You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by ow...@apache.org on 2012/11/25 22:39:55 UTC
svn commit: r1413427 - in /cxf/fediz/trunk: ./ plugins/jetty/
plugins/jetty/src/ plugins/jetty/src/main/ plugins/jetty/src/main/assembly/
plugins/jetty/src/main/java/ plugins/jetty/src/main/java/org/
plugins/jetty/src/main/java/org/apache/ plugins/jett...
Author: owulff
Date: Sun Nov 25 21:39:53 2012
New Revision: 1413427
URL: http://svn.apache.org/viewvc?rev=1413427&view=rev
Log:
[FEDIZ-5] Provide apater for Jetty
Added:
cxf/fediz/trunk/plugins/jetty/
cxf/fediz/trunk/plugins/jetty/pom.xml
cxf/fediz/trunk/plugins/jetty/src/
cxf/fediz/trunk/plugins/jetty/src/main/
cxf/fediz/trunk/plugins/jetty/src/main/assembly/
cxf/fediz/trunk/plugins/jetty/src/main/assembly/assembly.xml
cxf/fediz/trunk/plugins/jetty/src/main/java/
cxf/fediz/trunk/plugins/jetty/src/main/java/org/
cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/
cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/
cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/
cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/
cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationLoginService.java
cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationUserIdentity.java
cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationUserPrincipal.java
cxf/fediz/trunk/plugins/jetty/src/test/
cxf/fediz/trunk/plugins/jetty/src/test/java/
cxf/fediz/trunk/plugins/jetty/src/test/java/org/
cxf/fediz/trunk/plugins/jetty/src/test/java/org/apache/
cxf/fediz/trunk/plugins/jetty/src/test/java/org/apache/cxf/
cxf/fediz/trunk/plugins/jetty/src/test/java/org/apache/cxf/fediz/
cxf/fediz/trunk/plugins/jetty/src/test/java/org/apache/cxf/fediz/jetty/
cxf/fediz/trunk/plugins/jetty/src/test/java/org/apache/cxf/fediz/jetty/BrowserTest.java
cxf/fediz/trunk/plugins/jetty/src/test/resources/
cxf/fediz/trunk/plugins/jetty/src/test/resources/fediz_config.xml
cxf/fediz/trunk/plugins/jetty/src/test/resources/fedizhelloworld.war
cxf/fediz/trunk/plugins/jetty/src/test/resources/fedserver.xml
cxf/fediz/trunk/plugins/jetty/src/test/resources/stsstore.jks
cxf/fediz/trunk/plugins/jetty/src/test/resources/tomcat-idp.jks
Modified:
cxf/fediz/trunk/pom.xml
Added: cxf/fediz/trunk/plugins/jetty/pom.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/jetty/pom.xml?rev=1413427&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/jetty/pom.xml (added)
+++ cxf/fediz/trunk/plugins/jetty/pom.xml Sun Nov 25 21:39:53 2012
@@ -0,0 +1,90 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache.cxf.fediz</groupId>
+ <artifactId>fediz</artifactId>
+ <version>1.1.0-SNAPSHOT</version>
+ <relativePath>../../pom.xml</relativePath>
+ </parent>
+ <artifactId>fediz-jetty</artifactId>
+ <name>Apache Fediz Plugin Jetty</name>
+ <packaging>jar</packaging>
+
+ <properties>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ </properties>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-server</artifactId>
+ <version>${jetty.version}</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-security</artifactId>
+ <version>${jetty.version}</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-xml</artifactId>
+ <version>${jetty.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-webapp</artifactId>
+ <version>${jetty.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>${junit.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf.fediz</groupId>
+ <artifactId>fediz-core</artifactId>
+ <version>${project.version}</version>
+ <type>jar</type>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.httpcomponents</groupId>
+ <artifactId>httpclient</artifactId>
+ <version>4.2.2</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <version>2.2.1</version>
+ <executions>
+ <execution>
+ <id>zip-file</id>
+ <phase>package</phase>
+ <goals>
+ <goal>attached</goal>
+ </goals>
+ <configuration>
+ <descriptors>
+ <descriptor>src/main/assembly/assembly.xml</descriptor>
+ </descriptors>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
+
Added: cxf/fediz/trunk/plugins/jetty/src/main/assembly/assembly.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/jetty/src/main/assembly/assembly.xml?rev=1413427&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/jetty/src/main/assembly/assembly.xml (added)
+++ cxf/fediz/trunk/plugins/jetty/src/main/assembly/assembly.xml Sun Nov 25 21:39:53 2012
@@ -0,0 +1,18 @@
+<assembly xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0
+http://maven.apache.org/xsd/assembly-1.1.0.xsd">
+ <id>zip-with-dependencies</id>
+ <formats>
+ <format>zip</format>
+ </formats>
+ <includeBaseDirectory>false</includeBaseDirectory>
+ <dependencySets>
+ <dependencySet>
+ <outputDirectory>/</outputDirectory>
+ <useProjectArtifact>true</useProjectArtifact>
+ <unpack>false</unpack>
+ <scope>runtime</scope>
+ </dependencySet>
+ </dependencySets>
+</assembly>
Added: cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java?rev=1413427&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java (added)
+++ cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java Sun Nov 25 21:39:53 2012
@@ -0,0 +1,400 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.jetty;
+
+import java.io.File;
+import java.io.IOException;
+
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import javax.xml.bind.JAXBException;
+
+import org.apache.cxf.fediz.core.FederationConstants;
+import org.apache.cxf.fediz.core.FederationProcessor;
+import org.apache.cxf.fediz.core.FederationProcessorImpl;
+import org.apache.cxf.fediz.core.FederationRequest;
+import org.apache.cxf.fediz.core.FederationResponse;
+import org.apache.cxf.fediz.core.config.FederationConfigurator;
+import org.apache.cxf.fediz.core.config.FederationContext;
+import org.apache.cxf.fediz.core.exception.ProcessingException;
+import org.eclipse.jetty.http.HttpMethods;
+import org.eclipse.jetty.http.MimeTypes;
+import org.eclipse.jetty.security.ServerAuthException;
+import org.eclipse.jetty.security.UserAuthentication;
+import org.eclipse.jetty.security.authentication.DeferredAuthentication;
+import org.eclipse.jetty.security.authentication.LoginAuthenticator;
+import org.eclipse.jetty.security.authentication.SessionAuthentication;
+import org.eclipse.jetty.server.AbstractHttpConnection;
+import org.eclipse.jetty.server.Authentication;
+import org.eclipse.jetty.server.Authentication.User;
+import org.eclipse.jetty.server.Request;
+import org.eclipse.jetty.server.UserIdentity;
+import org.eclipse.jetty.util.MultiMap;
+import org.eclipse.jetty.util.StringUtil;
+import org.eclipse.jetty.util.URIUtil;
+import org.eclipse.jetty.util.log.Log;
+import org.eclipse.jetty.util.log.Logger;
+
+/**
+ * Federation Authenticator.
+ * <p>
+ * This authenticator implements form authentication will redirect to the Identity Provider
+ * by sending a WS-Federation SignIn request.
+ * </p>
+ * <p>
+ * The federation authenticator redirects unauthenticated requests to an Identity Provider which use any kind of
+ * mechanism to authenticate the user.
+ * FederationAuthentication uses {@link SessionAuthentication} to wrap Authentication results so that they are
+ * associated with the session.
+ * </p>
+ */
+// CHECKSTYLE:OFF
+public class FederationAuthenticator extends LoginAuthenticator {
+
+ public static final String J_URI = "org.eclipse.jetty.security.form_URI";
+ public static final String J_POST = "org.eclipse.jetty.security.form_POST";
+
+ private static final Logger LOG = Log.getLogger(FederationAuthenticator.class);
+
+ private String configFile;
+ private FederationConfigurator configurator;
+
+ public FederationAuthenticator() {
+ }
+
+
+ /**
+ *
+ */
+ @Override
+ public void setConfiguration(AuthConfiguration configuration) {
+ super.setConfiguration(configuration);
+ // is called after the bean setting -> do initialization here
+ System.out.println(configuration.getInitParameterNames());
+ try {
+ File f = new File(getConfigFile());
+ if (!f.exists()) {
+ String jettyHome = System.getProperty("jetty.home");
+ if (jettyHome != null && jettyHome.length() > 0) {
+ f = new File(jettyHome.concat(File.separator + getConfigFile()));
+ }
+ }
+ configurator = new FederationConfigurator();
+ configurator.loadConfig(f);
+ LOG.debug("Fediz configuration read from " + f.getAbsolutePath());
+ } catch (JAXBException e) {
+ //[TODO] use other exception
+ throw new RuntimeException("Failed to load Fediz configuration",
+ e);
+ //throw new ServerAuthException("Failed to load Fediz configuration",
+ // e);
+ }
+
+ }
+
+ /* ------------------------------------------------------------ */
+ public String getAuthMethod() {
+ return "WSFED";
+ }
+
+ public String getConfigFile() {
+ return configFile;
+ }
+
+ public void setConfigFile(String configFile) {
+ this.configFile = configFile;
+ }
+
+ /* ------------------------------------------------------------ */
+ public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory)
+ throws ServerAuthException {
+ HttpServletRequest request = (HttpServletRequest)req;
+ HttpServletResponse response = (HttpServletResponse)res;
+ String uri = request.getRequestURI();
+ if (uri == null) {
+ uri = URIUtil.SLASH;
+ }
+
+ /*
+ * mandatory|=isJSecurityCheck(uri); if (!mandatory) return _deferred;
+ */
+
+ /*
+ * not the case if
+ * (isLoginOrErrorPage(URIUtil.addPaths(request.getServletPath(),request.getPathInfo()))) return
+ * Authentication.NOT_CHECKED;
+ */
+
+ HttpSession session = request.getSession(true);
+
+ try {
+ String wa = request.getParameter("wa");
+ String wresult = request.getParameter("wresult");
+
+ // Handle a request for authentication.
+
+ if (wa != null) {
+
+ FederationResponse wfRes = null;
+ if (wa.equals(FederationConstants.ACTION_SIGNIN)) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("SignIn request found");
+ LOG.debug("SignIn action...");
+ }
+
+ if (wresult == null) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("SignIn request must contain wresult");
+ }
+ response.sendError(HttpServletResponse.SC_BAD_REQUEST);
+ return Authentication.SEND_FAILURE;
+ } else {
+
+ FederationRequest wfReq = new FederationRequest();
+ wfReq.setWa(wa);
+ wfReq.setWresult(wresult);
+
+ //Not supported in jetty 7.6
+ //String contextName = request.getServletContext().getContextPath();
+ String contextName = request.getSession().getServletContext().getContextPath();
+ if (contextName == null || contextName.isEmpty()) {
+ contextName = "/";
+ }
+ FederationContext fedConfig = getContextConfiguration(contextName);
+
+ FederationLoginService fedLoginService = (FederationLoginService)this._loginService;
+ UserIdentity user = fedLoginService.login(null, wfReq, fedConfig);
+ if (user != null)
+ {
+ session=renewSession(request,response);
+
+ // Redirect to original request
+ String nuri;
+ synchronized(session)
+ {
+ nuri = (String) session.getAttribute(J_URI);
+
+ if (nuri == null || nuri.length() == 0)
+ {
+ nuri = request.getContextPath();
+ if (nuri.length() == 0) {
+ nuri = URIUtil.SLASH;
+ }
+ }
+ Authentication cached=new SessionAuthentication(getAuthMethod(), user, wfRes);
+ session.setAttribute(SessionAuthentication.__J_AUTHENTICATED, cached);
+ }
+ response.setContentLength(0);
+ response.sendRedirect(response.encodeRedirectURL(nuri));
+
+ return new FederationAuthentication(getAuthMethod(), user);
+ }
+
+ // not authenticated
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("WSFED authentication FAILED for " + StringUtil.printable(user.getUserPrincipal().getName()));
+ }
+ if (response != null) {
+ response.sendError(HttpServletResponse.SC_FORBIDDEN);
+ }
+
+ }
+ } else {
+ LOG.warn("Not supported action found in parameter wa: " + wa);
+ response.sendError(HttpServletResponse.SC_BAD_REQUEST);
+ return Authentication.UNAUTHENTICATED;
+ }
+ }
+
+ // Look for cached authentication
+ Authentication authentication = (Authentication) session.getAttribute(SessionAuthentication.__J_AUTHENTICATED);
+ if (authentication != null)
+ {
+ // Has authentication been revoked?
+ if (authentication instanceof Authentication.User &&
+ _loginService!=null &&
+ !_loginService.validate(((Authentication.User)authentication).getUserIdentity()))
+ {
+
+ session.removeAttribute(SessionAuthentication.__J_AUTHENTICATED);
+ }
+ else
+ {
+ String j_uri = (String)session.getAttribute(J_URI);
+ if (j_uri != null)
+ {
+ MultiMap<String> j_post = (MultiMap<String>)session.getAttribute(J_POST);
+ if (j_post != null)
+ {
+ StringBuffer buf = request.getRequestURL();
+ if (request.getQueryString() != null) {
+ buf.append("?").append(request.getQueryString());
+ }
+
+ if (j_uri.equals(buf.toString()))
+ {
+ // This is a retry of an original POST request
+ // so restore method and parameters
+
+ session.removeAttribute(J_POST);
+ Request base_request = (req instanceof Request)?(Request)req:AbstractHttpConnection.getCurrentConnection().getRequest();
+ base_request.setMethod(HttpMethods.POST);
+ base_request.setParameters(j_post);
+ }
+ }
+ else
+ session.removeAttribute(J_URI);
+
+ }
+ return authentication;
+ }
+ }
+
+
+ // if we can't send challenge
+ if (DeferredAuthentication.isDeferred(response))
+ {
+ LOG.debug("auth deferred {}",session.getId());
+ return Authentication.UNAUTHENTICATED;
+ }
+
+ // remember the current URI
+ synchronized (session)
+ {
+ // But only if it is not set already, or we save every uri that leads to a login form redirect
+ if (session.getAttribute(J_URI)==null) // || alwaysSaveUri)
+ {
+ StringBuffer buf = request.getRequestURL();
+ if (request.getQueryString() != null) {
+ buf.append("?").append(request.getQueryString());
+ }
+ session.setAttribute(J_URI, buf.toString());
+
+ if (MimeTypes.FORM_ENCODED.equalsIgnoreCase(req.getContentType()) && HttpMethods.POST.equals(request.getMethod()))
+ {
+ Request base_request = (req instanceof Request)?(Request)req:AbstractHttpConnection.getCurrentConnection().getRequest();
+ base_request.extractParameters();
+ session.setAttribute(J_POST, new MultiMap<String>(base_request.getParameters()));
+ }
+ }
+ }
+
+ FederationProcessor wfProc = new FederationProcessorImpl();
+ redirectToIssuer(request, response, wfProc);
+ //response.sendRedirect(response.encodeRedirectURL(URIUtil.addPaths(request.getContextPath(),
+ // formLoginPage)));
+
+ return Authentication.SEND_CONTINUE;
+
+ } catch (IOException e) {
+ throw new ServerAuthException(e);
+ }
+ /*
+ * catch (ServletException e) { throw new ServerAuthException(e); }
+ */
+ }
+
+
+
+ /* ------------------------------------------------------------ */
+ public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory,
+ User validatedUser) throws ServerAuthException {
+ return true;
+ }
+
+ /**
+ * Called to redirect to the IDP/Issuer
+ *
+ * @param request
+ * Request we are processing
+ * @param response
+ * Response we are populating
+ * @param processor
+ * FederationProcessor
+ * @throws IOException
+ * If the forward to the login page fails and the call to
+ * {@link HttpServletResponse#sendError(int, String)} throws an
+ * {@link IOException}
+ */
+ protected void redirectToIssuer(HttpServletRequest request, HttpServletResponse response, FederationProcessor processor)
+ throws IOException {
+
+ //Not supported in jetty 7.6
+ //String contextName = request.getServletContext().getContextPath();
+ String contextName = request.getSession().getServletContext().getContextPath();
+ if (contextName == null || contextName.isEmpty()) {
+ contextName = "/";
+ }
+ FederationContext fedCtx = this.configurator.getFederationContext(contextName);
+ String redirectURL = null;
+ try {
+ redirectURL = processor.createSignInRequest(request, fedCtx);
+ if (redirectURL != null) {
+ response.sendRedirect(redirectURL);
+ } else {
+ LOG.warn("Failed to create SignInRequest.");
+ response.sendError(
+ HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to create SignInRequest.");
+ }
+ } catch (ProcessingException ex) {
+ LOG.warn("Failed to create SignInRequest: " + ex.getMessage());
+ response.sendError(
+ HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to create SignInRequest.");
+ }
+
+ }
+
+ private FederationContext getContextConfiguration(String contextName) {
+ if (configurator == null) {
+ throw new IllegalStateException("No Fediz configuration available");
+ }
+ FederationContext config = configurator.getFederationContext(contextName);
+ if (config == null) {
+ throw new IllegalStateException("No Fediz configuration for context :" + contextName);
+ }
+
+ String jettyHome = System.getProperty("jetty.home");
+ if (jettyHome != null && jettyHome.length() > 0) {
+ config.setRelativePath(jettyHome);
+ }
+ return config;
+ }
+
+ /* ------------------------------------------------------------ */
+ /**
+ * This Authentication represents a just completed Federation authentication. Subsequent requests from the same
+ * user are authenticated by the presents of a {@link SessionAuthentication} instance in their session.
+ */
+ public static class FederationAuthentication extends UserAuthentication implements
+ Authentication.ResponseSent {
+
+ public FederationAuthentication(String method, UserIdentity userIdentity) {
+ super(method, userIdentity);
+ }
+
+ @Override
+ public String toString() {
+ return "WSFED" + super.toString();
+ }
+ }
+}
Added: cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationLoginService.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationLoginService.java?rev=1413427&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationLoginService.java (added)
+++ cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationLoginService.java Sun Nov 25 21:39:53 2012
@@ -0,0 +1,166 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.jetty;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.security.auth.Subject;
+
+import org.apache.cxf.fediz.core.FederationProcessor;
+import org.apache.cxf.fediz.core.FederationProcessorImpl;
+import org.apache.cxf.fediz.core.FederationRequest;
+import org.apache.cxf.fediz.core.FederationResponse;
+import org.apache.cxf.fediz.core.config.FederationContext;
+import org.apache.cxf.fediz.core.exception.ProcessingException;
+import org.eclipse.jetty.security.IdentityService;
+import org.eclipse.jetty.security.LoginService;
+import org.eclipse.jetty.server.UserIdentity;
+import org.eclipse.jetty.util.component.AbstractLifeCycle;
+import org.eclipse.jetty.util.log.Log;
+import org.eclipse.jetty.util.log.Logger;
+
+public class FederationLoginService extends AbstractLifeCycle implements LoginService {
+ private static final Logger LOG = Log.getLogger(FederationLoginService.class);
+
+ protected IdentityService identityService;
+ protected String name;
+
+
+ public FederationLoginService() {
+ }
+
+ public FederationLoginService(String name) {
+ this.name = name;
+ }
+
+ @Override
+ public String getName() {
+ return name;
+ }
+
+ public void setName(String name) {
+ if (isRunning()) {
+ throw new IllegalStateException("Running");
+ }
+
+ this.name = name;
+ }
+
+ @Override
+ protected void doStart() throws Exception {
+ LOG.debug("doStart");
+ super.doStart();
+ }
+
+ /**
+ * username will be null since the credentials will contain all the relevant info
+ */
+ public UserIdentity login(String username, Object credentials, FederationContext config) {
+
+ try {
+ FederationResponse wfRes = null;
+ FederationRequest wfReq = (FederationRequest)credentials;
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Process SignIn request");
+ LOG.debug("wresult=\n" + wfReq.getWresult());
+ }
+
+ FederationProcessor wfProc = new FederationProcessorImpl();
+ try {
+ wfRes = wfProc.processRequest(wfReq, config);
+ } catch (ProcessingException ex) {
+ LOG.warn("Federation processing failed: " + ex.getMessage());
+ return null;
+ }
+
+
+ // Validate the AudienceRestriction in Security Token (e.g. SAML)
+ // against the configured list of audienceURIs
+ if (wfRes.getAudience() != null) {
+ List<String> audienceURIs = config.getAudienceUris();
+ boolean validAudience = false;
+ for (String a : audienceURIs) {
+ if (wfRes.getAudience().startsWith(a)) {
+ validAudience = true;
+ break;
+ }
+ }
+
+ if (!validAudience) {
+ LOG.warn("Token AudienceRestriction [" + wfRes.getAudience()
+ + "] doesn't match with specified list of URIs.");
+ return null;
+ }
+ }
+
+ List<String> roles = wfRes.getRoles();
+ if (roles == null || roles.size() == 0) {
+ roles = new ArrayList<String>();
+ roles.add(new String("Authenticated"));
+ }
+
+ FederationUserPrincipal user = new FederationUserPrincipal(wfRes.getUsername(), wfRes);
+
+ Subject subject = new Subject();
+ subject.getPrincipals().add(user);
+
+ String[] aRoles = new String[roles.size()];
+ roles.toArray(aRoles);
+
+ //[TODO] Create FederationUserIdentity here
+ //FederationReponse should be protected and
+ //not accessible in Principal
+ return identityService.newUserIdentity(subject, user, aRoles);
+
+ } catch (Exception ex) {
+ LOG.warn(ex);
+ }
+
+ return null;
+ }
+
+ public boolean validate(UserIdentity user) {
+ //[TODO] check validity of token???
+ return true;
+ }
+
+ @Override
+ public IdentityService getIdentityService() {
+ return identityService;
+ }
+
+ @Override
+ public void setIdentityService(IdentityService service) {
+ identityService = service;
+ }
+
+ public void logout(UserIdentity user) {
+
+ }
+
+ @Override
+ public UserIdentity login(String username, Object credentials) {
+ return null;
+ }
+
+
+}
Added: cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationUserIdentity.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationUserIdentity.java?rev=1413427&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationUserIdentity.java (added)
+++ cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationUserIdentity.java Sun Nov 25 21:39:53 2012
@@ -0,0 +1,55 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.jetty;
+
+
+import java.security.Principal;
+import java.util.List;
+
+import javax.security.auth.Subject;
+
+import org.eclipse.jetty.server.UserIdentity;
+
+public class FederationUserIdentity implements UserIdentity {
+
+ private Subject subject;
+ private Principal principal;
+ private List<String> roles;
+
+ public FederationUserIdentity(Subject subject, Principal principal, List<String> roles) {
+ this.subject = subject;
+ this.principal = principal;
+ this.roles = roles;
+ }
+
+
+ public Subject getSubject() {
+ return subject;
+ }
+
+ public Principal getUserPrincipal() {
+ return principal;
+ }
+
+ public boolean isUserInRole(String role, Scope scope) {
+ return roles.contains(role);
+ }
+
+}
Added: cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationUserPrincipal.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationUserPrincipal.java?rev=1413427&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationUserPrincipal.java (added)
+++ cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationUserPrincipal.java Sun Nov 25 21:39:53 2012
@@ -0,0 +1,55 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.jetty;
+
+import org.apache.cxf.fediz.core.ClaimCollection;
+import org.apache.cxf.fediz.core.FederationPrincipal;
+import org.apache.cxf.fediz.core.FederationResponse;
+
+public class FederationUserPrincipal implements FederationPrincipal {
+ private String name;
+ private ClaimCollection claims;
+ private FederationResponse response;
+
+ public FederationUserPrincipal(String name, FederationResponse response) {
+ this.name = name;
+ this.response = response;
+ this.claims = new ClaimCollection(response.getClaims());
+ }
+
+ @Override
+ public String getName() {
+ return name;
+ }
+
+
+ @Override
+ public ClaimCollection getClaims() {
+ return claims;
+ }
+
+ // not public available
+ //[TODO] maybe find better approach, custom UserIdentity
+ FederationResponse getFederationResponse() {
+ return response;
+ }
+
+
+}
Added: cxf/fediz/trunk/plugins/jetty/src/test/java/org/apache/cxf/fediz/jetty/BrowserTest.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/jetty/src/test/java/org/apache/cxf/fediz/jetty/BrowserTest.java?rev=1413427&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/jetty/src/test/java/org/apache/cxf/fediz/jetty/BrowserTest.java (added)
+++ cxf/fediz/trunk/plugins/jetty/src/test/java/org/apache/cxf/fediz/jetty/BrowserTest.java Sun Nov 25 21:39:53 2012
@@ -0,0 +1,126 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.jetty;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.security.KeyStore;
+
+
+import org.apache.http.HttpEntity;
+import org.apache.http.HttpResponse;
+import org.apache.http.auth.AuthScope;
+import org.apache.http.auth.UsernamePasswordCredentials;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.conn.scheme.Scheme;
+import org.apache.http.conn.ssl.SSLSocketFactory;
+import org.apache.http.impl.client.DefaultHttpClient;
+import org.apache.http.util.EntityUtils;
+import org.eclipse.jetty.server.Server;
+import org.eclipse.jetty.util.resource.Resource;
+import org.eclipse.jetty.xml.XmlConfiguration;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+
+
+public class BrowserTest {
+
+ private static Server server;
+
+
+ @BeforeClass
+ public static void init() {
+ try {
+ //Resource testServerConfig = Resource.newSystemResource("testserver.xml");
+ Resource testServerConfig = Resource.newSystemResource("fedserver.xml");
+ XmlConfiguration configuration = new XmlConfiguration(testServerConfig.getInputStream());
+ server = (Server)configuration.configure();
+ server.start();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ @org.junit.Test
+ public void testStart() throws Exception {
+ System.out.println(System.getProperty("jetty.home"));
+ System.out.println(Server.getVersion());
+ System.out.println(server.isRunning());
+ }
+
+ @org.junit.Test
+ public void testGetSecureUrl() throws Exception {
+ String uri = "http://localhost:8080/fedizhelloworld/secure/fedservlet";
+ DefaultHttpClient httpclient = new DefaultHttpClient();
+ try {
+ httpclient.getCredentialsProvider().setCredentials(
+ new AuthScope("localhost", 9443),
+ new UsernamePasswordCredentials("alice", "ecila"));
+
+ KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
+ FileInputStream instream = new FileInputStream(new File("./target/test-classes/tomcat-idp.jks"));
+ try {
+ trustStore.load(instream, "tompass".toCharArray());
+ } finally {
+ try {
+ instream.close();
+ } catch (Exception ex) {
+ ex.printStackTrace();
+ }
+ }
+
+ SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore);
+ Scheme sch = new Scheme("https", 9443, socketFactory);
+ httpclient.getConnectionManager().getSchemeRegistry().register(sch);
+
+ HttpGet httpget = new HttpGet(uri);
+
+ System.out.println("executing request" + httpget.getRequestLine());
+ HttpResponse response = httpclient.execute(httpget);
+ HttpEntity entity = response.getEntity();
+
+ System.out.println("----------------------------------------");
+ System.out.println(response.getStatusLine());
+ if (entity != null) {
+ System.out.println("Response content length: " + entity.getContentLength());
+ }
+ EntityUtils.consume(entity);
+ } finally {
+ // When HttpClient instance is no longer needed,
+ // shut down the connection manager to ensure
+ // immediate deallocation of all system resources
+ httpclient.getConnectionManager().shutdown();
+ }
+
+ }
+
+
+ @AfterClass
+ public static void cleanup() {
+ if (server.isStarted()) {
+ try {
+ server.stop();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+ }
+
+}
Added: cxf/fediz/trunk/plugins/jetty/src/test/resources/fediz_config.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/jetty/src/test/resources/fediz_config.xml?rev=1413427&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/jetty/src/test/resources/fediz_config.xml (added)
+++ cxf/fediz/trunk/plugins/jetty/src/test/resources/fediz_config.xml Sun Nov 25 21:39:53 2012
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<!-- Place in Tomcat conf folder or other location as designated in this sample's webapp/META-INF/context.xml file.
+ Keystore referenced below must have IDP STS' public cert included in it. This example re-uses the Tomcat SSL
+ keystore (tomcat-rp.jks) for this task; alternatively you may wish to use a Fediz-specific keystore instead.
+-->
+<FedizConfig>
+ <contextConfig name="/fedizhelloworld">
+ <audienceUris>
+ <audienceItem>https://localhost:8443/fedizhelloworld/</audienceItem>
+ <audienceItem>http://localhost:8080/fedizhelloworld/</audienceItem>
+ </audienceUris>
+ <certificateStores>
+ <trustManager>
+ <keyStore file="stsstore.jks" password="stsspass" type="JKS" />
+ </trustManager>
+ </certificateStores>
+ <trustedIssuers>
+ <issuer subject=".*CN=www.sts.com.*" certificateValidation="ChainTrust"
+ name="DoubleItSTSIssuer" />
+ </trustedIssuers>
+ <maximumClockSkew>1000</maximumClockSkew>
+ <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:type="federationProtocolType" version="1.0.0">
+ <!--<realm>target realm</realm>-->
+ <issuer>https://localhost:9443/fedizidp/</issuer>
+ <roleDelimiter>,</roleDelimiter>
+ <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+ <!--<authenticationType type="String">some auth type</authenticationType>-->
+ <!--<homeRealm type="Class">org.apache.fediz.realm.MyHomeRealm</homeRealm>-->
+ <!--<freshness>0</freshness>-->
+ <!--<reply>reply value</reply>-->
+ <!--<request>REQUEST</request>-->
+ <claimTypesRequested>
+ <claimType type="a particular claim type" optional="true" />
+ </claimTypesRequested>
+ </protocol>
+ </contextConfig>
+</FedizConfig>
+
Added: cxf/fediz/trunk/plugins/jetty/src/test/resources/fedizhelloworld.war
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/jetty/src/test/resources/fedizhelloworld.war?rev=1413427&view=auto
==============================================================================
Files cxf/fediz/trunk/plugins/jetty/src/test/resources/fedizhelloworld.war (added) and cxf/fediz/trunk/plugins/jetty/src/test/resources/fedizhelloworld.war Sun Nov 25 21:39:53 2012 differ
Added: cxf/fediz/trunk/plugins/jetty/src/test/resources/fedserver.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/jetty/src/test/resources/fedserver.xml?rev=1413427&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/jetty/src/test/resources/fedserver.xml (added)
+++ cxf/fediz/trunk/plugins/jetty/src/test/resources/fedserver.xml Sun Nov 25 21:39:53 2012
@@ -0,0 +1,52 @@
+<?xml version="1.0"?>
+<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure.dtd">
+
+<Configure id="FileServer" class="org.eclipse.jetty.server.Server">
+
+ <Call class="org.eclipse.jetty.util.log.Log" name="getRootLogger">
+ <Call name="setDebugEnabled">
+ <Arg type="boolean">true</Arg>
+ </Call>
+ </Call>
+
+ <Call name="addConnector">
+ <Arg>
+ <New class="org.eclipse.jetty.server.nio.SelectChannelConnector">
+ <Set name="port">8080</Set>
+ </New>
+ </Arg>
+ </Call>
+
+ <Set name="handler">
+ <New class="org.eclipse.jetty.server.handler.HandlerList">
+ <Set name="handlers">
+ <Array type="org.eclipse.jetty.server.Handler">
+ <Item>
+ <New class="org.eclipse.jetty.webapp.WebAppContext">
+ <Set name="contextPath">/fedizhelloworld</Set>
+ <Set name="war">./target/test-classes/fedizhelloworld.war</Set>
+ <Set name="throwUnavailableOnStartupException">true</Set>
+
+ <Get name="securityHandler">
+ <Set name="authenticator">
+ <New class="org.apache.cxf.fediz.jetty.FederationAuthenticator">
+ <Set name="configFile">./target/test-classes/fediz_config.xml</Set>
+ </New>
+ </Set>
+ </Get>
+ </New>
+ </Item>
+ </Array>
+ </Set>
+ </New>
+ </Set>
+
+ <Call name="addBean">
+ <Arg>
+ <New class="org.apache.cxf.fediz.jetty.FederationLoginService">
+ <Set name="name">WSFED</Set>
+ </New>
+ </Arg>
+ </Call>
+
+</Configure>
\ No newline at end of file
Added: cxf/fediz/trunk/plugins/jetty/src/test/resources/stsstore.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/jetty/src/test/resources/stsstore.jks?rev=1413427&view=auto
==============================================================================
Files cxf/fediz/trunk/plugins/jetty/src/test/resources/stsstore.jks (added) and cxf/fediz/trunk/plugins/jetty/src/test/resources/stsstore.jks Sun Nov 25 21:39:53 2012 differ
Added: cxf/fediz/trunk/plugins/jetty/src/test/resources/tomcat-idp.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/jetty/src/test/resources/tomcat-idp.jks?rev=1413427&view=auto
==============================================================================
Files cxf/fediz/trunk/plugins/jetty/src/test/resources/tomcat-idp.jks (added) and cxf/fediz/trunk/plugins/jetty/src/test/resources/tomcat-idp.jks Sun Nov 25 21:39:53 2012 differ
Modified: cxf/fediz/trunk/pom.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/pom.xml?rev=1413427&r1=1413426&r2=1413427&view=diff
==============================================================================
--- cxf/fediz/trunk/pom.xml (original)
+++ cxf/fediz/trunk/pom.xml Sun Nov 25 21:39:53 2012
@@ -36,7 +36,8 @@
<slf4j.version>1.6.5</slf4j.version>
<spring.version>3.0.7.RELEASE</spring.version>
<tomcat.version>7.0.27</tomcat.version>
- <jetty.version>8.1.3.v20120416</jetty.version>
+ <jetty.version>8.1.8.v20121106</jetty.version>
+ <!--<jetty.version>7.6.8.v20121106</jetty.version>-->
<junit.version>4.8.2</junit.version>
<tomcat.url>http://localhost:8080/manager/text</tomcat.url>
<cxf.version>2.6.3</cxf.version>