You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/01/27 11:22:51 UTC
[08/19] cxf-fediz git commit: FEDIZ-155 - Move .java components out
of idp webapp and into a separate JAR
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/test/resources/realma.cert
----------------------------------------------------------------------
diff --git a/services/idp-core/src/test/resources/realma.cert b/services/idp-core/src/test/resources/realma.cert
new file mode 100644
index 0000000..ff97f79
--- /dev/null
+++ b/services/idp-core/src/test/resources/realma.cert
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICwTCCAamgAwIBAgIEINqJ9TANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZSRUFMTUEwHhcN
+MTUwNjEwMTU0NDE3WhcNMjUwNDE4MTU0NDE3WjARMQ8wDQYDVQQDEwZSRUFMTUEwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCJDSXn2lDR+JM+AsJarFG3/XGH7K+9AfAbQIz2IgB9MCpO
+KVWTUPCvuo1I+Fp5nEGreuHYLEwgIiam3o+C9tvpLgtDDaDkmXjDzkWpk8z6+im72HZ/ODF93Rqw
+jIiY5ZCzgDumFyPzdKiGwChThamidy+rd6oheSoi6qRVSMMcnwiEUmvkfFvV3izXRqeT5nGQwsin
+y9mCEiGx8jkfxP++H0RQjVjhOwzfQ7epsR7dTQNf2ZhkBR3o6wKV9QnF2IBWHZpA9EK58rWU9H6j
+G7b631rYvwsbOUF9HcZ8DI2BFh+4p18jDN/fnjNGSLr9rYOExpsIiF1cHBK7Tr7WwCmDAgMBAAGj
+ITAfMB0GA1UdDgQWBBRHy0qYoLm9jx/1L6r61NznHKun2jANBgkqhkiG9w0BAQsFAAOCAQEAR9rU
+5Sp1FsOErdvKNFqeaKl0oq6Fuz7BWcGm2kK6+1ZbWE8IOv6Vh+BlLuOe5hF7aLUbm8UIjhKsmg0M
+Ey5MBwkBZktT1qhQteMuiKgYR7CxayCxO0f125RYvvwntJa5rI7bUrzOqX29VQD1qQ/Tb+08fULT
+L7oURP+g88Ff99dn3IpO4VZxZdsbl4+KZRtqQvPAdXNYjOajJtPzS489+/DtfWJ6wPm/7YZ4did4
+1fYcrdwyEZ15L0/5i931z7sztNickm5WhO40qEVDKN6KrlV2Eyea0+933v2Pwe4resTlko9G2T5h
+dEaSbvht2Q/JOMMmT91daeto2oS8HTKhTA==
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/test/resources/stsKeystoreA.properties
----------------------------------------------------------------------
diff --git a/services/idp-core/src/test/resources/stsKeystoreA.properties b/services/idp-core/src/test/resources/stsKeystoreA.properties
new file mode 100644
index 0000000..bd9fb1b
--- /dev/null
+++ b/services/idp-core/src/test/resources/stsKeystoreA.properties
@@ -0,0 +1,6 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=storepass
+org.apache.ws.security.crypto.merlin.keystore.alias=realma
+org.apache.ws.security.crypto.merlin.keystore.file=stsrealm_a.jks
+
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/test/resources/stsrealm_a.jks
----------------------------------------------------------------------
diff --git a/services/idp-core/src/test/resources/stsrealm_a.jks b/services/idp-core/src/test/resources/stsrealm_a.jks
new file mode 100644
index 0000000..fde2928
Binary files /dev/null and b/services/idp-core/src/test/resources/stsrealm_a.jks differ
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/test/resources/testContext.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/test/resources/testContext.xml b/services/idp-core/src/test/resources/testContext.xml
new file mode 100644
index 0000000..bd015f0
--- /dev/null
+++ b/services/idp-core/src/test/resources/testContext.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
+ http://www.springframework.org/schema/util
+ http://www.springframework.org/schema/util/spring-util-4.3.xsd
+ http://www.springframework.org/schema/context
+ http://www.springframework.org/schema/context/spring-context-4.3.xsd">
+
+ <context:component-scan base-package="org.apache.cxf.fediz.service.idp.service" />
+ <context:component-scan base-package="org.apache.cxf.fediz.service.idp.protocols" />
+
+ <import resource="classpath:persistenceContext.xml" />
+
+ <!-- Use http://www.baeldung.com/2012/02/06/properties-with-spring/ instead -->
+ <bean
+ class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
+ <property name="locations">
+ <list>
+ <value>classpath:persistence.properties</value>
+ <value>classpath:realm.properties</value>
+ </list>
+ </property>
+ <property name="ignoreResourceNotFound" value="true" />
+ <property name="ignoreUnresolvablePlaceholders" value="true" />
+ </bean>
+
+ <bean id="dbLoadertest"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.TestDBLoader" />
+
+</beans>
+
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp/pom.xml
----------------------------------------------------------------------
diff --git a/services/idp/pom.xml b/services/idp/pom.xml
index ff92478..bfd4fa5 100644
--- a/services/idp/pom.xml
+++ b/services/idp/pom.xml
@@ -29,29 +29,6 @@
<name>Apache Fediz IDP</name>
<packaging>war</packaging>
- <properties>
- <swagger-ui.version>2.2.6</swagger-ui.version>
- </properties>
-
- <dependencyManagement>
- <dependencies>
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-jdbc</artifactId>
- <version>${spring.version}</version>
- </dependency>
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-tx</artifactId>
- <version>${spring.version}</version>
- </dependency>
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-aop</artifactId>
- <version>${spring.version}</version>
- </dependency>
- </dependencies>
- </dependencyManagement>
<dependencies>
<dependency>
<groupId>junit</groupId>
@@ -60,199 +37,10 @@
<scope>test</scope>
</dependency>
<dependency>
- <groupId>javax.servlet</groupId>
- <artifactId>servlet-api</artifactId>
- <version>${servlet.version}</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
<groupId>org.apache.cxf.fediz</groupId>
- <artifactId>fediz-core</artifactId>
+ <artifactId>fediz-idp-core</artifactId>
<version>${project.version}</version>
</dependency>
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-webmvc</artifactId>
- <version>${spring.version}</version>
- </dependency>
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-tx</artifactId>
- </dependency>
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-orm</artifactId>
- <version>${spring.version}</version>
- </dependency>
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-web</artifactId>
- <version>${spring.version}</version>
- </dependency>
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-test</artifactId>
- <version>${spring.version}</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.springframework.webflow</groupId>
- <artifactId>spring-webflow</artifactId>
- <version>2.4.4.RELEASE</version>
- </dependency>
- <dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-web</artifactId>
- <version>${spring.security.version}</version>
- </dependency>
- <dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-config</artifactId>
- <version>${spring.security.version}</version>
- </dependency>
- <dependency>
- <groupId>org.javassist</groupId>
- <artifactId>javassist</artifactId>
- <version>${javassist.version}</version>
- <scope>runtime</scope>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-log4j12</artifactId>
- <version>${slf4j.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-ws-security</artifactId>
- <version>${cxf.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-rs-security-sso-saml</artifactId>
- <version>${cxf.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-rs-security-sso-oidc</artifactId>
- <version>${cxf.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-transports-http</artifactId>
- <version>${cxf.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-ws-policy</artifactId>
- <version>${cxf.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-ws-addr</artifactId>
- <version>${cxf.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-rs-service-description-swagger</artifactId>
- <version>${cxf.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.commons</groupId>
- <artifactId>commons-lang3</artifactId>
- <version>${commons.lang.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-frontend-jaxrs</artifactId>
- <version>${cxf.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-rs-service-description</artifactId>
- <version>${cxf.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-rs-extension-providers</artifactId>
- <version>${cxf.version}</version>
- </dependency>
- <dependency>
- <groupId>com.fasterxml.jackson.jaxrs</groupId>
- <artifactId>jackson-jaxrs-json-provider</artifactId>
- <version>2.8.6</version>
- </dependency>
- <dependency>
- <groupId>org.hsqldb</groupId>
- <artifactId>hsqldb</artifactId>
- <version>${hsqldb.version}</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>cglib</groupId>
- <artifactId>cglib-nodep</artifactId>
- <version>3.2.4</version>
- </dependency>
- <!--
- <dependency>
- <groupId>org.apache.openjpa</groupId>
- <artifactId>openjpa-all</artifactId>
- <version>${openjpa.version}</version>
- </dependency>
- -->
- <dependency>
- <groupId>org.apache.commons</groupId>
- <artifactId>commons-dbcp2</artifactId>
- <version>${dbcp.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.openjpa</groupId>
- <artifactId>openjpa-jdbc</artifactId>
- <version>${openjpa.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.openjpa</groupId>
- <artifactId>openjpa-persistence-jdbc</artifactId>
- <version>${openjpa.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-rs-client</artifactId>
- <version>${cxf.version}</version>
- </dependency>
- <dependency>
- <groupId>javax.validation</groupId>
- <artifactId>validation-api</artifactId>
- <version>${javax.validation.version}</version>
- </dependency>
- <dependency>
- <groupId>jstl</groupId>
- <artifactId>jstl</artifactId>
- <version>1.2</version>
- </dependency>
- <dependency>
- <groupId>org.apache.bval</groupId>
- <artifactId>bval-jsr</artifactId>
- <version>${bval.version}</version>
- <exclusions>
- <exclusion>
- <groupId>com.sun.xml.bind</groupId>
- <artifactId>jaxb-impl</artifactId>
- </exclusion>
- <!--
- dependency to newer version (commons-beanutils)
- imported from commons-validator
- -->
- <exclusion>
- <groupId>commons-beanutils</groupId>
- <artifactId>commons-beanutils-core</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
- <groupId>commons-validator</groupId>
- <artifactId>commons-validator</artifactId>
- <version>${commons.validator.version}</version>
- </dependency>
</dependencies>
<build>
<resources>
@@ -279,32 +67,6 @@
</resources>
<plugins>
<plugin>
- <groupId>org.apache.openjpa</groupId>
- <artifactId>openjpa-maven-plugin</artifactId>
- <version>${openjpa.version}</version>
- <inherited>true</inherited>
- <configuration>
- <persistenceXmlFile>${project.basedir}/src/main/resources/META-INF/spring-persistence.xml</persistenceXmlFile>
- <includes>org/apache/cxf/fediz/service/idp/service/jpa/**/*.class</includes>
- </configuration>
- <executions>
- <execution>
- <id>enhancer</id>
- <phase>process-classes</phase>
- <goals>
- <goal>enhance</goal>
- </goals>
- </execution>
- </executions>
- <dependencies>
- <dependency>
- <groupId>xerces</groupId>
- <artifactId>xercesImpl</artifactId>
- <version>2.11.0</version>
- </dependency>
- </dependencies>
- </plugin>
- <plugin>
<!--for mvn tomcat:deploy/:undeploy/:redeploy -->
<groupId>org.codehaus.mojo</groupId>
<artifactId>tomcat-maven-plugin</artifactId>
@@ -342,74 +104,6 @@
</configuration>
</plugin>
<plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-dependency-plugin</artifactId>
- <executions>
- <execution>
- <phase>generate-resources</phase>
- <goals>
- <goal>unpack</goal>
- </goals>
- <configuration>
- <artifactItems>
- <artifactItem>
- <groupId>org.webjars</groupId>
- <artifactId>swagger-ui</artifactId>
- <version>${swagger-ui.version}</version>
- <overWrite>true</overWrite>
- <outputDirectory>${project.build.directory}/swagger-ui</outputDirectory>
- <excludes>**/*.gz</excludes>
- </artifactItem>
- </artifactItems>
- </configuration>
- </execution>
- </executions>
- </plugin>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-resources-plugin</artifactId>
- <executions>
- <execution>
- <id>copy-swagger-resources-in-place</id>
- <phase>process-resources</phase>
- <goals>
- <goal>copy-resources</goal>
- </goals>
- <configuration>
- <outputDirectory>${project.build.directory}/${project.build.finalName}/resources/swagger</outputDirectory>
- <resources>
- <resource>
- <directory>${project.build.directory}/swagger-ui/META-INF/resources/webjars/swagger-ui/${swagger-ui.version}</directory>
- <excludes>
- <exclude>index.html</exclude>
- <exclude>swagger-ui.min.js</exclude>
- </excludes>
- </resource>
- </resources>
- </configuration>
- </execution>
- </executions>
- </plugin>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-antrun-plugin</artifactId>
- <inherited>true</inherited>
- <executions>
- <execution>
- <id>addMatrixParamSupport</id>
- <phase>process-resources</phase>
- <goals>
- <goal>run</goal>
- </goals>
- <configuration>
- <target>
- <replace file="${project.build.directory}/swagger-ui/META-INF/resources/webjars/swagger-ui/${swagger-ui.version}/swagger-ui.js" token="return url + requestUrl + querystring;" value="
var matrixstring = '';
 for (var i = 0; i < this.parameters.length; i++) {
 var param = this.parameters[i];
 
 if (param.in === 'matrix') {
 matrixstring += ';' + this.encodeQueryParam(param.name) + '=' + this.encodeQueryParam(args[param.name]);
 }
 }
 
 var url = this.scheme + '://' + this.host;
 
 if (this.basePath !== '/') {
 url += this.basePath;
 }
 return url + requestUrl + matrixstring + querystring;" />
- </target>
- </configuration>
- </execution>
- </executions>
- </plugin>
- <plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>build-helper-maven-plugin</artifactId>
<executions>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/FedizEntryPoint.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/FedizEntryPoint.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/FedizEntryPoint.java
deleted file mode 100644
index dd121fb..0000000
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/FedizEntryPoint.java
+++ /dev/null
@@ -1,172 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.fediz.service.idp;
-
-import java.io.IOException;
-import java.net.MalformedURLException;
-import java.net.URL;
-import java.net.URLEncoder;
-import java.util.Enumeration;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.cxf.fediz.core.FederationConstants;
-import org.apache.cxf.fediz.service.idp.domain.Idp;
-import org.apache.cxf.fediz.service.idp.service.ConfigService;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import org.springframework.beans.BeansException;
-import org.springframework.beans.factory.InitializingBean;
-import org.springframework.context.ApplicationContext;
-import org.springframework.context.ApplicationContextAware;
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.web.AuthenticationEntryPoint;
-import org.springframework.util.Assert;
-
-
-/**
- * Used by the <code>ExceptionTranslationFilter</code> to commence authentication
- * <p>
- * The user's browser will be redirected to the IDP.
- *
- */
-public class FedizEntryPoint implements AuthenticationEntryPoint,
- InitializingBean, ApplicationContextAware {
-
- private static final Logger LOG = LoggerFactory.getLogger(FedizEntryPoint.class);
-
- private ApplicationContext appContext;
- private ConfigService configService;
- private String realm;
- private Idp idpConfig;
-
- public ConfigService getConfigService() {
- return configService;
- }
-
- public void setConfigService(ConfigService configService) {
- this.configService = configService;
- }
-
- public String getRealm() {
- return realm;
- }
-
- public void setRealm(String realm) {
- this.realm = realm;
- }
-
- public void afterPropertiesSet() throws Exception {
- Assert.notNull(this.appContext, "ApplicationContext cannot be null.");
- Assert.notNull(this.configService, "ConfigService cannot be null.");
- Assert.notNull(this.realm, "realm cannot be null.");
- }
-
- public final void commence(final HttpServletRequest servletRequest, final HttpServletResponse response,
- final AuthenticationException authenticationException) throws IOException, ServletException {
-
- idpConfig = configService.getIDP(realm);
- Assert.notNull(this.idpConfig, "idpConfig cannot be null. Check realm and config service implementation");
-
- String wauth = servletRequest.getParameter(FederationConstants.PARAM_AUTH_TYPE);
- if (wauth == null) {
- wauth = "default";
- }
- String loginUri = idpConfig.getAuthenticationURIs().get(wauth);
- if (loginUri == null) {
- LOG.warn("wauth value '" + wauth + "' not supported");
- response.sendError(
- HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "The wauth value that was supplied is not supported");
- return;
- }
-
- StringBuilder builder = new StringBuilder(extractFullContextPath(servletRequest))
- .append(loginUri).append("?");
-
- // Add the query parameters - URL encoding them for safety
- @SuppressWarnings("unchecked")
- Enumeration<String> names = servletRequest.getParameterNames();
- while (names.hasMoreElements()) {
- String name = names.nextElement();
- String[] values = servletRequest.getParameterValues(name);
- if (values != null && values.length > 0) {
- builder.append(name).append("=");
- builder.append(URLEncoder.encode(values[0], "UTF-8"));
- builder.append("&");
- }
- }
- // Remove trailing ampersand
- if (builder.charAt(builder.length() - 1) == '&') {
- builder.deleteCharAt(builder.length() - 1);
- }
-
- String redirectUrl = builder.toString();
- preCommence(servletRequest, response);
- if (LOG.isInfoEnabled()) {
- LOG.info("Redirect to " + redirectUrl);
- }
- response.sendRedirect(redirectUrl);
- }
-
-
- /**
- * Template method for you to do your own pre-processing before the redirect occurs.
- *
- * @param request the HttpServletRequest
- * @param response the HttpServletResponse
- */
- protected void preCommence(final HttpServletRequest request, final HttpServletResponse response) {
-
- }
-
- @Override
- public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
- this.appContext = applicationContext;
- }
-
- protected String extractFullContextPath(HttpServletRequest request) throws MalformedURLException {
- String result = null;
- String contextPath = request.getContextPath();
- String requestUrl = request.getRequestURL().toString();
-
- String requestPath = new URL(requestUrl).getPath();
- // Cut request path of request url and add context path if not ROOT
- if (requestPath != null && requestPath.length() > 0) {
- int lastIndex = requestUrl.lastIndexOf(requestPath);
- result = requestUrl.substring(0, lastIndex);
- } else {
- result = requestUrl;
- }
- if (contextPath != null && contextPath.length() > 0) {
- // contextPath contains starting slash
- result = result + contextPath;
- }
- if (result.charAt(result.length() - 1) != '/') {
- result = result + "/";
- }
- return result;
- }
-
-
-
-}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpConstants.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpConstants.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpConstants.java
deleted file mode 100644
index 1e2969b..0000000
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpConstants.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.fediz.service.idp;
-
-public final class IdpConstants {
-
- public static final String IDP_CONFIG = "idpConfig";
-
- /**
- * A key used to store context/state when communicating with a trusted third party IdP.
- */
- public static final String TRUSTED_IDP_CONTEXT = "trusted_idp_context";
-
- /**
- * A key used to store the application realm for the given request.
- */
- public static final String REALM = "realm";
-
- /**
- * A key used to store the home realm for the given request.
- */
- public static final String HOME_REALM = "home_realm";
-
- /**
- * The SAML Authn Request
- */
- public static final String SAML_AUTHN_REQUEST = "saml_authn_request";
-
- /**
- * A Context variable associated with the request (independent of protocol)
- */
- public static final String CONTEXT = "request_context";
-
- /**
- * A key used to store the return address for the given request
- */
- public static final String RETURN_ADDRESS = "return_address";
-
-
- private IdpConstants() {
- // complete
- }
-}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpSTSClient.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpSTSClient.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpSTSClient.java
deleted file mode 100644
index b8450b4..0000000
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpSTSClient.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.fediz.service.idp;
-
-import org.w3c.dom.Element;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.ws.security.tokenstore.SecurityToken;
-import org.apache.cxf.ws.security.trust.STSClient;
-
-public class IdpSTSClient extends STSClient {
-
- public IdpSTSClient(Bus b) {
- super(b);
- }
-
- public Element requestSecurityTokenResponse() throws Exception {
- return requestSecurityTokenResponse(null);
- }
-
- public Element requestSecurityTokenResponse(String appliesTo) throws Exception {
- String action = null;
- if (isSecureConv) {
- action = namespace + "/RST/SCT";
- }
- return requestSecurityTokenResponse(appliesTo, action, "/Issue", null);
- }
-
- public Element requestSecurityTokenResponse(String appliesTo, String action,
- String requestType, SecurityToken target) throws Exception {
- STSResponse response = issue(appliesTo, null, "/Issue", null);
-
- return getDocumentElement(response.getResponse());
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
deleted file mode 100644
index 0aab857..0000000
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
+++ /dev/null
@@ -1,111 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.fediz.service.idp;
-
-import java.io.IOException;
-import java.io.PrintWriter;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.w3c.dom.Document;
-import org.apache.cxf.fediz.service.idp.domain.Idp;
-import org.apache.cxf.fediz.service.idp.domain.TrustedIdp;
-import org.apache.cxf.fediz.service.idp.metadata.IdpMetadataWriter;
-import org.apache.cxf.fediz.service.idp.metadata.ServiceMetadataWriter;
-import org.apache.cxf.fediz.service.idp.service.ConfigService;
-import org.apache.wss4j.common.util.DOM2Writer;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.context.ApplicationContext;
-import org.springframework.web.context.support.WebApplicationContextUtils;
-
-
-public class MetadataServlet extends HttpServlet {
-
- public static final String PARAM_REALM = "realm";
-
- private static final Logger LOG = LoggerFactory
- .getLogger(MetadataServlet.class);
- private static final long serialVersionUID = 1L;
-
- private ApplicationContext applicationContext;
- private String realm;
-
-
- @Override
- protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException,
- IOException {
- response.setContentType("text/xml; charset=utf-8");
- PrintWriter out = response.getWriter();
-
- ConfigService cs = (ConfigService)getApplicationContext().getBean("config");
- Idp idpConfig = cs.getIDP(realm);
- try {
- if (request.getServletPath() != null && request.getServletPath().startsWith("/metadata")) {
- String serviceRealm =
- request.getRequestURI().substring(request.getRequestURI().indexOf("/metadata")
- + "/metadata".length());
- if (serviceRealm != null && serviceRealm.charAt(0) == '/') {
- serviceRealm = serviceRealm.substring(1);
- }
- TrustedIdp trustedIdp = idpConfig.findTrustedIdp(serviceRealm);
- if (trustedIdp == null) {
- LOG.error("No TrustedIdp found for desired realm: " + serviceRealm);
- response.sendError(HttpServletResponse.SC_BAD_REQUEST);
- return;
- }
- ServiceMetadataWriter mw = new ServiceMetadataWriter();
- Document metadata = mw.getMetaData(idpConfig, trustedIdp);
- out.write(DOM2Writer.nodeToString(metadata));
- } else {
- // Otherwise return the Metadata for the Idp
- LOG.debug(idpConfig.toString());
- IdpMetadataWriter mw = new IdpMetadataWriter();
- Document metadata = mw.getMetaData(idpConfig);
- out.write(DOM2Writer.nodeToString(metadata));
- }
- } catch (Exception ex) {
- LOG.error("Failed to get metadata document: ", ex);
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
- }
- }
-
- @Override
- public void init(ServletConfig config) throws ServletException {
- super.init(config);
- realm = config.getInitParameter(PARAM_REALM);
- if (realm == null || realm.length() == 0) {
- throw new ServletException("Servlet parameter '" + PARAM_REALM + "' not defined");
- }
- }
-
- public ApplicationContext getApplicationContext() {
- if (applicationContext == null) {
- LOG.debug(this.getServletContext().toString());
- applicationContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
- }
- return applicationContext;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
deleted file mode 100644
index 4e8ed11..0000000
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
+++ /dev/null
@@ -1,307 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.fediz.service.idp;
-
-import java.net.URI;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import org.w3c.dom.Element;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.BusFactory;
-//import org.apache.cxf.endpoint.Client;
-import org.apache.cxf.fediz.core.Claim;
-import org.apache.cxf.fediz.core.ClaimTypes;
-import org.apache.cxf.ws.security.tokenstore.SecurityToken;
-import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.common.saml.SamlAssertionWrapper;
-import org.opensaml.core.xml.XMLObject;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.security.authentication.AuthenticationProvider;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
-//import org.apache.cxf.transport.http.HTTPConduit;
-//import org.apache.cxf.transports.http.configuration.HTTPClientPolicy;
-
-/**
- * A base class for authenticating credentials to the STS
- */
-public abstract class STSAuthenticationProvider implements AuthenticationProvider {
-
- public static final String HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_BEARER =
- "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer";
-
- public static final String HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512 =
- "http://docs.oasis-open.org/ws-sx/ws-trust/200512/";
-
- public static final String HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_02_TRUST =
- "http://schemas.xmlsoap.org/ws/2005/02/trust";
-
- private static final Logger LOG = LoggerFactory.getLogger(STSAuthenticationProvider.class);
-
- protected String wsdlLocation;
-
- protected String namespace = HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512;
-
- protected String wsdlService;
-
- protected String wsdlEndpoint;
-
- protected String appliesTo;
-
- protected boolean use200502Namespace;
-
- protected String tokenType;
-
- protected Bus bus;
-
- protected Integer lifetime;
-
- //Required to get IDP roles to use the IDP application, used in future release
- protected String roleURI;
-
- protected Map<String, Object> properties = new HashMap<>();
-
- private String customSTSParameter;
-
- protected List<GrantedAuthority> createAuthorities(SecurityToken token) throws WSSecurityException {
- List<GrantedAuthority> authorities = new ArrayList<>();
- //authorities.add(new SimpleGrantedAuthority("ROLE_AUTHENTICATED"));
- //Not needed because AuthenticatedVoter has been added for SecurityFlowExecutionListener
- if (roleURI != null) {
- SamlAssertionWrapper assertion = new SamlAssertionWrapper(token.getToken());
-
- List<Claim> claims = parseClaimsInAssertion(assertion.getSaml2());
- for (Claim c : claims) {
- if (c.getClaimType() != null && roleURI.equals(c.getClaimType().toString())) {
- Object oValue = c.getValue();
- if ((oValue instanceof List<?>) && !((List<?>)oValue).isEmpty()) {
- List<?> values = (List<?>)oValue;
- for (Object role: values) {
- if (role instanceof String) {
- authorities.add(new SimpleGrantedAuthority((String)role));
- }
- }
- } else {
- LOG.error("Unsupported value type of Claim value");
- throw new IllegalStateException("Unsupported value type of Claim value");
- }
- claims.remove(c);
- break;
- }
- }
- }
-
- //Add IDP_LOGIN role to be able to access resource Idp, TrustedIdp, etc.
- authorities.add(new SimpleGrantedAuthority("ROLE_IDP_LOGIN"));
-
- return authorities;
- }
-
- public String getWsdlLocation() {
- return wsdlLocation;
- }
-
- public void setWsdlLocation(String wsdlLocation) {
- this.wsdlLocation = wsdlLocation;
- }
-
- public String getWsdlService() {
- return wsdlService;
- }
-
- public void setWsdlService(String wsdlService) {
- this.wsdlService = wsdlService;
- }
-
- public String getWsdlEndpoint() {
- return wsdlEndpoint;
- }
-
- public void setWsdlEndpoint(String wsdlEndpoint) {
- this.wsdlEndpoint = wsdlEndpoint;
- }
-
- public String getNamespace() {
- return namespace;
- }
-
- public void setNamespace(String namespace) {
- this.namespace = namespace;
- }
-
- public String getAppliesTo() {
- return appliesTo;
- }
-
- public void setAppliesTo(String appliesTo) {
- this.appliesTo = appliesTo;
- }
-
- public void setBus(Bus bus) {
- this.bus = bus;
- }
-
- public Bus getBus() {
- // do not store a referance to the default bus
- return (bus != null) ? bus : BusFactory.getDefaultBus();
- }
-
- public String getTokenType() {
- return tokenType;
- }
-
- public void setTokenType(String tokenType) {
- this.tokenType = tokenType;
- }
-
- public Integer getLifetime() {
- return lifetime;
- }
-
- public void setLifetime(Integer lifetime) {
- this.lifetime = lifetime;
- }
-
- protected List<Claim> parseClaimsInAssertion(org.opensaml.saml.saml2.core.Assertion assertion) {
- List<org.opensaml.saml.saml2.core.AttributeStatement> attributeStatements = assertion
- .getAttributeStatements();
- if (attributeStatements == null || attributeStatements.isEmpty()) {
- LOG.debug("No attribute statements found");
- return Collections.emptyList();
- }
-
- List<Claim> collection = new ArrayList<>();
- Map<String, Claim> claimsMap = new HashMap<>();
-
- for (org.opensaml.saml.saml2.core.AttributeStatement statement : attributeStatements) {
- LOG.debug("parsing statement: {}", statement.getElementQName());
- List<org.opensaml.saml.saml2.core.Attribute> attributes = statement
- .getAttributes();
- for (org.opensaml.saml.saml2.core.Attribute attribute : attributes) {
- LOG.debug("parsing attribute: {}", attribute.getName());
- Claim c = new Claim();
- // Workaround for CXF-4484
- // Value of Attribute Name not fully qualified
- // if NameFormat is http://schemas.xmlsoap.org/ws/2005/05/identity/claims
- // but ClaimType value must be fully qualified as Namespace attribute goes away
- URI attrName = URI.create(attribute.getName());
- if (ClaimTypes.URI_BASE.toString().equals(attribute.getNameFormat())
- && !attrName.isAbsolute()) {
- c.setClaimType(URI.create(ClaimTypes.URI_BASE + "/" + attribute.getName()));
- } else {
- c.setClaimType(URI.create(attribute.getName()));
- }
- c.setIssuer(assertion.getIssuer().getNameQualifier());
-
- List<String> valueList = new ArrayList<>();
- for (XMLObject attributeValue : attribute.getAttributeValues()) {
- Element attributeValueElement = attributeValue.getDOM();
- String value = attributeValueElement.getTextContent();
- LOG.debug(" [{}]", value);
- valueList.add(value);
- }
- mergeClaimToMap(claimsMap, c, valueList);
- }
- }
- collection.addAll(claimsMap.values());
- return collection;
-
- }
-
- protected void mergeClaimToMap(Map<String, Claim> claimsMap, Claim c,
- List<String> valueList) {
- Claim t = claimsMap.get(c.getClaimType().toString());
- if (t != null) {
- //same SAML attribute already processed. Thus Claim object already created.
- Object oValue = t.getValue();
- if (oValue instanceof String) {
- //one child element AttributeValue only
- List<String> values = new ArrayList<>();
- values.add((String)oValue); //add existing value
- values.addAll(valueList);
- t.setValue(values);
- } else if (oValue instanceof List<?>) {
- //more than one child element AttributeValue
- @SuppressWarnings("unchecked")
- List<String> values = (List<String>)oValue;
- values.addAll(valueList);
- t.setValue(values);
- } else {
- LOG.error("Unsupported value type of Claim value");
- throw new IllegalStateException("Unsupported value type of Claim value");
- }
- } else {
- if (valueList.size() == 1) {
- c.setValue(valueList.get(0));
- } else {
- c.setValue(valueList);
- }
- // Add claim to map
- claimsMap.put(c.getClaimType().toString(), c);
- }
- }
-
- public String getRoleURI() {
- return roleURI;
- }
-
- public void setRoleURI(String roleURI) {
- this.roleURI = roleURI;
- }
-
- public void setProperties(Map<String, Object> p) {
- properties.putAll(p);
- }
-
- public Map<String, Object> getProperties() {
- return properties;
- }
-
- public boolean isUse200502Namespace() {
- return use200502Namespace;
- }
-
- public void setUse200502Namespace(boolean use200502Namespace) {
- this.use200502Namespace = use200502Namespace;
- }
-
- public String getCustomSTSParameter() {
- return customSTSParameter;
- }
-
- public void setCustomSTSParameter(String customSTSParameter) {
- this.customSTSParameter = customSTSParameter;
- }
-
-//May be uncommented for debugging
-// private void setTimeout(Client client, Long timeout) {
-// HTTPConduit conduit = (HTTPConduit) client.getConduit();
-// HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
-// httpClientPolicy.setConnectionTimeout(timeout);
-// httpClientPolicy.setReceiveTimeout(timeout);
-// conduit.setClient(httpClientPolicy);
-// }
-
-}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSKrbAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSKrbAuthenticationProvider.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSKrbAuthenticationProvider.java
deleted file mode 100644
index 62f4817..0000000
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSKrbAuthenticationProvider.java
+++ /dev/null
@@ -1,259 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.fediz.service.idp;
-
-import java.security.Principal;
-import java.security.PrivilegedActionException;
-import java.util.List;
-
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.LoginException;
-import javax.xml.namespace.QName;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.fediz.service.idp.kerberos.KerberosServiceRequestToken;
-import org.apache.cxf.fediz.service.idp.kerberos.KerberosTokenValidator;
-import org.apache.cxf.fediz.service.idp.kerberos.PassThroughKerberosClient;
-import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.tokenstore.SecurityToken;
-import org.apache.wss4j.common.kerberos.KerberosServiceContext;
-import org.apache.wss4j.common.principal.SAMLTokenPrincipalImpl;
-import org.apache.wss4j.common.saml.SamlAssertionWrapper;
-import org.apache.wss4j.dom.WSConstants;
-import org.ietf.jgss.GSSContext;
-import org.ietf.jgss.GSSCredential;
-import org.ietf.jgss.GSSException;
-import org.ietf.jgss.GSSManager;
-import org.ietf.jgss.GSSName;
-import org.ietf.jgss.Oid;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.core.GrantedAuthority;
-
-/**
- * An authentication provider to authenticate a Kerberos token to the STS
- */
-public class STSKrbAuthenticationProvider extends STSAuthenticationProvider {
-
- private static final Logger LOG = LoggerFactory.getLogger(STSKrbAuthenticationProvider.class);
-
- private KerberosTokenValidator kerberosTokenValidator;
-
- private CallbackHandler kerberosCallbackHandler;
-
- private boolean kerberosUsernameServiceNameForm;
-
- private boolean requireDelegation;
-
-
- @Override
- public Authentication authenticate(Authentication authentication) throws AuthenticationException {
- // We only handle KerberosServiceRequestTokens
- if (!(authentication instanceof KerberosServiceRequestToken)) {
- return null;
- }
-
- Bus cxfBus = getBus();
- IdpSTSClient sts = new IdpSTSClient(cxfBus);
- sts.setAddressingNamespace("http://www.w3.org/2005/08/addressing");
- if (tokenType != null && tokenType.length() > 0) {
- sts.setTokenType(tokenType);
- } else {
- sts.setTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
- }
- sts.setKeyType(HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_BEARER);
- sts.setWsdlLocation(wsdlLocation);
- sts.setServiceQName(new QName(namespace, wsdlService));
- sts.setEndpointQName(new QName(namespace, wsdlEndpoint));
-
- sts.getProperties().putAll(properties);
- if (use200502Namespace) {
- sts.setNamespace(HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_02_TRUST);
- }
-
- if (lifetime != null) {
- sts.setEnableLifetime(true);
- sts.setTtl(lifetime.intValue());
- }
-
- return handleKerberos((KerberosServiceRequestToken)authentication, sts);
- }
-
- private Authentication handleKerberos(
- KerberosServiceRequestToken kerberosRequestToken,
- IdpSTSClient sts
- ) {
- Principal kerberosPrincipal = null;
- //
- // If delegation is required then validate the received token + store the
- // Delegated Credential so that we can retrieve a new kerberos token for the
- // STS with it. If delegation is not required, then we just get the received
- // token + pass it to the STS
- //
- if (requireDelegation) {
- kerberosPrincipal = validateKerberosToken(kerberosRequestToken, sts);
- if (kerberosPrincipal == null) {
- return null;
- }
- } else {
- PassThroughKerberosClient kerberosClient = new PassThroughKerberosClient();
- kerberosClient.setToken(kerberosRequestToken.getToken());
- sts.getProperties().put(SecurityConstants.KERBEROS_CLIENT, kerberosClient);
- }
-
- try {
- // Line below may be uncommented for debugging
- // setTimeout(sts.getClient(), 3600000L);
-
- SecurityToken token = sts.requestSecurityToken(this.appliesTo);
-
- if (kerberosPrincipal == null && token.getToken() != null
- && "Assertion".equals(token.getToken().getLocalName())) {
- // For the pass-through Kerberos case, we don't know the Principal name...
- kerberosPrincipal =
- new SAMLTokenPrincipalImpl(new SamlAssertionWrapper(token.getToken()));
- }
-
- if (kerberosPrincipal == null) {
- LOG.info("Failed to authenticate user '" + kerberosRequestToken.getName());
- return null;
- }
-
- List<GrantedAuthority> authorities = createAuthorities(token);
-
- KerberosServiceRequestToken ksrt =
- new KerberosServiceRequestToken(kerberosPrincipal, authorities, kerberosRequestToken.getToken());
-
- STSUserDetails details = new STSUserDetails(kerberosPrincipal.getName(),
- "",
- authorities,
- token);
- ksrt.setDetails(details);
-
- LOG.debug("[IDP_TOKEN={}] provided for user '{}'", token.getId(), kerberosPrincipal.getName());
- return ksrt;
- } catch (Exception ex) {
- LOG.info("Failed to authenticate user '" + kerberosRequestToken.getName() + "'", ex);
- return null;
- }
- }
-
- private Principal validateKerberosToken(
- KerberosServiceRequestToken token,
- IdpSTSClient sts
- ) {
- if (kerberosTokenValidator == null) {
- LOG.error("KerberosTokenValidator must be configured to support kerberos "
- + "credential delegation");
- return null;
- }
- KerberosServiceContext kerberosContext;
- Principal kerberosPrincipal = null;
- try {
- kerberosContext = kerberosTokenValidator.validate(token);
- if (kerberosContext == null || kerberosContext.getDelegationCredential() == null) {
- LOG.info("Kerberos Validation failure");
- return null;
- }
- GSSCredential delegatedCredential = kerberosContext.getDelegationCredential();
- sts.getProperties().put(SecurityConstants.DELEGATED_CREDENTIAL,
- delegatedCredential);
- sts.getProperties().put(SecurityConstants.KERBEROS_USE_CREDENTIAL_DELEGATION, "true");
- kerberosPrincipal = kerberosContext.getPrincipal();
- } catch (LoginException ex) {
- LOG.info("Failed to authenticate user", ex);
- return null;
- } catch (PrivilegedActionException ex) {
- LOG.info("Failed to authenticate user", ex);
- return null;
- }
-
- if (kerberosTokenValidator.getContextName() != null) {
- sts.getProperties().put(SecurityConstants.KERBEROS_JAAS_CONTEXT_NAME,
- kerberosTokenValidator.getContextName());
- }
- if (kerberosTokenValidator.getServiceName() != null) {
- sts.getProperties().put(SecurityConstants.KERBEROS_SPN,
- kerberosTokenValidator.getServiceName());
- }
- if (kerberosCallbackHandler != null) {
- sts.getProperties().put(SecurityConstants.CALLBACK_HANDLER,
- kerberosCallbackHandler);
- }
- if (kerberosUsernameServiceNameForm) {
- sts.getProperties().put(SecurityConstants.KERBEROS_IS_USERNAME_IN_SERVICENAME_FORM,
- "true");
- }
-
- return kerberosPrincipal;
- }
-
- protected GSSContext createGSSContext() throws GSSException {
- Oid oid = new Oid("1.2.840.113554.1.2.2");
-
- GSSManager gssManager = GSSManager.getInstance();
-
- String spn = "bob@service.ws.apache.org";
- GSSName gssService = gssManager.createName(spn, null);
-
- return gssManager.createContext(gssService.canonicalize(oid),
- oid, null, GSSContext.DEFAULT_LIFETIME);
-
- }
-
- @Override
- public boolean supports(Class<?> authentication) {
- return authentication.equals(KerberosServiceRequestToken.class);
- }
-
- public KerberosTokenValidator getKerberosTokenValidator() {
- return kerberosTokenValidator;
- }
-
- public void setKerberosTokenValidator(KerberosTokenValidator kerberosTokenValidator) {
- this.kerberosTokenValidator = kerberosTokenValidator;
- }
-
- public CallbackHandler getKerberosCallbackHandler() {
- return kerberosCallbackHandler;
- }
-
- public void setKerberosCallbackHandler(CallbackHandler kerberosCallbackHandler) {
- this.kerberosCallbackHandler = kerberosCallbackHandler;
- }
-
- public boolean isKerberosUsernameServiceNameForm() {
- return kerberosUsernameServiceNameForm;
- }
-
- public void setKerberosUsernameServiceNameForm(boolean kerberosUsernameServiceNameForm) {
- this.kerberosUsernameServiceNameForm = kerberosUsernameServiceNameForm;
- }
-
- public boolean isRequireDelegation() {
- return requireDelegation;
- }
-
- public void setRequireDelegation(boolean requireDelegation) {
- this.requireDelegation = requireDelegation;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSPortFilter.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSPortFilter.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSPortFilter.java
deleted file mode 100644
index 889dadd..0000000
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSPortFilter.java
+++ /dev/null
@@ -1,95 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.fediz.service.idp;
-
-import java.io.IOException;
-import java.net.MalformedURLException;
-import java.net.URL;
-
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.BeansException;
-import org.springframework.context.ApplicationContext;
-import org.springframework.context.ApplicationContextAware;
-import org.springframework.util.Assert;
-import org.springframework.web.filter.GenericFilterBean;
-
-public class STSPortFilter extends GenericFilterBean implements ApplicationContextAware {
-
- private static final Logger LOG = LoggerFactory.getLogger(STSPortFilter.class);
-
- private ApplicationContext applicationContext;
- private STSAuthenticationProvider authenticationProvider;
-
- private boolean isPortSet;
-
- @Override
- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
- throws IOException, ServletException {
-
- Assert.isTrue(applicationContext != null, "Application context must not be null");
- STSAuthenticationProvider authProvider = authenticationProvider;
- if (authProvider == null) {
- authProvider = applicationContext.getBean(STSAuthenticationProvider.class);
- }
- Assert.isTrue(authProvider != null, "STSAuthenticationProvider must be configured");
-
- //Only update the port if HTTPS is used, otherwise ignored (like retrieving the WADL over HTTP)
- if (!isPortSet && request.isSecure()) {
- try {
- URL url = new URL(authProvider.getWsdlLocation());
- if (url.getPort() == 0) {
- URL updatedUrl = new URL(url.getProtocol(), url.getHost(), request.getLocalPort(), url.getFile());
- setSTSWsdlUrl(authProvider, updatedUrl.toString());
- LOG.info("STSAuthenticationProvider.wsdlLocation set to " + updatedUrl.toString());
- } else {
- setSTSWsdlUrl(authProvider, url.toString());
- }
- } catch (MalformedURLException e) {
- LOG.error("Invalid Url '" + authProvider.getWsdlLocation() + "': " + e.getMessage());
- }
- }
-
- chain.doFilter(request, response);
- }
-
- private synchronized void setSTSWsdlUrl(STSAuthenticationProvider authProvider, String wsdlUrl) {
- authProvider.setWsdlLocation(wsdlUrl);
- this.isPortSet = true;
- }
-
- @Override
- public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
- this.applicationContext = applicationContext;
- }
-
- public STSAuthenticationProvider getAuthenticationProvider() {
- return authenticationProvider;
- }
-
- public void setAuthenticationProvider(STSAuthenticationProvider authenticationProvider) {
- this.authenticationProvider = authenticationProvider;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSPreAuthAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSPreAuthAuthenticationProvider.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSPreAuthAuthenticationProvider.java
deleted file mode 100644
index 45ec0a3..0000000
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSPreAuthAuthenticationProvider.java
+++ /dev/null
@@ -1,130 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.fediz.service.idp;
-
-import java.security.cert.X509Certificate;
-import java.util.List;
-
-import javax.xml.namespace.QName;
-
-import org.w3c.dom.Document;
-import org.apache.cxf.Bus;
-import org.apache.cxf.fediz.core.util.DOMUtils;
-import org.apache.cxf.ws.security.tokenstore.SecurityToken;
-import org.apache.wss4j.dom.WSConstants;
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.keys.content.X509Data;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
-
-/**
- * An authentication provider to authenticate a preauthenticated token to the STS
- */
-public class STSPreAuthAuthenticationProvider extends STSAuthenticationProvider {
-
- private static final Logger LOG = LoggerFactory
- .getLogger(STSPreAuthAuthenticationProvider.class);
-
- @Override
- public Authentication authenticate(Authentication authentication) throws AuthenticationException {
- // We only handle PreAuthenticatedAuthenticationTokens
- if (!(authentication instanceof PreAuthenticatedAuthenticationToken)) {
- return null;
- }
-
- Bus cxfBus = getBus();
- IdpSTSClient sts = new IdpSTSClient(cxfBus);
- sts.setAddressingNamespace("http://www.w3.org/2005/08/addressing");
- if (tokenType != null && tokenType.length() > 0) {
- sts.setTokenType(tokenType);
- } else {
- sts.setTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
- }
- sts.setKeyType(HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_BEARER);
- sts.setWsdlLocation(wsdlLocation);
- sts.setServiceQName(new QName(namespace, wsdlService));
- sts.setEndpointQName(new QName(namespace, wsdlEndpoint));
-
- sts.getProperties().putAll(properties);
- if (use200502Namespace) {
- sts.setNamespace(HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_02_TRUST);
- }
-
- if (lifetime != null) {
- sts.setEnableLifetime(true);
- sts.setTtl(lifetime.intValue());
- }
-
- return handlePreAuthenticated((PreAuthenticatedAuthenticationToken)authentication, sts);
- }
-
- private Authentication handlePreAuthenticated(
- PreAuthenticatedAuthenticationToken preauthenticatedToken,
- IdpSTSClient sts
- ) {
- X509Certificate cert = (X509Certificate)preauthenticatedToken.getCredentials();
- if (cert == null) {
- return null;
- }
-
- // Convert the received certificate to a DOM Element to write it out "OnBehalfOf"
- Document doc = DOMUtils.createDocument();
- X509Data certElem = new X509Data(doc);
- try {
- certElem.addCertificate(cert);
- sts.setOnBehalfOf(certElem.getElement());
- } catch (XMLSecurityException e) {
- LOG.debug("Error parsing a client certificate", e);
- return null;
- }
-
- try {
- // Line below may be uncommented for debugging
- // setTimeout(sts.getClient(), 3600000L);
-
- SecurityToken token = sts.requestSecurityToken(this.appliesTo);
-
- List<GrantedAuthority> authorities = createAuthorities(token);
-
- STSUserDetails details = new STSUserDetails(preauthenticatedToken.getName(),
- "",
- authorities,
- token);
-
- preauthenticatedToken.setDetails(details);
-
- LOG.debug("[IDP_TOKEN={}] provided for user '{}'", token.getId(), preauthenticatedToken.getName());
- return preauthenticatedToken;
-
- } catch (Exception ex) {
- LOG.info("Failed to authenticate user '" + preauthenticatedToken.getName() + "'", ex);
- return null;
- }
- }
-
- @Override
- public boolean supports(Class<?> authentication) {
- return authentication.equals(PreAuthenticatedAuthenticationToken.class);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java
deleted file mode 100644
index 6e9130c..0000000
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java
+++ /dev/null
@@ -1,131 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.fediz.service.idp;
-
-import java.util.List;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.xml.namespace.QName;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.tokenstore.SecurityToken;
-import org.apache.wss4j.dom.WSConstants;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.web.context.request.RequestContextHolder;
-import org.springframework.web.context.request.ServletRequestAttributes;
-
-/**
- * An authentication provider to authenticate a Username/Password to the STS
- */
-public class STSUPAuthenticationProvider extends STSAuthenticationProvider {
-
- private static final Logger LOG = LoggerFactory.getLogger(STSUPAuthenticationProvider.class);
-
- @Override
- public Authentication authenticate(Authentication authentication) throws AuthenticationException {
- // We only handle UsernamePasswordAuthenticationTokens
- if (!(authentication instanceof UsernamePasswordAuthenticationToken)) {
- return null;
- }
-
- Bus cxfBus = getBus();
- IdpSTSClient sts = new IdpSTSClient(cxfBus);
- sts.setAddressingNamespace("http://www.w3.org/2005/08/addressing");
- if (tokenType != null && tokenType.length() > 0) {
- sts.setTokenType(tokenType);
- } else {
- sts.setTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
- }
- sts.setKeyType(HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_BEARER);
- sts.setWsdlLocation(wsdlLocation);
- sts.setServiceQName(new QName(namespace, wsdlService));
- sts.setEndpointQName(new QName(namespace, wsdlEndpoint));
-
- sts.getProperties().putAll(properties);
- if (use200502Namespace) {
- sts.setNamespace(HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_02_TRUST);
- }
-
- if (lifetime != null) {
- sts.setEnableLifetime(true);
- sts.setTtl(lifetime.intValue());
- }
-
- return handleUsernamePassword((UsernamePasswordAuthenticationToken)authentication, sts);
- }
-
- private Authentication handleUsernamePassword(
- UsernamePasswordAuthenticationToken usernamePasswordToken,
- IdpSTSClient sts
- ) {
- sts.getProperties().put(SecurityConstants.USERNAME, usernamePasswordToken.getName());
- sts.getProperties().put(SecurityConstants.PASSWORD, (String)usernamePasswordToken.getCredentials());
-
- try {
-
- if (getCustomSTSParameter() != null) {
- HttpServletRequest request =
- ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getRequest();
- String authRealmParameter = request.getParameter(getCustomSTSParameter());
- LOG.debug("Found {} custom STS parameter {}", getCustomSTSParameter(), authRealmParameter);
- if (authRealmParameter != null) {
- sts.setCustomContent(authRealmParameter);
- }
- }
-
- // Line below may be uncommented for debugging
- // setTimeout(sts.getClient(), 3600000L);
-
- SecurityToken token = sts.requestSecurityToken(this.appliesTo);
-
- List<GrantedAuthority> authorities = createAuthorities(token);
-
- UsernamePasswordAuthenticationToken upat =
- new UsernamePasswordAuthenticationToken(usernamePasswordToken.getName(),
- usernamePasswordToken.getCredentials(),
- authorities);
-
- STSUserDetails details = new STSUserDetails(usernamePasswordToken.getName(),
- (String)usernamePasswordToken.getCredentials(),
- authorities,
- token);
- upat.setDetails(details);
-
- LOG.debug("[IDP_TOKEN={}] provided for user '{}'", token.getId(), usernamePasswordToken.getName());
- return upat;
-
- } catch (Exception ex) {
- LOG.info("Failed to authenticate user '" + usernamePasswordToken.getName() + "'", ex);
- return null;
- }
-
- }
-
- @Override
- public boolean supports(Class<?> authentication) {
- return authentication.equals(UsernamePasswordAuthenticationToken.class);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSUserDetails.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSUserDetails.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSUserDetails.java
deleted file mode 100644
index 080bcb4..0000000
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSUserDetails.java
+++ /dev/null
@@ -1,73 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.fediz.service.idp;
-
-import java.util.Collection;
-
-import org.apache.cxf.ws.security.tokenstore.SecurityToken;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.userdetails.User;
-
-public class STSUserDetails extends User {
-
- private static final long serialVersionUID = 1975259365978165675L;
-
- private SecurityToken token;
-
- public STSUserDetails(String username, String password, boolean enabled, boolean accountNonExpired,
- boolean credentialsNonExpired, boolean accountNonLocked,
- Collection<? extends GrantedAuthority> authorities) {
- super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
- }
-
- public STSUserDetails(String username, String password,
- Collection<? extends GrantedAuthority> authorities, SecurityToken token) {
- super(username, password, true, true, true, true, authorities);
- this.token = token;
- }
-
- public SecurityToken getSecurityToken() {
- return this.token;
- }
-
- @Override
- public boolean equals(Object object) {
- if (!(object instanceof STSUserDetails)) {
- return false;
- }
-
- if (token != null && !token.equals(((STSUserDetails)object).token)) {
- return false;
- } else if (token == null && ((STSUserDetails)object).token != null) {
- return false;
- }
-
- return super.equals(object);
- }
-
- @Override
- public int hashCode() {
- int hashCode = 17;
- if (token != null) {
- hashCode *= 31 * token.hashCode();
- }
-
- return hashCode * super.hashCode();
- }
-}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/CacheSecurityToken.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/CacheSecurityToken.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/CacheSecurityToken.java
deleted file mode 100644
index e219741..0000000
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/CacheSecurityToken.java
+++ /dev/null
@@ -1,56 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.fediz.service.idp.beans;
-
-import org.apache.cxf.fediz.service.idp.STSUserDetails;
-import org.apache.cxf.fediz.service.idp.domain.Idp;
-import org.apache.cxf.fediz.service.idp.util.WebUtils;
-import org.apache.cxf.ws.security.tokenstore.SecurityToken;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.stereotype.Component;
-import org.springframework.util.Assert;
-import org.springframework.webflow.execution.RequestContext;
-
-/**
- * This class is responsible to cache the IDP token.
- */
-@Component
-public class CacheSecurityToken {
-
- private static final String IDP_CONFIG = "idpConfig";
- private static final Logger LOG = LoggerFactory.getLogger(CacheSecurityToken.class);
-
- public void submit(RequestContext context) {
-
- Authentication auth = SecurityContextHolder.getContext().getAuthentication();
- Assert.isInstanceOf(STSUserDetails.class, auth.getDetails());
- final STSUserDetails stsUserDetails = (STSUserDetails) auth.getDetails();
- SecurityToken securityToken = stsUserDetails.getSecurityToken();
-
- Idp idpConfig = (Idp)WebUtils.getAttributeFromFlowScope(context, IDP_CONFIG);
-
- WebUtils.putAttributeInExternalContext(context, idpConfig.getRealm(), securityToken);
- LOG.info("Token [IDP_TOKEN=" + securityToken.getId()
- + "] for realm ["
- + idpConfig.getRealm() + "] successfully cached.");
- }
-}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/CommonsURLValidator.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/CommonsURLValidator.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/CommonsURLValidator.java
deleted file mode 100644
index 25780d2..0000000
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/CommonsURLValidator.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.fediz.service.idp.beans;
-
-import org.apache.commons.validator.routines.UrlValidator;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Component;
-import org.springframework.webflow.execution.RequestContext;
-
-/**
- * Validate a URL using Commons Validator
- */
-@Component
-public class CommonsURLValidator {
-
- private static final Logger LOG = LoggerFactory.getLogger(CommonsURLValidator.class);
-
- public boolean isValid(RequestContext context, String endpointAddress)
- throws Exception {
- if (endpointAddress == null) {
- return true;
- }
-
- // The endpointAddress address must be a valid URL + start with http(s)
- // Validate it first using commons-validator
- UrlValidator urlValidator = new UrlValidator(new String[] {"http", "https"}, UrlValidator.ALLOW_LOCAL_URLS);
- if (!urlValidator.isValid(endpointAddress)) {
- LOG.warn("The given endpointAddress parameter {} is not a valid URL", endpointAddress);
- return false;
- }
-
- return true;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/HomeRealmReminder.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/HomeRealmReminder.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/HomeRealmReminder.java
deleted file mode 100644
index c755ebf..0000000
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/HomeRealmReminder.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.fediz.service.idp.beans;
-
-import javax.servlet.http.Cookie;
-
-import org.apache.cxf.fediz.service.idp.util.WebUtils;
-import org.springframework.stereotype.Component;
-import org.springframework.webflow.execution.RequestContext;
-
-@Component
-public class HomeRealmReminder {
-
- public static final String FEDIZ_HOME_REALM = "FEDIZ_HOME_REALM";
-
- public Cookie readCookie(RequestContext requestContext) {
- return WebUtils.readCookie(requestContext, FEDIZ_HOME_REALM);
- }
-
- public void addCookie(RequestContext requestContext, String cookieValue) {
- WebUtils.addCookie(requestContext, FEDIZ_HOME_REALM, cookieValue);
- }
-
- public void removeCookie(RequestContext requestContext) {
- WebUtils.removeCookie(requestContext, FEDIZ_HOME_REALM);
- }
-}