cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1329602 [1/2] - in /cxf/sandbox/fediz: fediz-core/src/main/java/org/apache/cxf/fediz/core/ fediz-core/src/main/java/org/apache/cxf/fediz/core/saml/ fediz-core/src/test/java/org/apache/cxf/fediz/core/ fediz-examples/webapp/src/main/java/org...
Date Tue, 24 Apr 2012 09:20:02 GMT
Author: coheigea
Date: Tue Apr 24 09:20:01 2012
New Revision: 1329602

URL: http://svn.apache.org/viewvc?rev=1329602&view=rev
Log:
Removing tabs from Fediz & reformatting

Modified:
    cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/Claim.java
    cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/ClaimCollection.java
    cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/FederationConfiguration.java
    cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java
    cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/FederationProcessor.java
    cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java
    cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/FederationRequest.java
    cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/FederationResponse.java
    cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/TokenReplayCache.java
    cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/TokenReplayCacheInMemory.java
    cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/TokenValidator.java
    cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/TokenValidatorResponse.java
    cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/WsFedPrincipal.java
    cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
    cxf/sandbox/fediz/fediz-core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java
    cxf/sandbox/fediz/fediz-examples/webapp/src/main/java/org/apache/cxf/fediz/example/FederationFilter.java
    cxf/sandbox/fediz/fediz-examples/webapp/src/main/java/org/apache/cxf/fediz/example/SecurityTokenThreadLocal.java
    cxf/sandbox/fediz/fediz-examples/webservice/service/src/main/java/org/apache/cxf/fediz/examples/service/GreeterImpl.java
    cxf/sandbox/fediz/fediz-idp-sts/src/main/java/org/apache/cxf/fediz/service/sts/PasswordCallbackHandler.java
    cxf/sandbox/fediz/fediz-idp-sts/src/main/java/org/apache/cxf/fediz/service/sts/UsernamePasswordCallbackHandler.java
    cxf/sandbox/fediz/fediz-idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpServlet.java
    cxf/sandbox/fediz/fediz-idp/src/main/webapp/WEB-INF/beans.xml
    cxf/sandbox/fediz/fediz-idp/src/main/webapp/WEB-INF/web.xml
    cxf/sandbox/fediz/fediz-tomcat-example/src/main/java/org/apache/cxf/fediz/example/FederationFilter.java
    cxf/sandbox/fediz/fediz-tomcat-example/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
    cxf/sandbox/fediz/fediz-tomcat-example/src/main/java/org/apache/cxf/fediz/example/SecurityTokenThreadLocal.java
    cxf/sandbox/fediz/fediz-tomcat-example/src/main/webapp/META-INF/context.xml
    cxf/sandbox/fediz/fediz-tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationPrincipal.java

Modified: cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/Claim.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/Claim.java?rev=1329602&r1=1329601&r2=1329602&view=diff
==============================================================================
--- cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/Claim.java (original)
+++ cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/Claim.java Tue Apr 24 09:20:01 2012
@@ -44,20 +44,20 @@ import java.security.Principal;
  */
 public class Claim implements Serializable {
 
-	
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 1L;
-	
-	private URI claimType;
-	private String issuer;
-	private String originalIssuer;
-	private Principal principal;
-	private String value;
-	private URI namespace = ClaimTypes.URI_BASE;
-	
-	public URI getNamespace() {
+
+    /**
+     * 
+     */
+    private static final long serialVersionUID = 1L;
+
+    private URI claimType;
+    private String issuer;
+    private String originalIssuer;
+    private Principal principal;
+    private String value;
+    private URI namespace = ClaimTypes.URI_BASE;
+
+    public URI getNamespace() {
         return namespace;
     }
 
@@ -66,43 +66,43 @@ public class Claim implements Serializab
     }
 
     public String getIssuer() {
-		return issuer;
-	}
+        return issuer;
+    }
+
+    public void setIssuer(String issuer) {
+        this.issuer = issuer;
+    }
+
+    public String getOriginalIssuer() {
+        return originalIssuer;
+    }
+
+    public void setOriginalIssuer(String originalIssuer) {
+        this.originalIssuer = originalIssuer;
+    }
+
+    public URI getClaimType() {
+        return claimType;
+    }
 
-	public void setIssuer(String issuer) {
-		this.issuer = issuer;
-	}
-
-	public String getOriginalIssuer() {
-		return originalIssuer;
-	}
-
-	public void setOriginalIssuer(String originalIssuer) {
-		this.originalIssuer = originalIssuer;
-	}
-
-	public URI getClaimType() {
-		return claimType;
-	}
-	
-	public void setClaimType(URI claimType) {
-		this.claimType = claimType;
-	}
+    public void setClaimType(URI claimType) {
+        this.claimType = claimType;
+    }
 
-	public Principal getPrincipal() {
+    public Principal getPrincipal() {
         return principal;
     }
-    
+
     public void setPrincipal(Principal principal) {
         this.principal = principal;
     }
-    
+
     public void setValue(String value) {
         this.value = value;
     }
-    
+
     public String getValue() {
         return value;
     }
-	
+
 }

Modified: cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/ClaimCollection.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/ClaimCollection.java?rev=1329602&r1=1329601&r2=1329602&view=diff
==============================================================================
--- cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/ClaimCollection.java (original)
+++ cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/ClaimCollection.java Tue Apr 24 09:20:01 2012
@@ -32,76 +32,76 @@ import java.util.List;
  */
 public class ClaimCollection extends ArrayList<Claim> {
 
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 1L;
-
-	public ClaimCollection() {
-		super();
-	}
-
-	public ClaimCollection(Collection<? extends Claim> c) {
-		super(c);
-	}
-
-	public ClaimCollection(int initialCapacity) {
-		super(initialCapacity);
-	}
-
-	@Override
-	public Claim set(int index, Claim element) {
-		throw new UnsupportedOperationException();
-	}
-
-	@Override
-	public boolean add(Claim e) {
-		throw new UnsupportedOperationException();
-	}
-
-	@Override
-	public void add(int index, Claim element) {
-		throw new UnsupportedOperationException();
-	}
-
-	@Override
-	public Claim remove(int index) {
-		throw new UnsupportedOperationException();
-	}
-
-	@Override
-	public boolean remove(Object o) {
-		throw new UnsupportedOperationException();
-	}
-
-	@Override
-	public void clear() {
-		throw new UnsupportedOperationException();
-	}
-
-	@Override
-	public boolean addAll(Collection<? extends Claim> c) {
-		throw new UnsupportedOperationException();
-	}
-
-	@Override
-	public boolean addAll(int index, Collection<? extends Claim> c) {
-		throw new UnsupportedOperationException();
-	}
-
-	@Override
-	protected void removeRange(int fromIndex, int toIndex) {
-		throw new UnsupportedOperationException();
-	}
-
-	@Override
-	public boolean removeAll(Collection<?> c) {
-		throw new UnsupportedOperationException();
-	}
-
-	@Override
-	public List<Claim> subList(int fromIndex, int toIndex) {
-		return Collections.unmodifiableList(super.subList(fromIndex, toIndex));
-	}
+    /**
+     * 
+     */
+    private static final long serialVersionUID = 1L;
+
+    public ClaimCollection() {
+        super();
+    }
+
+    public ClaimCollection(Collection<? extends Claim> c) {
+        super(c);
+    }
+
+    public ClaimCollection(int initialCapacity) {
+        super(initialCapacity);
+    }
+
+    @Override
+    public Claim set(int index, Claim element) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public boolean add(Claim e) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public void add(int index, Claim element) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public Claim remove(int index) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public boolean remove(Object o) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public void clear() {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public boolean addAll(Collection<? extends Claim> c) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public boolean addAll(int index, Collection<? extends Claim> c) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    protected void removeRange(int fromIndex, int toIndex) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public boolean removeAll(Collection<?> c) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public List<Claim> subList(int fromIndex, int toIndex) {
+        return Collections.unmodifiableList(super.subList(fromIndex, toIndex));
+    }
 
 }

Modified: cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/FederationConfiguration.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/FederationConfiguration.java?rev=1329602&r1=1329601&r2=1329602&view=diff
==============================================================================
--- cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/FederationConfiguration.java (original)
+++ cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/FederationConfiguration.java Tue Apr 24 09:20:01 2012
@@ -22,102 +22,102 @@ import java.util.List;
 //[TODO]check if we can cache / clone the config 
 public class FederationConfiguration {
 
-	private String freshness;
-	private String trustedIssuer;
-	private String realm;
-	private String authenticationType;
-	private URI roleURI;
-	private String roleDelimiter;
-	private String trustStoreFile;
-	private String trustStorePassword;
-	private List<Class<TokenValidator>> tokenValidators;
-	private int maxClockSkew = 0;
-	private boolean detectReplayedTokens = true;
-	private long tokenReplayCacheExpirationTime = 0;
-	private boolean detectExpiredTokens = true;
-	
-	//[TODO] TokenReplayCacheExpirationPeriod
-	//[TODO] DetectReplayedTokens
-	
-	
-	public String getFreshness() {
-		return freshness;
-	}
-	public void setFreshness(String freshness) {
-		this.freshness = freshness;
-	}
-	public String getTrustedIssuer() {
-		return trustedIssuer;
-	}
-	public void setTrustedIssuer(String trustedIssuer) {
-		this.trustedIssuer = trustedIssuer;
-	}
-	public String getRealm() {
-		return realm;
-	}
-	public void setRealm(String realm) {
-		this.realm = realm;
-	}
-	public String getAuthenticationType() {
-		return authenticationType;
-	}
-	public void setAuthenticationType(String authenticationType) {
-		this.authenticationType = authenticationType;
-	}
-	public URI getRoleURI() {
-		return roleURI;
-	}
-	public void setRoleURI(URI roleURI) {
-		this.roleURI = roleURI;
-	}
-	public String getRoleDelimiter() {
-		return roleDelimiter;
-	}
-	public void setRoleDelimiter(String roleDelimiter) {
-		this.roleDelimiter = roleDelimiter;
-	}
-	public List<Class<TokenValidator>> getTokenValidators() {
-		return tokenValidators;
-	}
-	public void setTokenValidators(List<Class<TokenValidator>> tokenValidators) {
-		this.tokenValidators = tokenValidators;
-	}
-	public int getMaxClockSkew() {
-		return maxClockSkew;
-	}
-	public void setMaxClockSkew(int maxClockSkew) {
-		this.maxClockSkew = maxClockSkew;
-	}
-	public boolean isDetectReplayedTokens() {
-		return detectReplayedTokens;
-	}
-	public void setDetectReplayedTokens(boolean detectReplayedTokens) {
-		this.detectReplayedTokens = detectReplayedTokens;
-	}
-	public long getTokenReplayCacheExpirationTime() {
-		return tokenReplayCacheExpirationTime;
-	}
-	public void setTokenReplayCacheExpirationTime(
-			long tokenReplayCacheExpirationTime) {
-		this.tokenReplayCacheExpirationTime = tokenReplayCacheExpirationTime;
-	}
-	public boolean isDetectExpiredTokens() {
-		return detectExpiredTokens;
-	}
-	public void setDetectExpiredTokens(boolean detectExpiredTokens) {
-		this.detectExpiredTokens = detectExpiredTokens;
-	}
-	public void setTrustStoreFile(String trustStoreFile) {
-		this.trustStoreFile = trustStoreFile;
-	}
-	public String getTrustStoreFile() {
-		return trustStoreFile;
-	}
-	public void setTrustStorePassword(String trustStorePassword) {
-		this.trustStorePassword = trustStorePassword;
-	}
-	public String getTrustStorePassword() {
-		return trustStorePassword;
-	}
-	
+    private String freshness;
+    private String trustedIssuer;
+    private String realm;
+    private String authenticationType;
+    private URI roleURI;
+    private String roleDelimiter;
+    private String trustStoreFile;
+    private String trustStorePassword;
+    private List<Class<TokenValidator>> tokenValidators;
+    private int maxClockSkew = 0;
+    private boolean detectReplayedTokens = true;
+    private long tokenReplayCacheExpirationTime = 0;
+    private boolean detectExpiredTokens = true;
+
+    //[TODO] TokenReplayCacheExpirationPeriod
+    //[TODO] DetectReplayedTokens
+
+
+    public String getFreshness() {
+        return freshness;
+    }
+    public void setFreshness(String freshness) {
+        this.freshness = freshness;
+    }
+    public String getTrustedIssuer() {
+        return trustedIssuer;
+    }
+    public void setTrustedIssuer(String trustedIssuer) {
+        this.trustedIssuer = trustedIssuer;
+    }
+    public String getRealm() {
+        return realm;
+    }
+    public void setRealm(String realm) {
+        this.realm = realm;
+    }
+    public String getAuthenticationType() {
+        return authenticationType;
+    }
+    public void setAuthenticationType(String authenticationType) {
+        this.authenticationType = authenticationType;
+    }
+    public URI getRoleURI() {
+        return roleURI;
+    }
+    public void setRoleURI(URI roleURI) {
+        this.roleURI = roleURI;
+    }
+    public String getRoleDelimiter() {
+        return roleDelimiter;
+    }
+    public void setRoleDelimiter(String roleDelimiter) {
+        this.roleDelimiter = roleDelimiter;
+    }
+    public List<Class<TokenValidator>> getTokenValidators() {
+        return tokenValidators;
+    }
+    public void setTokenValidators(List<Class<TokenValidator>> tokenValidators) {
+        this.tokenValidators = tokenValidators;
+    }
+    public int getMaxClockSkew() {
+        return maxClockSkew;
+    }
+    public void setMaxClockSkew(int maxClockSkew) {
+        this.maxClockSkew = maxClockSkew;
+    }
+    public boolean isDetectReplayedTokens() {
+        return detectReplayedTokens;
+    }
+    public void setDetectReplayedTokens(boolean detectReplayedTokens) {
+        this.detectReplayedTokens = detectReplayedTokens;
+    }
+    public long getTokenReplayCacheExpirationTime() {
+        return tokenReplayCacheExpirationTime;
+    }
+    public void setTokenReplayCacheExpirationTime(
+                                                  long tokenReplayCacheExpirationTime) {
+        this.tokenReplayCacheExpirationTime = tokenReplayCacheExpirationTime;
+    }
+    public boolean isDetectExpiredTokens() {
+        return detectExpiredTokens;
+    }
+    public void setDetectExpiredTokens(boolean detectExpiredTokens) {
+        this.detectExpiredTokens = detectExpiredTokens;
+    }
+    public void setTrustStoreFile(String trustStoreFile) {
+        this.trustStoreFile = trustStoreFile;
+    }
+    public String getTrustStoreFile() {
+        return trustStoreFile;
+    }
+    public void setTrustStorePassword(String trustStorePassword) {
+        this.trustStorePassword = trustStorePassword;
+    }
+    public String getTrustStorePassword() {
+        return trustStorePassword;
+    }
+
 }

Modified: cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java?rev=1329602&r1=1329601&r2=1329602&view=diff
==============================================================================
--- cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java (original)
+++ cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java Tue Apr 24 09:20:01 2012
@@ -23,41 +23,41 @@ import java.util.HashMap;
 import java.util.Map;
 
 public class FederationConstants {
-	
-	public static final String WSFED_METHOD = "WSFED";
-	
-	public static final URI DEFAULT_ROLE_URI = URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
-	
+
+    public static final String WSFED_METHOD = "WSFED";
+
+    public static final URI DEFAULT_ROLE_URI = URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
+
     /**
      * Constants defined in following spec:
      * http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html
      */
-	
+
     /**
      * This REQUIRED parameter specifies the action to be performed.
      * Note that this serves roughly the same purpose as the WS-Addressing Action header for the WS-Trust SOAP RST messages.
      */
-	public static final String PARAM_ACTION = "wa";
-	
-	public static final String ACTION_SIGNIN = "wsignin1.0";
-	public static final String ACTION_SIGNOUT = "wsignout1.0";
-	public static final String ACTION_SIGNOUT_CLEANUP = "wsignoutcleanup1.0";
-	
-	
+    public static final String PARAM_ACTION = "wa";
+
+    public static final String ACTION_SIGNIN = "wsignin1.0";
+    public static final String ACTION_SIGNOUT = "wsignout1.0";
+    public static final String ACTION_SIGNOUT_CLEANUP = "wsignoutcleanup1.0";
+
+
     /**
      * This OPTIONAL parameter is the URL to which responses are directed.
      * Note that this serves roughly the same purpose as the WS-Addressing <wsa:ReplyTo> header for the WS-Trust SOAP RST messages.
      */
-	public static final String PARAM_REPLY = "wreply";
-	
-	
+    public static final String PARAM_REPLY = "wreply";
+
+
     /**
      * This REQUIRED parameter is the URI of the requesting realm. 
      * Note that this serves roughly the same purpose as the AppliesTo element in the WS-Trust SOAP RST messages.
      */
-	public static final String PARAM_TREALM = "wtrealm";
-	
-	
+    public static final String PARAM_TREALM = "wtrealm";
+
+
     /**
      * This OPTIONAL parameter indicates the freshness requirements.
      * If specified, this indicates the desired maximum age of authentication specified in minutes.
@@ -65,67 +65,67 @@ public class FederationConstants {
      * If specified as “0” it indicates a request for the IP/STS to re-prompt the user for authentication before issuing the token.
      * Note that this serves roughly the same purpose as the Freshness element in the WS-Trust SOAP RST messages.
      */
-	public static final String PARAM_FRESHNESS = "wfresh";
-	
-	
+    public static final String PARAM_FRESHNESS = "wfresh";
+
+
     /**
      * This OPTIONAL parameter indicates the REQUIRED authentication level.
      * Note that this parameter uses the same URIs and is equivalent to the wst:AuthenticationType element in the WS-Trust SOAP RST messages.
      */
-	public static final String PARAM_AUTH_TYPE = "wauth";
-	
-	
+    public static final String PARAM_AUTH_TYPE = "wauth";
+
+
     /**
      * This OPTIONAL parameter specifies a token request using either a <wst:RequestSecurityToken> element or a full request message as described in WS-Trust.
      * If this parameter is not specified, it is assumed that the responding service knows the correct type of token to return.
      * Note that this can contain the same RST payload as used in WS-Trust RST messages.
      */
-	public static final String PARAM_REQUEST = "wreq";
-	
-	
+    public static final String PARAM_REQUEST = "wreq";
+
+
     /**
      * This OPTIONAL parameter indicates the current time at the sender for ensuring freshness.  This parameter is the string encoding of time using the XML Schema datetime time using UTC notation.
      * Note that this serves roughly the same purpose as the WS-Security Timestamp elements in the Security headers of the SOAP RST messages.
      */
-	public static final String PARAM_CURRENT_TIME = "wct";
-	
-	
+    public static final String PARAM_CURRENT_TIME = "wct";
+
+
     /**
      * This OPTIONAL parameter is an opaque context value that MUST be returned with the issued token if it is passed in the request.
      * Note that this serves roughly the same purpose as the WS-Trust SOAP RST @Context attribute.
      */
-	public static final String PARAM_CONTEXT = "wctx";
-	
-	
+    public static final String PARAM_CONTEXT = "wctx";
+
+
     /**
      * This OPTIONAL parameter is the URL for the policy which can be obtained using an HTTP GET
      * and identifies the policy to be used related to the action specified in "wa", but MAY have a broader scope than just the "wa".
      * Note that this serves roughly the same purpose as the Policy element in the WS-Trust SOAP RST messages.
      */
-	public static final String PARAM_POLICY = "wp";
-	
-	
+    public static final String PARAM_POLICY = "wp";
+
+
     /**
      * This OPTIONAL parameter indicates the federation context in which the request is made.
      * This is equivalent to the FederationId parameter in the RST message.
      */
-	public static final String PARAM_FED_CONTEXT = "wfed";
-	
-	
+    public static final String PARAM_FED_CONTEXT = "wfed";
+
+
     /**
      * This OPTIONAL parameter indicates the encoding style to be used for XML parameter content.
      * If not specified the default behavior is to use standard URL encoding rules
      */
-	public static final String PARAM_ENCODING = "wencoding";
-	
-	
+    public static final String PARAM_ENCODING = "wencoding";
+
+
     /**
      * This REQUIRED parameter specifies the result of the token issuance.
      * This can take the form of the <wst:RequestSecurityTokenResponse> element or <wst:RequestSecurityTokenResponseCollection> element, a SOAP security token request response (that is, a <S:Envelope>) as detailed in WS-Trust, or a SOAP <S:Fault> element.
      */
-	public static final String PARAM_RESULT = "wresult";
-	
-	
+    public static final String PARAM_RESULT = "wresult";
+
+
     /**
      * This  OPTIONAL parameter indicates the account partner realm of the client.  This parameter is used to indicate the IP/STS address for the requestor.
      * This may be specified directly as a URL or indirectly as an identifier (e.g. urn: or uuid:).
@@ -134,26 +134,26 @@ public class FederationConstants {
      * Then, the request proceeds in the same way as if it had not been provided.
      * Note that this serves roughly the same purpose as federation metadata for discovering IP/STS locations previously discussed.
      */
-	public static final String PARAM_HOME_REALM = "whr";
-	
-	
+    public static final String PARAM_HOME_REALM = "whr";
+
+
     /**
      * This OPTIONAL parameter specifies a URL for where to find the request expressed as a <wst:RequestSecurityToken> element.
      * Note that this does not have a WS-Trust parallel.
      * The wreqptr parameter MUST NOT be included in a token request if wreq is present.
      */
-	public static final String PARAM_REQUEST_PTR = "wreqptr";
-	
-	
+    public static final String PARAM_REQUEST_PTR = "wreqptr";
+
+
     /**
      * This parameter specifies a URL to which an HTTP GET can be issued.
      * The result is a document of type text/xml that contains the issuance result.
      * This can either be the <wst:RequestSecurityTokenResponse> element, the <wst:RequestSecurityTokenResponseCollection> element, a SOAP response, or a SOAP <S:Fault> element.
      */
-	public static final String PARAM_RESULT_PTR = "wresultptr";
-	
-	
-	
+    public static final String PARAM_RESULT_PTR = "wresultptr";
+
+
+
     public static final Map<String, URI> AUTH_TYPE_MAP;
     static {
         Map<String, URI> aMap = new HashMap<String, URI>();
@@ -167,48 +167,48 @@ public class FederationConstants {
         AUTH_TYPE_MAP = Collections.unmodifiableMap(aMap);
     }
 
-	
-	
+
+
     /**
      * Unknown level of authentication
      */
-	public static final URI AUTH_TYPE_UNKNOWN = URI.create("http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/unknown");
-	
-	/**
+    public static final URI AUTH_TYPE_UNKNOWN = URI.create("http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/unknown");
+
+    /**
      * Default sign-in mechanisms
      */
-	public static final URI AUTH_TYPE_DEFAULT = URI.create("http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/default");
+    public static final URI AUTH_TYPE_DEFAULT = URI.create("http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/default");
 
-	/**
+    /**
      * Sign-in using SSL
      */
-	public static final URI AUTH_TYPE_SSL = URI.create("http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/Ssl");
-	
-	/**
+    public static final URI AUTH_TYPE_SSL = URI.create("http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/Ssl");
+
+    /**
      * Sign-in using SSL and a security key
      */
-	public static final URI AUTH_TYPE_SSL_AND_KEY = URI.create("http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/SslAndKey");
-	
-	/**
+    public static final URI AUTH_TYPE_SSL_AND_KEY = URI.create("http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/SslAndKey");
+
+    /**
      * Sign-in using SSL and a “strong” password
      */
-	public static final URI AUTH_TYPE_SSL_STRONG_PASSWORD = URI.create("http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/SslAndStrongPasssword");
-	
-	/**
+    public static final URI AUTH_TYPE_SSL_STRONG_PASSWORD = URI.create("http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/SslAndStrongPasssword");
+
+    /**
      * Sign-in using SSL and a “strong” password with expiration
      */
-	public static final URI AUTH_TYPE_SSL_STRONG_PASSWORD_EXPIRATION = URI.create("http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/SslAndStrongPasswordWithExpiration");
-	
-	/**
+    public static final URI AUTH_TYPE_SSL_STRONG_PASSWORD_EXPIRATION = URI.create("http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/SslAndStrongPasswordWithExpiration");
+
+    /**
      * Sign-in using Smart Card
      */
-	public static final URI AUTH_TYPE_SMARTCARD = URI.create("http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/smartcard");
-	
-	
-	
-	
-	
-	
-	
-	
+    public static final URI AUTH_TYPE_SMARTCARD = URI.create("http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/smartcard");
+
+
+
+
+
+
+
+
 }

Modified: cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/FederationProcessor.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/FederationProcessor.java?rev=1329602&r1=1329601&r2=1329602&view=diff
==============================================================================
--- cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/FederationProcessor.java (original)
+++ cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/FederationProcessor.java Tue Apr 24 09:20:01 2012
@@ -19,6 +19,6 @@ package org.apache.cxf.fediz.core;
 
 public interface FederationProcessor {
 
-	public FederationResponse processRequest(FederationRequest request, FederationConfiguration config);
-	
+    public FederationResponse processRequest(FederationRequest request, FederationConfiguration config);
+
 }

Modified: cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java?rev=1329602&r1=1329601&r2=1329602&view=diff
==============================================================================
--- cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java (original)
+++ cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java Tue Apr 24 09:20:01 2012
@@ -38,74 +38,74 @@ import org.xml.sax.SAXException;
 
 public class FederationProcessorImpl implements FederationProcessor {
 
-	private static final Logger LOG = LoggerFactory.getLogger(FederationProcessorImpl.class);
+    private static final Logger LOG = LoggerFactory.getLogger(FederationProcessorImpl.class);
 
-	
-	private String namespace = "http://docs.oasis-open.org/ws-sx/ws-trust/200512";
-	
-	private TokenReplayCache<String> replayCache = null;
-
-	/**
-	 * Default constructor 
-	 */
-
-	public FederationProcessorImpl() {
-		super();
-		replayCache = TokenReplayCacheInMemory.getInstance();
-	}
-	
-	
-	/**
-	 * 
-	 * @param replayCache plugable token cache allowing to provide a replicated cache to be used in clustered scenarios 
-	 */
-	
-	public FederationProcessorImpl(TokenReplayCache<String> replayCache) {
-		super();
-		this.replayCache = replayCache;
-	}
-
-
-
-	@Override
-	public FederationResponse processRequest(FederationRequest request, FederationConfiguration config) {
-		FederationResponse response = null;
-		
-		if (request.getWa().equals(FederationConstants.ACTION_SIGNIN)) {
-			response = this.processSignInRequest(request, config);
-		}
-		
-		return response;
-	}
-	
-	protected FederationResponse processSignInRequest(FederationRequest request, FederationConfiguration config) {
-		
-		byte[] wresult = request.getWresult().getBytes();
-		
-		Document doc = null;
-		Element el = null;
-		try {
-			doc = DOMUtils.readXml(new ByteArrayInputStream(wresult));
-			el = doc.getDocumentElement();
-			
-		} catch (SAXException e) {
-			e.printStackTrace();
-			return null;
-		} catch (IOException e) {
-			e.printStackTrace();
-			return null;
-		} catch (ParserConfigurationException e) {
-			e.printStackTrace();
-			return null;
-		}
-		
-		
-		
-		if ("RequestSecurityTokenResponseCollection".equals(el.getLocalName())) {
+
+    private String namespace = "http://docs.oasis-open.org/ws-sx/ws-trust/200512";
+
+    private TokenReplayCache<String> replayCache = null;
+
+    /**
+     * Default constructor 
+     */
+
+    public FederationProcessorImpl() {
+        super();
+        replayCache = TokenReplayCacheInMemory.getInstance();
+    }
+
+
+    /**
+     * 
+     * @param replayCache plugable token cache allowing to provide a replicated cache to be used in clustered scenarios 
+     */
+
+    public FederationProcessorImpl(TokenReplayCache<String> replayCache) {
+        super();
+        this.replayCache = replayCache;
+    }
+
+
+
+    @Override
+    public FederationResponse processRequest(FederationRequest request, FederationConfiguration config) {
+        FederationResponse response = null;
+
+        if (request.getWa().equals(FederationConstants.ACTION_SIGNIN)) {
+            response = this.processSignInRequest(request, config);
+        }
+
+        return response;
+    }
+
+    protected FederationResponse processSignInRequest(FederationRequest request, FederationConfiguration config) {
+
+        byte[] wresult = request.getWresult().getBytes();
+
+        Document doc = null;
+        Element el = null;
+        try {
+            doc = DOMUtils.readXml(new ByteArrayInputStream(wresult));
+            el = doc.getDocumentElement();
+
+        } catch (SAXException e) {
+            e.printStackTrace();
+            return null;
+        } catch (IOException e) {
+            e.printStackTrace();
+            return null;
+        } catch (ParserConfigurationException e) {
+            e.printStackTrace();
+            return null;
+        }
+
+
+
+        if ("RequestSecurityTokenResponseCollection".equals(el.getLocalName())) {
             el = DOMUtils.getFirstElement(el);
         }
         if (!"RequestSecurityTokenResponse".equals(el.getLocalName())) {
-        	throw new RuntimeException("Unexpected element " + el.getLocalName());
+            throw new RuntimeException("Unexpected element " + el.getLocalName());
         }
         el = DOMUtils.getFirstElement(el);
         Element rst = null;
@@ -116,7 +116,7 @@ public class FederationProcessorImpl imp
             String ln = el.getLocalName();
             if (namespace.equals(el.getNamespaceURI())) {
                 if ("Lifetime".equals(ln)) {
-                	lifetimeElem = el;
+                    lifetimeElem = el;
                 } else if ("RequestedSecurityToken".equals(ln)) {
                     rst = DOMUtils.getFirstElement(el);
                 } else if ("TokenType".equals(ln)) {
@@ -126,110 +126,110 @@ public class FederationProcessorImpl imp
             el = DOMUtils.getNextElement(el);
         }
         if (LOG.isDebugEnabled()) {
-        	LOG.debug("RST: " + rst.toString());
-        	LOG.debug("Lifetime: " + ((lifetimeElem != null) ? lifetimeElem.toString() : "null"));
-        	LOG.debug("Tokentype: " + ((tt != null) ? tt.toString() : "null"));
-        }
-		
-		LifeTime lifeTime = null;
-	    if (lifetimeElem != null) {
-	    	lifeTime = processLifeTime(lifetimeElem);
-	    }
-	    
-	    if (config.isDetectExpiredTokens() && lifeTime != null) {
-		    Calendar cal = Calendar.getInstance();
-		    if ( cal.getTime().after(lifeTime.getExpires()) ) {
-		    	LOG.warn("Token already expired");
-		    }
-		    
-		    if ( cal.getTime().before(lifeTime.getCreated())) {
-		    	LOG.warn("Token not yet valid");
-		    	//[TODO] Add Check clocksqew
-		    }
-	    }
-	    
-	    //[TODO] Exception: TokenExpiredException, TokenInvalidException, TokenCachedException
-
-		//[TODO] Flexible tokenvalidator selection, based on class list
-		SAMLTokenValidator validator = new SAMLTokenValidator();
-		TokenValidatorResponse response = validator.validateAndProcessToken(rst, config);
-		
-		
-		//Check whether token already used for signin
-		if (response.getUniqueTokenId() != null && config.isDetectReplayedTokens()) {
-			// Check whether token has already been processed once, prevent replay attack
-			
-			if (replayCache.getId(response.getUniqueTokenId()) == null) {
-				// not cached
-				replayCache.putId(response.getUniqueTokenId());
-			}
-			else {
-				LOG.error("Replay attack with token id: " +response.getUniqueTokenId());
-				throw new RuntimeException("Replay attack with token id: " +response.getUniqueTokenId());
-			}
-		}
-		
-		// [TODO] Token, WeakReference, SoftReference???
-		FederationResponse fedResponse = new FederationResponse(response.getUsername(),
-				                             response.getIssuer(),
-				                             response.getRoles(),
-				                             response.getClaims(),
-				                             response.getAudience(),
-				                             (lifeTime != null) ? lifeTime.getCreated() : null,
-				                             (lifeTime != null) ? lifeTime.getExpires() : null,
-				                             rst,
-				                             response.getUniqueTokenId());
-		
-		return fedResponse;
-	}
-	
-	
+            LOG.debug("RST: " + rst.toString());
+            LOG.debug("Lifetime: " + ((lifetimeElem != null) ? lifetimeElem.toString() : "null"));
+            LOG.debug("Tokentype: " + ((tt != null) ? tt.toString() : "null"));
+        }
+
+        LifeTime lifeTime = null;
+        if (lifetimeElem != null) {
+            lifeTime = processLifeTime(lifetimeElem);
+        }
+
+        if (config.isDetectExpiredTokens() && lifeTime != null) {
+            Calendar cal = Calendar.getInstance();
+            if ( cal.getTime().after(lifeTime.getExpires()) ) {
+                LOG.warn("Token already expired");
+            }
+
+            if ( cal.getTime().before(lifeTime.getCreated())) {
+                LOG.warn("Token not yet valid");
+                //[TODO] Add Check clocksqew
+            }
+        }
+
+        //[TODO] Exception: TokenExpiredException, TokenInvalidException, TokenCachedException
+
+        //[TODO] Flexible tokenvalidator selection, based on class list
+        SAMLTokenValidator validator = new SAMLTokenValidator();
+        TokenValidatorResponse response = validator.validateAndProcessToken(rst, config);
+
+
+        //Check whether token already used for signin
+        if (response.getUniqueTokenId() != null && config.isDetectReplayedTokens()) {
+            // Check whether token has already been processed once, prevent replay attack
+
+            if (replayCache.getId(response.getUniqueTokenId()) == null) {
+                // not cached
+                replayCache.putId(response.getUniqueTokenId());
+            }
+            else {
+                LOG.error("Replay attack with token id: " +response.getUniqueTokenId());
+                throw new RuntimeException("Replay attack with token id: " +response.getUniqueTokenId());
+            }
+        }
+
+        // [TODO] Token, WeakReference, SoftReference???
+        FederationResponse fedResponse = new FederationResponse(response.getUsername(),
+                                                                response.getIssuer(),
+                                                                response.getRoles(),
+                                                                response.getClaims(),
+                                                                response.getAudience(),
+                                                                (lifeTime != null) ? lifeTime.getCreated() : null,
+                                                                    (lifeTime != null) ? lifeTime.getExpires() : null,
+                                                                        rst,
+                                                                        response.getUniqueTokenId());
+
+        return fedResponse;
+    }
+
+
+
 
-    
     private LifeTime processLifeTime(Element lifetimeElem) {
-    	//[TODO] Get rid of WSS4J dependency
+        //[TODO] Get rid of WSS4J dependency
         try {
             Element createdElem = 
                 DOMUtils.getFirstChildWithName(lifetimeElem,
-                                                WSConstants.WSU_NS,
-                                                WSConstants.CREATED_LN);
+                                               WSConstants.WSU_NS,
+                                               WSConstants.CREATED_LN);
             DateFormat zulu = new XmlSchemaDateFormat();
-            
+
             Date created = zulu.parse(DOMUtils.getContent(createdElem));
 
             Element expiresElem = 
                 DOMUtils.getFirstChildWithName(lifetimeElem,
-                                                WSConstants.WSU_NS,
-                                                WSConstants.EXPIRES_LN);
+                                               WSConstants.WSU_NS,
+                                               WSConstants.EXPIRES_LN);
             Date expires = zulu.parse(DOMUtils.getContent(expiresElem));
-            
+
             return new LifeTime(created, expires);
-            
+
         } catch (ParseException e) {
             e.printStackTrace();
         }
         return null;
     }
-    
+
     public class LifeTime {
-    	
-    	private Date created;
-    	private Date expires;
-    	
-    	    	
-    	public LifeTime(Date created, Date expires) {
-    		this.created = created;
-    		this.expires = expires;
-    	}
-
-		public Date getCreated() {
-			return created;
-		}
-
-		public Date getExpires() {
-			return expires;
-		}
-    	
+
+        private Date created;
+        private Date expires;
+
+
+        public LifeTime(Date created, Date expires) {
+            this.created = created;
+            this.expires = expires;
+        }
+
+        public Date getCreated() {
+            return created;
+        }
+
+        public Date getExpires() {
+            return expires;
+        }
+
     }
 
 }

Modified: cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/FederationRequest.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/FederationRequest.java?rev=1329602&r1=1329601&r2=1329602&view=diff
==============================================================================
--- cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/FederationRequest.java (original)
+++ cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/FederationRequest.java Tue Apr 24 09:20:01 2012
@@ -18,31 +18,31 @@
 package org.apache.cxf.fediz.core;
 
 public class FederationRequest {
-	
-	private String wa = null;
-	private String wresult = null;
-	private String wct = null;
-	
-	
-	public String getWct() {
-		return wct;
-	}
-	public void setWct(String wct) {
-		this.wct = wct;
-	}
-	
-	public String getWa() {
-		return wa;
-	}
-	public void setWa(String wa) {
-		this.wa = wa;
-	}
-	public String getWresult() {
-		return wresult;
-	}
-	public void setWresult(String wresult) {
-		this.wresult = wresult;
-	}
 
-	
+    private String wa = null;
+    private String wresult = null;
+    private String wct = null;
+
+
+    public String getWct() {
+        return wct;
+    }
+    public void setWct(String wct) {
+        this.wct = wct;
+    }
+
+    public String getWa() {
+        return wa;
+    }
+    public void setWa(String wa) {
+        this.wa = wa;
+    }
+    public String getWresult() {
+        return wresult;
+    }
+    public void setWresult(String wresult) {
+        this.wresult = wresult;
+    }
+
+
 }

Modified: cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/FederationResponse.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/FederationResponse.java?rev=1329602&r1=1329601&r2=1329602&view=diff
==============================================================================
--- cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/FederationResponse.java (original)
+++ cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/FederationResponse.java Tue Apr 24 09:20:01 2012
@@ -24,92 +24,92 @@ import java.util.List;
 import org.w3c.dom.Element;
 
 public class FederationResponse {
-	
-	private String audience = null;
-	private String username = null;
-	private List<String> roles = null;
-	private String issuer = null;
-	private List<Claim> claims = null;
-	private Element token = null;
-	private String uniqueTokenId = null;
-	
-	/**
-	* Created time
-	*/
-	private Date tokenCreated = null;
-	
-	/**	* Expiration time
-	*/
-	private Date tokenExpires = null;
-	
 
-	
-	private FederationResponse() {}
+    private String audience = null;
+    private String username = null;
+    private List<String> roles = null;
+    private String issuer = null;
+    private List<Claim> claims = null;
+    private Element token = null;
+    private String uniqueTokenId = null;
 
-	public FederationResponse(String username, String issuer, List<String> roles, List<Claim> claims, String audience, Date created, Date expires, Element token, String uniqueTokenId) {
-		this.username = username;
-		this.issuer = issuer;
-		this.roles = roles;
-		this.claims = claims;
-		this.audience = audience;
-		this.tokenCreated = created;
-		this.tokenExpires = expires;
-		this.token = token;
-		this.uniqueTokenId = uniqueTokenId;
-	}
-	
-	
+    /**
+     * Created time
+     */
+     private Date tokenCreated = null;
 
-	public String getUniqueTokenId() {
-		return uniqueTokenId;
-	}
+     /**	* Expiration time
+      */
+     private Date tokenExpires = null;
 
-	public String getAudience() {
-		return audience;
-	}
 
 
+     private FederationResponse() {}
 
-	public String getUsername() {
-		return username;
-	}
+     public FederationResponse(String username, String issuer, List<String> roles, List<Claim> claims, String audience, Date created, Date expires, Element token, String uniqueTokenId) {
+         this.username = username;
+         this.issuer = issuer;
+         this.roles = roles;
+         this.claims = claims;
+         this.audience = audience;
+         this.tokenCreated = created;
+         this.tokenExpires = expires;
+         this.token = token;
+         this.uniqueTokenId = uniqueTokenId;
+     }
 
 
 
-	public List<String> getRoles() {
-		if (roles == null) return null;
-		else return Collections.unmodifiableList(roles);
-	}
+     public String getUniqueTokenId() {
+         return uniqueTokenId;
+     }
 
+     public String getAudience() {
+         return audience;
+     }
 
 
-	public String getIssuer() {
-		return issuer;
-	}
 
+     public String getUsername() {
+         return username;
+     }
 
 
-	public List<Claim> getClaims() {
-		if (claims == null) return null;
-		else return Collections.unmodifiableList(claims);
-	}
 
+     public List<String> getRoles() {
+         if (roles == null) return null;
+         else return Collections.unmodifiableList(roles);
+     }
 
 
-	public Date getTokenCreated() {
-		return tokenCreated;
-	}
 
+     public String getIssuer() {
+         return issuer;
+     }
+
+
+
+     public List<Claim> getClaims() {
+         if (claims == null) return null;
+         else return Collections.unmodifiableList(claims);
+     }
+
+
+
+     public Date getTokenCreated() {
+         return tokenCreated;
+     }
+
+
+
+     public Date getTokenExpires() {
+         return tokenExpires;
+     }
+
+     public Element getToken() {
+         return token;
+     }
 
 
-	public Date getTokenExpires() {
-		return tokenExpires;
-	}
-	
-	public Element getToken() {
-		return token;
-	}
-	
 
-	
 }

Modified: cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/TokenReplayCache.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/TokenReplayCache.java?rev=1329602&r1=1329601&r2=1329602&view=diff
==============================================================================
--- cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/TokenReplayCache.java (original)
+++ cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/TokenReplayCache.java Tue Apr 24 09:20:01 2012
@@ -2,8 +2,8 @@ package org.apache.cxf.fediz.core;
 
 public interface TokenReplayCache<T> {
 
-	public abstract T getId(String id);
+    public abstract T getId(String id);
 
-	public abstract void putId(T id);
+    public abstract void putId(T id);
 
 }
\ No newline at end of file

Modified: cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/TokenReplayCacheInMemory.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/TokenReplayCacheInMemory.java?rev=1329602&r1=1329601&r2=1329602&view=diff
==============================================================================
--- cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/TokenReplayCacheInMemory.java (original)
+++ cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/TokenReplayCacheInMemory.java Tue Apr 24 09:20:01 2012
@@ -25,46 +25,46 @@ import java.util.List;
 //[TODO] add properties TokenReplayCacheExpirationPeriod
 public final class TokenReplayCacheInMemory<T> implements TokenReplayCache<T>{
 
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 7269477566842444549L;
-	
-	private List<T> cache = null;
-	private static TokenReplayCache<String> instance = null;
-	
-	private TokenReplayCacheInMemory() {
-		cache = Collections.synchronizedList(new ArrayList<T>());
-	}
-	
-	synchronized public static TokenReplayCache<String> getInstance() {
-		if (instance != null) {
-			return instance;
-		}
-		instance = new TokenReplayCacheInMemory<String>();
-		return instance;
-	}
-
-	/* (non-Javadoc)
-	 * @see org.apache.fediz.core.TokenReplayCache#getId(java.lang.String)
-	 */
-	@Override
-	public T getId(String id) {
-		int index = cache.indexOf(id);
-		if (index == -1) {
-			return null;
-		} else {
-			return cache.get(index);
-		}
-	}
-	
-	/* (non-Javadoc)
-	 * @see org.apache.fediz.core.TokenReplayCache#putId(T)
-	 */
-	@Override
-	public void putId(T id) {
-		cache.add(id);
-	}
-	
+    /**
+     * 
+     */
+    private static final long serialVersionUID = 7269477566842444549L;
+
+    private List<T> cache = null;
+    private static TokenReplayCache<String> instance = null;
+
+    private TokenReplayCacheInMemory() {
+        cache = Collections.synchronizedList(new ArrayList<T>());
+    }
+
+    synchronized public static TokenReplayCache<String> getInstance() {
+        if (instance != null) {
+            return instance;
+        }
+        instance = new TokenReplayCacheInMemory<String>();
+        return instance;
+    }
+
+    /* (non-Javadoc)
+     * @see org.apache.fediz.core.TokenReplayCache#getId(java.lang.String)
+     */
+    @Override
+    public T getId(String id) {
+        int index = cache.indexOf(id);
+        if (index == -1) {
+            return null;
+        } else {
+            return cache.get(index);
+        }
+    }
+
+    /* (non-Javadoc)
+     * @see org.apache.fediz.core.TokenReplayCache#putId(T)
+     */
+    @Override
+    public void putId(T id) {
+        cache.add(id);
+    }
+
 
 }

Modified: cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/TokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/TokenValidator.java?rev=1329602&r1=1329601&r2=1329602&view=diff
==============================================================================
--- cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/TokenValidator.java (original)
+++ cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/TokenValidator.java Tue Apr 24 09:20:01 2012
@@ -20,21 +20,21 @@ package org.apache.cxf.fediz.core;
 import org.w3c.dom.Element;
 
 public interface TokenValidator {
-    
-	/**
+
+    /**
      * Return true if this TokenValidator implementation is capable of validating the
      * TokenType argument.
      */
     public boolean canHandleTokenType(String tokenType);
-    
-	
+
+
     /**
      * Return true if this TokenValidator implementation is capable of validating the
      * Token argument.
      */
-	public boolean canHandleToken(Element token);
+    public boolean canHandleToken(Element token);
+
 
-	
     /**
      * Validate a Token using the given Element and Configuration.
      */

Modified: cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/TokenValidatorResponse.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/TokenValidatorResponse.java?rev=1329602&r1=1329601&r2=1329602&view=diff
==============================================================================
--- cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/TokenValidatorResponse.java (original)
+++ cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/TokenValidatorResponse.java Tue Apr 24 09:20:01 2012
@@ -20,45 +20,45 @@ package org.apache.cxf.fediz.core;
 import java.util.List;
 
 public class TokenValidatorResponse {
-	
-	private String username = null;
-	private String uniqueTokenId = null;
-	private List<String> roles = null;
-	private String issuer = null;
-	private String audience = null;
-	private List<Claim> claims = null;
-
-	
-	
-	public TokenValidatorResponse(String uniqueTokenId, String username, String issuer, List<String> roles, List<Claim> claims, String audience) {
-		this.username = username;
-		this.issuer = issuer;
-		this.roles = roles;
-		this.claims = claims;
-		this.audience = audience;
-		this.uniqueTokenId = uniqueTokenId;
-	}
-	
-	
-	public String getUsername() {
-		return username;
-	}
-	public String getUniqueTokenId() {
-		return uniqueTokenId;
-	}
-	public List<String> getRoles() {
-		return roles;
-	}
-	public String getIssuer() {
-		return issuer;
-	}
-	public String getAudience() {
-		return audience;
-	}
-	public List<Claim> getClaims() {
-		return claims;
-	}
 
-	
-	
+    private String username = null;
+    private String uniqueTokenId = null;
+    private List<String> roles = null;
+    private String issuer = null;
+    private String audience = null;
+    private List<Claim> claims = null;
+
+
+
+    public TokenValidatorResponse(String uniqueTokenId, String username, String issuer, List<String> roles, List<Claim> claims, String audience) {
+        this.username = username;
+        this.issuer = issuer;
+        this.roles = roles;
+        this.claims = claims;
+        this.audience = audience;
+        this.uniqueTokenId = uniqueTokenId;
+    }
+
+
+    public String getUsername() {
+        return username;
+    }
+    public String getUniqueTokenId() {
+        return uniqueTokenId;
+    }
+    public List<String> getRoles() {
+        return roles;
+    }
+    public String getIssuer() {
+        return issuer;
+    }
+    public String getAudience() {
+        return audience;
+    }
+    public List<Claim> getClaims() {
+        return claims;
+    }
+
+
+
 }

Modified: cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/WsFedPrincipal.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/WsFedPrincipal.java?rev=1329602&r1=1329601&r2=1329602&view=diff
==============================================================================
--- cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/WsFedPrincipal.java (original)
+++ cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/WsFedPrincipal.java Tue Apr 24 09:20:01 2012
@@ -26,39 +26,39 @@ import java.util.List;
 @Deprecated
 public class WsFedPrincipal implements Principal {
 
-	protected String username = null;
-	protected List<String> roles = null;
-	protected ClaimCollection claims = null;
-
-	
-	public WsFedPrincipal(String username) {
-		this(username, null, null);
-	}
-		
-	public WsFedPrincipal(String username, List<String> roles) {
-		this(username, roles, null);
-	}
-		
-	public WsFedPrincipal(String username, List<String> roles, ClaimCollection claims) {
-		this.username = username;
-		this.roles = roles;
-		this.claims = claims;
-	}
-	
-	
-	@Override
-	public String getName() {
-		return this.username;
-	}
-	
-	
-	public List<String> getRoles() {
-		return Collections.unmodifiableList(this.roles);
-	}
-	
-
-	public ClaimCollection getClaims() {
-		return this.claims;
-	}
-	
+    protected String username = null;
+    protected List<String> roles = null;
+    protected ClaimCollection claims = null;
+
+
+    public WsFedPrincipal(String username) {
+        this(username, null, null);
+    }
+
+    public WsFedPrincipal(String username, List<String> roles) {
+        this(username, roles, null);
+    }
+
+    public WsFedPrincipal(String username, List<String> roles, ClaimCollection claims) {
+        this.username = username;
+        this.roles = roles;
+        this.claims = claims;
+    }
+
+
+    @Override
+    public String getName() {
+        return this.username;
+    }
+
+
+    public List<String> getRoles() {
+        return Collections.unmodifiableList(this.roles);
+    }
+
+
+    public ClaimCollection getClaims() {
+        return this.claims;
+    }
+
 }

Modified: cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java?rev=1329602&r1=1329601&r2=1329602&view=diff
==============================================================================
--- cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java (original)
+++ cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java Tue Apr 24 09:20:01 2012
@@ -57,151 +57,151 @@ import org.slf4j.LoggerFactory;
 import org.w3c.dom.Element;
 
 public class SAMLTokenValidator implements TokenValidator {
-	
-	private static final Logger LOG = LoggerFactory.getLogger(SAMLTokenValidator.class);
-	
-	
-	//[TODO] make sure we answer true only for cases we actually can handle
-	@Override
-	public boolean canHandleTokenType(String tokenType) {
-		return true;
-	}
-
-	@Override
-	public boolean canHandleToken(Element token) {
-		return true;
-	}
-	
-	@Override
-	public TokenValidatorResponse validateAndProcessToken(Element token, FederationConfiguration config) {
-		
+
+    private static final Logger LOG = LoggerFactory.getLogger(SAMLTokenValidator.class);
+
+
+    //[TODO] make sure we answer true only for cases we actually can handle
+    @Override
+    public boolean canHandleTokenType(String tokenType) {
+        return true;
+    }
+
+    @Override
+    public boolean canHandleToken(Element token) {
+        return true;
+    }
+
+    @Override
+    public TokenValidatorResponse validateAndProcessToken(Element token, FederationConfiguration config) {
+
         try {
-        	
-        	Properties sigProperties = createCryptoProviderProperties(config.getTrustStoreFile(), config.getTrustStorePassword());
-        	                    	
-        	Crypto sigCrypto = CryptoFactory.getInstance(sigProperties);
-        	RequestData requestData = new RequestData();
+
+            Properties sigProperties = createCryptoProviderProperties(config.getTrustStoreFile(), config.getTrustStorePassword());
+
+            Crypto sigCrypto = CryptoFactory.getInstance(sigProperties);
+            RequestData requestData = new RequestData();
             requestData.setSigCrypto(sigCrypto);
             WSSConfig wssConfig = WSSConfig.getNewInstance();
             requestData.setWssConfig(wssConfig);
             //not needed as no private key must be read
             //requestData.setCallbackHandler(new PasswordCallbackHandler(password));
-        	
-	        AssertionWrapper assertion = new AssertionWrapper(token);
-	        if (!assertion.isSigned()) {
-	        	throw new RuntimeException("The received assertion is not signed, and therefore not trusted");
-	        }
-	        // Verify the signature
-	        assertion.verifySignature(
-	        	requestData, new WSDocInfo(token.getOwnerDocument())
-	        );
-	        
-	        // Now verify trust on the signature
-	        Credential trustCredential = new Credential();
-	        SAMLKeyInfo samlKeyInfo = assertion.getSignatureKeyInfo();
-	        trustCredential.setPublicKey(samlKeyInfo.getPublicKey());
-	        trustCredential.setCertificates(samlKeyInfo.getCerts());
-	        
-	        SignatureTrustValidator trustValidator = new SignatureTrustValidator();
-	        trustValidator.validate(trustCredential, requestData);
-	        
-	        String assertionIssuer = assertion.getIssuerString();
-	        
+
+            AssertionWrapper assertion = new AssertionWrapper(token);
+            if (!assertion.isSigned()) {
+                throw new RuntimeException("The received assertion is not signed, and therefore not trusted");
+            }
+            // Verify the signature
+            assertion.verifySignature(
+                                      requestData, new WSDocInfo(token.getOwnerDocument())
+                );
+
+            // Now verify trust on the signature
+            Credential trustCredential = new Credential();
+            SAMLKeyInfo samlKeyInfo = assertion.getSignatureKeyInfo();
+            trustCredential.setPublicKey(samlKeyInfo.getPublicKey());
+            trustCredential.setCertificates(samlKeyInfo.getCerts());
+
+            SignatureTrustValidator trustValidator = new SignatureTrustValidator();
+            trustValidator.validate(trustCredential, requestData);
+
+            String assertionIssuer = assertion.getIssuerString();
+
             // Finally check that subject DN of the signing certificate matches a known constraint
             X509Certificate cert = null;
             if (trustCredential.getCertificates() != null) {
                 cert = trustCredential.getCertificates()[0];
             }
-            
+
             List<String> subjectConstraints = Arrays.asList(config.getTrustedIssuer());
-            
+
             CertConstraintsParser certConstraints = new CertConstraintsParser();
             certConstraints.setSubjectConstraints(subjectConstraints);
-            
+
             if (!certConstraints.matches(cert)) {
-            	throw new RuntimeException("Issuer '" + assertionIssuer + "' not trusted");
+                throw new RuntimeException("Issuer '" + assertionIssuer + "' not trusted");
             }
-            
-            
+
+
             String audience = null;
             List<Claim> claims = null;
             if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_20)) {
-            	claims = parseClaimsInAssertion(assertion.getSaml2());
-            	audience = getAudienceRestriction(assertion.getSaml2());
+                claims = parseClaimsInAssertion(assertion.getSaml2());
+                audience = getAudienceRestriction(assertion.getSaml2());
             } else if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_11)) {
-            	claims = parseClaimsInAssertion(assertion.getSaml1());
-            	audience = getAudienceRestriction(assertion.getSaml1());
+                claims = parseClaimsInAssertion(assertion.getSaml1());
+                audience = getAudienceRestriction(assertion.getSaml1());
             }
-            
+
             List<String> roles = null;
             URI roleURI = config.getRoleURI();
             String delim = config.getRoleDelimiter();
             if (roleURI != null) {
-            	 for (Claim c: claims) {
-            		URI claimURI = URI.create(c.getNamespace() + "/" + c.getClaimType());
-                 	if (roleURI.equals(claimURI)) {
-                 		if (delim == null) { delim = ","; }
-                 		roles =  parseRoles(c.getValue(), delim);
-                 		claims.remove(c);
-                 		break;
-                 	}
-                 }
+                for (Claim c: claims) {
+                    URI claimURI = URI.create(c.getNamespace() + "/" + c.getClaimType());
+                    if (roleURI.equals(claimURI)) {
+                        if (delim == null) { delim = ","; }
+                        roles =  parseRoles(c.getValue(), delim);
+                        claims.remove(c);
+                        break;
+                    }
+                }
             }
-                       
+
             SAMLTokenPrincipal p = new SAMLTokenPrincipal(assertion);
-            
+
             TokenValidatorResponse response = new TokenValidatorResponse(
-            		assertion.getId(),
-            		p.getName(),
-            		assertionIssuer,
-            		roles,
-            		claims,
-            		audience);
-            
+                                                                         assertion.getId(),
+                                                                         p.getName(),
+                                                                         assertionIssuer,
+                                                                         roles,
+                                                                         claims,
+                                                                         audience);
+
             return response;
-            
+
         } catch (WSSecurityException ex) {
-        	//[TODO] proper exception handling
-        	throw new RuntimeException(ex);
+            //[TODO] proper exception handling
+            throw new RuntimeException(ex);
         }
     }
-	
-	
-	protected List<Claim> parseClaimsInAssertion(org.opensaml.saml1.core.Assertion assertion) {
-		List<org.opensaml.saml1.core.AttributeStatement> attributeStatements = 
+
+
+    protected List<Claim> parseClaimsInAssertion(org.opensaml.saml1.core.Assertion assertion) {
+        List<org.opensaml.saml1.core.AttributeStatement> attributeStatements = 
             assertion.getAttributeStatements();
         if (attributeStatements == null || attributeStatements.isEmpty()) {
             if (LOG.isDebugEnabled()) {
-            	LOG.debug("No attribute statements found");
+                LOG.debug("No attribute statements found");
             }            
             return Collections.emptyList();
         }
         ClaimCollection collection = new ClaimCollection();
-        
+
         for (org.opensaml.saml1.core.AttributeStatement statement : attributeStatements) {
-        	if (LOG.isDebugEnabled()) {
-            	LOG.debug("parsing statement: " + statement.getElementQName());
+            if (LOG.isDebugEnabled()) {
+                LOG.debug("parsing statement: " + statement.getElementQName());
             }
-        
+
             List<org.opensaml.saml1.core.Attribute> attributes = statement.getAttributes();
             for (org.opensaml.saml1.core.Attribute attribute : attributes) {
-            	if (LOG.isDebugEnabled()) {
-                	LOG.debug("parsing attribute: " + attribute.getAttributeName());
+                if (LOG.isDebugEnabled()) {
+                    LOG.debug("parsing attribute: " + attribute.getAttributeName());
                 }
-            	Claim c = new Claim();
-            	c.setIssuer(assertion.getIssuer());
-            	c.setClaimType(URI.create(attribute.getAttributeName()));
-            	try {
-					c.setClaimType(new URI(attribute.getAttributeName()));
-				} catch (URISyntaxException e) {
-					LOG.warn("Invalid attribute name in attributestatement: " + e.getMessage());
-					continue;
-				}
-            	for (XMLObject attributeValue : attribute.getAttributeValues()) {
+                Claim c = new Claim();
+                c.setIssuer(assertion.getIssuer());
+                c.setClaimType(URI.create(attribute.getAttributeName()));
+                try {
+                    c.setClaimType(new URI(attribute.getAttributeName()));
+                } catch (URISyntaxException e) {
+                    LOG.warn("Invalid attribute name in attributestatement: " + e.getMessage());
+                    continue;
+                }
+                for (XMLObject attributeValue : attribute.getAttributeValues()) {
                     Element attributeValueElement = attributeValue.getDOM();
                     String value = attributeValueElement.getTextContent();
                     if (LOG.isDebugEnabled()) {
-                    	LOG.debug(" [" + value + "]");
+                        LOG.debug(" [" + value + "]");
                     }
                     c.setValue(value);
                     collection.add(c);
@@ -210,37 +210,37 @@ public class SAMLTokenValidator implemen
             }
         }
         return collection;
-	}
-	
-	protected List<Claim> parseClaimsInAssertion(org.opensaml.saml2.core.Assertion assertion) {
-		List<org.opensaml.saml2.core.AttributeStatement> attributeStatements = 
+    }
+
+    protected List<Claim> parseClaimsInAssertion(org.opensaml.saml2.core.Assertion assertion) {
+        List<org.opensaml.saml2.core.AttributeStatement> attributeStatements = 
             assertion.getAttributeStatements();
         if (attributeStatements == null || attributeStatements.isEmpty()) {
             if (LOG.isDebugEnabled()) {
-            	LOG.debug("No attribute statements found");
+                LOG.debug("No attribute statements found");
             }
             return Collections.emptyList();
         }
-        
+
         List<Claim> collection = new ArrayList<Claim>();
-        
+
         for (org.opensaml.saml2.core.AttributeStatement statement : attributeStatements) {
-        	if (LOG.isDebugEnabled()) {
-            	LOG.debug("parsing statement: " + statement.getElementQName());
+            if (LOG.isDebugEnabled()) {
+                LOG.debug("parsing statement: " + statement.getElementQName());
             }
             List<org.opensaml.saml2.core.Attribute> attributes = statement.getAttributes();
             for (org.opensaml.saml2.core.Attribute attribute : attributes) {
-            	if (LOG.isDebugEnabled()) {
-                	LOG.debug("parsing attribute: " + attribute.getName());
+                if (LOG.isDebugEnabled()) {
+                    LOG.debug("parsing attribute: " + attribute.getName());
                 }
-            	Claim c = new Claim();
-            	c.setClaimType(URI.create(attribute.getName()));
-            	c.setIssuer(assertion.getIssuer().getNameQualifier());
-            	for (XMLObject attributeValue : attribute.getAttributeValues()) {
+                Claim c = new Claim();
+                c.setClaimType(URI.create(attribute.getName()));
+                c.setIssuer(assertion.getIssuer().getNameQualifier());
+                for (XMLObject attributeValue : attribute.getAttributeValues()) {
                     Element attributeValueElement = attributeValue.getDOM();
                     String value = attributeValueElement.getTextContent();
                     if (LOG.isDebugEnabled()) {
-                    	LOG.debug(" [" + value + "]");
+                        LOG.debug(" [" + value + "]");
                     }
                     c.setValue(value);
                     collection.add(c);
@@ -249,74 +249,73 @@ public class SAMLTokenValidator implemen
             }
         }
         return collection;
-		
-	}
-	
-	protected List<String> parseRoles(String value, String delim) {
-		List<String> roles = new ArrayList<String>();
-		StringTokenizer st = new StringTokenizer(value, delim);
-		while (st.hasMoreTokens()) {
-			String role = st.nextToken();
-			roles.add(role);
-		}
-		return roles;
-	}
-	
-	protected String getAudienceRestriction(org.opensaml.saml1.core.Assertion assertion) {
-		String audience = null;
-		try {
-			audience = assertion.getConditions().getAudienceRestrictionConditions().get(0).getAudiences().get(0).getUri();
-		} catch (Exception ex) {
-			LOG.warn("Failed to read audience" + ex.getMessage());
-		}
-		return audience; 
-	}
-	
-	protected String getAudienceRestriction(org.opensaml.saml2.core.Assertion assertion) {
-		String audience = null;
-		try {
-			audience = assertion.getConditions().getAudienceRestrictions().get(0).getAudiences().get(0).getAudienceURI();
-		} catch (Exception ex) {
-			LOG.warn("Failed to read audience" + ex.getMessage());
-		}
-		return audience;
-        
-	}
-	
-	protected Properties createCryptoProviderProperties(String truststoreFile, String truststorePassword) {
-		Properties p = new Properties();
-		p.put("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
-		p.put("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
-		p.put("org.apache.ws.security.crypto.merlin.keystore.password", truststorePassword);
-		p.put("org.apache.ws.security.crypto.merlin.keystore.file", truststoreFile);
-		return p;
-	}
-   
-	
-	// A sample MyHandler class
-	class PasswordCallbackHandler 
-	    implements CallbackHandler
-	{
-		private String password;
-		
-		private PasswordCallbackHandler() {}
-		
-		public PasswordCallbackHandler(String password) {
-			this.password = password;
-		}
-		
-	    public void handle(Callback[] callbacks) throws
-	        IOException, UnsupportedCallbackException
-	    {
-	        for (int i = 0; i < callbacks.length; i++) {
-	            if (callbacks[i] instanceof WSPasswordCallback) {
-	            	WSPasswordCallback nc = (WSPasswordCallback)callbacks[i];
-	                nc.setPassword(this.password);
-	            } else {
-	                throw new UnsupportedCallbackException(callbacks[i],
-	                                                       "Unrecognized Callback");
-	            }
-	        }
-	    }
-	}
+
+    }
+
+    protected List<String> parseRoles(String value, String delim) {
+        List<String> roles = new ArrayList<String>();
+        StringTokenizer st = new StringTokenizer(value, delim);
+        while (st.hasMoreTokens()) {
+            String role = st.nextToken();
+            roles.add(role);
+        }
+        return roles;
+    }
+
+    protected String getAudienceRestriction(org.opensaml.saml1.core.Assertion assertion) {
+        String audience = null;
+        try {
+            audience = assertion.getConditions().getAudienceRestrictionConditions().get(0).getAudiences().get(0).getUri();
+        } catch (Exception ex) {
+            LOG.warn("Failed to read audience" + ex.getMessage());
+        }
+        return audience; 
+    }
+
+    protected String getAudienceRestriction(org.opensaml.saml2.core.Assertion assertion) {
+        String audience = null;
+        try {
+            audience = assertion.getConditions().getAudienceRestrictions().get(0).getAudiences().get(0).getAudienceURI();
+        } catch (Exception ex) {
+            LOG.warn("Failed to read audience" + ex.getMessage());
+        }
+        return audience;
+
+    }
+
+    protected Properties createCryptoProviderProperties(String truststoreFile, String truststorePassword) {
+        Properties p = new Properties();
+        p.put("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+        p.put("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+        p.put("org.apache.ws.security.crypto.merlin.keystore.password", truststorePassword);
+        p.put("org.apache.ws.security.crypto.merlin.keystore.file", truststoreFile);
+        return p;
+    }
+
+
+    // A sample MyHandler class
+    class PasswordCallbackHandler implements CallbackHandler
+    {
+        private String password;
+
+        private PasswordCallbackHandler() {}
+
+        public PasswordCallbackHandler(String password) {
+            this.password = password;
+        }
+
+        public void handle(Callback[] callbacks) throws
+        IOException, UnsupportedCallbackException
+        {
+            for (int i = 0; i < callbacks.length; i++) {
+                if (callbacks[i] instanceof WSPasswordCallback) {
+                    WSPasswordCallback nc = (WSPasswordCallback)callbacks[i];
+                    nc.setPassword(this.password);
+                } else {
+                    throw new UnsupportedCallbackException(callbacks[i],
+                                                           "Unrecognized Callback");
+                }
+            }
+        }
+    }
 }

Modified: cxf/sandbox/fediz/fediz-core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/fediz/fediz-core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java?rev=1329602&r1=1329601&r2=1329602&view=diff
==============================================================================
--- cxf/sandbox/fediz/fediz-core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java (original)
+++ cxf/sandbox/fediz/fediz-core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java Tue Apr 24 09:20:01 2012
@@ -37,116 +37,116 @@ import static org.apache.cxf.fediz.core.
 
 public class FederationProcessorTest {
 
-	private static final String TEST_OTHER_ISSUER = "ZFS IDP DEV";
-	private static final String TEST_USER = "alice";
-	private static final String TEST_TRUSTSTORE_FILE = "stsstore.jks";
-	private static final String TEST_TRUSTSTORE_PASSWORD = "stsspass";
-	private static final String TEST_RSTR_ISSUER = "DoubleItSTSIssuer";
-	private static final String TEST_CERT_CONSTRAINT = ".*CN=www.sts.com.*";
-	
-	
-	private static String sRSTR = null;
+    private static final String TEST_OTHER_ISSUER = "ZFS IDP DEV";
+    private static final String TEST_USER = "alice";
+    private static final String TEST_TRUSTSTORE_FILE = "stsstore.jks";
+    private static final String TEST_TRUSTSTORE_PASSWORD = "stsspass";
+    private static final String TEST_RSTR_ISSUER = "DoubleItSTSIssuer";
+    private static final String TEST_CERT_CONSTRAINT = ".*CN=www.sts.com.*";
+
+
+    private static String sRSTR = null;
 
     @BeforeClass
-	public static void readWResult() {
-		InputStream is = null;
-		try {
-			is = FederationProcessorTest.class.getResourceAsStream("/RSTR.xml");
-			if (is == null) {
-				throw new FileNotFoundException("Failed to get RSTR.xml");
-			}
-			BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(is));
-			StringBuilder stringBuilder = new StringBuilder();
-			String line = null;
-			while ((line = bufferedReader.readLine()) != null) {
-				stringBuilder.append(line + "\n");
-			}
-			bufferedReader.close();
-			sRSTR = stringBuilder.toString();
-		} catch (Exception e) {
-			e.printStackTrace();
-		} finally {
-			if (is != null) {
-				try {
-					is.close();
-				} catch (IOException e) {
-					e.printStackTrace();
-				}
-			}
-		}
-		Assert.assertNotNull("RSTR resource null", sRSTR);
-		
-	}
-	
-	@org.junit.Test
-	public void validateSAML2Token() {
-		
-		FederationRequest wfReq = new FederationRequest();
-		wfReq.setWa(FederationConstants.ACTION_SIGNIN);
-		wfReq.setWresult(sRSTR);
-		
-		FederationConfiguration config = new FederationConfiguration();
-		config.setTrustedIssuer(TEST_CERT_CONSTRAINT);
-		config.setRoleDelimiter(";");
-		config.setRoleURI(FederationConstants.DEFAULT_ROLE_URI);
-		config.setTrustStoreFile(TEST_TRUSTSTORE_FILE);
-		config.setTrustStorePassword(TEST_TRUSTSTORE_PASSWORD);
-		config.setDetectReplayedTokens(false);
-		
-		FederationProcessor wfProc = new FederationProcessorImpl();
-		FederationResponse wfRes = wfProc.processRequest(wfReq, config);
-		Assert.assertEquals("Principal name wrong", TEST_USER, wfRes.getUsername());
-		Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
-	}
-	
-	
-	@org.junit.Test
-	public void validateSAML2TokenWithWrongIssuer() {
-		
-		FederationRequest wfReq = new FederationRequest();
-		wfReq.setWa(FederationConstants.ACTION_SIGNIN);
-		wfReq.setWresult(sRSTR);
-		
-		FederationConfiguration config = new FederationConfiguration();
-		config.setTrustedIssuer(TEST_OTHER_ISSUER);
-		config.setRoleDelimiter(";");
-		config.setRoleURI(FederationConstants.DEFAULT_ROLE_URI);
-		config.setTrustStoreFile(TEST_TRUSTSTORE_FILE);
-		config.setTrustStorePassword(TEST_TRUSTSTORE_PASSWORD);
-		config.setDetectReplayedTokens(false);
-		
-		FederationProcessor wfProc = new FederationProcessorImpl();
-		try {
-			wfProc.processRequest(wfReq, config);
-			Assert.fail("Processing must fail because of wrong issuer configured");
-		}
-		catch (RuntimeException ex) {
-			Assert.assertEquals("Exception expected", "Issuer '" + TEST_RSTR_ISSUER + "' not trusted", ex.getMessage());
-		}
-	}
-	
-	@org.junit.Test
-	public void validateSAML2TokenForRoles() {
-		
-		FederationRequest wfReq = new FederationRequest();
-		wfReq.setWa(FederationConstants.ACTION_SIGNIN);
-		wfReq.setWresult(sRSTR);
-		
-		FederationConfiguration config = new FederationConfiguration();
-		config.setTrustedIssuer(TEST_CERT_CONSTRAINT);
-		config.setRoleDelimiter(";");
-		config.setRoleURI(DEFAULT_ROLE_URI);
-		config.setTrustStoreFile(TEST_TRUSTSTORE_FILE);
-		config.setTrustStorePassword(TEST_TRUSTSTORE_PASSWORD);
-		config.setDetectReplayedTokens(false);
-		
-		FederationProcessor wfProc = new FederationProcessorImpl();
-		FederationResponse wfRes = wfProc.processRequest(wfReq, config);
-		Assert.assertEquals("Principal name wrong", TEST_USER, wfRes.getUsername());
-		Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
-		Assert.assertEquals("One role must be found", 1, wfRes.getRoles().size());
-	}
-	
- 
+    public static void readWResult() {
+        InputStream is = null;
+        try {
+            is = FederationProcessorTest.class.getResourceAsStream("/RSTR.xml");
+            if (is == null) {
+                throw new FileNotFoundException("Failed to get RSTR.xml");
+            }
+            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(is));
+            StringBuilder stringBuilder = new StringBuilder();
+            String line = null;
+            while ((line = bufferedReader.readLine()) != null) {
+                stringBuilder.append(line + "\n");
+            }
+            bufferedReader.close();
+            sRSTR = stringBuilder.toString();
+        } catch (Exception e) {
+            e.printStackTrace();
+        } finally {
+            if (is != null) {
+                try {
+                    is.close();
+                } catch (IOException e) {
+                    e.printStackTrace();
+                }
+            }
+        }
+        Assert.assertNotNull("RSTR resource null", sRSTR);
+
+    }
+
+    @org.junit.Test
+    public void validateSAML2Token() {
+
+        FederationRequest wfReq = new FederationRequest();
+        wfReq.setWa(FederationConstants.ACTION_SIGNIN);
+        wfReq.setWresult(sRSTR);
+
+        FederationConfiguration config = new FederationConfiguration();
+        config.setTrustedIssuer(TEST_CERT_CONSTRAINT);
+        config.setRoleDelimiter(";");
+        config.setRoleURI(FederationConstants.DEFAULT_ROLE_URI);
+        config.setTrustStoreFile(TEST_TRUSTSTORE_FILE);
+        config.setTrustStorePassword(TEST_TRUSTSTORE_PASSWORD);
+        config.setDetectReplayedTokens(false);
+
+        FederationProcessor wfProc = new FederationProcessorImpl();
+        FederationResponse wfRes = wfProc.processRequest(wfReq, config);
+        Assert.assertEquals("Principal name wrong", TEST_USER, wfRes.getUsername());
+        Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
+    }
+
+
+    @org.junit.Test
+    public void validateSAML2TokenWithWrongIssuer() {
+
+        FederationRequest wfReq = new FederationRequest();
+        wfReq.setWa(FederationConstants.ACTION_SIGNIN);
+        wfReq.setWresult(sRSTR);
+
+        FederationConfiguration config = new FederationConfiguration();
+        config.setTrustedIssuer(TEST_OTHER_ISSUER);
+        config.setRoleDelimiter(";");
+        config.setRoleURI(FederationConstants.DEFAULT_ROLE_URI);
+        config.setTrustStoreFile(TEST_TRUSTSTORE_FILE);
+        config.setTrustStorePassword(TEST_TRUSTSTORE_PASSWORD);
+        config.setDetectReplayedTokens(false);
+
+        FederationProcessor wfProc = new FederationProcessorImpl();
+        try {
+            wfProc.processRequest(wfReq, config);
+            Assert.fail("Processing must fail because of wrong issuer configured");
+        }
+        catch (RuntimeException ex) {
+            Assert.assertEquals("Exception expected", "Issuer '" + TEST_RSTR_ISSUER + "' not trusted", ex.getMessage());
+        }
+    }
+
+    @org.junit.Test
+    public void validateSAML2TokenForRoles() {
+
+        FederationRequest wfReq = new FederationRequest();
+        wfReq.setWa(FederationConstants.ACTION_SIGNIN);
+        wfReq.setWresult(sRSTR);
+
+        FederationConfiguration config = new FederationConfiguration();
+        config.setTrustedIssuer(TEST_CERT_CONSTRAINT);
+        config.setRoleDelimiter(";");
+        config.setRoleURI(DEFAULT_ROLE_URI);
+        config.setTrustStoreFile(TEST_TRUSTSTORE_FILE);
+        config.setTrustStorePassword(TEST_TRUSTSTORE_PASSWORD);
+        config.setDetectReplayedTokens(false);
+
+        FederationProcessor wfProc = new FederationProcessorImpl();
+        FederationResponse wfRes = wfProc.processRequest(wfReq, config);
+        Assert.assertEquals("Principal name wrong", TEST_USER, wfRes.getUsername());
+        Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
+        Assert.assertEquals("One role must be found", 1, wfRes.getRoles().size());
+    }
+
+
 
 }

Modified: cxf/sandbox/fediz/fediz-examples/webapp/src/main/java/org/apache/cxf/fediz/example/FederationFilter.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/fediz/fediz-examples/webapp/src/main/java/org/apache/cxf/fediz/example/FederationFilter.java?rev=1329602&r1=1329601&r2=1329602&view=diff
==============================================================================
--- cxf/sandbox/fediz/fediz-examples/webapp/src/main/java/org/apache/cxf/fediz/example/FederationFilter.java (original)
+++ cxf/sandbox/fediz/fediz-examples/webapp/src/main/java/org/apache/cxf/fediz/example/FederationFilter.java Tue Apr 24 09:20:01 2012
@@ -30,53 +30,53 @@ import javax.servlet.http.HttpServletReq
 import org.w3c.dom.Element;
 
 /**
-* Add security token to thread local
-*
-*/
+ * Add security token to thread local
+ *
+ */
 public class FederationFilter implements Filter {
 
-	private static final String DEFAULT_SECURITY_TOKEN_ATTR = "org.apache.fediz.SECURITY_TOKEN";
-	private static final String SECURITY_TOKEN_ATTR_CONFIG = "security.token.attribute";
-	
-	private String securityTokenAttr = DEFAULT_SECURITY_TOKEN_ATTR;
-	
-	@Override
-	public void init(FilterConfig filterConfig) throws ServletException {
-		String attrName = filterConfig.getInitParameter(SECURITY_TOKEN_ATTR_CONFIG);
-		if (attrName != null) {
-			securityTokenAttr = attrName;
-		}
-		
-	}
-
-	@Override
-	public void doFilter(ServletRequest request, ServletResponse response,
-			FilterChain chain) throws IOException, ServletException {
-	
-		if (request instanceof HttpServletRequest) {
-			HttpServletRequest hrequest = (HttpServletRequest)request;
-			Element el = (Element)hrequest.getSession().getAttribute(securityTokenAttr);
-			if (el != null) {
-				try
-				{
-					SecurityTokenThreadLocal.setToken(el);
-					chain.doFilter(request, response);
-				} finally {
-					SecurityTokenThreadLocal.setToken(null);
-				}		
-			} else {
-				chain.doFilter(request, response);
-			}
-			
-		} else {
-			chain.doFilter(request, response);
-		}
-	}
-
-	@Override
-	public void destroy() {
-		// TODO Auto-generated method stub
+    private static final String DEFAULT_SECURITY_TOKEN_ATTR = "org.apache.fediz.SECURITY_TOKEN";
+    private static final String SECURITY_TOKEN_ATTR_CONFIG = "security.token.attribute";
 
-	}
+    private String securityTokenAttr = DEFAULT_SECURITY_TOKEN_ATTR;
+
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+        String attrName = filterConfig.getInitParameter(SECURITY_TOKEN_ATTR_CONFIG);
+        if (attrName != null) {
+            securityTokenAttr = attrName;
+        }
+
+    }
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response,
+                         FilterChain chain) throws IOException, ServletException {
+
+        if (request instanceof HttpServletRequest) {
+            HttpServletRequest hrequest = (HttpServletRequest)request;
+            Element el = (Element)hrequest.getSession().getAttribute(securityTokenAttr);
+            if (el != null) {
+                try
+                {
+                    SecurityTokenThreadLocal.setToken(el);
+                    chain.doFilter(request, response);
+                } finally {
+                    SecurityTokenThreadLocal.setToken(null);
+                }		
+            } else {
+                chain.doFilter(request, response);
+            }
+
+        } else {
+            chain.doFilter(request, response);
+        }
+    }
+
+    @Override
+    public void destroy() {
+        // TODO Auto-generated method stub
+
+    }
 
 }

Modified: cxf/sandbox/fediz/fediz-examples/webapp/src/main/java/org/apache/cxf/fediz/example/SecurityTokenThreadLocal.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/fediz/fediz-examples/webapp/src/main/java/org/apache/cxf/fediz/example/SecurityTokenThreadLocal.java?rev=1329602&r1=1329601&r2=1329602&view=diff
==============================================================================
--- cxf/sandbox/fediz/fediz-examples/webapp/src/main/java/org/apache/cxf/fediz/example/SecurityTokenThreadLocal.java (original)
+++ cxf/sandbox/fediz/fediz-examples/webapp/src/main/java/org/apache/cxf/fediz/example/SecurityTokenThreadLocal.java Tue Apr 24 09:20:01 2012
@@ -21,20 +21,20 @@ import org.w3c.dom.Element;
 
 
 /**
-* Thread local storage for security token
-*
-*/
+ * Thread local storage for security token
+ *
+ */
 public class SecurityTokenThreadLocal {
 
-	private static final ThreadLocal<Element> threadToken = 
-	       new ThreadLocal<Element>() {
-	};
-	
-	public static void setToken(Element token) {
-		threadToken.set(token);
-	}
-	
-	public static Element getToken() {
-		return threadToken.get();
-	}
+    private static final ThreadLocal<Element> threadToken = 
+        new ThreadLocal<Element>() {
+    };
+
+    public static void setToken(Element token) {
+        threadToken.set(token);
+    }
+
+    public static Element getToken() {
+        return threadToken.get();
+    }
 }



Mime
View raw message