You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by ow...@apache.org on 2013/10/24 21:41:01 UTC
svn commit: r1535508 - in /cxf/fediz/trunk/services/sts: ./
src/main/resources/ src/main/webapp/WEB-INF/ src/main/webapp/WEB-INF/wsdl/
src/realms/resources/ src/realms/webapp/WEB-INF/
src/realms/webapp/WEB-INF/wsdl/
Author: owulff
Date: Thu Oct 24 19:41:00 2013
New Revision: 1535508
URL: http://svn.apache.org/r1535508
Log:
Refactored STS to support two realms by default
Added:
cxf/fediz/trunk/services/sts/src/main/resources/realma.cert
- copied, changed from r1535507, cxf/fediz/trunk/services/sts/src/realms/resources/realma.cert
cxf/fediz/trunk/services/sts/src/main/resources/realmb.cert
- copied, changed from r1535507, cxf/fediz/trunk/services/sts/src/realms/resources/realmb.cert
cxf/fediz/trunk/services/sts/src/main/resources/stsKeystoreA.properties
- copied, changed from r1535507, cxf/fediz/trunk/services/sts/src/realms/resources/stsKeystoreA.properties
cxf/fediz/trunk/services/sts/src/main/resources/stsKeystoreB.properties
- copied, changed from r1535507, cxf/fediz/trunk/services/sts/src/realms/resources/stsKeystoreB.properties
cxf/fediz/trunk/services/sts/src/main/resources/stsTruststore.properties
- copied, changed from r1535507, cxf/fediz/trunk/services/sts/src/realms/resources/stsTruststore.properties
cxf/fediz/trunk/services/sts/src/main/resources/stsrealm_a.jks
- copied, changed from r1535507, cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_a.jks
cxf/fediz/trunk/services/sts/src/main/resources/stsrealm_b.jks
- copied, changed from r1535507, cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_b.jks
cxf/fediz/trunk/services/sts/src/main/resources/ststrust.jks
- copied, changed from r1535507, cxf/fediz/trunk/services/sts/src/realms/resources/ststrust.jks
Removed:
cxf/fediz/trunk/services/sts/src/main/resources/stsKeystore.properties
cxf/fediz/trunk/services/sts/src/main/resources/stsstore.jks
cxf/fediz/trunk/services/sts/src/realms/resources/log4j.properties
cxf/fediz/trunk/services/sts/src/realms/resources/org.apache.cxf.Logger
cxf/fediz/trunk/services/sts/src/realms/resources/realma.cert
cxf/fediz/trunk/services/sts/src/realms/resources/realmb.cert
cxf/fediz/trunk/services/sts/src/realms/resources/stsKeystoreA.properties
cxf/fediz/trunk/services/sts/src/realms/resources/stsKeystoreB.properties
cxf/fediz/trunk/services/sts/src/realms/resources/stsTruststore.properties
cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_a.jks
cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_b.jks
cxf/fediz/trunk/services/sts/src/realms/resources/ststrust.jks
cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/cxf-transport.xml
cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/passwords.xml
cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/userClaims.xml
cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl
cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/wsdl/ws-trust-1.4.wsdl
Modified:
cxf/fediz/trunk/services/sts/pom.xml
cxf/fediz/trunk/services/sts/src/main/resources/log4j.properties
cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml
cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/file.xml
cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/passwords.xml
cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/userClaims.xml
cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl
Modified: cxf/fediz/trunk/services/sts/pom.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/pom.xml?rev=1535508&r1=1535507&r2=1535508&view=diff
==============================================================================
--- cxf/fediz/trunk/services/sts/pom.xml (original)
+++ cxf/fediz/trunk/services/sts/pom.xml Thu Oct 24 19:41:00 2013
@@ -81,106 +81,6 @@
<build>
<plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-war-plugin</artifactId>
- <version>2.1.1</version>
- <configuration>
- <webResources>
- <resource>
- <directory>src/main/webapp</directory>
- <filtering>true</filtering>
- <includes>
- <include>**/cxf-transport.xml</include>
- </includes>
- </resource>
- <resource>
- <directory>src/main/webapp</directory>
- <filtering>false</filtering>
- <excludes>
- <exclude>**/cxf-transport.xml</exclude>
- </excludes>
- </resource>
- </webResources>
- </configuration>
- </plugin>
- <plugin>
- <artifactId>maven-surefire-plugin</artifactId>
- <version>2.14</version>
- <executions>
- <execution>
- <id>default-test</id>
- <phase>test</phase>
- <goals>
- <goal>test</goal>
- </goals>
- <configuration>
- <excludes>
- <exclude>**/realms/**/IT*Test.java</exclude>
- </excludes>
- </configuration>
- </execution>
- </executions>
- </plugin>
- <plugin>
- <!--for mvn tomcat:deploy/:undeploy/:redeploy -->
- <groupId>org.codehaus.mojo</groupId>
- <artifactId>tomcat-maven-plugin</artifactId>
- <version>1.1</version>
- <configuration>
- <server>myTomcat</server>
- <url>http://localhost:9080/manager/text</url>
- <path>/${project.build.finalName}</path>
- </configuration>
- </plugin>
- </plugins>
-
- <!-- Name of the generated WAR file -->
- <finalName>fediz-idp-sts</finalName>
- </build>
-
- <profiles>
- <profile>
- <id>ldap</id>
- <properties>
- <adapter.resource>ldap</adapter.resource>
- </properties>
- <dependencyManagement>
- <dependencies>
- <!-- spring-ldap-core uses 3.0.5 -->
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-tx</artifactId>
- <version>${spring.version}</version>
- </dependency>
- </dependencies>
- </dependencyManagement>
- <dependencies>
- <dependency>
- <groupId>org.springframework.ldap</groupId>
- <artifactId>spring-ldap-core</artifactId>
- <version>1.3.1.RELEASE</version>
- </dependency>
- </dependencies>
- </profile>
-
- <profile>
- <id>realms</id>
- <activation>
- <activeByDefault>true</activeByDefault>
- </activation>
- <properties>
-
- </properties>
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-resources-plugin</artifactId>
- <configuration>
- <overwrite>true</overwrite>
- </configuration>
- </plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
@@ -189,14 +89,14 @@
<configuration>
<webResources>
<resource>
- <directory>src/realms/webapp</directory>
+ <directory>src/main/webapp</directory>
<filtering>true</filtering>
<includes>
<include>**/cxf-transport.xml</include>
</includes>
</resource>
<resource>
- <directory>src/realms/webapp</directory>
+ <directory>src/main/webapp</directory>
<filtering>false</filtering>
<excludes>
<exclude>**/cxf-transport.xml</exclude>
@@ -358,14 +258,65 @@
</execution>
</executions>
</plugin>
- </plugins>
- <resources>
- <resource>
- <directory>src/realms/resources</directory>
- </resource>
- </resources>
- </build>
- </profile>
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <version>2.14</version>
+ <executions>
+ <execution>
+ <id>default-test</id>
+ <phase>test</phase>
+ <goals>
+ <goal>test</goal>
+ </goals>
+ <configuration>
+ <excludes>
+ <exclude>**/realms/**/IT*Test.java</exclude>
+ </excludes>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <!--for mvn tomcat:deploy/:undeploy/:redeploy -->
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>tomcat-maven-plugin</artifactId>
+ <version>1.1</version>
+ <configuration>
+ <server>myTomcat</server>
+ <url>http://localhost:9080/manager/text</url>
+ <path>/${project.build.finalName}</path>
+ </configuration>
+ </plugin>
+ </plugins>
+
+ <!-- Name of the generated WAR file -->
+ <finalName>fediz-idp-sts</finalName>
+ </build>
+
+ <profiles>
+ <profile>
+ <id>ldap</id>
+ <properties>
+ <adapter.resource>ldap</adapter.resource>
+ </properties>
+ <dependencyManagement>
+ <dependencies>
+ <!-- spring-ldap-core uses 3.0.5 -->
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-tx</artifactId>
+ <version>${spring.version}</version>
+ </dependency>
+ </dependencies>
+ </dependencyManagement>
+ <dependencies>
+ <dependency>
+ <groupId>org.springframework.ldap</groupId>
+ <artifactId>spring-ldap-core</artifactId>
+ <version>1.3.1.RELEASE</version>
+ </dependency>
+ </dependencies>
+ </profile>
</profiles>
</project>
Modified: cxf/fediz/trunk/services/sts/src/main/resources/log4j.properties
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/resources/log4j.properties?rev=1535508&r1=1535507&r2=1535508&view=diff
==============================================================================
--- cxf/fediz/trunk/services/sts/src/main/resources/log4j.properties (original)
+++ cxf/fediz/trunk/services/sts/src/main/resources/log4j.properties Thu Oct 24 19:41:00 2013
@@ -26,7 +26,6 @@ log4j.appender.LOGFILE.layout.Conversion
log4j.appender.AUDIT=org.apache.log4j.FileAppender
log4j.appender.AUDIT.File=${catalina.base}/logs/audit.log
log4j.appender.AUDIT.Append=true
-log4j.appender.AUDIT.Threshold=INFO
+log4j.appender.AUDIT.Threshold=DEBUG
log4j.appender.AUDIT.layout=org.apache.cxf.sts.event.LoggerPatternLayoutLog4J
log4j.appender.AUDIT.layout.ConversionPattern=%m%n
-
Copied: cxf/fediz/trunk/services/sts/src/main/resources/realma.cert (from r1535507, cxf/fediz/trunk/services/sts/src/realms/resources/realma.cert)
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/resources/realma.cert?p2=cxf/fediz/trunk/services/sts/src/main/resources/realma.cert&p1=cxf/fediz/trunk/services/sts/src/realms/resources/realma.cert&r1=1535507&r2=1535508&rev=1535508&view=diff
==============================================================================
(empty)
Copied: cxf/fediz/trunk/services/sts/src/main/resources/realmb.cert (from r1535507, cxf/fediz/trunk/services/sts/src/realms/resources/realmb.cert)
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/resources/realmb.cert?p2=cxf/fediz/trunk/services/sts/src/main/resources/realmb.cert&p1=cxf/fediz/trunk/services/sts/src/realms/resources/realmb.cert&r1=1535507&r2=1535508&rev=1535508&view=diff
==============================================================================
(empty)
Copied: cxf/fediz/trunk/services/sts/src/main/resources/stsKeystoreA.properties (from r1535507, cxf/fediz/trunk/services/sts/src/realms/resources/stsKeystoreA.properties)
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/resources/stsKeystoreA.properties?p2=cxf/fediz/trunk/services/sts/src/main/resources/stsKeystoreA.properties&p1=cxf/fediz/trunk/services/sts/src/realms/resources/stsKeystoreA.properties&r1=1535507&r2=1535508&rev=1535508&view=diff
==============================================================================
(empty)
Copied: cxf/fediz/trunk/services/sts/src/main/resources/stsKeystoreB.properties (from r1535507, cxf/fediz/trunk/services/sts/src/realms/resources/stsKeystoreB.properties)
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/resources/stsKeystoreB.properties?p2=cxf/fediz/trunk/services/sts/src/main/resources/stsKeystoreB.properties&p1=cxf/fediz/trunk/services/sts/src/realms/resources/stsKeystoreB.properties&r1=1535507&r2=1535508&rev=1535508&view=diff
==============================================================================
(empty)
Copied: cxf/fediz/trunk/services/sts/src/main/resources/stsTruststore.properties (from r1535507, cxf/fediz/trunk/services/sts/src/realms/resources/stsTruststore.properties)
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/resources/stsTruststore.properties?p2=cxf/fediz/trunk/services/sts/src/main/resources/stsTruststore.properties&p1=cxf/fediz/trunk/services/sts/src/realms/resources/stsTruststore.properties&r1=1535507&r2=1535508&rev=1535508&view=diff
==============================================================================
(empty)
Copied: cxf/fediz/trunk/services/sts/src/main/resources/stsrealm_a.jks (from r1535507, cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_a.jks)
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/resources/stsrealm_a.jks?p2=cxf/fediz/trunk/services/sts/src/main/resources/stsrealm_a.jks&p1=cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_a.jks&r1=1535507&r2=1535508&rev=1535508&view=diff
==============================================================================
(empty)
Copied: cxf/fediz/trunk/services/sts/src/main/resources/stsrealm_b.jks (from r1535507, cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_b.jks)
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/resources/stsrealm_b.jks?p2=cxf/fediz/trunk/services/sts/src/main/resources/stsrealm_b.jks&p1=cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_b.jks&r1=1535507&r2=1535508&rev=1535508&view=diff
==============================================================================
(empty)
Copied: cxf/fediz/trunk/services/sts/src/main/resources/ststrust.jks (from r1535507, cxf/fediz/trunk/services/sts/src/realms/resources/ststrust.jks)
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/resources/ststrust.jks?p2=cxf/fediz/trunk/services/sts/src/main/resources/ststrust.jks&p1=cxf/fediz/trunk/services/sts/src/realms/resources/ststrust.jks&r1=1535507&r2=1535508&rev=1535508&view=diff
==============================================================================
(empty)
Modified: cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml?rev=1535508&r1=1535507&r2=1535508&view=diff
==============================================================================
--- cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml (original)
+++ cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml Thu Oct 24 19:41:00 2013
@@ -1,4 +1,3 @@
-<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:cxf="http://cxf.apache.org/core" xmlns:jaxws="http://cxf.apache.org/jaxws"
xmlns:test="http://apache.org/hello_world_soap_http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
@@ -18,35 +17,37 @@
http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd">
- <cxf:bus>
- <cxf:features>
- <cxf:logging />
- </cxf:features>
- </cxf:bus>
+ <import resource="classpath:META-INF/cxf/cxf.xml" />
+ <bean id="loggerListener" class="org.apache.cxf.sts.event.LoggerListener" />
+
<!--
Per default the resource <file.xml> is imported.
If built with Maven Profile 'ldap', the resource <ldap.xml> is imported
-->
<import resource="${adapter.resource}.xml" />
+
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging />
+ </cxf:features>
+ </cxf:bus>
- <bean id="loggerListener" class="org.apache.cxf.sts.event.LoggerListener" />
-
+ <bean id="samlDelegationHandler"
+ class="org.apache.cxf.fediz.service.sts.FedizSAMLDelegationHandler" />
+
<bean id="transportSTSProviderBean"
class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider">
<property name="issueOperation" ref="transportIssueDelegate" />
<property name="validateOperation" ref="transportValidateDelegate" />
</bean>
-
- <bean id="samlDelegationHandler"
- class="org.apache.cxf.fediz.service.sts.FedizSAMLDelegationHandler" />
<bean id="transportIssueDelegate" class="org.apache.cxf.sts.operation.TokenIssueOperation">
<property name="tokenProviders" ref="transportTokenProviders" />
- <property name="tokenValidators" ref="transportTokenValidators" />
<property name="services" ref="transportService" />
<property name="stsProperties" ref="transportSTSProperties" />
<property name="claimsManager" ref="claimsManager" />
+ <property name="tokenValidators" ref="transportTokenValidators" />
<property name="eventListener" ref="loggerListener" />
<property name="delegationHandlers" ref="samlDelegationHandler" />
</bean>
@@ -56,7 +57,23 @@
<property name="stsProperties" ref="transportSTSProperties" />
<property name="eventListener" ref="loggerListener" />
</bean>
-
+
+ <util:list id="relationships">
+ <bean class="org.apache.cxf.sts.token.realm.Relationship">
+ <property name="sourceRealm" value="REALMA" />
+ <property name="targetRealm" value="REALMB"/>
+ <property name="identityMapper" ref="identityMapper" />
+ <property name="type" value="FederatedIdentity" />
+ </bean>
+ <bean class="org.apache.cxf.sts.token.realm.Relationship">
+ <property name="sourceRealm" value="REALMB" />
+ <property name="targetRealm" value="REALMA"/>
+ <property name="identityMapper" ref="identityMapper" />
+ <property name="type" value="FederatedIdentity" />
+ </bean>
+ </util:list>
+
+
<util:list id="transportTokenProviders">
<ref bean="transportSamlTokenProvider" />
</util:list>
@@ -65,38 +82,69 @@
<ref bean="transportSamlTokenValidator" />
</util:list>
+
+ <bean id="realmA"
+ class="org.apache.cxf.sts.token.realm.SAMLRealm">
+ <property name="issuer" value="STS Realm A"/>
+ <property name="signaturePropertiesFile" value="stsKeystoreA.properties" />
+ <property name="callbackHandlerClass" value="org.apache.cxf.fediz.service.sts.PasswordCallbackHandler" />
+ </bean>
+
+ <bean id="realmB"
+ class="org.apache.cxf.sts.token.realm.SAMLRealm">
+ <property name="issuer" value="STS Realm B"/>
+ <property name="signaturePropertiesFile" value="stsKeystoreB.properties" />
+ <property name="callbackHandlerClass" value="org.apache.cxf.fediz.service.sts.PasswordCallbackHandler" />
+ </bean>
+
+ <util:map id="realms">
+ <entry key="REALMA" value-ref="realmA"/>
+ <entry key="REALMB" value-ref="realmB"/>
+ </util:map>
+
+
<bean id="transportSamlTokenProvider" class="org.apache.cxf.sts.token.provider.SAMLTokenProvider">
<property name="attributeStatementProviders" ref="attributeStatementProvidersList" />
+ <property name="realmMap" ref="realms" />
<property name="conditionsProvider" ref="conditionsProvider" />
</bean>
-
+
<bean id="conditionsProvider"
class="org.apache.cxf.sts.token.provider.DefaultConditionsProvider">
<property name="lifetime" value="1200" />
<property name="acceptClientLifetime" value="true" />
</bean>
- <bean id="transportSamlTokenValidator" class="org.apache.cxf.sts.token.validator.SAMLTokenValidator" />
-
-
- <bean id="transportX509TokenValidator" class="org.apache.cxf.sts.token.validator.X509TokenValidator" />
-
-
- <bean id="transportUsernameTokenValidator"
- class="org.apache.cxf.sts.token.validator.UsernameTokenValidator" />
-
-
<util:list id="attributeStatementProvidersList">
- <ref bean="claimsAttributeProvider" />
+ <ref bean="claimAttributeProvider" />
</util:list>
- <bean id="claimsAttributeProvider"
- class="org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider" />
+ <bean id="claimAttributeProvider"
+ class="org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider">
+ </bean>
<bean id="claimsManager" class="org.apache.cxf.sts.claims.ClaimsManager">
<property name="claimHandlers" ref="claimHandlerList" />
</bean>
+
+
+ <bean id="identityMapper" class="org.apache.cxf.fediz.service.sts.realms.IdentityMapperImpl" />
+
+ <bean id="samlRealmCodec" class="org.apache.cxf.fediz.service.sts.realms.SamlRealmCodec" />
+
+ <bean id="customRealmParser" class="org.apache.cxf.fediz.service.sts.realms.UriRealmParser"/>
+
+
+
+ <bean id="transportSamlTokenValidator" class="org.apache.cxf.sts.token.validator.SAMLTokenValidator">
+ <property name="samlRealmCodec" ref="samlRealmCodec" />
+ </bean>
+
+ <bean id="transportUsernameTokenValidator"
+ class="org.apache.cxf.sts.token.validator.UsernameTokenValidator">
+ </bean>
+
<bean id="transportService" class="org.apache.cxf.sts.service.StaticService">
<property name="endpoints" ref="transportEndpoints" />
</bean>
@@ -104,24 +152,39 @@
<util:list id="transportEndpoints">
<value>.*</value>
</util:list>
-
+
<bean id="transportSTSProperties" class="org.apache.cxf.sts.StaticSTSProperties">
- <property name="signaturePropertiesFile" value="stsKeystore.properties" />
- <property name="signatureUsername" value="mystskey" />
<property name="callbackHandlerClass"
value="org.apache.cxf.fediz.service.sts.PasswordCallbackHandler" />
- <property name="encryptionPropertiesFile" value="stsKeystore.properties" />
<property name="issuer" value="Fediz STS" />
- <property name="encryptionUsername" value="myservicekey" />
+ <property name="realmParser" ref="customRealmParser"/>
+ <property name="signaturePropertiesFile" value="stsTruststore.properties" />
+ <property name="relationships" ref="relationships" />
</bean>
- <jaxws:endpoint id="transportSTS2" implementor="#transportSTSProviderBean"
- address="/STSServiceTransport" wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
+
+ <jaxws:endpoint id="transportSTSRealmA" implementor="#transportSTSProviderBean"
+ address="/REALMA/STSServiceTransport" wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
serviceName="ns1:SecurityTokenService" endpointName="ns1:Transport_Port">
<jaxws:properties>
</jaxws:properties>
- </jaxws:endpoint>
+ </jaxws:endpoint>
+
+
+
+ <jaxws:endpoint id="transportSTSRealmB" implementor="#transportSTSProviderBean"
+ address="/REALMB/STSServiceTransport" wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
+ xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ serviceName="ns1:SecurityTokenService" endpointName="ns1:Transport_Port">
+ <jaxws:properties>
+ </jaxws:properties>
+ </jaxws:endpoint>
+
+
+
+
+
</beans>
Modified: cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/file.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/file.xml?rev=1535508&r1=1535507&r2=1535508&view=diff
==============================================================================
--- cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/file.xml (original)
+++ cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/file.xml Thu Oct 24 19:41:00 2013
@@ -14,27 +14,49 @@
<import resource="userClaims.xml" />
<import resource="passwords.xml" />
+
<util:list id="claimHandlerList">
- <ref bean="claimsHandler" />
- </util:list>
+ <ref bean="claimsHandlerA" />
+ <ref bean="claimsHandlerB" />
+ </util:list>
- <bean id="claimsHandler" class="org.apache.cxf.fediz.service.sts.FileClaimsHandler">
- <property name="userClaims" ref="userClaims" />
- <property name="supportedClaims" ref="supportedClaims" />
- </bean>
+ <bean id="claimsHandlerA" class="org.apache.cxf.fediz.service.sts.realms.RealmFileClaimsHandler">
+ <property name="userClaims" ref="userClaimsREALMA" />
+ <property name="supportedClaims" ref="supportedClaims" />
+ <property name="realm" value="REALMA" />
+ </bean>
+
+ <bean id="claimsHandlerB" class="org.apache.cxf.fediz.service.sts.realms.RealmFileClaimsHandler">
+ <property name="userClaims" ref="userClaimsREALMB" />
+ <property name="supportedClaims" ref="supportedClaims" />
+ <property name="realm" value="REALMB" />
+ </bean>
- <bean id="upCallBackHandler"
- class="org.apache.cxf.fediz.service.sts.UsernamePasswordCallbackHandler">
- <property name="passwords" ref="passwords" />
- </bean>
+
+ <bean id="upCallBackHandlerRealmA" class="org.apache.cxf.fediz.service.sts.UsernamePasswordCallbackHandler">
+ <property name="passwords" ref="REALMA" />
+ </bean>
+
+ <bean id="upCallBackHandlerRealmB" class="org.apache.cxf.fediz.service.sts.UsernamePasswordCallbackHandler">
+ <property name="passwords" ref="REALMB" />
+ </bean>
- <jaxws:endpoint id="transportSTS1" implementor="#transportSTSProviderBean"
- address="/STSService" wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
- xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
- serviceName="ns1:SecurityTokenService" endpointName="ns1:TransportUT_Port">
- <jaxws:properties>
- <entry key="ws-security.callback-handler" value-ref="upCallBackHandler" />
- </jaxws:properties>
- </jaxws:endpoint>
+ <jaxws:endpoint id="transportSTSRealmAUT" implementor="#transportSTSProviderBean"
+ address="/REALMA/STSServiceTransportUT" wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
+ xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ serviceName="ns1:SecurityTokenService" endpointName="ns1:TransportUT_Port">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler" value-ref="upCallBackHandlerRealmA" />
+ </jaxws:properties>
+ </jaxws:endpoint>
+
+ <jaxws:endpoint id="transportSTSRealmBUT" implementor="#transportSTSProviderBean"
+ address="/REALMB/STSServiceTransportUT" wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
+ xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ serviceName="ns1:SecurityTokenService" endpointName="ns1:TransportUT_Port">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler" value-ref="upCallBackHandlerRealmB" />
+ </jaxws:properties>
+ </jaxws:endpoint>
-</beans>
\ No newline at end of file
+</beans>
Modified: cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/passwords.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/passwords.xml?rev=1535508&r1=1535507&r2=1535508&view=diff
==============================================================================
--- cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/passwords.xml (original)
+++ cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/passwords.xml Thu Oct 24 19:41:00 2013
@@ -8,7 +8,7 @@
http://www.springframework.org/schema/util/spring-util-2.0.xsd">
- <util:map id="passwords">
+ <util:map id="REALMA">
<entry key="alice"
value="ecila" />
<entry key="bob"
@@ -16,5 +16,14 @@
<entry key="ted"
value="det" />
</util:map>
+
+ <util:map id="REALMB">
+ <entry key="ALICE"
+ value="ECILA" />
+ <entry key="BOB"
+ value="BOB" />
+ <entry key="TED"
+ value="DET" />
+ </util:map>
</beans>
\ No newline at end of file
Modified: cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/userClaims.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/userClaims.xml?rev=1535508&r1=1535507&r2=1535508&view=diff
==============================================================================
--- cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/userClaims.xml (original)
+++ cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/userClaims.xml Thu Oct 24 19:41:00 2013
@@ -7,45 +7,88 @@
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util-2.0.xsd">
- <util:map id="userClaims">
+ <util:map id="userClaimsREALMA">
<entry key="alice"
- value-ref="aliceClaims" />
+ value-ref="REALMA_aliceClaims" />
<entry key="bob"
- value-ref="bobClaims" />
+ value-ref="REALMA_bobClaims" />
<entry key="ted"
- value-ref="tedClaims" />
+ value-ref="REALMA_tedClaims" />
</util:map>
- <util:map id="aliceClaims">
+ <util:map id="REALMA_aliceClaims">
<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
value="Alice" />
<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
value="Smith" />
<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
- value="alice@mycompany.org" />
+ value="alice@realma.org" />
<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
value="User" />
</util:map>
- <util:map id="bobClaims">
+ <util:map id="REALMA_bobClaims">
<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
value="Bob" />
<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
value="Windsor" />
<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
- value="bobwindsor@idp.org" />
+ value="bobwindsor@realma.org" />
<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
value="User,Manager,Admin" />
</util:map>
- <util:map id="tedClaims">
+ <util:map id="REALMA_tedClaims">
<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
value="Ted" />
<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
value="Cooper" />
<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
- value="tcooper@hereiam.org" />
+ value="tcooper@realma.org" />
+ <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+ value="" />
+ </util:map>
+
+ <util:map id="userClaimsREALMB">
+ <entry key="ALICE"
+ value-ref="REALMB_aliceClaims" />
+ <entry key="BOB"
+ value-ref="REALMB_bobClaims" />
+ <entry key="TED"
+ value-ref="REALMB_tedClaims" />
+ </util:map>
+
+ <util:map id="REALMB_aliceClaims">
+ <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+ value="Alice" />
+ <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+ value="Smith" />
+ <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+ value="alice@realmb.org" />
+ <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+ value="USER" />
+
+ </util:map>
+
+ <util:map id="REALMB_bobClaims">
+ <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+ value="Bob" />
+ <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+ value="Windsor" />
+ <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+ value="bobwindsor@realmb.org" />
+ <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+ value="USER,MANAGER,ADMIN" />
+ </util:map>
+
+ <util:map id="REALMB_tedClaims">
+ <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+ value="Ted" />
+ <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+ value="Cooper" />
+ <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+ value="tcooper@realmb.org" />
<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
value="" />
</util:map>
Modified: cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl?rev=1535508&r1=1535507&r2=1535508&view=diff
==============================================================================
--- cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl (original)
+++ cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl Thu Oct 24 19:41:00 2013
@@ -4,169 +4,748 @@
xmlns:tns="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
xmlns:wstrust="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
- xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/"
+ xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns:wsap10="http://www.w3.org/2006/05/addressing/wsdl"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://www.w3.org/ns/ws-policy">
<wsdl:import namespace="http://docs.oasis-open.org/ws-sx/ws-trust/200512/" location="ws-trust-1.4.wsdl"/>
+ <wsdl:binding name="UT_Binding" type="wstrust:STS">
+ <wsp:PolicyReference URI="#UT_policy" />
+ <soap:binding style="document"
+ transport="http://schemas.xmlsoap.org/soap/http" />
+ <wsdl:operation name="Issue">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" />
+ <wsdl:input>
+ <wsp:PolicyReference
+ URI="#Input_policy" />
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <wsp:PolicyReference
+ URI="#Output_policy" />
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="Validate">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate" />
+ <wsdl:input>
+ <wsp:PolicyReference
+ URI="#Input_policy" />
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <wsp:PolicyReference
+ URI="#Output_policy" />
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="Cancel">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="Renew">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="KeyExchangeToken">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KeyExchangeToken" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="RequestCollection">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/RequestCollection" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ </wsdl:binding>
+
+ <wsdl:binding name="UTEncrypted_Binding" type="wstrust:STS">
+ <wsp:PolicyReference URI="#UTEncrypted_policy" />
+ <soap:binding style="document"
+ transport="http://schemas.xmlsoap.org/soap/http" />
+ <wsdl:operation name="Issue">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" />
+ <wsdl:input>
+ <wsp:PolicyReference
+ URI="#Input_policy" />
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <wsp:PolicyReference
+ URI="#Output_policy" />
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="Validate">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate" />
+ <wsdl:input>
+ <wsp:PolicyReference
+ URI="#Input_policy" />
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <wsp:PolicyReference
+ URI="#Output_policy" />
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="Cancel">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="Renew">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="KeyExchangeToken">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KeyExchangeToken" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="RequestCollection">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/RequestCollection" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ </wsdl:binding>
+
+ <wsdl:binding name="X509_Binding" type="wstrust:STS">
+ <wsp:PolicyReference URI="#X509_policy" />
+ <soap:binding style="document"
+ transport="http://schemas.xmlsoap.org/soap/http" />
+ <wsdl:operation name="Issue">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" />
+ <wsdl:input>
+ <wsp:PolicyReference
+ URI="#Input_policy" />
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <wsp:PolicyReference
+ URI="#Output_policy" />
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="Validate">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate" />
+ <wsdl:input>
+ <wsp:PolicyReference
+ URI="#Input_policy" />
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <wsp:PolicyReference
+ URI="#Output_policy" />
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="Cancel">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="Renew">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="KeyExchangeToken">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KeyExchangeToken" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="RequestCollection">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/RequestCollection" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ </wsdl:binding>
+
<wsdl:binding name="Transport_Binding" type="wstrust:STS">
<wsp:PolicyReference URI="#Transport_policy" />
- <soap12:binding style="document"
+ <soap:binding style="document"
transport="http://schemas.xmlsoap.org/soap/http" />
<wsdl:operation name="Issue">
- <soap12:operation
+ <soap:operation
soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" />
<wsdl:input>
<wsp:PolicyReference
URI="#Input_policy" />
- <soap12:body use="literal" />
+ <soap:body use="literal" />
</wsdl:input>
<wsdl:output>
<wsp:PolicyReference
URI="#Output_policy" />
- <soap12:body use="literal" />
+ <soap:body use="literal" />
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="Validate">
- <soap12:operation
+ <soap:operation
soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate" />
<wsdl:input>
<wsp:PolicyReference
URI="#Input_policy" />
- <soap12:body use="literal" />
+ <soap:body use="literal" />
</wsdl:input>
<wsdl:output>
<wsp:PolicyReference
URI="#Output_policy" />
- <soap12:body use="literal" />
+ <soap:body use="literal" />
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="Cancel">
- <soap12:operation
+ <soap:operation
soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel" />
<wsdl:input>
- <soap12:body use="literal" />
+ <soap:body use="literal" />
</wsdl:input>
<wsdl:output>
- <soap12:body use="literal" />
+ <soap:body use="literal" />
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="Renew">
- <soap12:operation
+ <soap:operation
soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew" />
<wsdl:input>
- <soap12:body use="literal" />
+ <soap:body use="literal" />
</wsdl:input>
<wsdl:output>
- <soap12:body use="literal" />
+ <soap:body use="literal" />
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="KeyExchangeToken">
- <soap12:operation
+ <soap:operation
soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KeyExchangeToken" />
<wsdl:input>
- <soap12:body use="literal" />
+ <soap:body use="literal" />
</wsdl:input>
<wsdl:output>
- <soap12:body use="literal" />
+ <soap:body use="literal" />
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="RequestCollection">
- <soap12:operation
+ <soap:operation
soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/RequestCollection" />
<wsdl:input>
- <soap12:body use="literal" />
+ <soap:body use="literal" />
</wsdl:input>
<wsdl:output>
- <soap12:body use="literal" />
+ <soap:body use="literal" />
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:binding name="TransportUT_Binding" type="wstrust:STS">
<wsp:PolicyReference URI="#TransportUT_policy" />
- <soap12:binding style="document"
+ <soap:binding style="document"
transport="http://schemas.xmlsoap.org/soap/http" />
<wsdl:operation name="Issue">
- <soap12:operation
+ <soap:operation
soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" />
<wsdl:input>
<wsp:PolicyReference
URI="#Input_policy" />
- <soap12:body use="literal" />
+ <soap:body use="literal" />
</wsdl:input>
<wsdl:output>
<wsp:PolicyReference
URI="#Output_policy" />
- <soap12:body use="literal" />
+ <soap:body use="literal" />
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="Validate">
- <soap12:operation
+ <soap:operation
soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate" />
<wsdl:input>
<wsp:PolicyReference
URI="#Input_policy" />
- <soap12:body use="literal" />
+ <soap:body use="literal" />
</wsdl:input>
<wsdl:output>
<wsp:PolicyReference
URI="#Output_policy" />
- <soap12:body use="literal" />
+ <soap:body use="literal" />
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="Cancel">
- <soap12:operation
+ <soap:operation
soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel" />
<wsdl:input>
- <soap12:body use="literal" />
+ <soap:body use="literal" />
</wsdl:input>
<wsdl:output>
- <soap12:body use="literal" />
+ <soap:body use="literal" />
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="Renew">
- <soap12:operation
+ <soap:operation
soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew" />
<wsdl:input>
- <soap12:body use="literal" />
+ <soap:body use="literal" />
</wsdl:input>
<wsdl:output>
- <soap12:body use="literal" />
+ <soap:body use="literal" />
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="KeyExchangeToken">
- <soap12:operation
+ <soap:operation
soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KeyExchangeToken" />
<wsdl:input>
- <soap12:body use="literal" />
+ <soap:body use="literal" />
</wsdl:input>
<wsdl:output>
- <soap12:body use="literal" />
+ <soap:body use="literal" />
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="RequestCollection">
- <soap12:operation
+ <soap:operation
soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/RequestCollection" />
<wsdl:input>
- <soap12:body use="literal" />
+ <soap:body use="literal" />
</wsdl:input>
<wsdl:output>
- <soap12:body use="literal" />
+ <soap:body use="literal" />
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
+ <wsdl:binding name="TransportKerberos_Binding" type="wstrust:STS">
+ <wsp:PolicyReference URI="#TransportKerberos_policy" />
+ <soap:binding style="document"
+ transport="http://schemas.xmlsoap.org/soap/http" />
+ <wsdl:operation name="Issue">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" />
+ <wsdl:input>
+ <wsp:PolicyReference
+ URI="#Input_policy" />
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <wsp:PolicyReference
+ URI="#Output_policy" />
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="Validate">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate" />
+ <wsdl:input>
+ <wsp:PolicyReference
+ URI="#Input_policy" />
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <wsp:PolicyReference
+ URI="#Output_policy" />
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="Cancel">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="Renew">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="KeyExchangeToken">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KeyExchangeToken" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="RequestCollection">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/RequestCollection" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ </wsdl:binding>
+ <wsdl:binding name="TransportSaml_Binding" type="wstrust:STS">
+ <wsp:PolicyReference URI="#TransportSaml_policy" />
+ <soap:binding style="document"
+ transport="http://schemas.xmlsoap.org/soap/http" />
+ <wsdl:operation name="Issue">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" />
+ <wsdl:input>
+ <wsp:PolicyReference
+ URI="#Input_policy" />
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <wsp:PolicyReference
+ URI="#Output_policy" />
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="Validate">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate" />
+ <wsdl:input>
+ <wsp:PolicyReference
+ URI="#Input_policy" />
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <wsp:PolicyReference
+ URI="#Output_policy" />
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="Cancel">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="Renew">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="KeyExchangeToken">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KeyExchangeToken" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="RequestCollection">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/RequestCollection" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ </wsdl:binding>
<wsdl:service name="SecurityTokenService">
+ <wsdl:port name="UT_Port" binding="tns:UT_Binding">
+ <soap:address location="http://localhost:8080/jaxws-sts/sts" />
+ </wsdl:port>
+ <wsdl:port name="X509_Port" binding="tns:X509_Binding">
+ <soap:address location="http://localhost:8080/jaxws-sts/sts" />
+ </wsdl:port>
<wsdl:port name="Transport_Port" binding="tns:Transport_Binding">
- <soap12:address location="http://localhost:8080/jaxws-sts/sts" />
+ <soap:address location="http://localhost:8080/jaxws-sts/sts" />
+ </wsdl:port>
+ <wsdl:port name="UTEncrypted_Port" binding="tns:UTEncrypted_Binding">
+ <soap:address location="http://localhost:8080/jaxws-sts/sts" />
</wsdl:port>
<wsdl:port name="TransportUT_Port" binding="tns:TransportUT_Binding">
- <soap12:address location="http://localhost:8080/jaxws-sts/sts" />
+ <soap:address location="http://localhost:8080/jaxws-sts/sts" />
</wsdl:port>
+ <wsdl:port name="TransportKerberos_Port" binding="tns:TransportKerberos_Binding">
+ <soap:address location="http://localhost:8080/jaxws-sts/sts" />
+ </wsdl:port>
+ <wsdl:port name="TransportSaml_Port" binding="tns:TransportSaml_Binding">
+ <soap:address location="http://localhost:8080/jaxws-sts/sts" />
+ </wsdl:port>
</wsdl:service>
- <wsp:Policy wsu:Id="TransportUT_policy">
+ <wsp:Policy wsu:Id="UT_policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <wsap10:UsingAddressing/>
+ <sp:SymmetricBinding
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys />
+ <sp:RequireThumbprintReference />
+ <sp:WssX509V3Token10 />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax />
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp />
+ <sp:EncryptSignature />
+ <sp:OnlySignEntireHeadersAndBody />
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:SignedSupportingTokens
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:UsernameToken
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssUsernameToken10 />
+ </wsp:Policy>
+ </sp:UsernameToken>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ <sp:Wss11
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier />
+ <sp:MustSupportRefIssuerSerial />
+ <sp:MustSupportRefThumbprint />
+ <sp:MustSupportRefEncryptedKey />
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust13
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens />
+ <sp:RequireClientEntropy />
+ <sp:RequireServerEntropy />
+ </wsp:Policy>
+ </sp:Trust13>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <wsp:Policy wsu:Id="UTEncrypted_policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <wsap10:UsingAddressing/>
+ <sp:SymmetricBinding
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys />
+ <sp:RequireThumbprintReference />
+ <sp:WssX509V3Token10 />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax />
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp />
+ <sp:EncryptSignature />
+ <sp:OnlySignEntireHeadersAndBody />
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:SignedSupportingTokens
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:UsernameToken
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssUsernameToken10 />
+ </wsp:Policy>
+ </sp:UsernameToken>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ <sp:Wss11
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier />
+ <sp:MustSupportRefIssuerSerial />
+ <sp:MustSupportRefThumbprint />
+ <sp:MustSupportRefEncryptedKey />
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust13
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens />
+ <sp:RequireClientEntropy />
+ <sp:RequireServerEntropy />
+ </wsp:Policy>
+ </sp:Trust13>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <wsp:Policy wsu:Id="X509_policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <wsap10:UsingAddressing/>
+ <sp:AsymmetricBinding
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10 />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10 />
+ <sp:RequireIssuerSerialReference />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDes />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax />
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp />
+ <sp:EncryptSignature />
+ <sp:OnlySignEntireHeadersAndBody />
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss11
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier />
+ <sp:MustSupportRefIssuerSerial />
+ <sp:MustSupportRefThumbprint />
+ <sp:MustSupportRefEncryptedKey />
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust13
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens />
+ <sp:RequireClientEntropy />
+ <sp:RequireServerEntropy />
+ </wsp:Policy>
+ </sp:Trust13>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <wsp:Policy wsu:Id="Transport_policy">
<wsp:ExactlyOne>
<wsp:All>
<!--<wsap10:UsingAddressing/>-->
@@ -175,7 +754,55 @@
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
- <sp:HttpsToken>
+ <sp:HttpsToken RequireClientCertificate="false">
+ <wsp:Policy/>
+ </sp:HttpsToken>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDes />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax />
+ </wsp:Policy>
+ </sp:Layout>
+ <!--<sp:IncludeTimestamp />-->
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:Wss11
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier />
+ <sp:MustSupportRefIssuerSerial />
+ <sp:MustSupportRefThumbprint />
+ <sp:MustSupportRefEncryptedKey />
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust13
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens />
+ <sp:RequireClientEntropy />
+ <sp:RequireServerEntropy />
+ </wsp:Policy>
+ </sp:Trust13>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <wsp:Policy wsu:Id="TransportUT_policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <!--<wsap10:UsingAddressing/>-->
+ <sp:TransportBinding
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false">
<wsp:Policy/>
</sp:HttpsToken>
</wsp:Policy>
@@ -225,7 +852,7 @@
</wsp:ExactlyOne>
</wsp:Policy>
- <wsp:Policy wsu:Id="Transport_policy">
+ <wsp:Policy wsu:Id="TransportKerberos_policy">
<wsp:ExactlyOne>
<wsp:All>
<!--<wsap10:UsingAddressing/>-->
@@ -234,7 +861,7 @@
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
- <sp:HttpsToken>
+ <sp:HttpsToken RequireClientCertificate="false">
<wsp:Policy/>
</sp:HttpsToken>
</wsp:Policy>
@@ -252,6 +879,18 @@
<!--<sp:IncludeTimestamp />-->
</wsp:Policy>
</sp:TransportBinding>
+ <sp:SupportingTokens
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:KerberosToken
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <!--<sp:WssKerberosV5ApReqToken11/>-->
+ <sp:WssGssKerberosV5ApReqToken11/>
+ </wsp:Policy>
+ </sp:KerberosToken>
+ </wsp:Policy>
+ </sp:SupportingTokens>
<sp:Wss11
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
@@ -272,7 +911,57 @@
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
+
+ <wsp:Policy wsu:Id="TransportSaml_policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false">
+ <wsp:Policy/>
+ </sp:HttpsToken>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDes />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax />
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp />
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SupportingTokens
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:SamlToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssSamlV20Token11/>
+ </wsp:Policy>
+ </sp:SamlToken>
+ </wsp:Policy>
+ </sp:SupportingTokens>
+ <sp:Wss11
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier />
+ <sp:MustSupportRefIssuerSerial />
+ <sp:MustSupportRefThumbprint />
+ <sp:MustSupportRefEncryptedKey />
+ </wsp:Policy>
+ </sp:Wss11>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
<wsp:Policy wsu:Id="Input_policy">
<wsp:ExactlyOne>
<wsp:All>