You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by jb...@apache.org on 2015/04/23 13:26:52 UTC
[1/5] cxf-fediz git commit: Improving SigninHandler with
AudienceRestrictions validation
Repository: cxf-fediz
Updated Branches:
refs/heads/master 608b6e944 -> fd614ac31
Improving SigninHandler with AudienceRestrictions validation
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/2b008eac
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/2b008eac
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/2b008eac
Branch: refs/heads/master
Commit: 2b008eacd31e1720794089226a12107a57efb969
Parents: 3ae95b5
Author: Jan Bernhardt <jb...@talend.com>
Authored: Tue Apr 21 21:10:05 2015 +0200
Committer: Jan Bernhardt <jb...@talend.com>
Committed: Thu Apr 23 12:11:00 2015 +0200
----------------------------------------------------------------------
.../cxf/fediz/core/handler/SigninHandler.java | 82 +++++++++++++++-----
1 file changed, 62 insertions(+), 20 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2b008eac/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
index 1f62e57..ee1f18b 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
@@ -18,6 +18,9 @@
*/
package org.apache.cxf.fediz.core.handler;
+import java.security.cert.X509Certificate;
+import java.util.List;
+
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -27,8 +30,8 @@ import org.apache.cxf.fediz.core.config.FederationProtocol;
import org.apache.cxf.fediz.core.config.FedizContext;
import org.apache.cxf.fediz.core.config.SAMLProtocol;
import org.apache.cxf.fediz.core.exception.ProcessingException;
-import org.apache.cxf.fediz.core.processor.FederationProcessorImpl;
import org.apache.cxf.fediz.core.processor.FedizProcessor;
+import org.apache.cxf.fediz.core.processor.FedizProcessorFactory;
import org.apache.cxf.fediz.core.processor.FedizRequest;
import org.apache.cxf.fediz.core.processor.FedizResponse;
import org.slf4j.Logger;
@@ -41,10 +44,10 @@ import org.slf4j.LoggerFactory;
public class SigninHandler<T> implements RequestHandler<T> {
private static final Logger LOG = LoggerFactory.getLogger(SigninHandler.class);
- protected final FedizContext fedizConfig;
+ private final FedizContext fedizContext;
- public SigninHandler(FedizContext fedConfig) {
- this.fedizConfig = fedConfig;
+ public SigninHandler(FedizContext fedizContext) {
+ this.fedizContext = fedizContext;
}
@Override
@@ -56,21 +59,20 @@ public class SigninHandler<T> implements RequestHandler<T> {
public T handleRequest(HttpServletRequest request, HttpServletResponse response) {
if (request.getMethod().equals("POST")) {
LOG.debug("Sign-In-Response received");
- String wresult = request.getParameter(FederationConstants.PARAM_RESULT);
- if (wresult != null) {
+ String responseToken = getResponseToken(request);
+ if (responseToken != null) {
LOG.debug("Validating RSTR...");
// process and validate the token
try {
- FedizResponse federationResponse = processSigninRequest(request, response);
+ FedizResponse federationResponse = processSigninRequest(responseToken, request, response);
+ validateAudienceRestrictions(federationResponse.getAudience(), request.getRequestURL().toString());
LOG.debug("RSTR validated successfully");
T principal = createPrincipal(request, response, federationResponse);
resumeRequest(request, response, federationResponse);
return principal;
} catch (ProcessingException e) {
- LOG.error("RSTR validated failed.");
+ LOG.error("Federation processing failed: " + e.getMessage());
}
- } else {
- throw new RuntimeException("Missing required parameter 'wresult'");
}
} else {
throw new RuntimeException("Incorrect method GET for Sign-In-Response");
@@ -87,28 +89,68 @@ public class SigninHandler<T> implements RequestHandler<T> {
FedizResponse federationResponse) {
}
- public FedizResponse processSigninRequest(HttpServletRequest req, HttpServletResponse resp)
+ public FedizResponse processSigninRequest(String responseToken, HttpServletRequest req, HttpServletResponse resp)
throws ProcessingException {
+ LOG.debug("Process SignIn request");
+ LOG.debug("token=\n{}", responseToken);
+
FedizRequest federationRequest = new FedizRequest();
String wa = req.getParameter(FederationConstants.PARAM_ACTION);
- String responseToken = getResponseToken(req, fedizConfig);
federationRequest.setAction(wa);
federationRequest.setResponseToken(responseToken);
federationRequest.setState(req.getParameter("RelayState"));
federationRequest.setRequest(req);
+ federationRequest.setCerts((X509Certificate[])req.getAttribute("javax.servlet.request.X509Certificate"));
- FedizProcessor processor = new FederationProcessorImpl();
- return processor.processRequest(federationRequest, fedizConfig);
+ FedizProcessor processor = FedizProcessorFactory.newFedizProcessor(fedizContext.getProtocol());
+ return processor.processRequest(federationRequest, fedizContext);
}
- public String getResponseToken(HttpServletRequest request, FedizContext fedConfig) {
- if (fedConfig.getProtocol() instanceof FederationProtocol) {
- return request.getParameter(FederationConstants.PARAM_RESULT);
- } else if (fedConfig.getProtocol() instanceof SAMLProtocol) {
- return request.getParameter(SAMLSSOConstants.SAML_RESPONSE);
+ protected boolean validateAudienceRestrictions(String audience, String requestURL) {
+ // Validate the AudienceRestriction in Security Token (e.g. SAML)
+ // against the configured list of audienceURIs
+ boolean validAudience = false;
+ if (audience != null) {
+ List<String> audienceURIs = fedizContext.getAudienceUris();
+ for (String a : audienceURIs) {
+ if (audience.startsWith(a)) {
+ validAudience = true;
+ LOG.debug("Token audience matches with valid URIs.");
+ break;
+ }
+ }
+
+ if (!validAudience) {
+ LOG.warn("Token AudienceRestriction [{}] doesn't match with specified list of URIs.");
+ LOG.debug("Authenticated URIs are: {}", audience, audienceURIs);
+ }
+
+ if (LOG.isDebugEnabled() && requestURL != null && requestURL.indexOf(audience) == -1) {
+ LOG.debug("Token AudienceRestriction doesn't match with request URL [{}] [{}]", audience, requestURL);
+ }
}
- return null;
+ return validAudience;
+ }
+
+ public String getResponseToken(HttpServletRequest request) {
+ String token = null;
+ if (fedizContext.getProtocol() instanceof FederationProtocol) {
+ token = request.getParameter(FederationConstants.PARAM_RESULT);
+ if (token == null) {
+ new RuntimeException("Missing required parameter 'wresult'");
+ }
+ } else if (fedizContext.getProtocol() instanceof SAMLProtocol) {
+ token = request.getParameter(SAMLSSOConstants.SAML_RESPONSE);
+ if (token == null) {
+ new RuntimeException("Missing required parameter 'SAMLResponse'");
+ }
+ }
+ return token;
+ }
+
+ public FedizContext getFedizContext() {
+ return fedizContext;
}
}
[4/5] cxf-fediz git commit: [FEDIZ-112] Fixing Tomcat race condition
with saved request * Improving Tomcat plugin by using core handler (code
cleanup) * Renaming Tomcat plugin to tomcat7 plugin
Posted by jb...@apache.org.
[FEDIZ-112] Fixing Tomcat race condition with saved request
* Improving Tomcat plugin by using core handler (code cleanup)
* Renaming Tomcat plugin to tomcat7 plugin
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/cd04e4f1
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/cd04e4f1
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/cd04e4f1
Branch: refs/heads/master
Commit: cd04e4f13811d80bc58af9d4e313b2475b6acf2d
Parents: 2b008ea
Author: Jan Bernhardt <jb...@talend.com>
Authored: Tue Apr 21 21:11:20 2015 +0200
Committer: Jan Bernhardt <jb...@talend.com>
Committed: Thu Apr 23 13:06:47 2015 +0200
----------------------------------------------------------------------
apache-fediz/pom.xml | 2 +-
.../cxf/fediz/core/handler/SigninHandler.java | 8 +-
.../src/main/resources/schemas/FedizConfig.xsd | 829 ++++++++++---------
.../core/src/test/resources/RSTR.formatted.xml | 193 ++---
.../test/resources/fediz_meta_test_config.xml | 204 +++--
.../resources/fediz_meta_test_config_saml.xml | 162 ++--
plugins/pom.xml | 2 +-
plugins/tomcat/README.txt | 10 -
plugins/tomcat/pom.xml | 78 --
plugins/tomcat/src/main/assembly/assembly.xml | 18 -
.../fediz/tomcat/FederationAuthenticator.java | 595 -------------
.../fediz/tomcat/FederationPrincipalImpl.java | 52 --
.../src/test/resources/logging.properties | 52 --
plugins/tomcat7/README.txt | 10 +
plugins/tomcat7/pom.xml | 78 ++
plugins/tomcat7/src/main/assembly/assembly.xml | 18 +
.../fediz/tomcat/FederationAuthenticator.java | 434 ++++++++++
.../fediz/tomcat/FederationPrincipalImpl.java | 52 ++
.../tomcat/handler/TomcatLogoutHandler.java | 58 ++
.../tomcat/handler/TomcatSigninHandler.java | 101 +++
.../src/test/resources/logging.properties | 52 ++
.../cxf/fediz/was/tai/FedizInterceptor.java | 38 +-
systests/clientcert/pom.xml | 2 +-
.../federation/FederationTest.java | 6 +
systests/federation/samlsso/pom.xml | 2 +-
systests/federation/wsfed/pom.xml | 2 +-
.../JettyPreAuthSpringTest.java | 6 +
.../cxf/fediz/integrationtests/JettyTest.java | 6 +
systests/kerberos/pom.xml | 2 +-
.../cxf/fediz/integrationtests/Spring2Test.java | 7 +-
.../cxf/fediz/integrationtests/SpringTest.java | 7 +-
.../fediz/integrationtests/AbstractTests.java | 83 +-
systests/tomcat7/pom.xml | 2 +-
33 files changed, 1611 insertions(+), 1560 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/apache-fediz/pom.xml
----------------------------------------------------------------------
diff --git a/apache-fediz/pom.xml b/apache-fediz/pom.xml
index 7f46117..29e4a55 100644
--- a/apache-fediz/pom.xml
+++ b/apache-fediz/pom.xml
@@ -52,7 +52,7 @@
</dependency>
<dependency>
<groupId>org.apache.cxf.fediz</groupId>
- <artifactId>fediz-tomcat</artifactId>
+ <artifactId>fediz-tomcat7</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
index ee1f18b..edd7302 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
@@ -67,9 +67,7 @@ public class SigninHandler<T> implements RequestHandler<T> {
FedizResponse federationResponse = processSigninRequest(responseToken, request, response);
validateAudienceRestrictions(federationResponse.getAudience(), request.getRequestURL().toString());
LOG.debug("RSTR validated successfully");
- T principal = createPrincipal(request, response, federationResponse);
- resumeRequest(request, response, federationResponse);
- return principal;
+ return createPrincipal(request, response, federationResponse);
} catch (ProcessingException e) {
LOG.error("Federation processing failed: " + e.getMessage());
}
@@ -85,10 +83,6 @@ public class SigninHandler<T> implements RequestHandler<T> {
return null;
}
- protected void resumeRequest(HttpServletRequest request, HttpServletResponse response,
- FedizResponse federationResponse) {
- }
-
public FedizResponse processSigninRequest(String responseToken, HttpServletRequest req, HttpServletResponse resp)
throws ProcessingException {
LOG.debug("Process SignIn request");
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/plugins/core/src/main/resources/schemas/FedizConfig.xsd
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/resources/schemas/FedizConfig.xsd b/plugins/core/src/main/resources/schemas/FedizConfig.xsd
index d662b37..5364dcb 100644
--- a/plugins/core/src/main/resources/schemas/FedizConfig.xsd
+++ b/plugins/core/src/main/resources/schemas/FedizConfig.xsd
@@ -1,116 +1,123 @@
<?xml version="1.0" encoding="UTF-8"?>
-<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
- elementFormDefault="qualified" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-
- <xs:element name="FedizConfig">
- <xs:complexType>
- <xs:sequence minOccurs="1" maxOccurs="unbounded">
- <xs:element ref="contextConfig" />
- </xs:sequence>
- </xs:complexType>
- </xs:element>
-
- <xs:element name="contextConfig">
- <xs:complexType>
- <xs:sequence>
- <xs:element ref="audienceUris" />
- <xs:element ref="certificateValidation" />
- <xs:element ref="certificateStores" />
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+
+ <xs:element name="FedizConfig">
+ <xs:complexType>
+ <xs:sequence minOccurs="1" maxOccurs="unbounded">
+ <xs:element ref="contextConfig" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="contextConfig">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element ref="audienceUris" />
+ <xs:element ref="certificateValidation" />
+ <xs:element ref="certificateStores" />
<xs:element ref="tokenExpirationValidation" />
- <xs:element ref="maximumClockSkew" />
- <xs:element ref="tokenReplayCache" />
- <xs:element ref="serviceCertificate" />
- <xs:element ref="signingKey" />
- <xs:element ref="tokenDecryptionKey" />
- <xs:element ref="trustedIssuers" />
- <xs:element ref="protocol" />
- <xs:element ref="logoutURL" minOccurs="0"/>
- <xs:element ref="logoutRedirectTo" minOccurs="0"/>
- </xs:sequence>
- <xs:attribute name="name" use="required" type="xs:string" />
-
- </xs:complexType>
- </xs:element>
-
- <xs:element name="trustedIssuers">
- <xs:complexType>
- <xs:sequence minOccurs="1" maxOccurs="unbounded">
- <xs:element name="issuer" type="TrustedIssuerType" />
- </xs:sequence>
- </xs:complexType>
- </xs:element>
-
- <xs:complexType name="TrustedIssuerType">
- <xs:attribute name="name" type="xs:string" use="optional" />
- <xs:attribute name="certificateValidation" type="validationType"
- use="optional" />
- <xs:attribute name="subject" type="xs:string" use="optional" />
- </xs:complexType>
-
- <xs:element name="certificateStores">
- <xs:complexType>
- <xs:sequence minOccurs="1" maxOccurs="unbounded">
- <xs:element name="trustManager" type="TrustManagersType" />
- </xs:sequence>
- </xs:complexType>
- </xs:element>
-
- <xs:element name="audienceUris">
+ <xs:element ref="maximumClockSkew" />
+ <xs:element ref="tokenReplayCache" />
+ <xs:element ref="serviceCertificate" />
+ <xs:element ref="signingKey" />
+ <xs:element ref="tokenDecryptionKey" />
+ <xs:element ref="trustedIssuers" />
+ <xs:element ref="protocol" />
+ <xs:element ref="logoutURL" minOccurs="0" />
+ <xs:element ref="logoutRedirectTo" minOccurs="0" />
+ </xs:sequence>
+ <xs:attribute name="name" use="required" type="xs:string" />
+
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="trustedIssuers">
+ <xs:complexType>
+ <xs:sequence minOccurs="1" maxOccurs="unbounded">
+ <xs:element name="issuer" type="TrustedIssuerType" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:complexType name="TrustedIssuerType">
+ <xs:attribute name="name" type="xs:string" use="optional" />
+ <xs:attribute name="certificateValidation" type="validationType" use="optional" />
+ <xs:attribute name="subject" type="xs:string" use="optional" />
+ </xs:complexType>
+
+ <xs:element name="certificateStores">
+ <xs:complexType>
+ <xs:sequence minOccurs="1" maxOccurs="unbounded">
+ <xs:element name="trustManager" type="TrustManagersType" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="audienceUris">
<xs:annotation>
<xs:documentation>If a SAML token contains a audience restriction which is not listed
- within this collection, the token will be refused.</xs:documentation>
+ within this collection,
+ the token will be refused.
+ </xs:documentation>
</xs:annotation>
- <xs:complexType>
- <xs:sequence minOccurs="1" maxOccurs="unbounded">
- <xs:element ref="audienceItem" />
- </xs:sequence>
- </xs:complexType>
- </xs:element>
-
- <xs:element name="audienceItem" type="xs:anyURI">
+ <xs:complexType>
+ <xs:sequence minOccurs="1" maxOccurs="unbounded">
+ <xs:element ref="audienceItem" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="audienceItem" type="xs:anyURI">
<xs:annotation>
<xs:documentation>Valid value within the SAML token audience restriction element.</xs:documentation>
</xs:annotation>
</xs:element>
- <xs:element name="certificateValidation" type="validationType" />
+ <xs:element name="certificateValidation" type="validationType" />
- <xs:simpleType name="validationType">
- <xs:restriction base="xs:string">
- <xs:enumeration value="PeerTrust" />
- <xs:enumeration value="ChainTrust" />
- </xs:restriction>
- </xs:simpleType>
+ <xs:simpleType name="validationType">
+ <xs:restriction base="xs:string">
+ <xs:enumeration value="PeerTrust" />
+ <xs:enumeration value="ChainTrust" />
+ </xs:restriction>
+ </xs:simpleType>
- <xs:element name="maximumClockSkew" type="xs:integer" default="5"/>
+ <xs:element name="maximumClockSkew" type="xs:integer" default="5" />
<xs:element name="tokenExpirationValidation" type="xs:boolean" default="true">
<xs:annotation>
<xs:documentation>Decision weather the token validation (e.g. lifetime) shall be
- performed on every request (true) or only once at initial authentication (false).</xs:documentation>
+ performed on every request
+ (true) or only once at initial authentication (false).
+ </xs:documentation>
</xs:annotation>
</xs:element>
- <xs:element name="tokenReplayCache" type="xs:string" />
+ <xs:element name="tokenReplayCache" type="xs:string" />
+
+ <xs:element name="serviceCertificate" type="KeyManagersType" />
- <xs:element name="serviceCertificate" type="KeyManagersType" />
-
- <xs:element name="signingKey" type="KeyManagersType">
+ <xs:element name="signingKey" type="KeyManagersType">
<xs:annotation>
<xs:documentation>Signing key required to generate a XML signature element within the federation
- metadata document, as well as for generating a signed signin request.</xs:documentation>
+ metadata
+ document, as well as for generating a signed signin request.
+ </xs:documentation>
</xs:annotation>
</xs:element>
-
- <xs:element name="tokenDecryptionKey" type="KeyManagersType" />
- <xs:element name="protocol" type="protocolType" />
+ <xs:element name="tokenDecryptionKey" type="KeyManagersType" />
+
+ <xs:element name="protocol" type="protocolType" />
<xs:element name="logoutURL" type="xs:string">
<xs:annotation>
<xs:documentation>User defined logout URL to trigger federated logout process. This URL will be
- available in addition to the 'wa=wsignout1.0' URL parameter.
- If the URL is overlapping an existing resource URL, the logout handling will be performed instead of
+ available in
+ addition to the 'wa=wsignout1.0' URL parameter.
+ If the URL is overlapping an existing resource URL, the
+ logout handling will be performed instead of
accessing the resource.
Example: '/logout'
</xs:documentation>
@@ -125,342 +132,342 @@
</xs:annotation>
</xs:element>
- <xs:complexType name="federationProtocolType">
- <xs:complexContent>
- <xs:extension base="protocolType">
- <xs:sequence>
- <xs:element ref="authenticationType" />
- <xs:element ref="homeRealm" />
- <xs:element ref="freshness" />
- <xs:element ref="reply" />
- <xs:element ref="request" />
- <xs:element ref="signInQuery" />
- </xs:sequence>
- <xs:attribute name="version" use="required" type="xs:string" />
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
-
- <xs:complexType name="samlProtocolType">
- <xs:complexContent>
- <xs:extension base="protocolType">
- <xs:sequence>
- <xs:element ref="signRequest" />
- <xs:element ref="authnRequestBuilder"/>
- <xs:element ref="disableDeflateEncoding"/>
- <xs:element ref="doNotEnforceKnownIssuer"/>
- <xs:element ref="issuerLogoutURL"/>
- </xs:sequence>
- <xs:attribute name="version" use="required" type="xs:string" />
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
-
- <xs:element name="roleDelimiter" type="xs:string" />
- <xs:element name="roleURI" type="xs:string" />
- <xs:element name="realm" type="CallbackType" />
- <xs:element name="applicationServiceURL" type="xs:string" />
- <xs:element name="metadataURI" type="xs:string" />
-
- <xs:element name="signRequest" type="xs:boolean" />
- <xs:element name="authnRequestBuilder" type="xs:string" />
- <xs:element name="disableDeflateEncoding" type="xs:boolean"/>
- <xs:element name="doNotEnforceKnownIssuer" type="xs:boolean"/>
- <xs:element name="issuerLogoutURL" type="xs:string"/>
-
- <xs:complexType name="protocolType" abstract="true">
- <xs:sequence>
- <xs:element ref="applicationServiceURL" />
- <xs:element ref="roleDelimiter" />
- <xs:element ref="roleURI" />
- <xs:element ref="claimTypesRequested" />
- <xs:element ref="issuer" />
- <xs:element ref="realm" />
- <xs:element ref="tokenValidators" />
- <xs:element ref="metadataURI" />
- </xs:sequence>
- </xs:complexType>
-
- <xs:complexType name="CallbackType">
- <xs:simpleContent>
- <xs:extension base="xs:string">
- <xs:attribute name="type" type="argumentType" />
- </xs:extension>
- </xs:simpleContent>
- </xs:complexType>
-
- <xs:element name="issuer" type="CallbackType" />
- <xs:element name="homeRealm" type="CallbackType" />
- <xs:element name="authenticationType" type="CallbackType" />
- <xs:element name="request" type="CallbackType" />
- <xs:element name="freshness" type="CallbackType" />
- <xs:element name="signInQuery" type="CallbackType" />
-
- <xs:simpleType name="argumentType">
- <xs:restriction base="xs:string">
- <xs:enumeration value="Class" />
- <xs:enumeration value="String" />
- </xs:restriction>
- </xs:simpleType>
-
- <xs:element name="reply" type="xs:string" />
-
- <xs:element name="claimTypesRequested">
- <xs:complexType>
- <xs:sequence minOccurs="1" maxOccurs="unbounded">
- <xs:element ref="claimType" />
- </xs:sequence>
- </xs:complexType>
- </xs:element>
-
- <xs:element name="claimType">
- <xs:complexType>
- <xs:attribute name="optional" use="required" type="optionalType" />
- <xs:attribute name="type" use="required" type="xs:string" />
- </xs:complexType>
- </xs:element>
+ <xs:complexType name="federationProtocolType">
+ <xs:complexContent>
+ <xs:extension base="protocolType">
+ <xs:sequence>
+ <xs:element ref="authenticationType" />
+ <xs:element ref="homeRealm" />
+ <xs:element ref="freshness" />
+ <xs:element ref="reply" />
+ <xs:element ref="request" />
+ <xs:element ref="signInQuery" />
+ </xs:sequence>
+ <xs:attribute name="version" use="required" type="xs:string" />
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="samlProtocolType">
+ <xs:complexContent>
+ <xs:extension base="protocolType">
+ <xs:sequence>
+ <xs:element ref="signRequest" />
+ <xs:element ref="authnRequestBuilder" />
+ <xs:element ref="disableDeflateEncoding" />
+ <xs:element ref="doNotEnforceKnownIssuer" />
+ <xs:element ref="issuerLogoutURL" />
+ </xs:sequence>
+ <xs:attribute name="version" use="required" type="xs:string" />
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:element name="roleDelimiter" type="xs:string" />
+ <xs:element name="roleURI" type="xs:string" />
+ <xs:element name="realm" type="CallbackType" />
+ <xs:element name="applicationServiceURL" type="xs:string" />
+ <xs:element name="metadataURI" type="xs:string" />
+
+ <xs:element name="signRequest" type="xs:boolean" />
+ <xs:element name="authnRequestBuilder" type="xs:string" />
+ <xs:element name="disableDeflateEncoding" type="xs:boolean" />
+ <xs:element name="doNotEnforceKnownIssuer" type="xs:boolean" />
+ <xs:element name="issuerLogoutURL" type="xs:string" />
+
+ <xs:complexType name="protocolType" abstract="true">
+ <xs:sequence>
+ <xs:element ref="applicationServiceURL" />
+ <xs:element ref="roleDelimiter" />
+ <xs:element ref="roleURI" />
+ <xs:element ref="claimTypesRequested" />
+ <xs:element ref="issuer" />
+ <xs:element ref="realm" />
+ <xs:element ref="tokenValidators" />
+ <xs:element ref="metadataURI" />
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:complexType name="CallbackType">
+ <xs:simpleContent>
+ <xs:extension base="xs:string">
+ <xs:attribute name="type" type="argumentType" />
+ </xs:extension>
+ </xs:simpleContent>
+ </xs:complexType>
+
+ <xs:element name="issuer" type="CallbackType" />
+ <xs:element name="homeRealm" type="CallbackType" />
+ <xs:element name="authenticationType" type="CallbackType" />
+ <xs:element name="request" type="CallbackType" />
+ <xs:element name="freshness" type="CallbackType" />
+ <xs:element name="signInQuery" type="CallbackType" />
+
+ <xs:simpleType name="argumentType">
+ <xs:restriction base="xs:string">
+ <xs:enumeration value="Class" />
+ <xs:enumeration value="String" />
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:element name="reply" type="xs:string" />
+
+ <xs:element name="claimTypesRequested">
+ <xs:complexType>
+ <xs:sequence minOccurs="1" maxOccurs="unbounded">
+ <xs:element ref="claimType" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="claimType">
+ <xs:complexType>
+ <xs:attribute name="optional" use="required" type="optionalType" />
+ <xs:attribute name="type" use="required" type="xs:string" />
+ </xs:complexType>
+ </xs:element>
<xs:element name="tokenValidators">
- <xs:complexType>
- <xs:sequence minOccurs="1" maxOccurs="unbounded">
- <xs:element name="validator" type="xs:string" />
- </xs:sequence>
- </xs:complexType>
- </xs:element>
-
- <xs:simpleType name="optionalType">
- <xs:restriction base="xs:boolean" />
- </xs:simpleType>
-
-
- <xs:complexType name="TrustManagersType">
- <xs:annotation>
- <xs:documentation>
- This structure contains the specification of JSSE
- TrustManagers for
- a single Keystore used for trusted certificates.
- </xs:documentation>
- </xs:annotation>
- <xs:sequence minOccurs="1" maxOccurs="1">
- <xs:element name="keyStore" type="KeyStoreType" minOccurs="1">
- <xs:annotation>
- <xs:documentation>
- This element contains the KeyStore used as a
- trust
- store.
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- </xs:sequence>
- <xs:attribute name="provider" type="xs:string">
- <xs:annotation>
- <xs:documentation>
- This attribute contains the KeyManagers provider
- name.
- </xs:documentation>
- </xs:annotation>
- </xs:attribute>
- <xs:attribute name="factoryAlgorithm" type="xs:string">
- <xs:annotation>
- <xs:documentation>
- This attribute contains the algorithm the KeyManagers Factory
- will use in creating the KeyManagers from the KeyStore. Most
- common examples are "PKIX".
- </xs:documentation>
- </xs:annotation>
- </xs:attribute>
- </xs:complexType>
-
- <xs:complexType name="KeyStoreType">
- <xs:annotation>
- <xs:documentation>
- A KeyStoreType represents the information needed to
- load a collection
- of key and certificate material from a desired
- location.
- The "url", "file", and "resource" attributes are intended
- to be
- mutually exclusive, though this assumption is not encoded in
- schema.
- The precedence order observed by the runtime is
- 1) "file", 2)
- "resource", and 3) "url".
- </xs:documentation>
- </xs:annotation>
- <xs:attribute name="type" type="xs:string">
- <xs:annotation>
- <xs:documentation>
- This attribute specifies the type of the keystore.
- It is highly correlated to the provider. Most common examples
- are
- "jks" "pkcs12".
- </xs:documentation>
- </xs:annotation>
- </xs:attribute>
- <xs:attribute name="password" type="xs:string">
- <xs:annotation>
- <xs:documentation>
- This attribute specifies the integrity password for
- the keystore.
- This is not the password that unlock keys within the
- keystore.
- </xs:documentation>
- </xs:annotation>
- </xs:attribute>
- <xs:attribute name="provider" type="xs:string">
- <xs:annotation>
- <xs:documentation>
- This attribute specifies the keystore
- implementation provider.
- Most common examples are "SUN".
- </xs:documentation>
- </xs:annotation>
- </xs:attribute>
- <xs:attribute name="url" type="xs:string">
- <xs:annotation>
- <xs:documentation>
- This attribute specifies the URL location of the
- keystore.
- This element should be a properly accessible URL, such as
- "http://..." "file:///...", etc. Only one attribute of
- "url",
- "file", or "resource" is allowed.
- </xs:documentation>
- </xs:annotation>
- </xs:attribute>
- <xs:attribute name="file" type="xs:string">
- <xs:annotation>
- <xs:documentation>
- This attribute specifies the File location of the
- keystore.
- This element should be a properly accessible file from the
- working directory. Only one attribute of
- "url", "file", or
- "resource" is allowed.
- </xs:documentation>
- </xs:annotation>
- </xs:attribute>
- <xs:attribute name="resource" type="xs:string">
- <xs:annotation>
- <xs:documentation>
- This attribute specifies the Resource location of
- the keystore.
- This element should be a properly accessible on the
- classpath.
- Only one attribute of "url", "file", or "resource" is
- allowed.
+ <xs:complexType>
+ <xs:sequence minOccurs="1" maxOccurs="unbounded">
+ <xs:element name="validator" type="xs:string" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:simpleType name="optionalType">
+ <xs:restriction base="xs:boolean" />
+ </xs:simpleType>
+
+
+ <xs:complexType name="TrustManagersType">
+ <xs:annotation>
+ <xs:documentation>
+ This structure contains the specification of JSSE
+ TrustManagers for
+ a single Keystore used for trusted certificates.
</xs:documentation>
- </xs:annotation>
- </xs:attribute>
- </xs:complexType>
-
- <xs:complexType name="CertStoreType">
- <xs:annotation>
- <xs:documentation>
- A CertStoreType represents a catenated sequence of
- X.509 certificates,
- in PEM or DER format.
- The "url", "file", and
- "resource" attributes are intended to be
- mutually exclusive, though
- this assumption is not encoded in schema.
- The precedence order
- observed by the runtime is
- 1) "file", 2) "resource", and 3) "url".
- </xs:documentation>
- </xs:annotation>
- <xs:attribute name="file" type="xs:string">
- <xs:annotation>
- <xs:documentation>
- This attribute specifies the File location of the
- certificate store.
- This element should be a properly accessible file
- from the working directory. Only one attribute of
- "url", "file", or
- "resource" is allowed.
+ </xs:annotation>
+ <xs:sequence minOccurs="1" maxOccurs="1">
+ <xs:element name="keyStore" type="KeyStoreType" minOccurs="1">
+ <xs:annotation>
+ <xs:documentation>
+ This element contains the KeyStore used as a
+ trust
+ store.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+ </xs:sequence>
+ <xs:attribute name="provider" type="xs:string">
+ <xs:annotation>
+ <xs:documentation>
+ This attribute contains the KeyManagers provider
+ name.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+ <xs:attribute name="factoryAlgorithm" type="xs:string">
+ <xs:annotation>
+ <xs:documentation>
+ This attribute contains the algorithm the KeyManagers Factory
+ will use in creating the KeyManagers from the KeyStore. Most
+ common examples are "PKIX".
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+ </xs:complexType>
+
+ <xs:complexType name="KeyStoreType">
+ <xs:annotation>
+ <xs:documentation>
+ A KeyStoreType represents the information needed to
+ load a collection
+ of key and certificate material from a desired
+ location.
+ The "url", "file", and "resource" attributes are intended
+ to be
+ mutually exclusive, though this assumption is not encoded in
+ schema.
+ The precedence order observed by the runtime is
+ 1) "file", 2)
+ "resource", and 3) "url".
</xs:documentation>
- </xs:annotation>
- </xs:attribute>
- <xs:attribute name="resource" type="xs:string">
- <xs:annotation>
- <xs:documentation>
- This attribute specifies the Resource location of
- the certificate store.
- This element should be a properly accessible
- on the classpath.
- Only one attribute of "url", "file", or "resource"
- is allowed.
+ </xs:annotation>
+ <xs:attribute name="type" type="xs:string">
+ <xs:annotation>
+ <xs:documentation>
+ This attribute specifies the type of the keystore.
+ It is highly correlated to the provider. Most common examples
+ are
+ "jks" "pkcs12".
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+ <xs:attribute name="password" type="xs:string">
+ <xs:annotation>
+ <xs:documentation>
+ This attribute specifies the integrity password for
+ the keystore.
+ This is not the password that unlock keys within the
+ keystore.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+ <xs:attribute name="provider" type="xs:string">
+ <xs:annotation>
+ <xs:documentation>
+ This attribute specifies the keystore
+ implementation provider.
+ Most common examples are "SUN".
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+ <xs:attribute name="url" type="xs:string">
+ <xs:annotation>
+ <xs:documentation>
+ This attribute specifies the URL location of the
+ keystore.
+ This element should be a properly accessible URL, such as
+ "http://..." "file:///...", etc. Only one attribute of
+ "url",
+ "file", or "resource" is allowed.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+ <xs:attribute name="file" type="xs:string">
+ <xs:annotation>
+ <xs:documentation>
+ This attribute specifies the File location of the
+ keystore.
+ This element should be a properly accessible file from the
+ working directory. Only one attribute of
+ "url", "file", or
+ "resource" is allowed.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+ <xs:attribute name="resource" type="xs:string">
+ <xs:annotation>
+ <xs:documentation>
+ This attribute specifies the Resource location of
+ the keystore.
+ This element should be a properly accessible on the
+ classpath.
+ Only one attribute of "url", "file", or "resource" is
+ allowed.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+ </xs:complexType>
+
+ <xs:complexType name="CertStoreType">
+ <xs:annotation>
+ <xs:documentation>
+ A CertStoreType represents a catenated sequence of
+ X.509 certificates,
+ in PEM or DER format.
+ The "url", "file", and
+ "resource" attributes are intended to be
+ mutually exclusive, though
+ this assumption is not encoded in schema.
+ The precedence order
+ observed by the runtime is
+ 1) "file", 2) "resource", and 3) "url".
</xs:documentation>
- </xs:annotation>
- </xs:attribute>
- <xs:attribute name="url" type="xs:string">
- <xs:annotation>
- <xs:documentation>
- This attribute specifies the URL location of the
- certificate store.
- This element should be a properly accessible URL,
- such as
- "http://..." "file:///...", etc. Only one attribute of
- "url", "file", or "resource" is allowed.
+ </xs:annotation>
+ <xs:attribute name="file" type="xs:string">
+ <xs:annotation>
+ <xs:documentation>
+ This attribute specifies the File location of the
+ certificate store.
+ This element should be a properly accessible file
+ from the working directory. Only one attribute of
+ "url", "file", or
+ "resource" is allowed.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+ <xs:attribute name="resource" type="xs:string">
+ <xs:annotation>
+ <xs:documentation>
+ This attribute specifies the Resource location of
+ the certificate store.
+ This element should be a properly accessible
+ on the classpath.
+ Only one attribute of "url", "file", or "resource"
+ is allowed.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+ <xs:attribute name="url" type="xs:string">
+ <xs:annotation>
+ <xs:documentation>
+ This attribute specifies the URL location of the
+ certificate store.
+ This element should be a properly accessible URL,
+ such as
+ "http://..." "file:///...", etc. Only one attribute of
+ "url", "file", or "resource" is allowed.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+ </xs:complexType>
+
+
+
+ <xs:complexType name="KeyManagersType">
+ <xs:annotation>
+ <xs:documentation>
+ This structure specifies the JSSE based KeyManagers
+ for a single Keystore.
</xs:documentation>
- </xs:annotation>
- </xs:attribute>
- </xs:complexType>
-
-
-
- <xs:complexType name="KeyManagersType">
- <xs:annotation>
- <xs:documentation>
- This structure specifies the JSSE based KeyManagers
- for a single Keystore.
- </xs:documentation>
- </xs:annotation>
-
- <xs:sequence>
- <xs:element name="keyStore" type="KeyStoreType" minOccurs="0">
- <xs:annotation>
- <xs:documentation>
- This element specified the Keystore for these
- JSSE KeyManagers.
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- </xs:sequence>
- <xs:attribute name="keyPassword" type="xs:string">
- <xs:annotation>
- <xs:documentation>
- This attribute contains the password that unlocks
- the keys within the keystore.
+ </xs:annotation>
+
+ <xs:sequence>
+ <xs:element name="keyStore" type="KeyStoreType" minOccurs="0">
+ <xs:annotation>
+ <xs:documentation>
+ This element specified the Keystore for these
+ JSSE KeyManagers.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+ </xs:sequence>
+ <xs:attribute name="keyPassword" type="xs:string">
+ <xs:annotation>
+ <xs:documentation>
+ This attribute contains the password that unlocks
+ the keys within the keystore.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+ <xs:attribute name="keyAlias" type="xs:string">
+ <xs:annotation>
+ <xs:documentation>
+ This attribute contains the alias of the selected
+ key within the keystore.
</xs:documentation>
- </xs:annotation>
- </xs:attribute>
- <xs:attribute name="keyAlias" type="xs:string">
- <xs:annotation>
- <xs:documentation>
- This attribute contains the alias of the selected
- key within the keystore.
+ </xs:annotation>
+ </xs:attribute>
+
+ <xs:attribute name="provider" type="xs:string">
+ <xs:annotation>
+ <xs:documentation>
+ This attribute contains the KeyManagers provider name.
</xs:documentation>
- </xs:annotation>
- </xs:attribute>
-
- <xs:attribute name="provider" type="xs:string">
- <xs:annotation>
- <xs:documentation>
- This attribute contains the KeyManagers provider name.
- </xs:documentation>
- </xs:annotation>
- </xs:attribute>
- <xs:attribute name="factoryAlgorithm" type="xs:string">
- <xs:annotation>
- <xs:documentation>
- This attribute contains the algorithm the KeyManagers Factory
- will use in creating the KeyManagers from the KeyStore. Most
- common examples are "PKIX".
+ </xs:annotation>
+ </xs:attribute>
+ <xs:attribute name="factoryAlgorithm" type="xs:string">
+ <xs:annotation>
+ <xs:documentation>
+ This attribute contains the algorithm the KeyManagers Factory
+ will use in creating the KeyManagers from the KeyStore. Most
+ common examples are "PKIX".
</xs:documentation>
- </xs:annotation>
- </xs:attribute>
- </xs:complexType>
+ </xs:annotation>
+ </xs:attribute>
+ </xs:complexType>
</xs:schema>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/plugins/core/src/test/resources/RSTR.formatted.xml
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/resources/RSTR.formatted.xml b/plugins/core/src/test/resources/RSTR.formatted.xml
index 1390f3a..90c5214 100644
--- a/plugins/core/src/test/resources/RSTR.formatted.xml
+++ b/plugins/core/src/test/resources/RSTR.formatted.xml
@@ -1,107 +1,92 @@
<!-- DO NOT REFORMAT THIS XML DOCUMENT AS IT BREAKS THE SAML SIGNTATURE VALIDATION -->
-<RequestSecurityTokenResponseCollection
- xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512"
- xmlns:ns2="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
- xmlns:ns3="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
- xmlns:ns4="http://www.w3.org/2005/08/addressing" xmlns:ns5="http://docs.oasis-open.org/ws-sx/ws-trust/200802">
- <RequestSecurityTokenResponse>
- <TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
- </TokenType>
- <RequestedSecurityToken>
- <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
- xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- ID="_93FDCC53AC1D5AE3EB131849544559910" IssueInstant="2011-10-13T08:44:05.599Z"
- Version="2.0" xsi:type="saml2:AssertionType">
- <saml2:Issuer>DoubleItSTSIssuer</saml2:Issuer>
- <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
- <ds:SignedInfo>
- <ds:CanonicalizationMethod
- Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
- <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
- <ds:Reference URI="#_93FDCC53AC1D5AE3EB131849544559910">
- <ds:Transforms>
- <ds:Transform
- Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
- <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
- <ec:InclusiveNamespaces
- xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs" />
- </ds:Transform>
- </ds:Transforms>
- <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
- <ds:DigestValue>3BwoTotMyMTFt40DCmi0ayEdnko=</ds:DigestValue>
- </ds:Reference>
- </ds:SignedInfo>
- <ds:SignatureValue>bXSIwaG+e2hDdpdDkciR3pjLbbpCLD/XwS+CezMygN/w2g1trgyaIlfkUvyAXVyk5ULJH9s+fFuecPgRm2n2JePm8Up2oZ0+vAJ6fvwQxbhhpuGz8j+OkVr11rGMjpVo1tFSVQNlq183blHVjjDQhGBl7TvoKAZsSGnhzoHclEY=
- </ds:SignatureValue>
- <ds:KeyInfo>
- <ds:X509Data>
- <ds:X509Certificate>MIID5jCCA0+gAwIBAgIJAPahVdM2UPibMA0GCSqGSIb3DQEBBQUAMIGpMQswCQYDVQQGEwJVUzERMA8GA1UECBMITWFyeWxhbmQxEjAQBgNVBAcTCUJhbHRpbW9yZTEpMCcGA1UEChMgU2FtcGxlIFNUUyAtLSBOT1QgRk9SIFBST0RVQ1RJT04xFjAUBgNVBAsTDUlUIERlcGFydG1lbnQxFDASBgNVBAMTC3d3dy5zdHMuY29tMRowGAYJKoZIhvcNAQkBFgtzdHNAc3RzLmNvbTAeFw0xMTAyMDkxODM4MTNaFw0yMTAyMDYxODM4MTNaMIGpMQswCQYDVQQGEwJVUzERMA8GA1UECBMITWFyeWxhbmQxEjAQBgNVBAcTCUJhbHRpbW9yZTEpMCcGA1UEChMgU2FtcGxlIFNUUyAtLSBOT1QgRk9SIFBST0RVQ1RJT04xFjAUBgNVBAsTDUlUIERlcGFydG1lbnQxFDASBgNVBAMTC3d3dy5zdHMuY29tMRowGAYJKoZIhvcNAQkBFgtzdHNAc3RzLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo+f8gs4WcteLdSPWPm8+ciyEz7zVmA7kcCGFQQvlO0smxRViWJ1x+yniT5Uu86UrAQjxRJyANBomQrirfE7KPrnCm6iVOsGDEntuIZAf7DFPnrv5p++jAZQuR3vm4ZHXFOFTXmI+/FD5AqLfNi17xiTxZCDYyDdD39CNFTrB2PkCAwEAAaOCARIwggEOMB0GA1UdDgQWBBRa0A38holQIbJMFW7m5ZSw+iVDHDCB3gYDVR0jBIHWMIHTgBRa0A38holQIbJMFW7m5ZSw+iVDHKGBr6SBrDCBqTELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE1hcnlsYW5kMRIwEAYDVQQHEwlCYWx0aW1vcmUxKTAnBgNVBAoTIFNhbX
BsZSBTVFMgLS0gTk9UIEZPUiBQUk9EVUNUSU9OMRYwFAYDVQQLEw1JVCBEZXBhcnRtZW50MRQwEgYDVQQDEwt3d3cuc3RzLmNvbTEaMBgGCSqGSIb3DQEJARYLc3RzQHN0cy5jb22CCQD2oVXTNlD4mzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBACp9yK1I9r++pyFT0yrcaV1m1Sub6urJH+GxQLBaTnTsaPLuzq2gIsJHpwk5XggB+IDe69iKKeb74Vt8aOe5usIWVASgi9ckqCwdfTqYu6KG9BlezqHZdExnIG2v/cD/3NkKr7O/a7DjlbE6FZ4G1nrOfVJkjmeAa6txtYm1Dm/f
- </ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
- </ds:Signature>
- <saml2:Subject>
- <saml2:NameID
- Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
- NameQualifier="http://cxf.apache.org/sts">alice</saml2:NameID>
- <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer" />
- </saml2:Subject>
- <saml2:Conditions NotBefore="2011-10-13T08:44:05.600Z"
- NotOnOrAfter="2011-10-13T08:49:05.600Z">
- <saml2:AudienceRestriction>
- <saml2:Audience>http://localhost:8080/wsfedhelloworld/
- </saml2:Audience>
- </saml2:AudienceRestriction>
- </saml2:Conditions>
- <saml2:AttributeStatement>
- <saml2:Attribute Name="givenname"
- NameFormat="http://schemas.xmlsoap.org/ws/2005/05/identity/claims">
- <saml2:AttributeValue xsi:type="xs:string">Alice
- </saml2:AttributeValue>
- </saml2:Attribute>
- <saml2:Attribute Name="surname"
- NameFormat="http://schemas.xmlsoap.org/ws/2005/05/identity/claims">
- <saml2:AttributeValue xsi:type="xs:string">Smith
- </saml2:AttributeValue>
- </saml2:Attribute>
- <saml2:Attribute Name="emailaddress"
- NameFormat="http://schemas.xmlsoap.org/ws/2005/05/identity/claims">
- <saml2:AttributeValue xsi:type="xs:string">alice@mycompany.org
- </saml2:AttributeValue>
- </saml2:Attribute>
- <saml2:Attribute Name="role"
- NameFormat="http://schemas.xmlsoap.org/ws/2005/05/identity/claims">
- <saml2:AttributeValue xsi:type="xs:string">User
- </saml2:AttributeValue>
- </saml2:Attribute>
- </saml2:AttributeStatement>
- </saml2:Assertion>
- </RequestedSecurityToken>
- <RequestedAttachedReference>
- <ns3:SecurityTokenReference
- xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
- wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0">
- <ns3:KeyIdentifier
- ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">#_93FDCC53AC1D5AE3EB131849544559910</ns3:KeyIdentifier>
- </ns3:SecurityTokenReference>
- </RequestedAttachedReference>
- <RequestedUnattachedReference>
- <ns3:SecurityTokenReference
- xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
- wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0">
- <ns3:KeyIdentifier
- ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">_93FDCC53AC1D5AE3EB131849544559910</ns3:KeyIdentifier>
- </ns3:SecurityTokenReference>
- </RequestedUnattachedReference>
- <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
- <wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
- <wsa:Address>http://localhost:8080/wsfedhelloworld/</wsa:Address>
- </wsa:EndpointReference>
- </wsp:AppliesTo>
- <Lifetime>
- <ns2:Created>2011-10-13T08:44:05.608Z</ns2:Created>
- <ns2:Expires>2011-10-13T08:49:05.608Z</ns2:Expires>
- </Lifetime>
- </RequestSecurityTokenResponse>
+<RequestSecurityTokenResponseCollection xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512"
+ xmlns:ns2="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:ns3="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
+ xmlns:ns4="http://www.w3.org/2005/08/addressing" xmlns:ns5="http://docs.oasis-open.org/ws-sx/ws-trust/200802">
+ <RequestSecurityTokenResponse>
+ <TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
+ </TokenType>
+ <RequestedSecurityToken>
+ <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="_93FDCC53AC1D5AE3EB131849544559910"
+ IssueInstant="2011-10-13T08:44:05.599Z" Version="2.0" xsi:type="saml2:AssertionType">
+ <saml2:Issuer>DoubleItSTSIssuer</saml2:Issuer>
+ <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:SignedInfo>
+ <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
+ <ds:Reference URI="#_93FDCC53AC1D5AE3EB131849544559910">
+ <ds:Transforms>
+ <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+ <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+ <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
+ PrefixList="xs" />
+ </ds:Transform>
+ </ds:Transforms>
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <ds:DigestValue>3BwoTotMyMTFt40DCmi0ayEdnko=</ds:DigestValue>
+ </ds:Reference>
+ </ds:SignedInfo>
+ <ds:SignatureValue>bXSIwaG+e2hDdpdDkciR3pjLbbpCLD/XwS+CezMygN/w2g1trgyaIlfkUvyAXVyk5ULJH9s+fFuecPgRm2n2JePm8Up2oZ0+vAJ6fvwQxbhhpuGz8j+OkVr11rGMjpVo1tFSVQNlq183blHVjjDQhGBl7TvoKAZsSGnhzoHclEY=
+ </ds:SignatureValue>
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>MIID5jCCA0+gAwIBAgIJAPahVdM2UPibMA0GCSqGSIb3DQEBBQUAMIGpMQswCQYDVQQGEwJVUzERMA8GA1UECBMITWFyeWxhbmQxEjAQBgNVBAcTCUJhbHRpbW9yZTEpMCcGA1UEChMgU2FtcGxlIFNUUyAtLSBOT1QgRk9SIFBST0RVQ1RJT04xFjAUBgNVBAsTDUlUIERlcGFydG1lbnQxFDASBgNVBAMTC3d3dy5zdHMuY29tMRowGAYJKoZIhvcNAQkBFgtzdHNAc3RzLmNvbTAeFw0xMTAyMDkxODM4MTNaFw0yMTAyMDYxODM4MTNaMIGpMQswCQYDVQQGEwJVUzERMA8GA1UECBMITWFyeWxhbmQxEjAQBgNVBAcTCUJhbHRpbW9yZTEpMCcGA1UEChMgU2FtcGxlIFNUUyAtLSBOT1QgRk9SIFBST0RVQ1RJT04xFjAUBgNVBAsTDUlUIERlcGFydG1lbnQxFDASBgNVBAMTC3d3dy5zdHMuY29tMRowGAYJKoZIhvcNAQkBFgtzdHNAc3RzLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo+f8gs4WcteLdSPWPm8+ciyEz7zVmA7kcCGFQQvlO0smxRViWJ1x+yniT5Uu86UrAQjxRJyANBomQrirfE7KPrnCm6iVOsGDEntuIZAf7DFPnrv5p++jAZQuR3vm4ZHXFOFTXmI+/FD5AqLfNi17xiTxZCDYyDdD39CNFTrB2PkCAwEAAaOCARIwggEOMB0GA1UdDgQWBBRa0A38holQIbJMFW7m5ZSw+iVDHDCB3gYDVR0jBIHWMIHTgBRa0A38holQIbJMFW7m5ZSw+iVDHKGBr6SBrDCBqTELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE1hcnlsYW5kMRIwEAYDVQQHEwlCYWx0aW1vc
mUxKTAnBgNVBAoTIFNhbXBsZSBTVFMgLS0gTk9UIEZPUiBQUk9EVUNUSU9OMRYwFAYDVQQLEw1JVCBEZXBhcnRtZW50MRQwEgYDVQQDEwt3d3cuc3RzLmNvbTEaMBgGCSqGSIb3DQEJARYLc3RzQHN0cy5jb22CCQD2oVXTNlD4mzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBACp9yK1I9r++pyFT0yrcaV1m1Sub6urJH+GxQLBaTnTsaPLuzq2gIsJHpwk5XggB+IDe69iKKeb74Vt8aOe5usIWVASgi9ckqCwdfTqYu6KG9BlezqHZdExnIG2v/cD/3NkKr7O/a7DjlbE6FZ4G1nrOfVJkjmeAa6txtYm1Dm/f
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </ds:Signature>
+ <saml2:Subject>
+ <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
+ NameQualifier="http://cxf.apache.org/sts">alice</saml2:NameID>
+ <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer" />
+ </saml2:Subject>
+ <saml2:Conditions NotBefore="2011-10-13T08:44:05.600Z" NotOnOrAfter="2011-10-13T08:49:05.600Z">
+ <saml2:AudienceRestriction>
+ <saml2:Audience>http://localhost:8080/wsfedhelloworld/
+ </saml2:Audience>
+ </saml2:AudienceRestriction>
+ </saml2:Conditions>
+ <saml2:AttributeStatement>
+ <saml2:Attribute Name="givenname" NameFormat="http://schemas.xmlsoap.org/ws/2005/05/identity/claims">
+ <saml2:AttributeValue xsi:type="xs:string">Alice
+ </saml2:AttributeValue>
+ </saml2:Attribute>
+ <saml2:Attribute Name="surname" NameFormat="http://schemas.xmlsoap.org/ws/2005/05/identity/claims">
+ <saml2:AttributeValue xsi:type="xs:string">Smith
+ </saml2:AttributeValue>
+ </saml2:Attribute>
+ <saml2:Attribute Name="emailaddress" NameFormat="http://schemas.xmlsoap.org/ws/2005/05/identity/claims">
+ <saml2:AttributeValue xsi:type="xs:string">alice@mycompany.org
+ </saml2:AttributeValue>
+ </saml2:Attribute>
+ <saml2:Attribute Name="role" NameFormat="http://schemas.xmlsoap.org/ws/2005/05/identity/claims">
+ <saml2:AttributeValue xsi:type="xs:string">User
+ </saml2:AttributeValue>
+ </saml2:Attribute>
+ </saml2:AttributeStatement>
+ </saml2:Assertion>
+ </RequestedSecurityToken>
+ <RequestedAttachedReference>
+ <ns3:SecurityTokenReference xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
+ wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0">
+ <ns3:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">#_93FDCC53AC1D5AE3EB131849544559910</ns3:KeyIdentifier>
+ </ns3:SecurityTokenReference>
+ </RequestedAttachedReference>
+ <RequestedUnattachedReference>
+ <ns3:SecurityTokenReference xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
+ wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0">
+ <ns3:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">_93FDCC53AC1D5AE3EB131849544559910</ns3:KeyIdentifier>
+ </ns3:SecurityTokenReference>
+ </RequestedUnattachedReference>
+ <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
+ <wsa:Address>http://localhost:8080/wsfedhelloworld/</wsa:Address>
+ </wsa:EndpointReference>
+ </wsp:AppliesTo>
+ <Lifetime>
+ <ns2:Created>2011-10-13T08:44:05.608Z</ns2:Created>
+ <ns2:Expires>2011-10-13T08:49:05.608Z</ns2:Expires>
+ </Lifetime>
+ </RequestSecurityTokenResponse>
</RequestSecurityTokenResponseCollection>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/plugins/core/src/test/resources/fediz_meta_test_config.xml
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/resources/fediz_meta_test_config.xml b/plugins/core/src/test/resources/fediz_meta_test_config.xml
index cea7c63..f2619bc 100644
--- a/plugins/core/src/test/resources/fediz_meta_test_config.xml
+++ b/plugins/core/src/test/resources/fediz_meta_test_config.xml
@@ -1,106 +1,104 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<FedizConfig>
- <contextConfig name="ROOT">
- <audienceUris>
- <audienceItem>http://Server:Port/value from first audienceUri config property</audienceItem>
- </audienceUris>
- <certificateStores>
- <trustManager>
- <keyStore file="ststrust.jks" password="storepass"
- type="JKS" />
- </trustManager>
- </certificateStores>
- <trustedIssuers>
- <issuer certificateValidation="PeerTrust" />
- </trustedIssuers>
- <maximumClockSkew>1000</maximumClockSkew>
- <signingKey keyAlias="mystskey" keyPassword="stskpass">
- <keyStore file="stsstore.jks" password="stsspass" type="JKS" />
- </signingKey>
- <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:type="federationProtocolType" version="1.2">
- <realm>http://Server:Port/value from protocol.realm config property </realm>
- <applicationServiceURL>http://Server:port/value from protocol.applicationServiceURL config property</applicationServiceURL>
- <issuer>http://Server:Port/value from protocol.issuer config property</issuer>
- <roleDelimiter>;</roleDelimiter>
- <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
- <authenticationType value="some auth type" type="String" />
- <homeRealm type="Class">org.apache.fediz.realm.MyHomeRealm.class</homeRealm>
- <freshness>10000</freshness>
- <reply>reply value</reply>
- <request>REQUEST</request>
- <claimTypesRequested>
- <claimType type="a particular claim type" optional="true" />
- <claimType type="another optional claim type" optional="true" />
- <claimType type="and an mandatory claim type" optional="false" />
- </claimTypesRequested>
- </protocol>
- </contextConfig>
- <contextConfig name="ROOT_NO_KEY">
- <audienceUris>
- <audienceItem>http://Server:Port/value from first audienceUri config property</audienceItem>
- </audienceUris>
- <certificateStores>
- <trustManager>
- <keyStore file="ststrust.jks" password="storepass"
- type="JKS" />
- </trustManager>
- </certificateStores>
- <trustedIssuers>
- <issuer certificateValidation="PeerTrust" />
- </trustedIssuers>
- <maximumClockSkew>1000</maximumClockSkew>
- <signingKey keyPassword="stskpass">
- <keyStore file="stsstore.jks" password="stsspass" type="JKS" />
- </signingKey>
- <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:type="federationProtocolType" version="1.2">
- <realm>http://Server:Port/value from protocol.realm config property </realm>
- <issuer>http://Server:Port/value from protocol.issuer config property</issuer>
- <roleDelimiter>;</roleDelimiter>
- <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
- <authenticationType value="some auth type" type="String" />
- <homeRealm type="Class">org.apache.fediz.realm.MyHomeRealm.class</homeRealm>
- <freshness>10000</freshness>
- <reply>reply value</reply>
- <request>REQUEST</request>
- <claimTypesRequested>
- <claimType type="a particular claim type" optional="true" />
- <claimType type="another optional claim type" optional="true" />
- <claimType type="and an mandatory claim type" optional="false" />
- </claimTypesRequested>
- </protocol>
- </contextConfig>
- <contextConfig name="ROOT_NO_SIGNINGKEY">
- <audienceUris>
- <audienceItem>http://Server:Port/value from first audienceUri config property</audienceItem>
- </audienceUris>
- <certificateStores>
- <trustManager>
- <keyStore file="ststrust.jks" password="storepass"
- type="JKS" />
- </trustManager>
- </certificateStores>
- <trustedIssuers>
- <issuer certificateValidation="PeerTrust" />
- </trustedIssuers>
- <maximumClockSkew>1000</maximumClockSkew>
- <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:type="federationProtocolType" version="1.2">
- <realm>http://Server:Port/value from protocol.realm config property </realm>
- <issuer>http://Server:Port/value from protocol.issuer config property</issuer>
- <roleDelimiter>;</roleDelimiter>
- <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
- <authenticationType value="some auth type" type="String" />
- <homeRealm type="Class">org.apache.fediz.realm.MyHomeRealm.class</homeRealm>
- <freshness>10000</freshness>
- <reply>reply value</reply>
- <request>REQUEST</request>
- <claimTypesRequested>
- <claimType type="a particular claim type" optional="true" />
- <claimType type="another optional claim type" optional="true" />
- <claimType type="and an mandatory claim type" optional="false" />
- </claimTypesRequested>
- </protocol>
- </contextConfig>
+ <contextConfig name="ROOT">
+ <audienceUris>
+ <audienceItem>http://Server:Port/value from first audienceUri config property</audienceItem>
+ </audienceUris>
+ <certificateStores>
+ <trustManager>
+ <keyStore file="ststrust.jks" password="storepass" type="JKS" />
+ </trustManager>
+ </certificateStores>
+ <trustedIssuers>
+ <issuer certificateValidation="PeerTrust" />
+ </trustedIssuers>
+ <maximumClockSkew>1000</maximumClockSkew>
+ <signingKey keyAlias="mystskey" keyPassword="stskpass">
+ <keyStore file="stsstore.jks" password="stsspass" type="JKS" />
+ </signingKey>
+ <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="federationProtocolType"
+ version="1.2">
+ <realm>http://Server:Port/value from protocol.realm config property </realm>
+ <applicationServiceURL>http://Server:port/value from protocol.applicationServiceURL config property
+ </applicationServiceURL>
+ <issuer>http://Server:Port/value from protocol.issuer config property</issuer>
+ <roleDelimiter>;</roleDelimiter>
+ <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+ <authenticationType value="some auth type" type="String" />
+ <homeRealm type="Class">org.apache.fediz.realm.MyHomeRealm.class</homeRealm>
+ <freshness>10000</freshness>
+ <reply>reply value</reply>
+ <request>REQUEST</request>
+ <claimTypesRequested>
+ <claimType type="a particular claim type" optional="true" />
+ <claimType type="another optional claim type" optional="true" />
+ <claimType type="and an mandatory claim type" optional="false" />
+ </claimTypesRequested>
+ </protocol>
+ </contextConfig>
+ <contextConfig name="ROOT_NO_KEY">
+ <audienceUris>
+ <audienceItem>http://Server:Port/value from first audienceUri config property</audienceItem>
+ </audienceUris>
+ <certificateStores>
+ <trustManager>
+ <keyStore file="ststrust.jks" password="storepass" type="JKS" />
+ </trustManager>
+ </certificateStores>
+ <trustedIssuers>
+ <issuer certificateValidation="PeerTrust" />
+ </trustedIssuers>
+ <maximumClockSkew>1000</maximumClockSkew>
+ <signingKey keyPassword="stskpass">
+ <keyStore file="stsstore.jks" password="stsspass" type="JKS" />
+ </signingKey>
+ <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="federationProtocolType"
+ version="1.2">
+ <realm>http://Server:Port/value from protocol.realm config property </realm>
+ <issuer>http://Server:Port/value from protocol.issuer config property</issuer>
+ <roleDelimiter>;</roleDelimiter>
+ <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+ <authenticationType value="some auth type" type="String" />
+ <homeRealm type="Class">org.apache.fediz.realm.MyHomeRealm.class</homeRealm>
+ <freshness>10000</freshness>
+ <reply>reply value</reply>
+ <request>REQUEST</request>
+ <claimTypesRequested>
+ <claimType type="a particular claim type" optional="true" />
+ <claimType type="another optional claim type" optional="true" />
+ <claimType type="and an mandatory claim type" optional="false" />
+ </claimTypesRequested>
+ </protocol>
+ </contextConfig>
+ <contextConfig name="ROOT_NO_SIGNINGKEY">
+ <audienceUris>
+ <audienceItem>http://Server:Port/value from first audienceUri config property</audienceItem>
+ </audienceUris>
+ <certificateStores>
+ <trustManager>
+ <keyStore file="ststrust.jks" password="storepass" type="JKS" />
+ </trustManager>
+ </certificateStores>
+ <trustedIssuers>
+ <issuer certificateValidation="PeerTrust" />
+ </trustedIssuers>
+ <maximumClockSkew>1000</maximumClockSkew>
+ <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="federationProtocolType"
+ version="1.2">
+ <realm>http://Server:Port/value from protocol.realm config property </realm>
+ <issuer>http://Server:Port/value from protocol.issuer config property</issuer>
+ <roleDelimiter>;</roleDelimiter>
+ <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+ <authenticationType value="some auth type" type="String" />
+ <homeRealm type="Class">org.apache.fediz.realm.MyHomeRealm.class</homeRealm>
+ <freshness>10000</freshness>
+ <reply>reply value</reply>
+ <request>REQUEST</request>
+ <claimTypesRequested>
+ <claimType type="a particular claim type" optional="true" />
+ <claimType type="another optional claim type" optional="true" />
+ <claimType type="and an mandatory claim type" optional="false" />
+ </claimTypesRequested>
+ </protocol>
+ </contextConfig>
</FedizConfig>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/plugins/core/src/test/resources/fediz_meta_test_config_saml.xml
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/resources/fediz_meta_test_config_saml.xml b/plugins/core/src/test/resources/fediz_meta_test_config_saml.xml
index 2151ce5..96c94a2 100644
--- a/plugins/core/src/test/resources/fediz_meta_test_config_saml.xml
+++ b/plugins/core/src/test/resources/fediz_meta_test_config_saml.xml
@@ -1,90 +1,84 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<FedizConfig>
- <contextConfig name="ROOT">
- <audienceUris>
- <audienceItem>http://Server:Port/value from first audienceUri config property</audienceItem>
- </audienceUris>
- <certificateStores>
- <trustManager>
- <keyStore file="ststrust.jks" password="storepass"
- type="JKS" />
- </trustManager>
- </certificateStores>
- <trustedIssuers>
- <issuer certificateValidation="PeerTrust" />
- </trustedIssuers>
- <maximumClockSkew>1000</maximumClockSkew>
- <signingKey keyAlias="mystskey" keyPassword="stskpass">
- <keyStore file="stsstore.jks" password="stsspass" type="JKS" />
- </signingKey>
- <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:type="samlProtocolType" version="1.2">
- <issuer>http://url_to_the_issuer</issuer>
- <roleDelimiter>;</roleDelimiter>
- <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
- <claimTypesRequested>
- <claimType type="a particular claim type" optional="true" />
- </claimTypesRequested>
- <signRequest>true</signRequest>
- </protocol>
- <logoutURL>/secure/logout</logoutURL>
+ <contextConfig name="ROOT">
+ <audienceUris>
+ <audienceItem>http://Server:Port/value from first audienceUri config property</audienceItem>
+ </audienceUris>
+ <certificateStores>
+ <trustManager>
+ <keyStore file="ststrust.jks" password="storepass" type="JKS" />
+ </trustManager>
+ </certificateStores>
+ <trustedIssuers>
+ <issuer certificateValidation="PeerTrust" />
+ </trustedIssuers>
+ <maximumClockSkew>1000</maximumClockSkew>
+ <signingKey keyAlias="mystskey" keyPassword="stskpass">
+ <keyStore file="stsstore.jks" password="stsspass" type="JKS" />
+ </signingKey>
+ <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="samlProtocolType" version="1.2">
+ <issuer>http://url_to_the_issuer</issuer>
+ <roleDelimiter>;</roleDelimiter>
+ <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+ <claimTypesRequested>
+ <claimType type="a particular claim type" optional="true" />
+ </claimTypesRequested>
+ <signRequest>true</signRequest>
+ </protocol>
+ <logoutURL>/secure/logout</logoutURL>
<logoutRedirectTo>/index.html</logoutRedirectTo>
- </contextConfig>
- <contextConfig name="ROOT_NO_KEY">
- <audienceUris>
- <audienceItem>http://Server:Port/value from first audienceUri config property</audienceItem>
- </audienceUris>
- <certificateStores>
- <trustManager>
- <keyStore file="ststrust.jks" password="storepass"
- type="JKS" />
- </trustManager>
- </certificateStores>
- <trustedIssuers>
- <issuer certificateValidation="PeerTrust" />
- </trustedIssuers>
- <maximumClockSkew>1000</maximumClockSkew>
- <signingKey keyPassword="stskpass">
- <keyStore file="stsstore.jks" password="stsspass" type="JKS" />
- </signingKey>
- <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:type="samlProtocolType" version="1.2">
- <issuer>http://url_to_the_issuer</issuer>
- <roleDelimiter>;</roleDelimiter>
- <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
- <claimTypesRequested>
- <claimType type="a particular claim type" optional="true" />
- </claimTypesRequested>
- <signRequest>true</signRequest>
- </protocol>
- <logoutURL>/secure/logout</logoutURL>
+ </contextConfig>
+ <contextConfig name="ROOT_NO_KEY">
+ <audienceUris>
+ <audienceItem>http://Server:Port/value from first audienceUri config property</audienceItem>
+ </audienceUris>
+ <certificateStores>
+ <trustManager>
+ <keyStore file="ststrust.jks" password="storepass" type="JKS" />
+ </trustManager>
+ </certificateStores>
+ <trustedIssuers>
+ <issuer certificateValidation="PeerTrust" />
+ </trustedIssuers>
+ <maximumClockSkew>1000</maximumClockSkew>
+ <signingKey keyPassword="stskpass">
+ <keyStore file="stsstore.jks" password="stsspass" type="JKS" />
+ </signingKey>
+ <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="samlProtocolType" version="1.2">
+ <issuer>http://url_to_the_issuer</issuer>
+ <roleDelimiter>;</roleDelimiter>
+ <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+ <claimTypesRequested>
+ <claimType type="a particular claim type" optional="true" />
+ </claimTypesRequested>
+ <signRequest>true</signRequest>
+ </protocol>
+ <logoutURL>/secure/logout</logoutURL>
<logoutRedirectTo>/index.html</logoutRedirectTo>
- </contextConfig>
- <contextConfig name="ROOT_NO_SIGNINGKEY">
- <audienceUris>
- <audienceItem>http://Server:Port/value from first audienceUri config property</audienceItem>
- </audienceUris>
- <certificateStores>
- <trustManager>
- <keyStore file="ststrust.jks" password="storepass"
- type="JKS" />
- </trustManager>
- </certificateStores>
- <trustedIssuers>
- <issuer certificateValidation="PeerTrust" />
- </trustedIssuers>
- <maximumClockSkew>1000</maximumClockSkew>
- <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:type="samlProtocolType" version="1.2">
- <issuer>http://url_to_the_issuer</issuer>
- <roleDelimiter>;</roleDelimiter>
- <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
- <claimTypesRequested>
- <claimType type="a particular claim type" optional="true" />
- </claimTypesRequested>
- <signRequest>true</signRequest>
- </protocol>
- <logoutURL>/secure/logout</logoutURL>
+ </contextConfig>
+ <contextConfig name="ROOT_NO_SIGNINGKEY">
+ <audienceUris>
+ <audienceItem>http://Server:Port/value from first audienceUri config property</audienceItem>
+ </audienceUris>
+ <certificateStores>
+ <trustManager>
+ <keyStore file="ststrust.jks" password="storepass" type="JKS" />
+ </trustManager>
+ </certificateStores>
+ <trustedIssuers>
+ <issuer certificateValidation="PeerTrust" />
+ </trustedIssuers>
+ <maximumClockSkew>1000</maximumClockSkew>
+ <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="samlProtocolType" version="1.2">
+ <issuer>http://url_to_the_issuer</issuer>
+ <roleDelimiter>;</roleDelimiter>
+ <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+ <claimTypesRequested>
+ <claimType type="a particular claim type" optional="true" />
+ </claimTypesRequested>
+ <signRequest>true</signRequest>
+ </protocol>
+ <logoutURL>/secure/logout</logoutURL>
<logoutRedirectTo>/index.html</logoutRedirectTo>
- </contextConfig>
+ </contextConfig>
</FedizConfig>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/plugins/pom.xml
----------------------------------------------------------------------
diff --git a/plugins/pom.xml b/plugins/pom.xml
index fc76665..e81424c 100644
--- a/plugins/pom.xml
+++ b/plugins/pom.xml
@@ -31,7 +31,7 @@
<modules>
<module>core</module>
- <module>tomcat</module>
+ <module>tomcat7</module>
<module>jetty</module>
<module>spring</module>
<module>spring2</module>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/plugins/tomcat/README.txt
----------------------------------------------------------------------
diff --git a/plugins/tomcat/README.txt b/plugins/tomcat/README.txt
deleted file mode 100644
index 94565bb..0000000
--- a/plugins/tomcat/README.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-Fediz configuration in Tomcat
------------------------------
-
-The Tomcat installation must be updated before a Web Application can be deployed.
-
-The following wiki page gives instructions how to do that:
-http://cxf.apache.org/fediz-tomcat.html
-
-The following wiki page explains the fediz configuration which is Container independent:
-http://cxf.apache.org/fediz-configuration.html
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/plugins/tomcat/pom.xml
----------------------------------------------------------------------
diff --git a/plugins/tomcat/pom.xml b/plugins/tomcat/pom.xml
deleted file mode 100644
index 7775e10..0000000
--- a/plugins/tomcat/pom.xml
+++ /dev/null
@@ -1,78 +0,0 @@
-<?xml version="1.0"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <modelVersion>4.0.0</modelVersion>
- <parent>
- <groupId>org.apache.cxf.fediz</groupId>
- <artifactId>plugin</artifactId>
- <version>1.2.0-SNAPSHOT</version>
- <relativePath>../pom.xml</relativePath>
- </parent>
- <artifactId>fediz-tomcat</artifactId>
- <name>Apache Fediz Plugin Tomcat</name>
- <packaging>jar</packaging>
- <properties>
- <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
- </properties>
- <dependencies>
- <dependency>
- <groupId>org.apache.tomcat</groupId>
- <artifactId>tomcat-catalina</artifactId>
- <version>${tomcat.version}</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <version>${junit.version}</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf.fediz</groupId>
- <artifactId>fediz-core</artifactId>
- <version>${project.version}</version>
- <type>jar</type>
- <scope>compile</scope>
- </dependency>
- </dependencies>
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-assembly-plugin</artifactId>
- <executions>
- <execution>
- <id>zip-file</id>
- <phase>package</phase>
- <goals>
- <goal>attached</goal>
- </goals>
- <configuration>
- <descriptors>
- <descriptor>src/main/assembly/assembly.xml</descriptor>
- </descriptors>
- </configuration>
- </execution>
- </executions>
- </plugin>
- </plugins>
- </build>
-</project>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/plugins/tomcat/src/main/assembly/assembly.xml
----------------------------------------------------------------------
diff --git a/plugins/tomcat/src/main/assembly/assembly.xml b/plugins/tomcat/src/main/assembly/assembly.xml
deleted file mode 100644
index fb0d6aa..0000000
--- a/plugins/tomcat/src/main/assembly/assembly.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<assembly xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0
-http://maven.apache.org/xsd/assembly-1.1.0.xsd">
- <id>zip-with-dependencies</id>
- <formats>
- <format>zip</format>
- </formats>
- <includeBaseDirectory>false</includeBaseDirectory>
- <dependencySets>
- <dependencySet>
- <outputDirectory>/</outputDirectory>
- <useProjectArtifact>true</useProjectArtifact>
- <unpack>false</unpack>
- <scope>runtime</scope>
- </dependencySet>
- </dependencySets>
-</assembly>
[2/5] cxf-fediz git commit: Websphere Plugin improving Token Expires
handling
Posted by jb...@apache.org.
Websphere Plugin improving Token Expires handling
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/3ae95b5b
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/3ae95b5b
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/3ae95b5b
Branch: refs/heads/master
Commit: 3ae95b5b02ac82cb0a8fc8dff56d123af3573be7
Parents: 608b6e9
Author: Jan Bernhardt <jb...@talend.com>
Authored: Tue Apr 21 21:08:41 2015 +0200
Committer: Jan Bernhardt <jb...@talend.com>
Committed: Thu Apr 23 12:11:00 2015 +0200
----------------------------------------------------------------------
plugins/websphere/pom.xml | 1 -
.../cxf/fediz/was/tai/FedizInterceptor.java | 25 ++++++++++++++------
2 files changed, 18 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3ae95b5b/plugins/websphere/pom.xml
----------------------------------------------------------------------
diff --git a/plugins/websphere/pom.xml b/plugins/websphere/pom.xml
index 18e1d80..ed24799 100644
--- a/plugins/websphere/pom.xml
+++ b/plugins/websphere/pom.xml
@@ -141,7 +141,6 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-assembly-plugin</artifactId>
- <version>2.2.1</version>
<executions>
<execution>
<id>zip-file</id>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3ae95b5b/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java
----------------------------------------------------------------------
diff --git a/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java b/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java
index 1858369..b7e4292 100644
--- a/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java
+++ b/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java
@@ -22,6 +22,7 @@ import java.io.File;
import java.io.IOException;
import java.rmi.RemoteException;
import java.util.ArrayList;
+import java.util.Date;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
@@ -260,8 +261,6 @@ public class FedizInterceptor implements TrustAssociationInterceptor {
return isTargetInterceptor;
}
- // TODO enable/disable SAML lifetime checks
-
// User not authenticated
LOG.debug("User is not yet authenticated. Fediz TAI Interceptor will be invoked");
isTargetInterceptor = true;
@@ -355,7 +354,7 @@ public class FedizInterceptor implements TrustAssociationInterceptor {
return taiResult;
}
- LOG.info("No Subject found in existing session. Redirecting to IDP");
+ LOG.info("No valid principal found in existing session. Redirecting to IDP");
redirectToIdp(req, resp, fedCtx);
return TAIResult.create(HttpServletResponse.SC_FOUND);
@@ -427,12 +426,24 @@ public class FedizInterceptor implements TrustAssociationInterceptor {
}
}
- protected boolean checkSecurityToken(FedizResponse response) {
- if (response == null) {
+ protected boolean checkSecurityToken(FedizResponse wfRes) {
+ if (wfRes == null) {
return false;
}
- long currentTime = System.currentTimeMillis();
- return response.getTokenExpires().getTime() > currentTime;
+
+ Date tokenExpires = wfRes.getTokenExpires();
+ if (tokenExpires == null) {
+ LOG.debug("Token doesn't expire");
+ return true;
+ }
+
+ Date currentTime = new Date();
+ if (!currentTime.after(tokenExpires)) {
+ return true;
+ } else {
+ LOG.warn("Token already expired since {}", tokenExpires);
+ }
+ return false;
}
protected List<String> groupIdsFromTokenRoles(FedizResponse federationResponse) {
[5/5] cxf-fediz git commit: Reducing logging noise during normal build
Posted by jb...@apache.org.
Reducing logging noise during normal build
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/fd614ac3
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/fd614ac3
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/fd614ac3
Branch: refs/heads/master
Commit: fd614ac3106c76700f6e11a5ad51e946638be8b5
Parents: cd04e4f
Author: Jan Bernhardt <jb...@talend.com>
Authored: Thu Apr 23 13:26:24 2015 +0200
Committer: Jan Bernhardt <jb...@talend.com>
Committed: Thu Apr 23 13:26:24 2015 +0200
----------------------------------------------------------------------
.../src/main/resources/logging.properties | 2 +-
.../src/main/resources/logging.properties | 2 +-
.../src/main/resources/logging.properties | 2 +-
.../core/src/test/resources/logging.properties | 6 +--
.../src/test/resources/logging.properties | 2 +-
.../main/webapp/WEB-INF/applicationContext.xml | 4 +-
.../main/webapp/WEB-INF/applicationContext.xml | 4 +-
.../src/main/webapp/WEB-INF/cxf-transport.xml | 6 ---
.../apache/cxf/fediz/sts/realms/sts-client.xml | 4 +-
.../cxf/src/test/resources/logging.properties | 2 +-
.../src/main/resources/logging.properties | 2 +-
.../main/webapp/WEB-INF/applicationContext.xml | 4 +-
.../src/main/webapp/WEB-INF/cxf-service.xml | 4 +-
.../src/test/resources/sts/cxf-transport.xml | 4 +-
.../src/test/resources/logging.properties | 2 +-
.../src/test/resources/logging.properties | 54 ++++++++++++++++++++
.../src/main/resources/logging.properties | 2 +-
.../main/webapp/WEB-INF/applicationContext.xml | 4 +-
.../src/main/webapp/WEB-INF/cxf-service.xml | 4 +-
.../src/main/resources/logging.properties | 2 +-
.../src/main/resources/log4j.properties | 2 +-
.../src/main/resources/logging.properties | 4 +-
.../src/main/resources/log4j.properties | 6 +--
.../src/main/resources/logging.properties | 4 +-
24 files changed, 90 insertions(+), 42 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fd614ac3/examples/simpleWebapp/src/main/resources/logging.properties
----------------------------------------------------------------------
diff --git a/examples/simpleWebapp/src/main/resources/logging.properties b/examples/simpleWebapp/src/main/resources/logging.properties
index 51cfbec..6a38b5e 100644
--- a/examples/simpleWebapp/src/main/resources/logging.properties
+++ b/examples/simpleWebapp/src/main/resources/logging.properties
@@ -38,7 +38,7 @@ java.util.logging.FileHandler.count = 1
java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter
# Limit the message that are printed on the console to WARNING and above.
-java.util.logging.ConsoleHandler.level = FINEST
+java.util.logging.ConsoleHandler.level = WARNING
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
java.util.logging.SimpleFormatter.format="HEL %1$tc %2$s%n%4$s: %5$s%6$s%n"
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fd614ac3/examples/websphereWebapp/src/main/resources/logging.properties
----------------------------------------------------------------------
diff --git a/examples/websphereWebapp/src/main/resources/logging.properties b/examples/websphereWebapp/src/main/resources/logging.properties
index 51cfbec..6a38b5e 100644
--- a/examples/websphereWebapp/src/main/resources/logging.properties
+++ b/examples/websphereWebapp/src/main/resources/logging.properties
@@ -38,7 +38,7 @@ java.util.logging.FileHandler.count = 1
java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter
# Limit the message that are printed on the console to WARNING and above.
-java.util.logging.ConsoleHandler.level = FINEST
+java.util.logging.ConsoleHandler.level = WARNING
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
java.util.logging.SimpleFormatter.format="HEL %1$tc %2$s%n%4$s: %5$s%6$s%n"
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fd614ac3/examples/wsclientWebapp/webapp/src/main/resources/logging.properties
----------------------------------------------------------------------
diff --git a/examples/wsclientWebapp/webapp/src/main/resources/logging.properties b/examples/wsclientWebapp/webapp/src/main/resources/logging.properties
index 51cfbec..6a38b5e 100644
--- a/examples/wsclientWebapp/webapp/src/main/resources/logging.properties
+++ b/examples/wsclientWebapp/webapp/src/main/resources/logging.properties
@@ -38,7 +38,7 @@ java.util.logging.FileHandler.count = 1
java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter
# Limit the message that are printed on the console to WARNING and above.
-java.util.logging.ConsoleHandler.level = FINEST
+java.util.logging.ConsoleHandler.level = WARNING
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
java.util.logging.SimpleFormatter.format="HEL %1$tc %2$s%n%4$s: %5$s%6$s%n"
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fd614ac3/plugins/core/src/test/resources/logging.properties
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/resources/logging.properties b/plugins/core/src/test/resources/logging.properties
index db03994..040b210 100644
--- a/plugins/core/src/test/resources/logging.properties
+++ b/plugins/core/src/test/resources/logging.properties
@@ -1,5 +1,5 @@
############################################################
-# Default Logging Configuration File
+# Default Logging Configuration File
#
# You can use a different file by specifying a filename
# with the java.util.logging.config.file system property.
@@ -7,7 +7,7 @@
############################################################
############################################################
-# Global properties
+# Global properties
############################################################
# "handlers" specifies a comma separated list of log Handler
@@ -38,7 +38,7 @@ java.util.logging.FileHandler.count = 1
java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter
# Limit the message that are printed on the console to WARNING and above.
-java.util.logging.ConsoleHandler.level = INFO
+java.util.logging.ConsoleHandler.level = WARNING
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fd614ac3/plugins/tomcat7/src/test/resources/logging.properties
----------------------------------------------------------------------
diff --git a/plugins/tomcat7/src/test/resources/logging.properties b/plugins/tomcat7/src/test/resources/logging.properties
index 3172435..992a78d 100644
--- a/plugins/tomcat7/src/test/resources/logging.properties
+++ b/plugins/tomcat7/src/test/resources/logging.properties
@@ -38,7 +38,7 @@ java.util.logging.FileHandler.count = 1
java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter
# Limit the message that are printed on the console to WARNING and above.
-java.util.logging.ConsoleHandler.level = INFO
+java.util.logging.ConsoleHandler.level = WARNING
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fd614ac3/services/idp/src/main/webapp/WEB-INF/applicationContext.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/applicationContext.xml b/services/idp/src/main/webapp/WEB-INF/applicationContext.xml
index a858236..14ca839 100644
--- a/services/idp/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/services/idp/src/main/webapp/WEB-INF/applicationContext.xml
@@ -56,11 +56,11 @@
<import resource="classpath:persistenceContext.xml" />
<import resource="classpath:restContext.xml" />
- <cxf:bus>
+ <!--cxf:bus>
<cxf:features>
<cxf:logging />
</cxf:features>
- </cxf:bus>
+ </cxf:bus-->
<http:conduit name="*.http-conduit">
<http:tlsClientParameters
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fd614ac3/services/sts/src/main/webapp/WEB-INF/applicationContext.xml
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/applicationContext.xml b/services/sts/src/main/webapp/WEB-INF/applicationContext.xml
index 0b535d8..9d341d9 100644
--- a/services/sts/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/services/sts/src/main/webapp/WEB-INF/applicationContext.xml
@@ -37,11 +37,11 @@
<import resource="classpath:META-INF/cxf/cxf.xml"/>
<import resource="cxf-transport.xml"/>
- <cxf:bus>
+ <!--cxf:bus>
<cxf:features>
<cxf:logging/>
</cxf:features>
- </cxf:bus>
+ </cxf:bus-->
</beans>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fd614ac3/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml b/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml
index 48df6bd..df71f9f 100644
--- a/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml
+++ b/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml
@@ -51,12 +51,6 @@
If built with Maven Profile 'ldap', the resource <ldap.xml> is imported -->
<import resource="${adapter.resource}.xml" />
- <cxf:bus>
- <cxf:features>
- <cxf:logging />
- </cxf:features>
- </cxf:bus>
-
<util:list id="delegationHandlers">
<bean id="samlDelegationHandler"
class="org.apache.cxf.fediz.service.sts.FedizSAMLDelegationHandler" />
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fd614ac3/services/sts/src/test/resources/org/apache/cxf/fediz/sts/realms/sts-client.xml
----------------------------------------------------------------------
diff --git a/services/sts/src/test/resources/org/apache/cxf/fediz/sts/realms/sts-client.xml b/services/sts/src/test/resources/org/apache/cxf/fediz/sts/realms/sts-client.xml
index 63f8e7b..8966a60 100644
--- a/services/sts/src/test/resources/org/apache/cxf/fediz/sts/realms/sts-client.xml
+++ b/services/sts/src/test/resources/org/apache/cxf/fediz/sts/realms/sts-client.xml
@@ -33,11 +33,11 @@
http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
- <cxf:bus>
+ <!--cxf:bus>
<cxf:features>
<cxf:logging/>
</cxf:features>
- </cxf:bus>
+ </cxf:bus-->
<http:conduit name="*.http-conduit">
<http:tlsClientParameters disableCNCheck="true">
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fd614ac3/systests/cxf/src/test/resources/logging.properties
----------------------------------------------------------------------
diff --git a/systests/cxf/src/test/resources/logging.properties b/systests/cxf/src/test/resources/logging.properties
index 7f19504..9bdaf63 100644
--- a/systests/cxf/src/test/resources/logging.properties
+++ b/systests/cxf/src/test/resources/logging.properties
@@ -57,7 +57,7 @@ java.util.logging.FileHandler.count = 1
java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter
# Limit the message that are printed on the console to WARNING and above.
-java.util.logging.ConsoleHandler.level = INFO
+java.util.logging.ConsoleHandler.level = WARNING
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fd614ac3/systests/federation/samlIdpWebapp/src/main/resources/logging.properties
----------------------------------------------------------------------
diff --git a/systests/federation/samlIdpWebapp/src/main/resources/logging.properties b/systests/federation/samlIdpWebapp/src/main/resources/logging.properties
index c185d61..20617fe 100644
--- a/systests/federation/samlIdpWebapp/src/main/resources/logging.properties
+++ b/systests/federation/samlIdpWebapp/src/main/resources/logging.properties
@@ -38,7 +38,7 @@ java.util.logging.FileHandler.count = 1
java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter
# Limit the message that are printed on the console to WARNING and above.
-java.util.logging.ConsoleHandler.level = INFO
+java.util.logging.ConsoleHandler.level = WARNING
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fd614ac3/systests/federation/samlIdpWebapp/src/main/webapp/WEB-INF/applicationContext.xml
----------------------------------------------------------------------
diff --git a/systests/federation/samlIdpWebapp/src/main/webapp/WEB-INF/applicationContext.xml b/systests/federation/samlIdpWebapp/src/main/webapp/WEB-INF/applicationContext.xml
index eea155c..7d277ae 100644
--- a/systests/federation/samlIdpWebapp/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/systests/federation/samlIdpWebapp/src/main/webapp/WEB-INF/applicationContext.xml
@@ -37,11 +37,11 @@
<import resource="classpath:META-INF/cxf/cxf.xml"/>
<import resource="cxf-service.xml"/>
- <cxf:bus>
+ <!--cxf:bus>
<cxf:features>
<cxf:logging/>
</cxf:features>
- </cxf:bus>
+ </cxf:bus-->
</beans>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fd614ac3/systests/federation/samlIdpWebapp/src/main/webapp/WEB-INF/cxf-service.xml
----------------------------------------------------------------------
diff --git a/systests/federation/samlIdpWebapp/src/main/webapp/WEB-INF/cxf-service.xml b/systests/federation/samlIdpWebapp/src/main/webapp/WEB-INF/cxf-service.xml
index 4e44578..ccce948 100644
--- a/systests/federation/samlIdpWebapp/src/main/webapp/WEB-INF/cxf-service.xml
+++ b/systests/federation/samlIdpWebapp/src/main/webapp/WEB-INF/cxf-service.xml
@@ -41,11 +41,11 @@
<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
- <cxf:bus>
+ <!--cxf:bus>
<cxf:features>
<cxf:logging/>
</cxf:features>
- </cxf:bus>
+ </cxf:bus-->
<bean id="serviceBean" class="org.apache.cxf.fediz.samlsso.example.SamlSso" />
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fd614ac3/systests/kerberos/src/test/resources/sts/cxf-transport.xml
----------------------------------------------------------------------
diff --git a/systests/kerberos/src/test/resources/sts/cxf-transport.xml b/systests/kerberos/src/test/resources/sts/cxf-transport.xml
index 478e418..85d9ca3 100644
--- a/systests/kerberos/src/test/resources/sts/cxf-transport.xml
+++ b/systests/kerberos/src/test/resources/sts/cxf-transport.xml
@@ -51,11 +51,11 @@
If built with Maven Profile 'ldap', the resource <ldap.xml> is imported -->
<import resource="kerberos.xml" />
- <cxf:bus>
+ <!--cxf:bus>
<cxf:features>
<cxf:logging />
</cxf:features>
- </cxf:bus>
+ </cxf:bus-->
<util:list id="delegationHandlers">
<bean id="samlDelegationHandler"
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fd614ac3/systests/spring/src/test/resources/logging.properties
----------------------------------------------------------------------
diff --git a/systests/spring/src/test/resources/logging.properties b/systests/spring/src/test/resources/logging.properties
index db3bee0..f4974a3 100644
--- a/systests/spring/src/test/resources/logging.properties
+++ b/systests/spring/src/test/resources/logging.properties
@@ -38,7 +38,7 @@ java.util.logging.FileHandler.count = 1
java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter
# Limit the message that are printed on the console to WARNING and above.
-java.util.logging.ConsoleHandler.level = INFO
+java.util.logging.ConsoleHandler.level = WARNING
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fd614ac3/systests/tomcat7/src/test/resources/logging.properties
----------------------------------------------------------------------
diff --git a/systests/tomcat7/src/test/resources/logging.properties b/systests/tomcat7/src/test/resources/logging.properties
new file mode 100644
index 0000000..040b210
--- /dev/null
+++ b/systests/tomcat7/src/test/resources/logging.properties
@@ -0,0 +1,54 @@
+############################################################
+# Default Logging Configuration File
+#
+# You can use a different file by specifying a filename
+# with the java.util.logging.config.file system property.
+# For example java -Djava.util.logging.config.file=myfile
+############################################################
+
+############################################################
+# Global properties
+############################################################
+
+# "handlers" specifies a comma separated list of log Handler
+# classes. These handlers will be installed during VM startup.
+# Note that these classes must be on the system classpath.
+# By default we only configure a ConsoleHandler, which will only
+# show messages at the WARNING and above levels.
+handlers= java.util.logging.ConsoleHandler
+#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler
+
+# Default global logging level.
+# This specifies which kinds of events are logged across
+# all loggers. For any given facility this global level
+# can be overridden by a facility specific level
+# Note that the ConsoleHandler also has a separate level
+# setting to limit messages printed to the console.
+.level= INFO
+
+############################################################
+# Handler specific properties.
+# Describes specific configuration info for Handlers.
+############################################################
+
+# default file output is in user's home directory.
+java.util.logging.FileHandler.pattern = %h/java%u.log
+java.util.logging.FileHandler.limit = 50000
+java.util.logging.FileHandler.count = 1
+java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter
+
+# Limit the message that are printed on the console to WARNING and above.
+java.util.logging.ConsoleHandler.level = WARNING
+java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
+
+
+############################################################
+# Facility specific properties.
+# Provides extra control for each logger.
+############################################################
+
+# For example, set the com.xyz.foo logger to only log SEVERE
+# messages:
+#com.xyz.foo.level = SEVERE
+org.apache.ws.security.level = FINEST
+org.apache.cxf.fediz.level = FINEST
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fd614ac3/systests/webapps/cxfWebapp/src/main/resources/logging.properties
----------------------------------------------------------------------
diff --git a/systests/webapps/cxfWebapp/src/main/resources/logging.properties b/systests/webapps/cxfWebapp/src/main/resources/logging.properties
index c185d61..20617fe 100644
--- a/systests/webapps/cxfWebapp/src/main/resources/logging.properties
+++ b/systests/webapps/cxfWebapp/src/main/resources/logging.properties
@@ -38,7 +38,7 @@ java.util.logging.FileHandler.count = 1
java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter
# Limit the message that are printed on the console to WARNING and above.
-java.util.logging.ConsoleHandler.level = INFO
+java.util.logging.ConsoleHandler.level = WARNING
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fd614ac3/systests/webapps/cxfWebapp/src/main/webapp/WEB-INF/applicationContext.xml
----------------------------------------------------------------------
diff --git a/systests/webapps/cxfWebapp/src/main/webapp/WEB-INF/applicationContext.xml b/systests/webapps/cxfWebapp/src/main/webapp/WEB-INF/applicationContext.xml
index eea155c..7d277ae 100644
--- a/systests/webapps/cxfWebapp/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/systests/webapps/cxfWebapp/src/main/webapp/WEB-INF/applicationContext.xml
@@ -37,11 +37,11 @@
<import resource="classpath:META-INF/cxf/cxf.xml"/>
<import resource="cxf-service.xml"/>
- <cxf:bus>
+ <!--cxf:bus>
<cxf:features>
<cxf:logging/>
</cxf:features>
- </cxf:bus>
+ </cxf:bus-->
</beans>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fd614ac3/systests/webapps/cxfWebapp/src/main/webapp/WEB-INF/cxf-service.xml
----------------------------------------------------------------------
diff --git a/systests/webapps/cxfWebapp/src/main/webapp/WEB-INF/cxf-service.xml b/systests/webapps/cxfWebapp/src/main/webapp/WEB-INF/cxf-service.xml
index db04ac7..36e2aef 100644
--- a/systests/webapps/cxfWebapp/src/main/webapp/WEB-INF/cxf-service.xml
+++ b/systests/webapps/cxfWebapp/src/main/webapp/WEB-INF/cxf-service.xml
@@ -41,11 +41,11 @@
<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
- <cxf:bus>
+ <!--cxf:bus>
<cxf:features>
<cxf:logging/>
</cxf:features>
- </cxf:bus>
+ </cxf:bus-->
<bean id="serviceBean" class="org.apache.cxf.fediz.example.Service">
</bean>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fd614ac3/systests/webapps/simpleWebapp/src/main/resources/logging.properties
----------------------------------------------------------------------
diff --git a/systests/webapps/simpleWebapp/src/main/resources/logging.properties b/systests/webapps/simpleWebapp/src/main/resources/logging.properties
index c185d61..20617fe 100644
--- a/systests/webapps/simpleWebapp/src/main/resources/logging.properties
+++ b/systests/webapps/simpleWebapp/src/main/resources/logging.properties
@@ -38,7 +38,7 @@ java.util.logging.FileHandler.count = 1
java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter
# Limit the message that are printed on the console to WARNING and above.
-java.util.logging.ConsoleHandler.level = INFO
+java.util.logging.ConsoleHandler.level = WARNING
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fd614ac3/systests/webapps/spring2Webapp/src/main/resources/log4j.properties
----------------------------------------------------------------------
diff --git a/systests/webapps/spring2Webapp/src/main/resources/log4j.properties b/systests/webapps/spring2Webapp/src/main/resources/log4j.properties
index 6f4ce54..32d28b6 100644
--- a/systests/webapps/spring2Webapp/src/main/resources/log4j.properties
+++ b/systests/webapps/spring2Webapp/src/main/resources/log4j.properties
@@ -9,7 +9,7 @@ log4j.additivity.org.apache.cxf.fediz=false
# CONSOLE is set to be a ConsoleAppender using a PatternLayout.
log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
-log4j.appender.CONSOLE.Threshold=DEBUG
+log4j.appender.CONSOLE.Threshold=INFO
log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
log4j.appender.CONSOLE.layout.ConversionPattern=%d [%t] %-5p %c %x - %m%n
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fd614ac3/systests/webapps/spring2Webapp/src/main/resources/logging.properties
----------------------------------------------------------------------
diff --git a/systests/webapps/spring2Webapp/src/main/resources/logging.properties b/systests/webapps/spring2Webapp/src/main/resources/logging.properties
index f5849dc..f4974a3 100644
--- a/systests/webapps/spring2Webapp/src/main/resources/logging.properties
+++ b/systests/webapps/spring2Webapp/src/main/resources/logging.properties
@@ -24,7 +24,7 @@ handlers= java.util.logging.ConsoleHandler
# can be overridden by a facility specific level
# Note that the ConsoleHandler also has a separate level
# setting to limit messages printed to the console.
-.level= FINEST
+.level= INFO
############################################################
# Handler specific properties.
@@ -38,7 +38,7 @@ java.util.logging.FileHandler.count = 1
java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter
# Limit the message that are printed on the console to WARNING and above.
-java.util.logging.ConsoleHandler.level = FINEST
+java.util.logging.ConsoleHandler.level = WARNING
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fd614ac3/systests/webapps/springPreauthWebapp/src/main/resources/log4j.properties
----------------------------------------------------------------------
diff --git a/systests/webapps/springPreauthWebapp/src/main/resources/log4j.properties b/systests/webapps/springPreauthWebapp/src/main/resources/log4j.properties
index e2cc4b0..51ad7fb 100644
--- a/systests/webapps/springPreauthWebapp/src/main/resources/log4j.properties
+++ b/systests/webapps/springPreauthWebapp/src/main/resources/log4j.properties
@@ -1,13 +1,13 @@
# Set root category priority to INFO and its only appender to CONSOLE.
-#log4j.rootLogger=INFO, CONSOLE
-log4j.rootLogger=DEBUG, CONSOLE
+log4j.rootLogger=INFO, CONSOLE
+#log4j.rootLogger=DEBUG, CONSOLE
#log4j.logger.org.springframework=INFO, CONSOLE
#log4j.logger.org.springframework.security=DEBUG, CONSOLE,LOGFILE
#log4j.logger.org.apache.cxf.fediz=DEBUG, CONSOLE,LOGFILE
# CONSOLE is set to be a ConsoleAppender using a PatternLayout.
log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
-log4j.appender.CONSOLE.Threshold=DEBUG
+log4j.appender.CONSOLE.Threshold=WARNING
log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
log4j.appender.CONSOLE.layout.ConversionPattern=%d [%t] %-5p %c %x - %m%n
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/fd614ac3/systests/webapps/springWebapp/src/main/resources/logging.properties
----------------------------------------------------------------------
diff --git a/systests/webapps/springWebapp/src/main/resources/logging.properties b/systests/webapps/springWebapp/src/main/resources/logging.properties
index f5849dc..f4974a3 100644
--- a/systests/webapps/springWebapp/src/main/resources/logging.properties
+++ b/systests/webapps/springWebapp/src/main/resources/logging.properties
@@ -24,7 +24,7 @@ handlers= java.util.logging.ConsoleHandler
# can be overridden by a facility specific level
# Note that the ConsoleHandler also has a separate level
# setting to limit messages printed to the console.
-.level= FINEST
+.level= INFO
############################################################
# Handler specific properties.
@@ -38,7 +38,7 @@ java.util.logging.FileHandler.count = 1
java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter
# Limit the message that are printed on the console to WARNING and above.
-java.util.logging.ConsoleHandler.level = FINEST
+java.util.logging.ConsoleHandler.level = WARNING
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
[3/5] cxf-fediz git commit: [FEDIZ-112] Fixing Tomcat race condition
with saved request * Improving Tomcat plugin by using core handler (code
cleanup) * Renaming Tomcat plugin to tomcat7 plugin
Posted by jb...@apache.org.
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
----------------------------------------------------------------------
diff --git a/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java b/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
deleted file mode 100644
index daa7b84..0000000
--- a/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
+++ /dev/null
@@ -1,595 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.fediz.tomcat;
-
-import java.io.File;
-import java.io.IOException;
-import java.security.Principal;
-import java.security.cert.X509Certificate;
-import java.util.Collections;
-import java.util.Date;
-import java.util.List;
-import java.util.Map;
-
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.bind.JAXBException;
-
-import org.w3c.dom.Element;
-
-import org.apache.catalina.LifecycleException;
-import org.apache.catalina.Session;
-import org.apache.catalina.authenticator.Constants;
-import org.apache.catalina.authenticator.FormAuthenticator;
-import org.apache.catalina.authenticator.SavedRequest;
-import org.apache.catalina.connector.Request;
-import org.apache.catalina.connector.Response;
-import org.apache.catalina.deploy.LoginConfig;
-import org.apache.cxf.fediz.core.FederationConstants;
-import org.apache.cxf.fediz.core.RequestState;
-import org.apache.cxf.fediz.core.SAMLSSOConstants;
-import org.apache.cxf.fediz.core.config.FederationProtocol;
-import org.apache.cxf.fediz.core.config.FedizConfigurator;
-import org.apache.cxf.fediz.core.config.FedizContext;
-import org.apache.cxf.fediz.core.config.SAMLProtocol;
-import org.apache.cxf.fediz.core.exception.ProcessingException;
-import org.apache.cxf.fediz.core.handler.LogoutHandler;
-import org.apache.cxf.fediz.core.metadata.MetadataDocumentHandler;
-import org.apache.cxf.fediz.core.processor.FedizProcessor;
-import org.apache.cxf.fediz.core.processor.FedizProcessorFactory;
-import org.apache.cxf.fediz.core.processor.FedizRequest;
-import org.apache.cxf.fediz.core.processor.FedizResponse;
-import org.apache.cxf.fediz.core.processor.RedirectionResponse;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-
-public class FederationAuthenticator extends FormAuthenticator {
-
- public static final String FEDERATION_NOTE = "org.apache.cxf.fediz.tomcat.FEDERATION";
- public static final String REQUEST_STATE = "org.apache.cxf.fediz.REQUEST_STATE";
- public static final String SECURITY_TOKEN = "org.apache.fediz.SECURITY_TOKEN";
-
- /**
- * Descriptive information about this implementation.
- */
- protected static final String INFO = "org.apache.cxf.fediz.tomcat.WsFedAuthenticator/1.0";
- protected static final String TRUSTED_ISSUER = "org.apache.cxf.fediz.tomcat.TRUSTED_ISSUER";
-
- private static final Logger LOG = LoggerFactory.getLogger(FormAuthenticator.class);
-
- /**
- * Fediz Configuration file
- */
- protected String configFile;
- protected String encoding = "UTF-8";
-
- private FedizConfigurator configurator;
-
- public FederationAuthenticator() {
- LOG.debug("WsFedAuthenticator()");
- }
-
- /**
- * Return descriptive information about this Valve implementation.
- */
- @Override
- public String getInfo() {
- return INFO;
- }
-
- public String getConfigFile() {
- return configFile;
- }
-
- public void setConfigFile(String configFile) {
- this.configFile = configFile;
- }
-
- public String getEncoding() {
- return encoding;
- }
-
- public void setEncoding(String encoding) {
- this.encoding = encoding;
- }
-
- @Override
- protected synchronized void startInternal() throws LifecycleException {
-
- try {
- File f = new File(getConfigFile());
- if (!f.exists()) {
- String catalinaBase = System.getProperty("catalina.base");
- if (catalinaBase != null && catalinaBase.length() > 0) {
- f = new File(catalinaBase.concat(File.separator + getConfigFile()));
- }
- }
- configurator = new FedizConfigurator();
- configurator.loadConfig(f);
- LOG.debug("Fediz configuration read from " + f.getAbsolutePath());
- } catch (JAXBException e) {
- throw new LifecycleException("Failed to load Fediz configuration",
- e);
- }
- super.startInternal();
-
- }
-
- @Override
- protected synchronized void stopInternal() throws LifecycleException {
- if (configurator != null) {
- List<FedizContext> fedContextList = configurator.getFedizContextList();
- if (fedContextList != null) {
- for (FedizContext fedContext : fedContextList) {
- try {
- fedContext.close();
- } catch (IOException ex) {
- //
- }
- }
- }
- }
- super.stopInternal();
- }
-
- protected FedizContext getContextConfiguration(String contextName) {
- if (configurator == null) {
- throw new IllegalStateException("No Fediz configuration available");
- }
- FedizContext config = configurator.getFedizContext(contextName);
- if (config == null) {
- throw new IllegalStateException("No Fediz configuration for context :" + contextName);
- }
- String catalinaBase = System.getProperty("catalina.base");
- if (catalinaBase != null && catalinaBase.length() > 0) {
- config.setRelativePath(catalinaBase);
- }
- return config;
- }
-
- @Override
- public void invoke(Request request, Response response) throws IOException,
- ServletException {
-
- LOG.debug("WsFedAuthenticator:invoke()");
- request.setCharacterEncoding(this.encoding);
-
- String contextName = request.getServletContext().getContextPath();
- if (contextName == null || contextName.isEmpty()) {
- contextName = "/";
- }
- FedizContext fedConfig = getContextConfiguration(contextName);
- MetadataDocumentHandler mdHandler = new MetadataDocumentHandler(fedConfig);
- if (mdHandler.canHandleRequest(request)) {
- mdHandler.handleRequest(request, response);
- return;
- }
-
- LogoutHandler logoutHandler = new LogoutHandler(fedConfig, contextName);
- if (logoutHandler.canHandleRequest(request)) {
- Element token = (Element)request.getSession().getAttribute(SECURITY_TOKEN);
- logoutHandler.setToken(token);
-
- //TODO: Check if this internal session cleanup is really needed
- Session session = request.getSessionInternal();
- // Cleanup session
- if (session != null) {
- session.removeNote(FEDERATION_NOTE);
- session.setPrincipal(null);
- }
-
- logoutHandler.handleRequest(request, response);
-
- return;
- }
-
- super.invoke(request, response);
- }
-
-
- //TODO Fix checkstyle errors
- //CHECKSTYLE:OFF
- @Override
- public boolean authenticate(Request request, HttpServletResponse response,
- LoginConfig config) throws IOException {
-
- LOG.debug("authenticate invoked");
- // References to objects we will need later
- Session session = null;
-
- String contextName = request.getServletContext().getContextPath();
- if (contextName == null || contextName.isEmpty()) {
- contextName = "/";
- }
- FedizContext fedConfig = getContextConfiguration(contextName);
-
- // Have we already authenticated someone?
- Principal principal = request.getUserPrincipal();
- // String ssoId = (String) request.getNote(Constants.REQ_SSOID_NOTE);
- if (principal != null) {
- LOG.debug("Already authenticated '{}'", principal.getName());
-
- // Associate the session with any existing SSO session
- /*
- * if (ssoId != null) associate(ssoId,
- * request.getSessionInternal(true));
- */
-
- if (fedConfig.isDetectExpiredTokens()) {
- // Check whether security token still valid
- return validateToken(request, response, fedConfig);
- } else {
- LOG.debug("Token expiration not validated.");
- return true;
- }
- }
-
- // Is this the re-submit of the original request URI after successful
- // authentication? If so, forward the *original* request instead.
- if (matchRequest(request)) {
- session = request.getSessionInternal(true);
- LOG.debug("Restore request from session '{}'", session.getIdInternal());
-
- // Get principal from session, register, and then remove it
- principal = (Principal)session.getNote(Constants.FORM_PRINCIPAL_NOTE);
- register(request, response, principal,
- FederationConstants.WSFED_METHOD, null, null);
- request.removeNote(Constants.FORM_PRINCIPAL_NOTE);
-
- if (restoreRequest(request, session)) {
- LOG.debug("Proceed to restored request");
- return true;
- } else {
- // TODO Is a authentication failed result realy needed if no initial request can be restored?
- LOG.warn("Restore of original request failed");
- response.sendError(HttpServletResponse.SC_BAD_REQUEST);
- return false;
- }
- }
-
- // Acquire references to objects we will need to evaluate
- /*
- * MessageBytes uriMB = MessageBytes.newInstance(); CharChunk uriCC =
- * uriMB.getCharChunk(); uriCC.setLimit(-1);
- */
- String requestURI = request.getDecodedRequestURI();
-
- if (isSignInRequired(request, fedConfig)) {
- // Unauthenticated -> redirect
- session = request.getSessionInternal(true);
- if (LOG.isDebugEnabled()) {
- LOG.debug("Save request in session '" + session.getIdInternal() + "'");
- }
- try {
- saveRequest(request, session);
- } catch (IOException ioe) {
- LOG.debug("Request body too big to save during authentication");
- response.sendError(HttpServletResponse.SC_FORBIDDEN,
- sm.getString("authenticator.requestBodyTooBig"));
- return false;
- }
-
- FedizProcessor wfProc =
- FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
- signInRedirectToIssuer(request, response, wfProc);
- return false;
- }
-
- // Check whether it is the signin request, validate the token.
- // If failed, redirect to the error page if they are not correct
- FedizResponse wfRes = null;
- String action = request.getParameter(FederationConstants.PARAM_ACTION);
- String responseToken = getResponseToken(request, fedConfig);
-
- // Handle a request for authentication.
- if (isSignInRequest(request, fedConfig)) {
- if (LOG.isDebugEnabled()) {
- LOG.debug("SignIn request found");
- LOG.debug("SignIn action...");
- }
-
- if (responseToken == null) {
- LOG.debug("SignIn request must contain a response token from the IdP");
- response.sendError(HttpServletResponse.SC_BAD_REQUEST);
- return false;
- } else {
- request.getResponse().sendAcknowledgement();
- // processSignInRequest
- LOG.debug("Process SignIn request");
- LOG.debug("token=\n{}", responseToken);
-
- session = request.getSessionInternal();
- RequestState requestState = (RequestState)session.getNote(REQUEST_STATE);
-
- FedizRequest wfReq = new FedizRequest();
- wfReq.setAction(action);
- wfReq.setResponseToken(responseToken);
- wfReq.setState(request.getParameter("RelayState"));
- wfReq.setRequest(request);
- wfReq.setRequestState(requestState);
-
- X509Certificate certs[] = (X509Certificate[])request
- .getAttribute("javax.servlet.request.X509Certificate");
- wfReq.setCerts(certs);
-
- FedizProcessor wfProc = FedizProcessorFactory
- .newFedizProcessor(fedConfig.getProtocol());
- try {
- wfRes = wfProc.processRequest(wfReq, fedConfig);
- } catch (ProcessingException ex) {
- LOG.error("Federation processing failed: " + ex.getMessage());
- response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
- return false;
- }
-
- // Validate the AudienceRestriction in Security Token (e.g. SAML)
- // against the configured list of audienceURIs
- if (wfRes.getAudience() != null) {
- List<String> audienceURIs = fedConfig.getAudienceUris();
- boolean validAudience = false;
- for (String a : audienceURIs) {
- if (wfRes.getAudience().startsWith(a)) {
- validAudience = true;
- break;
- }
- }
-
- if (!validAudience) {
- LOG.warn("Token AudienceRestriction [" + wfRes.getAudience()
- + "] doesn't match with specified list of URIs.");
- response.sendError(HttpServletResponse.SC_FORBIDDEN);
- return false;
- }
-
- if (LOG.isDebugEnabled() && request.getRequestURL().indexOf(wfRes.getAudience()) == -1) {
- LOG.debug("Token AudienceRestriction doesn't match with request URL ["
- + wfRes.getAudience() + "] ["
- + request.getRequestURL() + "]");
- }
- }
-
- List<String> roles = wfRes.getRoles();
- if (roles == null || roles.size() == 0) {
- roles = Collections.singletonList("Authenticated");
- }
-
- principal = new FederationPrincipalImpl(wfRes.getUsername(), roles,
- wfRes.getClaims(), wfRes.getToken());
- }
- } else if (action != null) {
- LOG.error("SignIn parameter not supported: " + action);
- response.sendError(HttpServletResponse.SC_BAD_REQUEST);
- return false;
- }
-
- /*
- * Realm realm = context.getRealm(); if (characterEncoding != null) {
- * request.setCharacterEncoding(characterEncoding);
- *
- * String username = request.getParameter(Constants.FORM_USERNAME);
- * String password = request.getParameter(Constants.FORM_PASSWORD); if
- * (log.isDebugEnabled()) log.debug("Authenticating username '" +
- * username + "'"); principal = realm.authenticate(username, password);
- */
-
- if (LOG.isDebugEnabled()) {
- LOG.debug("Authentication of '" + principal + "' was successful");
- }
- // context.addServletContainerInitializer(sci, classes)
- // session.addSessionListener(listener)
- // HttpSessionAttributeListener
-
- if (session == null) {
- containerLog.debug("User took so long to log on the session expired");
- if (landingPage == null) {
- response.sendError(HttpServletResponse.SC_REQUEST_TIMEOUT,
- sm.getString("authenticator.sessionExpired"));
- } else {
- // Make the authenticator think the user originally requested
- // the landing page
- String uri = request.getContextPath() + landingPage;
- SavedRequest saved = new SavedRequest();
- saved.setMethod("GET");
- saved.setRequestURI(uri);
- request.getSessionInternal(true).setNote(Constants.FORM_REQUEST_NOTE, saved);
- response.sendRedirect(response.encodeRedirectURL(uri));
- }
- return false;
- }
-
- // Save the authenticated Principal in our session
- session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal);
-
- // Save Federation response in our session
- session.setNote(FEDERATION_NOTE, wfRes);
-
- // Save Federation response in public session
- request.getSession(true).setAttribute(SECURITY_TOKEN, wfRes.getToken());
-
- // Remove RequestState
- request.removeNote(REQUEST_STATE);
-
- /*
- * // Save the username and password as well
- * session.setNote(Constants.SESS_USERNAME_NOTE, username);
- * session.setNote(Constants.SESS_PASSWORD_NOTE, password);
- */
- // Redirect the user to the original request URI (which will cause
- // the original request to be restored)
- requestURI = savedRequestURL(session);
- LOG.debug("Redirecting to original '{}", requestURI);
- if (requestURI == null) {
- if (landingPage == null) {
- response.sendError(HttpServletResponse.SC_BAD_REQUEST,
- sm.getString("authenticator.formlogin"));
- } else {
- // Make the authenticator think the user originally requested
- // the landing page
- String uri = request.getContextPath() + landingPage;
- SavedRequest saved = new SavedRequest();
- saved.setMethod("GET");
- saved.setRequestURI(uri);
- session.setNote(Constants.FORM_REQUEST_NOTE, saved);
-
- response.sendRedirect(response.encodeRedirectURL(uri));
- }
- } else {
- response.sendRedirect(response.encodeRedirectURL(requestURI));
- }
- return false;
- }
-
- protected boolean validateToken(Request request, HttpServletResponse response, FedizContext fedConfig)
- throws IOException {
- Session session;
- session = request.getSessionInternal();
- if (session != null) {
-
- FedizResponse wfRes = (FedizResponse)session.getNote(FEDERATION_NOTE);
- Date tokenExpires = wfRes.getTokenExpires();
- if (tokenExpires == null) {
- LOG.debug("Token doesn't expire");
- return true;
- }
-
- Date currentTime = new Date();
- if (!currentTime.after(wfRes.getTokenExpires())){
- return true;
- } else {
- LOG.warn("Token already expired. Clean up and redirect");
-
- session.removeNote(FEDERATION_NOTE);
- session.setPrincipal(null);
- request.getSession().removeAttribute(SECURITY_TOKEN);
-
- LOG.debug("Save request in session '{}'", session.getIdInternal());
- try {
- saveRequest(request, session);
- } catch (IOException ioe) {
- LOG.debug("Request body too big to save during authentication");
- response.sendError(HttpServletResponse.SC_FORBIDDEN,
- sm.getString("authenticator.requestBodyTooBig"));
- return false;
- }
-
- FedizProcessor wfProc = FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
- signInRedirectToIssuer(request, response, wfProc);
- }
- } else {
- LOG.debug("Session should not be null after authentication");
- }
- return false;
- }
-
- private boolean isSignInRequired(Request request, FedizContext fedConfig) {
- if (fedConfig.getProtocol() instanceof FederationProtocol
- && request.getParameter(FederationConstants.PARAM_ACTION) == null) {
- return true;
- } else if (fedConfig.getProtocol() instanceof SAMLProtocol
- && request.getParameter(SAMLSSOConstants.RELAY_STATE) == null) {
- return true;
- }
-
- return false;
- }
-
- private boolean isSignInRequest(Request request, FedizContext fedConfig) {
- if (fedConfig.getProtocol() instanceof FederationProtocol
- && FederationConstants.ACTION_SIGNIN.equals(
- request.getParameter(FederationConstants.PARAM_ACTION))) {
- return true;
- } else if (fedConfig.getProtocol() instanceof SAMLProtocol
- && request.getParameter(SAMLSSOConstants.RELAY_STATE) != null) {
- return true;
- }
-
- return false;
- }
-
- private String getResponseToken(ServletRequest request, FedizContext fedConfig) {
- if (fedConfig.getProtocol() instanceof FederationProtocol) {
- return request.getParameter(FederationConstants.PARAM_RESULT);
- } else if (fedConfig.getProtocol() instanceof SAMLProtocol) {
- return request.getParameter(SAMLSSOConstants.SAML_RESPONSE);
- }
-
- return null;
- }
-
- @Override
- protected String getAuthMethod() {
- return FederationConstants.WSFED_METHOD;
- }
-
- /**
- * Called to redirect to the IDP/Issuer
- *
- * @param request
- * Request we are processing
- * @param response
- * Response we are populating
- * @param processor
- * FederationProcessor
- * @throws IOException
- * If the forward to the login page fails and the call to
- * {@link HttpServletResponse#sendError(int, String)} throws an
- * {@link IOException}
- */
- protected void signInRedirectToIssuer(Request request, HttpServletResponse response, FedizProcessor processor)
- throws IOException {
-
- String contextName = request.getServletContext().getContextPath();
- if (contextName == null || contextName.isEmpty()) {
- contextName = "/";
- }
- FedizContext fedCtx = this.configurator.getFedizContext(contextName);
- try {
- RedirectionResponse redirectionResponse = processor.createSignInRequest(request, fedCtx);
- String redirectURL = redirectionResponse.getRedirectionURL();
- if (redirectURL != null) {
- Map<String, String> headers = redirectionResponse.getHeaders();
- if (!headers.isEmpty()) {
- for (String headerName : headers.keySet()) {
- response.addHeader(headerName, headers.get(headerName));
- }
- }
-
- // Save Federation response in our session
- RequestState requestState = redirectionResponse.getRequestState();
- if (requestState != null) {
- Session session = request.getSessionInternal();
- session.setNote(REQUEST_STATE, requestState);
- }
-
- response.sendRedirect(redirectURL);
- } else {
- LOG.warn("Failed to create SignInRequest.");
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to create SignInRequest.");
- }
- } catch (ProcessingException ex) {
- LOG.warn("Failed to create SignInRequest: {}", ex.getMessage());
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to create SignInRequest.");
- }
- }
-
-
-}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationPrincipalImpl.java
----------------------------------------------------------------------
diff --git a/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationPrincipalImpl.java b/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationPrincipalImpl.java
deleted file mode 100644
index 5739b19..0000000
--- a/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationPrincipalImpl.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.fediz.tomcat;
-
-import java.util.List;
-
-import org.w3c.dom.Element;
-import org.apache.catalina.realm.GenericPrincipal;
-import org.apache.cxf.fediz.core.Claim;
-import org.apache.cxf.fediz.core.ClaimCollection;
-import org.apache.cxf.fediz.core.FederationPrincipal;
-
-@SuppressWarnings("deprecation")
-public class FederationPrincipalImpl extends GenericPrincipal implements FederationPrincipal {
-
- protected ClaimCollection claims;
- protected Element loginToken;
-
- public FederationPrincipalImpl(String username, List<String> roles,
- List<Claim> claims, Element loginToken) {
- super(username, null, roles);
- this.claims = new ClaimCollection(claims);
- this.loginToken = loginToken;
- }
-
- public ClaimCollection getClaims() {
- return this.claims;
- }
-
- @Override
- public Element getLoginToken() {
- return loginToken;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/plugins/tomcat/src/test/resources/logging.properties
----------------------------------------------------------------------
diff --git a/plugins/tomcat/src/test/resources/logging.properties b/plugins/tomcat/src/test/resources/logging.properties
deleted file mode 100644
index 74567e5..0000000
--- a/plugins/tomcat/src/test/resources/logging.properties
+++ /dev/null
@@ -1,52 +0,0 @@
-############################################################
-# Default Logging Configuration File
-#
-# You can use a different file by specifying a filename
-# with the java.util.logging.config.file system property.
-# For example java -Djava.util.logging.config.file=myfile
-############################################################
-
-############################################################
-# Global properties
-############################################################
-
-# "handlers" specifies a comma separated list of log Handler
-# classes. These handlers will be installed during VM startup.
-# Note that these classes must be on the system classpath.
-# By default we only configure a ConsoleHandler, which will only
-# show messages at the WARNING and above levels.
-#handlers= java.util.logging.ConsoleHandler
-#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler
-
-# Default global logging level.
-# This specifies which kinds of events are logged across
-# all loggers. For any given facility this global level
-# can be overridden by a facility specific level
-# Note that the ConsoleHandler also has a separate level
-# setting to limit messages printed to the console.
-.level= INFO
-
-############################################################
-# Handler specific properties.
-# Describes specific configuration info for Handlers.
-############################################################
-
-# default file output is in user's home directory.
-java.util.logging.FileHandler.pattern = %h/java%u.log
-java.util.logging.FileHandler.limit = 50000
-java.util.logging.FileHandler.count = 1
-java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter
-
-# Limit the message that are printed on the console to WARNING and above.
-java.util.logging.ConsoleHandler.level = INFO
-java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
-
-
-############################################################
-# Facility specific properties.
-# Provides extra control for each logger.
-############################################################
-
-# For example, set the com.xyz.foo logger to only log SEVERE
-# messages:
-#com.xyz.foo.level = SEVERE
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/plugins/tomcat7/README.txt
----------------------------------------------------------------------
diff --git a/plugins/tomcat7/README.txt b/plugins/tomcat7/README.txt
new file mode 100644
index 0000000..94565bb
--- /dev/null
+++ b/plugins/tomcat7/README.txt
@@ -0,0 +1,10 @@
+Fediz configuration in Tomcat
+-----------------------------
+
+The Tomcat installation must be updated before a Web Application can be deployed.
+
+The following wiki page gives instructions how to do that:
+http://cxf.apache.org/fediz-tomcat.html
+
+The following wiki page explains the fediz configuration which is Container independent:
+http://cxf.apache.org/fediz-configuration.html
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/plugins/tomcat7/pom.xml
----------------------------------------------------------------------
diff --git a/plugins/tomcat7/pom.xml b/plugins/tomcat7/pom.xml
new file mode 100644
index 0000000..eda6300
--- /dev/null
+++ b/plugins/tomcat7/pom.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache.cxf.fediz</groupId>
+ <artifactId>plugin</artifactId>
+ <version>1.2.0-SNAPSHOT</version>
+ <relativePath>../pom.xml</relativePath>
+ </parent>
+ <artifactId>fediz-tomcat7</artifactId>
+ <name>Apache Fediz Plugin Tomcat</name>
+ <packaging>jar</packaging>
+ <properties>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ </properties>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.tomcat</groupId>
+ <artifactId>tomcat-catalina</artifactId>
+ <version>${tomcat.version}</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>${junit.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf.fediz</groupId>
+ <artifactId>fediz-core</artifactId>
+ <version>${project.version}</version>
+ <type>jar</type>
+ <scope>compile</scope>
+ </dependency>
+ </dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>zip-file</id>
+ <phase>package</phase>
+ <goals>
+ <goal>attached</goal>
+ </goals>
+ <configuration>
+ <descriptors>
+ <descriptor>src/main/assembly/assembly.xml</descriptor>
+ </descriptors>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+</project>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/plugins/tomcat7/src/main/assembly/assembly.xml
----------------------------------------------------------------------
diff --git a/plugins/tomcat7/src/main/assembly/assembly.xml b/plugins/tomcat7/src/main/assembly/assembly.xml
new file mode 100644
index 0000000..fb0d6aa
--- /dev/null
+++ b/plugins/tomcat7/src/main/assembly/assembly.xml
@@ -0,0 +1,18 @@
+<assembly xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0
+http://maven.apache.org/xsd/assembly-1.1.0.xsd">
+ <id>zip-with-dependencies</id>
+ <formats>
+ <format>zip</format>
+ </formats>
+ <includeBaseDirectory>false</includeBaseDirectory>
+ <dependencySets>
+ <dependencySet>
+ <outputDirectory>/</outputDirectory>
+ <useProjectArtifact>true</useProjectArtifact>
+ <unpack>false</unpack>
+ <scope>runtime</scope>
+ </dependencySet>
+ </dependencySets>
+</assembly>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
----------------------------------------------------------------------
diff --git a/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java b/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
new file mode 100644
index 0000000..c4333b5
--- /dev/null
+++ b/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
@@ -0,0 +1,434 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.tomcat;
+
+import java.io.File;
+import java.io.IOException;
+import java.security.Principal;
+import java.util.Date;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.bind.JAXBException;
+
+import org.w3c.dom.Element;
+
+import org.apache.catalina.LifecycleException;
+import org.apache.catalina.Session;
+import org.apache.catalina.authenticator.Constants;
+import org.apache.catalina.authenticator.FormAuthenticator;
+import org.apache.catalina.authenticator.SavedRequest;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.catalina.deploy.LoginConfig;
+import org.apache.cxf.fediz.core.FederationConstants;
+import org.apache.cxf.fediz.core.FedizPrincipal;
+import org.apache.cxf.fediz.core.config.FedizConfigurator;
+import org.apache.cxf.fediz.core.config.FedizContext;
+import org.apache.cxf.fediz.core.exception.ProcessingException;
+import org.apache.cxf.fediz.core.handler.LogoutHandler;
+import org.apache.cxf.fediz.core.metadata.MetadataDocumentHandler;
+import org.apache.cxf.fediz.core.processor.FedizProcessor;
+import org.apache.cxf.fediz.core.processor.FedizProcessorFactory;
+import org.apache.cxf.fediz.core.processor.FedizResponse;
+import org.apache.cxf.fediz.core.processor.RedirectionResponse;
+import org.apache.cxf.fediz.tomcat.handler.TomcatLogoutHandler;
+import org.apache.cxf.fediz.tomcat.handler.TomcatSigninHandler;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class FederationAuthenticator extends FormAuthenticator {
+
+ public static final String SESSION_SAVED_REQUEST_PREFIX = "SAVED_REQUEST_";
+ public static final String SESSION_SAVED_URI_PREFIX = "SAVED_URI_";
+ public static final String FEDERATION_NOTE = "org.apache.cxf.fediz.tomcat.FEDERATION";
+ public static final String REQUEST_STATE = "org.apache.cxf.fediz.REQUEST_STATE";
+ public static final String SECURITY_TOKEN = "org.apache.fediz.SECURITY_TOKEN";
+
+ /**
+ * Descriptive information about this implementation.
+ */
+ protected static final String INFO = "org.apache.cxf.fediz.tomcat.WsFedAuthenticator/1.0";
+ protected static final String TRUSTED_ISSUER = "org.apache.cxf.fediz.tomcat.TRUSTED_ISSUER";
+
+ private static final Logger LOG = LoggerFactory.getLogger(FormAuthenticator.class);
+
+ /**
+ * Fediz Configuration file
+ */
+ protected String configFile;
+ protected String encoding = "UTF-8";
+
+ private FedizConfigurator configurator;
+
+ public FederationAuthenticator() {
+ LOG.debug("WsFedAuthenticator()");
+ }
+
+ /**
+ * Return descriptive information about this Valve implementation.
+ */
+ @Override
+ public String getInfo() {
+ return INFO;
+ }
+
+ public String getConfigFile() {
+ return configFile;
+ }
+
+ public void setConfigFile(String configFile) {
+ this.configFile = configFile;
+ }
+
+ public String getEncoding() {
+ return encoding;
+ }
+
+ public void setEncoding(String encoding) {
+ this.encoding = encoding;
+ }
+
+ @Override
+ protected synchronized void startInternal() throws LifecycleException {
+
+ try {
+ File f = new File(getConfigFile());
+ if (!f.exists()) {
+ String catalinaBase = System.getProperty("catalina.base");
+ if (catalinaBase != null && catalinaBase.length() > 0) {
+ f = new File(catalinaBase.concat(File.separator + getConfigFile()));
+ }
+ }
+ configurator = new FedizConfigurator();
+ configurator.loadConfig(f);
+ LOG.debug("Fediz configuration read from " + f.getAbsolutePath());
+ } catch (JAXBException e) {
+ throw new LifecycleException("Failed to load Fediz configuration", e);
+ }
+ super.startInternal();
+
+ }
+
+ @Override
+ protected synchronized void stopInternal() throws LifecycleException {
+ if (configurator != null) {
+ List<FedizContext> fedContextList = configurator.getFedizContextList();
+ if (fedContextList != null) {
+ for (FedizContext fedContext : fedContextList) {
+ try {
+ fedContext.close();
+ } catch (IOException ex) {
+ //
+ }
+ }
+ }
+ }
+ super.stopInternal();
+ }
+
+ protected FedizContext getContextConfiguration(String contextName) {
+ if (configurator == null) {
+ throw new IllegalStateException("No Fediz configuration available");
+ }
+ FedizContext config = configurator.getFedizContext(contextName);
+ if (config == null) {
+ throw new IllegalStateException("No Fediz configuration for context :" + contextName);
+ }
+ String catalinaBase = System.getProperty("catalina.base");
+ if (catalinaBase != null && catalinaBase.length() > 0) {
+ config.setRelativePath(catalinaBase);
+ }
+ return config;
+ }
+
+ @Override
+ public void invoke(final Request request, final Response response) throws IOException, ServletException {
+
+ LOG.debug("WsFedAuthenticator:invoke()");
+ request.setCharacterEncoding(this.encoding);
+
+ String contextName = request.getServletContext().getContextPath();
+ if (contextName == null || contextName.isEmpty()) {
+ contextName = "/";
+ }
+ FedizContext fedConfig = getContextConfiguration(contextName);
+
+ MetadataDocumentHandler mdHandler = new MetadataDocumentHandler(fedConfig);
+ if (mdHandler.canHandleRequest(request)) {
+ mdHandler.handleRequest(request, response);
+ return;
+ }
+
+ LogoutHandler logoutHandler = new TomcatLogoutHandler(fedConfig, contextName, request);
+ if (logoutHandler.canHandleRequest(request)) {
+ Element token = (Element)request.getSession().getAttribute(SECURITY_TOKEN);
+ logoutHandler.setToken(token);
+ logoutHandler.handleRequest(request, response);
+ return;
+ }
+
+ super.invoke(request, response);
+ }
+
+ @Override
+ public boolean authenticate(Request request, HttpServletResponse response,
+ LoginConfig config) throws IOException {
+
+ LOG.debug("authenticate invoked");
+
+ String contextName = request.getServletContext().getContextPath();
+ if (contextName == null || contextName.isEmpty()) {
+ contextName = "/";
+ }
+ LOG.debug("reading configuration for context path: {}", contextName);
+ FedizContext fedCtx = getContextConfiguration(contextName);
+
+ // Handle Signin requests
+ TomcatSigninHandler signinHandler = new TomcatSigninHandler(fedCtx);
+ signinHandler.setLandingPage(landingPage);
+ if (signinHandler.canHandleRequest(request)) {
+ FedizPrincipal principal = signinHandler.handleRequest(request, response);
+ if (principal != null) {
+ LOG.debug("Authentication of '{}' was successful", principal);
+ resumeRequest(request, response);
+ } else {
+ response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+ }
+ // The actual login will take place after redirect
+ return false;
+ }
+
+ // Is this the re-submit of the original request URI after successful
+ // authentication? If so, forward the *original* request instead.
+ if (matchRequest(request)) {
+ return restoreRequest(request, response);
+ }
+
+ // Check if user was authenticated previously and token is still valid
+ if (checkUserAuthentication(request, response, fedCtx)) {
+ return true;
+ }
+
+ LOG.info("No valid principal found in existing session. Redirecting to IDP");
+ redirectToIdp(request, response, fedCtx);
+ return false;
+ }
+
+ protected void resumeRequest(HttpServletRequest request, HttpServletResponse response) {
+ String originalURL = null;
+ String contextId = request.getParameter(FederationConstants.PARAM_CONTEXT);
+ if (contextId != null) {
+ Session session = ((Request)request).getSessionInternal();
+ originalURL = (String)session.getNote(FederationAuthenticator.SESSION_SAVED_URI_PREFIX + contextId);
+ session.removeNote(FederationAuthenticator.SESSION_SAVED_URI_PREFIX + contextId); // Cleanup session
+
+ } else {
+ LOG.warn("The 'wctx' parameter has not been provided back with signin request. "
+ + "Trying to resume now with singin URL (without parameters)");
+ originalURL = request.getRequestURI();
+ }
+ try {
+ if (originalURL != null) {
+ LOG.debug("Restore request to {}", originalURL);
+ response.sendRedirect(response.encodeRedirectURL(originalURL));
+ } else {
+ LOG.debug("User took so long to log on the session expired");
+ if (landingPage == null) {
+ response.sendError(HttpServletResponse.SC_REQUEST_TIMEOUT, sm
+ .getString("authenticator.sessionExpired"));
+ } else {
+ // Redirect to landing page
+ String uri = request.getContextPath() + landingPage;
+ response.sendRedirect(response.encodeRedirectURL(uri));
+ }
+ }
+ } catch (IOException e) {
+ LOG.error("Cannot resume with request.", e.getMessage());
+ }
+ }
+
+ protected boolean restoreRequest(Request request, HttpServletResponse response) throws IOException {
+
+ Session session = request.getSessionInternal();
+ LOG.debug("Restore request from session '{}'", session.getIdInternal());
+
+ // Get principal from session, register, and then remove it
+ Principal principal = (Principal)session.getNote(Constants.FORM_PRINCIPAL_NOTE);
+ register(request, response, principal, FederationConstants.WSFED_METHOD, null, null);
+ request.removeNote(Constants.FORM_PRINCIPAL_NOTE);
+
+ if (restoreRequest(request)) {
+ LOG.debug("Proceed to restored request");
+ return true;
+ } else {
+ LOG.warn("Restore of original request failed");
+ response.sendError(HttpServletResponse.SC_BAD_REQUEST);
+ return false;
+ }
+ }
+
+ protected void redirectToIdp(Request request, HttpServletResponse response, FedizContext fedCtx)
+ throws IOException {
+
+ FedizProcessor processor = FedizProcessorFactory.newFedizProcessor(fedCtx.getProtocol());
+ try {
+ RedirectionResponse redirectionResponse = processor.createSignInRequest(request, fedCtx);
+ String redirectURL = redirectionResponse.getRedirectionURL();
+ if (redirectURL != null) {
+ Map<String, String> headers = redirectionResponse.getHeaders();
+ if (!headers.isEmpty()) {
+ for (String headerName : headers.keySet()) {
+ response.addHeader(headerName, headers.get(headerName));
+ }
+ }
+
+ // Save original request in our session
+ try {
+ saveRequest(request, redirectionResponse.getRequestState().getState());
+ } catch (IOException ioe) {
+ LOG.debug("Request body too big to save during authentication");
+ response.sendError(HttpServletResponse.SC_FORBIDDEN, sm
+ .getString("authenticator.requestBodyTooBig"));
+ }
+
+ response.sendRedirect(redirectURL);
+ } else {
+ LOG.warn("Failed to create SignInRequest.");
+ response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to create SignInRequest.");
+ }
+ } catch (ProcessingException ex) {
+ LOG.warn("Failed to create SignInRequest: {}", ex.getMessage());
+ response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to create SignInRequest.");
+ }
+ }
+
+ @Override
+ protected boolean matchRequest(Request request) {
+ Session session = request.getSessionInternal(false);
+ String uri = request.getDecodedRequestURI();
+ if (session != null && uri != null) {
+ SavedRequest saved = (SavedRequest) session.getNote(SESSION_SAVED_REQUEST_PREFIX + uri);
+ if (saved != null) {
+ synchronized (session) {
+ session.setNote(Constants.FORM_REQUEST_NOTE, saved);
+ return super.matchRequest(request);
+ }
+ }
+ }
+ return false;
+ }
+
+ protected void saveRequest(Request request, String contextId) throws IOException {
+ String uri = request.getDecodedRequestURI();
+ Session session = request.getSessionInternal(true);
+ LOG.debug("Save request in session '{}'", session.getIdInternal());
+ if (session != null && uri != null) {
+ SavedRequest saved;
+ synchronized (session) {
+ super.saveRequest(request, session);
+ saved = (SavedRequest) session.getNote(Constants.FORM_REQUEST_NOTE);
+ }
+ session.setNote(SESSION_SAVED_REQUEST_PREFIX + uri, saved);
+ StringBuilder sb = new StringBuilder(saved.getRequestURI());
+ if (saved.getQueryString() != null) {
+ sb.append('?');
+ sb.append(saved.getQueryString());
+ }
+ session.setNote(SESSION_SAVED_URI_PREFIX + contextId, sb.toString());
+ }
+ }
+
+ protected boolean restoreRequest(Request request) throws IOException {
+ Session session = request.getSessionInternal(false);
+ String uri = request.getDecodedRequestURI();
+ if (session != null && uri != null) {
+ SavedRequest saved = (SavedRequest)session.getNote(SESSION_SAVED_REQUEST_PREFIX + uri);
+ if (saved != null) {
+ session.removeNote(SESSION_SAVED_REQUEST_PREFIX + uri); // cleanup session
+ synchronized (session) {
+ session.setNote(Constants.FORM_REQUEST_NOTE, saved);
+ return super.restoreRequest(request, session);
+ }
+ }
+ }
+ return false;
+ }
+
+ protected boolean checkUserAuthentication(Request request, HttpServletResponse response, FedizContext fedCtx) {
+ // Have we already authenticated someone?
+ Principal principal = request.getUserPrincipal();
+ // String ssoId = (String) request.getNote(Constants.REQ_SSOID_NOTE);
+ if (principal != null) {
+ LOG.debug("Already authenticated '{}'", principal.getName());
+
+ // Associate the session with any existing SSO session
+ /*
+ * if (ssoId != null) associate(ssoId, request.getSessionInternal(true));
+ */
+
+ if (fedCtx.isDetectExpiredTokens()) {
+ // Check whether security token still valid
+ return validateToken(request, response, fedCtx);
+ } else {
+ LOG.debug("Token expiration not validated.");
+ return true;
+ }
+ }
+ return false;
+ }
+
+ protected boolean validateToken(Request request, HttpServletResponse response, FedizContext fedConfig) {
+ Session session;
+ session = request.getSessionInternal();
+ if (session != null) {
+
+ FedizResponse wfRes = (FedizResponse)session.getNote(FEDERATION_NOTE);
+ Date tokenExpires = wfRes.getTokenExpires();
+ if (tokenExpires == null) {
+ LOG.debug("Token doesn't expire");
+ return true;
+ }
+
+ Date currentTime = new Date();
+ if (!currentTime.after(wfRes.getTokenExpires())) {
+ return true;
+ } else {
+ LOG.warn("Token already expired. Clean up and redirect");
+
+ session.removeNote(FEDERATION_NOTE);
+ session.setPrincipal(null);
+ request.getSession().removeAttribute(SECURITY_TOKEN);
+ }
+ } else {
+ LOG.debug("Session should not be null after authentication");
+ }
+ return false;
+ }
+
+ @Override
+ protected String getAuthMethod() {
+ return FederationConstants.WSFED_METHOD;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat/FederationPrincipalImpl.java
----------------------------------------------------------------------
diff --git a/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat/FederationPrincipalImpl.java b/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat/FederationPrincipalImpl.java
new file mode 100644
index 0000000..5739b19
--- /dev/null
+++ b/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat/FederationPrincipalImpl.java
@@ -0,0 +1,52 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.tomcat;
+
+import java.util.List;
+
+import org.w3c.dom.Element;
+import org.apache.catalina.realm.GenericPrincipal;
+import org.apache.cxf.fediz.core.Claim;
+import org.apache.cxf.fediz.core.ClaimCollection;
+import org.apache.cxf.fediz.core.FederationPrincipal;
+
+@SuppressWarnings("deprecation")
+public class FederationPrincipalImpl extends GenericPrincipal implements FederationPrincipal {
+
+ protected ClaimCollection claims;
+ protected Element loginToken;
+
+ public FederationPrincipalImpl(String username, List<String> roles,
+ List<Claim> claims, Element loginToken) {
+ super(username, null, roles);
+ this.claims = new ClaimCollection(claims);
+ this.loginToken = loginToken;
+ }
+
+ public ClaimCollection getClaims() {
+ return this.claims;
+ }
+
+ @Override
+ public Element getLoginToken() {
+ return loginToken;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat/handler/TomcatLogoutHandler.java
----------------------------------------------------------------------
diff --git a/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat/handler/TomcatLogoutHandler.java b/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat/handler/TomcatLogoutHandler.java
new file mode 100644
index 0000000..fe39482
--- /dev/null
+++ b/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat/handler/TomcatLogoutHandler.java
@@ -0,0 +1,58 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.tomcat.handler;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.catalina.Session;
+import org.apache.catalina.connector.Request;
+import org.apache.cxf.fediz.core.config.FedizContext;
+import org.apache.cxf.fediz.core.handler.LogoutHandler;
+import org.apache.cxf.fediz.tomcat.FederationAuthenticator;
+
+public class TomcatLogoutHandler extends LogoutHandler {
+ private final Request request;
+
+ public TomcatLogoutHandler(FedizContext fedConfig, String servletContextPath, Request request) {
+ super(fedConfig, servletContextPath);
+ this.request = request;
+ }
+
+ @Override
+ protected boolean signoutCleanup(HttpServletRequest req, HttpServletResponse resp) {
+ // Cleanup session internal
+ Session session = request.getSessionInternal();
+ session.removeNote(FederationAuthenticator.FEDERATION_NOTE);
+ session.setPrincipal(null);
+ super.signoutCleanup(req, resp);
+ request.clearCookies();
+ return true;
+ }
+
+ @Override
+ protected boolean signout(HttpServletRequest req, HttpServletResponse resp) {
+ // Direct Logout
+ Session session = request.getSessionInternal();
+ session.removeNote(FederationAuthenticator.FEDERATION_NOTE);
+ session.setPrincipal(null);
+ return super.signout(req, resp);
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat/handler/TomcatSigninHandler.java
----------------------------------------------------------------------
diff --git a/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat/handler/TomcatSigninHandler.java b/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat/handler/TomcatSigninHandler.java
new file mode 100644
index 0000000..e7b01cb
--- /dev/null
+++ b/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat/handler/TomcatSigninHandler.java
@@ -0,0 +1,101 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.tomcat.handler;
+
+import java.util.Collections;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.catalina.Session;
+import org.apache.catalina.authenticator.Constants;
+import org.apache.catalina.connector.Request;
+import org.apache.cxf.fediz.core.FederationConstants;
+import org.apache.cxf.fediz.core.FedizPrincipal;
+import org.apache.cxf.fediz.core.SAMLSSOConstants;
+import org.apache.cxf.fediz.core.config.FederationProtocol;
+import org.apache.cxf.fediz.core.config.FedizContext;
+import org.apache.cxf.fediz.core.config.SAMLProtocol;
+import org.apache.cxf.fediz.core.handler.SigninHandler;
+import org.apache.cxf.fediz.core.processor.FedizResponse;
+import org.apache.cxf.fediz.tomcat.FederationAuthenticator;
+import org.apache.cxf.fediz.tomcat.FederationPrincipalImpl;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class TomcatSigninHandler extends SigninHandler<FedizPrincipal> {
+
+ private static final Logger LOG = LoggerFactory.getLogger(TomcatSigninHandler.class);
+ private Object landingPage;
+
+ public TomcatSigninHandler(FedizContext fedizContext) {
+ super(fedizContext);
+ }
+
+ @Override
+ protected FedizPrincipal createPrincipal(HttpServletRequest request, HttpServletResponse response,
+ FedizResponse wfRes) {
+
+ List<String> roles = wfRes.getRoles();
+ if (roles == null || roles.size() == 0) {
+ roles = Collections.singletonList("Authenticated");
+ }
+
+ // proceed creating the JAAS Subject
+ FedizPrincipal principal = new FederationPrincipalImpl(wfRes.getUsername(), roles,
+ wfRes.getClaims(), wfRes.getToken());
+
+ Session session = ((Request)request).getSessionInternal();
+
+ // Save the authenticated Principal in our session
+ session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal);
+
+ // Save Federation response in our session
+ session.setNote(FederationAuthenticator.FEDERATION_NOTE, wfRes);
+
+ // Save Federation response in public session
+ request.getSession(true).setAttribute(FederationAuthenticator.SECURITY_TOKEN, wfRes.getToken());
+
+ LOG.debug("UserPrincipal was created successfully for {}", principal);
+ return principal;
+ }
+
+ @Override
+ public boolean canHandleRequest(HttpServletRequest request) {
+ if (super.getFedizContext().getProtocol() instanceof FederationProtocol
+ && FederationConstants.ACTION_SIGNIN.equals(request.getParameter(FederationConstants.PARAM_ACTION))) {
+ return true;
+ } else if (super.getFedizContext().getProtocol() instanceof SAMLProtocol
+ && request.getParameter(SAMLSSOConstants.RELAY_STATE) != null) {
+ return true;
+ }
+ return false;
+ }
+
+ public Object getLandingPage() {
+ return landingPage;
+ }
+
+ public void setLandingPage(Object landingPage) {
+ this.landingPage = landingPage;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/plugins/tomcat7/src/test/resources/logging.properties
----------------------------------------------------------------------
diff --git a/plugins/tomcat7/src/test/resources/logging.properties b/plugins/tomcat7/src/test/resources/logging.properties
new file mode 100644
index 0000000..3172435
--- /dev/null
+++ b/plugins/tomcat7/src/test/resources/logging.properties
@@ -0,0 +1,52 @@
+############################################################
+# Default Logging Configuration File
+#
+# You can use a different file by specifying a filename
+# with the java.util.logging.config.file system property.
+# For example java -Djava.util.logging.config.file=myfile
+############################################################
+
+############################################################
+# Global properties
+############################################################
+
+# "handlers" specifies a comma separated list of log Handler
+# classes. These handlers will be installed during VM startup.
+# Note that these classes must be on the system classpath.
+# By default we only configure a ConsoleHandler, which will only
+# show messages at the WARNING and above levels.
+#handlers= java.util.logging.ConsoleHandler
+#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler
+
+# Default global logging level.
+# This specifies which kinds of events are logged across
+# all loggers. For any given facility this global level
+# can be overridden by a facility specific level
+# Note that the ConsoleHandler also has a separate level
+# setting to limit messages printed to the console.
+.level= INFO
+
+############################################################
+# Handler specific properties.
+# Describes specific configuration info for Handlers.
+############################################################
+
+# default file output is in user's home directory.
+java.util.logging.FileHandler.pattern = %h/java%u.log
+java.util.logging.FileHandler.limit = 50000
+java.util.logging.FileHandler.count = 1
+java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter
+
+# Limit the message that are printed on the console to WARNING and above.
+java.util.logging.ConsoleHandler.level = INFO
+java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
+
+
+############################################################
+# Facility specific properties.
+# Provides extra control for each logger.
+############################################################
+
+# For example, set the com.xyz.foo logger to only log SEVERE
+# messages:
+#com.xyz.foo.level = SEVERE
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java
----------------------------------------------------------------------
diff --git a/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java b/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java
index b7e4292..fd76e61 100644
--- a/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java
+++ b/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java
@@ -326,26 +326,13 @@ public class FedizInterceptor implements TrustAssociationInterceptor {
return null;
}
}
-
- @Override
- public void resumeRequest(HttpServletRequest request, HttpServletResponse response,
- FedizResponse federationResponse) {
- String wctx = request.getParameter(FederationConstants.PARAM_CONTEXT);
- HttpSession session = request.getSession(true);
- RequestState requestState = (RequestState)session.getAttribute(wctx);
- if (requestState != null && requestState.getTargetAddress() != null) {
- LOG.debug("Restore request to {}", requestState.getTargetAddress());
- try {
- response.sendRedirect(requestState.getTargetAddress());
- } catch (IOException e) {
- LOG.error("Cannot resume with original request.", e);
- }
- session.removeAttribute(wctx);
- }
- }
};
if (signinHandler.canHandleRequest(req)) {
- return signinHandler.handleRequest(req, resp);
+ TAIResult taiResult = signinHandler.handleRequest(req, resp);
+ if (taiResult != null) {
+ resumeRequest(req, resp);
+ }
+ return taiResult;
}
// Check if user was authenticated previously and token is still valid
@@ -364,6 +351,21 @@ public class FedizInterceptor implements TrustAssociationInterceptor {
}
}
+ protected void resumeRequest(HttpServletRequest request, HttpServletResponse response) {
+ String wctx = request.getParameter(FederationConstants.PARAM_CONTEXT);
+ HttpSession session = request.getSession(true);
+ RequestState requestState = (RequestState)session.getAttribute(wctx);
+ if (requestState != null && requestState.getTargetAddress() != null) {
+ LOG.debug("Restore request to {}", requestState.getTargetAddress());
+ try {
+ response.sendRedirect(requestState.getTargetAddress());
+ } catch (IOException e) {
+ LOG.error("Cannot resume with original request.", e);
+ }
+ session.removeAttribute(wctx);
+ }
+ }
+
private TAIResult checkUserAuthentication(HttpServletRequest req, FedizContext fedCtx)
throws WebTrustAssociationFailedException {
TAIResult result = null;
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/systests/clientcert/pom.xml
----------------------------------------------------------------------
diff --git a/systests/clientcert/pom.xml b/systests/clientcert/pom.xml
index 48d691d..8434e48 100644
--- a/systests/clientcert/pom.xml
+++ b/systests/clientcert/pom.xml
@@ -66,7 +66,7 @@
</dependency>
<dependency>
<groupId>org.apache.cxf.fediz</groupId>
- <artifactId>fediz-tomcat</artifactId>
+ <artifactId>fediz-tomcat7</artifactId>
<version>${project.version}</version>
<scope>test</scope>
</dependency>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/systests/cxf/src/test/java/org/apache/cxf/fediz/integrationtests/federation/FederationTest.java
----------------------------------------------------------------------
diff --git a/systests/cxf/src/test/java/org/apache/cxf/fediz/integrationtests/federation/FederationTest.java b/systests/cxf/src/test/java/org/apache/cxf/fediz/integrationtests/federation/FederationTest.java
index 123c107..40dac1f 100644
--- a/systests/cxf/src/test/java/org/apache/cxf/fediz/integrationtests/federation/FederationTest.java
+++ b/systests/cxf/src/test/java/org/apache/cxf/fediz/integrationtests/federation/FederationTest.java
@@ -28,6 +28,7 @@ import org.apache.cxf.fediz.integrationtests.AbstractTests;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
+import org.junit.Ignore;
/**
* A test for WS-Federation using the CXF plugin (deployed in Tomcat).
@@ -172,4 +173,9 @@ public class FederationTest extends AbstractTests {
return "fedizhelloworld";
}
+ @Ignore("This tests is currently failing on CXF")
+ @Override
+ public void testConcurrentRequests() throws Exception {
+ // super.testConcurrentRequests();
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/systests/federation/samlsso/pom.xml
----------------------------------------------------------------------
diff --git a/systests/federation/samlsso/pom.xml b/systests/federation/samlsso/pom.xml
index 525baef..8279bc7 100644
--- a/systests/federation/samlsso/pom.xml
+++ b/systests/federation/samlsso/pom.xml
@@ -66,7 +66,7 @@
</dependency>
<dependency>
<groupId>org.apache.cxf.fediz</groupId>
- <artifactId>fediz-tomcat</artifactId>
+ <artifactId>fediz-tomcat7</artifactId>
<version>${project.version}</version>
<scope>test</scope>
</dependency>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/systests/federation/wsfed/pom.xml
----------------------------------------------------------------------
diff --git a/systests/federation/wsfed/pom.xml b/systests/federation/wsfed/pom.xml
index 1c7c546..9b72584 100644
--- a/systests/federation/wsfed/pom.xml
+++ b/systests/federation/wsfed/pom.xml
@@ -66,7 +66,7 @@
</dependency>
<dependency>
<groupId>org.apache.cxf.fediz</groupId>
- <artifactId>fediz-tomcat</artifactId>
+ <artifactId>fediz-tomcat7</artifactId>
<version>${project.version}</version>
<scope>test</scope>
</dependency>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyPreAuthSpringTest.java
----------------------------------------------------------------------
diff --git a/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyPreAuthSpringTest.java b/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyPreAuthSpringTest.java
index dd57b67..0d79b36 100644
--- a/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyPreAuthSpringTest.java
+++ b/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyPreAuthSpringTest.java
@@ -24,6 +24,7 @@ package org.apache.cxf.fediz.integrationtests;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
+import org.junit.Ignore;
public class JettyPreAuthSpringTest extends AbstractTests {
@@ -73,5 +74,10 @@ public class JettyPreAuthSpringTest extends AbstractTests {
return "fedizspringhelloworld";
}
+ @Ignore("This tests is currently failing on Jetty")
+ @Override
+ public void testConcurrentRequests() throws Exception {
+ // super.testConcurrentRequests();
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyTest.java
----------------------------------------------------------------------
diff --git a/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyTest.java b/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyTest.java
index eb99243..1b3b291 100644
--- a/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyTest.java
+++ b/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyTest.java
@@ -22,6 +22,7 @@ package org.apache.cxf.fediz.integrationtests;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
+import org.junit.Ignore;
public class JettyTest extends AbstractTests {
@@ -73,4 +74,9 @@ public class JettyTest extends AbstractTests {
return "fedizhelloworld";
}
+ @Ignore("This tests is currently failing on Jetty")
+ @Override
+ public void testConcurrentRequests() throws Exception {
+ // super.testConcurrentRequests();
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/systests/kerberos/pom.xml
----------------------------------------------------------------------
diff --git a/systests/kerberos/pom.xml b/systests/kerberos/pom.xml
index d7c8ce7..0fb0571 100644
--- a/systests/kerberos/pom.xml
+++ b/systests/kerberos/pom.xml
@@ -66,7 +66,7 @@
</dependency>
<dependency>
<groupId>org.apache.cxf.fediz</groupId>
- <artifactId>fediz-tomcat</artifactId>
+ <artifactId>fediz-tomcat7</artifactId>
<version>${project.version}</version>
<scope>test</scope>
</dependency>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/Spring2Test.java
----------------------------------------------------------------------
diff --git a/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/Spring2Test.java b/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/Spring2Test.java
index cb39438..d94bb60 100644
--- a/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/Spring2Test.java
+++ b/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/Spring2Test.java
@@ -23,6 +23,7 @@ package org.apache.cxf.fediz.integrationtests;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
+import org.junit.Ignore;
public class Spring2Test extends AbstractTests {
@@ -72,5 +73,9 @@ public class Spring2Test extends AbstractTests {
return "fedizhelloworld_spring2";
}
-
+ @Ignore("This tests is currently failing on Spring")
+ @Override
+ public void testConcurrentRequests() throws Exception {
+ // super.testConcurrentRequests();
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/SpringTest.java
----------------------------------------------------------------------
diff --git a/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/SpringTest.java b/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/SpringTest.java
index f750714..e50e4db 100644
--- a/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/SpringTest.java
+++ b/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/SpringTest.java
@@ -23,6 +23,7 @@ package org.apache.cxf.fediz.integrationtests;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
+import org.junit.Ignore;
public class SpringTest extends AbstractTests {
@@ -72,5 +73,9 @@ public class SpringTest extends AbstractTests {
return "fedizhelloworld";
}
-
+ @Ignore("This tests is currently failing on Spring")
+ @Override
+ public void testConcurrentRequests() throws Exception {
+ // super.testConcurrentRequests();
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
----------------------------------------------------------------------
diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
index d27b08e..8ba7288 100644
--- a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
+++ b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
@@ -42,6 +42,7 @@ import org.apache.wss4j.dom.WSSConfig;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.signature.XMLSignature;
import org.junit.Assert;
+import org.junit.Test;
public abstract class AbstractTests {
@@ -59,7 +60,7 @@ public abstract class AbstractTests {
public abstract String getRpHttpsPort();
- @org.junit.Test
+ @Test
public void testAlice() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
String user = "alice";
@@ -89,7 +90,7 @@ public abstract class AbstractTests {
}
- @org.junit.Test
+ @Test
public void testAliceUser() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/user/fedservlet";
String user = "alice";
@@ -108,7 +109,7 @@ public abstract class AbstractTests {
bodyTextContent.contains("role:User=true"));
}
- @org.junit.Test
+ @Test
public void testAliceAdminNoAccess() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/admin/fedservlet";
String user = "alice";
@@ -122,7 +123,7 @@ public abstract class AbstractTests {
}
}
- @org.junit.Test
+ @Test
public void testAliceManagerNoAccess() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/manager/fedservlet";
String user = "alice";
@@ -136,7 +137,7 @@ public abstract class AbstractTests {
}
}
- @org.junit.Test
+ @Test
public void testAliceWrongPasswordNoAccess() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
String user = "alice";
@@ -150,7 +151,7 @@ public abstract class AbstractTests {
}
}
- @org.junit.Test
+ @Test
public void testBob() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
String user = "bob";
@@ -179,7 +180,7 @@ public abstract class AbstractTests {
bodyTextContent.contains(claim + "=bobwindsor@realma.org"));
}
- @org.junit.Test
+ @Test
public void testBobUser() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/user/fedservlet";
String user = "bob";
@@ -198,7 +199,7 @@ public abstract class AbstractTests {
bodyTextContent.contains("role:User=true"));
}
- @org.junit.Test
+ @Test
public void testBobManager() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/manager/fedservlet";
String user = "bob";
@@ -217,7 +218,7 @@ public abstract class AbstractTests {
bodyTextContent.contains("role:User=true"));
}
- @org.junit.Test
+ @Test
public void testBobAdmin() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/admin/fedservlet";
String user = "bob";
@@ -236,7 +237,7 @@ public abstract class AbstractTests {
bodyTextContent.contains("role:User=true"));
}
- @org.junit.Test
+ @Test
public void testTed() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
String user = "ted";
@@ -265,7 +266,7 @@ public abstract class AbstractTests {
bodyTextContent.contains(claim + "=tcooper@realma.org"));
}
- @org.junit.Test
+ @Test
public void testTedUserNoAccess() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/user/fedservlet";
String user = "ted";
@@ -279,7 +280,7 @@ public abstract class AbstractTests {
}
}
- @org.junit.Test
+ @Test
public void testTedAdminNoAccess() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/admin/fedservlet";
String user = "ted";
@@ -293,7 +294,7 @@ public abstract class AbstractTests {
}
}
- @org.junit.Test
+ @Test
public void testTedManagerNoAccess() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/manager/fedservlet";
String user = "ted";
@@ -307,7 +308,7 @@ public abstract class AbstractTests {
}
}
- @org.junit.Test
+ @Test
public void testRPMetadata() throws Exception {
String url = "https://localhost:" + getRpHttpsPort()
+ "/fedizhelloworld/FederationMetadata/2007-06/FederationMetadata.xml";
@@ -338,7 +339,7 @@ public abstract class AbstractTests {
Assert.assertTrue(signature.checkSignatureValue(ki.getX509Certificate()));
}
- @org.junit.Test
+ @Test
public void testIdPMetadata() throws Exception {
String url = "https://localhost:" + getIdpHttpsPort()
+ "/fediz-idp/FederationMetadata/2007-06/FederationMetadata.xml";
@@ -369,7 +370,7 @@ public abstract class AbstractTests {
Assert.assertTrue(signature.checkSignatureValue(ki.getX509Certificate()));
}
- @org.junit.Test
+ @Test
public void testRPLogout() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
@@ -407,7 +408,7 @@ public abstract class AbstractTests {
Assert.assertEquals(401, idpPage.getWebResponse().getStatusCode());
}
- @org.junit.Test
+ @Test
public void testIdPLogout() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
@@ -446,7 +447,7 @@ public abstract class AbstractTests {
Assert.assertEquals(401, idpPage.getWebResponse().getStatusCode());
}
- @org.junit.Test
+ @Test
public void testIdPLogoutCleanup() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
@@ -485,7 +486,7 @@ public abstract class AbstractTests {
Assert.assertEquals(401, idpPage.getWebResponse().getStatusCode());
}
- @org.junit.Test
+ @Test
public void testAliceModifiedSignature() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
String user = "alice";
@@ -533,4 +534,48 @@ public abstract class AbstractTests {
}
}
+
+ @Test
+ public void testConcurrentRequests() throws Exception {
+
+ String url1 = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
+ String url2 = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/test.html";
+ String user = "bob";
+ String password = "bob";
+
+ // Get the initial token
+ CookieManager cookieManager = new CookieManager();
+ final WebClient webClient = new WebClient();
+ webClient.setCookieManager(cookieManager);
+ webClient.getOptions().setUseInsecureSSL(true);
+ webClient.getCredentialsProvider().setCredentials(
+ new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
+ new UsernamePasswordCredentials(user, password));
+
+ webClient.getOptions().setJavaScriptEnabled(false);
+ final HtmlPage idpPage1 = webClient.getPage(url1);
+ final HtmlPage idpPage2 = webClient.getPage(url2);
+ webClient.getOptions().setJavaScriptEnabled(true);
+ Assert.assertEquals("IDP SignIn Response Form", idpPage1.getTitleText());
+ Assert.assertEquals("IDP SignIn Response Form", idpPage2.getTitleText());
+
+ // Invoke back on the page1 RP
+ final HtmlForm form = idpPage1.getFormByName("signinresponseform");
+ final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
+ final HtmlPage rpPage1 = button.click();
+ Assert.assertEquals("WS Federation Systests Examples", rpPage1.getTitleText());
+ String bodyTextContent1 = rpPage1.getBody().getTextContent();
+
+ Assert.assertTrue("Principal not " + user,
+ bodyTextContent1.contains("userPrincipal=" + user));
+
+ // Invoke back on the page2 RP
+ final HtmlForm form2 = idpPage2.getFormByName("signinresponseform");
+ final HtmlSubmitInput button2 = form2.getInputByName("_eventId_submit");
+ final HtmlPage rpPage2 = button2.click();
+ String bodyTextContent2 = rpPage2.getBody().getTextContent();
+
+ Assert.assertTrue("Unexpected content of RP page", bodyTextContent2.contains("Secure Test"));
+
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cd04e4f1/systests/tomcat7/pom.xml
----------------------------------------------------------------------
diff --git a/systests/tomcat7/pom.xml b/systests/tomcat7/pom.xml
index c7b696b..d214223 100644
--- a/systests/tomcat7/pom.xml
+++ b/systests/tomcat7/pom.xml
@@ -66,7 +66,7 @@
</dependency>
<dependency>
<groupId>org.apache.cxf.fediz</groupId>
- <artifactId>fediz-tomcat</artifactId>
+ <artifactId>fediz-tomcat7</artifactId>
<version>${project.version}</version>
<scope>test</scope>
</dependency>