You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by ow...@apache.org on 2014/02/27 22:04:16 UTC
svn commit: r1572730 [1/2] - in /cxf/fediz/trunk/services/idp/src:
main/java/org/apache/cxf/fediz/service/idp/
main/java/org/apache/cxf/fediz/service/idp/domain/
main/java/org/apache/cxf/fediz/service/idp/rest/
main/java/org/apache/cxf/fediz/service/id...
Author: owulff
Date: Thu Feb 27 21:04:15 2014
New Revision: 1572730
URL: http://svn.apache.org/r1572730
Log:
[FEDIZ-77] RBAC Support for REST Interface
Added:
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Role.java
- copied, changed from r1572238, cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Entitlement.java
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/EntitlementService.java
- copied, changed from r1572238, cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/ClaimService.java
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/EntitlementServiceImpl.java
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/Entitlements.java
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleService.java
- copied, changed from r1572238, cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/ApplicationService.java
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleServiceImpl.java
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/Roles.java
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/RoleDAO.java
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/RoleDAOJPAImpl.java
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/RoleEntity.java
- copied, changed from r1572238, cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Entitlement.java
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/security/
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/security/GrantedAuthorityEntitlements.java
Modified:
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Entitlement.java
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/ApplicationService.java
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/ClaimService.java
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/IdpService.java
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/RootServiceImpl.java
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdpService.java
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ConfigServiceJPA.java
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/DBLoaderSpring.java
cxf/fediz/trunk/services/idp/src/main/resources/META-INF/orm.xml
cxf/fediz/trunk/services/idp/src/main/resources/entities-realma.xml
cxf/fediz/trunk/services/idp/src/main/resources/entities-realmb.xml
cxf/fediz/trunk/services/idp/src/main/resources/restContext.xml
cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/security-config.xml
cxf/fediz/trunk/services/idp/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/EntitlementDAOJPATest.java
Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java?rev=1572730&r1=1572729&r2=1572730&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java Thu Feb 27 21:04:15 2014
@@ -146,6 +146,8 @@ public class STSAuthenticationProvider i
}
}
+ //Add IDP_LOGIN role to be able to access resource Idp, TrustedIdp, etc.
+ authorities.add(new SimpleGrantedAuthority("ROLE_IDP_LOGIN"));
UsernamePasswordAuthenticationToken upat = new UsernamePasswordAuthenticationToken(
authentication.getName(), authentication.getCredentials(), authorities);
Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Entitlement.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Entitlement.java?rev=1572730&r1=1572729&r2=1572730&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Entitlement.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Entitlement.java Thu Feb 27 21:04:15 2014
@@ -22,8 +22,10 @@ import java.io.Serializable;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlType;
@XmlRootElement(name = "entitlement", namespace = "http://org.apache.cxf.fediz/")
+@XmlType(propOrder = {"name", "description", "internal", "id" })
public class Entitlement implements Serializable {
private static final long serialVersionUID = 2635896159019665467L;
Copied: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Role.java (from r1572238, cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Entitlement.java)
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Role.java?p2=cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Role.java&p1=cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Entitlement.java&r1=1572238&r2=1572730&rev=1572730&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Entitlement.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Role.java Thu Feb 27 21:04:15 2014
@@ -19,19 +19,24 @@
package org.apache.cxf.fediz.service.idp.domain;
import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.List;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlType;
-@XmlRootElement(name = "entitlement", namespace = "http://org.apache.cxf.fediz/")
-public class Entitlement implements Serializable {
+@XmlRootElement(name = "role", namespace = "http://org.apache.cxf.fediz/")
+@XmlType(propOrder = {"name", "description", "entitlements", "id" })
+public class Role implements Serializable {
private static final long serialVersionUID = 2635896159019665467L;
protected String name;
protected String description;
protected int id;
- protected boolean internal;
+
+ protected List<Entitlement> entitlements = new ArrayList<Entitlement>();
@XmlAttribute
public int getId() {
@@ -58,11 +63,12 @@ public class Entitlement implements Seri
this.description = description;
}
- public boolean isInternal() {
- return internal;
+ public List<Entitlement> getEntitlements() {
+ return entitlements;
}
- public void setInternal(boolean internal) {
- this.internal = internal;
+ public void setEntitlements(List<Entitlement> entitlements) {
+ this.entitlements = entitlements;
}
+
}
Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/ApplicationService.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/ApplicationService.java?rev=1572730&r1=1572729&r2=1572730&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/ApplicationService.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/ApplicationService.java Thu Feb 27 21:04:15 2014
@@ -39,6 +39,8 @@ import javax.ws.rs.core.UriInfo;
import org.apache.cxf.fediz.service.idp.domain.Application;
import org.apache.cxf.fediz.service.idp.domain.RequestClaim;
+import org.springframework.security.access.prepost.PreAuthorize;
+
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@@ -46,6 +48,7 @@ import org.apache.cxf.fediz.service.idp.
public interface ApplicationService {
@GET
+ @PreAuthorize("hasRole('APPLICATION_LIST')")
Applications getApplications(@QueryParam("start") int start,
@QueryParam("size") @DefaultValue("2") int size,
@QueryParam("expand") @DefaultValue("all") List<String> expand,
@@ -53,26 +56,32 @@ public interface ApplicationService {
@GET
@Path("{realm}")
+ @PreAuthorize("hasRole('APPLICATION_LIST')")
Application getApplication(@PathParam("realm") String realm,
@QueryParam("expand") @DefaultValue("all") List<String> expand);
@POST
+ @PreAuthorize("hasRole('APPLICATION_CREATE')")
Response addApplication(@Context UriInfo ui, Application service);
@PUT
@Path("{realm}")
+ @PreAuthorize("hasRole('APPLICATION_UPDATE')")
Response updateApplication(@Context UriInfo ui, @PathParam("realm") String realm, Application application);
@DELETE
@Path("{realm}")
+ @PreAuthorize("hasRole('APPLICATION_DELETE')")
Response deleteApplication(@PathParam("realm") String realm);
@POST
@Path("{realm}/claims")
+ @PreAuthorize("hasRole('APPLICATION_UPDATE')")
Response addClaimToApplication(@Context UriInfo ui, @PathParam("realm") String realm, RequestClaim claim);
@DELETE
@Path("{realm}/claims/{claimType}")
+ @PreAuthorize("hasRole('APPLICATION_UPDATE')")
Response removeClaimFromApplication(@Context UriInfo ui, @PathParam("realm") String realm,
@PathParam("claimType") String claimType);
Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/ClaimService.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/ClaimService.java?rev=1572730&r1=1572729&r2=1572730&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/ClaimService.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/ClaimService.java Thu Feb 27 21:04:15 2014
@@ -36,6 +36,8 @@ import javax.ws.rs.core.UriInfo;
import org.apache.cxf.fediz.service.idp.domain.Claim;
+import org.springframework.security.access.prepost.PreAuthorize;
+
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@@ -43,23 +45,28 @@ import org.apache.cxf.fediz.service.idp.
public interface ClaimService {
@GET
+ @PreAuthorize("hasRole('CLAIM_LIST')")
Response getClaims(@QueryParam("start") int start,
@QueryParam("size") @DefaultValue("2") int size,
@Context UriInfo uriInfo);
@GET
@Path("{claimType}")
+ @PreAuthorize("hasRole('CLAIM_READ')")
Claim getClaim(@PathParam("claimType") String claimType);
@POST
+ @PreAuthorize("hasRole('CLAIM_CREATE')")
Response addClaim(@Context UriInfo ui, Claim claim);
@PUT
@Path("{claimType}")
+ @PreAuthorize("hasRole('CLAIM_UPDATE')")
Response updateClaim(@Context UriInfo ui, @PathParam("claimType") String claimType, Claim claim);
@DELETE
@Path("{claimType}")
+ @PreAuthorize("hasRole('CLAIM_DELETE')")
Response deleteClaim(@PathParam("claimType") String claimType);
}
Copied: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/EntitlementService.java (from r1572238, cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/ClaimService.java)
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/EntitlementService.java?p2=cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/EntitlementService.java&p1=cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/ClaimService.java&r1=1572238&r2=1572730&rev=1572730&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/ClaimService.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/EntitlementService.java Thu Feb 27 21:04:15 2014
@@ -34,32 +34,40 @@ import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
-import org.apache.cxf.fediz.service.idp.domain.Claim;
+import org.apache.cxf.fediz.service.idp.domain.Entitlement;
+
+import org.springframework.security.access.prepost.PreAuthorize;
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
-@Path("claims")
-public interface ClaimService {
+@Path("entitlements")
+public interface EntitlementService {
@GET
- Response getClaims(@QueryParam("start") int start,
- @QueryParam("size") @DefaultValue("2") int size,
- @Context UriInfo uriInfo);
-
+ @PreAuthorize("hasRole('ENTITLEMENT_LIST')")
+ Entitlements getEntitlements(@QueryParam("start") int start,
+ @QueryParam("size") @DefaultValue("5") int size,
+ @Context UriInfo uriInfo);
+
@GET
- @Path("{claimType}")
- Claim getClaim(@PathParam("claimType") String claimType);
+ @Path("{name}")
+ @PreAuthorize("hasRole('ENTITLEMENT_READ')")
+ Entitlement getEntitlement(@PathParam("name") String name);
@POST
- Response addClaim(@Context UriInfo ui, Claim claim);
+ @PreAuthorize("hasRole('ENTITLEMENT_CREATE')")
+ Response addEntitlement(@Context UriInfo ui, Entitlement entitlement);
@PUT
- @Path("{claimType}")
- Response updateClaim(@Context UriInfo ui, @PathParam("claimType") String claimType, Claim claim);
+ @Path("{name}")
+ @PreAuthorize("hasRole('ENTITLEMENT_UPDATE')")
+ Response updateEntitlement(@Context UriInfo ui, @PathParam("name") String name, Entitlement entitlement);
@DELETE
- @Path("{claimType}")
- Response deleteClaim(@PathParam("claimType") String claimType);
+ @Path("{name}")
+ @PreAuthorize("hasRole('ENTITLEMENT_DELETE')")
+ Response deleteEntitlement(@PathParam("name") String name);
+
}
Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/EntitlementServiceImpl.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/EntitlementServiceImpl.java?rev=1572730&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/EntitlementServiceImpl.java (added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/EntitlementServiceImpl.java Thu Feb 27 21:04:15 2014
@@ -0,0 +1,98 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp.rest;
+
+import java.net.URI;
+import java.util.List;
+
+import javax.ws.rs.BadRequestException;
+import javax.ws.rs.NotFoundException;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.UriBuilder;
+import javax.ws.rs.core.UriInfo;
+
+import org.apache.cxf.fediz.service.idp.domain.Entitlement;
+import org.apache.cxf.fediz.service.idp.service.EntitlementDAO;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+@Component
+public class EntitlementServiceImpl implements EntitlementService {
+
+ private static final Logger LOG = LoggerFactory
+ .getLogger(EntitlementServiceImpl.class);
+
+ @Autowired
+ private EntitlementDAO entitlementDAO;
+
+ @Override
+ public Entitlements getEntitlements(int start, int size, UriInfo uriInfo) {
+ List<Entitlement> entitlements = entitlementDAO.getEntitlements(start, size);
+
+ Entitlements list = new Entitlements();
+ list.setEntitlements(entitlements);
+
+ return list;
+ }
+
+ @Override
+ public Response addEntitlement(UriInfo ui, Entitlement entitlement) {
+ Entitlement createdEntitlement = entitlementDAO.addEntitlement(entitlement);
+
+ UriBuilder uriBuilder = UriBuilder.fromUri(ui.getRequestUri());
+ uriBuilder.path("{index}");
+ URI location = uriBuilder.build(createdEntitlement.getName());
+
+ LOG.debug("Entitlement '" + createdEntitlement.getName() + "' added");
+ return Response.created(location).entity(entitlement).build();
+ }
+
+ @Override
+ public Entitlement getEntitlement(String name) {
+ Entitlement entitlement = entitlementDAO.getEntitlement(name);
+ if (entitlement == null) {
+ throw new NotFoundException();
+ } else {
+ return entitlement;
+ }
+ }
+
+ @Override
+ public Response updateEntitlement(UriInfo ui, String name, Entitlement entitlement) {
+ if (!name.equals(entitlement.getName())) {
+ throw new BadRequestException();
+ }
+ entitlementDAO.updateEntitlement(name, entitlement);
+
+ LOG.debug("Entitlement '" + entitlement.getName() + "' updated");
+ return Response.noContent().build();
+ }
+
+ @Override
+ public Response deleteEntitlement(String name) {
+ entitlementDAO.deleteEntitlement(name);
+
+ LOG.debug("Entitlement '" + name + "' deleted");
+ return Response.noContent().build();
+ }
+
+}
\ No newline at end of file
Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/Entitlements.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/Entitlements.java?rev=1572730&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/Entitlements.java (added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/Entitlements.java Thu Feb 27 21:04:15 2014
@@ -0,0 +1,49 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp.rest;
+
+import java.util.Collection;
+
+import javax.xml.bind.annotation.XmlElementRef;
+import javax.xml.bind.annotation.XmlRootElement;
+
+import org.apache.cxf.fediz.service.idp.domain.Entitlement;
+
+@XmlRootElement(name = "entitlements", namespace = "http://org.apache.cxf.fediz/")
+public class Entitlements {
+
+ private Collection<Entitlement> entitlements;
+
+ public Entitlements() {
+ }
+
+ public Entitlements(Collection<Entitlement> entitlements) {
+ this.entitlements = entitlements;
+ }
+
+ @XmlElementRef
+ public Collection<Entitlement> getEntitlements() {
+ return entitlements;
+ }
+
+ public void setEntitlements(Collection<Entitlement> entitlements) {
+ this.entitlements = entitlements;
+ }
+}
\ No newline at end of file
Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/IdpService.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/IdpService.java?rev=1572730&r1=1572729&r2=1572730&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/IdpService.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/IdpService.java Thu Feb 27 21:04:15 2014
@@ -41,12 +41,15 @@ import org.apache.cxf.fediz.service.idp.
import org.apache.cxf.fediz.service.idp.domain.Idp;
import org.apache.cxf.fediz.service.idp.domain.TrustedIdp;
+import org.springframework.security.access.prepost.PreAuthorize;
+
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Path("idps")
public interface IdpService {
@GET
+ @PreAuthorize("hasRole('IDP_LIST')")
Idps getIdps(@QueryParam("start") int start,
@QueryParam("size") @DefaultValue("2") int size,
@QueryParam("expand") @DefaultValue("all") List<String> expand,
@@ -54,47 +57,57 @@ public interface IdpService {
@GET
@Path("{realm}")
+ @PreAuthorize("hasRole('IDP_READ')")
Idp getIdp(@PathParam("realm") String realm,
@QueryParam("expand") @DefaultValue("all") List<String> expand);
@POST
+ @PreAuthorize("hasRole('IDP_CREATE')")
Response addIdp(@Context UriInfo ui, Idp idp);
@PUT
@Path("{realm}")
+ @PreAuthorize("hasRole('IDP_UPDATE')")
Response updateIdp(@Context UriInfo ui, @PathParam("realm") String realm, Idp idp);
@DELETE
@Path("{realm}")
+ @PreAuthorize("hasRole('IDP_DELETE')")
Response deleteIdp(@PathParam("realm") String realm);
@POST
@Path("{realm}/applications")
+ @PreAuthorize("hasRole('IDP_UPDATE')")
Response addApplicationToIdp(@Context UriInfo ui, @PathParam("realm") String realm,
Application application);
@DELETE
@Path("{realm}/applications/{realmApplication}")
+ @PreAuthorize("hasRole('IDP_UPDATE')")
Response removeApplicationFromIdp(@Context UriInfo ui, @PathParam("realm") String realm,
@PathParam("realmApplication") String applicationRealm);
@POST
@Path("{realm}/trusted-idps")
+ @PreAuthorize("hasRole('IDP_UPDATE')")
Response addTrustedIdpToIdp(@Context UriInfo ui, @PathParam("realm") String realm,
TrustedIdp trustedIdp);
@DELETE
@Path("{realm}/trusted-idps/{realmTrustedIdp}")
+ @PreAuthorize("hasRole('IDP_UPDATE')")
Response removeTrustedIdpFromIdp(@Context UriInfo ui, @PathParam("realm") String realm,
@PathParam("realmTrustedIdp") String trustedIdpRealm);
@POST
@Path("{realm}/claims")
+ @PreAuthorize("hasRole('IDP_UPDATE')")
Response addClaimToIdp(@Context UriInfo ui, @PathParam("realm") String realm,
Claim claim);
@DELETE
@Path("{realm}/claims/{claimType}")
+ @PreAuthorize("hasRole('IDP_UPDATE')")
Response removeClaimFromIdp(@Context UriInfo ui, @PathParam("realm") String realm,
@PathParam("claimType") String claimType);
Copied: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleService.java (from r1572238, cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/ApplicationService.java)
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleService.java?p2=cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleService.java&p1=cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/ApplicationService.java&r1=1572238&r2=1572730&rev=1572730&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/ApplicationService.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleService.java Thu Feb 27 21:04:15 2014
@@ -36,44 +36,53 @@ import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
-import org.apache.cxf.fediz.service.idp.domain.Application;
-import org.apache.cxf.fediz.service.idp.domain.RequestClaim;
+import org.apache.cxf.fediz.service.idp.domain.Entitlement;
+import org.apache.cxf.fediz.service.idp.domain.Role;
+
+import org.springframework.security.access.prepost.PreAuthorize;
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
-@Path("applications")
-public interface ApplicationService {
+@Path("roles")
+public interface RoleService {
@GET
- Applications getApplications(@QueryParam("start") int start,
+ @PreAuthorize("hasRole('ROLE_LIST')")
+ Roles getRoles(@QueryParam("start") int start,
@QueryParam("size") @DefaultValue("2") int size,
@QueryParam("expand") @DefaultValue("all") List<String> expand,
@Context UriInfo uriInfo);
@GET
- @Path("{realm}")
- Application getApplication(@PathParam("realm") String realm,
+ @Path("{name}")
+ @PreAuthorize("hasRole('ROLE_CREATE')")
+ Role getRole(@PathParam("name") String realm,
@QueryParam("expand") @DefaultValue("all") List<String> expand);
@POST
- Response addApplication(@Context UriInfo ui, Application service);
+ @PreAuthorize("hasRole('ROLE_CREATE')")
+ Response addRole(@Context UriInfo ui, Role role);
@PUT
- @Path("{realm}")
- Response updateApplication(@Context UriInfo ui, @PathParam("realm") String realm, Application application);
+ @Path("{name}")
+ @PreAuthorize("hasRole('ROLE_UPDATE')")
+ Response updateRole(@Context UriInfo ui, @PathParam("name") String name, Role role);
@DELETE
- @Path("{realm}")
- Response deleteApplication(@PathParam("realm") String realm);
+ @Path("{name}")
+ @PreAuthorize("hasRole('ROLE_DELETE')")
+ Response deleteRole(@PathParam("name") String name);
@POST
- @Path("{realm}/claims")
- Response addClaimToApplication(@Context UriInfo ui, @PathParam("realm") String realm, RequestClaim claim);
+ @Path("{name}/entitlements")
+ @PreAuthorize("hasRole('ROLE_UPDATE')")
+ Response addEntitlementToRole(@Context UriInfo ui, @PathParam("name") String name, Entitlement entitlement);
@DELETE
- @Path("{realm}/claims/{claimType}")
- Response removeClaimFromApplication(@Context UriInfo ui, @PathParam("realm") String realm,
- @PathParam("claimType") String claimType);
+ @Path("{name}/entitlements/{entitlementName}")
+ @PreAuthorize("hasRole('ROLE_UPDATE')")
+ Response removeEntitlementFromRole(@Context UriInfo ui, @PathParam("name") String name,
+ @PathParam("entitlementName") String entitlementName);
}
Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleServiceImpl.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleServiceImpl.java?rev=1572730&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleServiceImpl.java (added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleServiceImpl.java Thu Feb 27 21:04:15 2014
@@ -0,0 +1,134 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp.rest;
+
+import java.net.URI;
+import java.util.List;
+
+import javax.ws.rs.BadRequestException;
+import javax.ws.rs.NotFoundException;
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.Response.Status;
+import javax.ws.rs.core.UriBuilder;
+import javax.ws.rs.core.UriInfo;
+
+import org.apache.cxf.fediz.service.idp.domain.Entitlement;
+import org.apache.cxf.fediz.service.idp.domain.Role;
+import org.apache.cxf.fediz.service.idp.service.EntitlementDAO;
+import org.apache.cxf.fediz.service.idp.service.RoleDAO;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+@Component
+public class RoleServiceImpl implements RoleService {
+
+ private static final Logger LOG = LoggerFactory
+ .getLogger(RoleServiceImpl.class);
+
+ @Autowired
+ private RoleDAO roleDAO;
+
+ @Autowired
+ private EntitlementDAO entitlementDAO;
+
+ @Override
+ public Roles getRoles(int start, int size, List<String> expand, UriInfo uriInfo) {
+ List<Role> roles = roleDAO.getRoles(start, size, expand);
+
+ Roles list = new Roles();
+ list.setRoles(roles);
+ return list;
+ }
+
+ @Override
+ public Role getRole(String name, List<String> expand) {
+ Role role = roleDAO.getRole(name, expand);
+ if (role == null) {
+ throw new NotFoundException();
+ } else {
+ return role;
+ }
+ }
+
+ @Override
+ public Response addRole(UriInfo ui, Role role) {
+ if (role.getEntitlements() != null && role.getEntitlements().size() > 0) {
+ LOG.warn("Role resource contains sub resource 'entitlements'");
+ throw new WebApplicationException(Status.BAD_REQUEST);
+ }
+ Role createdRole = roleDAO.addRole(role);
+
+ UriBuilder uriBuilder = UriBuilder.fromUri(ui.getRequestUri());
+ uriBuilder.path("{index}");
+ URI location = uriBuilder.build(createdRole.getName());
+
+ LOG.debug("Role '" + role.getName() + "' added");
+ return Response.created(location).entity(role).build();
+ }
+
+ @Override
+ public Response updateRole(UriInfo ui, String name, Role role) {
+ if (!name.equals(role.getName().toString())) {
+ throw new BadRequestException();
+ }
+ if (role.getEntitlements() != null && role.getEntitlements().size() > 0) {
+ LOG.warn("Role resource contains sub resource 'entitlements'");
+ throw new WebApplicationException(Status.BAD_REQUEST);
+ }
+ roleDAO.updateRole(name, role);
+
+ LOG.debug("Role '" + role.getName() + "' updated");
+ return Response.noContent().build();
+ }
+
+ @Override
+ public Response deleteRole(String name) {
+ roleDAO.deleteRole(name);
+
+ LOG.debug("Role '" + name + "' deleted");
+ return Response.noContent().build();
+ }
+
+ @Override
+ public Response addEntitlementToRole(UriInfo ui, String name, Entitlement entitlement) {
+ Role role = roleDAO.getRole(name, null);
+
+ Entitlement foundEntitlement = entitlementDAO.getEntitlement(entitlement.getName());
+ roleDAO.addEntitlementToRole(role, foundEntitlement);
+
+ LOG.debug("Entitlement '" + entitlement.getName() + "' added to Role '" + name + "'");
+ return Response.noContent().build();
+ }
+
+ @Override
+ public Response removeEntitlementFromRole(UriInfo ui, String name, String entitlementName) {
+ Role role = roleDAO.getRole(name, null);
+ Entitlement entitlement = entitlementDAO.getEntitlement(entitlementName);
+
+ roleDAO.removeEntitlementFromRole(role, entitlement);
+
+ LOG.debug("Entitlement '" + entitlementName + "' removed from Role '" + name + "'");
+ return Response.noContent().build();
+ }
+
+}
\ No newline at end of file
Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/Roles.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/Roles.java?rev=1572730&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/Roles.java (added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/Roles.java Thu Feb 27 21:04:15 2014
@@ -0,0 +1,49 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp.rest;
+
+import java.util.Collection;
+
+import javax.xml.bind.annotation.XmlElementRef;
+import javax.xml.bind.annotation.XmlRootElement;
+
+import org.apache.cxf.fediz.service.idp.domain.Role;
+
+@XmlRootElement(name = "roles", namespace = "http://org.apache.cxf.fediz/")
+public class Roles {
+
+ private Collection<Role> roles;
+
+ public Roles() {
+ }
+
+ public Roles(Collection<Role> roles) {
+ this.roles = roles;
+ }
+
+ @XmlElementRef
+ public Collection<Role> getRoles() {
+ return roles;
+ }
+
+ public void setRoles(Collection<Role> roles) {
+ this.roles = roles;
+ }
+}
\ No newline at end of file
Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/RootServiceImpl.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/RootServiceImpl.java?rev=1572730&r1=1572729&r2=1572730&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/RootServiceImpl.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/RootServiceImpl.java Thu Feb 27 21:04:15 2014
@@ -37,6 +37,8 @@ public class RootServiceImpl implements
URI idpUrl = absolute.clone().path("idps").build();
URI applicationUrl = absolute.clone().path("applications").build();
URI trustedIdpUrl = absolute.clone().path("trusted-idps").build();
+ URI rolesUrl = absolute.clone().path("roles").build();
+ URI entitlementsUrl = absolute.clone().path("entitlements").build();
javax.ws.rs.core.Link claims = javax.ws.rs.core.Link.fromUri(claimUrl).rel("claims")
.type("application/xml").build();
javax.ws.rs.core.Link idps = javax.ws.rs.core.Link.fromUri(idpUrl).rel("idps")
@@ -45,8 +47,13 @@ public class RootServiceImpl implements
.type("application/xml").build();
javax.ws.rs.core.Link trustedIdps = javax.ws.rs.core.Link.fromUri(trustedIdpUrl).rel("trusted-idps")
.type("application/xml").build();
+ javax.ws.rs.core.Link roles = javax.ws.rs.core.Link.fromUri(rolesUrl).rel("roles")
+ .type("application/xml").build();
+ javax.ws.rs.core.Link entitlements = javax.ws.rs.core.Link.fromUri(entitlementsUrl).rel("entitlements")
+ .type("application/xml").build();
- Response.ResponseBuilder builder = Response.ok().links(claims, idps, applications, trustedIdps);
+ Response.ResponseBuilder builder = Response.ok().links(
+ claims, idps, applications, trustedIdps, roles, entitlements);
return builder.build();
}
Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdpService.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdpService.java?rev=1572730&r1=1572729&r2=1572730&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdpService.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdpService.java Thu Feb 27 21:04:15 2014
@@ -36,6 +36,7 @@ import javax.ws.rs.core.UriInfo;
import org.apache.cxf.fediz.service.idp.domain.TrustedIdp;
+import org.springframework.security.access.prepost.PreAuthorize;
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@@ -43,23 +44,28 @@ import org.apache.cxf.fediz.service.idp.
public interface TrustedIdpService {
@GET
+ @PreAuthorize("hasRole('TRUSTEDIDP_LIST')")
TrustedIdps getTrustedIDPs(@QueryParam("start") int start,
@QueryParam("size") @DefaultValue("2") int size,
@Context UriInfo uriInfo);
@GET
@Path("{realm}")
+ @PreAuthorize("hasRole('TRUSTEDIDP_READ')")
TrustedIdp getTrustedIDP(@PathParam("realm") String realm);
@POST
+ @PreAuthorize("hasRole('TRUSTEDIDP_CREATE')")
Response addTrustedIDP(@Context UriInfo ui, TrustedIdp trustedIdp);
@PUT
@Path("{realm}")
+ @PreAuthorize("hasRole('TRUSTEDIDP_UPDATE')")
Response updateTrustedIDP(@Context UriInfo ui, @PathParam("realm") String realm, TrustedIdp trustedIdp);
@DELETE
@Path("{realm}")
+ @PreAuthorize("hasRole('TRUSTEDIDP_DELETE')")
Response deleteTrustedIDP(@PathParam("realm") String realm);
}
Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/RoleDAO.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/RoleDAO.java?rev=1572730&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/RoleDAO.java (added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/RoleDAO.java Thu Feb 27 21:04:15 2014
@@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp.service;
+
+import java.util.List;
+
+import org.apache.cxf.fediz.service.idp.domain.Entitlement;
+import org.apache.cxf.fediz.service.idp.domain.Role;
+
+public interface RoleDAO {
+
+ List<Role> getRoles(int start, int size, List<String> expand);
+
+ Role getRole(String name, List<String> expand);
+
+ Role addRole(Role role);
+
+ void updateRole(String realm, Role role);
+
+ void deleteRole(String name);
+
+ void addEntitlementToRole(Role role, Entitlement entitlement);
+
+ void removeEntitlementFromRole(Role role, Entitlement entitlement);
+
+}
Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ConfigServiceJPA.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ConfigServiceJPA.java?rev=1572730&r1=1572729&r2=1572730&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ConfigServiceJPA.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ConfigServiceJPA.java Thu Feb 27 21:04:15 2014
@@ -20,22 +20,49 @@
package org.apache.cxf.fediz.service.idp.service.jpa;
import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
import org.apache.cxf.fediz.service.idp.domain.Idp;
import org.apache.cxf.fediz.service.idp.rest.IdpService;
import org.apache.cxf.fediz.service.idp.service.ConfigService;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
+
public class ConfigServiceJPA implements ConfigService {
+ private static final Logger LOG = LoggerFactory.getLogger(TrustedIdpDAOJPAImpl.class);
+
IdpService idpService;
@Override
public Idp getIDP(String realm) {
- if (realm == null || realm.length() == 0) {
- return idpService.getIdps(0, 1, Arrays.asList("all"), null).getIdps().iterator().next();
- } else {
- return idpService.getIdp(realm, Arrays.asList("all"));
+ Authentication currentAuthentication = SecurityContextHolder.getContext().getAuthentication();
+ try {
+ final Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
+ authorities.add(new SimpleGrantedAuthority("IDP_LIST"));
+
+ UsernamePasswordAuthenticationToken technicalUser =
+ new UsernamePasswordAuthenticationToken("IDP_TEST", "N.A", authorities);
+
+ SecurityContextHolder.getContext().setAuthentication(technicalUser);
+
+ if (realm == null || realm.length() == 0) {
+ return idpService.getIdps(0, 1, Arrays.asList("all"), null).getIdps().iterator().next();
+ } else {
+ return idpService.getIdp(realm, Arrays.asList("all"));
+ }
+ } finally {
+ SecurityContextHolder.getContext().setAuthentication(currentAuthentication);
+ LOG.error("Old Spring security context restored");
}
}
Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/DBLoaderSpring.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/DBLoaderSpring.java?rev=1572730&r1=1572729&r2=1572730&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/DBLoaderSpring.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/DBLoaderSpring.java Thu Feb 27 21:04:15 2014
@@ -78,8 +78,13 @@ public class DBLoaderSpring implements D
}
LOG.info(entitlements.size() + " EntitlementEntity added");
- LOG.info("" + ctx.getBeanDefinitionCount());
- LOG.info(ctx.getBeanDefinitionNames().toString());
+ Collection<RoleEntity> roles = ctx.
+ getBeansOfType(RoleEntity.class, true, true).values();
+ for (RoleEntity r : roles) {
+ em.persist(r);
+ }
+ LOG.info(roles.size() + " RoleEntity added");
+
Collection<ClaimEntity> claims = ctx.getBeansOfType(ClaimEntity.class, true, true).values();
for (ClaimEntity c : claims) {
em.persist(c);
Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/RoleDAOJPAImpl.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/RoleDAOJPAImpl.java?rev=1572730&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/RoleDAOJPAImpl.java (added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/RoleDAOJPAImpl.java Thu Feb 27 21:04:15 2014
@@ -0,0 +1,217 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.service.jpa;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+import javax.persistence.EntityManager;
+import javax.persistence.EntityNotFoundException;
+import javax.persistence.PersistenceContext;
+import javax.persistence.Query;
+
+import org.apache.cxf.fediz.service.idp.domain.Entitlement;
+import org.apache.cxf.fediz.service.idp.domain.Role;
+import org.apache.cxf.fediz.service.idp.service.RoleDAO;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Repository;
+import org.springframework.transaction.annotation.Transactional;
+
+@Repository
+@Transactional
+public class RoleDAOJPAImpl implements RoleDAO {
+
+ private static final Logger LOG = LoggerFactory.getLogger(RoleDAOJPAImpl.class);
+
+ private EntityManager em;
+
+ @PersistenceContext
+ public void setEntityManager(EntityManager entityManager) {
+ this.em = entityManager;
+ }
+
+ @Override
+ public List<Role> getRoles(int start, int size, List<String> expandList) {
+ List<Role> list = new ArrayList<Role>();
+
+ Query query = null;
+ query = em.createQuery("select r from Role r");
+
+ //@SuppressWarnings("rawtypes")
+ List roleEntities = query
+ .setFirstResult(start)
+ .setMaxResults(size)
+ .getResultList();
+
+ for (Object obj : roleEntities) {
+ RoleEntity entity = (RoleEntity) obj;
+ list.add(entity2domain(entity, expandList));
+ }
+ return list;
+ }
+
+ @Override
+ public Role getRole(String name, List<String> expandList) {
+ Query query = null;
+ query = em.createQuery("select r from Role r where r.name=:name");
+ query.setParameter("name", name);
+
+ //@SuppressWarnings("rawtypes")
+ Object roleObj = query.getSingleResult();
+ return entity2domain((RoleEntity)roleObj, expandList);
+ }
+
+ @Override
+ public Role addRole(Role role) {
+ RoleEntity entity = new RoleEntity();
+ domain2entity(role, entity);
+ em.persist(entity);
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Role '" + role.getName() + "' added");
+ }
+ return entity2domain(entity, Arrays.asList("all"));
+ }
+
+ @Override
+ public void updateRole(String name, Role role) {
+ Query query = null;
+ query = em.createQuery("select r from Role r where r.name=:name");
+ query.setParameter("name", name);
+
+ //@SuppressWarnings("rawtypes")
+ RoleEntity roleEntity = (RoleEntity)query.getSingleResult();
+
+ domain2entity(role, roleEntity);
+
+ em.persist(roleEntity);
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Role '" + role.getName() + "' updated");
+ }
+ }
+
+ @Override
+ public void deleteRole(String name) {
+ Query query = null;
+ query = em.createQuery("select r from Role r where r.name=:name");
+ query.setParameter("name", name);
+
+ //@SuppressWarnings("rawtypes")
+ Object roleObj = query.getSingleResult();
+ em.remove(roleObj);
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Role '" + name + "' deleted");
+ }
+
+ }
+
+ @Override
+ public void addEntitlementToRole(Role role, Entitlement entitlement) {
+ RoleEntity roleEntity = null;
+ if (role.getId() != 0) {
+ roleEntity = em.find(RoleEntity.class, role.getId());
+ } else {
+ roleEntity = getRoleEntity(role.getName(), em);
+ }
+
+ EntitlementEntity entitlementEntity = null;
+ if (entitlement.getId() != 0) {
+ entitlementEntity = em.find(EntitlementEntity.class, entitlement.getId());
+ } else {
+ entitlementEntity = EntitlementDAOJPAImpl.getEntitlementEntity(entitlement.getName(), em);
+ }
+
+ roleEntity.getEntitlements().add(entitlementEntity);
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Entitlement '" + entitlement.getName() + "' added to Role '" + role.getName() + "'");
+ }
+ }
+
+ @Override
+ public void removeEntitlementFromRole(Role role, Entitlement entitlement) {
+ RoleEntity roleEntity = null;
+ if (role.getId() != 0) {
+ roleEntity = em.find(RoleEntity.class, role.getId());
+ } else {
+ roleEntity = getRoleEntity(role.getName(), em);
+ }
+
+ EntitlementEntity entitlementEntity = null;
+ if (entitlement.getId() != 0) {
+ entitlementEntity = em.find(EntitlementEntity.class, entitlement.getId());
+ } else {
+ entitlementEntity = EntitlementDAOJPAImpl.getEntitlementEntity(entitlement.getName(), em);
+ }
+
+ if (entitlementEntity == null) {
+ throw new EntityNotFoundException("EntitlementEntity not found");
+ }
+
+ if (!roleEntity.getEntitlements().remove(entitlementEntity)) {
+ throw new EntityNotFoundException("EntitlementEntity not assigned to RoleEntity");
+ }
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Entitlement '" + entitlement.getName() + "' removed from Role '" + role.getName() + "'");
+ }
+ }
+
+ static RoleEntity getRoleEntity(String realm, EntityManager em) {
+ Query query = null;
+ query = em.createQuery("select i from IDP i where i.realm=:realm");
+ query.setParameter("realm", realm);
+
+ //@SuppressWarnings("rawtypes")
+ return (RoleEntity)query.getSingleResult();
+ }
+
+ public static void domain2entity(Role role, RoleEntity entity) {
+ //The ID must not be updated if the entity has got an id already (update case)
+ if (role.getId() > 0) {
+ entity.setId(role.getId());
+ }
+
+ entity.setName(role.getName());
+ entity.setDescription(role.getDescription());
+ }
+
+
+ public static Role entity2domain(RoleEntity entity, List<String> expandList) {
+ Role role = new Role();
+ role.setId(entity.getId());
+ role.setName(entity.getName());
+ role.setDescription(entity.getDescription());
+
+ if (expandList != null && (expandList.contains("all") || expandList.contains("entitlements"))) {
+ for (EntitlementEntity item : entity.getEntitlements()) {
+ Entitlement entitlement = EntitlementDAOJPAImpl.entity2domain(item);
+ role.getEntitlements().add(entitlement);
+ }
+ }
+
+ return role;
+ }
+
+}
Copied: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/RoleEntity.java (from r1572238, cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Entitlement.java)
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/RoleEntity.java?p2=cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/RoleEntity.java&p1=cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Entitlement.java&r1=1572238&r2=1572730&rev=1572730&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Entitlement.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/RoleEntity.java Thu Feb 27 21:04:15 2014
@@ -16,24 +16,32 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.cxf.fediz.service.idp.domain;
+package org.apache.cxf.fediz.service.idp.service.jpa;
-import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.List;
-import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlRootElement;
+import javax.persistence.CascadeType;
+import javax.persistence.Entity;
+import javax.persistence.Id;
+import javax.persistence.ManyToMany;
-@XmlRootElement(name = "entitlement", namespace = "http://org.apache.cxf.fediz/")
-public class Entitlement implements Serializable {
+import org.apache.openjpa.persistence.jdbc.Index;
+
+@Entity(name = "Role")
+public class RoleEntity {
+
+ @Id
+ private int id;
+
+ @Index
+ private String name;
- private static final long serialVersionUID = 2635896159019665467L;
+ private String description;
- protected String name;
- protected String description;
- protected int id;
- protected boolean internal;
+ @ManyToMany(cascade = CascadeType.ALL)
+ private List<EntitlementEntity> entitlements = new ArrayList<EntitlementEntity>();
- @XmlAttribute
public int getId() {
return id;
}
@@ -57,12 +65,13 @@ public class Entitlement implements Seri
public void setDescription(String description) {
this.description = description;
}
-
- public boolean isInternal() {
- return internal;
+
+ public List<EntitlementEntity> getEntitlements() {
+ return entitlements;
}
- public void setInternal(boolean internal) {
- this.internal = internal;
+ public void setEntitlements(List<EntitlementEntity> entitlements) {
+ this.entitlements = entitlements;
}
+
}
Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/security/GrantedAuthorityEntitlements.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/security/GrantedAuthorityEntitlements.java?rev=1572730&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/security/GrantedAuthorityEntitlements.java (added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/security/GrantedAuthorityEntitlements.java Thu Feb 27 21:04:15 2014
@@ -0,0 +1,102 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.service.security;
+
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+
+import org.apache.cxf.fediz.service.idp.domain.Entitlement;
+import org.apache.cxf.fediz.service.idp.domain.Role;
+import org.apache.cxf.fediz.service.idp.service.RoleDAO;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.web.filter.GenericFilterBean;
+
+public class GrantedAuthorityEntitlements extends GenericFilterBean {
+
+ private static final Logger LOG = LoggerFactory.getLogger(GrantedAuthorityEntitlements.class);
+
+ @Autowired
+ private RoleDAO roleDAO;
+
+ @Override
+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+ throws IOException, ServletException {
+
+ try {
+ Authentication currentAuth = SecurityContextHolder.getContext().getAuthentication();
+ if (currentAuth == null) {
+ chain.doFilter(request, response);
+ return;
+ }
+
+ final Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
+ if (currentAuth.getAuthorities() != null) {
+ authorities.addAll(currentAuth.getAuthorities());
+ }
+
+ Iterator<? extends GrantedAuthority> authIt = currentAuth.getAuthorities().iterator();
+ while (authIt.hasNext()) {
+ GrantedAuthority ga = authIt.next();
+ String roleName = ga.getAuthority();
+
+ try {
+ Role role = roleDAO.getRole(roleName.substring(5), Arrays.asList("all"));
+ for (Entitlement e : role.getEntitlements()) {
+ authorities.add(new SimpleGrantedAuthority(e.getName()));
+ }
+ } catch (Exception ex) {
+ LOG.error("Role '" + roleName + "' not found");
+ }
+ }
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(authorities.toString());
+ }
+ UsernamePasswordAuthenticationToken enrichedAuthentication = new UsernamePasswordAuthenticationToken(
+ currentAuth.getName(), currentAuth.getCredentials(), authorities);
+ enrichedAuthentication.setDetails(currentAuth.getDetails());
+
+ SecurityContextHolder.getContext().setAuthentication(enrichedAuthentication);
+ LOG.info("Enriched AuthenticationToken added");
+
+ } catch (Exception ex) {
+ LOG.error("Failed to enrich security context with entitlements", ex);
+ }
+
+ chain.doFilter(request, response);
+ }
+
+}
Modified: cxf/fediz/trunk/services/idp/src/main/resources/META-INF/orm.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/resources/META-INF/orm.xml?rev=1572730&r1=1572729&r2=1572730&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/resources/META-INF/orm.xml (original)
+++ cxf/fediz/trunk/services/idp/src/main/resources/META-INF/orm.xml Thu Feb 27 21:04:15 2014
@@ -153,4 +153,31 @@
</id>
</attributes>
</entity>
+
+ <entity class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity">
+ <table>
+ <unique-constraint>
+ <column-name>name</column-name>
+ </unique-constraint>
+ </table>
+ <attributes>
+ <id name="id">
+ <generated-value generator="SEQ_ROLE"
+ strategy="TABLE" />
+ <table-generator name="SEQ_ROLE"
+ pk-column-value="SEQ_ROLE" initial-value="100" />
+ </id>
+ <many-to-many name="entitlements">
+ <join-table name="role_entitlements">
+ <join-column name="role_id" />
+ <inverse-join-column name="entitlement_id" />
+ <unique-constraint>
+ <column-name>role_id</column-name>
+ <column-name>entitlement_id</column-name>
+ </unique-constraint>
+ </join-table>
+ </many-to-many>
+ </attributes>
+ </entity>
+
</entity-mappings>
Modified: cxf/fediz/trunk/services/idp/src/main/resources/entities-realma.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/resources/entities-realma.xml?rev=1572730&r1=1572729&r2=1572730&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/resources/entities-realma.xml (original)
+++ cxf/fediz/trunk/services/idp/src/main/resources/entities-realma.xml Thu Feb 27 21:04:15 2014
@@ -194,6 +194,271 @@
value="Description for CLAIM_DELETE" />
</bean>
+ <bean id="entitlement_application_list"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="APPLICATION_LIST" />
+ <property name="description"
+ value="Description for APPLICATION_LIST" />
+ </bean>
+ <bean id="entitlement_application_create"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="APPLICATION_CREATE" />
+ <property name="description"
+ value="Description for APPLICATION_CREATE" />
+ </bean>
+ <bean id="entitlement_application_read"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="APPLICATION_READ" />
+ <property name="description"
+ value="Description for APPLICATION_READ" />
+ </bean>
+ <bean id="entitlement_application_update"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="APPLICATION_UPDATE" />
+ <property name="description"
+ value="Description for APPLICATION_UPDATE" />
+ </bean>
+ <bean id="entitlement_application_delete"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="APPLICATION_DELETE" />
+ <property name="description"
+ value="Description for APPLICATION_DELETE" />
+ </bean>
+
+ <bean id="entitlement_trustedidp_list"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="TRUSTEDIDP_LIST" />
+ <property name="description"
+ value="Description for TRUSTEDIDP_LIST" />
+ </bean>
+ <bean id="entitlement_trustedidp_create"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="TRUSTEDIDP" />
+ <property name="description"
+ value="Description for TRUSTEDIDP_CREATE" />
+ </bean>
+ <bean id="entitlement_trustedidp_read"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="TRUSTEDIDP_READ" />
+ <property name="description"
+ value="Description for TRUSTEDIDP_READ" />
+ </bean>
+ <bean id="entitlement_trustedidp_update"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="TRUSTEDIDP_UPDATE" />
+ <property name="description"
+ value="Description for TRUSTEDIDP_UPDATE" />
+ </bean>
+ <bean id="entitlement_trustedidp_delete"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="TRUSTEDIDP_DELETE" />
+ <property name="description"
+ value="Description for TRUSTEDIDP_DELETE" />
+ </bean>
+
+ <bean id="entitlement_idp_list"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="IDP_LIST" />
+ <property name="description"
+ value="Description for IDP_LIST" />
+ </bean>
+ <bean id="entitlement_idp_create"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="IDP_CREATE" />
+ <property name="description"
+ value="Description for IDP_CREATE" />
+ </bean>
+ <bean id="entitlement_idp_read"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="IDP_READ" />
+ <property name="description"
+ value="Description for IDP_READ" />
+ </bean>
+ <bean id="entitlement_idp_update"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="IDP_UPDATE" />
+ <property name="description"
+ value="Description for IDP_UPDATE" />
+ </bean>
+ <bean id="entitlement_idp_delete"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="IDP_DELETE" />
+ <property name="description"
+ value="Description for IDP_DELETE" />
+ </bean>
+
+ <bean id="entitlement_role_list"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="ROLE_LIST" />
+ <property name="description"
+ value="Description for ROLE_LIST" />
+ </bean>
+ <bean id="entitlement_role_create"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="ROLE_CREATE" />
+ <property name="description"
+ value="Description for ROLE_CREATE" />
+ </bean>
+ <bean id="entitlement_role_read"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="ROLE_READ" />
+ <property name="description"
+ value="Description for ROLE_READ" />
+ </bean>
+ <bean id="entitlement_role_update"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="ROLE_UPDATE" />
+ <property name="description"
+ value="Description for ROLE_UPDATE" />
+ </bean>
+ <bean id="entitlement_role_delete"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="ROLE_DELETE" />
+ <property name="description"
+ value="Description for ROLE_DELETE" />
+ </bean>
+
+ <bean id="entitlement_entitlement_list"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="ENTITLEMENT_LIST" />
+ <property name="description"
+ value="Description for ENTITLEMENT_LIST" />
+ </bean>
+ <bean id="entitlement_entitlement_create"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="ENTITLEMENT_CREATE" />
+ <property name="description"
+ value="Description for ENTITLEMENT_CREATE" />
+ </bean>
+ <bean id="entitlement_entitlement_read"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="ENTITLEMENT_READ" />
+ <property name="description"
+ value="Description for ENTITLEMENT_READ" />
+ </bean>
+ <bean id="entitlement_entitlement_update"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="ENTITLEMENT_UPDATE" />
+ <property name="description"
+ value="Description for ENTITLEMENT_UPDATE" />
+ </bean>
+ <bean id="entitlement_entitlement_delete"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+ <property name="name"
+ value="ENTITLEMENT_DELETE" />
+ <property name="description"
+ value="Description for ENTITLEMENT_DELETE" />
+ </bean>
+
+ <bean id="role_admin"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity">
+ <property name="name"
+ value="ADMIN" />
+ <property name="description"
+ value="This is the administrator role with full access" />
+ <property name="entitlements">
+ <util:list>
+ <ref bean="entitlement_claim_list" />
+ <ref bean="entitlement_claim_create" />
+ <ref bean="entitlement_claim_read" />
+ <ref bean="entitlement_claim_update" />
+ <ref bean="entitlement_claim_delete" />
+ <ref bean="entitlement_idp_list" />
+ <ref bean="entitlement_idp_create" />
+ <ref bean="entitlement_idp_read" />
+ <ref bean="entitlement_idp_update" />
+ <ref bean="entitlement_idp_delete" />
+ <ref bean="entitlement_trustedidp_list" />
+ <ref bean="entitlement_trustedidp_create" />
+ <ref bean="entitlement_trustedidp_read" />
+ <ref bean="entitlement_trustedidp_update" />
+ <ref bean="entitlement_trustedidp_delete" />
+ <ref bean="entitlement_application_list" />
+ <ref bean="entitlement_application_create" />
+ <ref bean="entitlement_application_read" />
+ <ref bean="entitlement_application_update" />
+ <ref bean="entitlement_application_delete" />
+ <ref bean="entitlement_role_list" />
+ <ref bean="entitlement_role_create" />
+ <ref bean="entitlement_role_read" />
+ <ref bean="entitlement_role_update" />
+ <ref bean="entitlement_role_delete" />
+ <ref bean="entitlement_entitlement_list" />
+ <ref bean="entitlement_entitlement_create" />
+ <ref bean="entitlement_entitlement_read" />
+ <ref bean="entitlement_entitlement_update" />
+ <ref bean="entitlement_entitlement_delete" />
+ </util:list>
+ </property>
+ </bean>
+ <bean id="role_user"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity">
+ <property name="name"
+ value="USER" />
+ <property name="description"
+ value="This is the user role with read access" />
+ <property name="entitlements">
+ <util:list>
+ <ref bean="entitlement_claim_list" />
+ <ref bean="entitlement_claim_read" />
+ <ref bean="entitlement_idp_list" />
+ <ref bean="entitlement_idp_read" />
+ <ref bean="entitlement_trustedidp_list" />
+ <ref bean="entitlement_trustedidp_read" />
+ <ref bean="entitlement_application_list" />
+ <ref bean="entitlement_application_read" />
+ <ref bean="entitlement_role_list" />
+ <ref bean="entitlement_role_read" />
+ <ref bean="entitlement_entitlement_list" />
+ <ref bean="entitlement_entitlement_read" />
+ </util:list>
+ </property>
+ </bean>
+ <bean id="role_idp_login"
+ class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity">
+ <property name="name"
+ value="IDP_LOGIN" />
+ <property name="description"
+ value="This is the IDP login role which is applied to Users during the IDP SSO" />
+ <property name="entitlements">
+ <util:list>
+ <ref bean="entitlement_claim_list" />
+ <ref bean="entitlement_claim_read" />
+ <ref bean="entitlement_idp_list" />
+ <ref bean="entitlement_idp_read" />
+ <ref bean="entitlement_trustedidp_list" />
+ <ref bean="entitlement_trustedidp_read" />
+ <ref bean="entitlement_application_list" />
+ <ref bean="entitlement_application_read" />
+ </util:list>
+ </property>
+ </bean>
+
+
</beans>