You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/01/27 11:22:56 UTC
[13/19] cxf-fediz git commit: FEDIZ-155 - Move .java components out
of idp webapp and into a separate JAR
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleService.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleService.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleService.java
new file mode 100644
index 0000000..27d498c
--- /dev/null
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleService.java
@@ -0,0 +1,88 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp.rest;
+
+import java.util.List;
+
+import javax.ws.rs.Consumes;
+import javax.ws.rs.DELETE;
+import javax.ws.rs.DefaultValue;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.PUT;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.UriInfo;
+
+import org.apache.cxf.fediz.service.idp.domain.Entitlement;
+import org.apache.cxf.fediz.service.idp.domain.Role;
+
+import org.springframework.security.access.prepost.PreAuthorize;
+
+
+@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
+@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
+@Path("roles")
+public interface RoleService {
+
+ @GET
+ @PreAuthorize("hasRole('ROLE_LIST')")
+ Roles getRoles(@QueryParam("start") int start,
+ @QueryParam("size") @DefaultValue("2") int size,
+ @QueryParam("expand") @DefaultValue("all") List<String> expand,
+ @Context UriInfo uriInfo);
+
+ @GET
+ @Path("{name}")
+ @PreAuthorize("hasRole('ROLE_CREATE')")
+ Role getRole(@PathParam("name") String realm,
+ @QueryParam("expand") @DefaultValue("all") List<String> expand);
+
+ @POST
+ @PreAuthorize("hasRole('ROLE_CREATE')")
+ Response addRole(@Context UriInfo ui, Role role);
+
+ @PUT
+ @Path("{name}")
+ @PreAuthorize("hasRole('ROLE_UPDATE')")
+ Response updateRole(@Context UriInfo ui, @PathParam("name") String name, Role role);
+
+ @DELETE
+ @Path("{name}")
+ @PreAuthorize("hasRole('ROLE_DELETE')")
+ Response deleteRole(@PathParam("name") String name);
+
+ @POST
+ @Path("{name}/entitlements")
+ @PreAuthorize("hasRole('ROLE_UPDATE')")
+ Response addEntitlementToRole(@Context UriInfo ui, @PathParam("name") String name, Entitlement entitlement);
+
+ @DELETE
+ @Path("{name}/entitlements/{entitlementName}")
+ @PreAuthorize("hasRole('ROLE_UPDATE')")
+ Response removeEntitlementFromRole(@Context UriInfo ui, @PathParam("name") String name,
+ @PathParam("entitlementName") String entitlementName);
+
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleServiceImpl.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleServiceImpl.java
new file mode 100644
index 0000000..24ff339
--- /dev/null
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleServiceImpl.java
@@ -0,0 +1,134 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp.rest;
+
+import java.net.URI;
+import java.util.List;
+
+import javax.ws.rs.BadRequestException;
+import javax.ws.rs.NotFoundException;
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.Response.Status;
+import javax.ws.rs.core.UriBuilder;
+import javax.ws.rs.core.UriInfo;
+
+import org.apache.cxf.fediz.service.idp.domain.Entitlement;
+import org.apache.cxf.fediz.service.idp.domain.Role;
+import org.apache.cxf.fediz.service.idp.service.EntitlementDAO;
+import org.apache.cxf.fediz.service.idp.service.RoleDAO;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+@Component
+public class RoleServiceImpl implements RoleService {
+
+ private static final Logger LOG = LoggerFactory
+ .getLogger(RoleServiceImpl.class);
+
+ @Autowired
+ private RoleDAO roleDAO;
+
+ @Autowired
+ private EntitlementDAO entitlementDAO;
+
+ @Override
+ public Roles getRoles(int start, int size, List<String> expand, UriInfo uriInfo) {
+ List<Role> roles = roleDAO.getRoles(start, size, expand);
+
+ Roles list = new Roles();
+ list.setRoles(roles);
+ return list;
+ }
+
+ @Override
+ public Role getRole(String name, List<String> expand) {
+ Role role = roleDAO.getRole(name, expand);
+ if (role == null) {
+ throw new NotFoundException();
+ } else {
+ return role;
+ }
+ }
+
+ @Override
+ public Response addRole(UriInfo ui, Role role) {
+ if (role.getEntitlements() != null && role.getEntitlements().size() > 0) {
+ LOG.warn("Role resource contains sub resource 'entitlements'");
+ throw new WebApplicationException(Status.BAD_REQUEST);
+ }
+ Role createdRole = roleDAO.addRole(role);
+
+ UriBuilder uriBuilder = UriBuilder.fromUri(ui.getRequestUri());
+ uriBuilder.path("{index}");
+ URI location = uriBuilder.build(createdRole.getName());
+
+ LOG.debug("Role '" + role.getName() + "' added");
+ return Response.created(location).entity(role).build();
+ }
+
+ @Override
+ public Response updateRole(UriInfo ui, String name, Role role) {
+ if (!name.equals(role.getName().toString())) {
+ throw new BadRequestException();
+ }
+ if (role.getEntitlements() != null && role.getEntitlements().size() > 0) {
+ LOG.warn("Role resource contains sub resource 'entitlements'");
+ throw new WebApplicationException(Status.BAD_REQUEST);
+ }
+ roleDAO.updateRole(name, role);
+
+ LOG.debug("Role '" + role.getName() + "' updated");
+ return Response.noContent().build();
+ }
+
+ @Override
+ public Response deleteRole(String name) {
+ roleDAO.deleteRole(name);
+
+ LOG.debug("Role '" + name + "' deleted");
+ return Response.noContent().build();
+ }
+
+ @Override
+ public Response addEntitlementToRole(UriInfo ui, String name, Entitlement entitlement) {
+ Role role = roleDAO.getRole(name, null);
+
+ Entitlement foundEntitlement = entitlementDAO.getEntitlement(entitlement.getName());
+ roleDAO.addEntitlementToRole(role, foundEntitlement);
+
+ LOG.debug("Entitlement '" + entitlement.getName() + "' added to Role '" + name + "'");
+ return Response.noContent().build();
+ }
+
+ @Override
+ public Response removeEntitlementFromRole(UriInfo ui, String name, String entitlementName) {
+ Role role = roleDAO.getRole(name, null);
+ Entitlement entitlement = entitlementDAO.getEntitlement(entitlementName);
+
+ roleDAO.removeEntitlementFromRole(role, entitlement);
+
+ LOG.debug("Entitlement '" + entitlementName + "' removed from Role '" + name + "'");
+ return Response.noContent().build();
+ }
+
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/Roles.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/Roles.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/Roles.java
new file mode 100644
index 0000000..6ecd2f2
--- /dev/null
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/Roles.java
@@ -0,0 +1,49 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp.rest;
+
+import java.util.Collection;
+
+import javax.xml.bind.annotation.XmlElementRef;
+import javax.xml.bind.annotation.XmlRootElement;
+
+import org.apache.cxf.fediz.service.idp.domain.Role;
+
+@XmlRootElement(name = "roles", namespace = "http://org.apache.cxf.fediz/")
+public class Roles {
+
+ private Collection<Role> roles;
+
+ public Roles() {
+ }
+
+ public Roles(Collection<Role> roles) {
+ this.roles = roles;
+ }
+
+ @XmlElementRef
+ public Collection<Role> getRoles() {
+ return roles;
+ }
+
+ public void setRoles(Collection<Role> roles) {
+ this.roles = roles;
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RootService.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RootService.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RootService.java
new file mode 100644
index 0000000..86d8a3b
--- /dev/null
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RootService.java
@@ -0,0 +1,39 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp.rest;
+
+
+import javax.ws.rs.Consumes;
+import javax.ws.rs.HEAD;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.UriInfo;
+
+
+@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
+@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
+public interface RootService {
+
+ @HEAD
+ Response head(@Context UriInfo uriInfo);
+
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RootServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RootServiceImpl.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RootServiceImpl.java
new file mode 100644
index 0000000..03eb6da
--- /dev/null
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RootServiceImpl.java
@@ -0,0 +1,60 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp.rest;
+
+import java.net.URI;
+
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.UriBuilder;
+import javax.ws.rs.core.UriInfo;
+
+
+public class RootServiceImpl implements RootService {
+
+ public RootServiceImpl() {
+ }
+
+ public Response head(UriInfo uriInfo) {
+ UriBuilder absolute = uriInfo.getBaseUriBuilder();
+ URI claimUrl = absolute.clone().path("claims").build();
+ URI idpUrl = absolute.clone().path("idps").build();
+ URI applicationUrl = absolute.clone().path("applications").build();
+ URI trustedIdpUrl = absolute.clone().path("trusted-idps").build();
+ URI rolesUrl = absolute.clone().path("roles").build();
+ URI entitlementsUrl = absolute.clone().path("entitlements").build();
+ javax.ws.rs.core.Link claims = javax.ws.rs.core.Link.fromUri(claimUrl).rel("claims")
+ .type("application/xml").build();
+ javax.ws.rs.core.Link idps = javax.ws.rs.core.Link.fromUri(idpUrl).rel("idps")
+ .type("application/xml").build();
+ javax.ws.rs.core.Link applications = javax.ws.rs.core.Link.fromUri(applicationUrl).rel("applications")
+ .type("application/xml").build();
+ javax.ws.rs.core.Link trustedIdps = javax.ws.rs.core.Link.fromUri(trustedIdpUrl).rel("trusted-idps")
+ .type("application/xml").build();
+ javax.ws.rs.core.Link roles = javax.ws.rs.core.Link.fromUri(rolesUrl).rel("roles")
+ .type("application/xml").build();
+ javax.ws.rs.core.Link entitlements = javax.ws.rs.core.Link.fromUri(entitlementsUrl).rel("entitlements")
+ .type("application/xml").build();
+
+ Response.ResponseBuilder builder = Response.ok().links(
+ claims, idps, applications, trustedIdps, roles, entitlements);
+ return builder.build();
+ }
+
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdpService.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdpService.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdpService.java
new file mode 100644
index 0000000..b76d91d
--- /dev/null
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdpService.java
@@ -0,0 +1,71 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp.rest;
+
+import javax.ws.rs.Consumes;
+import javax.ws.rs.DELETE;
+import javax.ws.rs.DefaultValue;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.PUT;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.UriInfo;
+
+import org.apache.cxf.fediz.service.idp.domain.TrustedIdp;
+
+import org.springframework.security.access.prepost.PreAuthorize;
+
+@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
+@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
+@Path("trusted-idps")
+public interface TrustedIdpService {
+
+ @GET
+ @PreAuthorize("hasRole('TRUSTEDIDP_LIST')")
+ TrustedIdps getTrustedIDPs(@QueryParam("start") int start,
+ @QueryParam("size") @DefaultValue("2") int size,
+ @Context UriInfo uriInfo);
+
+ @GET
+ @Path("{realm}")
+ @PreAuthorize("hasRole('TRUSTEDIDP_READ')")
+ TrustedIdp getTrustedIDP(@PathParam("realm") String realm);
+
+ @POST
+ @PreAuthorize("hasRole('TRUSTEDIDP_CREATE')")
+ Response addTrustedIDP(@Context UriInfo ui, TrustedIdp trustedIdp);
+
+ @PUT
+ @Path("{realm}")
+ @PreAuthorize("hasRole('TRUSTEDIDP_UPDATE')")
+ Response updateTrustedIDP(@Context UriInfo ui, @PathParam("realm") String realm, TrustedIdp trustedIdp);
+
+ @DELETE
+ @Path("{realm}")
+ @PreAuthorize("hasRole('TRUSTEDIDP_DELETE')")
+ Response deleteTrustedIDP(@PathParam("realm") String realm);
+
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdpServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdpServiceImpl.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdpServiceImpl.java
new file mode 100644
index 0000000..e01c80b
--- /dev/null
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdpServiceImpl.java
@@ -0,0 +1,93 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp.rest;
+
+import java.net.URI;
+import java.util.List;
+
+import javax.ws.rs.BadRequestException;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.UriBuilder;
+import javax.ws.rs.core.UriInfo;
+
+import org.apache.cxf.fediz.service.idp.domain.TrustedIdp;
+import org.apache.cxf.fediz.service.idp.service.TrustedIdpDAO;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+@Component
+public class TrustedIdpServiceImpl implements TrustedIdpService {
+
+ private static final Logger LOG = LoggerFactory
+ .getLogger(TrustedIdpServiceImpl.class);
+
+ @Autowired
+ private TrustedIdpDAO trustedIdpDAO;
+
+
+ @Override
+ public Response updateTrustedIDP(UriInfo ui, String realm, TrustedIdp trustedIdp) {
+ if (!realm.equals(trustedIdp.getRealm().toString())) {
+ throw new BadRequestException();
+ }
+ trustedIdpDAO.updateTrustedIDP(realm, trustedIdp);
+
+ return Response.noContent().build();
+ }
+
+ @Override
+ public TrustedIdps getTrustedIDPs(int start, int size, UriInfo uriInfo) {
+ List<TrustedIdp> trustedIdps = trustedIdpDAO.getTrustedIDPs(start, size);
+
+ TrustedIdps list = new TrustedIdps();
+ list.setTrustedIDPs(trustedIdps);
+ return list;
+ }
+
+ @Override
+ public TrustedIdp getTrustedIDP(String realm) {
+ return this.trustedIdpDAO.getTrustedIDP(realm);
+ }
+
+ @Override
+ public Response addTrustedIDP(UriInfo ui, TrustedIdp trustedIDP) {
+ LOG.info("add Trusted IDP config");
+
+ TrustedIdp createdTrustedIdp = trustedIdpDAO.addTrustedIDP(trustedIDP);
+
+ UriBuilder uriBuilder = UriBuilder.fromUri(ui.getRequestUri());
+ uriBuilder.path("{index}");
+ URI location = uriBuilder.build(createdTrustedIdp.getRealm());
+ return Response.created(location).entity(trustedIDP).build();
+ }
+
+ @Override
+ public Response deleteTrustedIDP(String realm) {
+ trustedIdpDAO.deleteTrustedIDP(realm);
+
+ return Response.noContent().build();
+ }
+
+
+
+
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdps.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdps.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdps.java
new file mode 100644
index 0000000..ea57acd
--- /dev/null
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdps.java
@@ -0,0 +1,49 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp.rest;
+
+import java.util.Collection;
+
+import javax.xml.bind.annotation.XmlElementRef;
+import javax.xml.bind.annotation.XmlRootElement;
+
+import org.apache.cxf.fediz.service.idp.domain.TrustedIdp;
+
+@XmlRootElement(name = "trustedIdps", namespace = "http://org.apache.cxf.fediz/")
+public class TrustedIdps {
+
+ private Collection<TrustedIdp> trustedIDPs;
+
+ public TrustedIdps() {
+ }
+
+ public TrustedIdps(Collection<TrustedIdp> trustedIDPs) {
+ this.trustedIDPs = trustedIDPs;
+ }
+
+ @XmlElementRef
+ public Collection<TrustedIdp> getTrustedIDPs() {
+ return trustedIDPs;
+ }
+
+ public void setTrustedIDPs(Collection<TrustedIdp> trustedIDPs) {
+ this.trustedIDPs = trustedIDPs;
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/SAML2CallbackHandler.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/SAML2CallbackHandler.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/SAML2CallbackHandler.java
new file mode 100644
index 0000000..9981253
--- /dev/null
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/SAML2CallbackHandler.java
@@ -0,0 +1,148 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp.samlsso;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.apache.wss4j.common.saml.SAMLCallback;
+import org.apache.wss4j.common.saml.bean.AttributeBean;
+import org.apache.wss4j.common.saml.bean.AttributeStatementBean;
+import org.apache.wss4j.common.saml.bean.AuthenticationStatementBean;
+import org.apache.wss4j.common.saml.bean.ConditionsBean;
+import org.apache.wss4j.common.saml.bean.SubjectBean;
+import org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean;
+import org.apache.wss4j.common.saml.bean.Version;
+import org.apache.wss4j.common.saml.builder.SAML2Constants;
+import org.opensaml.core.xml.XMLObject;
+import org.opensaml.saml.saml2.core.Attribute;
+import org.opensaml.saml.saml2.core.AttributeStatement;
+import org.opensaml.saml.saml2.core.Subject;
+
+/**
+ * A Callback Handler implementation for a SAML 2 assertion. By default it creates a SAML 2.0 Assertion with
+ * an AuthenticationStatement. If a list of AttributeStatements are also supplied it will insert them into the
+ * Assertion.
+ */
+public class SAML2CallbackHandler implements CallbackHandler {
+
+ private Subject subject;
+ private String confirmationMethod = SAML2Constants.CONF_BEARER;
+ private String issuer;
+ private ConditionsBean conditions;
+ private SubjectConfirmationDataBean subjectConfirmationData;
+ private List<AttributeStatement> attributeStatements;
+
+ private void createAndSetStatement(SAMLCallback callback) {
+ AuthenticationStatementBean authBean = new AuthenticationStatementBean();
+ authBean.setAuthenticationMethod("Password");
+ callback.setAuthenticationStatementData(Collections.singletonList(authBean));
+
+ if (attributeStatements != null && !attributeStatements.isEmpty()) {
+ List<AttributeStatementBean> attrStatementBeans = new ArrayList<>();
+
+ for (AttributeStatement attrStatement : attributeStatements) {
+ AttributeStatementBean attrStatementBean = new AttributeStatementBean();
+ List<AttributeBean> attrBeans = new ArrayList<>();
+
+ for (Attribute attribute : attrStatement.getAttributes()) {
+ AttributeBean attributeBean = new AttributeBean();
+ attributeBean.setQualifiedName(attribute.getName());
+ attributeBean.setNameFormat(attribute.getNameFormat());
+ List<Object> attributeValues = new ArrayList<>();
+ for (XMLObject attrVal : attribute.getAttributeValues()) {
+ attributeValues.add(attrVal.getDOM().getTextContent());
+ }
+ attributeBean.setAttributeValues(attributeValues);
+ attrBeans.add(attributeBean);
+ }
+ attrStatementBean.setSamlAttributes(attrBeans);
+ attrStatementBeans.add(attrStatementBean);
+ }
+ callback.setAttributeStatementData(attrStatementBeans);
+ }
+ }
+
+ public void handle(Callback[] callbacks)
+ throws IOException, UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ if (callbacks[i] instanceof SAMLCallback) {
+ SAMLCallback callback = (SAMLCallback) callbacks[i];
+ callback.setSamlVersion(Version.SAML_20);
+ callback.setIssuer(issuer);
+ if (conditions != null) {
+ callback.setConditions(conditions);
+ }
+
+ SubjectBean subjectBean =
+ new SubjectBean(
+ subject.getNameID().getValue(), subject.getNameID().getNameQualifier(), confirmationMethod
+ );
+ subjectBean.setSubjectNameIDFormat(subject.getNameID().getFormat());
+ subjectBean.setSubjectConfirmationData(subjectConfirmationData);
+
+ callback.setSubject(subjectBean);
+ createAndSetStatement(callback);
+ } else {
+ throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
+ }
+ }
+ }
+
+ public void setSubjectConfirmationData(SubjectConfirmationDataBean subjectConfirmationData) {
+ this.subjectConfirmationData = subjectConfirmationData;
+ }
+
+ public void setConditions(ConditionsBean conditionsBean) {
+ this.conditions = conditionsBean;
+ }
+
+ public void setConfirmationMethod(String confMethod) {
+ confirmationMethod = confMethod;
+ }
+
+ public void setIssuer(String issuer) {
+ this.issuer = issuer;
+ }
+
+ public Subject getSubject() {
+ return subject;
+ }
+
+ public void setSubject(Subject subject) {
+ this.subject = subject;
+ }
+
+ public List<AttributeStatement> getAttributeStatements() {
+ return attributeStatements;
+ }
+
+ public void setAttributeStatements(List<AttributeStatement> attributeStatements) {
+ this.attributeStatements = attributeStatements;
+ }
+
+
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/SAML2PResponseComponentBuilder.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/SAML2PResponseComponentBuilder.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/SAML2PResponseComponentBuilder.java
new file mode 100644
index 0000000..7e64cfa
--- /dev/null
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/SAML2PResponseComponentBuilder.java
@@ -0,0 +1,127 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp.samlsso;
+
+import java.util.UUID;
+
+import org.joda.time.DateTime;
+import org.opensaml.core.xml.XMLObjectBuilderFactory;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.saml.common.SAMLObjectBuilder;
+import org.opensaml.saml.common.SAMLVersion;
+import org.opensaml.saml.saml2.core.Issuer;
+import org.opensaml.saml.saml2.core.Response;
+import org.opensaml.saml.saml2.core.Status;
+import org.opensaml.saml.saml2.core.StatusCode;
+import org.opensaml.saml.saml2.core.StatusMessage;
+
+/**
+* A (basic) set of utility methods to construct SAML 2.0 Protocol Response statements
+*/
+public final class SAML2PResponseComponentBuilder {
+
+ private static SAMLObjectBuilder<Response> responseBuilder;
+
+ private static SAMLObjectBuilder<Issuer> issuerBuilder;
+
+ private static SAMLObjectBuilder<Status> statusBuilder;
+
+ private static SAMLObjectBuilder<StatusCode> statusCodeBuilder;
+
+ private static SAMLObjectBuilder<StatusMessage> statusMessageBuilder;
+
+ private static XMLObjectBuilderFactory builderFactory =
+ XMLObjectProviderRegistrySupport.getBuilderFactory();
+
+ private SAML2PResponseComponentBuilder() {
+
+ }
+
+ @SuppressWarnings("unchecked")
+ public static Response createSAMLResponse(
+ String inResponseTo,
+ String issuer,
+ Status status
+ ) {
+ if (responseBuilder == null) {
+ responseBuilder = (SAMLObjectBuilder<Response>)
+ builderFactory.getBuilder(Response.DEFAULT_ELEMENT_NAME);
+ }
+ Response response = responseBuilder.buildObject();
+
+ response.setID(UUID.randomUUID().toString());
+ response.setIssueInstant(new DateTime());
+ response.setInResponseTo(inResponseTo);
+ response.setIssuer(createIssuer(issuer));
+ response.setStatus(status);
+ response.setVersion(SAMLVersion.VERSION_20);
+
+ return response;
+ }
+
+ @SuppressWarnings("unchecked")
+ public static Issuer createIssuer(
+ String issuerValue
+ ) {
+ if (issuerBuilder == null) {
+ issuerBuilder = (SAMLObjectBuilder<Issuer>)
+ builderFactory.getBuilder(Issuer.DEFAULT_ELEMENT_NAME);
+ }
+ Issuer issuer = issuerBuilder.buildObject();
+ issuer.setValue(issuerValue);
+
+ return issuer;
+ }
+
+ @SuppressWarnings("unchecked")
+ public static Status createStatus(
+ String statusCodeValue,
+ String statusMessage
+ ) {
+ if (statusBuilder == null) {
+ statusBuilder = (SAMLObjectBuilder<Status>)
+ builderFactory.getBuilder(Status.DEFAULT_ELEMENT_NAME);
+ }
+ if (statusCodeBuilder == null) {
+ statusCodeBuilder = (SAMLObjectBuilder<StatusCode>)
+ builderFactory.getBuilder(StatusCode.DEFAULT_ELEMENT_NAME);
+ }
+ if (statusMessageBuilder == null) {
+ statusMessageBuilder = (SAMLObjectBuilder<StatusMessage>)
+ builderFactory.getBuilder(StatusMessage.DEFAULT_ELEMENT_NAME);
+ }
+
+ Status status = statusBuilder.buildObject();
+
+ StatusCode statusCode = statusCodeBuilder.buildObject();
+ statusCode.setValue(statusCodeValue);
+ status.setStatusCode(statusCode);
+
+ if (statusMessage != null) {
+ StatusMessage statusMessageObject = statusMessageBuilder.buildObject();
+ statusMessageObject.setMessage(statusMessage);
+ status.setStatusMessage(statusMessageObject);
+ }
+
+ return status;
+ }
+
+
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/SAMLAuthnRequest.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/SAMLAuthnRequest.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/SAMLAuthnRequest.java
new file mode 100644
index 0000000..c7ded4b
--- /dev/null
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/SAMLAuthnRequest.java
@@ -0,0 +1,74 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp.samlsso;
+
+import java.io.Serializable;
+
+import org.opensaml.saml.saml2.core.AuthnRequest;
+
+/**
+ * This class encapsulates a (parsed) SAML AuthnRequest Object. The OpenSAML AuthnRequest Object is not
+ * serializable.
+ */
+public class SAMLAuthnRequest implements Serializable {
+ /**
+ *
+ */
+ private static final long serialVersionUID = 4353024755428346545L;
+
+ private String issuer;
+ private String consumerServiceURL;
+ private String requestId;
+ private boolean forceAuthn;
+ private String subjectNameId;
+
+ public SAMLAuthnRequest(AuthnRequest authnRequest) {
+ if (authnRequest.getIssuer() != null) {
+ issuer = authnRequest.getIssuer().getValue();
+ }
+
+ consumerServiceURL = authnRequest.getAssertionConsumerServiceURL();
+ requestId = authnRequest.getID();
+ forceAuthn = authnRequest.isForceAuthn().booleanValue();
+ if (authnRequest.getSubject() != null && authnRequest.getSubject().getNameID() != null) {
+ subjectNameId = authnRequest.getSubject().getNameID().getValue();
+ }
+ }
+
+ public String getIssuer() {
+ return issuer;
+ }
+
+ public String getConsumerServiceURL() {
+ return consumerServiceURL;
+ }
+
+ public String getRequestId() {
+ return requestId;
+ }
+
+ public boolean isForceAuthn() {
+ return forceAuthn;
+ }
+
+ public String getSubjectNameId() {
+ return subjectNameId;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/ApplicationDAO.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/ApplicationDAO.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/ApplicationDAO.java
new file mode 100644
index 0000000..a519908
--- /dev/null
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/ApplicationDAO.java
@@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp.service;
+
+import java.util.List;
+
+import org.apache.cxf.fediz.service.idp.domain.Application;
+import org.apache.cxf.fediz.service.idp.domain.RequestClaim;
+
+public interface ApplicationDAO {
+
+ List<Application> getApplications(int start, int size, List<String> expand);
+
+ Application getApplication(String realm, List<String> expand);
+
+ Application addApplication(Application application);
+
+ void updateApplication(String realm, Application application);
+
+ void deleteApplication(String realm);
+
+ void addClaimToApplication(Application application, RequestClaim claim);
+
+ void removeClaimFromApplication(Application application, RequestClaim claim);
+
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/ClaimDAO.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/ClaimDAO.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/ClaimDAO.java
new file mode 100644
index 0000000..417a50a
--- /dev/null
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/ClaimDAO.java
@@ -0,0 +1,38 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp.service;
+
+import java.util.List;
+
+import org.apache.cxf.fediz.service.idp.domain.Claim;
+
+public interface ClaimDAO {
+
+ List<Claim> getClaims(int start, int size);
+
+ Claim getClaim(String claimType);
+
+ Claim addClaim(Claim claim);
+
+ void updateClaim(String claimType, Claim claim);
+
+ void deleteClaim(String claimType);
+
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigService.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigService.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigService.java
new file mode 100644
index 0000000..e306ff4
--- /dev/null
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigService.java
@@ -0,0 +1,32 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.service;
+
+import org.apache.cxf.fediz.service.idp.domain.Idp;
+
+
+public interface ConfigService {
+
+ Idp getIDP(String realm);
+
+ void setIDP(Idp config);
+
+ void removeIDP(String realm);
+
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigServiceSpring.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigServiceSpring.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigServiceSpring.java
new file mode 100644
index 0000000..8545af3
--- /dev/null
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigServiceSpring.java
@@ -0,0 +1,76 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.service;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.cxf.fediz.service.idp.domain.Application;
+import org.apache.cxf.fediz.service.idp.domain.Idp;
+import org.apache.cxf.fediz.service.idp.model.IDPConfig;
+import org.apache.cxf.fediz.service.idp.model.ServiceConfig;
+
+public class ConfigServiceSpring implements ConfigService {
+
+ private Map<String, Application> serviceConfigs = new HashMap<>();
+ private Map<String, Idp> idpConfigs = new HashMap<>();
+
+
+ @Override
+ public Idp getIDP(String realm) {
+ if (realm == null || realm.length() == 0) {
+ return this.getIdpConfigs().get(0);
+ } else {
+ return idpConfigs.get(realm);
+ }
+ }
+
+ @Override
+ public void setIDP(Idp config) {
+ idpConfigs.put(config.getRealm(), config);
+ }
+
+ @Override
+ public void removeIDP(String realm) {
+ idpConfigs.remove(realm);
+ }
+
+ public List<Application> getServiceConfigs() {
+ return new ArrayList<Application>(serviceConfigs.values());
+ }
+
+ public void setServiceConfigs(List<ServiceConfig> serviceList) {
+ for (ServiceConfig s : serviceList) {
+ serviceConfigs.put(s.getRealm(), s);
+ }
+ }
+
+ public List<Idp> getIdpConfigs() {
+ return new ArrayList<Idp>(idpConfigs.values());
+ }
+
+ public void setIdpConfigs(List<IDPConfig> idpList) {
+ for (IDPConfig i : idpList) {
+ idpConfigs.put(i.getRealm(), i);
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/EntitlementDAO.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/EntitlementDAO.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/EntitlementDAO.java
new file mode 100644
index 0000000..d93cdc0
--- /dev/null
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/EntitlementDAO.java
@@ -0,0 +1,38 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp.service;
+
+import java.util.List;
+
+import org.apache.cxf.fediz.service.idp.domain.Entitlement;
+
+public interface EntitlementDAO {
+
+ List<Entitlement> getEntitlements(int start, int size);
+
+ Entitlement getEntitlement(String name);
+
+ Entitlement addEntitlement(Entitlement entitlement);
+
+ void updateEntitlement(String name, Entitlement entitlement);
+
+ void deleteEntitlement(String name);
+
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/IdpDAO.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/IdpDAO.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/IdpDAO.java
new file mode 100644
index 0000000..41c5cdf
--- /dev/null
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/IdpDAO.java
@@ -0,0 +1,53 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp.service;
+
+import java.util.List;
+
+import org.apache.cxf.fediz.service.idp.domain.Application;
+import org.apache.cxf.fediz.service.idp.domain.Claim;
+import org.apache.cxf.fediz.service.idp.domain.Idp;
+import org.apache.cxf.fediz.service.idp.domain.TrustedIdp;
+
+public interface IdpDAO {
+
+ List<Idp> getIdps(int start, int size, List<String> expand);
+
+ Idp getIdp(String realm, List<String> expand);
+
+ Idp addIdp(Idp idp);
+
+ void updateIdp(String realm, Idp idp);
+
+ void deleteIdp(String realm);
+
+ void addApplicationToIdp(Idp idp, Application application);
+
+ void removeApplicationFromIdp(Idp idp, Application application);
+
+ void addTrustedIdpToIdp(Idp idp, TrustedIdp trustedIdp);
+
+ void removeTrustedIdpFromIdp(Idp idp, TrustedIdp trustedIdp);
+
+ void addClaimToIdp(Idp idp, Claim claim);
+
+ void removeClaimFromIdp(Idp idp, Claim claim);
+
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/RoleDAO.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/RoleDAO.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/RoleDAO.java
new file mode 100644
index 0000000..2d8e7f5
--- /dev/null
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/RoleDAO.java
@@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp.service;
+
+import java.util.List;
+
+import org.apache.cxf.fediz.service.idp.domain.Entitlement;
+import org.apache.cxf.fediz.service.idp.domain.Role;
+
+public interface RoleDAO {
+
+ List<Role> getRoles(int start, int size, List<String> expand);
+
+ Role getRole(String name, List<String> expand);
+
+ Role addRole(Role role);
+
+ void updateRole(String realm, Role role);
+
+ void deleteRole(String name);
+
+ void addEntitlementToRole(Role role, Entitlement entitlement);
+
+ void removeEntitlementFromRole(Role role, Entitlement entitlement);
+
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/TrustedIdpDAO.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/TrustedIdpDAO.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/TrustedIdpDAO.java
new file mode 100644
index 0000000..54fb634
--- /dev/null
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/TrustedIdpDAO.java
@@ -0,0 +1,38 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp.service;
+
+import java.util.List;
+
+import org.apache.cxf.fediz.service.idp.domain.TrustedIdp;
+
+public interface TrustedIdpDAO {
+
+ List<TrustedIdp> getTrustedIDPs(int start, int size);
+
+ TrustedIdp getTrustedIDP(String realm);
+
+ TrustedIdp addTrustedIDP(TrustedIdp trustedIdp);
+
+ void updateTrustedIDP(String realm, TrustedIdp trustedIdp);
+
+ void deleteTrustedIDP(String realm);
+
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationClaimEntity.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationClaimEntity.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationClaimEntity.java
new file mode 100644
index 0000000..e2ca923
--- /dev/null
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationClaimEntity.java
@@ -0,0 +1,83 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.service.jpa;
+
+import javax.persistence.Entity;
+import javax.persistence.Id;
+import javax.persistence.JoinColumn;
+import javax.persistence.ManyToOne;
+
+@Entity(name = "Application_Claim")
+//@IdClass(ApplicationClaimId.class)
+public class ApplicationClaimEntity {
+
+ @Id
+ private int id;
+
+ @ManyToOne
+ @JoinColumn(name = "applicationid")
+ private ApplicationEntity application;
+
+ @ManyToOne
+ @JoinColumn(name = "claimid")
+ private ClaimEntity claim;
+
+ private boolean optional;
+
+ public ApplicationClaimEntity() {
+ }
+
+ public ApplicationClaimEntity(ApplicationEntity application, ClaimEntity claim) {
+ super();
+ this.application = application;
+ this.claim = claim;
+ }
+
+ public int getId() {
+ return id;
+ }
+
+ public void setId(int id) {
+ this.id = id;
+ }
+
+ public boolean isOptional() {
+ return optional;
+ }
+
+ public void setOptional(boolean optional) {
+ this.optional = optional;
+ }
+
+ public ApplicationEntity getApplication() {
+ return application;
+ }
+
+ public void setApplication(ApplicationEntity application) {
+ this.application = application;
+ }
+
+ public ClaimEntity getClaim() {
+ return claim;
+ }
+
+ public void setClaim(ClaimEntity claim) {
+ this.claim = claim;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationDAOJPAImpl.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationDAOJPAImpl.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationDAOJPAImpl.java
new file mode 100644
index 0000000..307e381
--- /dev/null
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationDAOJPAImpl.java
@@ -0,0 +1,254 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.service.jpa;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+import javax.persistence.EntityManager;
+import javax.persistence.EntityNotFoundException;
+import javax.persistence.PersistenceContext;
+import javax.persistence.Query;
+
+import org.apache.cxf.fediz.service.idp.domain.Application;
+import org.apache.cxf.fediz.service.idp.domain.Claim;
+import org.apache.cxf.fediz.service.idp.domain.RequestClaim;
+import org.apache.cxf.fediz.service.idp.service.ApplicationDAO;
+import org.apache.cxf.fediz.service.idp.service.ClaimDAO;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Repository;
+import org.springframework.transaction.annotation.Transactional;
+
+@Repository
+@Transactional
+public class ApplicationDAOJPAImpl implements ApplicationDAO {
+
+ private static final Logger LOG = LoggerFactory.getLogger(ApplicationDAOJPAImpl.class);
+
+ private EntityManager em;
+
+ @Autowired
+ private ClaimDAO claimDAO;
+
+
+ @PersistenceContext
+ public void setEntityManager(EntityManager entityManager) {
+ this.em = entityManager;
+ }
+
+ @Override
+ public List<Application> getApplications(int start, int size, List<String> expandList) {
+ List<Application> list = new ArrayList<>();
+
+ Query query = null;
+ query = em.createQuery("select a from Application a");
+
+ //@SuppressWarnings("rawtypes")
+ List<?> serviceEntities = query
+ .setFirstResult(start)
+ .setMaxResults(size)
+ .getResultList();
+
+ for (Object obj : serviceEntities) {
+ ApplicationEntity entity = (ApplicationEntity) obj;
+ list.add(entity2domain(entity, expandList));
+ }
+ return list;
+ }
+
+ @Override
+ public Application getApplication(String realm, List<String> expandList) {
+ return entity2domain(getApplicationEntity(realm, em), expandList);
+ }
+
+ @Override
+ public Application addApplication(Application application) {
+ ApplicationEntity entity = new ApplicationEntity();
+
+ domain2entity(application, entity);
+ em.persist(entity);
+
+ LOG.debug("Application '{}' added", application.getRealm());
+ return entity2domain(entity, Arrays.asList("all"));
+ }
+
+ @Override
+ public void updateApplication(String realm, Application application) {
+ Query query = null;
+ query = em.createQuery("select a from Application a where a.realm=:realm");
+ query.setParameter("realm", realm);
+
+ //@SuppressWarnings("rawtypes")
+ ApplicationEntity applicationEntity = (ApplicationEntity)query.getSingleResult();
+
+ domain2entity(application, applicationEntity);
+
+ em.persist(applicationEntity);
+
+ LOG.debug("Application '{}' updated", realm);
+ }
+
+
+ @Override
+ public void deleteApplication(String realm) {
+ Query query = null;
+ query = em.createQuery("select a from Application a where a.realm=:realm");
+ query.setParameter("realm", realm);
+
+ //@SuppressWarnings("rawtypes")
+ Object applObj = query.getSingleResult();
+ em.remove(applObj);
+
+ LOG.debug("Application '{}' deleted", realm);
+
+ }
+
+ @Override
+ public void addClaimToApplication(Application application, RequestClaim claim) {
+ ApplicationEntity applicationEntity = null;
+ if (application.getId() != 0) {
+ applicationEntity = em.find(ApplicationEntity.class, application.getId());
+ } else {
+ Query query = null;
+ query = em.createQuery("select a from Application a where a.realm=:realm");
+ query.setParameter("realm", application.getRealm());
+
+ applicationEntity = (ApplicationEntity)query.getSingleResult();
+ }
+
+ Claim c = claimDAO.getClaim(claim.getClaimType().toString());
+ ClaimEntity claimEntity = em.find(ClaimEntity.class, c.getId());
+
+ ApplicationClaimEntity appClaimEntity = new ApplicationClaimEntity();
+ appClaimEntity.setClaim(claimEntity);
+ appClaimEntity.setApplication(applicationEntity);
+ appClaimEntity.setOptional(claim.isOptional());
+
+ applicationEntity.getRequestedClaims().add(appClaimEntity);
+ }
+
+ @Override
+ public void removeClaimFromApplication(Application application, RequestClaim claim) {
+ ApplicationEntity applicationEntity = null;
+ if (application.getId() != 0) {
+ applicationEntity = em.find(ApplicationEntity.class, application.getId());
+ } else {
+ Query query = null;
+ query = em.createQuery("select a from Application a where a.realm=:realm");
+ query.setParameter("realm", application.getRealm());
+
+ applicationEntity = (ApplicationEntity)query.getSingleResult();
+ }
+
+ ApplicationClaimEntity foundEntity = null;
+ for (ApplicationClaimEntity acm : applicationEntity.getRequestedClaims()) {
+ if (claim.getClaimType().toString().equals(acm.getClaim().getClaimType())) {
+ foundEntity = acm;
+ break;
+ }
+ }
+ if (foundEntity == null) {
+ throw new EntityNotFoundException("ApplicationClaimEntity not found");
+ }
+
+ applicationEntity.getRequestedClaims().remove(foundEntity);
+ }
+
+
+ static ApplicationEntity getApplicationEntity(String realm, EntityManager em) {
+ Query query = null;
+ query = em.createQuery("select a from Application a where a.realm=:realm");
+ query.setParameter("realm", realm);
+
+ //@SuppressWarnings("rawtypes")
+ return (ApplicationEntity)query.getSingleResult();
+ }
+
+ public static void domain2entity(Application application, ApplicationEntity entity) {
+ //The ID must not be updated if the entity has got an id already (update case)
+ if (application.getId() > 0) {
+ entity.setId(application.getId());
+ }
+
+ entity.setEncryptionCertificate(application.getEncryptionCertificate());
+ entity.setValidatingCertificate(application.getValidatingCertificate());
+ entity.setLifeTime(application.getLifeTime());
+ entity.setProtocol(application.getProtocol());
+ entity.setRealm(application.getRealm());
+ entity.setRole(application.getRole());
+ entity.setServiceDescription(application.getServiceDescription());
+ entity.setServiceDisplayName(application.getServiceDisplayName());
+ entity.setTokenType(application.getTokenType());
+ entity.setPolicyNamespace(application.getPolicyNamespace());
+ entity.setPassiveRequestorEndpoint(application.getPassiveRequestorEndpoint());
+ entity.setPassiveRequestorEndpointConstraint(application.getPassiveRequestorEndpointConstraint());
+ entity.setEnableAppliesTo(application.isEnableAppliesTo());
+ }
+
+ public static Application entity2domain(ApplicationEntity entity, List<String> expandList) {
+ Application application = new Application();
+ application.setId(entity.getId());
+ application.setEncryptionCertificate(entity.getEncryptionCertificate());
+ application.setValidatingCertificate(entity.getValidatingCertificate());
+ application.setLifeTime(entity.getLifeTime());
+ application.setProtocol(entity.getProtocol());
+ application.setRealm(entity.getRealm());
+ application.setRole(entity.getRole());
+ application.setServiceDescription(entity.getServiceDescription());
+ application.setServiceDisplayName(entity.getServiceDisplayName());
+ application.setTokenType(entity.getTokenType());
+ application.setPolicyNamespace(entity.getPolicyNamespace());
+ application.setPassiveRequestorEndpoint(entity.getPassiveRequestorEndpoint());
+ application.setPassiveRequestorEndpointConstraint(entity.getPassiveRequestorEndpointConstraint());
+ application.setEnableAppliesTo(entity.isEnableAppliesTo());
+
+ if (expandList != null && (expandList.contains("all") || expandList.contains("claims"))) {
+ for (ApplicationClaimEntity item : entity.getRequestedClaims()) {
+ RequestClaim claim = entity2domain(item);
+ application.getRequestedClaims().add(claim);
+ }
+ }
+ return application;
+ }
+
+ public static RequestClaim entity2domain(ApplicationClaimEntity entity) {
+ Claim claim = ClaimDAOJPAImpl.entity2domain(entity.getClaim());
+ RequestClaim reqClaim = new RequestClaim(claim);
+ reqClaim.setId(entity.getId());
+ reqClaim.setOptional(entity.isOptional());
+
+ return reqClaim;
+ }
+
+ public static void domain2entity(ApplicationEntity application,
+ RequestClaim reqClaim, ApplicationClaimEntity entity) {
+ //The ID must not be updated if the entity has got an id already (update case)
+ ClaimEntity claim = new ClaimEntity();
+ ClaimDAOJPAImpl.domain2entity(reqClaim, claim);
+
+ entity.setApplication(application);
+ entity.setClaim(claim);
+ entity.setOptional(reqClaim.isOptional());
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationEntity.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationEntity.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationEntity.java
new file mode 100644
index 0000000..1397da2
--- /dev/null
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationEntity.java
@@ -0,0 +1,214 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.service.jpa;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.persistence.CascadeType;
+import javax.persistence.Entity;
+import javax.persistence.Id;
+import javax.persistence.OneToMany;
+import javax.validation.constraints.Min;
+import javax.validation.constraints.NotNull;
+
+import org.apache.openjpa.persistence.jdbc.Index;
+
+
+@Entity(name = "Application")
+public class ApplicationEntity {
+
+ @Id
+ private int id;
+
+ @Index
+ @NotNull
+ private String realm; //wtrealm, whr
+
+ //Could be read from Metadata, RoleDescriptor protocolSupportEnumeration=
+ // "http://docs.oa14sis-open.org/wsfed/federation/200706"
+ // Metadata could provide more than one but one must be chosen
+ @NotNull
+ @ApplicationProtocolSupported
+ private String protocol;
+
+ // Public key only
+ // Could be read from Metadata, md:KeyDescriptor, use="encryption"
+ private String encryptionCertificate;
+
+ // Certificate for Signature verification
+ private String validatingCertificate;
+
+ // Could be read from Metadata, fed:ClaimTypesRequested
+ @OneToMany(mappedBy = "application", cascade = CascadeType.ALL, orphanRemoval = true)
+ private List<ApplicationClaimEntity> requestedClaims = new ArrayList<>();
+
+ //Could be read from Metadata, ServiceDisplayName
+ //usage for list of application where user is logged in
+ @NotNull
+ private String serviceDisplayName;
+
+ //Could be read from Metadata, ServiceDescription
+ //usage for list of application where user is logged in
+ private String serviceDescription;
+
+ //Could be read from Metadata, RoleDescriptor
+ //fed:ApplicationServiceType, fed:SecurityTokenServiceType
+ private String role;
+
+ // Not in Metadata, configured in IDP or passed in wreq parameter
+ @NotNull
+ private String tokenType;
+
+ // Not in Metadata, configured in IDP or passed in wreq parameter
+ @Min(value = 1)
+ private int lifeTime;
+
+ // Request audience restriction in token for this application (default is true)
+ private boolean enableAppliesTo = true;
+
+ // WS-Policy Namespace in SignIn Response
+ private String policyNamespace;
+
+ private String passiveRequestorEndpoint;
+
+ // A regular expression constraint on the passiveRequestorEndpoint
+ private String passiveRequestorEndpointConstraint;
+
+
+ public int getId() {
+ return id;
+ }
+
+ public void setId(int id) {
+ this.id = id;
+ }
+
+ public String getRealm() {
+ return realm;
+ }
+
+ public void setRealm(String realm) {
+ this.realm = realm;
+ }
+
+ public String getProtocol() {
+ return protocol;
+ }
+
+ public void setProtocol(String protocol) {
+ this.protocol = protocol;
+ }
+
+ public String getEncryptionCertificate() {
+ return encryptionCertificate;
+ }
+
+ public void setEncryptionCertificate(String encryptionCertificate) {
+ this.encryptionCertificate = encryptionCertificate;
+ }
+
+ public List<ApplicationClaimEntity> getRequestedClaims() {
+ return requestedClaims;
+ }
+
+ public void setRequestedClaims(List<ApplicationClaimEntity> requestedClaims) {
+ this.requestedClaims = requestedClaims;
+ }
+
+ public String getServiceDisplayName() {
+ return serviceDisplayName;
+ }
+
+ public void setServiceDisplayName(String serviceDisplayName) {
+ this.serviceDisplayName = serviceDisplayName;
+ }
+
+ public String getServiceDescription() {
+ return serviceDescription;
+ }
+
+ public void setServiceDescription(String serviceDescription) {
+ this.serviceDescription = serviceDescription;
+ }
+
+ public String getRole() {
+ return role;
+ }
+
+ public void setRole(String role) {
+ this.role = role;
+ }
+
+ public String getTokenType() {
+ return tokenType;
+ }
+
+ public void setTokenType(String tokenType) {
+ this.tokenType = tokenType;
+ }
+
+ public int getLifeTime() {
+ return lifeTime;
+ }
+
+ public void setLifeTime(int lifeTime) {
+ this.lifeTime = lifeTime;
+ }
+
+ public String getPolicyNamespace() {
+ return policyNamespace;
+ }
+
+ public void setPolicyNamespace(String policyNamespace) {
+ this.policyNamespace = policyNamespace;
+ }
+
+ public String getPassiveRequestorEndpoint() {
+ return passiveRequestorEndpoint;
+ }
+
+ public void setPassiveRequestorEndpoint(String passiveRequestorEndpoint) {
+ this.passiveRequestorEndpoint = passiveRequestorEndpoint;
+ }
+
+ public String getPassiveRequestorEndpointConstraint() {
+ return passiveRequestorEndpointConstraint;
+ }
+
+ public void setPassiveRequestorEndpointConstraint(String passiveRequestorEndpointConstraint) {
+ this.passiveRequestorEndpointConstraint = passiveRequestorEndpointConstraint;
+ }
+
+ public String getValidatingCertificate() {
+ return validatingCertificate;
+ }
+
+ public void setValidatingCertificate(String validatingCertificate) {
+ this.validatingCertificate = validatingCertificate;
+ }
+
+ public boolean isEnableAppliesTo() {
+ return enableAppliesTo;
+ }
+
+ public void setEnableAppliesTo(boolean enableAppliesTo) {
+ this.enableAppliesTo = enableAppliesTo;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationIdpProtocolSupportValidator.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationIdpProtocolSupportValidator.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationIdpProtocolSupportValidator.java
new file mode 100644
index 0000000..5a999e9
--- /dev/null
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationIdpProtocolSupportValidator.java
@@ -0,0 +1,54 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.service.jpa;
+
+import java.util.List;
+
+import javax.validation.ConstraintValidator;
+import javax.validation.ConstraintValidatorContext;
+
+import org.apache.cxf.fediz.service.idp.protocols.ProtocolController;
+import org.apache.cxf.fediz.service.idp.spi.ApplicationProtocolHandler;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.stereotype.Component;
+
+/**
+ * Validate that the protocol is a valid Application protocol
+ */
+@Component
+public class ApplicationIdpProtocolSupportValidator
+ implements ConstraintValidator<ApplicationProtocolSupported, String> {
+
+ @Autowired
+ @Qualifier("applicationProtocolControllerImpl")
+ private ProtocolController<ApplicationProtocolHandler> applicationProtocolHandlers;
+
+ @Override
+ public boolean isValid(String object, ConstraintValidatorContext constraintContext) {
+
+ List<String> protocols = applicationProtocolHandlers.getProtocols();
+ return protocols.contains(object);
+ }
+
+ @Override
+ public void initialize(ApplicationProtocolSupported constraintAnnotation) {
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationProtocolSupported.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationProtocolSupported.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationProtocolSupported.java
new file mode 100644
index 0000000..6dc69a5
--- /dev/null
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationProtocolSupported.java
@@ -0,0 +1,47 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp.service.jpa;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+import static java.lang.annotation.ElementType.ANNOTATION_TYPE;
+import static java.lang.annotation.ElementType.FIELD;
+import static java.lang.annotation.ElementType.METHOD;
+
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+import javax.validation.Constraint;
+import javax.validation.Payload;
+
+@Target({ METHOD, FIELD, ANNOTATION_TYPE })
+@Retention(RUNTIME)
+@Constraint(validatedBy = ApplicationIdpProtocolSupportValidator.class)
+@Documented
+public @interface ApplicationProtocolSupported {
+
+ String message() default "{Protocol not supported}";
+
+ Class<?>[] groups() default { };
+
+ Class<? extends Payload>[] payload() default { };
+
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ClaimDAOJPAImpl.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ClaimDAOJPAImpl.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ClaimDAOJPAImpl.java
new file mode 100644
index 0000000..dea2b8d
--- /dev/null
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ClaimDAOJPAImpl.java
@@ -0,0 +1,143 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.service.jpa;
+
+import java.net.URI;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.persistence.EntityManager;
+import javax.persistence.PersistenceContext;
+import javax.persistence.Query;
+
+import org.apache.cxf.fediz.service.idp.domain.Claim;
+import org.apache.cxf.fediz.service.idp.service.ClaimDAO;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Repository;
+import org.springframework.transaction.annotation.Transactional;
+
+
+@Repository
+@Transactional
+public class ClaimDAOJPAImpl implements ClaimDAO {
+
+ private static final Logger LOG = LoggerFactory.getLogger(ClaimDAOJPAImpl.class);
+
+ private EntityManager em;
+
+ @PersistenceContext
+ public void setEntityManager(EntityManager entityManager) {
+ this.em = entityManager;
+ }
+
+ @Override
+ public List<Claim> getClaims(int start, int size) {
+ List<Claim> list = new ArrayList<>();
+
+ Query query = null;
+ query = em.createQuery("select c from Claim c");
+
+ //@SuppressWarnings("rawtypes")
+ List<?> claimEntities = query
+ .setFirstResult(start)
+ .setMaxResults(size)
+ .getResultList();
+
+ for (Object obj : claimEntities) {
+ ClaimEntity entity = (ClaimEntity) obj;
+ list.add(entity2domain(entity));
+ }
+
+ return list;
+ }
+
+ @Override
+ public Claim addClaim(Claim claim) {
+ ClaimEntity entity = new ClaimEntity();
+ domain2entity(claim, entity);
+ em.persist(entity);
+
+ LOG.debug("Claim '{}' added", claim.getClaimType());
+ return entity2domain(entity);
+ }
+
+ @Override
+ public Claim getClaim(String claimType) {
+ return entity2domain(getClaimEntity(claimType, em));
+ }
+
+ @Override
+ public void updateClaim(String claimType, Claim claim) {
+ Query query = null;
+ query = em.createQuery("select c from Claim c where c.claimtype=:claimtype");
+ query.setParameter("claimtype", claimType);
+
+ //@SuppressWarnings("rawtypes")
+ ClaimEntity claimEntity = (ClaimEntity)query.getSingleResult();
+
+ domain2entity(claim, claimEntity);
+
+ LOG.debug("Claim '{}' added", claim.getClaimType());
+ em.persist(claimEntity);
+ }
+
+ @Override
+ public void deleteClaim(String claimType) {
+ Query query = null;
+ query = em.createQuery("select c from Claim c where c.claimType=:claimtype");
+ query.setParameter("claimtype", claimType);
+
+ //@SuppressWarnings("rawtypes")
+ Object claimObj = query.getSingleResult();
+ em.remove(claimObj);
+
+ LOG.debug("Claim '{}' deleted", claimType);
+ }
+
+ static ClaimEntity getClaimEntity(String claimType, EntityManager em) {
+ Query query = null;
+ query = em.createQuery("select c from Claim c where c.claimType=:claimtype");
+ query.setParameter("claimtype", claimType);
+
+ //@SuppressWarnings("rawtypes")
+ return (ClaimEntity)query.getSingleResult();
+ }
+
+ public static void domain2entity(Claim claim, ClaimEntity entity) {
+ //The ID must not be updated if the entity has got an id already (update case)
+ if (claim.getId() > 0) {
+ entity.setId(claim.getId());
+ }
+ entity.setClaimType(claim.getClaimType().toString());
+ entity.setDisplayName(claim.getDisplayName());
+ entity.setDescription(claim.getDescription());
+ }
+
+ public static Claim entity2domain(ClaimEntity entity) {
+ Claim claim = new Claim();
+ claim.setId(entity.getId());
+ claim.setClaimType(URI.create(entity.getClaimType()));
+ claim.setDisplayName(entity.getDisplayName());
+ claim.setDescription(entity.getDescription());
+ return claim;
+ }
+
+}