You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/09/12 16:06:07 UTC
cxf-fediz git commit: Refactoring STS configuration to make it easier
to change
Repository: cxf-fediz
Updated Branches:
refs/heads/master b4ac2875d -> 60fd1e8d0
Refactoring STS configuration to make it easier to change
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/60fd1e8d
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/60fd1e8d
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/60fd1e8d
Branch: refs/heads/master
Commit: 60fd1e8d04fdef407fd6389a724ef0eef93b2304
Parents: b4ac287
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Sep 12 17:05:50 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Sep 12 17:05:50 2016 +0100
----------------------------------------------------------------------
.../src/main/webapp/WEB-INF/cxf-transport.xml | 170 +--------------
.../src/main/webapp/WEB-INF/data/cxf-sts.xml | 209 +++++++++++++++++++
.../src/main/webapp/WEB-INF/data/passwords.xml | 42 ++++
.../src/main/webapp/WEB-INF/data/userClaims.xml | 161 ++++++++++++++
services/sts/src/main/webapp/WEB-INF/file.xml | 23 +-
.../sts/src/main/webapp/WEB-INF/kerberos.xml | 21 +-
.../sts/src/main/webapp/WEB-INF/passwords.xml | 42 ----
.../sts/src/main/webapp/WEB-INF/userClaims.xml | 139 ------------
.../main/webapp/WEB-INF/userClaimsKerberos.xml | 138 ------------
9 files changed, 418 insertions(+), 527 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60fd1e8d/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml b/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml
index fb1376c..fedc7e0 100644
--- a/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml
+++ b/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml
@@ -41,175 +41,11 @@
<import resource="classpath:META-INF/cxf/cxf.xml" />
- <bean id="loggerListener" class="org.apache.cxf.sts.event.map.EventMapper">
- <constructor-arg>
- <bean class="org.apache.cxf.sts.event.map.MapEventLogger" />
- </constructor-arg>
- </bean>
-
+ <import resource="data/cxf-sts.xml" />
+
<!-- Per default the resource <file.xml> is imported.
If built with Maven Profile 'ldap', the resource <ldap.xml> is imported -->
- <import resource="${adapter.resource}.xml" />
-
- <util:list id="delegationHandlers">
- <bean id="samlDelegationHandler"
- class="org.apache.cxf.fediz.service.sts.FedizSAMLDelegationHandler" />
- <bean id="x509DelegationHandler"
- class="org.apache.cxf.fediz.service.sts.FedizX509DelegationHandler" />
- </util:list>
-
- <bean id="transportSTSProviderBean"
- class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider">
- <property name="issueOperation" ref="transportIssueDelegate" />
- <property name="validateOperation" ref="transportValidateDelegate" />
- </bean>
-
- <bean id="transportIssueDelegate" class="org.apache.cxf.sts.operation.TokenIssueOperation">
- <property name="tokenProviders" ref="transportTokenProviders" />
- <property name="services" ref="transportServices" />
- <property name="stsProperties" ref="transportSTSProperties" />
- <property name="claimsManager" ref="claimsManager" />
- <property name="tokenValidators" ref="transportTokenValidators" />
- <property name="eventListener" ref="loggerListener" />
- <property name="delegationHandlers" ref="delegationHandlers" />
- <property name="encryptIssuedToken" value="true"/>
- </bean>
-
- <bean id="transportValidateDelegate" class="org.apache.cxf.sts.operation.TokenValidateOperation">
- <property name="tokenValidators" ref="transportTokenValidators" />
- <property name="stsProperties" ref="transportSTSProperties" />
- <property name="eventListener" ref="loggerListener" />
- </bean>
-
- <util:list id="relationships">
- <bean class="org.apache.cxf.sts.token.realm.Relationship">
- <property name="sourceRealm" value="REALMA" />
- <property name="targetRealm" value="REALMB" />
- <property name="identityMapper" ref="identityMapper" />
- <property name="type" value="FederatedIdentity" />
- </bean>
- <bean class="org.apache.cxf.sts.token.realm.Relationship">
- <property name="sourceRealm" value="REALMB" />
- <property name="targetRealm" value="REALMA" />
- <property name="identityMapper" ref="identityMapper" />
- <property name="type" value="FederatedIdentity" />
- </bean>
- </util:list>
-
- <util:list id="transportTokenProviders">
- <ref bean="transportSamlTokenProvider" />
- </util:list>
-
- <util:list id="transportTokenValidators">
- <ref bean="transportSamlTokenValidator" />
- <bean class="org.apache.cxf.sts.token.validator.X509TokenValidator" />
- </util:list>
-
- <bean id="realmA" class="org.apache.cxf.sts.token.realm.SAMLRealm">
- <property name="issuer" value="STS Realm A" />
- <property name="signaturePropertiesFile" value="stsKeystoreA.properties" />
- <property name="callbackHandlerClass"
- value="org.apache.cxf.fediz.service.sts.PasswordCallbackHandler" />
- </bean>
-
- <bean id="realmB" class="org.apache.cxf.sts.token.realm.SAMLRealm">
- <property name="issuer" value="STS Realm B" />
- <property name="signaturePropertiesFile" value="stsKeystoreB.properties" />
- <property name="callbackHandlerClass"
- value="org.apache.cxf.fediz.service.sts.PasswordCallbackHandler" />
- </bean>
-
- <util:map id="realms">
- <entry key="REALMA" value-ref="realmA" />
- <entry key="REALMB" value-ref="realmB" />
- </util:map>
-
- <bean id="transportSamlTokenProvider" class="org.apache.cxf.sts.token.provider.SAMLTokenProvider">
- <property name="attributeStatementProviders" ref="attributeStatementProvidersList" />
- <property name="realmMap" ref="realms" />
- <property name="conditionsProvider" ref="conditionsProvider" />
- <property name="subjectProvider" ref="subjectProvider" />
- </bean>
-
- <bean id="conditionsProvider"
- class="org.apache.cxf.sts.token.provider.DefaultConditionsProvider">
- <property name="lifetime" value="1200" />
- <property name="acceptClientLifetime" value="true" />
- </bean>
-
- <bean id="subjectProvider"
- class="org.apache.cxf.sts.token.provider.DefaultSubjectProvider">
- <property name="subjectNameIDFormat"
- value="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />
- </bean>
-
- <util:list id="attributeStatementProvidersList">
- <ref bean="claimAttributeProvider" />
- </util:list>
-
- <bean id="claimAttributeProvider"
- class="org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider">
- </bean>
-
- <bean id="claimsManager" class="org.apache.cxf.sts.claims.ClaimsManager">
- <property name="claimHandlers" ref="claimHandlerList" />
- </bean>
-
- <bean id="identityMapper"
- class="org.apache.cxf.fediz.service.sts.realms.IdentityMapperImpl" />
-
- <bean id="samlRealmCodec"
- class="org.apache.cxf.fediz.service.sts.realms.SamlRealmCodec" />
-
- <bean id="customRealmParser" class="org.apache.cxf.fediz.service.sts.realms.UriRealmParser">
- <property name="realmMap" ref="realms" />
- </bean>
-
- <bean id="transportSamlTokenValidator"
- class="org.apache.cxf.sts.token.validator.SAMLTokenValidator">
- <property name="samlRealmCodec" ref="samlRealmCodec" />
- </bean>
-
- <bean id="transportUsernameTokenValidator"
- class="org.apache.cxf.sts.token.validator.UsernameTokenValidator">
- </bean>
-
- <util:list id="transportServices">
- <ref bean="myEncryptionService" />
- <ref bean="transportService" />
- </util:list>
-
- <bean id="transportService" class="org.apache.cxf.sts.service.StaticService">
- <property name="endpoints">
- <util:list>
- <value>.*</value>
- </util:list>
- </property>
- </bean>
-
- <bean id="myEncryptionService" class="org.apache.cxf.sts.service.StaticService">
- <property name="endpoints">
- <util:list>
- <value>myServiceB.*</value>
- </util:list>
- </property>
- <property name="encryptionProperties">
- <bean class="org.apache.cxf.sts.service.EncryptionProperties">
- <property name="encryptionName" value="serviceB"/>
- <property name="encryptionAlgorithm" value="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
- </bean>
- </property>
- </bean>
-
- <bean id="transportSTSProperties" class="org.apache.cxf.sts.StaticSTSProperties">
- <property name="callbackHandlerClass"
- value="org.apache.cxf.fediz.service.sts.PasswordCallbackHandler" />
- <property name="issuer" value="Fediz STS" />
- <property name="realmParser" ref="customRealmParser" />
- <property name="signatureCryptoProperties" value="stsTruststore.properties" />
- <property name="encryptionCryptoProperties" value="stsEncryption.properties"/>
- <property name="relationships" ref="relationships" />
- </bean>
+ <import resource="./${adapter.resource}.xml" />
<jaxws:endpoint id="transportSTSRealmA" implementor="#transportSTSProviderBean"
address="/REALMA/STSServiceTransport" wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60fd1e8d/services/sts/src/main/webapp/WEB-INF/data/cxf-sts.xml
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/data/cxf-sts.xml b/services/sts/src/main/webapp/WEB-INF/data/cxf-sts.xml
new file mode 100644
index 0000000..b2d43d7
--- /dev/null
+++ b/services/sts/src/main/webapp/WEB-INF/data/cxf-sts.xml
@@ -0,0 +1,209 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:cxf="http://cxf.apache.org/core"
+ xmlns:jaxws="http://cxf.apache.org/jaxws"
+ xmlns:test="http://apache.org/hello_world_soap_http"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xsi:schemaLocation="
+ http://cxf.apache.org/core
+ http://cxf.apache.org/schemas/core.xsd
+ http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+ http://cxf.apache.org/jaxws
+ http://cxf.apache.org/schemas/jaxws.xsd
+ http://www.springframework.org/schema/util
+ http://www.springframework.org/schema/util/spring-util-2.0.xsd
+ http://cxf.apache.org/transports/http/configuration
+ http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/configuration/security
+ http://cxf.apache.org/schemas/configuration/security.xsd">
+
+ <bean id="loggerListener" class="org.apache.cxf.sts.event.map.EventMapper">
+ <constructor-arg>
+ <bean class="org.apache.cxf.sts.event.map.MapEventLogger" />
+ </constructor-arg>
+ </bean>
+
+ <util:list id="delegationHandlers">
+ <bean id="samlDelegationHandler"
+ class="org.apache.cxf.fediz.service.sts.FedizSAMLDelegationHandler" />
+ <bean id="x509DelegationHandler"
+ class="org.apache.cxf.fediz.service.sts.FedizX509DelegationHandler" />
+ </util:list>
+
+ <bean id="transportSTSProviderBean"
+ class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider">
+ <property name="issueOperation" ref="transportIssueDelegate" />
+ <property name="validateOperation" ref="transportValidateDelegate" />
+ </bean>
+
+ <bean id="transportIssueDelegate" class="org.apache.cxf.sts.operation.TokenIssueOperation">
+ <property name="tokenProviders" ref="transportTokenProviders" />
+ <property name="services" ref="transportServices" />
+ <property name="stsProperties" ref="transportSTSProperties" />
+ <property name="claimsManager" ref="claimsManager" />
+ <property name="tokenValidators" ref="transportTokenValidators" />
+ <property name="eventListener" ref="loggerListener" />
+ <property name="delegationHandlers" ref="delegationHandlers" />
+ <property name="encryptIssuedToken" value="true"/>
+ </bean>
+
+ <bean id="transportValidateDelegate" class="org.apache.cxf.sts.operation.TokenValidateOperation">
+ <property name="tokenValidators" ref="transportTokenValidators" />
+ <property name="stsProperties" ref="transportSTSProperties" />
+ <property name="eventListener" ref="loggerListener" />
+ </bean>
+
+ <util:list id="relationships">
+ <bean class="org.apache.cxf.sts.token.realm.Relationship">
+ <property name="sourceRealm" value="REALMA" />
+ <property name="targetRealm" value="REALMB" />
+ <property name="identityMapper" ref="identityMapper" />
+ <property name="type" value="FederatedIdentity" />
+ </bean>
+ <bean class="org.apache.cxf.sts.token.realm.Relationship">
+ <property name="sourceRealm" value="REALMB" />
+ <property name="targetRealm" value="REALMA" />
+ <property name="identityMapper" ref="identityMapper" />
+ <property name="type" value="FederatedIdentity" />
+ </bean>
+ </util:list>
+
+ <util:list id="transportTokenProviders">
+ <ref bean="transportSamlTokenProvider" />
+ </util:list>
+
+ <util:list id="transportTokenValidators">
+ <ref bean="transportSamlTokenValidator" />
+ <bean class="org.apache.cxf.sts.token.validator.X509TokenValidator" />
+ </util:list>
+
+ <bean id="realmA" class="org.apache.cxf.sts.token.realm.SAMLRealm">
+ <property name="issuer" value="STS Realm A" />
+ <property name="signaturePropertiesFile" value="stsKeystoreA.properties" />
+ <property name="callbackHandlerClass"
+ value="org.apache.cxf.fediz.service.sts.PasswordCallbackHandler" />
+ </bean>
+
+ <bean id="realmB" class="org.apache.cxf.sts.token.realm.SAMLRealm">
+ <property name="issuer" value="STS Realm B" />
+ <property name="signaturePropertiesFile" value="stsKeystoreB.properties" />
+ <property name="callbackHandlerClass"
+ value="org.apache.cxf.fediz.service.sts.PasswordCallbackHandler" />
+ </bean>
+
+ <util:map id="realms">
+ <entry key="REALMA" value-ref="realmA" />
+ <entry key="REALMB" value-ref="realmB" />
+ </util:map>
+
+ <bean id="transportSamlTokenProvider" class="org.apache.cxf.sts.token.provider.SAMLTokenProvider">
+ <property name="attributeStatementProviders" ref="attributeStatementProvidersList" />
+ <property name="realmMap" ref="realms" />
+ <property name="conditionsProvider" ref="conditionsProvider" />
+ <property name="subjectProvider" ref="subjectProvider" />
+ </bean>
+
+ <bean id="conditionsProvider"
+ class="org.apache.cxf.sts.token.provider.DefaultConditionsProvider">
+ <property name="lifetime" value="1200" />
+ <property name="acceptClientLifetime" value="true" />
+ </bean>
+
+ <bean id="subjectProvider"
+ class="org.apache.cxf.sts.token.provider.DefaultSubjectProvider">
+ <property name="subjectNameIDFormat"
+ value="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />
+ </bean>
+
+ <util:list id="attributeStatementProvidersList">
+ <ref bean="claimAttributeProvider" />
+ </util:list>
+
+ <bean id="claimAttributeProvider"
+ class="org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider">
+ </bean>
+
+ <bean id="claimsManager" class="org.apache.cxf.sts.claims.ClaimsManager">
+ <property name="claimHandlers" ref="claimHandlerList" />
+ </bean>
+
+ <bean id="identityMapper"
+ class="org.apache.cxf.fediz.service.sts.realms.IdentityMapperImpl" />
+
+ <bean id="samlRealmCodec"
+ class="org.apache.cxf.fediz.service.sts.realms.SamlRealmCodec" />
+
+ <bean id="customRealmParser" class="org.apache.cxf.fediz.service.sts.realms.UriRealmParser">
+ <property name="realmMap" ref="realms" />
+ </bean>
+
+ <bean id="transportSamlTokenValidator"
+ class="org.apache.cxf.sts.token.validator.SAMLTokenValidator">
+ <property name="samlRealmCodec" ref="samlRealmCodec" />
+ </bean>
+
+ <bean id="transportUsernameTokenValidator"
+ class="org.apache.cxf.sts.token.validator.UsernameTokenValidator">
+ </bean>
+
+ <util:list id="transportServices">
+ <ref bean="myEncryptionService" />
+ <ref bean="transportService" />
+ </util:list>
+
+ <bean id="transportService" class="org.apache.cxf.sts.service.StaticService">
+ <property name="endpoints">
+ <util:list>
+ <value>.*</value>
+ </util:list>
+ </property>
+ </bean>
+
+ <bean id="myEncryptionService" class="org.apache.cxf.sts.service.StaticService">
+ <property name="endpoints">
+ <util:list>
+ <value>myServiceB.*</value>
+ </util:list>
+ </property>
+ <property name="encryptionProperties">
+ <bean class="org.apache.cxf.sts.service.EncryptionProperties">
+ <property name="encryptionName" value="serviceB"/>
+ <property name="encryptionAlgorithm" value="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ </bean>
+ </property>
+ </bean>
+
+ <bean id="transportSTSProperties" class="org.apache.cxf.sts.StaticSTSProperties">
+ <property name="callbackHandlerClass"
+ value="org.apache.cxf.fediz.service.sts.PasswordCallbackHandler" />
+ <property name="issuer" value="Fediz STS" />
+ <property name="realmParser" ref="customRealmParser" />
+ <property name="signatureCryptoProperties" value="stsTruststore.properties" />
+ <property name="encryptionCryptoProperties" value="stsEncryption.properties"/>
+ <property name="relationships" ref="relationships" />
+ </bean>
+
+</beans>
+
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60fd1e8d/services/sts/src/main/webapp/WEB-INF/data/passwords.xml
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/data/passwords.xml b/services/sts/src/main/webapp/WEB-INF/data/passwords.xml
new file mode 100644
index 0000000..3ad9e7c
--- /dev/null
+++ b/services/sts/src/main/webapp/WEB-INF/data/passwords.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+ http://www.springframework.org/schema/util
+ http://www.springframework.org/schema/util/spring-util-2.0.xsd">
+
+ <util:map id="REALMA">
+ <entry key="alice" value="ecila" />
+ <entry key="bob" value="bob" />
+ <entry key="ted" value="det" />
+ <entry key="idp-user" value="idp-pass" />
+ </util:map>
+
+ <util:map id="REALMB">
+ <entry key="ALICE" value="ECILA" />
+ <entry key="BOB" value="BOB" />
+ <entry key="TED" value="DET" />
+ </util:map>
+
+</beans>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60fd1e8d/services/sts/src/main/webapp/WEB-INF/data/userClaims.xml
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/data/userClaims.xml b/services/sts/src/main/webapp/WEB-INF/data/userClaims.xml
new file mode 100644
index 0000000..bb3ae49
--- /dev/null
+++ b/services/sts/src/main/webapp/WEB-INF/data/userClaims.xml
@@ -0,0 +1,161 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+ http://www.springframework.org/schema/util
+ http://www.springframework.org/schema/util/spring-util-2.0.xsd">
+
+ <util:list id="claimHandlerList">
+ <ref bean="claimsHandlerA" />
+ <ref bean="claimsHandlerB" />
+ </util:list>
+
+ <bean id="claimsHandlerA"
+ class="org.apache.cxf.fediz.service.sts.realms.RealmFileClaimsHandler">
+ <property name="userClaims" ref="userClaimsREALMA" />
+ <property name="supportedClaims" ref="supportedClaims" />
+ <property name="realm" value="REALMA" />
+ </bean>
+
+ <bean id="claimsHandlerB"
+ class="org.apache.cxf.fediz.service.sts.realms.RealmFileClaimsHandler">
+ <property name="userClaims" ref="userClaimsREALMB" />
+ <property name="supportedClaims" ref="supportedClaims" />
+ <property name="realm" value="REALMB" />
+ </bean>
+
+ <util:map id="userClaimsREALMA">
+ <entry key="alice" value-ref="REALMA_aliceClaims" />
+ <entry key="CN=alice,OU=Unknown,O=Apache,L=Dublin,ST=Unknown,C=IE" value-ref="REALMA_aliceClaims" />
+ <entry key="alice@WS.APACHE.ORG" value-ref="REALMA_aliceClaims" />
+ <entry key="bob" value-ref="REALMA_bobClaims" />
+ <entry key="bob/service.ws.apache.org@WS.APACHE.ORG" value-ref="REALMA_bobClaims" />
+ <entry key="ted" value-ref="REALMA_tedClaims" />
+ <entry key="ted@WS.APACHE.ORG" value-ref="REALMA_tedClaims" />
+ </util:map>
+
+ <util:map id="REALMA_aliceClaims">
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+ value="Alice" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+ value="Smith" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+ value="alice@realma.org" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+ value="User" />
+ </util:map>
+
+ <util:map id="REALMA_bobClaims">
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+ value="Bob" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+ value="Windsor" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+ value="bobwindsor@realma.org" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+ value="User,Manager,Admin" />
+ </util:map>
+
+ <util:map id="REALMA_tedClaims">
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+ value="Ted" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+ value="Cooper" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+ value="tcooper@realma.org" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+ value="Secretary" />
+ </util:map>
+
+ <util:map id="userClaimsREALMB">
+ <entry key="ALICE" value-ref="REALMB_aliceClaims" />
+ <entry key="BOB" value-ref="REALMB_bobClaims" />
+ <entry key="TED" value-ref="REALMB_tedClaims" />
+ </util:map>
+
+ <util:map id="REALMB_aliceClaims">
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+ value="Alice" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+ value="Smith" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+ value="alice@realmb.org" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+ value="USER" />
+ </util:map>
+
+ <util:map id="REALMB_bobClaims">
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+ value="Bob" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+ value="Windsor" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+ value="bobwindsor@realmb.org" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+ value="USER,MANAGER,ADMIN" />
+ </util:map>
+
+ <util:map id="REALMB_tedClaims">
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+ value="Ted" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+ value="Cooper" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+ value="tcooper@realmb.org" />
+ <entry
+ key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+ value="Secretary" />
+ </util:map>
+
+ <util:list id="supportedClaims">
+ <value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname</value>
+ <value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname</value>
+ <value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress</value>
+ <value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</value>
+ </util:list>
+
+</beans>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60fd1e8d/services/sts/src/main/webapp/WEB-INF/file.xml
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/file.xml b/services/sts/src/main/webapp/WEB-INF/file.xml
index a3ac642..3c4ed06 100644
--- a/services/sts/src/main/webapp/WEB-INF/file.xml
+++ b/services/sts/src/main/webapp/WEB-INF/file.xml
@@ -29,27 +29,8 @@
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd">
- <import resource="userClaims.xml" />
- <import resource="passwords.xml" />
-
- <util:list id="claimHandlerList">
- <ref bean="claimsHandlerA" />
- <ref bean="claimsHandlerB" />
- </util:list>
-
- <bean id="claimsHandlerA"
- class="org.apache.cxf.fediz.service.sts.realms.RealmFileClaimsHandler">
- <property name="userClaims" ref="userClaimsREALMA" />
- <property name="supportedClaims" ref="supportedClaims" />
- <property name="realm" value="REALMA" />
- </bean>
-
- <bean id="claimsHandlerB"
- class="org.apache.cxf.fediz.service.sts.realms.RealmFileClaimsHandler">
- <property name="userClaims" ref="userClaimsREALMB" />
- <property name="supportedClaims" ref="supportedClaims" />
- <property name="realm" value="REALMB" />
- </bean>
+ <import resource="data/userClaims.xml" />
+ <import resource="data/passwords.xml" />
<bean id="upCallBackHandlerRealmA"
class="org.apache.cxf.fediz.service.sts.UsernamePasswordCallbackHandler">
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60fd1e8d/services/sts/src/main/webapp/WEB-INF/kerberos.xml
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/kerberos.xml b/services/sts/src/main/webapp/WEB-INF/kerberos.xml
index 06ef44e..86765e0 100644
--- a/services/sts/src/main/webapp/WEB-INF/kerberos.xml
+++ b/services/sts/src/main/webapp/WEB-INF/kerberos.xml
@@ -29,27 +29,8 @@
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd">
- <import resource="userClaimsKerberos.xml" />
+ <import resource="data/userClaims.xml" />
- <util:list id="claimHandlerList">
- <ref bean="claimsHandlerA" />
- <ref bean="claimsHandlerB" />
- </util:list>
-
- <bean id="claimsHandlerA"
- class="org.apache.cxf.fediz.service.sts.realms.RealmFileClaimsHandler">
- <property name="userClaims" ref="userClaimsREALMA" />
- <property name="supportedClaims" ref="supportedClaims" />
- <property name="realm" value="REALMA" />
- </bean>
-
- <bean id="claimsHandlerB"
- class="org.apache.cxf.fediz.service.sts.realms.RealmFileClaimsHandler">
- <property name="userClaims" ref="userClaimsREALMB" />
- <property name="supportedClaims" ref="supportedClaims" />
- <property name="realm" value="REALMB" />
- </bean>
-
<bean id="kerberosValidator" class="org.apache.wss4j.dom.validate.KerberosTokenValidator">
<property name="contextName" value="bob"/>
<property name="serviceName" value="bob@service.ws.apache.org"/>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60fd1e8d/services/sts/src/main/webapp/WEB-INF/passwords.xml
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/passwords.xml b/services/sts/src/main/webapp/WEB-INF/passwords.xml
deleted file mode 100644
index 3ad9e7c..0000000
--- a/services/sts/src/main/webapp/WEB-INF/passwords.xml
+++ /dev/null
@@ -1,42 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:util="http://www.springframework.org/schema/util"
- xsi:schemaLocation="
- http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
- http://www.springframework.org/schema/util
- http://www.springframework.org/schema/util/spring-util-2.0.xsd">
-
- <util:map id="REALMA">
- <entry key="alice" value="ecila" />
- <entry key="bob" value="bob" />
- <entry key="ted" value="det" />
- <entry key="idp-user" value="idp-pass" />
- </util:map>
-
- <util:map id="REALMB">
- <entry key="ALICE" value="ECILA" />
- <entry key="BOB" value="BOB" />
- <entry key="TED" value="DET" />
- </util:map>
-
-</beans>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60fd1e8d/services/sts/src/main/webapp/WEB-INF/userClaims.xml
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/userClaims.xml b/services/sts/src/main/webapp/WEB-INF/userClaims.xml
deleted file mode 100644
index 13bd37f..0000000
--- a/services/sts/src/main/webapp/WEB-INF/userClaims.xml
+++ /dev/null
@@ -1,139 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:util="http://www.springframework.org/schema/util"
- xsi:schemaLocation="
- http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
- http://www.springframework.org/schema/util
- http://www.springframework.org/schema/util/spring-util-2.0.xsd">
-
- <util:map id="userClaimsREALMA">
- <entry key="alice" value-ref="REALMA_aliceClaims" />
- <entry key="CN=alice,OU=Unknown,O=Apache,L=Dublin,ST=Unknown,C=IE" value-ref="REALMA_aliceClaims" />
- <entry key="bob" value-ref="REALMA_bobClaims" />
- <entry key="ted" value-ref="REALMA_tedClaims" />
- </util:map>
-
- <util:map id="REALMA_aliceClaims">
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
- value="Alice" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
- value="Smith" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
- value="alice@realma.org" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
- value="User" />
- </util:map>
-
- <util:map id="REALMA_bobClaims">
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
- value="Bob" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
- value="Windsor" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
- value="bobwindsor@realma.org" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
- value="User,Manager,Admin" />
- </util:map>
-
- <util:map id="REALMA_tedClaims">
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
- value="Ted" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
- value="Cooper" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
- value="tcooper@realma.org" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
- value="Secretary" />
- </util:map>
-
- <util:map id="userClaimsREALMB">
- <entry key="ALICE" value-ref="REALMB_aliceClaims" />
- <entry key="BOB" value-ref="REALMB_bobClaims" />
- <entry key="TED" value-ref="REALMB_tedClaims" />
- </util:map>
-
- <util:map id="REALMB_aliceClaims">
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
- value="Alice" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
- value="Smith" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
- value="alice@realmb.org" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
- value="USER" />
- </util:map>
-
- <util:map id="REALMB_bobClaims">
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
- value="Bob" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
- value="Windsor" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
- value="bobwindsor@realmb.org" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
- value="USER,MANAGER,ADMIN" />
- </util:map>
-
- <util:map id="REALMB_tedClaims">
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
- value="Ted" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
- value="Cooper" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
- value="tcooper@realmb.org" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
- value="Secretary" />
- </util:map>
-
- <util:list id="supportedClaims">
- <value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname</value>
- <value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname</value>
- <value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress</value>
- <value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</value>
- </util:list>
-
-</beans>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60fd1e8d/services/sts/src/main/webapp/WEB-INF/userClaimsKerberos.xml
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/userClaimsKerberos.xml b/services/sts/src/main/webapp/WEB-INF/userClaimsKerberos.xml
deleted file mode 100644
index aa5faff..0000000
--- a/services/sts/src/main/webapp/WEB-INF/userClaimsKerberos.xml
+++ /dev/null
@@ -1,138 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:util="http://www.springframework.org/schema/util"
- xsi:schemaLocation="
- http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
- http://www.springframework.org/schema/util
- http://www.springframework.org/schema/util/spring-util-2.0.xsd">
-
- <util:map id="userClaimsREALMA">
- <entry key="alice@WS.APACHE.ORG" value-ref="REALMA_aliceClaims" />
- <entry key="bob/service.ws.apache.org@WS.APACHE.ORG" value-ref="REALMA_bobClaims" />
- <entry key="ted@WS.APACHE.ORG" value-ref="REALMA_tedClaims" />
- </util:map>
-
- <util:map id="REALMA_aliceClaims">
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
- value="Alice" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
- value="Smith" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
- value="alice@realma.org" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
- value="User" />
- </util:map>
-
- <util:map id="REALMA_bobClaims">
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
- value="Bob" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
- value="Windsor" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
- value="bobwindsor@realma.org" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
- value="User,Manager,Admin" />
- </util:map>
-
- <util:map id="REALMA_tedClaims">
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
- value="Ted" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
- value="Cooper" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
- value="tcooper@realma.org" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
- value="Secretary" />
- </util:map>
-
- <util:map id="userClaimsREALMB">
- <entry key="ALICE" value-ref="REALMB_aliceClaims" />
- <entry key="BOB" value-ref="REALMB_bobClaims" />
- <entry key="TED" value-ref="REALMB_tedClaims" />
- </util:map>
-
- <util:map id="REALMB_aliceClaims">
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
- value="Alice" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
- value="Smith" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
- value="alice@realmb.org" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
- value="USER" />
- </util:map>
-
- <util:map id="REALMB_bobClaims">
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
- value="Bob" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
- value="Windsor" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
- value="bobwindsor@realmb.org" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
- value="USER,MANAGER,ADMIN" />
- </util:map>
-
- <util:map id="REALMB_tedClaims">
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
- value="Ted" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
- value="Cooper" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
- value="tcooper@realmb.org" />
- <entry
- key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
- value="Secretary" />
- </util:map>
-
- <util:list id="supportedClaims">
- <value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname</value>
- <value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname</value>
- <value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress</value>
- <value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</value>
- </util:list>
-
-</beans>