You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by ow...@apache.org on 2013/05/13 23:01:52 UTC
svn commit: r1482105 [1/2] - in /cxf/fediz/trunk/services/sts: ./
src/main/java/org/apache/cxf/fediz/service/sts/
src/main/java/org/apache/cxf/fediz/service/sts/realms/ src/realms/
src/realms/resources/ src/realms/webapp/ src/realms/webapp/WEB-INF/ src...
Author: owulff
Date: Mon May 13 21:01:51 2013
New Revision: 1482105
URL: http://svn.apache.org/r1482105
Log:
[FEDIZ-3] Support for two realms added in STS
Added:
cxf/fediz/trunk/services/sts/README.txt
cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/
cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/IdentityMapperImpl.java
cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/RealmFileClaimsHandler.java
cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/SamlRealmCodec.java
cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/UriRealmParser.java
cxf/fediz/trunk/services/sts/src/realms/
cxf/fediz/trunk/services/sts/src/realms/resources/
cxf/fediz/trunk/services/sts/src/realms/resources/log4j.properties
cxf/fediz/trunk/services/sts/src/realms/resources/org.apache.cxf.Logger
cxf/fediz/trunk/services/sts/src/realms/resources/realma.cert
cxf/fediz/trunk/services/sts/src/realms/resources/realmb.cert
cxf/fediz/trunk/services/sts/src/realms/resources/stsKeystoreA.properties
cxf/fediz/trunk/services/sts/src/realms/resources/stsKeystoreB.properties
cxf/fediz/trunk/services/sts/src/realms/resources/stsTruststore.properties
cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_a.jks
cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_b.jks
cxf/fediz/trunk/services/sts/src/realms/resources/ststrust.jks
cxf/fediz/trunk/services/sts/src/realms/webapp/
cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/
cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/cxf-transport.xml
cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/passwords.xml
cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/userClaims.xml
cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/wsdl/
cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl
cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/wsdl/ws-trust-1.4.wsdl
cxf/fediz/trunk/services/sts/src/test/
cxf/fediz/trunk/services/sts/src/test/java/
cxf/fediz/trunk/services/sts/src/test/java/org/
cxf/fediz/trunk/services/sts/src/test/java/org/apache/
cxf/fediz/trunk/services/sts/src/test/java/org/apache/cxf/
cxf/fediz/trunk/services/sts/src/test/java/org/apache/cxf/fediz/
cxf/fediz/trunk/services/sts/src/test/java/org/apache/cxf/fediz/sts/
cxf/fediz/trunk/services/sts/src/test/java/org/apache/cxf/fediz/sts/AbstractSTSTest.java
cxf/fediz/trunk/services/sts/src/test/java/org/apache/cxf/fediz/sts/Utils.java
cxf/fediz/trunk/services/sts/src/test/java/org/apache/cxf/fediz/sts/realms/
cxf/fediz/trunk/services/sts/src/test/java/org/apache/cxf/fediz/sts/realms/ITCrossRealmTest.java
cxf/fediz/trunk/services/sts/src/test/resources/
cxf/fediz/trunk/services/sts/src/test/resources/logback.xml
cxf/fediz/trunk/services/sts/src/test/resources/org/
cxf/fediz/trunk/services/sts/src/test/resources/org/apache/
cxf/fediz/trunk/services/sts/src/test/resources/org/apache/cxf/
cxf/fediz/trunk/services/sts/src/test/resources/org/apache/cxf/fediz/
cxf/fediz/trunk/services/sts/src/test/resources/org/apache/cxf/fediz/sts/
cxf/fediz/trunk/services/sts/src/test/resources/org/apache/cxf/fediz/sts/realms/
cxf/fediz/trunk/services/sts/src/test/resources/org/apache/cxf/fediz/sts/realms/ITCrossRealmTest-testRealmAtoRealmB.properties
cxf/fediz/trunk/services/sts/src/test/resources/org/apache/cxf/fediz/sts/realms/ITCrossRealmTest-testRealmAtoRealmBWithClaims.properties
cxf/fediz/trunk/services/sts/src/test/resources/org/apache/cxf/fediz/sts/realms/ITCrossRealmTest.properties
cxf/fediz/trunk/services/sts/src/test/resources/org/apache/cxf/fediz/sts/realms/sts-client.xml
cxf/fediz/trunk/services/sts/src/test/resources/stsclient.properties
Modified:
cxf/fediz/trunk/services/sts/pom.xml
cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/PasswordCallbackHandler.java
Added: cxf/fediz/trunk/services/sts/README.txt
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/README.txt?rev=1482105&view=auto
==============================================================================
--- cxf/fediz/trunk/services/sts/README.txt (added)
+++ cxf/fediz/trunk/services/sts/README.txt Mon May 13 21:01:51 2013
@@ -0,0 +1,30 @@
+Build the STS
+----------------------------
+
+
+STS with LDAP backend
+---------------------
+
+Build the STS:
+mvn clean install -Pldap
+
+
+STS with two realms
+-------------------
+
+Build the STS:
+mvn clean install -Prealms
+
+Proceed with the following steps to update the signing certificates:
+
+keytool -genkeypair -validity 3600 -alias realma -keystore stsrealm_a.jks -dname "cn=REALMA" -keypass realma -storepass storepass
+keytool -keystore stsrealm_a.jks -storepass storepass -export -alias realma -file realma.cert
+
+
+keytool -genkeypair -validity 3600 -alias realmb -keystore stsrealm_b.jks -dname "cn=REALMB" -keypass realmb -storepass storepass
+keytool -keystore stsrealm_b.jks -storepass storepass -export -alias realmb -file realmb.cert
+
+keytool -import -trustcacerts -keystore ststrust.jks -storepass storepass -alias realma -file realma.cert -noprompt
+keytool -import -trustcacerts -keystore ststrust.jks -storepass storepass -alias realmb -file realmb.cert -noprompt
+
+
Modified: cxf/fediz/trunk/services/sts/pom.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/pom.xml?rev=1482105&r1=1482104&r2=1482105&view=diff
==============================================================================
--- cxf/fediz/trunk/services/sts/pom.xml (original)
+++ cxf/fediz/trunk/services/sts/pom.xml Mon May 13 21:01:51 2013
@@ -1,107 +1,87 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <modelVersion>4.0.0</modelVersion>
- <parent>
- <groupId>org.apache.cxf.fediz</groupId>
- <artifactId>fediz</artifactId>
- <version>1.1.0-SNAPSHOT</version>
- <relativePath>../../pom.xml</relativePath>
- </parent>
- <artifactId>fediz-idp-sts</artifactId>
- <name>Apache Fediz STS</name>
- <packaging>war</packaging>
- <properties>
- <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
- <adapter.resource>file</adapter.resource>
- </properties>
- <dependencies>
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-web</artifactId>
- <version>${spring.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-transports-http</artifactId>
- <version>${cxf.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-frontend-jaxws</artifactId>
- <version>${cxf.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-ws-policy</artifactId>
- <version>${cxf.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf.services.sts</groupId>
- <artifactId>cxf-services-sts-core</artifactId>
- <version>${cxf.version}</version>
- <!--
- <exclusions>
- <exclusion>
- <artifactId>slf4j-jdk14</artifactId>
- <groupId>org.slf4j</groupId>
- </exclusion>
- <exclusion>
- <artifactId>slf4j-api</artifactId>
- <groupId>org.slf4j</groupId>
- </exclusion>
- </exclusions>
- -->
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-api</artifactId>
- <version>${slf4j.version}</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-jdk14</artifactId>
- <version>${slf4j.version}</version>
- <scope>runtime</scope>
- </dependency>
- <dependency>
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+ license agreements. See the NOTICE file distributed with this work for additional
+ information regarding copyright ownership. The ASF licenses this file to
+ you under the Apache License, Version 2.0 (the "License"); you may not use
+ this file except in compliance with the License. You may obtain a copy of
+ the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
+ by applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific
+ language governing permissions and limitations under the License. -->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache.cxf.fediz</groupId>
+ <artifactId>fediz</artifactId>
+ <version>1.1.0-SNAPSHOT</version>
+ <relativePath>../../pom.xml</relativePath>
+ </parent>
+ <artifactId>fediz-idp-sts</artifactId>
+ <name>Apache Fediz STS</name>
+ <packaging>war</packaging>
+ <properties>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+ <adapter.resource>file</adapter.resource>
+ </properties>
+ <dependencies>
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-web</artifactId>
+ <version>${spring.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-transports-http</artifactId>
+ <version>${cxf.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-frontend-jaxws</artifactId>
+ <version>${cxf.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-ws-policy</artifactId>
+ <version>${cxf.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf.services.sts</groupId>
+ <artifactId>cxf-services-sts-core</artifactId>
+ <version>${cxf.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-api</artifactId>
+ <version>${slf4j.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ <version>${slf4j.version}</version>
+ <scope>runtime</scope>
+ </dependency>
+ <dependency>
<groupId>org.springframework.ldap</groupId>
<artifactId>spring-ldap-core</artifactId>
<version>1.3.1.RELEASE</version>
<scope>compile</scope>
- </dependency>
-<!--
+ </dependency>
<dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-api</artifactId>
- <version>${slf4j.version}</version>
- <scope>provided</scope>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>${junit.version}</version>
+ <scope>test</scope>
</dependency>
--->
- </dependencies>
+ </dependencies>
- <build>
- <plugins>
- <plugin>
+ <build>
+ <plugins>
+ <plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
<version>2.1.1</version>
@@ -124,43 +104,50 @@
</webResources>
</configuration>
</plugin>
- <!--
- <plugin>
- <groupId>org.apache.tomcat.maven</groupId>
- <artifactId>tomcat-maven-plugin</artifactId>
- <version>2.0-SNAPSHOT</version>
- <configuration>
- <server>myTomcat</server>
- <url>http://localhost:8080/manager/text</url>
- <warFile>${project.build.finalName}.war</warFile>
- </configuration>
- </plugin>
- -->
- <plugin>
- <!--for mvn tomcat:deploy/:undeploy/:redeploy -->
- <groupId>org.codehaus.mojo</groupId>
- <artifactId>tomcat-maven-plugin</artifactId>
- <version>1.1</version>
- <configuration>
- <server>myTomcat</server>
- <url>http://localhost:9080/manager/text</url>
- <path>/${project.build.finalName}</path>
- </configuration>
- </plugin>
- </plugins>
- <!-- Name of the generated WAR file -->
- <finalName>fediz-idp-sts</finalName>
- </build>
-
- <profiles>
- <profile>
- <id>ldap</id>
- <properties>
- <adapter.resource>ldap</adapter.resource>
- </properties>
- <dependencyManagement>
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <version>2.14</version>
+ <executions>
+ <execution>
+ <id>default-test</id>
+ <phase>test</phase>
+ <goals>
+ <goal>test</goal>
+ </goals>
+ <configuration>
+ <excludes>
+ <exclude>**/realms/**/IT*Test.java</exclude>
+ </excludes>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <!--for mvn tomcat:deploy/:undeploy/:redeploy -->
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>tomcat-maven-plugin</artifactId>
+ <version>1.1</version>
+ <configuration>
+ <server>myTomcat</server>
+ <url>http://localhost:9080/manager/text</url>
+ <path>/${project.build.finalName}</path>
+ </configuration>
+ </plugin>
+ </plugins>
+
+ <!-- Name of the generated WAR file -->
+ <finalName>fediz-idp-sts</finalName>
+ </build>
+
+ <profiles>
+ <profile>
+ <id>ldap</id>
+ <properties>
+ <adapter.resource>ldap</adapter.resource>
+ </properties>
+ <dependencyManagement>
<dependencies>
- <!-- spring-ldap-core uses 3.0.5 -->
+ <!-- spring-ldap-core uses 3.0.5 -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-tx</artifactId>
@@ -168,14 +155,214 @@
</dependency>
</dependencies>
</dependencyManagement>
- <dependencies>
- <dependency>
+ <dependencies>
+ <dependency>
<groupId>org.springframework.ldap</groupId>
<artifactId>spring-ldap-core</artifactId>
<version>1.3.1.RELEASE</version>
</dependency>
- </dependencies>
- </profile>
-
- </profiles>
+ </dependencies>
+ </profile>
+
+ <profile>
+ <id>realms</id>
+ <properties>
+
+ </properties>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-resources-plugin</artifactId>
+ <configuration>
+ <overwrite>true</overwrite>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-war-plugin</artifactId>
+ <version>2.1.1</version>
+ <configuration>
+ <webResources>
+ <resource>
+ <directory>src/realms/webapp</directory>
+ <filtering>true</filtering>
+ <includes>
+ <include>**/cxf-transport.xml</include>
+ </includes>
+ </resource>
+ <resource>
+ <directory>src/realms/webapp</directory>
+ <filtering>false</filtering>
+ <excludes>
+ <exclude>**/cxf-transport.xml</exclude>
+ </excludes>
+ </resource>
+ </webResources>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>keytool-maven-plugin</artifactId>
+ <version>1.2</version>
+ <executions>
+ <execution>
+ <phase>generate-resources</phase>
+ <id>clean</id>
+ <goals>
+ <goal>clean</goal>
+ </goals>
+ </execution>
+ <execution>
+ <phase>generate-resources</phase>
+ <id>generateKeyPair</id>
+ <goals>
+ <goal>generateKeyPair</goal>
+ </goals>
+ </execution>
+ </executions>
+ <configuration>
+ <keystore>${project.build.directory}/test-classes/jetty-ssl.keystore</keystore>
+ <dname>cn=localhost</dname>
+ <keypass>jettypw</keypass>
+ <storepass>jettypw</storepass>
+ <alias>jetty</alias>
+ <keyalg>RSA</keyalg>
+ </configuration>
+ </plugin>
+
+ <!-- logback property ignored if set in jetty maven plugin -->
+ <!-- http://docs.codehaus.org/display/JETTY/Maven+Jetty+Plugin#MavenJettyPlugin-Logging -->
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>properties-maven-plugin</artifactId>
+ <version>1.0-alpha-2</version>
+ <executions>
+ <execution>
+ <goals>
+ <goal>set-system-properties</goal>
+ </goals>
+ <configuration>
+ <properties>
+ <property>
+ <name>logback.configurationFile</name>
+ <value>${project.baseUri}/src/test/resources/logback.xml</value>
+ </property>
+ </properties>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>build-helper-maven-plugin</artifactId>
+ <version>1.7</version>
+ <executions>
+ <execution>
+ <id>reserve-network-port</id>
+ <goals>
+ <goal>reserve-network-port</goal>
+ </goals>
+ <phase>initialize</phase>
+ <configuration>
+ <portNames>
+ <portName>sts.https.port</portName>
+ <portName>jetty.port</portName>
+ </portNames>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.mortbay.jetty</groupId>
+ <artifactId>jetty-maven-plugin</artifactId>
+ <version>7.6.8.v20121106</version>
+ <inherited>true</inherited>
+ <configuration>
+ <webApp>
+ <contextPath>/fediz-idp-sts</contextPath>
+ </webApp>
+
+ <scanIntervalSeconds>0</scanIntervalSeconds>
+ <connectors>
+ <connector
+ implementation="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
+ <port>${sts.https.port}</port>
+ <maxIdleTime>60000</maxIdleTime>
+ <keystore>${project.build.directory}/test-classes/jetty-ssl.keystore</keystore>
+ <password>jettypw</password>
+ <keyPassword>jettypw</keyPassword>
+ <wantClientAuth>true</wantClientAuth>
+ </connector>
+ </connectors>
+ <stopPort>${jetty.port}</stopPort>
+ <stopKey>STOP</stopKey>
+ <systemProperties>
+ </systemProperties>
+ </configuration>
+ <executions>
+ <execution>
+ <id>start-jetty</id>
+ <phase>pre-integration-test</phase>
+ <inherited>true</inherited>
+ <goals>
+ <goal>deploy-war</goal>
+ </goals>
+ <configuration>
+ <daemon>true</daemon>
+ </configuration>
+ </execution>
+ <execution>
+ <id>stop-jetty</id>
+ <phase>post-integration-test</phase>
+ <inherited>true</inherited>
+ <goals>
+ <goal>stop</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <artifactId>maven-failsafe-plugin</artifactId>
+ <version>2.12.2</version>
+ <inherited>true</inherited>
+ <executions>
+ <execution>
+ <id>integration-test</id>
+ <phase>integration-test</phase>
+ <goals>
+ <goal>integration-test</goal>
+ </goals>
+ <configuration>
+ <skip>false</skip>
+ <systemPropertyVariables>
+ <sts.https.port>${sts.https.port}</sts.https.port>
+ </systemPropertyVariables>
+
+ <includes>
+ <include>**/IT*.java</include>
+ </includes>
+
+ </configuration>
+ </execution>
+ <execution>
+ <id>verify</id>
+ <phase>verify</phase>
+ <goals>
+ <goal>verify</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ <resources>
+ <resource>
+ <directory>src/realms/resources</directory>
+ </resource>
+ </resources>
+ </build>
+ </profile>
+
+ </profiles>
</project>
Modified: cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/PasswordCallbackHandler.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/PasswordCallbackHandler.java?rev=1482105&r1=1482104&r2=1482105&view=diff
==============================================================================
--- cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/PasswordCallbackHandler.java (original)
+++ cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/PasswordCallbackHandler.java Mon May 13 21:01:51 2013
@@ -31,6 +31,13 @@ public class PasswordCallbackHandler imp
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof WSPasswordCallback) { // CXF
WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+ if ("realma".equals(pc.getIdentifier())) {
+ pc.setPassword("realma");
+ break;
+ } else if ("realmb".equals(pc.getIdentifier())) {
+ pc.setPassword("realmb");
+ break;
+ }
if ("mystskey".equals(pc.getIdentifier())) {
pc.setPassword("stskpass");
break;
Added: cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/IdentityMapperImpl.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/IdentityMapperImpl.java?rev=1482105&view=auto
==============================================================================
--- cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/IdentityMapperImpl.java (added)
+++ cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/IdentityMapperImpl.java Mon May 13 21:01:51 2013
@@ -0,0 +1,56 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.sts.realms;
+
+import java.security.Principal;
+import java.util.logging.Logger;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.sts.IdentityMapper;
+import org.apache.ws.security.CustomTokenPrincipal;
+
+/**
+ * A test implementation of IdentityMapper.
+ */
+public class IdentityMapperImpl implements IdentityMapper {
+
+ private static final Logger LOG = LogUtils.getL7dLogger(IdentityMapperImpl.class);
+
+ /**
+ * Map a principal in the source realm to the target realm
+ * @param sourceRealm the source realm of the Principal
+ * @param sourcePrincipal the principal in the source realm
+ * @param targetRealm the target realm of the Principal
+ * @return the principal in the target realm
+ */
+ public Principal mapPrincipal(String sourceRealm, Principal sourcePrincipal, String targetRealm) {
+ if ("REALMA".equals(sourceRealm)) {
+ String name = sourcePrincipal.getName().toUpperCase();
+ LOG.info("Principal '" + sourcePrincipal.getName() + "' mapped to '" + name);
+ return new CustomTokenPrincipal(name);
+ } else if ("REALMB".equals(sourceRealm)) {
+ String name = sourcePrincipal.getName().toLowerCase();
+ LOG.info("Principal '" + sourcePrincipal.getName() + "' mapped to '" + name);
+ return new CustomTokenPrincipal(name);
+ }
+ return null;
+ }
+
+}
Added: cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/RealmFileClaimsHandler.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/RealmFileClaimsHandler.java?rev=1482105&view=auto
==============================================================================
--- cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/RealmFileClaimsHandler.java (added)
+++ cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/RealmFileClaimsHandler.java Mon May 13 21:01:51 2013
@@ -0,0 +1,121 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.sts.realms;
+
+import java.net.URI;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.logging.Logger;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.sts.claims.Claim;
+import org.apache.cxf.sts.claims.ClaimCollection;
+import org.apache.cxf.sts.claims.ClaimsHandler;
+import org.apache.cxf.sts.claims.ClaimsParameters;
+import org.apache.cxf.sts.claims.RequestClaim;
+import org.apache.cxf.sts.claims.RequestClaimCollection;
+
+/**
+ * A custom ClaimsHandler implementation for use in the tests.
+ */
+public class RealmFileClaimsHandler implements ClaimsHandler {
+
+ public static final URI ROLE =
+ URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
+
+ private static final Logger LOG = LogUtils.getL7dLogger(RealmFileClaimsHandler.class);
+
+ private Map<String, Map<String, String>> userClaims;
+ private List<URI> supportedClaims;
+ private String realm;
+
+ public void setUserClaims(Map<String, Map<String, String>> userClaims) {
+ this.userClaims = userClaims;
+ }
+
+ public Map<String, Map<String, String>> getUserClaims() {
+ return userClaims;
+ }
+
+ public void setSupportedClaims(List<URI> supportedClaims) {
+ this.supportedClaims = supportedClaims;
+ }
+
+ public void setRealm(String realm) {
+ this.realm = realm;
+ }
+
+ public String getRealm() {
+ return realm;
+ }
+
+ @Override
+ public List<URI> getSupportedClaimTypes() {
+ return Collections.unmodifiableList(this.supportedClaims);
+ }
+
+
+ @Override
+ public ClaimCollection retrieveClaimValues(RequestClaimCollection claims,
+ ClaimsParameters parameters) {
+
+ if (parameters.getRealm() == null || !parameters.getRealm().equalsIgnoreCase(getRealm())) {
+ LOG.fine("Realm '" + parameters.getRealm() + "' doesn't match with configured realm '" + getRealm() + "'");
+ return new ClaimCollection();
+ }
+ if (getUserClaims() == null || parameters.getPrincipal() == null) {
+ return new ClaimCollection();
+ }
+
+ if (claims == null || claims.size() == 0) {
+ LOG.fine("No claims requested");
+ return new ClaimCollection();
+ }
+
+ Map<String, String> claimMap = getUserClaims().get(parameters.getPrincipal().getName());
+ if (claimMap == null || claimMap.size() == 0) {
+ LOG.fine("Claims requested for principal '" + parameters.getPrincipal().getName()
+ + "' but not found");
+ return new ClaimCollection();
+ }
+ LOG.fine("Claims found for principal '" + parameters.getPrincipal().getName() + "'");
+
+ if (claims != null && claims.size() > 0) {
+ ClaimCollection claimCollection = new ClaimCollection();
+ for (RequestClaim requestClaim : claims) {
+ String claimValue = claimMap.get(requestClaim.getClaimType().toString());
+ if (claimValue != null) {
+ Claim claim = new Claim();
+ claim.setClaimType(requestClaim.getClaimType());
+ claim.setIssuer("Test Issuer");
+ claim.setOriginalIssuer("Original Issuer");
+ claim.addValue(claimValue);
+ claimCollection.add(claim);
+ }
+ }
+ return claimCollection;
+ }
+ return null;
+
+ }
+
+
+
+}
Added: cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/SamlRealmCodec.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/SamlRealmCodec.java?rev=1482105&view=auto
==============================================================================
--- cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/SamlRealmCodec.java (added)
+++ cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/SamlRealmCodec.java Mon May 13 21:01:51 2013
@@ -0,0 +1,47 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.sts.realms;
+
+import java.security.cert.X509Certificate;
+
+import javax.security.auth.x500.X500Principal;
+
+import org.apache.cxf.sts.token.realm.SAMLRealmCodec;
+import org.apache.ws.security.saml.SAMLKeyInfo;
+import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class SamlRealmCodec implements SAMLRealmCodec {
+
+ private static final Logger LOG = LoggerFactory.getLogger(SamlRealmCodec.class);
+
+ @Override
+ public String getRealmFromToken(AssertionWrapper assertion) {
+ SAMLKeyInfo ki = assertion.getSignatureKeyInfo();
+ X509Certificate[] certs = ki.getCerts();
+ X500Principal subject = certs[0].getSubjectX500Principal();
+ String name = subject.getName();
+ String realm = name.substring(name.indexOf("CN=") + 3);
+ LOG.info("Realm parsed in certificate: " + realm);
+ return realm.toUpperCase();
+ }
+
+}
Added: cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/UriRealmParser.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/UriRealmParser.java?rev=1482105&view=auto
==============================================================================
--- cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/UriRealmParser.java (added)
+++ cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/UriRealmParser.java Mon May 13 21:01:51 2013
@@ -0,0 +1,64 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.sts.realms;
+
+import java.util.StringTokenizer;
+
+import javax.xml.ws.WebServiceContext;
+
+import org.apache.cxf.sts.RealmParser;
+import org.apache.cxf.ws.security.sts.provider.STSException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class UriRealmParser implements RealmParser {
+
+ public enum REALMS { REALMA, REALMB };
+
+ private static final Logger LOG = LoggerFactory.getLogger(UriRealmParser.class);
+
+ @Override
+ public String parseRealm(WebServiceContext context) throws STSException {
+ String url = (String)context.getMessageContext().get("org.apache.cxf.request.url");
+
+ // Get the realm of the request url
+ // Example: https://localhost:9443/fediz-idp-sts/REALMA/STSServiceTransport
+ // realm = REALMA
+ StringTokenizer st = new StringTokenizer(url, "/");
+ String realm = null;
+ int count = st.countTokens();
+ if (count <= 1) {
+ return null;
+ }
+ count--;
+ for (int i = 0; i < count; i++) {
+ realm = st.nextToken();
+ }
+ realm = realm.toUpperCase();
+ try {
+ REALMS.valueOf(realm);
+ } catch (IllegalArgumentException ex) {
+ LOG.warn("Unknown realm: " + realm);
+ throw new STSException("Unknown realm: " + realm);
+ }
+ return realm;
+ }
+
+}
Added: cxf/fediz/trunk/services/sts/src/realms/resources/log4j.properties
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/realms/resources/log4j.properties?rev=1482105&view=auto
==============================================================================
--- cxf/fediz/trunk/services/sts/src/realms/resources/log4j.properties (added)
+++ cxf/fediz/trunk/services/sts/src/realms/resources/log4j.properties Mon May 13 21:01:51 2013
@@ -0,0 +1,14 @@
+# Set root category priority to INFO and its only appender to CONSOLE.
+#log4j.rootCategory=FATAL, CONSOLE
+log4j.rootLogger=INFO, CONSOLE
+log4j.logger.org.apache.cxf.sts=DEBUG, CONSOLE
+log4j.additivity.org.apache.cxf.sts=false
+log4j.logger.org.apache.cxf.fediz=DEBUG, CONSOLE
+log4j.additivity.org.apache.cxf.fediz=false
+
+# CONSOLE is set to be a ConsoleAppender using a PatternLayout.
+log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
+log4j.appender.CONSOLE.Threshold=DEBUG
+log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
+log4j.appender.CONSOLE.layout.ConversionPattern=%d [%t] %-5p %c %x - %m%n
+
Added: cxf/fediz/trunk/services/sts/src/realms/resources/org.apache.cxf.Logger
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/realms/resources/org.apache.cxf.Logger?rev=1482105&view=auto
==============================================================================
--- cxf/fediz/trunk/services/sts/src/realms/resources/org.apache.cxf.Logger (added)
+++ cxf/fediz/trunk/services/sts/src/realms/resources/org.apache.cxf.Logger Mon May 13 21:01:51 2013
@@ -0,0 +1 @@
+org.apache.cxf.common.logging.Log4JLogger
\ No newline at end of file
Added: cxf/fediz/trunk/services/sts/src/realms/resources/realma.cert
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/realms/resources/realma.cert?rev=1482105&view=auto
==============================================================================
Files cxf/fediz/trunk/services/sts/src/realms/resources/realma.cert (added) and cxf/fediz/trunk/services/sts/src/realms/resources/realma.cert Mon May 13 21:01:51 2013 differ
Added: cxf/fediz/trunk/services/sts/src/realms/resources/realmb.cert
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/realms/resources/realmb.cert?rev=1482105&view=auto
==============================================================================
Files cxf/fediz/trunk/services/sts/src/realms/resources/realmb.cert (added) and cxf/fediz/trunk/services/sts/src/realms/resources/realmb.cert Mon May 13 21:01:51 2013 differ
Added: cxf/fediz/trunk/services/sts/src/realms/resources/stsKeystoreA.properties
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/realms/resources/stsKeystoreA.properties?rev=1482105&view=auto
==============================================================================
--- cxf/fediz/trunk/services/sts/src/realms/resources/stsKeystoreA.properties (added)
+++ cxf/fediz/trunk/services/sts/src/realms/resources/stsKeystoreA.properties Mon May 13 21:01:51 2013
@@ -0,0 +1,6 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=storepass
+org.apache.ws.security.crypto.merlin.keystore.alias=realma
+org.apache.ws.security.crypto.merlin.file=stsrealm_a.jks
+
Added: cxf/fediz/trunk/services/sts/src/realms/resources/stsKeystoreB.properties
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/realms/resources/stsKeystoreB.properties?rev=1482105&view=auto
==============================================================================
--- cxf/fediz/trunk/services/sts/src/realms/resources/stsKeystoreB.properties (added)
+++ cxf/fediz/trunk/services/sts/src/realms/resources/stsKeystoreB.properties Mon May 13 21:01:51 2013
@@ -0,0 +1,6 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=storepass
+org.apache.ws.security.crypto.merlin.keystore.alias=realmb
+org.apache.ws.security.crypto.merlin.file=stsrealm_b.jks
+
Added: cxf/fediz/trunk/services/sts/src/realms/resources/stsTruststore.properties
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/realms/resources/stsTruststore.properties?rev=1482105&view=auto
==============================================================================
--- cxf/fediz/trunk/services/sts/src/realms/resources/stsTruststore.properties (added)
+++ cxf/fediz/trunk/services/sts/src/realms/resources/stsTruststore.properties Mon May 13 21:01:51 2013
@@ -0,0 +1,5 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=storepass
+org.apache.ws.security.crypto.merlin.file=ststrust.jks
+
Added: cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_a.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_a.jks?rev=1482105&view=auto
==============================================================================
Files cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_a.jks (added) and cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_a.jks Mon May 13 21:01:51 2013 differ
Added: cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_b.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_b.jks?rev=1482105&view=auto
==============================================================================
Files cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_b.jks (added) and cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_b.jks Mon May 13 21:01:51 2013 differ
Added: cxf/fediz/trunk/services/sts/src/realms/resources/ststrust.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/realms/resources/ststrust.jks?rev=1482105&view=auto
==============================================================================
Files cxf/fediz/trunk/services/sts/src/realms/resources/ststrust.jks (added) and cxf/fediz/trunk/services/sts/src/realms/resources/ststrust.jks Mon May 13 21:01:51 2013 differ
Added: cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/cxf-transport.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/cxf-transport.xml?rev=1482105&view=auto
==============================================================================
--- cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/cxf-transport.xml (added)
+++ cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/cxf-transport.xml Mon May 13 21:01:51 2013
@@ -0,0 +1,218 @@
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:cxf="http://cxf.apache.org/core" xmlns:jaxws="http://cxf.apache.org/jaxws"
+ xmlns:test="http://apache.org/hello_world_soap_http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:util="http://www.springframework.org/schema/util" xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xsi:schemaLocation="
+ http://cxf.apache.org/core
+ http://cxf.apache.org/schemas/core.xsd
+ http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+ http://cxf.apache.org/jaxws
+ http://cxf.apache.org/schemas/jaxws.xsd
+ http://www.springframework.org/schema/util
+ http://www.springframework.org/schema/util/spring-util-2.0.xsd
+ http://cxf.apache.org/transports/http/configuration
+ http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/configuration/security
+ http://cxf.apache.org/schemas/configuration/security.xsd">
+
+ <import resource="classpath:META-INF/cxf/cxf.xml" />
+
+ <import resource="passwords.xml" />
+ <import resource="userClaims.xml" />
+
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging />
+ </cxf:features>
+ </cxf:bus>
+
+ <bean id="transportSTSProviderBean"
+ class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider">
+ <property name="issueOperation" ref="transportIssueDelegate" />
+ <property name="validateOperation" ref="transportValidateDelegate" />
+ </bean>
+
+ <bean id="transportIssueDelegate" class="org.apache.cxf.sts.operation.TokenIssueOperation">
+ <property name="tokenProviders" ref="transportTokenProviders" />
+ <property name="services" ref="transportService" />
+ <property name="stsProperties" ref="transportSTSProperties" />
+ <property name="claimsManager" ref="claimsManager" />
+ <property name="tokenValidators" ref="transportTokenValidators" />
+ </bean>
+
+ <bean id="transportValidateDelegate" class="org.apache.cxf.sts.operation.TokenValidateOperation">
+ <property name="tokenValidators" ref="transportTokenValidators" />
+ <property name="stsProperties" ref="transportSTSProperties" />
+ </bean>
+
+ <util:list id="relationships">
+ <bean class="org.apache.cxf.sts.token.realm.Relationship">
+ <property name="sourceRealm" value="REALMA" />
+ <property name="targetRealm" value="REALMB"/>
+ <property name="identityMapper" ref="identityMapper" />
+ <property name="type" value="FederatedIdentity" />
+ </bean>
+ <bean class="org.apache.cxf.sts.token.realm.Relationship">
+ <property name="sourceRealm" value="REALMB" />
+ <property name="targetRealm" value="REALMA"/>
+ <property name="identityMapper" ref="identityMapper" />
+ <property name="type" value="FederatedIdentity" />
+ </bean>
+ </util:list>
+
+
+ <util:list id="transportTokenProviders">
+ <ref bean="transportSamlTokenProvider" />
+ </util:list>
+
+ <util:list id="transportTokenValidators">
+ <ref bean="transportSamlTokenValidator" />
+ </util:list>
+
+
+ <bean id="realmA"
+ class="org.apache.cxf.sts.token.realm.SAMLRealm">
+ <property name="issuer" value="STS Realm A"/>
+ <property name="signaturePropertiesFile" value="stsKeystoreA.properties" />
+ <property name="callbackHandlerClass" value="org.apache.cxf.fediz.service.sts.PasswordCallbackHandler" />
+ </bean>
+
+ <bean id="realmB"
+ class="org.apache.cxf.sts.token.realm.SAMLRealm">
+ <property name="issuer" value="STS Realm B"/>
+ <property name="signaturePropertiesFile" value="stsKeystoreB.properties" />
+ <property name="callbackHandlerClass" value="org.apache.cxf.fediz.service.sts.PasswordCallbackHandler" />
+ </bean>
+
+ <util:map id="realms">
+ <entry key="REALMA" value-ref="realmA"/>
+ <entry key="REALMB" value-ref="realmB"/>
+ </util:map>
+
+
+ <bean id="transportSamlTokenProvider" class="org.apache.cxf.sts.token.provider.SAMLTokenProvider">
+ <property name="attributeStatementProviders" ref="attributeStatementProvidersList" />
+ <property name="realmMap" ref="realms" />
+ <property name="conditionsProvider" ref="conditionsProvider" />
+ </bean>
+
+ <bean id="conditionsProvider"
+ class="org.apache.cxf.sts.token.provider.DefaultConditionsProvider">
+ <property name="lifetime" value="1200" />
+ <property name="acceptClientLifetime" value="true" />
+ </bean>
+
+ <util:list id="attributeStatementProvidersList">
+ <ref bean="claimAttributeProvider" />
+ </util:list>
+
+ <bean id="claimAttributeProvider"
+ class="org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider">
+ </bean>
+
+ <bean id="claimsManager" class="org.apache.cxf.sts.claims.ClaimsManager">
+ <property name="claimHandlers" ref="claimHandlerList" />
+ </bean>
+
+ <util:list id="claimHandlerList">
+ <ref bean="claimsHandlerA" />
+ <ref bean="claimsHandlerB" />
+ </util:list>
+
+ <bean id="claimsHandlerA" class="org.apache.cxf.fediz.service.sts.realms.RealmFileClaimsHandler">
+ <property name="userClaims" ref="userClaimsREALMA" />
+ <property name="supportedClaims" ref="supportedClaims" />
+ <property name="realm" value="REALMA" />
+ </bean>
+
+ <bean id="claimsHandlerB" class="org.apache.cxf.fediz.service.sts.realms.RealmFileClaimsHandler">
+ <property name="userClaims" ref="userClaimsREALMB" />
+ <property name="supportedClaims" ref="supportedClaims" />
+ <property name="realm" value="REALMB" />
+ </bean>
+
+ <bean id="identityMapper" class="org.apache.cxf.fediz.service.sts.realms.IdentityMapperImpl" />
+
+ <bean id="samlRealmCodec" class="org.apache.cxf.fediz.service.sts.realms.SamlRealmCodec" />
+
+ <bean id="customRealmParser" class="org.apache.cxf.fediz.service.sts.realms.UriRealmParser"/>
+
+ <bean id="upCallBackHandlerRealmA"
+ class="org.apache.cxf.fediz.service.sts.UsernamePasswordCallbackHandler">
+ <property name="passwords" ref="REALMA" />
+ </bean>
+
+ <bean id="upCallBackHandlerRealmB"
+ class="org.apache.cxf.fediz.service.sts.UsernamePasswordCallbackHandler">
+ <property name="passwords" ref="REALMB" />
+ </bean>
+
+ <bean id="transportSamlTokenValidator" class="org.apache.cxf.sts.token.validator.SAMLTokenValidator">
+ <property name="samlRealmCodec" ref="samlRealmCodec" />
+ </bean>
+
+ <bean id="transportUsernameTokenValidator"
+ class="org.apache.cxf.sts.token.validator.UsernameTokenValidator">
+ </bean>
+
+ <bean id="transportService" class="org.apache.cxf.sts.service.StaticService">
+ <property name="endpoints" ref="transportEndpoints" />
+ </bean>
+
+ <util:list id="transportEndpoints">
+ <value>.*</value>
+ </util:list>
+
+ <bean id="transportSTSProperties" class="org.apache.cxf.sts.StaticSTSProperties">
+ <property name="callbackHandlerClass"
+ value="org.apache.cxf.fediz.service.sts.PasswordCallbackHandler" />
+ <property name="issuer" value="Fediz STS" />
+ <property name="realmParser" ref="customRealmParser"/>
+ <property name="signaturePropertiesFile" value="stsTruststore.properties" />
+ <property name="relationships" ref="relationships" />
+ </bean>
+
+
+ <jaxws:endpoint id="transportSTSRealmA" implementor="#transportSTSProviderBean"
+ address="/REALMA/STSServiceTransport" wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
+ xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ serviceName="ns1:SecurityTokenService" endpointName="ns1:Transport_Port">
+ <jaxws:properties>
+ </jaxws:properties>
+ </jaxws:endpoint>
+
+
+
+ <jaxws:endpoint id="transportSTSRealmB" implementor="#transportSTSProviderBean"
+ address="/REALMB/STSServiceTransport" wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
+ xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ serviceName="ns1:SecurityTokenService" endpointName="ns1:Transport_Port">
+ <jaxws:properties>
+ </jaxws:properties>
+ </jaxws:endpoint>
+
+ <jaxws:endpoint id="transportSTSRealmAUT" implementor="#transportSTSProviderBean"
+ address="/REALMA/STSServiceTransportUT" wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
+ xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ serviceName="ns1:SecurityTokenService" endpointName="ns1:TransportUT_Port">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler" value-ref="upCallBackHandlerRealmA" />
+ </jaxws:properties>
+ </jaxws:endpoint>
+
+ <jaxws:endpoint id="transportSTSRealmBUT" implementor="#transportSTSProviderBean"
+ address="/REALMB/STSServiceTransportUT" wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
+ xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ serviceName="ns1:SecurityTokenService" endpointName="ns1:TransportUT_Port">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler" value-ref="upCallBackHandlerRealmB" />
+ </jaxws:properties>
+ </jaxws:endpoint>
+
+
+
+
+</beans>
+
Added: cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/passwords.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/passwords.xml?rev=1482105&view=auto
==============================================================================
--- cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/passwords.xml (added)
+++ cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/passwords.xml Mon May 13 21:01:51 2013
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:util="http://www.springframework.org/schema/util"
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+ http://www.springframework.org/schema/util
+ http://www.springframework.org/schema/util/spring-util-2.0.xsd">
+
+
+ <util:map id="REALMA">
+ <entry key="alice"
+ value="ecila" />
+ <entry key="bob"
+ value="bob" />
+ <entry key="ted"
+ value="det" />
+ </util:map>
+
+ <util:map id="REALMB">
+ <entry key="ALICE"
+ value="ECILA" />
+ <entry key="BOB"
+ value="BOB" />
+ <entry key="TED"
+ value="DET" />
+ </util:map>
+
+</beans>
\ No newline at end of file
Added: cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/userClaims.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/userClaims.xml?rev=1482105&view=auto
==============================================================================
--- cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/userClaims.xml (added)
+++ cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/userClaims.xml Mon May 13 21:01:51 2013
@@ -0,0 +1,103 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:util="http://www.springframework.org/schema/util"
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+ http://www.springframework.org/schema/util
+ http://www.springframework.org/schema/util/spring-util-2.0.xsd">
+
+ <util:map id="userClaimsREALMA">
+ <entry key="alice"
+ value-ref="REALMA_aliceClaims" />
+ <entry key="bob"
+ value-ref="REALMA_bobClaims" />
+ <entry key="ted"
+ value-ref="REALMA_tedClaims" />
+ </util:map>
+
+ <util:map id="REALMA_aliceClaims">
+ <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+ value="Alice" />
+ <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+ value="Smith" />
+ <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+ value="alice@realma.org" />
+ <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+ value="User" />
+
+ </util:map>
+
+ <util:map id="REALMA_bobClaims">
+ <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+ value="Bob" />
+ <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+ value="Windsor" />
+ <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+ value="bobwindsor@realma.org" />
+ <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+ value="user,manager,admin" />
+ </util:map>
+
+ <util:map id="REALMA_tedClaims">
+ <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+ value="Ted" />
+ <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+ value="Cooper" />
+ <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+ value="tcooper@realma.org" />
+ <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+ value="" />
+ </util:map>
+
+ <util:map id="userClaimsREALMB">
+ <entry key="ALICE"
+ value-ref="REALMB_aliceClaims" />
+ <entry key="BOB"
+ value-ref="REALMB_bobClaims" />
+ <entry key="TED"
+ value-ref="REALMB_tedClaims" />
+ </util:map>
+
+ <util:map id="REALMB_aliceClaims">
+ <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+ value="Alice" />
+ <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+ value="Smith" />
+ <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+ value="alice@realmb.org" />
+ <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+ value="USER" />
+
+ </util:map>
+
+ <util:map id="REALMB_bobClaims">
+ <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+ value="Bob" />
+ <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+ value="Windsor" />
+ <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+ value="bobwindsor@realmb.org" />
+ <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+ value="USER,MANAGER,ADMIN" />
+ </util:map>
+
+ <util:map id="REALMB_tedClaims">
+ <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+ value="Ted" />
+ <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+ value="Cooper" />
+ <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+ value="tcooper@realmb.org" />
+ <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+ value="" />
+ </util:map>
+
+ <util:list id="supportedClaims">
+ <value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname</value>
+ <value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname</value>
+ <value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress</value>
+ <value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</value>
+ </util:list>
+
+</beans>
\ No newline at end of file