cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gma...@apache.org
Subject svn commit: r1360912 - in /cxf/fediz/trunk: BUILDING.txt README.txt examples/samplekeys/HowToGenerateKeysREADME.html examples/samplekeys/HowToGenerateKeysREADME.txt release_notes.txt
Date Thu, 12 Jul 2012 20:28:30 GMT
Author: gmazza
Date: Thu Jul 12 20:28:30 2012
New Revision: 1360912

URL: http://svn.apache.org/viewvc?rev=1360912&view=rev
Log:
Switched keys README to a more readable HTML format.

Added:
    cxf/fediz/trunk/examples/samplekeys/HowToGenerateKeysREADME.html
Removed:
    cxf/fediz/trunk/examples/samplekeys/HowToGenerateKeysREADME.txt
Modified:
    cxf/fediz/trunk/BUILDING.txt
    cxf/fediz/trunk/README.txt
    cxf/fediz/trunk/release_notes.txt

Modified: cxf/fediz/trunk/BUILDING.txt
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/BUILDING.txt?rev=1360912&r1=1360911&r2=1360912&view=diff
==============================================================================
--- cxf/fediz/trunk/BUILDING.txt (original)
+++ cxf/fediz/trunk/BUILDING.txt Thu Jul 12 20:28:30 2012
@@ -4,12 +4,12 @@ Building Apache CXF Fediz
 Initial Setup
 -------------
 
-1) Install J2SE 6.0 SDK, which can be downloaded from 
-   http://www.oracle.com/technetwork/java/javasebusiness/downloads/java-archive-downloads-javase6-419409.html
+1) Install J2SE 6 or 7 SDK, which can be downloaded from 
+   http://www.oracle.com/technetwork/java/javase/downloads/index.html
 
 2) Make sure that your JAVA_HOME environment variable is set to the newly installed 
-   JDK location, and that your PATH includes %JAVA_HOME%\bin (windows) or 
-   $JAVA_HOME$/bin (unix).
+   JDK location, and that your PATH includes %JAVA_HOME%\bin (Windows) or 
+   $JAVA_HOME$/bin (*nix).
 
 3) Install Maven 2.2.1 or newer, which can be downloaded from 
    http://maven.apache.org/download.html. Make sure that your PATH includes 
@@ -21,33 +21,32 @@ Building
 
 1) Change to the top level directory of Apache CXF Fediz source distribution.
 2) Run
-	$> mvn.
+	$> mvn clean install
    This will compile Apache CXF Fediz and run all of the tests in the Apache CXF Fediz source
    distribution. Alternatively, you can run
          $> mvn -Pfastinstall.
    This will compile Apache CXF Fediz without running the tests and takes less
    time to build.
    Depending on the load of remote Maven repositories, you may have 
-   to run "mvn" several times utill the required dependencies are 
-   all located in your local maven repository. It usually takes some time for 
-   maven to download required dependencies in the first build.
+   to run "mvn" multiple times until the required dependencies are 
+   all located in your local Maven repository. It usually takes some time for 
+   Maven to download required dependencies in the first build.
 
 
 Source Directory structure
 --------------------------
 
- + plugins               contains the sources of the federation plugin
+ + plugins               contains the sources of the Federation plugin
       + core             the core module contains the majority of functionality which is
Servlet container agnostic
-      + tomcat           the tomcat module is the bridge of the core to the tomcat specific
security engine
+      + tomcat           the Tomcat module is the bridge of the core to the Tomcat specific
security engine
 
  + services              contains the sources of the Identity Provider
-      + sts              the sts module contains the configured CXF STS which supports the
usecases for Federation
-      + idp              the idp module is the bridge of the STS to a WS-Trust/SOAP unaware
browser
+      + sts              the STS module contains the configured CXF STS which supports the
Federation use cases
+      + idp              the IDP module is the bridge of the STS to a WS-Trust/SOAP unaware
browser
 
  + examples
-      + simpleWebapp     this example shows how to protect a simple web application using
the fediz plugin
+      + simpleWebapp     this example shows how to protect a simple web application using
the Fediz plugin
       + wsclientWebapp   this example shows how a protected web application calls a web service
protected by the STS
            + webapp      contains the web application
            + webservice  contains the web services implementation
 
-

Modified: cxf/fediz/trunk/README.txt
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/README.txt?rev=1360912&r1=1360911&r2=1360912&view=diff
==============================================================================
--- cxf/fediz/trunk/README.txt (original)
+++ cxf/fediz/trunk/README.txt Thu Jul 12 20:28:30 2012
@@ -1,6 +1,6 @@
 Welcome to Apache CXF Fediz!
 ============================
-Fediz helps you to secure your web applications and delegates security enforcement
+Fediz helps you secure your web applications by delegating security enforcement
 to the underlying application server. With Fediz, authentication is externalized
 from your web application to an identity provider installed as a dedicated server component.
 The supported standard is WS-Federation 1.2 Passive Requestor Profile.
@@ -48,14 +48,14 @@ software:
 Getting Started
 ===============
 
-For an Apache CXF Fediz source distribution, please read BUILDING.txt for 
-instructions on building Apache CXF Fediz. 
+For an Apache CXF Fediz source distribution, please read BUILDING.txt 
+in this folder for instructions on building Apache CXF Fediz. 
 
 For an Apache CXF Fediz binary distribution, please read release_notes.txt
 for installation instructions and list of supported and unsupported 
 features.
 
-Alternatively, you can also find out how to get started here:
+Check the Fediz website for the latest news:
 http://cxf.apache.org/fediz.html
 
 If you need more help try talking to us on our mailing lists:
@@ -73,4 +73,3 @@ Thank you for using CXF Fediz!
 
 The Apache CXF Team
 http://cxf.apache.org/
-

Added: cxf/fediz/trunk/examples/samplekeys/HowToGenerateKeysREADME.html
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/samplekeys/HowToGenerateKeysREADME.html?rev=1360912&view=auto
==============================================================================
--- cxf/fediz/trunk/examples/samplekeys/HowToGenerateKeysREADME.html (added)
+++ cxf/fediz/trunk/examples/samplekeys/HowToGenerateKeysREADME.html Thu Jul 12 20:28:30 2012
@@ -0,0 +1,44 @@
+<html>
+<head/>
+<body>
+<p>The below lists the sample sample (<strong>non-production use!</strong>)
self-signed keystores used in running the FEDIZ samples. 
+Don't use the provided keystores in production--everyone has them!  At a minimum, regenerate
new keys using the scripts (with different 
+passwords) below.  These will be just self-signed keys however, for real production use having
third-party signed CA keys 
+is recommended.</p>
+
+<table border="1" bgcolor="#FFFFCC" align="center">
+<tr bgcolor="#FFCCCC">
+<th>Keystore (Password)</th><th>Alias (Password)</th><th>Location</th><th>Creation
Script Used</th><th>Needs to trust</th><th>Is trusted by</th></tr>
+<tr><td colspan="6"><strong><em>Tomcat Keystores:  The Tomcat keys
can be simply placed in the root folder of each Tomcat installation.  They are used to configure
SSL for the Tomcat instances as described here: <a href="http://cxf.apache.org/fediz-tomcat.html">http://cxf.apache.org/fediz-tomcat.html</a>.
 For Tomcat keys only, the keystore password and the private key password needs to be the
same.</em></strong></tr>
+<tr><td>tomcat-idp.jks (tompass)</td><td>mytomidpkey (tompass)</td><td>base
folder of Tomcat instance holding the IDP and IDP STS</td>
+    <td><code>keytool -genkeypair -validity 730 -alias mytomidpkey -keystore
tomcat-idp.jks -dname "cn=localhost" -keypass tompass -storepass tompass</code><br/><br/><code>keytool
-keystore tomcat-idp.jks -storepass tompass -export -alias mytomidpkey -file MyTCIDP.cer</code></td>
+    <td>Nobody</td><td>IDP app</td></tr> 
+<tr><td>tomcat-rp.jks (tompass)</td><td>mytomrpkey (tompass)</td><td>base
folder of Tomcat instance holding the relying party applications for both samples (simpleWebapp
and wsclientWebapp)</td>
+    <td><code>keytool -genkeypair -validity 730 -alias mytomrpkey -keystore tomcat-rp.jks
-dname "cn=localhost" -keypass tompass -storepass tompass</code></td>
+    <td>Nobody</td><td>Nobody</td></tr> 
+<tr><td>tomcat-wsp.jks (tompass)</td><td>mytomwspkey (tompass)</td><td>base
folder of Tomcat instance holding the web service provider in the second (wsClientWebapp)
sample</td>
+    <td><code>keytool -genkeypair -validity 730 -alias mytomwspkey -keystore
tomcat-wsp.jks -dname "cn=localhost" -keypass tompass -storepass tompass</code><br/><br/><code>keytool
-keystore tomcat-wsp.jks -storepass tompass -export -alias mytomwspkey -file MyTCWSP.cer</code></td>
+    <td>Nobody</td><td>wsclientWebapp's webapp module</td></tr>

+<tr><td colspan="6"><strong><em>Service Keystores:  These Fediz services
form the core of the product and can be used with both the sample webapps provided and of
course your own web applications.</em></strong></tr>
+<tr><td>idpstore.jks (ispass)</td><td>myidpkey (ikpass)</td><td>services/idp/src/main/resources/idpstore.jks</td>
+    <td><code>keytool -genkey -keyalg RSA -sigalg SHA1withRSA -validity 730 -alias
myidpkey -keypass ikpass -storepass ispass -keystore idpstore.jks</code><br/><br/><code>keytool
-import -trustcacerts -keystore idpstore.jks -storepass ispass -alias mytomidpkey -file MyTCIDP.cer
-noprompt</code><br/><br/><code>keytool -export -rfc -keystore idpstore.jks
-storepass ispass -alias myidpkey -file MyIDP.cer</code></td>
+    <td>mytomidpkey (because of SSL call to IDP STS)</td><td>IDP STS</td></tr>

+<tr><td>stsstore.jks (stsspass)</td><td>mystskey (stskpass)</td><td>services/sts/src/main/resources/stsstore.jks</td>
+    <td><code>
+keytool -genkey -keyalg RSA -sigalg SHA1withRSA -validity 730 -alias mystskey -keypass stskpass
-storepass stsspass -keystore stsstore.jks<br/><br/>
+keytool -import -trustcacerts -keystore stsstore.jks -storepass stsspass -alias myidpkey
-file MyIDP.cer -noprompt<br/><br/>
+keytool -export -rfc -keystore stsstore.jks -storepass stsspass -alias mystskey -file MySTS.cer
+</code>
+</td>
+    <td>myidpkey (because of X.509 auth between IDP and IDP STS)</td><td>wsclientWebapp's
webservice</td></tr> 
+<tr><td colspan="6"><strong><em>Sample Keystores: No production value,
just used for running the "wsclientWebapp" sample provided with Fediz.  (simpleWebapp has/uses
no keys).</em></strong></tr>
+<tr><td>webappKeystore.jks (waspass)</td><td>mywakey (wakpass)</td><td>examples/wsclientWebapp/webapp/src/main/resources/webappKeystore.jks</td>
+    <td><code>keytool -genkey -keyalg RSA -sigalg SHA1withRSA -validity 730 -alias
mywakey -keypass wakpass -storepass waspass -keystore webappKeystore.jks<br/><br/>
+keytool -import -trustcacerts -keystore webappKeystore.jks -storepass waspass -alias mytomidpkey
-file MyTCIDP.cer -noprompt<br/><br/>
+keytool -import -trustcacerts -keystore webappKeystore.jks -storepass waspass -alias mytomwspkey
-file MyTCWSP.cer -noprompt<br/><br/>
+</code></td>
+    <td>mytomidpkey (to access IDP STS via HTTPS, mytomwspkey (to access web service
via HTTPS)</td><td>Nobody</td></tr> 
+<tr><td>webserviceKeystore.jks (wsspass)</td><td>N/A (no key, just
a truststore)</td><td>examples/wsclientWebapp/webservice/service/src/main/resources/webserviceKeystore.jks</td>
+    <td><code>keytool -import -trustcacerts -keystore webserviceKeystore.jks
-storepass wsspass -alias mystskey -file MySTS.cer -noprompt</code></td>
+    <td>IDP STS (signature verification)</td><td>Nobody</td></tr>

+</table>

Modified: cxf/fediz/trunk/release_notes.txt
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/release_notes.txt?rev=1360912&r1=1360911&r2=1360912&view=diff
==============================================================================
--- cxf/fediz/trunk/release_notes.txt (original)
+++ cxf/fediz/trunk/release_notes.txt Thu Jul 12 20:28:30 2012
@@ -18,18 +18,23 @@ provides the following features:
 Before installing Apache CXF Fediz, make sure the following products,
 with the specified versions, are installed on your system:
 
-    * Java 6 Development Kit
+    * Java 6 or 7 Development Kit
     * Apache Maven 2.2.1 or 3.x to build the samples
 
-
 3. Building the Samples
 
 Building the samples included in the binary distribution is easy. Change to
 the examples directory and follow the build instructions in the README.txt file 
 included with each sample.
 
+4. Replacing provided keystores
+
+The sample keystores provided are fine for development and prototyping use
+but make sure to replace them for any production use, see
+see examples/samplekeys/HowToGenerateKeysREADME.html for key generation
+information.
 
-4. Reporting Problems
+5. Reporting Problems
 
 If you have any problems or want to send feedback of any kind, please e-mail the
 CXF user list, users@cxf.apache.org.  You can also file issues in JIRA at:
@@ -37,12 +42,12 @@ CXF user list, users@cxf.apache.org.  Yo
 http://issues.apache.org/jira/browse/FEDIZ
 
 
-5. Migration notes:
+6. Migration notes:
 
 N.A.
 
 
-6. Specific issues, features, and improvements fixed in this version
+7. Specific issues, features, and improvements fixed in this version
 
 ** Bug
 
@@ -55,4 +60,3 @@ N.A.
 ** Test
 
 
-



Mime
View raw message