cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1341842 - in /cxf/fediz/trunk: ./ plugins/core/ plugins/core/src/main/java/org/apache/cxf/fediz/core/ plugins/core/src/main/resources/ plugins/core/src/test/java/org/apache/cxf/fediz/common/ plugins/core/src/test/java/org/apache/cxf/fediz/...
Date Wed, 23 May 2012 12:06:06 GMT
Author: coheigea
Date: Wed May 23 12:06:06 2012
New Revision: 1341842

URL: http://svn.apache.org/viewvc?rev=1341842&view=rev
Log:
[FEDIZ-13] - Add a new (default) TokenReplayCache implementation based on EhCache

Added:
    cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/EHCacheTokenReplayCache.java
    cxf/fediz/trunk/plugins/core/src/main/resources/fediz-ehcache.xml
    cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/common/
    cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/common/SecurityTestUtil.java
    cxf/fediz/trunk/plugins/core/src/test/resources/RSTR_replay.xml
Modified:
    cxf/fediz/trunk/plugins/core/pom.xml
    cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java
    cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenReplayCache.java
    cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenReplayCacheInMemory.java
    cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java
    cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java
    cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java
    cxf/fediz/trunk/pom.xml

Modified: cxf/fediz/trunk/plugins/core/pom.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/pom.xml?rev=1341842&r1=1341841&r2=1341842&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/pom.xml (original)
+++ cxf/fediz/trunk/plugins/core/pom.xml Wed May 23 12:06:06 2012
@@ -47,6 +47,12 @@
 			<version>${wss4j.version}</version>
 			<scope>compile</scope>
 		</dependency>
+                <dependency>
+                    <groupId>net.sf.ehcache</groupId>
+                    <artifactId>ehcache-core</artifactId>
+                    <version>${ehcache.version}</version>
+                    <scope>compile</scope>
+                </dependency>
 		<dependency>
 			<groupId>org.slf4j</groupId>
 			<artifactId>slf4j-jdk14</artifactId>

Added: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/EHCacheTokenReplayCache.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/EHCacheTokenReplayCache.java?rev=1341842&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/EHCacheTokenReplayCache.java
(added)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/EHCacheTokenReplayCache.java
Wed May 23 12:06:06 2012
@@ -0,0 +1,126 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.core;
+
+import java.io.Closeable;
+import java.io.IOException;
+import java.net.URL;
+
+import net.sf.ehcache.Cache;
+import net.sf.ehcache.CacheManager;
+import net.sf.ehcache.Ehcache;
+import net.sf.ehcache.Element;
+
+import org.apache.ws.security.util.Loader;
+
+/**
+ * An in-memory EHCache implementation of the TokenReplayCache interface. 
+ * The default TTL is 60 minutes.
+ */
+public class EHCacheTokenReplayCache implements TokenReplayCache<String>, Closeable
{
+    
+    public static final long DEFAULT_TTL = 3600L;
+    private static final String CACHE_KEY = "fediz-replay-cache";
+    private Ehcache cache;
+    private CacheManager cacheManager;
+    private long ttl = DEFAULT_TTL;
+    
+    public EHCacheTokenReplayCache() {
+        String defaultConfigFile = "fediz-ehcache.xml";
+        URL configFileURL = Loader.getResource(defaultConfigFile);
+        createCache(configFileURL);
+    }
+    
+    public EHCacheTokenReplayCache(URL configFileURL) {
+        createCache(configFileURL);
+    }
+    
+    private void createCache(URL configFileURL) {
+        if (configFileURL == null) {
+            cacheManager = CacheManager.create();
+        } else {
+            cacheManager = CacheManager.create(configFileURL);
+        }
+        
+        Ehcache newCache = new Cache(CACHE_KEY, 50000, true, false, DEFAULT_TTL, DEFAULT_TTL);
+        cache = cacheManager.addCacheIfAbsent(newCache);
+    }
+    
+    /**
+     * Set a new (default) TTL value in seconds
+     * @param newTtl a new (default) TTL value in seconds
+     */
+    public void setTTL(long newTtl) {
+        ttl = newTtl;
+    }
+    
+    /**
+     * Get the (default) TTL value in seconds
+     * @return the (default) TTL value in seconds
+     */
+    public long getTTL() {
+        return ttl;
+    }
+    
+    /**
+     * Add the given identifier to the cache. It will be cached for a default amount of time.
+     * @param id The identifier to be added
+     */
+    @Override
+    public void putId(String id) {
+        if (id == null || "".equals(id)) {
+            return;
+        }
+        
+        int parsedTTL = (int)ttl;
+        if (ttl != (long)parsedTTL) {
+            // Fall back to 60 minutes if the default TTL is set incorrectly
+            parsedTTL = 3600;
+        }
+        
+        cache.put(new Element(id, id, false, parsedTTL, parsedTTL));
+    }
+    
+    
+    /**
+     * Return the given identifier if it is contained in the cache, otherwise null.
+     * @param id The identifier to check
+     */
+    public String getId(String id) {
+        Element element = cache.get(id);
+        if (element != null) {
+            if (cache.isExpired(element)) {
+                cache.remove(id);
+                return null;
+            }
+            return (String)element.getObjectValue();
+        }
+        return null;
+    }
+
+    public void close() throws IOException {
+        if (cacheManager != null) {
+            cacheManager.shutdown();
+            cacheManager = null;
+            cache = null;
+        }
+    }
+    
+}

Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java?rev=1341842&r1=1341841&r2=1341842&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java
(original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java
Wed May 23 12:06:06 2012
@@ -56,7 +56,7 @@ public class FederationProcessorImpl imp
      */
     public FederationProcessorImpl() {
         super();
-        replayCache = TokenReplayCacheInMemory.getInstance();
+        replayCache = new EHCacheTokenReplayCache();
     }
 
     /**

Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenReplayCache.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenReplayCache.java?rev=1341842&r1=1341841&r2=1341842&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenReplayCache.java
(original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenReplayCache.java
Wed May 23 12:06:06 2012
@@ -21,7 +21,7 @@ package org.apache.cxf.fediz.core;
 
 public interface TokenReplayCache<T> {
 
-    T getId(String id);
+    T getId(T id);
 
     void putId(T id);
 

Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenReplayCacheInMemory.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenReplayCacheInMemory.java?rev=1341842&r1=1341841&r2=1341842&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenReplayCacheInMemory.java
(original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenReplayCacheInMemory.java
Wed May 23 12:06:06 2012
@@ -48,7 +48,7 @@ public final class TokenReplayCacheInMem
     }
 
     @Override
-    public T getId(String id) {
+    public T getId(T id) {
         int index = cache.indexOf(id);
         if (index == -1) {
             return null;

Added: cxf/fediz/trunk/plugins/core/src/main/resources/fediz-ehcache.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/resources/fediz-ehcache.xml?rev=1341842&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/resources/fediz-ehcache.xml (added)
+++ cxf/fediz/trunk/plugins/core/src/main/resources/fediz-ehcache.xml Wed May 23 12:06:06
2012
@@ -0,0 +1,16 @@
+<ehcache xsi:noNamespaceSchemaLocation="ehcache.xsd" updateCheck="false" monitoring="autodetect"
dynamicConfig="true">
+
+    <diskStore path="java.io.tmpdir"/>
+
+    <defaultCache
+            maxElementsInMemory="50000"
+            eternal="false"
+            timeToIdleSeconds="3600"
+            timeToLiveSeconds="3600"
+            overflowToDisk="true"
+            maxElementsOnDisk="10000000"
+            diskPersistent="false"
+            diskExpiryThreadIntervalSeconds="120"
+            memoryStoreEvictionPolicy="LRU"
+            />
+</ehcache>

Added: cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/common/SecurityTestUtil.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/common/SecurityTestUtil.java?rev=1341842&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/common/SecurityTestUtil.java
(added)
+++ cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/common/SecurityTestUtil.java
Wed May 23 12:06:06 2012
@@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.common;
+
+import java.io.File;
+
+/**
+ * A utility class for security tests
+ */
+public final class SecurityTestUtil {
+    
+    private SecurityTestUtil() {
+        // complete
+    }
+    
+    public static void cleanup() {
+        String tmpDir = System.getProperty("java.io.tmpdir");
+        if (tmpDir != null) {
+            File replayCacheFile = 
+                new File(tmpDir + File.separator + "fediz-replay-cache.data");
+            if (replayCacheFile.exists()) {
+                replayCacheFile.delete();
+            }
+        }
+    }
+    
+}

Modified: cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java?rev=1341842&r1=1341841&r2=1341842&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java
(original)
+++ cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java
Wed May 23 12:06:06 2012
@@ -29,10 +29,14 @@ import java.net.URL;
 
 import junit.framework.Assert;
 
+import org.apache.cxf.fediz.common.SecurityTestUtil;
 import org.apache.cxf.fediz.core.config.FederationConfigurator;
 import org.apache.cxf.fediz.core.config.FederationContext;
+import org.junit.AfterClass;
 import org.junit.BeforeClass;
 
+import static org.junit.Assert.fail;
+
 public class FederationProcessorTest {
     private static final String TEST_USER = "alice";
     private static final String TEST_RSTR_ISSUER = "DoubleItSTSIssuer";
@@ -41,13 +45,30 @@ public class FederationProcessorTest {
     private static final String CONFIG_FILE_WRONG_ISSUER = "fediz_test_config2.xml";
 
     private static String sRSTR;
+    private static String sRSTRREPLAY;
 
     @BeforeClass
     public static void readWResult() {
+        try {
+            sRSTR = loadResource("RSTR.xml");
+            sRSTRREPLAY = loadResource("RSTR_replay.xml");
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+        Assert.assertNotNull("RSTR resource null", sRSTR);
+        Assert.assertNotNull(loadRootConfig());
+
+    }
+    
+    @AfterClass
+    public static void cleanup() {
+        SecurityTestUtil.cleanup();
+    }
+    
+    private static String loadResource(String filename) throws IOException {
         InputStream is = null;
         try {
-            is = FederationProcessorTest.class
-                    .getResourceAsStream("/RSTR.xml");
+            is = FederationProcessorTest.class.getResourceAsStream("/" + filename);
             if (is == null) {
                 throw new FileNotFoundException("Failed to get RSTR.xml");
             }
@@ -59,9 +80,7 @@ public class FederationProcessorTest {
                 stringBuilder.append(line + "\n");
             }
             bufferedReader.close();
-            sRSTR = stringBuilder.toString();
-        } catch (Exception e) {
-            e.printStackTrace();
+            return stringBuilder.toString();
         } finally {
             if (is != null) {
                 try {
@@ -71,9 +90,6 @@ public class FederationProcessorTest {
                 }
             }
         }
-        Assert.assertNotNull("RSTR resource null", sRSTR);
-        Assert.assertNotNull(loadRootConfig());
-
     }
 
     private static FederationContext loadRootConfig() {
@@ -157,5 +173,29 @@ public class FederationProcessorTest {
         Assert.assertEquals("One role must be found", 1, wfRes.getRoles()
                 .size());
     }
+    
+    @org.junit.Test
+    public void testReplayAttack() {
+
+        FederationRequest wfReq = new FederationRequest();
+        wfReq.setWa(FederationConstants.ACTION_SIGNIN);
+        wfReq.setWresult(sRSTRREPLAY);
+        FederationContext config = loadRootConfig();
+
+        FederationProcessor wfProc = new FederationProcessorImpl();
+        FederationResponse wfRes = wfProc.processRequest(wfReq, config);
+        Assert.assertEquals("Principal name wrong", TEST_USER,
+                wfRes.getUsername());
+        Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
+        
+        wfProc = new FederationProcessorImpl();
+        try {
+            wfProc.processRequest(wfReq, config);
+            fail("Failure expected on a replay attack");
+        } catch (Exception ex) {
+            // expected
+        }
+    }
+
 
 }

Modified: cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java?rev=1341842&r1=1341841&r2=1341842&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java
(original)
+++ cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java
Wed May 23 12:06:06 2012
@@ -28,6 +28,7 @@ import java.math.BigInteger;
 import javax.xml.bind.JAXBContext;
 import javax.xml.bind.JAXBException;
 
+import org.apache.cxf.fediz.common.SecurityTestUtil;
 import org.apache.cxf.fediz.core.config.jaxb.ArgumentType;
 import org.apache.cxf.fediz.core.config.jaxb.AudienceUris;
 import org.apache.cxf.fediz.core.config.jaxb.AuthenticationType;
@@ -43,6 +44,7 @@ import org.apache.cxf.fediz.core.config.
 import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuerType;
 import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuers;
 import org.apache.cxf.fediz.core.config.jaxb.ValidationType;
+import org.junit.AfterClass;
 import org.junit.Assert;
 
 public class FedizConfigurationTest {
@@ -80,6 +82,11 @@ public class FedizConfigurationTest {
     
 
     private static final String CONFIG_FILE = "./target/fedizconfig.xml";
+    
+    @AfterClass
+    public static void cleanup() {
+        SecurityTestUtil.cleanup();
+    }
 
     //CHECKSTYLE:OFF
     private FedizConfig createConfiguration() throws JAXBException {

Modified: cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java?rev=1341842&r1=1341841&r2=1341842&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java
(original)
+++ cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java
Wed May 23 12:06:06 2012
@@ -29,6 +29,7 @@ import java.util.List;
 import javax.xml.bind.JAXBContext;
 import javax.xml.bind.JAXBException;
 
+import org.apache.cxf.fediz.common.SecurityTestUtil;
 import org.apache.cxf.fediz.core.config.jaxb.ArgumentType;
 import org.apache.cxf.fediz.core.config.jaxb.AudienceUris;
 import org.apache.cxf.fediz.core.config.jaxb.AuthenticationType;
@@ -44,6 +45,7 @@ import org.apache.cxf.fediz.core.config.
 import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuerType;
 import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuers;
 import org.apache.cxf.fediz.core.config.jaxb.ValidationType;
+import org.junit.AfterClass;
 import org.junit.Assert;
 
 public class FedizConfigurationWriterTest {
@@ -74,6 +76,11 @@ public class FedizConfigurationWriterTes
     private static final String CLAIM_TYPE_1 = "a particular claim type";
 
     private static final String CONFIG_FILE = "./target/fediz_test_config.xml";
+    
+    @AfterClass
+    public static void cleanup() {
+        SecurityTestUtil.cleanup();
+    }
 
     //CHECKSTYLE:OFF
     private FedizConfig createConfiguration() throws JAXBException {

Added: cxf/fediz/trunk/plugins/core/src/test/resources/RSTR_replay.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/resources/RSTR_replay.xml?rev=1341842&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/test/resources/RSTR_replay.xml (added)
+++ cxf/fediz/trunk/plugins/core/src/test/resources/RSTR_replay.xml Wed May 23 12:06:06 2012
@@ -0,0 +1,3 @@
+<!--  DO NOT REFORMAT THIS XML DOCUMENT AS IT BREAKS THE SAML SIGNTATURE VALIDATION -->
+
+<RequestSecurityTokenResponseCollection xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512"
xmlns:ns2="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:ns3="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:ns4="http://www.w3.org/2005/08/addressing" xmlns:ns5="http://docs.oasis-open.org/ws-sx/ws-trust/200802"><RequestSecurityTokenResponse><TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</TokenType><RequestedSecurityToken><saml2:Assertion
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="_93FDCC53AC1D5AE3EB131849544559910"
IssueInstant="2011-10-13T08:44:05.599Z" Version="2.0" xsi:type="saml2:AssertionType"><saml2:Issuer>DoubleItSTSIssuer</saml2:Issuer><ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod
Algo
 rithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference
URI="#_93FDCC53AC1D5AE3EB131849544559910"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
PrefixList="xs"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>3BwoTotMyMTFt40DCmi0ayEdnko=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>bXSIwaG+e2hDdpdDkciR3pjLbbpCLD/XwS+CezMygN/w2g1trgyaIlfkUvyAXVyk5ULJH9s+fFuecPgRm2n2JePm8Up2oZ0+vAJ6fvwQxbhhpuGz8j+OkVr11rGMjpVo1tFSVQNlq183blHVjjDQhGBl7TvoKAZsSGnhzoHclEY=</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIID5jCCA0+gAwIBAgIJAPahVdM2UPibMA0GCSqGSIb3DQEBBQUAMIGpMQswCQYDVQQGEwJVUzERMA8GA1UECBMITWFyeWxhbmQxEjAQBg
 NVBAcTCUJhbHRpbW9yZTEpMCcGA1UEChMgU2FtcGxlIFNUUyAtLSBOT1QgRk9SIFBST0RVQ1RJT04xFjAUBgNVBAsTDUlUIERlcGFydG1lbnQxFDASBgNVBAMTC3d3dy5zdHMuY29tMRowGAYJKoZIhvcNAQkBFgtzdHNAc3RzLmNvbTAeFw0xMTAyMDkxODM4MTNaFw0yMTAyMDYxODM4MTNaMIGpMQswCQYDVQQGEwJVUzERMA8GA1UECBMITWFyeWxhbmQxEjAQBgNVBAcTCUJhbHRpbW9yZTEpMCcGA1UEChMgU2FtcGxlIFNUUyAtLSBOT1QgRk9SIFBST0RVQ1RJT04xFjAUBgNVBAsTDUlUIERlcGFydG1lbnQxFDASBgNVBAMTC3d3dy5zdHMuY29tMRowGAYJKoZIhvcNAQkBFgtzdHNAc3RzLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo+f8gs4WcteLdSPWPm8+ciyEz7zVmA7kcCGFQQvlO0smxRViWJ1x+yniT5Uu86UrAQjxRJyANBomQrirfE7KPrnCm6iVOsGDEntuIZAf7DFPnrv5p++jAZQuR3vm4ZHXFOFTXmI+/FD5AqLfNi17xiTxZCDYyDdD39CNFTrB2PkCAwEAAaOCARIwggEOMB0GA1UdDgQWBBRa0A38holQIbJMFW7m5ZSw+iVDHDCB3gYDVR0jBIHWMIHTgBRa0A38holQIbJMFW7m5ZSw+iVDHKGBr6SBrDCBqTELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE1hcnlsYW5kMRIwEAYDVQQHEwlCYWx0aW1vcmUxKTAnBgNVBAoTIFNhbXBsZSBTVFMgLS0gTk9UIEZPUiBQUk9EVUNUSU9OMRYwFAYDVQQLEw1JVCBEZXBhcnRtZW50MRQwEgYDVQQDEwt3d3cuc3RzLmNvbTEaMBgGCSqGSIb3DQEJARYLc3R
 zQHN0cy5jb22CCQD2oVXTNlD4mzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBACp9yK1I9r++pyFT0yrcaV1m1Sub6urJH+GxQLBaTnTsaPLuzq2gIsJHpwk5XggB+IDe69iKKeb74Vt8aOe5usIWVASgi9ckqCwdfTqYu6KG9BlezqHZdExnIG2v/cD/3NkKr7O/a7DjlbE6FZ4G1nrOfVJkjmeAa6txtYm1Dm/f</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2:Subject><saml2:NameID
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="http://cxf.apache.org/sts">alice</saml2:NameID><saml2:SubjectConfirmation
Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/></saml2:Subject><saml2:Conditions
NotBefore="2011-10-13T08:44:05.600Z" NotOnOrAfter="2011-10-13T08:49:05.600Z"><saml2:AudienceRestriction><saml2:Audience>http://localhost:8080/wsfedhelloworld/</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions><saml2:AttributeStatement><saml2:Attribute
Name="givenname" NameFormat="http://schemas.xmlsoap.org/ws/2005/05/identity/claims"><saml2:AttributeValue
xsi:type="xs:string">Alice</saml2:AttributeValue></
 saml2:Attribute><saml2:Attribute Name="surname" NameFormat="http://schemas.xmlsoap.org/ws/2005/05/identity/claims"><saml2:AttributeValue
xsi:type="xs:string">Smith</saml2:AttributeValue></saml2:Attribute><saml2:Attribute
Name="emailaddress" NameFormat="http://schemas.xmlsoap.org/ws/2005/05/identity/claims"><saml2:AttributeValue
xsi:type="xs:string">alice@mycompany.org</saml2:AttributeValue></saml2:Attribute><saml2:Attribute
Name="role" NameFormat="http://schemas.xmlsoap.org/ws/2005/05/identity/claims"><saml2:AttributeValue
xsi:type="xs:string">User</saml2:AttributeValue></saml2:Attribute></saml2:AttributeStatement></saml2:Assertion></RequestedSecurityToken><RequestedAttachedReference><ns3:SecurityTokenReference
xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"><ns3:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#
 SAMLID">#_93FDCC53AC1D5AE3EB131849544559910</ns3:KeyIdentifier></ns3:SecurityTokenReference></RequestedAttachedReference><RequestedUnattachedReference><ns3:SecurityTokenReference
xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"><ns3:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">_93FDCC53AC1D5AE3EB131849544559910</ns3:KeyIdentifier></ns3:SecurityTokenReference></RequestedUnattachedReference><wsp:AppliesTo
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"><wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsa:Address>http://localhost:8080/wsfedhelloworld/</wsa:Address></wsa:EndpointReference></wsp:AppliesTo><Lifetime><ns2:Created>2011-10-13T08:44:05.608Z</ns2:Created><ns2:Expires>2011-10-13T08:49:05.608Z</ns2:Expires></Lifetime></RequestSecurityTokenResponse></RequestSecurity
 TokenResponseCollection>
\ No newline at end of file

Modified: cxf/fediz/trunk/pom.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/pom.xml?rev=1341842&r1=1341841&r2=1341842&view=diff
==============================================================================
--- cxf/fediz/trunk/pom.xml (original)
+++ cxf/fediz/trunk/pom.xml Wed May 23 12:06:06 2012
@@ -34,6 +34,7 @@
     </parent>
 
     <properties>
+        <ehcache.version>2.5.1</ehcache.version>
         <slf4j.version>1.6.1</slf4j.version>
         <spring.version>3.0.7.RELEASE</spring.version>
         <tomcat.version>7.0.27</tomcat.version>



Mime
View raw message