cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From owu...@apache.org
Subject svn commit: r1413427 - in /cxf/fediz/trunk: ./ plugins/jetty/ plugins/jetty/src/ plugins/jetty/src/main/ plugins/jetty/src/main/assembly/ plugins/jetty/src/main/java/ plugins/jetty/src/main/java/org/ plugins/jetty/src/main/java/org/apache/ plugins/jett...
Date Sun, 25 Nov 2012 21:39:55 GMT
Author: owulff
Date: Sun Nov 25 21:39:53 2012
New Revision: 1413427

URL: http://svn.apache.org/viewvc?rev=1413427&view=rev
Log:
[FEDIZ-5] Provide apater for Jetty

Added:
    cxf/fediz/trunk/plugins/jetty/
    cxf/fediz/trunk/plugins/jetty/pom.xml
    cxf/fediz/trunk/plugins/jetty/src/
    cxf/fediz/trunk/plugins/jetty/src/main/
    cxf/fediz/trunk/plugins/jetty/src/main/assembly/
    cxf/fediz/trunk/plugins/jetty/src/main/assembly/assembly.xml
    cxf/fediz/trunk/plugins/jetty/src/main/java/
    cxf/fediz/trunk/plugins/jetty/src/main/java/org/
    cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/
    cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/
    cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/
    cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/
    cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
    cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationLoginService.java
    cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationUserIdentity.java
    cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationUserPrincipal.java
    cxf/fediz/trunk/plugins/jetty/src/test/
    cxf/fediz/trunk/plugins/jetty/src/test/java/
    cxf/fediz/trunk/plugins/jetty/src/test/java/org/
    cxf/fediz/trunk/plugins/jetty/src/test/java/org/apache/
    cxf/fediz/trunk/plugins/jetty/src/test/java/org/apache/cxf/
    cxf/fediz/trunk/plugins/jetty/src/test/java/org/apache/cxf/fediz/
    cxf/fediz/trunk/plugins/jetty/src/test/java/org/apache/cxf/fediz/jetty/
    cxf/fediz/trunk/plugins/jetty/src/test/java/org/apache/cxf/fediz/jetty/BrowserTest.java
    cxf/fediz/trunk/plugins/jetty/src/test/resources/
    cxf/fediz/trunk/plugins/jetty/src/test/resources/fediz_config.xml
    cxf/fediz/trunk/plugins/jetty/src/test/resources/fedizhelloworld.war
    cxf/fediz/trunk/plugins/jetty/src/test/resources/fedserver.xml
    cxf/fediz/trunk/plugins/jetty/src/test/resources/stsstore.jks
    cxf/fediz/trunk/plugins/jetty/src/test/resources/tomcat-idp.jks
Modified:
    cxf/fediz/trunk/pom.xml

Added: cxf/fediz/trunk/plugins/jetty/pom.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/jetty/pom.xml?rev=1413427&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/jetty/pom.xml (added)
+++ cxf/fediz/trunk/plugins/jetty/pom.xml Sun Nov 25 21:39:53 2012
@@ -0,0 +1,90 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+	<modelVersion>4.0.0</modelVersion>
+        <parent>
+                <groupId>org.apache.cxf.fediz</groupId>
+                <artifactId>fediz</artifactId>
+                <version>1.1.0-SNAPSHOT</version>
+                <relativePath>../../pom.xml</relativePath>
+        </parent>
+	<artifactId>fediz-jetty</artifactId>
+	<name>Apache Fediz Plugin Jetty</name>
+	<packaging>jar</packaging>
+
+   <properties>
+      <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+   </properties>
+
+	<dependencies>
+		<dependency>
+			<groupId>org.eclipse.jetty</groupId>
+			<artifactId>jetty-server</artifactId>
+			<version>${jetty.version}</version>
+			<scope>provided</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.eclipse.jetty</groupId>
+			<artifactId>jetty-security</artifactId>
+			<version>${jetty.version}</version>
+			<scope>provided</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.eclipse.jetty</groupId>
+			<artifactId>jetty-xml</artifactId>
+			<version>${jetty.version}</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.eclipse.jetty</groupId>
+			<artifactId>jetty-webapp</artifactId>
+			<version>${jetty.version}</version>
+			<scope>test</scope>
+		</dependency>		
+		<dependency>
+			<groupId>junit</groupId>
+			<artifactId>junit</artifactId>
+			<version>${junit.version}</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.cxf.fediz</groupId>
+			<artifactId>fediz-core</artifactId>
+			<version>${project.version}</version>
+			<type>jar</type>
+			<scope>compile</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.httpcomponents</groupId>
+			<artifactId>httpclient</artifactId>
+			<version>4.2.2</version>
+			<scope>test</scope>
+		</dependency>
+	</dependencies>
+
+	<build>
+		<plugins>
+     <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-assembly-plugin</artifactId>
+        <version>2.2.1</version>
+        <executions>
+          <execution>
+            <id>zip-file</id>
+            <phase>package</phase>
+            <goals>
+              <goal>attached</goal>
+            </goals>
+            <configuration>
+              <descriptors>
+                <descriptor>src/main/assembly/assembly.xml</descriptor>
+              </descriptors>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
+		</plugins>
+	</build>
+
+</project>
+ 

Added: cxf/fediz/trunk/plugins/jetty/src/main/assembly/assembly.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/jetty/src/main/assembly/assembly.xml?rev=1413427&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/jetty/src/main/assembly/assembly.xml (added)
+++ cxf/fediz/trunk/plugins/jetty/src/main/assembly/assembly.xml Sun Nov 25 21:39:53 2012
@@ -0,0 +1,18 @@
+<assembly xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0
+http://maven.apache.org/xsd/assembly-1.1.0.xsd">
+  <id>zip-with-dependencies</id>
+  <formats>
+    <format>zip</format>
+  </formats>
+  <includeBaseDirectory>false</includeBaseDirectory>
+  <dependencySets>
+    <dependencySet>
+      <outputDirectory>/</outputDirectory>
+      <useProjectArtifact>true</useProjectArtifact>
+      <unpack>false</unpack>
+      <scope>runtime</scope>
+    </dependencySet>
+  </dependencySets>
+</assembly>

Added: cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java?rev=1413427&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
(added)
+++ cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
Sun Nov 25 21:39:53 2012
@@ -0,0 +1,400 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.jetty;
+
+import java.io.File;
+import java.io.IOException;
+
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import javax.xml.bind.JAXBException;
+
+import org.apache.cxf.fediz.core.FederationConstants;
+import org.apache.cxf.fediz.core.FederationProcessor;
+import org.apache.cxf.fediz.core.FederationProcessorImpl;
+import org.apache.cxf.fediz.core.FederationRequest;
+import org.apache.cxf.fediz.core.FederationResponse;
+import org.apache.cxf.fediz.core.config.FederationConfigurator;
+import org.apache.cxf.fediz.core.config.FederationContext;
+import org.apache.cxf.fediz.core.exception.ProcessingException;
+import org.eclipse.jetty.http.HttpMethods;
+import org.eclipse.jetty.http.MimeTypes;
+import org.eclipse.jetty.security.ServerAuthException;
+import org.eclipse.jetty.security.UserAuthentication;
+import org.eclipse.jetty.security.authentication.DeferredAuthentication;
+import org.eclipse.jetty.security.authentication.LoginAuthenticator;
+import org.eclipse.jetty.security.authentication.SessionAuthentication;
+import org.eclipse.jetty.server.AbstractHttpConnection;
+import org.eclipse.jetty.server.Authentication;
+import org.eclipse.jetty.server.Authentication.User;
+import org.eclipse.jetty.server.Request;
+import org.eclipse.jetty.server.UserIdentity;
+import org.eclipse.jetty.util.MultiMap;
+import org.eclipse.jetty.util.StringUtil;
+import org.eclipse.jetty.util.URIUtil;
+import org.eclipse.jetty.util.log.Log;
+import org.eclipse.jetty.util.log.Logger;
+
+/**
+ * Federation Authenticator.
+ * <p>
+ * This authenticator implements form authentication will redirect to the Identity Provider
+ * by sending a WS-Federation SignIn request.
+ * </p>
+ * <p>
+ * The federation authenticator redirects unauthenticated requests to an Identity Provider
which use any kind of 
+ * mechanism to authenticate the user.
+ * FederationAuthentication uses {@link SessionAuthentication} to wrap Authentication results
so that they are
+ * associated with the session.
+ * </p>
+ */
+// CHECKSTYLE:OFF
+public class FederationAuthenticator extends LoginAuthenticator {
+    
+    public static final String J_URI = "org.eclipse.jetty.security.form_URI";
+    public static final String J_POST = "org.eclipse.jetty.security.form_POST";
+
+    private static final Logger LOG = Log.getLogger(FederationAuthenticator.class);
+       
+    private String configFile;
+    private FederationConfigurator configurator;
+
+    public FederationAuthenticator() {
+    }
+
+
+    /**
+     * 
+     */
+    @Override
+    public void setConfiguration(AuthConfiguration configuration) {
+        super.setConfiguration(configuration);
+        // is called after the bean setting -> do initialization here
+        System.out.println(configuration.getInitParameterNames());
+        try {
+            File f = new File(getConfigFile());
+            if (!f.exists()) {
+                String jettyHome = System.getProperty("jetty.home");
+                if (jettyHome != null && jettyHome.length() > 0) {
+                    f = new File(jettyHome.concat(File.separator + getConfigFile()));
+                }
+            }
+            configurator = new FederationConfigurator();
+            configurator.loadConfig(f);
+            LOG.debug("Fediz configuration read from " + f.getAbsolutePath());
+        } catch (JAXBException e) {
+            //[TODO] use other exception
+            throw new RuntimeException("Failed to load Fediz configuration",
+                    e);
+            //throw new ServerAuthException("Failed to load Fediz configuration",
+            //                              e);
+        }
+        
+    }
+
+    /* ------------------------------------------------------------ */
+    public String getAuthMethod() {
+        return "WSFED";
+    }
+
+    public String getConfigFile() {
+        return configFile;
+    }
+
+    public void setConfigFile(String configFile) {
+        this.configFile = configFile;
+    }
+    
+    /* ------------------------------------------------------------ */
+    public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean
mandatory)
+        throws ServerAuthException {
+        HttpServletRequest request = (HttpServletRequest)req;
+        HttpServletResponse response = (HttpServletResponse)res;
+        String uri = request.getRequestURI();
+        if (uri == null) {
+            uri = URIUtil.SLASH;
+        }
+        
+        /*
+         * mandatory|=isJSecurityCheck(uri); if (!mandatory) return _deferred;
+         */
+
+        /*
+         * not the case if
+         * (isLoginOrErrorPage(URIUtil.addPaths(request.getServletPath(),request.getPathInfo())))
return
+         * Authentication.NOT_CHECKED;
+         */
+
+        HttpSession session = request.getSession(true);
+
+        try {
+            String wa = request.getParameter("wa");
+            String wresult = request.getParameter("wresult");
+            
+            // Handle a request for authentication.
+            
+            if (wa != null) {
+
+                FederationResponse wfRes = null;
+                if (wa.equals(FederationConstants.ACTION_SIGNIN)) {
+                    if (LOG.isDebugEnabled()) {
+                        LOG.debug("SignIn request found");
+                        LOG.debug("SignIn action...");
+                    }
+
+                    if (wresult == null) {
+                        if (LOG.isDebugEnabled()) {
+                            LOG.debug("SignIn request must contain wresult");
+                        }
+                        response.sendError(HttpServletResponse.SC_BAD_REQUEST);
+                        return Authentication.SEND_FAILURE;
+                    } else {
+                        
+                        FederationRequest wfReq = new FederationRequest();
+                        wfReq.setWa(wa);
+                        wfReq.setWresult(wresult);
+
+                        //Not supported in jetty 7.6
+                        //String contextName = request.getServletContext().getContextPath();
+                        String contextName = request.getSession().getServletContext().getContextPath();
+                        if (contextName == null || contextName.isEmpty()) {
+                            contextName = "/";
+                        }
+                        FederationContext fedConfig = getContextConfiguration(contextName);
+                        
+                        FederationLoginService fedLoginService = (FederationLoginService)this._loginService;
+                        UserIdentity user = fedLoginService.login(null, wfReq, fedConfig);
+                        if (user != null)
+                        {
+                            session=renewSession(request,response);
+
+                            // Redirect to original request
+                            String nuri;
+                            synchronized(session)
+                            {
+                                nuri = (String) session.getAttribute(J_URI);
+
+                                if (nuri == null || nuri.length() == 0)
+                                {
+                                    nuri = request.getContextPath();
+                                    if (nuri.length() == 0) { 
+                                        nuri = URIUtil.SLASH;
+                                    }
+                                }
+                                Authentication cached=new SessionAuthentication(getAuthMethod(),
user, wfRes);
+                                session.setAttribute(SessionAuthentication.__J_AUTHENTICATED,
cached);
+                            }
+                            response.setContentLength(0);   
+                            response.sendRedirect(response.encodeRedirectURL(nuri));
+
+                            return new FederationAuthentication(getAuthMethod(), user);
+                        }
+
+                        // not authenticated
+                        if (LOG.isDebugEnabled()) {
+                            LOG.debug("WSFED authentication FAILED for " + StringUtil.printable(user.getUserPrincipal().getName()));
+                        }
+                        if (response != null) {
+                            response.sendError(HttpServletResponse.SC_FORBIDDEN);
+                        }
+
+                    }
+                } else {
+                    LOG.warn("Not supported action found in parameter wa: " + wa);
+                    response.sendError(HttpServletResponse.SC_BAD_REQUEST);
+                    return Authentication.UNAUTHENTICATED;
+                }
+            }
+
+            // Look for cached authentication
+            Authentication authentication = (Authentication) session.getAttribute(SessionAuthentication.__J_AUTHENTICATED);
+            if (authentication != null) 
+            {
+                // Has authentication been revoked?
+                if (authentication instanceof Authentication.User && 
+                    _loginService!=null &&
+                    !_loginService.validate(((Authentication.User)authentication).getUserIdentity()))
+                {
+                
+                    session.removeAttribute(SessionAuthentication.__J_AUTHENTICATED);
+                }
+                else
+                {
+                    String j_uri = (String)session.getAttribute(J_URI);
+                    if (j_uri != null)
+                    {
+                        MultiMap<String> j_post = (MultiMap<String>)session.getAttribute(J_POST);
+                        if (j_post != null)
+                        {
+                            StringBuffer buf = request.getRequestURL();
+                            if (request.getQueryString() != null) {
+                                buf.append("?").append(request.getQueryString());
+                            }
+
+                            if (j_uri.equals(buf.toString()))
+                            {
+                                // This is a retry of an original POST request
+                                // so restore method and parameters
+
+                                session.removeAttribute(J_POST);                        
+                                Request base_request = (req instanceof Request)?(Request)req:AbstractHttpConnection.getCurrentConnection().getRequest();
+                                base_request.setMethod(HttpMethods.POST);
+                                base_request.setParameters(j_post);
+                            }
+                        }
+                        else
+                            session.removeAttribute(J_URI);
+                            
+                    }
+                    return authentication;
+                }
+            }          
+            
+
+            // if we can't send challenge
+            if (DeferredAuthentication.isDeferred(response))
+            {
+                LOG.debug("auth deferred {}",session.getId());
+                return Authentication.UNAUTHENTICATED;
+            }
+            
+            // remember the current URI
+            synchronized (session)
+            {
+                // But only if it is not set already, or we save every uri that leads to
a login form redirect
+                if (session.getAttribute(J_URI)==null) // || alwaysSaveUri)
+                {  
+                    StringBuffer buf = request.getRequestURL();
+                    if (request.getQueryString() != null) {
+                        buf.append("?").append(request.getQueryString());
+                    }
+                    session.setAttribute(J_URI, buf.toString());
+                    
+                    if (MimeTypes.FORM_ENCODED.equalsIgnoreCase(req.getContentType()) &&
HttpMethods.POST.equals(request.getMethod()))
+                    {
+                        Request base_request = (req instanceof Request)?(Request)req:AbstractHttpConnection.getCurrentConnection().getRequest();
+                        base_request.extractParameters();                        
+                        session.setAttribute(J_POST, new MultiMap<String>(base_request.getParameters()));
+                    }
+                }
+            }
+            
+            FederationProcessor wfProc = new FederationProcessorImpl();
+            redirectToIssuer(request, response, wfProc);
+            //response.sendRedirect(response.encodeRedirectURL(URIUtil.addPaths(request.getContextPath(),
+            //                                                                  formLoginPage)));
+
+            return Authentication.SEND_CONTINUE;
+
+        } catch (IOException e) {
+            throw new ServerAuthException(e);
+        }
+        /*
+         * catch (ServletException e) { throw new ServerAuthException(e); }
+         */
+    }
+
+
+
+    /* ------------------------------------------------------------ */
+    public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory,
+                                  User validatedUser) throws ServerAuthException {
+        return true;
+    }    
+    
+    /**
+     * Called to redirect to the IDP/Issuer
+     * 
+     * @param request
+     *            Request we are processing
+     * @param response
+     *            Response we are populating
+     * @param processor
+     *            FederationProcessor
+     * @throws IOException
+     *             If the forward to the login page fails and the call to
+     *             {@link HttpServletResponse#sendError(int, String)} throws an
+     *             {@link IOException}
+     */
+    protected void redirectToIssuer(HttpServletRequest request, HttpServletResponse response,
FederationProcessor processor)
+        throws IOException {
+
+        //Not supported in jetty 7.6
+        //String contextName = request.getServletContext().getContextPath();
+        String contextName = request.getSession().getServletContext().getContextPath();
+        if (contextName == null || contextName.isEmpty()) {
+            contextName = "/";
+        }
+        FederationContext fedCtx = this.configurator.getFederationContext(contextName);
+        String redirectURL = null;
+        try {
+            redirectURL = processor.createSignInRequest(request, fedCtx);
+            if (redirectURL != null) {
+                response.sendRedirect(redirectURL);
+            } else {
+                LOG.warn("Failed to create SignInRequest.");
+                response.sendError(
+                        HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to create SignInRequest.");
+            }
+        } catch (ProcessingException ex) {
+            LOG.warn("Failed to create SignInRequest: " + ex.getMessage());
+            response.sendError(
+                               HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to create
SignInRequest.");
+        }
+        
+    }
+    
+    private FederationContext getContextConfiguration(String contextName) {
+        if (configurator == null) {
+            throw new IllegalStateException("No Fediz configuration available");
+        }
+        FederationContext config = configurator.getFederationContext(contextName);
+        if (config == null) {
+            throw new IllegalStateException("No Fediz configuration for context :" + contextName);
+        }
+        
+        String jettyHome = System.getProperty("jetty.home");
+        if (jettyHome != null && jettyHome.length() > 0) {
+            config.setRelativePath(jettyHome);
+        }
+        return config;
+    }
+
+    /* ------------------------------------------------------------ */
+    /**
+     * This Authentication represents a just completed Federation authentication. Subsequent
requests from the same
+     * user are authenticated by the presents of a {@link SessionAuthentication} instance
in their session.
+     */
+    public static class FederationAuthentication extends UserAuthentication implements
+        Authentication.ResponseSent {
+        
+        public FederationAuthentication(String method, UserIdentity userIdentity) {
+            super(method, userIdentity);
+        }
+
+        @Override
+        public String toString() {
+            return "WSFED" + super.toString();
+        }
+    }
+}

Added: cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationLoginService.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationLoginService.java?rev=1413427&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationLoginService.java
(added)
+++ cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationLoginService.java
Sun Nov 25 21:39:53 2012
@@ -0,0 +1,166 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.jetty;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.security.auth.Subject;
+
+import org.apache.cxf.fediz.core.FederationProcessor;
+import org.apache.cxf.fediz.core.FederationProcessorImpl;
+import org.apache.cxf.fediz.core.FederationRequest;
+import org.apache.cxf.fediz.core.FederationResponse;
+import org.apache.cxf.fediz.core.config.FederationContext;
+import org.apache.cxf.fediz.core.exception.ProcessingException;
+import org.eclipse.jetty.security.IdentityService;
+import org.eclipse.jetty.security.LoginService;
+import org.eclipse.jetty.server.UserIdentity;
+import org.eclipse.jetty.util.component.AbstractLifeCycle;
+import org.eclipse.jetty.util.log.Log;
+import org.eclipse.jetty.util.log.Logger;
+
+public class FederationLoginService extends AbstractLifeCycle implements LoginService {
+    private static final Logger LOG = Log.getLogger(FederationLoginService.class);
+
+    protected IdentityService identityService;
+    protected String name;
+    
+
+    public FederationLoginService() {
+    }
+    
+    public FederationLoginService(String name) {
+        this.name = name;
+    }
+
+    @Override
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        if (isRunning()) {
+            throw new IllegalStateException("Running");
+        }
+        
+        this.name = name;
+    }
+
+    @Override
+    protected void doStart() throws Exception {
+        LOG.debug("doStart");
+        super.doStart();
+    }
+
+    /**
+     * username will be null since the credentials will contain all the relevant info
+     */
+    public UserIdentity login(String username, Object credentials, FederationContext config)
{
+        
+        try {
+            FederationResponse wfRes = null;
+            FederationRequest wfReq = (FederationRequest)credentials;
+            
+            if (LOG.isDebugEnabled()) {
+                LOG.debug("Process SignIn request");
+                LOG.debug("wresult=\n" + wfReq.getWresult());
+            }
+            
+            FederationProcessor wfProc = new FederationProcessorImpl();
+            try {
+                wfRes = wfProc.processRequest(wfReq, config);
+            } catch (ProcessingException ex) {
+                LOG.warn("Federation processing failed: " + ex.getMessage());
+                return null;
+            }
+
+
+            // Validate the AudienceRestriction in Security Token (e.g. SAML) 
+            // against the configured list of audienceURIs
+            if (wfRes.getAudience() != null) {
+                List<String> audienceURIs = config.getAudienceUris();
+                boolean validAudience = false;
+                for (String a : audienceURIs) {
+                    if (wfRes.getAudience().startsWith(a)) {
+                        validAudience = true;
+                        break;
+                    }
+                }
+
+                if (!validAudience) {
+                    LOG.warn("Token AudienceRestriction [" + wfRes.getAudience()
+                             + "] doesn't match with specified list of URIs.");
+                    return null;
+                }
+            }
+
+            List<String> roles = wfRes.getRoles();
+            if (roles == null || roles.size() == 0) {
+                roles = new ArrayList<String>();
+                roles.add(new String("Authenticated"));
+            }
+            
+            FederationUserPrincipal user = new FederationUserPrincipal(wfRes.getUsername(),
wfRes);
+
+            Subject subject = new Subject();
+            subject.getPrincipals().add(user);
+            
+            String[] aRoles = new String[roles.size()];
+            roles.toArray(aRoles);
+            
+            //[TODO] Create FederationUserIdentity here
+            //FederationReponse should be protected and
+            //not accessible in Principal
+            return identityService.newUserIdentity(subject, user, aRoles);
+
+        } catch (Exception ex) {
+            LOG.warn(ex);
+        }
+
+        return null;
+    }
+
+    public boolean validate(UserIdentity user) {
+        //[TODO] check validity of token???
+        return true;
+    }
+
+    @Override
+    public IdentityService getIdentityService() {
+        return identityService;
+    }
+
+    @Override
+    public void setIdentityService(IdentityService service) {
+        identityService = service;
+    }
+
+    public void logout(UserIdentity user) { 
+    
+    }
+
+    @Override
+    public UserIdentity login(String username, Object credentials) {
+        return null;
+    }
+
+
+}

Added: cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationUserIdentity.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationUserIdentity.java?rev=1413427&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationUserIdentity.java
(added)
+++ cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationUserIdentity.java
Sun Nov 25 21:39:53 2012
@@ -0,0 +1,55 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.jetty;
+
+
+import java.security.Principal;
+import java.util.List;
+
+import javax.security.auth.Subject;
+
+import org.eclipse.jetty.server.UserIdentity;
+
+public class FederationUserIdentity implements UserIdentity {
+    
+    private Subject subject;
+    private Principal principal;
+    private List<String> roles;
+
+    public FederationUserIdentity(Subject subject, Principal principal, List<String>
roles) {
+        this.subject = subject;
+        this.principal = principal;
+        this.roles = roles;
+    }
+
+
+    public Subject getSubject() {
+        return subject;
+    }
+
+    public Principal getUserPrincipal() {
+        return principal;
+    }
+
+    public boolean isUserInRole(String role, Scope scope) {
+        return roles.contains(role);
+    }
+
+}

Added: cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationUserPrincipal.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationUserPrincipal.java?rev=1413427&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationUserPrincipal.java
(added)
+++ cxf/fediz/trunk/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationUserPrincipal.java
Sun Nov 25 21:39:53 2012
@@ -0,0 +1,55 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.jetty;
+
+import org.apache.cxf.fediz.core.ClaimCollection;
+import org.apache.cxf.fediz.core.FederationPrincipal;
+import org.apache.cxf.fediz.core.FederationResponse;
+
+public class FederationUserPrincipal implements FederationPrincipal {
+    private String name;
+    private ClaimCollection claims;
+    private FederationResponse response;
+
+    public FederationUserPrincipal(String name, FederationResponse response) {
+        this.name = name;
+        this.response = response;
+        this.claims = new ClaimCollection(response.getClaims());
+    }
+
+    @Override
+    public String getName() {
+        return name;
+    }
+
+
+    @Override
+    public ClaimCollection getClaims() {
+        return claims;
+    }
+    
+    // not public available
+    //[TODO] maybe find better approach, custom UserIdentity
+    FederationResponse getFederationResponse() {
+        return response;
+    }
+    
+
+}

Added: cxf/fediz/trunk/plugins/jetty/src/test/java/org/apache/cxf/fediz/jetty/BrowserTest.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/jetty/src/test/java/org/apache/cxf/fediz/jetty/BrowserTest.java?rev=1413427&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/jetty/src/test/java/org/apache/cxf/fediz/jetty/BrowserTest.java
(added)
+++ cxf/fediz/trunk/plugins/jetty/src/test/java/org/apache/cxf/fediz/jetty/BrowserTest.java
Sun Nov 25 21:39:53 2012
@@ -0,0 +1,126 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.jetty;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.security.KeyStore;
+
+
+import org.apache.http.HttpEntity;
+import org.apache.http.HttpResponse;
+import org.apache.http.auth.AuthScope;
+import org.apache.http.auth.UsernamePasswordCredentials;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.conn.scheme.Scheme;
+import org.apache.http.conn.ssl.SSLSocketFactory;
+import org.apache.http.impl.client.DefaultHttpClient;
+import org.apache.http.util.EntityUtils;
+import org.eclipse.jetty.server.Server;
+import org.eclipse.jetty.util.resource.Resource;
+import org.eclipse.jetty.xml.XmlConfiguration;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+
+
+public class BrowserTest {
+
+    private static Server server;
+
+    
+    @BeforeClass
+    public static void init() {        
+        try {
+            //Resource testServerConfig = Resource.newSystemResource("testserver.xml");
+            Resource testServerConfig = Resource.newSystemResource("fedserver.xml");
+            XmlConfiguration configuration = new XmlConfiguration(testServerConfig.getInputStream());
+            server = (Server)configuration.configure();   
+            server.start();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+    
+    @org.junit.Test
+    public void testStart() throws Exception {
+        System.out.println(System.getProperty("jetty.home"));
+        System.out.println(Server.getVersion());
+        System.out.println(server.isRunning());
+    }
+    
+    @org.junit.Test
+    public void testGetSecureUrl() throws Exception {
+        String uri = "http://localhost:8080/fedizhelloworld/secure/fedservlet";
+        DefaultHttpClient httpclient = new DefaultHttpClient();
+        try {
+            httpclient.getCredentialsProvider().setCredentials(
+                    new AuthScope("localhost", 9443),
+                    new UsernamePasswordCredentials("alice", "ecila"));
+
+            KeyStore trustStore  = KeyStore.getInstance(KeyStore.getDefaultType());
+            FileInputStream instream = new FileInputStream(new File("./target/test-classes/tomcat-idp.jks"));
+            try {
+                trustStore.load(instream, "tompass".toCharArray());
+            } finally {
+                try {
+                    instream.close();
+                } catch (Exception ex) {
+                    ex.printStackTrace();
+                }
+            }
+
+            SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore);
+            Scheme sch = new Scheme("https", 9443, socketFactory);
+            httpclient.getConnectionManager().getSchemeRegistry().register(sch);
+            
+            HttpGet httpget = new HttpGet(uri);
+
+            System.out.println("executing request" + httpget.getRequestLine());
+            HttpResponse response = httpclient.execute(httpget);
+            HttpEntity entity = response.getEntity();
+
+            System.out.println("----------------------------------------");
+            System.out.println(response.getStatusLine());
+            if (entity != null) {
+                System.out.println("Response content length: " + entity.getContentLength());
+            }
+            EntityUtils.consume(entity);
+        } finally {
+            // When HttpClient instance is no longer needed,
+            // shut down the connection manager to ensure
+            // immediate deallocation of all system resources
+            httpclient.getConnectionManager().shutdown();
+        }
+        
+    }
+    
+    
+    @AfterClass
+    public static void cleanup() {
+        if (server.isStarted()) {
+            try {
+                server.stop();
+            } catch (Exception e) {
+                e.printStackTrace();
+            }
+        }
+    }
+    
+}

Added: cxf/fediz/trunk/plugins/jetty/src/test/resources/fediz_config.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/jetty/src/test/resources/fediz_config.xml?rev=1413427&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/jetty/src/test/resources/fediz_config.xml (added)
+++ cxf/fediz/trunk/plugins/jetty/src/test/resources/fediz_config.xml Sun Nov 25 21:39:53
2012
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<!-- Place in Tomcat conf folder or other location as designated in this sample's webapp/META-INF/context.xml
file. 
+     Keystore referenced below must have IDP STS' public cert included in it.  This example
re-uses the Tomcat SSL 
+     keystore (tomcat-rp.jks) for this task; alternatively you may wish to use a Fediz-specific
keystore instead. 
+-->
+<FedizConfig>
+	<contextConfig name="/fedizhelloworld">
+		<audienceUris>
+			<audienceItem>https://localhost:8443/fedizhelloworld/</audienceItem>
+			<audienceItem>http://localhost:8080/fedizhelloworld/</audienceItem>
+		</audienceUris>
+		<certificateStores>
+			<trustManager>
+				<keyStore file="stsstore.jks" password="stsspass" type="JKS" />
+			</trustManager>
+		</certificateStores>
+		<trustedIssuers>
+			<issuer subject=".*CN=www.sts.com.*" certificateValidation="ChainTrust"
+				name="DoubleItSTSIssuer" />
+		</trustedIssuers>
+		<maximumClockSkew>1000</maximumClockSkew>
+		<protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+			xsi:type="federationProtocolType" version="1.0.0">
+			<!--<realm>target realm</realm>-->
+			<issuer>https://localhost:9443/fedizidp/</issuer>
+			<roleDelimiter>,</roleDelimiter>
+			<roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+			<!--<authenticationType type="String">some auth type</authenticationType>-->
+			<!--<homeRealm type="Class">org.apache.fediz.realm.MyHomeRealm</homeRealm>-->
+			<!--<freshness>0</freshness>-->
+			<!--<reply>reply value</reply>-->
+			<!--<request>REQUEST</request>-->
+			<claimTypesRequested>
+				<claimType type="a particular claim type" optional="true" />
+			</claimTypesRequested>
+		</protocol>
+	</contextConfig>
+</FedizConfig>
+

Added: cxf/fediz/trunk/plugins/jetty/src/test/resources/fedizhelloworld.war
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/jetty/src/test/resources/fedizhelloworld.war?rev=1413427&view=auto
==============================================================================
Files cxf/fediz/trunk/plugins/jetty/src/test/resources/fedizhelloworld.war (added) and cxf/fediz/trunk/plugins/jetty/src/test/resources/fedizhelloworld.war
Sun Nov 25 21:39:53 2012 differ

Added: cxf/fediz/trunk/plugins/jetty/src/test/resources/fedserver.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/jetty/src/test/resources/fedserver.xml?rev=1413427&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/jetty/src/test/resources/fedserver.xml (added)
+++ cxf/fediz/trunk/plugins/jetty/src/test/resources/fedserver.xml Sun Nov 25 21:39:53 2012
@@ -0,0 +1,52 @@
+<?xml version="1.0"?>
+<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure.dtd">
+ 
+<Configure id="FileServer" class="org.eclipse.jetty.server.Server">
+ 
+	<Call class="org.eclipse.jetty.util.log.Log" name="getRootLogger">
+	  <Call name="setDebugEnabled">
+	    <Arg type="boolean">true</Arg>
+	  </Call>
+	</Call>
+
+    <Call name="addConnector">
+      <Arg>
+          <New class="org.eclipse.jetty.server.nio.SelectChannelConnector">
+            <Set name="port">8080</Set>
+          </New>
+      </Arg>
+    </Call>
+ 
+    <Set name="handler">
+      <New class="org.eclipse.jetty.server.handler.HandlerList">
+        <Set name="handlers">
+		  <Array type="org.eclipse.jetty.server.Handler">
+		    <Item>
+		      <New class="org.eclipse.jetty.webapp.WebAppContext">
+	            <Set name="contextPath">/fedizhelloworld</Set>
+	            <Set name="war">./target/test-classes/fedizhelloworld.war</Set>
+	            <Set name="throwUnavailableOnStartupException">true</Set>
+	             
+	            <Get name="securityHandler">
+	              <Set name="authenticator">
+	                <New class="org.apache.cxf.fediz.jetty.FederationAuthenticator">
+	                  <Set name="configFile">./target/test-classes/fediz_config.xml</Set>
+	                </New>
+	              </Set>
+	            </Get>
+	          </New>
+		    </Item>
+		  </Array>
+        </Set>
+      </New>
+    </Set>
+    
+    <Call name="addBean">
+      <Arg>
+        <New class="org.apache.cxf.fediz.jetty.FederationLoginService">
+          <Set name="name">WSFED</Set>
+        </New>
+      </Arg>
+    </Call>      
+    
+</Configure>
\ No newline at end of file

Added: cxf/fediz/trunk/plugins/jetty/src/test/resources/stsstore.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/jetty/src/test/resources/stsstore.jks?rev=1413427&view=auto
==============================================================================
Files cxf/fediz/trunk/plugins/jetty/src/test/resources/stsstore.jks (added) and cxf/fediz/trunk/plugins/jetty/src/test/resources/stsstore.jks
Sun Nov 25 21:39:53 2012 differ

Added: cxf/fediz/trunk/plugins/jetty/src/test/resources/tomcat-idp.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/jetty/src/test/resources/tomcat-idp.jks?rev=1413427&view=auto
==============================================================================
Files cxf/fediz/trunk/plugins/jetty/src/test/resources/tomcat-idp.jks (added) and cxf/fediz/trunk/plugins/jetty/src/test/resources/tomcat-idp.jks
Sun Nov 25 21:39:53 2012 differ

Modified: cxf/fediz/trunk/pom.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/pom.xml?rev=1413427&r1=1413426&r2=1413427&view=diff
==============================================================================
--- cxf/fediz/trunk/pom.xml (original)
+++ cxf/fediz/trunk/pom.xml Sun Nov 25 21:39:53 2012
@@ -36,7 +36,8 @@
         <slf4j.version>1.6.5</slf4j.version>
         <spring.version>3.0.7.RELEASE</spring.version>
         <tomcat.version>7.0.27</tomcat.version>
-        <jetty.version>8.1.3.v20120416</jetty.version>
+        <jetty.version>8.1.8.v20121106</jetty.version>
+        <!--<jetty.version>7.6.8.v20121106</jetty.version>-->
         <junit.version>4.8.2</junit.version>
         <tomcat.url>http://localhost:8080/manager/text</tomcat.url>
         <cxf.version>2.6.3</cxf.version>



Mime
View raw message