfc-editor.org/rfc/rfc2606.txt
+#
+#
+
+#
+# This ACI allows brouse access to the root suffix and one level below that to anyone.
+# At this level there is nothing critical exposed. Everything that matters is one or
+# more levels below this.
+#
+
+dn: cn=browseRootAci,dc=example,dc=com
+objectClass: top
+objectClass: subentry
+objectClass: accessControlSubentry
+subtreeSpecification: { maximum 1 }
+prescriptiveACI: { identificationTag "browseRoot", precedence 100, authenticationLevel none, itemOrUserFirst userFirst: { userClasses { allUsers }, userPermissions { { protectedItems {entry}, grantsAndDenials { grantReturnDN, grantBrowse } } } } }
+
+dn: ou=Users, dc=example, dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: Users
+
+#
+# This ACI allows users to modify a limited set of attributes in their own user
+# entry as well as read, compare those attributes. The user's entry must be
+# browseable and the DN must be returnable.
+#
+
+dn: cn=allowSelfModificationsAci,dc=example,dc=com
+objectClass: top
+objectClass: subentry
+objectClass: accessControlSubentry
+subtreeSpecification: { base "ou=users", maximum 1 }
+prescriptiveACI: { identificationTag "allowSelfModifications", precedence 14, authenticationLevel simple, itemOrUserFirst userFirst: { userClasses { thisEntry }, userPermissions { { protectedItems {entry}, grantsAndDenials { grantReturnDN, grantModify, grantBrowse, grantRead, grantDiscloseOnError } }, { protectedItems {allAttributeValues {userPassword, krb5Key, givenName, cn, commonName, surName, sn, objectClass }}, grantsAndDenials { grantModify, grantAdd, grantRemove, grantRead, grantDiscloseOnError, grantCompare } } } } }
+
+#
+# This ACI allows users to access a limited set of attributes in their own user
+# entry as well as compare those attributes. The user's entry must be browseable
+# and the DN must be returnable.
+#
+
+dn: cn=allowSelfAccessAci,dc=example,dc=com
+objectClass: top
+objectClass: subentry
+objectClass: accessControlSubentry
+subtreeSpecification: { base "ou=users", maximum 1 }
+prescriptiveACI: { identificationTag "allowSelfAccess", precedence 15, authenticationLevel simple, itemOrUserFirst userFirst: { userClasses { thisEntry }, userPermissions { { protectedItems {entry}, grantsAndDenials { grantReturnDN, grantBrowse, grantRead, grantDiscloseOnError } }, { protectedItems {allAttributeValues {uid, userPassword, givenName, cn, commonName, surName, sn, objectClass, creatorsName, modifiersName, createTimestamp, modifyTimestamp, krb5AccountDisabled, description, apacheSamType }}, grantsAndDenials { grantRead, grantDiscloseOnError, grantCompare } } } } }
+
+dn: ou=Groups, dc=example, dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: Groups
+
+dn: cn=superUsers, ou=Groups, dc=example, dc=com
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: superUsers
+uniqueMember: uid=admin, ou=system
+
+dn: cn=userAdmins, ou=Groups, dc=example, dc=com
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: userAdmin
+uniqueMember: uid=admin, ou=system
+
+dn: cn=applicationAdmins, ou=Groups, dc=example, dc=com
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: applicationAdmin
+uniqueMember: uid=admin, ou=system
+
+dn: cn=groupAdmins, ou=Groups, dc=example, dc=com
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: groupAdmin
+uniqueMember: uid=admin, ou=system
+
+#
+# This ACI allows members of the superUsers group to have full modify and read access
+# to the entire realm as does the system administrator principal: uid=admin, ou=system.
+#
+# The only thing these users cannot do is modify the system partition. They are only
+# restricted to superUser rights within this realm partition
+#
+
+dn: cn=superUsersAci,dc=example,dc=com
+objectClass: top
+objectClass: subentry
+objectClass: accessControlSubentry
+subtreeSpecification: { }
+prescriptiveACI: { identificationTag "superUsersAci", precedence 20, authenticationLevel simple, itemOrUserFirst userFirst: { userClasses { userGroup { "cn=superUsers,ou=groups,dc=example,dc=com" } }, userPermissions { { protectedItems {entry, allUserAttributeTypesAndValues}, grantsAndDenials { grantRead, grantReturnDN, grantBrowse, grantDiscloseOnError, grantCompare, grantAdd, grantRename, grantRemove, grantModify, grantImport, grantExport } } } } }
+
+#
+# This ACI allows members of the userAdmin group to have full modify and read access
+# to user accounts besides their own. Hence they can administer users in the system.
+#
+
+dn: cn=userAdminsAci,dc=example,dc=com
+objectClass: top
+objectClass: subentry
+objectClass: accessControlSubentry
+subtreeSpecification: { base "ou=users", maximum 1 }
+prescriptiveACI: { identificationTag "userAdminsAci", precedence 16, authenticationLevel simple, itemOrUserFirst userFirst: { userClasses { userGroup { "cn=userAdmins,ou=groups,dc=example,dc=com" } }, userPermissions { { protectedItems {entry, allUserAttributeTypesAndValues}, grantsAndDenials { grantRead, grantReturnDN, grantBrowse, grantDiscloseOnError, grantCompare, grantAdd, grantRename, grantRemove, grantModify, grantImport, grantExport } } } } }
+
+
+#
+# This ACI allows members of the applicationAdmin group to have full modify and read access
+# to all applications in the realm. Adding users to this group is like a wild card for
+# application access.
+#
+
+dn: cn=applicationAdminsAci,dc=example,dc=com
+objectClass: top
+objectClass: subentry
+objectClass: accessControlSubentry
+subtreeSpecification: { base "ou=applications" }
+prescriptiveACI: { identificationTag "applicationAdminsAci", precedence 17, authenticationLevel simple, itemOrUserFirst userFirst: { userClasses { userGroup { "cn=applicationAdmins,ou=groups,dc=example,dc=com" } }, userPermissions { { protectedItems {entry, allUserAttributeTypesAndValues}, grantsAndDenials { grantRead, grantReturnDN, grantBrowse, grantDiscloseOnError, grantCompare, grantAdd, grantRename, grantRemove, grantModify, grantImport, grantExport } } } } }
+
+
+#
+# This ACI allows members of the groupAdmins group to have full modify and read access
+# to all groups in the realm other than the superUsers, userAdmins, groupAdmins, and the
+# applicationAdmins groups.
+#
+# The rational behind this is to prevent these users from changing their or other
+# users' access rights for the entire system by modifying their membership in these
+# groups. Making someone a groupAdmin should not open the door to their ability to
+# grant themselves or others system wide administrative abilities.
+#
+# Really the groupAdmins group is intended for users that have the ability to manage
+# group membership in specific application administration groups and that's all.
+# These types of admins should not have the right to promote others to system level
+# administrators or complete super users.
+#
+
+dn: cn=groupAdminsAci,dc=example,dc=com
+objectClass: top
+objectClass: subentry
+objectClass: accessControlSubentry
+subtreeSpecification: { base "ou=groups", specificExclusions { chopBefore: "cn=userAdmins", chopBefore: "cn=groupAdmins", chopBefore: "cn=applicationAdmins", chopBefore: "cn=superUsers" } }
+prescriptiveACI: { identificationTag "groupAdminsAci", precedence 18, authenticationLevel simple, itemOrUserFirst userFirst: { userClasses { userGroup { "cn=groupAdmins,ou=groups,dc=example,dc=com" } }, userPermissions { { protectedItems {entry, allUserAttributeTypesAndValues}, grantsAndDenials { grantRead, grantReturnDN, grantBrowse, grantDiscloseOnError, grantCompare, grantAdd, grantRename, grantRemove, grantModify, grantImport, grantExport } } } } }
+
+# ----------------------------------------------------------------------------
+# Required Kerberos Server User
+# ----------------------------------------------------------------------------
+
+dn: uid=krbtgt, ou=Users, dc=example,dc=com
+cn: Kerberos Server
+sn: Server
+givenName: Kerberos
+objectClass: top
+objectClass: uidObject
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+objectClass: krb5Principal
+objectClass: krb5KDCEntry
+ou: Users
+uid: krbtgt
+krb5PrincipalName: krbtgt/EXAMPLE.COM@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: admin@example.com
+userPassword: secret
+
+# ----------------------------------------------------------------------------
+# Sample Hauskeys Users
+# ----------------------------------------------------------------------------
+
+dn: uid=mplanck, ou=Users, dc=example,dc=com
+cn: Max Planck
+sn: Planck
+givenName: Max
+objectClass: top
+objectClass: uidObject
+objectClass: person
+objectClass: organizationalPerson
+objectClass: extensibleObject
+objectClass: inetOrgPerson
+objectClass: krb5Principal
+objectClass: krb5KDCEntry
+objectClass: safehausProfile
+ou: Users
+uid: mplanck
+krb5PrincipalName: mplanck@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: mplanck@example.com
+telephoneNumber: +1 904 982 6882
+facsimileTelephoneNumber: +1 904 982 6883
+roomNumber: 666
+apacheSamType: 7
+safehausUid: mplanck
+safehausRealm: EXAMPLE.COM
+safehausLabel: example realm
+safehausFactor: 27304238
+safehausSecret:: aaaabbbbccccdddd
+safehausFailuresInEpoch: 0
+safehausResynchCount: -1
+safehausTokenPin: 1234
+safehausInfo: test account
+safehausNotifyBy: sms
+userPassword: secret
+
+dn: uid=aeinstein, ou=Users, dc=example,dc=com
+cn: Albert Einstein
+sn: Einstein
+givenName: Albert
+objectClass: top
+objectClass: uidObject
+objectClass: person
+objectClass: organizationalPerson
+objectClass: extensibleObject
+objectClass: inetOrgPerson
+objectClass: krb5Principal
+objectClass: krb5KDCEntry
+objectClass: safehausProfile
+ou: Users
+uid: aeinstein
+krb5PrincipalName: aeinstein@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: aeinstein@example.com
+telephoneNumber: +1 904 982 6882
+facsimileTelephoneNumber: +1 904 982 6883
+roomNumber: 666
+apacheSamType: 7
+safehausUid: aeinstein
+safehausRealm: EXAMPLE.COM
+safehausLabel: example realm
+safehausFactor: 8745127341
+safehausSecret:: eeeeffffgggghhhh
+safehausFailuresInEpoch: 0
+safehausResynchCount: -1
+safehausTokenPin: 1234
+safehausInfo: test account
+safehausNotifyBy: sms
+userPassword: secret
+
+dn: uid=nbohr, ou=Users, dc=example,dc=com
+cn: Neils Bohr
+sn: Bohr
+givenName: Neils
+objectClass: top
+objectClass: uidObject
+objectClass: person
+objectClass: organizationalPerson
+objectClass: extensibleObject
+objectClass: inetOrgPerson
+objectClass: krb5Principal
+objectClass: krb5KDCEntry
+objectClass: safehausProfile
+ou: Users
+uid: nbohr
+krb5PrincipalName: nbohr@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: nbohr@example.com
+telephoneNumber: +1 904 982 6882
+facsimileTelephoneNumber: +1 904 982 6883
+roomNumber: 666
+apacheSamType: 7
+safehausUid: nbohr
+safehausRealm: EXAMPLE.COM
+safehausLabel: example realm
+safehausFactor: 8745127341
+safehausSecret:: iiiijjjjkkkkllll
+safehausFailuresInEpoch: 0
+safehausResynchCount: -1
+safehausTokenPin: 1234
+safehausInfo: test account
+safehausNotifyBy: sms
+userPassword: secret
+
+# ----------------------------------------------------------------------------
+# Sample Local Users (not 2-factor)
+# ----------------------------------------------------------------------------
+
+dn: uid=mborn, ou=Users, dc=example,dc=com
+cn: Max Born
+sn: Born
+givenName: Max
+objectClass: top
+objectClass: uidObject
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+objectClass: krb5Principal
+objectClass: krb5KDCEntry
+objectClass: safehausProfile
+ou: Users
+uid: mborn
+krb5PrincipalName: mborn@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: mborn@example.com
+telephoneNumber: +1 904 982 6882
+facsimileTelephoneNumber: +1 904 982 6883
+roomNumber: 667
+safehausUid: mborn
+safehausRealm: EXAMPLE.COM
+safehausLabel: example realm
+safehausFactor: 917483720127847
+safehausSecret:: xcJqp45S80e8fahs&@rq1I98awg8)^*
+safehausFailuresInEpoch: 0
+safehausTokenPin: 1234
+safehausResynchCount: -1
+safehausInfo: test account
+safehausNotifyBy: sms
+userPassword: secret
+
+dn: uid=wpauli, ou=Users, dc=example,dc=com
+cn: Wolfgang Pauli
+sn: Pauli
+givenName: Wolfgang
+objectClass: top
+objectClass: uidObject
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+objectClass: krb5Principal
+objectClass: krb5KDCEntry
+objectClass: safehausProfile
+ou: Users
+uid: wpauli
+krb5PrincipalName: wpauli@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: wpauli@example.com
+telephoneNumber: +1 904 982 6882
+facsimileTelephoneNumber: +1 904 982 6883
+roomNumber: 667
+safehausUid: wpauli
+safehausRealm: EXAMPLE.COM
+safehausLabel: example realm
+safehausFactor: 917483720127847
+safehausSecret:: xcJqp45S80e8fahs&@rq1I98awg8)^*
+safehausFailuresInEpoch: 0
+safehausTokenPin: 1234
+safehausResynchCount: -1
+safehausInfo: test account
+safehausNotifyBy: sms
+userPassword: secret
+
+dn: uid=mcurie, ou=Users, dc=example,dc=com
+cn: Marie Curie
+sn: Curie
+givenName: Marie
+objectClass: top
+objectClass: uidObject
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+objectClass: krb5Principal
+objectClass: krb5KDCEntry
+objectClass: safehausProfile
+ou: Users
+uid: mcurie
+krb5PrincipalName: mcurie@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: mcurie@example.com
+telephoneNumber: +1 904 982 6882
+facsimileTelephoneNumber: +1 904 982 6883
+roomNumber: 667
+safehausUid: mcurie
+safehausRealm: EXAMPLE.COM
+safehausLabel: example realm
+safehausFactor: 917483720127847
+safehausSecret:: xcJqp45S80e8fahs&@rq1I98awg8)^*
+safehausFailuresInEpoch: 0
+safehausTokenPin: 1234
+safehausResynchCount: -1
+safehausInfo: test account
+safehausNotifyBy: sms
+userPassword: secret
+
+# ----------------------------------------------------------------------------
+# Sample External Users (not 2-factor)
+# ----------------------------------------------------------------------------
+
+dn: uid=pdirac, ou=Users, dc=example,dc=com
+objectClass: top
+objectClass: uidObject
+objectClass: extensibleObject
+objectClass: referral
+uid: pdirac
+ref: ldap://ad.example.com/uid=pdirac, ou=Users, dc=example,dc=com
+
+dn: uid=efermi, ou=Users, dc=example,dc=com
+objectClass: top
+objectClass: uidObject
+objectClass: extensibleObject
+objectClass: referral
+uid: efermi
+ref: ldap://openldap.example.com/uid=efermi, ou=Users, dc=example,dc=com
+
+dn: uid=rfeynman, ou=Users, dc=example,dc=com
+objectClass: top
+objectClass: uidObject
+objectClass: extensibleObject
+objectClass: referral
+uid: rfeynman
+ref: ldap://apacheds.example.com/uid=rfeynman, ou=Users, dc=example,dc=com
+
+# ----------------------------------------------------------------------------
+# Applications
+# ----------------------------------------------------------------------------
+
+dn: ou=Applications,dc=example,dc=com
+objectClass: top
+objectClass: organizationalunit
+ou: applications
+
+dn: appname=demo,ou=Applications,dc=example,dc=com
+objectclass: policyApplication
+objectclass: top
+appname: demo
+description: Demo application.
+userpassword:: c2VjcmV0
+
+dn: ou=permissions,appname=demo,ou=Applications,dc=example,dc=com
+objectclass: organizationalUnit
+objectclass: top
+ou: permissions
+
+dn: permname=bend,ou=permissions,appname=demo,ou=Applications,dc=example,dc=com
+objectclass: policyPermission
+objectclass: top
+permname: bend
+
+dn: permname=fold,ou=permissions,appname=demo,ou=Applications,dc=example,dc=com
+objectclass: policyPermission
+objectclass: top
+permname: fold
+
+dn: permname=mutilate,ou=permissions,appname=demo,ou=Applications,dc=example,dc=com
+objectclass: policyPermission
+objectclass: top
+permname: mutilate
+
+dn: permname=spindle,ou=permissions,appname=demo,ou=Applications,dc=example,dc=com
+objectclass: policyPermission
+objectclass: top
+permname: spindle
+
+dn: permname=twist,ou=permissions,appname=demo,ou=Applications,dc=example,dc=com
+objectclass: policyPermission
+objectclass: top
+permname: twist
+
+dn: ou=roles,appname=demo,ou=Applications,dc=example,dc=com
+objectclass: organizationalUnit
+objectclass: top
+ou: roles
+
+dn: rolename=superuser,ou=roles,appname=demo,ou=Applications,dc=example,dc=com
+objectclass: policyRole
+objectclass: top
+grants: bend
+grants: fold
+grants: mutilate
+grants: spindle
+grants: twist
+rolename: superuser
+
+dn: rolename=untrusted,ou=roles,appname=demo,ou=Applications,dc=example,dc=com
+objectclass: policyRole
+objectclass: top
+grants: bend
+rolename: untrusted
+
+dn: rolename=trusted,ou=roles,appname=demo,ou=Applications,dc=example,dc=com
+objectclass: policyRole
+objectclass: top
+grants: bend
+grants: fold
+grants: mutilate
+rolename: trusted
+
+dn: ou=profiles,appname=demo,ou=Applications,dc=example,dc=com
+objectclass: organizationalUnit
+objectclass: top
+ou: profiles
+
+dn: profileid=nbohr,ou=profiles,appname=demo,ou=Applications,dc=example,dc=com
+objectclass: policyProfile
+objectclass: top
+profileid: nbohr
+roles: trusted
+user: nbohr
+
+dn: profileid=nbohr-superuser,ou=profiles,appname=demo,ou=Applications,dc=example,dc=com
+objectclass: policyProfile
+objectclass: top
+denials: fold
+profileid: nbohr-superuser
+roles: superuser
+user: nbohr
+
+dn: profileid=mborn,ou=profiles,appname=demo,ou=Applications,dc=example,dc=com
+objectclass: policyProfile
+objectclass: top
+grants: twist
+profileid: mborn
+roles: trusted
+user: mborn
+
+dn: profileid=aeinstein,ou=profiles,appname=demo,ou=Applications,dc=example,dc=com
+objectclass: policyProfile
+objectclass: top
+grants: twist
+profileid: aeinstein
+roles: trusted
+user: aeinstein
+
+dn: profileid=mcurie,ou=profiles,appname=demo,ou=Applications,dc=example,dc=com
+objectclass: policyProfile
+objectclass: top
+grants: spindle
+profileid: mcurie
+roles: trusted
+user: mcurie
+
+dn: profileid=wpauli,ou=profiles,appname=demo,ou=Applications,dc=example,dc=com
+objectclass: policyProfile
+objectclass: top
+profileid: wpauli
+roles: untrusted
+user: wpauli
Added: directory/trunks/triplesec/webapp-changelog/src/test/resources/server.xml
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/webapp-changelog/src/test/resources/server.xml?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/webapp-changelog/src/test/resources/server.xml (added)
+++ directory/trunks/triplesec/webapp-changelog/src/test/resources/server.xml Tue Dec 12 07:23:31 2006
@@ -0,0 +1,256 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
+ "http://www.springframework.org/dtd/spring-beans.dtd">
+
+<beans>
+ <bean id="environment" class="org.springframework.beans.factory.config.PropertiesFactoryBean">
+ <property name="properties">
+ <props>
+ <prop key="java.naming.security.authentication">simple</prop>
+ <prop key="java.naming.security.principal">uid=admin,ou=system</prop>
+ <prop key="java.naming.security.credentials">secret</prop>
+ <prop key="java.naming.provider.url">dc=example,dc=com</prop>
+ <prop key="java.naming.factory.state">org.safehaus.triplesec.store.ProfileStateFactory</prop>
+ <prop key="java.naming.factory.object">org.safehaus.triplesec.store.ProfileObjectFactory</prop>
+
+ <prop key="kdc.primary.realm">EXAMPLE.COM</prop>
+ <prop key="kdc.principal">krbtgt/EXAMPLE.COM@EXAMPLE.COM</prop>
+ <prop key="kdc.encryption.types">des-cbc-md5 des3-cbc-sha1 des3-cbc-md5 des-cbc-md4 des-cbc-crc</prop>
+ <prop key="kdc.entryBaseDn">ou=users,dc=example,dc=com</prop>
+ <prop key="kdc.java.naming.security.credentials">secret</prop>
+
+ <prop key="changepw.entryBaseDn">ou=users,dc=example,dc=com</prop>
+ <prop key="changepw.java.naming.security.credentials">secret</prop>
+ <prop key="changepw.principal">kadmin/changepw@EXAMPLE.COM</prop>
+
+ <!-- All times are in minutes -->
+ <prop key="kdc.allowable.clockskew">5</prop>
+ <prop key="kdc.tgs.maximum.ticket.lifetime">1440</prop>
+ <prop key="kdc.tgs.maximum.renewable.lifetime">10080</prop>
+ <prop key="kdc.pa.enc.timestamp.required">true</prop>
+ <prop key="kdc.tgs.empty.addresses.allowed">true</prop>
+ <prop key="kdc.tgs.forwardable.allowed">true</prop>
+ <prop key="kdc.tgs.proxiable.allowed">true</prop>
+ <prop key="kdc.tgs.postdate.allowed">true</prop>
+ <prop key="kdc.tgs.renewable.allowed">true</prop>
+
+ <prop key="safehaus.entry.basedn">ou=Users,dc=example,dc=com</prop>
+ <prop key="safehaus.load.testdata">true</prop>
+ <prop key="kerberos.sam.type.7">org.safehaus.triplesec.verifier.hotp.DefaultHotpSamVerifier</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean id="configuration" class="org.safehaus.triplesec.configuration.MutableTriplesecStartupConfiguration">
+ <property name="workingDirectory"><value>partitions</value></property>
+ <property name="allowAnonymousAccess"><value>false</value></property>
+ <property name="accessControlEnabled"><value>true</value></property>
+ <property name="ldapPort"><value>10389</value></property>
+ <property name="enableKerberos"><value>true</value></property>
+ <property name="enableNtp"><value>false</value></property>
+ <property name="enableChangePassword"><value>true</value></property>
+
+ <!-- Uncomment below to have the server load entries on startup! -->
+ <!-- ldifDirectory property can point to a relative file, directory or -->
+ <!-- can point to an absolute path to either using the URL path -->
+ <!-- notation: i.e. file:///Users/jack/apacheds/ldifs -->
+
+ <!-- Entries will optionally be filtered using LdifLoadFilters in the -->
+ <!-- order specified. The included Krb5KdcEntryFilter will filter -->
+ <!-- kerberos principals creating keys for them using their -->
+ <!-- userPassword attribute if present. -->
+
+ <!-- If missing the Triplesec server will use LDIF files under the conf -->
+ <!-- directory where it has been installed. -->
+
+ <!--
+ <property name="ldifDirectory">
+ <value>example.ldif</value>
+ </property>
+ -->
+ <property name="ldifFilters">
+ <list>
+ <bean class="org.apache.directory.server.protocol.shared.store.Krb5KdcEntryFilter"/>
+ </list>
+ </property>
+
+ <property name="activationConfiguration">
+ <bean class="org.safehaus.triplesec.configuration.ActivationConfiguration">
+ <property name="enableDecoyMidlet"><value>true</value></property>
+ <property name="otpLength"><value>6</value></property>
+ <property name="midletNameAttribute"><value>midletNameAttribute</value></property>
+ </bean>
+ </property>
+
+ <property name="smsConfiguration">
+ <bean class="org.safehaus.triplesec.configuration.SmsConfiguration">
+ <property name="smsUsername"><value>hauskeys</value></property>
+ <property name="smsPassword"><value>secret</value></property>
+ <property name="smsAccountName"><value>demo</value></property>
+ <property name="smsTransportUrl"><value>http://www.nbroadcasting.com/customers/messages/Sender.asp</value></property>
+ </bean>
+ </property>
+
+ <property name="smtpConfiguration">
+ <bean class="org.safehaus.triplesec.configuration.SmtpConfiguration">
+ <property name="smtpAuthenticate"><value>false</value></property>
+ <!-- uncomment and set above property if authentication is required by mail server
+ <property name="smtpUsername"><value>hauskeys</value></property>
+ <property name="smtpPassword"><value>secret</value></property>
+ -->
+ <property name="smtpHost"><value>localhost</value></property>
+ <property name="smtpSubject"><value>Triplesec Account Activated</value></property>
+ <property name="smtpFrom"><value>dev@safehaus.org</value></property>
+ </bean>
+ </property>
+
+ <property name="contextPartitionConfigurations">
+ <set>
+ <ref bean="examplePartitionConfiguration"/>
+ </set>
+ </property>
+ <property name="bootstrapSchemas">
+ <set>
+ <bean class="org.apache.directory.server.core.schema.bootstrap.CorbaSchema"/>
+ <bean class="org.apache.directory.server.core.schema.bootstrap.CoreSchema"/>
+ <bean class="org.apache.directory.server.core.schema.bootstrap.CosineSchema"/>
+ <bean class="org.apache.directory.server.core.schema.bootstrap.ApacheSchema"/>
+ <bean class="org.apache.directory.server.core.schema.bootstrap.CollectiveSchema"/>
+ <bean class="org.apache.directory.server.core.schema.bootstrap.InetorgpersonSchema"/>
+ <bean class="org.apache.directory.server.core.schema.bootstrap.JavaSchema"/>
+ <bean class="org.apache.directory.server.core.schema.bootstrap.Krb5kdcSchema"/>
+ <bean class="org.apache.directory.server.core.schema.bootstrap.SystemSchema"/>
+ <bean class="org.safehaus.triplesec.store.schema.SafehausSchema"/>
+ </set>
+ </property>
+
+ <property name="extendedOperationHandlers">
+ <list>
+ <bean class="org.apache.directory.server.ldap.support.extended.GracefulShutdownHandler"/>
+ <bean class="org.apache.directory.server.ldap.support.extended.LaunchDiagnosticUiHandler"/>
+ </list>
+ </property>
+
+ <property name="interceptorConfigurations">
+ <list>
+ <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+ <property name="name"><value>normalizationService</value></property>
+ <property name="interceptor">
+ <bean class="org.apache.directory.server.core.normalization.NormalizationService" />
+ </property>
+ </bean>
+ <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+ <property name="name"><value>authenticationService</value></property>
+ <property name="interceptor">
+ <bean class="org.apache.directory.server.core.authn.AuthenticationService" />
+ </property>
+ </bean>
+ <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+ <property name="name"><value>referralService</value></property>
+ <property name="interceptor">
+ <bean class="org.apache.directory.server.core.referral.ReferralService" />
+ </property>
+ </bean>
+ <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+ <property name="name"><value>authorizationService</value></property>
+ <property name="interceptor">
+ <bean class="org.apache.directory.server.core.authz.AuthorizationService" />
+ </property>
+ </bean>
+ <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+ <property name="name"><value>defaultAuthorizationService</value></property>
+ <property name="interceptor">
+ <bean class="org.apache.directory.server.core.authz.DefaultAuthorizationService" />
+ </property>
+ </bean>
+ <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+ <property name="name"><value>exceptionService</value></property>
+ <property name="interceptor">
+ <bean class="org.apache.directory.server.core.exception.ExceptionService" />
+ </property>
+ </bean>
+ <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+ <property name="name"><value>schemaService</value></property>
+ <property name="interceptor">
+ <bean class="org.apache.directory.server.core.schema.SchemaService" />
+ </property>
+ </bean>
+ <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+ <property name="name"><value>subentryService</value></property>
+ <property name="interceptor">
+ <bean class="org.apache.directory.server.core.subtree.SubentryService" />
+ </property>
+ </bean>
+ <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+ <property name="name"><value>operationalAttributeService</value></property>
+ <property name="interceptor">
+ <bean class="org.apache.directory.server.core.operational.OperationalAttributeService" />
+ </property>
+ </bean>
+ <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+ <property name="name"><value>collectiveAttributeService</value></property>
+ <property name="interceptor">
+ <bean class="org.apache.directory.server.core.collective.CollectiveAttributeService" />
+ </property>
+ </bean>
+ <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+ <property name="name"><value>eventService</value></property>
+ <property name="interceptor">
+ <bean class="org.apache.directory.server.core.event.EventService" />
+ </property>
+ </bean>
+ <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+ <property name="name"><value>policyProtectionService</value></property>
+ <property name="interceptor">
+ <bean class="org.safehaus.triplesec.store.interceptor.PolicyProtectionInterceptor" />
+ </property>
+ </bean>
+ <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+ <property name="name"><value>changelogService</value></property>
+ <property name="interceptor">
+ <bean class="org.safehaus.triplesec.changelog.beta.interceptor.ChangelogService" />
+ </property>
+ </bean>
+ </list>
+ </property>
+ </bean>
+
+ <bean id="examplePartitionConfiguration" class="org.apache.directory.server.core.configuration.MutablePartitionConfiguration">
+ <property name="name"><value>example</value></property>
+ <property name="suffix"><value>dc=example,dc=com</value></property>
+ <property name="indexedAttributes">
+ <set>
+ <value>objectClass</value>
+ <value>ou</value>
+ <value>dc</value>
+ <value>uid</value>
+ <value>profileId</value>
+ <value>roles</value>
+ <value>grants</value>
+ <value>denials</value>
+ <value>krb5PrincipalName</value>
+ </set>
+ </property>
+ <property name="contextEntry">
+ <value>
+ objectClass: top
+ objectClass: domain
+ objectClass: extensibleObject
+ dc: example
+ administrativeRole: accessControlSpecificArea
+ administrativeRole: collectiveAttributeSpecificArea
+ </value>
+ </property>
+ </bean>
+
+ <bean class="org.springframework.beans.factory.config.CustomEditorConfigurer">
+ <property name="customEditors">
+ <map>
+ <entry key="javax.naming.directory.Attributes">
+ <bean class="org.apache.directory.server.core.configuration.AttributesPropertyEditor"/>
+ </entry>
+ </map>
+ </property>
+ </bean>
+</beans>
Added: directory/trunks/triplesec/webapp-config/pom.xml
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/webapp-config/pom.xml?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/webapp-config/pom.xml (added)
+++ directory/trunks/triplesec/webapp-config/pom.xml Tue Dec 12 07:23:31 2006
@@ -0,0 +1,220 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<project>
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.safehaus.triplesec</groupId>
+ <artifactId>build</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </parent>
+ <artifactId>triplesec-webapp-config</artifactId>
+ <name>Triplesec Webapp for Server Configuration</name>
+ <packaging>war</packaging>
+ <build>
+ <finalName>tsec-config</finalName>
+ <plugins>
+ <plugin>
+ <groupId>org.mortbay.jetty</groupId>
+ <artifactId>maven-jetty6-plugin</artifactId>
+ <configuration>
+ <scanIntervalSeconds>10</scanIntervalSeconds>
+ <systemProperties>
+ <systemProperty>
+ <name>org.apache.commons.logging.Log</name>
+ <value>org.apache.commons.logging.impl.SimpleLog</value>
+ </systemProperty>
+ </systemProperties>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+ <dependencies>
+ <dependency>
+ <groupId>wicket</groupId>
+ <artifactId>wicket</artifactId>
+ <version>1.2-beta2</version>
+ </dependency>
+ <!--
+ <dependency>
+ <groupId>wicket</groupId>
+ <artifactId>wicket-extensions</artifactId>
+ <version>1.2-beta2</version>
+ </dependency>
+ -->
+ <dependency>
+ <groupId>servletapi</groupId>
+ <artifactId>servletapi</artifactId>
+ <version>2.3</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ <version>1.2.11</version>
+ </dependency>
+ <dependency>
+ <groupId>${pom.groupId}</groupId>
+ <artifactId>triplesec-integration</artifactId>
+ <version>${pom.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>${pom.groupId}</groupId>
+ <artifactId>triplesec-wicket-tools</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>${pom.groupId}</groupId>
+ <artifactId>triplesec-configuration-io</artifactId>
+ <version>${pom.version}</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>${pom.groupId}</groupId>
+ <artifactId>triplesec-main</artifactId>
+ <version>${pom.version}</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>nlog4j</artifactId>
+ <version>1.2.25</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>commons-io</groupId>
+ <artifactId>commons-io</artifactId>
+ <version>1.2</version>
+ <scope>provided</scope>
+ </dependency>
+
+ <!-- funny thing is we need a dep on the demo app for test scope
+ because we run the integration test with the demo application
+ included
+ -->
+
+ <dependency>
+ <groupId>${pom.groupId}</groupId>
+ <artifactId>triplesec-webapp-demo</artifactId>
+ <version>${pom.version}</version>
+ <type>war</type>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>commons-httpclient</groupId>
+ <artifactId>commons-httpclient</artifactId>
+ <version>2.0.2</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+ <profiles>
+ <profile>
+ <id>default</id>
+ <activation>
+ <activeByDefault>true</activeByDefault>
+ </activation>
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <excludes>
+ <!-- Do not run this test since it never exists -->
+ <exclude>**/RunConfigUI.java</exclude>
+ <!-- Avoid normal integration tests -->
+ <exclude>**/*ITest.java</exclude>
+ <exclude>**/*IntegrationTest.java</exclude>
+ </excludes>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
+ <profile>
+ <id>integration</id>
+ <activation>
+ <property><name>integration</name></property>
+ </activation>
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <systemProperties>
+ <property>
+ <name>org.safehaus.triplesec.integration.resourcesDirectory</name>
+ <value>${basedir}/src/test/resources</value>
+ </property>
+ </systemProperties>
+ <excludes>
+ <!-- Do not run this test since it never exists -->
+ <exclude>**/RunConfigUI.java</exclude>
+ </excludes>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
+ <profile>
+ <id>ui</id>
+ <activation>
+ <property><name>ui</name></property>
+ </activation>
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <forkMode>pertest</forkMode>
+ <argLine>
+ -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005
+ </argLine>
+ <systemProperties>
+ <property>
+ <name>org.safehaus.triplesec.integration.resourcesDirectory</name>
+ <value>${basedir}/src/test/resources</value>
+ </property>
+ <property>
+ <name>org.safehaus.triplesec.integration.webapps</name>
+ <value>config,demo</value>
+ </property>
+ <property>
+ <name>org.safehaus.triplesec.integration.webappWarBase.config</name>
+ <value>${basedir}/target/tsec-config.war</value>
+ </property>
+ <property>
+ <name>org.safehaus.triplesec.integration.webappWarBase.demo</name>
+ <value>${basedir}/../webapp-demo/target/triplesec-demo.war</value>
+ </property>
+ </systemProperties>
+ <includes>
+ <include>**/RunConfigUI.java</include>
+ </includes>
+ <excludes>
+ <exclude>**/*Test.java</exclude>
+ </excludes>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
+ </profiles>
+</project>
Added: directory/trunks/triplesec/webapp-config/src/main/java/org/safehaus/triplesec/configui/model/TriplesecConfigSettings.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/webapp-config/src/main/java/org/safehaus/triplesec/configui/model/TriplesecConfigSettings.java?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/webapp-config/src/main/java/org/safehaus/triplesec/configui/model/TriplesecConfigSettings.java (added)
+++ directory/trunks/triplesec/webapp-config/src/main/java/org/safehaus/triplesec/configui/model/TriplesecConfigSettings.java Tue Dec 12 07:23:31 2006
@@ -0,0 +1,447 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.safehaus.triplesec.configui.model;
+
+
+import java.io.Serializable;
+
+/**
+ * Model object for capturing the Triplesec configuration settings.
+ */
+public class TriplesecConfigSettings implements Serializable
+{
+ private static final long serialVersionUID = -2672319798571167870L;
+
+ private String adminPassword;
+ private String adminPassword2;
+ private String primaryRealmName = "safehaus.org";
+ private String smsProvider = "NMSI HTTP";
+ private String smsUsername;
+ private String smsPassword;
+ private String smsAccountName = "trial";
+ private String smsTransportUrl = "http://demo.safehaus.org/smstrial/smspush";
+ private String smtpUsername;
+ private String smtpPassword;
+ private String smtpHost = "localhost";
+ private String smtpSubject = "Triplesec Event";
+ private String smtpFrom = "dev@safehaus.org";
+ private String ldapCertFilePath;
+ private String ldapCertPassword;
+ private String presentationBaseUrl = "http://demo.safehaus.org";
+ private String regRedirectUrl = "http://demo.safehaus.org/demo";
+ private boolean enableDemo = true;
+ private boolean enableLdap = true;
+ private boolean enableHttp = true;
+ private boolean allowAnonymousAccess = false;
+ private boolean enableLdaps;
+ private boolean smtpAuthenticate = false;
+ private int httpPort = 8383;
+ private int ldapPort = 10389;
+ private int ldapsPort = 10636;
+ private long clockSkew = 5;
+ private long ticketLifetime = 1440;
+ private long renewableLifetime = 10080;
+
+
+ public int getHttpPort()
+ {
+ return httpPort;
+ }
+
+
+ public void setHttpPort( int httpPort )
+ {
+ this.httpPort = httpPort;
+ }
+
+
+ public String getAdminPassword()
+ {
+ return adminPassword;
+ }
+
+
+ public void setAdminPassword( String adminPassword )
+ {
+ this.adminPassword = adminPassword;
+ }
+
+
+ public String getAdminPassword2()
+ {
+ return adminPassword2;
+ }
+
+
+ public void setAdminPassword2( String adminPassword2 )
+ {
+ this.adminPassword2 = adminPassword2;
+ }
+
+
+ public boolean doPasswordsMatch()
+ {
+ return adminPassword.equals( adminPassword2 );
+ }
+
+
+ public boolean isEnableDemo()
+ {
+ return enableDemo;
+ }
+
+
+ public void setEnableDemo( boolean enableDemo )
+ {
+ this.enableDemo = enableDemo;
+ }
+
+
+ public boolean isEnableLdap()
+ {
+ return enableLdap;
+ }
+
+
+ public void setEnableLdap( boolean enableLdap )
+ {
+ this.enableLdap = enableLdap;
+ }
+
+
+ public boolean isAllowAnonymousAccess()
+ {
+ return allowAnonymousAccess;
+ }
+
+
+ public void setAllowAnonymousAccess( boolean allowAnonymousAccess )
+ {
+ this.allowAnonymousAccess = allowAnonymousAccess;
+ }
+
+
+ public int getLdapPort()
+ {
+ return ldapPort;
+ }
+
+
+ public void setLdapPort( int ldapPort )
+ {
+ this.ldapPort = ldapPort;
+ }
+
+
+ public boolean isEnableLdaps()
+ {
+ return enableLdaps;
+ }
+
+
+ public void setEnableLdaps(boolean enableLdaps)
+ {
+ this.enableLdaps = enableLdaps;
+ }
+
+
+ public String getLdapCertFilePath()
+ {
+ return ldapCertFilePath;
+ }
+
+
+ public void setLdapCertFilePath(String ldapCertFilePath)
+ {
+ this.ldapCertFilePath = ldapCertFilePath;
+ }
+
+
+ public String getLdapCertPassword()
+ {
+ return ldapCertPassword;
+ }
+
+
+ public void setLdapCertPassword(String ldapCertPassword)
+ {
+ this.ldapCertPassword = ldapCertPassword;
+ }
+
+
+ public int getLdapsPort()
+ {
+ return ldapsPort;
+ }
+
+
+ public void setLdapsPort( int ldapsPort )
+ {
+ this.ldapsPort = ldapsPort;
+ }
+
+
+ public String getPrimaryRealmName()
+ {
+ return primaryRealmName;
+ }
+
+
+ public void setPrimaryRealmName( String primaryRealmName )
+ {
+ this.primaryRealmName = primaryRealmName;
+ }
+
+
+ public long getClockSkew()
+ {
+ return clockSkew;
+ }
+
+
+ public void setClockSkew( long clockSkew )
+ {
+ this.clockSkew = clockSkew;
+ }
+
+
+ public long getTicketLifetime()
+ {
+ return ticketLifetime;
+ }
+
+
+ public void setTicketLifetime( long ticketLifetime )
+ {
+ this.ticketLifetime = ticketLifetime;
+ }
+
+
+ public long getRenewableLifetime()
+ {
+ return renewableLifetime;
+ }
+
+
+ public void setRenewableLifetime( long renewableLifetime )
+ {
+ this.renewableLifetime = renewableLifetime;
+ }
+
+
+ public String getSmsAccountName()
+ {
+ return smsAccountName;
+ }
+
+
+ public void setSmsAccountName(String smsAccountName)
+ {
+ this.smsAccountName = smsAccountName;
+ }
+
+
+ public String getSmsPassword()
+ {
+ return smsPassword;
+ }
+
+
+ public void setSmsPassword(String smsPassword)
+ {
+ this.smsPassword = smsPassword;
+ }
+
+
+ public String getSmsProvider()
+ {
+ return smsProvider;
+ }
+
+
+ public void setSmsProvider(String smsProvider)
+ {
+ this.smsProvider = smsProvider;
+ }
+
+
+ public String getSmsTransportUrl()
+ {
+ return smsTransportUrl;
+ }
+
+
+ public void setSmsTransportUrl(String smsTransportUrl)
+ {
+ this.smsTransportUrl = smsTransportUrl;
+ }
+
+
+ public String getSmsUsername()
+ {
+ return smsUsername;
+ }
+
+
+ public void setSmsUsername(String smsUsername)
+ {
+ this.smsUsername = smsUsername;
+ }
+
+
+ public boolean isSmtpAuthenticate()
+ {
+ return smtpAuthenticate;
+ }
+
+
+ public void setSmtpAuthenticate(boolean smtpAuthenticate)
+ {
+ this.smtpAuthenticate = smtpAuthenticate;
+ }
+
+
+ public String getSmtpFrom()
+ {
+ return smtpFrom;
+ }
+
+
+ public void setSmtpFrom(String smtpFrom)
+ {
+ this.smtpFrom = smtpFrom;
+ }
+
+
+ public String getSmtpHost()
+ {
+ return smtpHost;
+ }
+
+
+ public void setSmtpHost(String smtpHost)
+ {
+ this.smtpHost = smtpHost;
+ }
+
+
+ public String getSmtpPassword()
+ {
+ return smtpPassword;
+ }
+
+
+ public void setSmtpPassword(String smtpPassword)
+ {
+ this.smtpPassword = smtpPassword;
+ }
+
+
+ public String getSmtpSubject()
+ {
+ return smtpSubject;
+ }
+
+
+ public void setSmtpSubject(String smtpSubject)
+ {
+ this.smtpSubject = smtpSubject;
+ }
+
+
+ public String getSmtpUsername()
+ {
+ return smtpUsername;
+ }
+
+
+ public void setSmtpUsername(String smtpUsername)
+ {
+ this.smtpUsername = smtpUsername;
+ }
+
+
+ public void setEnableHttp( boolean enableHttp )
+ {
+ this.enableHttp = enableHttp;
+ }
+
+
+ public boolean isEnableHttp()
+ {
+ return enableHttp;
+ }
+
+
+ public String getPresentationBaseUrl()
+ {
+ return presentationBaseUrl;
+ }
+
+
+ public void setPresentationBaseUrl( String presentationBaseUrl )
+ {
+ this.presentationBaseUrl = presentationBaseUrl;
+ }
+
+
+ public String getRegRedirectUrl()
+ {
+ return regRedirectUrl;
+ }
+
+
+ public void setRegRedirectUrl(String regRedirectUrl)
+ {
+ this.regRedirectUrl = regRedirectUrl;
+ }
+
+
+ public String toString() {
+ return "TriplesecConfigSettings{" +
+ "adminPassword2='" + adminPassword2 + '\'' +
+ ", adminPassword='" + adminPassword + '\'' +
+ ", primaryRealmName='" + primaryRealmName + '\'' +
+ ", smsProvider='" + smsProvider + '\'' +
+ ", smsUsername='" + smsUsername + '\'' +
+ ", smsPassword='" + smsPassword + '\'' +
+ ", smsAccountName='" + smsAccountName + '\'' +
+ ", smsTransportUrl='" + smsTransportUrl + '\'' +
+ ", smtpUsername='" + smtpUsername + '\'' +
+ ", smtpPassword='" + smtpPassword + '\'' +
+ ", smtpHost='" + smtpHost + '\'' +
+ ", smtpSubject='" + smtpSubject + '\'' +
+ ", smtpFrom='" + smtpFrom + '\'' +
+ ", ldapCertFilePath='" + ldapCertFilePath + '\'' +
+ ", ldapCertPassword='" + ldapCertPassword + '\'' +
+ ", enableDemo=" + enableDemo +
+ ", enableLdap=" + enableLdap +
+ ", allowAnonymousAccess=" + allowAnonymousAccess +
+ ", enableLdaps=" + enableLdaps +
+ ", smtpAuthenticate=" + smtpAuthenticate +
+ ", adminPort=" + httpPort +
+ ", ldapPort=" + ldapPort +
+ ", ldapsPort=" + ldapsPort +
+ ", clockSkew=" + clockSkew +
+ ", ticketLifetime=" + ticketLifetime +
+ ", renewableLifetime=" + renewableLifetime +
+ '}';
+ }
+}
Added: directory/trunks/triplesec/webapp-config/src/main/java/org/safehaus/triplesec/configui/util/CertificateUtil.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/webapp-config/src/main/java/org/safehaus/triplesec/configui/util/CertificateUtil.java?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/webapp-config/src/main/java/org/safehaus/triplesec/configui/util/CertificateUtil.java (added)
+++ directory/trunks/triplesec/webapp-config/src/main/java/org/safehaus/triplesec/configui/util/CertificateUtil.java Tue Dec 12 07:23:31 2006
@@ -0,0 +1,52 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.safehaus.triplesec.configui.util;
+
+
+import java.io.File;
+
+import org.apache.directory.shared.ldap.util.NamespaceTools;
+import org.apache.tools.ant.taskdefs.Execute;
+import org.safehaus.triplesec.configui.model.TriplesecConfigSettings;
+
+
+public class CertificateUtil
+{
+ public static void create( File certFile, TriplesecConfigSettings settings ) throws Exception
+ {
+ File keytool = new File( new File( new File( System.getProperty( "java.home" ) ), "bin" ), "keytool" );
+ File parentDirectory = certFile.getParentFile();
+ if ( ! parentDirectory.exists() )
+ {
+ parentDirectory.mkdirs();
+ }
+
+ String baseDn = NamespaceTools.inferLdapName( settings.getPrimaryRealmName().toLowerCase() );
+ String[] args = new String[] {
+ keytool.getAbsolutePath(), "-genkey", "-alias", "default",
+ "-keyalg", "RSA", "-dname", baseDn, "-keypass", settings.getLdapCertPassword(),
+ "-storepass", settings.getLdapCertPassword(), "-keystore", settings.getLdapCertFilePath()
+ };
+ Execute exec = new Execute();
+ exec.setCommandline( args );
+ exec.setWorkingDirectory( parentDirectory );
+ exec.execute();
+ }
+}
Added: directory/trunks/triplesec/webapp-config/src/main/java/org/safehaus/triplesec/configui/util/TriplesecConfigBuilder.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/webapp-config/src/main/java/org/safehaus/triplesec/configui/util/TriplesecConfigBuilder.java?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/webapp-config/src/main/java/org/safehaus/triplesec/configui/util/TriplesecConfigBuilder.java (added)
+++ directory/trunks/triplesec/webapp-config/src/main/java/org/safehaus/triplesec/configui/util/TriplesecConfigBuilder.java Tue Dec 12 07:23:31 2006
@@ -0,0 +1,352 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.safehaus.triplesec.configui.util;
+
+
+import java.io.File;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+import javax.naming.NamingException;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.BasicAttributes;
+
+import org.apache.directory.server.core.authn.AuthenticationService;
+import org.apache.directory.server.core.authz.AuthorizationService;
+import org.apache.directory.server.core.authz.DefaultAuthorizationService;
+import org.apache.directory.server.core.collective.CollectiveAttributeService;
+import org.apache.directory.server.core.configuration.MutablePartitionConfiguration;
+import org.apache.directory.server.core.configuration.MutableInterceptorConfiguration;
+import org.apache.directory.server.core.event.EventService;
+import org.apache.directory.server.core.exception.ExceptionService;
+import org.apache.directory.server.core.normalization.NormalizationService;
+import org.apache.directory.server.core.operational.OperationalAttributeService;
+import org.apache.directory.server.core.referral.ReferralService;
+import org.apache.directory.server.core.schema.SchemaService;
+import org.apache.directory.server.core.schema.bootstrap.ApacheSchema;
+import org.apache.directory.server.core.schema.bootstrap.CollectiveSchema;
+import org.apache.directory.server.core.schema.bootstrap.CorbaSchema;
+import org.apache.directory.server.core.schema.bootstrap.CoreSchema;
+import org.apache.directory.server.core.schema.bootstrap.CosineSchema;
+import org.apache.directory.server.core.schema.bootstrap.InetorgpersonSchema;
+import org.apache.directory.server.core.schema.bootstrap.JavaSchema;
+import org.apache.directory.server.core.schema.bootstrap.Krb5kdcSchema;
+import org.apache.directory.server.core.schema.bootstrap.SystemSchema;
+import org.apache.directory.server.core.subtree.SubentryService;
+import org.apache.directory.server.ldap.support.extended.GracefulShutdownHandler;
+import org.apache.directory.server.ldap.support.extended.LaunchDiagnosticUiHandler;
+import org.apache.directory.server.protocol.shared.store.Krb5KdcEntryFilter;
+import org.apache.directory.shared.ldap.util.NamespaceTools;
+import org.safehaus.triplesec.configui.model.TriplesecConfigSettings;
+import org.safehaus.triplesec.configuration.MutableTriplesecStartupConfiguration;
+import org.safehaus.triplesec.configuration.SmsConfiguration;
+import org.safehaus.triplesec.configuration.SmtpConfiguration;
+import org.safehaus.triplesec.store.interceptor.PolicyProtectionInterceptor;
+import org.safehaus.triplesec.store.schema.SafehausSchema;
+
+
+/**
+ * A tool used to build the server configuration.
+ *
+ * @author <a href="mailto:akarasulu@safehaus.org">Alex Karasulu</a>
+ * @version $Rev$
+ */
+public class TriplesecConfigBuilder
+{
+ public MutableTriplesecStartupConfiguration build( TriplesecConfigSettings settings ) throws NamingException
+ {
+ MutableTriplesecStartupConfiguration config = getDefault();
+
+ /*
+ * Alter the configuration here according to new config settings
+ */
+ String realm = settings.getPrimaryRealmName();
+ String baseDn = NamespaceTools.inferLdapName( realm );
+ baseDn = baseDn.toLowerCase();
+
+ // NTP causes exceptions everytime and has little utility - disabling it
+ config.setEnableNtp( false );
+
+ config.setLdapPort( ( int ) settings.getLdapPort() ); // @todo make getLdapPort() return an int
+ config.setPresentationBaseUrl( settings.getPresentationBaseUrl() );
+
+ if ( realm.toUpperCase().equals( "EXAMPLE.COM" ) )
+ {
+ return config;
+ }
+
+ // -------------------------------------------------------------------
+ // Configure custom partition for realm
+ // -------------------------------------------------------------------
+
+ // create partition and set suffix and name
+ MutablePartitionConfiguration partition = new MutablePartitionConfiguration();
+ Set partitions = new HashSet( 1 );
+ partitions.add( partition );
+ partition.setSuffix( baseDn );
+ if ( realm.indexOf( '.' ) == -1 )
+ {
+ partition.setName( realm.toLowerCase() );
+ }
+ else
+ {
+ String[] comps = realm.split( "\\." );
+ partition.setName( comps[0].toLowerCase() );
+ }
+
+ // setup indices
+ Set indices = new HashSet();
+ indices.add( "objectClass" );
+ indices.add( "ou" );
+ indices.add( "dc" );
+ indices.add( "uid" );
+ indices.add( "profileId" );
+ indices.add( "roles" );
+ indices.add( "grants" );
+ indices.add( "denials" );
+ indices.add( "krb5PrincipalName" );
+ partition.setIndexedAttributes( indices );
+
+ // setup partition's context entry (top entry)
+ Attributes contextEntry = new BasicAttributes( "objectClass", "top", true );
+ contextEntry.get( "objectClass" ).add( "domain" );
+ contextEntry.get( "objectClass" ).add( "extensibleObject" );
+ contextEntry.put( "dc", partition.getName() );
+ contextEntry.put( "administrativeRole", "accessControlSpecificArea" );
+ contextEntry.get( "administrativeRole" ).add( "collectiveAttributeSpecificArea" );
+ partition.setContextEntry( contextEntry );
+
+ config.setContextPartitionConfigurations( partitions );
+
+ // -------------------------------------------------------------------
+ // Configure http settings
+ // -------------------------------------------------------------------
+
+ if ( settings.isEnableHttp() )
+ {
+ config.setEnableHttp( true );
+ config.setHttpPort( settings.getHttpPort() );
+ }
+ else
+ {
+ config.setEnableHttp( false );
+ }
+
+ // -------------------------------------------------------------------
+ // Configure server sms settings
+ // -------------------------------------------------------------------
+
+ SmsConfiguration smsConfig = new SmsConfiguration();
+ config.setSmsConfiguration( smsConfig );
+ smsConfig.setSmsAccountName( settings.getSmsAccountName() );
+ smsConfig.setSmsPassword( settings.getSmsPassword() );
+ smsConfig.setSmsTransportUrl( settings.getSmsTransportUrl() );
+ smsConfig.setSmsUsername( settings.getSmsUsername() );
+
+ // -------------------------------------------------------------------
+ // Configure server smtp settings
+ // -------------------------------------------------------------------
+
+ SmtpConfiguration smtpConfig = new SmtpConfiguration();
+ config.setSmtpConfiguration( smtpConfig );
+ if ( settings.isSmtpAuthenticate() )
+ {
+ smtpConfig.setSmtpAuthenticate( true );
+ smtpConfig.setSmtpPassword( settings.getSmtpPassword() );
+ smtpConfig.setSmtpUsername( settings.getSmtpUsername() );
+ }
+ smtpConfig.setSmtpFrom( settings.getSmtpFrom() );
+ smtpConfig.setSmtpHost( settings.getSmtpHost() );
+ smtpConfig.setSmtpSubject( settings.getSmtpSubject() );
+
+ // -------------------------------------------------------------------
+ // Configure LDAPS settings
+ // -------------------------------------------------------------------
+
+ if ( settings.isEnableLdaps() )
+ {
+ File certFile = new File( settings.getLdapCertFilePath() );
+ config.setEnableLdaps( true );
+ config.setLdapsPort( settings.getLdapsPort() );
+ config.setLdapsCertificateFile( certFile );
+ config.setLdapsCertificatePassword( settings.getLdapCertPassword() );
+ }
+ else
+ {
+ config.setEnableLdaps( false );
+ }
+
+ return config;
+ }
+
+
+ public MutableTriplesecStartupConfiguration getDefault() throws NamingException
+ {
+ MutableTriplesecStartupConfiguration config = new MutableTriplesecStartupConfiguration();
+ config.setLdapPort( 10389 );
+ config.setAccessControlEnabled( true );
+ config.setShutdownHookEnabled( true );
+ config.setAllowAnonymousAccess( false );
+ config.setEnableChangePassword( true );
+ config.setEnableKerberos( true );
+ config.setEnableNetworking( true );
+ config.setEnableLdaps( false );
+ config.setEnableNtp( true );
+ config.setExitVmOnShutdown( true );
+ config.setLdifDirectory( new File( "conf" ) );
+ config.setWorkingDirectory( new File( "var/partitions" ) );
+
+ try
+ {
+ String hostname = InetAddress.getLocalHost().getHostName();
+ config.setPresentationBaseUrl( "http://" + hostname + ":8383" );
+ }
+ catch ( UnknownHostException e )
+ {
+ e.printStackTrace();
+ }
+
+ List filters = new ArrayList();
+ filters.add( new Krb5KdcEntryFilter() );
+ config.setLdifFilters( filters );
+
+ List interceptors = new ArrayList();
+ MutableInterceptorConfiguration interceptorConfiguration = new MutableInterceptorConfiguration();
+ interceptorConfiguration.setInterceptor( new NormalizationService() );
+ interceptorConfiguration.setName( "normalizationService" );
+ interceptors.add( interceptorConfiguration );
+
+ interceptorConfiguration = new MutableInterceptorConfiguration();
+ interceptorConfiguration.setInterceptor( new AuthenticationService() );
+ interceptorConfiguration.setName( "authenticationService" );
+ interceptors.add( interceptorConfiguration );
+
+ interceptorConfiguration = new MutableInterceptorConfiguration();
+ interceptorConfiguration.setInterceptor( new ReferralService() );
+ interceptorConfiguration.setName( "referralService" );
+ interceptors.add( interceptorConfiguration );
+
+ interceptorConfiguration = new MutableInterceptorConfiguration();
+ interceptorConfiguration.setInterceptor( new AuthorizationService() );
+ interceptorConfiguration.setName( "authorizationService" );
+ interceptors.add( interceptorConfiguration );
+
+ interceptorConfiguration = new MutableInterceptorConfiguration();
+ interceptorConfiguration.setInterceptor( new DefaultAuthorizationService() );
+ interceptorConfiguration.setName( "defaultAuthorizationService" );
+ interceptors.add( interceptorConfiguration );
+
+ interceptorConfiguration = new MutableInterceptorConfiguration();
+ interceptorConfiguration.setInterceptor( new ExceptionService() );
+ interceptorConfiguration.setName( "exceptionService" );
+ interceptors.add( interceptorConfiguration );
+
+ interceptorConfiguration = new MutableInterceptorConfiguration();
+ interceptorConfiguration.setInterceptor( new SchemaService() );
+ interceptorConfiguration.setName( "schemaService" );
+ interceptors.add( interceptorConfiguration );
+
+ interceptorConfiguration = new MutableInterceptorConfiguration();
+ interceptorConfiguration.setInterceptor( new SubentryService() );
+ interceptorConfiguration.setName( "subentryService" );
+ interceptors.add( interceptorConfiguration );
+
+ interceptorConfiguration = new MutableInterceptorConfiguration();
+ interceptorConfiguration.setInterceptor( new OperationalAttributeService() );
+ interceptorConfiguration.setName( "operationalAttributeService" );
+ interceptors.add( interceptorConfiguration );
+
+ interceptorConfiguration = new MutableInterceptorConfiguration();
+ interceptorConfiguration.setInterceptor( new CollectiveAttributeService() );
+ interceptorConfiguration.setName( "collectiveAttributeService" );
+ interceptors.add( interceptorConfiguration );
+
+ interceptorConfiguration = new MutableInterceptorConfiguration();
+ interceptorConfiguration.setInterceptor( new EventService() );
+ interceptorConfiguration.setName( "eventService" );
+ interceptors.add( interceptorConfiguration );
+
+ interceptorConfiguration = new MutableInterceptorConfiguration();
+ interceptorConfiguration.setInterceptor( new PolicyProtectionInterceptor() );
+ interceptorConfiguration.setName( "policyProtectionInterceptor" );
+ interceptors.add( interceptorConfiguration );
+
+ config.setInterceptorConfigurations( interceptors );
+
+ List extendedHandlers = new ArrayList();
+ extendedHandlers.add( new GracefulShutdownHandler() );
+ extendedHandlers.add( new LaunchDiagnosticUiHandler() );
+ config.setExtendedOperationHandlers( extendedHandlers );
+
+ config.getSmsConfiguration().setSmsAccountName( "foo" );
+ config.getSmsConfiguration().setSmsUsername( "bar" );
+ config.getSmsConfiguration().setSmsTransportUrl( "http://google.com" );
+ config.getSmsConfiguration().setSmsPassword( "secret" );
+
+ config.getSmtpConfiguration().setSmtpAuthenticate( false );
+ config.getSmtpConfiguration().setSmtpFrom( "dev@safehaus.org" );
+ config.getSmtpConfiguration().setSmtpHost( "localhost" );
+ config.getSmtpConfiguration().setSmtpSubject( "Triplesec account activated" );
+
+ Set partitions = new HashSet( config.getContextPartitionConfigurations() );
+ MutablePartitionConfiguration partitionConfiguration = new MutablePartitionConfiguration();
+ partitionConfiguration.setName( "example" );
+ partitionConfiguration.setSuffix( "dc=example,dc=com" );
+ Set indices = new HashSet();
+ indices.add( "objectClass" );
+ indices.add( "ou" ) ;
+ indices.add( "dc" ) ;
+ indices.add( "uid" ) ;
+ indices.add( "profileId" ) ;
+ indices.add( "roles" ) ;
+ indices.add( "grants" ) ;
+ indices.add( "denials" ) ;
+ indices.add( "krb5PrincipalName" ) ;
+ partitionConfiguration.setIndexedAttributes( indices );
+ Attributes contextEntry = new BasicAttributes( "objectClass", "top", true );
+ contextEntry.get( "objectClass" ).add( "domain" );
+ contextEntry.get( "objectClass" ).add( "extensibleObject" );
+ contextEntry.put( "dc", "example" );
+ contextEntry.put( "administrativeRole", "accessControlSpecificArea" );
+ contextEntry.get( "administrativeRole" ).add( "collectiveAttributeSpecificArea" );
+ partitionConfiguration.setContextEntry( contextEntry );
+ partitions.add( partitionConfiguration );
+ config.setContextPartitionConfigurations( partitions );
+
+ Set schemas = new HashSet();
+ schemas.add( new CorbaSchema() );
+ schemas.add( new CoreSchema() );
+ schemas.add( new CosineSchema() );
+ schemas.add( new ApacheSchema() );
+ schemas.add( new CollectiveSchema() );
+ schemas.add( new InetorgpersonSchema() );
+ schemas.add( new JavaSchema() );
+ schemas.add( new Krb5kdcSchema() );
+ schemas.add( new SystemSchema() );
+ schemas.add( new SafehausSchema() );
+ config.setBootstrapSchemas( schemas );
+
+ return config;
+ }
+}