You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/09/15 13:33:26 UTC
cxf-fediz git commit: More STS refactoring
Repository: cxf-fediz
Updated Branches:
refs/heads/master 150ca5d8e -> 3d732f516
More STS refactoring
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/3d732f51
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/3d732f51
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/3d732f51
Branch: refs/heads/master
Commit: 3d732f5168f940b03cdc674d31830d384ed0ba50
Parents: 150ca5d
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Sep 15 14:33:09 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Sep 15 14:33:09 2016 +0100
----------------------------------------------------------------------
services/sts/src/main/resources/sts.properties | 22 ++
.../src/main/webapp/WEB-INF/cxf-transport.xml | 122 ++++++++++-
.../src/main/webapp/WEB-INF/data/cxf-sts.xml | 209 -------------------
.../sts/src/main/webapp/WEB-INF/data/realms.xml | 77 +++++++
4 files changed, 220 insertions(+), 210 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3d732f51/services/sts/src/main/resources/sts.properties
----------------------------------------------------------------------
diff --git a/services/sts/src/main/resources/sts.properties b/services/sts/src/main/resources/sts.properties
new file mode 100644
index 0000000..4bb5c7e
--- /dev/null
+++ b/services/sts/src/main/resources/sts.properties
@@ -0,0 +1,22 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+signature.properties=stsTruststore.properties
+encryption.properties=stsEncryption.properties
+issuer=Fediz STS
+callback.handler=org.apache.cxf.fediz.service.sts.PasswordCallbackHandler
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3d732f51/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml b/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml
index fedc7e0..0cac6a7 100644
--- a/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml
+++ b/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml
@@ -39,13 +39,133 @@
http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
+ <property name="location" value="classpath:./sts.properties"/>
+ </bean>
+
<import resource="classpath:META-INF/cxf/cxf.xml" />
- <import resource="data/cxf-sts.xml" />
+ <import resource="data/realms.xml" />
<!-- Per default the resource <file.xml> is imported.
If built with Maven Profile 'ldap', the resource <ldap.xml> is imported -->
<import resource="./${adapter.resource}.xml" />
+
+ <bean id="loggerListener" class="org.apache.cxf.sts.event.map.EventMapper">
+ <constructor-arg>
+ <bean class="org.apache.cxf.sts.event.map.MapEventLogger" />
+ </constructor-arg>
+ </bean>
+
+ <util:list id="delegationHandlers">
+ <bean id="samlDelegationHandler"
+ class="org.apache.cxf.fediz.service.sts.FedizSAMLDelegationHandler" />
+ <bean id="x509DelegationHandler"
+ class="org.apache.cxf.fediz.service.sts.FedizX509DelegationHandler" />
+ </util:list>
+
+ <bean id="transportSTSProviderBean"
+ class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider">
+ <property name="issueOperation" ref="transportIssueDelegate" />
+ <property name="validateOperation" ref="transportValidateDelegate" />
+ </bean>
+
+ <bean id="transportIssueDelegate" class="org.apache.cxf.sts.operation.TokenIssueOperation">
+ <property name="tokenProviders" ref="transportTokenProviders" />
+ <property name="services" ref="transportServices" />
+ <property name="stsProperties" ref="transportSTSProperties" />
+ <property name="claimsManager" ref="claimsManager" />
+ <property name="tokenValidators" ref="transportTokenValidators" />
+ <property name="eventListener" ref="loggerListener" />
+ <property name="delegationHandlers" ref="delegationHandlers" />
+ <property name="encryptIssuedToken" value="true"/>
+ </bean>
+
+ <bean id="transportValidateDelegate" class="org.apache.cxf.sts.operation.TokenValidateOperation">
+ <property name="tokenValidators" ref="transportTokenValidators" />
+ <property name="stsProperties" ref="transportSTSProperties" />
+ <property name="eventListener" ref="loggerListener" />
+ </bean>
+
+ <util:list id="transportTokenProviders">
+ <ref bean="transportSamlTokenProvider" />
+ </util:list>
+
+ <util:list id="transportTokenValidators">
+ <ref bean="transportSamlTokenValidator" />
+ <bean class="org.apache.cxf.sts.token.validator.X509TokenValidator" />
+ </util:list>
+
+ <bean id="transportSamlTokenProvider" class="org.apache.cxf.sts.token.provider.SAMLTokenProvider">
+ <property name="attributeStatementProviders" ref="attributeStatementProvidersList" />
+ <property name="realmMap" ref="realms" />
+ <property name="conditionsProvider" ref="conditionsProvider" />
+ <property name="subjectProvider" ref="subjectProvider" />
+ </bean>
+
+ <bean id="conditionsProvider"
+ class="org.apache.cxf.sts.token.provider.DefaultConditionsProvider">
+ <property name="lifetime" value="1200" />
+ <property name="acceptClientLifetime" value="true" />
+ </bean>
+
+ <bean id="subjectProvider"
+ class="org.apache.cxf.sts.token.provider.DefaultSubjectProvider">
+ <property name="subjectNameIDFormat"
+ value="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />
+ </bean>
+
+ <util:list id="attributeStatementProvidersList">
+ <ref bean="claimAttributeProvider" />
+ </util:list>
+
+ <bean id="claimAttributeProvider"
+ class="org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider">
+ </bean>
+
+ <bean id="claimsManager" class="org.apache.cxf.sts.claims.ClaimsManager">
+ <property name="claimHandlers" ref="claimHandlerList" />
+ </bean>
+
+ <bean id="identityMapper"
+ class="org.apache.cxf.fediz.service.sts.realms.IdentityMapperImpl" />
+
+ <bean id="samlRealmCodec"
+ class="org.apache.cxf.fediz.service.sts.realms.SamlRealmCodec" />
+
+ <bean id="customRealmParser" class="org.apache.cxf.fediz.service.sts.realms.UriRealmParser">
+ <property name="realmMap" ref="realms" />
+ </bean>
+
+ <bean id="transportSamlTokenValidator"
+ class="org.apache.cxf.sts.token.validator.SAMLTokenValidator">
+ <property name="samlRealmCodec" ref="samlRealmCodec" />
+ </bean>
+
+ <bean id="transportUsernameTokenValidator"
+ class="org.apache.cxf.sts.token.validator.UsernameTokenValidator">
+ </bean>
+
+ <util:list id="transportServices">
+ <ref bean="transportService" />
+ </util:list>
+
+ <bean id="transportService" class="org.apache.cxf.sts.service.StaticService">
+ <property name="endpoints">
+ <util:list>
+ <value>.*</value>
+ </util:list>
+ </property>
+ </bean>
+
+ <bean id="transportSTSProperties" class="org.apache.cxf.sts.StaticSTSProperties">
+ <property name="callbackHandlerClass" value="${callback.handler}" />
+ <property name="issuer" value="${issuer}" />
+ <property name="realmParser" ref="customRealmParser" />
+ <property name="signatureCryptoProperties" value="${signature.properties}" />
+ <property name="encryptionCryptoProperties" value="${encryption.properties}"/>
+ <property name="relationships" ref="relationships" />
+ </bean>
<jaxws:endpoint id="transportSTSRealmA" implementor="#transportSTSProviderBean"
address="/REALMA/STSServiceTransport" wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3d732f51/services/sts/src/main/webapp/WEB-INF/data/cxf-sts.xml
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/data/cxf-sts.xml b/services/sts/src/main/webapp/WEB-INF/data/cxf-sts.xml
deleted file mode 100644
index b2d43d7..0000000
--- a/services/sts/src/main/webapp/WEB-INF/data/cxf-sts.xml
+++ /dev/null
@@ -1,209 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:cxf="http://cxf.apache.org/core"
- xmlns:jaxws="http://cxf.apache.org/jaxws"
- xmlns:test="http://apache.org/hello_world_soap_http"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:http="http://cxf.apache.org/transports/http/configuration"
- xmlns:sec="http://cxf.apache.org/configuration/security"
- xsi:schemaLocation="
- http://cxf.apache.org/core
- http://cxf.apache.org/schemas/core.xsd
- http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
- http://cxf.apache.org/jaxws
- http://cxf.apache.org/schemas/jaxws.xsd
- http://www.springframework.org/schema/util
- http://www.springframework.org/schema/util/spring-util-2.0.xsd
- http://cxf.apache.org/transports/http/configuration
- http://cxf.apache.org/schemas/configuration/http-conf.xsd
- http://cxf.apache.org/configuration/security
- http://cxf.apache.org/schemas/configuration/security.xsd">
-
- <bean id="loggerListener" class="org.apache.cxf.sts.event.map.EventMapper">
- <constructor-arg>
- <bean class="org.apache.cxf.sts.event.map.MapEventLogger" />
- </constructor-arg>
- </bean>
-
- <util:list id="delegationHandlers">
- <bean id="samlDelegationHandler"
- class="org.apache.cxf.fediz.service.sts.FedizSAMLDelegationHandler" />
- <bean id="x509DelegationHandler"
- class="org.apache.cxf.fediz.service.sts.FedizX509DelegationHandler" />
- </util:list>
-
- <bean id="transportSTSProviderBean"
- class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider">
- <property name="issueOperation" ref="transportIssueDelegate" />
- <property name="validateOperation" ref="transportValidateDelegate" />
- </bean>
-
- <bean id="transportIssueDelegate" class="org.apache.cxf.sts.operation.TokenIssueOperation">
- <property name="tokenProviders" ref="transportTokenProviders" />
- <property name="services" ref="transportServices" />
- <property name="stsProperties" ref="transportSTSProperties" />
- <property name="claimsManager" ref="claimsManager" />
- <property name="tokenValidators" ref="transportTokenValidators" />
- <property name="eventListener" ref="loggerListener" />
- <property name="delegationHandlers" ref="delegationHandlers" />
- <property name="encryptIssuedToken" value="true"/>
- </bean>
-
- <bean id="transportValidateDelegate" class="org.apache.cxf.sts.operation.TokenValidateOperation">
- <property name="tokenValidators" ref="transportTokenValidators" />
- <property name="stsProperties" ref="transportSTSProperties" />
- <property name="eventListener" ref="loggerListener" />
- </bean>
-
- <util:list id="relationships">
- <bean class="org.apache.cxf.sts.token.realm.Relationship">
- <property name="sourceRealm" value="REALMA" />
- <property name="targetRealm" value="REALMB" />
- <property name="identityMapper" ref="identityMapper" />
- <property name="type" value="FederatedIdentity" />
- </bean>
- <bean class="org.apache.cxf.sts.token.realm.Relationship">
- <property name="sourceRealm" value="REALMB" />
- <property name="targetRealm" value="REALMA" />
- <property name="identityMapper" ref="identityMapper" />
- <property name="type" value="FederatedIdentity" />
- </bean>
- </util:list>
-
- <util:list id="transportTokenProviders">
- <ref bean="transportSamlTokenProvider" />
- </util:list>
-
- <util:list id="transportTokenValidators">
- <ref bean="transportSamlTokenValidator" />
- <bean class="org.apache.cxf.sts.token.validator.X509TokenValidator" />
- </util:list>
-
- <bean id="realmA" class="org.apache.cxf.sts.token.realm.SAMLRealm">
- <property name="issuer" value="STS Realm A" />
- <property name="signaturePropertiesFile" value="stsKeystoreA.properties" />
- <property name="callbackHandlerClass"
- value="org.apache.cxf.fediz.service.sts.PasswordCallbackHandler" />
- </bean>
-
- <bean id="realmB" class="org.apache.cxf.sts.token.realm.SAMLRealm">
- <property name="issuer" value="STS Realm B" />
- <property name="signaturePropertiesFile" value="stsKeystoreB.properties" />
- <property name="callbackHandlerClass"
- value="org.apache.cxf.fediz.service.sts.PasswordCallbackHandler" />
- </bean>
-
- <util:map id="realms">
- <entry key="REALMA" value-ref="realmA" />
- <entry key="REALMB" value-ref="realmB" />
- </util:map>
-
- <bean id="transportSamlTokenProvider" class="org.apache.cxf.sts.token.provider.SAMLTokenProvider">
- <property name="attributeStatementProviders" ref="attributeStatementProvidersList" />
- <property name="realmMap" ref="realms" />
- <property name="conditionsProvider" ref="conditionsProvider" />
- <property name="subjectProvider" ref="subjectProvider" />
- </bean>
-
- <bean id="conditionsProvider"
- class="org.apache.cxf.sts.token.provider.DefaultConditionsProvider">
- <property name="lifetime" value="1200" />
- <property name="acceptClientLifetime" value="true" />
- </bean>
-
- <bean id="subjectProvider"
- class="org.apache.cxf.sts.token.provider.DefaultSubjectProvider">
- <property name="subjectNameIDFormat"
- value="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />
- </bean>
-
- <util:list id="attributeStatementProvidersList">
- <ref bean="claimAttributeProvider" />
- </util:list>
-
- <bean id="claimAttributeProvider"
- class="org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider">
- </bean>
-
- <bean id="claimsManager" class="org.apache.cxf.sts.claims.ClaimsManager">
- <property name="claimHandlers" ref="claimHandlerList" />
- </bean>
-
- <bean id="identityMapper"
- class="org.apache.cxf.fediz.service.sts.realms.IdentityMapperImpl" />
-
- <bean id="samlRealmCodec"
- class="org.apache.cxf.fediz.service.sts.realms.SamlRealmCodec" />
-
- <bean id="customRealmParser" class="org.apache.cxf.fediz.service.sts.realms.UriRealmParser">
- <property name="realmMap" ref="realms" />
- </bean>
-
- <bean id="transportSamlTokenValidator"
- class="org.apache.cxf.sts.token.validator.SAMLTokenValidator">
- <property name="samlRealmCodec" ref="samlRealmCodec" />
- </bean>
-
- <bean id="transportUsernameTokenValidator"
- class="org.apache.cxf.sts.token.validator.UsernameTokenValidator">
- </bean>
-
- <util:list id="transportServices">
- <ref bean="myEncryptionService" />
- <ref bean="transportService" />
- </util:list>
-
- <bean id="transportService" class="org.apache.cxf.sts.service.StaticService">
- <property name="endpoints">
- <util:list>
- <value>.*</value>
- </util:list>
- </property>
- </bean>
-
- <bean id="myEncryptionService" class="org.apache.cxf.sts.service.StaticService">
- <property name="endpoints">
- <util:list>
- <value>myServiceB.*</value>
- </util:list>
- </property>
- <property name="encryptionProperties">
- <bean class="org.apache.cxf.sts.service.EncryptionProperties">
- <property name="encryptionName" value="serviceB"/>
- <property name="encryptionAlgorithm" value="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
- </bean>
- </property>
- </bean>
-
- <bean id="transportSTSProperties" class="org.apache.cxf.sts.StaticSTSProperties">
- <property name="callbackHandlerClass"
- value="org.apache.cxf.fediz.service.sts.PasswordCallbackHandler" />
- <property name="issuer" value="Fediz STS" />
- <property name="realmParser" ref="customRealmParser" />
- <property name="signatureCryptoProperties" value="stsTruststore.properties" />
- <property name="encryptionCryptoProperties" value="stsEncryption.properties"/>
- <property name="relationships" ref="relationships" />
- </bean>
-
-</beans>
-
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3d732f51/services/sts/src/main/webapp/WEB-INF/data/realms.xml
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/data/realms.xml b/services/sts/src/main/webapp/WEB-INF/data/realms.xml
new file mode 100644
index 0000000..836e223
--- /dev/null
+++ b/services/sts/src/main/webapp/WEB-INF/data/realms.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:cxf="http://cxf.apache.org/core"
+ xmlns:jaxws="http://cxf.apache.org/jaxws"
+ xmlns:test="http://apache.org/hello_world_soap_http"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xsi:schemaLocation="
+ http://cxf.apache.org/core
+ http://cxf.apache.org/schemas/core.xsd
+ http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+ http://cxf.apache.org/jaxws
+ http://cxf.apache.org/schemas/jaxws.xsd
+ http://www.springframework.org/schema/util
+ http://www.springframework.org/schema/util/spring-util-2.0.xsd
+ http://cxf.apache.org/transports/http/configuration
+ http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/configuration/security
+ http://cxf.apache.org/schemas/configuration/security.xsd">
+
+ <util:list id="relationships">
+ <bean class="org.apache.cxf.sts.token.realm.Relationship">
+ <property name="sourceRealm" value="REALMA" />
+ <property name="targetRealm" value="REALMB" />
+ <property name="identityMapper" ref="identityMapper" />
+ <property name="type" value="FederatedIdentity" />
+ </bean>
+ <bean class="org.apache.cxf.sts.token.realm.Relationship">
+ <property name="sourceRealm" value="REALMB" />
+ <property name="targetRealm" value="REALMA" />
+ <property name="identityMapper" ref="identityMapper" />
+ <property name="type" value="FederatedIdentity" />
+ </bean>
+ </util:list>
+
+ <bean id="realmA" class="org.apache.cxf.sts.token.realm.SAMLRealm">
+ <property name="issuer" value="STS Realm A" />
+ <property name="signaturePropertiesFile" value="stsKeystoreA.properties" />
+ <property name="callbackHandlerClass"
+ value="org.apache.cxf.fediz.service.sts.PasswordCallbackHandler" />
+ </bean>
+
+ <bean id="realmB" class="org.apache.cxf.sts.token.realm.SAMLRealm">
+ <property name="issuer" value="STS Realm B" />
+ <property name="signaturePropertiesFile" value="stsKeystoreB.properties" />
+ <property name="callbackHandlerClass"
+ value="org.apache.cxf.fediz.service.sts.PasswordCallbackHandler" />
+ </bean>
+
+ <util:map id="realms">
+ <entry key="REALMA" value-ref="realmA" />
+ <entry key="REALMB" value-ref="realmB" />
+ </util:map>
+
+</beans>
+