cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From owu...@apache.org
Subject svn commit: r1425349 [1/3] - in /cxf/fediz/trunk: ./ plugins/jetty/src/test/java/org/apache/cxf/fediz/jetty/ plugins/jetty/src/test/resources/ systests/ systests/idp/ systests/idp/src/ systests/idp/src/main/ systests/idp/src/main/java/ systests/idp/src...
Date Sat, 22 Dec 2012 21:37:16 GMT
Author: owulff
Date: Sat Dec 22 21:37:14 2012
New Revision: 1425349

URL: http://svn.apache.org/viewvc?rev=1425349&view=rev
Log:
[FEDIZ-37] Dynamically assign ports for unit testing to avoid port conflict

Added:
    cxf/fediz/trunk/systests/
    cxf/fediz/trunk/systests/idp/
    cxf/fediz/trunk/systests/idp/pom.xml
    cxf/fediz/trunk/systests/idp/src/
    cxf/fediz/trunk/systests/idp/src/main/
    cxf/fediz/trunk/systests/idp/src/main/java/
    cxf/fediz/trunk/systests/idp/src/main/java/org/
    cxf/fediz/trunk/systests/idp/src/main/java/org/apache/
    cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/
    cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/
    cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/
    cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/
    cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/AbstractAuthFilter.java
    cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/AuthContext.java
    cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/AuthenticationFilter.java
    cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/BasicAuthenticationFilter.java
    cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/FederationFilter.java
    cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/FederationPostFilter.java
    cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/HttpFormAuthenticationFilter.java
    cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpSTSClient.java
    cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/LogoutFilter.java
    cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/ProcessingException.java
    cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSClientFilter.java
    cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/SessionCacheFilter.java
    cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/States.java
    cxf/fediz/trunk/systests/idp/src/main/resources/
    cxf/fediz/trunk/systests/idp/src/main/resources/idpstore.jks
    cxf/fediz/trunk/systests/idp/src/main/resources/log4j.properties
    cxf/fediz/trunk/systests/idp/src/main/resources/logging.properties
    cxf/fediz/trunk/systests/idp/src/main/resources/test.txt
    cxf/fediz/trunk/systests/idp/src/main/webapp/
    cxf/fediz/trunk/systests/idp/src/main/webapp/WEB-INF/
    cxf/fediz/trunk/systests/idp/src/main/webapp/WEB-INF/RPClaims.xml
    cxf/fediz/trunk/systests/idp/src/main/webapp/WEB-INF/applicationContext.xml
    cxf/fediz/trunk/systests/idp/src/main/webapp/WEB-INF/signinform.jsp
    cxf/fediz/trunk/systests/idp/src/main/webapp/WEB-INF/web.xml
    cxf/fediz/trunk/systests/idp/src/main/webapp/index.html
    cxf/fediz/trunk/systests/pom.xml
    cxf/fediz/trunk/systests/simpleWebapp/
    cxf/fediz/trunk/systests/simpleWebapp/pom.xml
    cxf/fediz/trunk/systests/simpleWebapp/src/
    cxf/fediz/trunk/systests/simpleWebapp/src/main/
    cxf/fediz/trunk/systests/simpleWebapp/src/main/java/
    cxf/fediz/trunk/systests/simpleWebapp/src/main/java/org/
    cxf/fediz/trunk/systests/simpleWebapp/src/main/java/org/apache/
    cxf/fediz/trunk/systests/simpleWebapp/src/main/java/org/apache/cxf/
    cxf/fediz/trunk/systests/simpleWebapp/src/main/java/org/apache/cxf/fediz/
    cxf/fediz/trunk/systests/simpleWebapp/src/main/java/org/apache/cxf/fediz/example/
    cxf/fediz/trunk/systests/simpleWebapp/src/main/java/org/apache/cxf/fediz/example/FederationFilter.java
    cxf/fediz/trunk/systests/simpleWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
    cxf/fediz/trunk/systests/simpleWebapp/src/main/java/org/apache/cxf/fediz/example/SecurityTokenThreadLocal.java
    cxf/fediz/trunk/systests/simpleWebapp/src/main/resources/
    cxf/fediz/trunk/systests/simpleWebapp/src/main/resources/log4j.properties
    cxf/fediz/trunk/systests/simpleWebapp/src/main/resources/logging.properties
    cxf/fediz/trunk/systests/simpleWebapp/src/main/webapp/
    cxf/fediz/trunk/systests/simpleWebapp/src/main/webapp/META-INF/
    cxf/fediz/trunk/systests/simpleWebapp/src/main/webapp/META-INF/context.xml
    cxf/fediz/trunk/systests/simpleWebapp/src/main/webapp/WEB-INF/
    cxf/fediz/trunk/systests/simpleWebapp/src/main/webapp/WEB-INF/web.xml
    cxf/fediz/trunk/systests/simpleWebapp/src/main/webapp/index.html
    cxf/fediz/trunk/systests/simpleWebapp/src/main/webapp/secure/
    cxf/fediz/trunk/systests/simpleWebapp/src/main/webapp/secure/test.html
    cxf/fediz/trunk/systests/sts/
    cxf/fediz/trunk/systests/sts/pom.xml
    cxf/fediz/trunk/systests/sts/src/
    cxf/fediz/trunk/systests/sts/src/main/
    cxf/fediz/trunk/systests/sts/src/main/java/
    cxf/fediz/trunk/systests/sts/src/main/java/org/
    cxf/fediz/trunk/systests/sts/src/main/java/org/apache/
    cxf/fediz/trunk/systests/sts/src/main/java/org/apache/cxf/
    cxf/fediz/trunk/systests/sts/src/main/java/org/apache/cxf/fediz/
    cxf/fediz/trunk/systests/sts/src/main/java/org/apache/cxf/fediz/service/
    cxf/fediz/trunk/systests/sts/src/main/java/org/apache/cxf/fediz/service/sts/
    cxf/fediz/trunk/systests/sts/src/main/java/org/apache/cxf/fediz/service/sts/FileClaimsHandler.java
    cxf/fediz/trunk/systests/sts/src/main/java/org/apache/cxf/fediz/service/sts/PasswordCallbackHandler.java
    cxf/fediz/trunk/systests/sts/src/main/java/org/apache/cxf/fediz/service/sts/UsernamePasswordCallbackHandler.java
    cxf/fediz/trunk/systests/sts/src/main/resources/
    cxf/fediz/trunk/systests/sts/src/main/resources/log4j.properties
    cxf/fediz/trunk/systests/sts/src/main/resources/logging.properties
    cxf/fediz/trunk/systests/sts/src/main/resources/stsKeystore.properties
    cxf/fediz/trunk/systests/sts/src/main/resources/stsstore.jks
    cxf/fediz/trunk/systests/sts/src/main/webapp/
    cxf/fediz/trunk/systests/sts/src/main/webapp/WEB-INF/
    cxf/fediz/trunk/systests/sts/src/main/webapp/WEB-INF/cxf-encrypted-ut.xml
    cxf/fediz/trunk/systests/sts/src/main/webapp/WEB-INF/cxf-servlet.xml
    cxf/fediz/trunk/systests/sts/src/main/webapp/WEB-INF/cxf-transport.xml
    cxf/fediz/trunk/systests/sts/src/main/webapp/WEB-INF/cxf-ut.xml
    cxf/fediz/trunk/systests/sts/src/main/webapp/WEB-INF/cxf-x509.xml
    cxf/fediz/trunk/systests/sts/src/main/webapp/WEB-INF/passwords.xml
    cxf/fediz/trunk/systests/sts/src/main/webapp/WEB-INF/userClaims.xml
    cxf/fediz/trunk/systests/sts/src/main/webapp/WEB-INF/web.xml
    cxf/fediz/trunk/systests/sts/src/main/webapp/WEB-INF/wsdl/
    cxf/fediz/trunk/systests/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl
    cxf/fediz/trunk/systests/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4.wsdl
    cxf/fediz/trunk/systests/tests/
    cxf/fediz/trunk/systests/tests/pom.xml
    cxf/fediz/trunk/systests/tests/src/
    cxf/fediz/trunk/systests/tests/src/test/
    cxf/fediz/trunk/systests/tests/src/test/java/
    cxf/fediz/trunk/systests/tests/src/test/java/org/
    cxf/fediz/trunk/systests/tests/src/test/java/org/apache/
    cxf/fediz/trunk/systests/tests/src/test/java/org/apache/cxf/
    cxf/fediz/trunk/systests/tests/src/test/java/org/apache/cxf/fediz/
    cxf/fediz/trunk/systests/tests/src/test/java/org/apache/cxf/fediz/JettyTest.java
      - copied, changed from r1425109, cxf/fediz/trunk/plugins/jetty/src/test/java/org/apache/cxf/fediz/jetty/BrowserTest.java
    cxf/fediz/trunk/systests/tests/src/test/resources/
    cxf/fediz/trunk/systests/tests/src/test/resources/fediz_config.xml
      - copied, changed from r1425109, cxf/fediz/trunk/plugins/jetty/src/test/resources/fediz_config.xml
    cxf/fediz/trunk/systests/tests/src/test/resources/jetty/
    cxf/fediz/trunk/systests/tests/src/test/resources/jetty/idp-server.xml
      - copied, changed from r1425109, cxf/fediz/trunk/plugins/jetty/src/test/resources/idpserver.xml
    cxf/fediz/trunk/systests/tests/src/test/resources/jetty/rp-server.xml
      - copied, changed from r1425109, cxf/fediz/trunk/plugins/jetty/src/test/resources/fedserver.xml
    cxf/fediz/trunk/systests/tests/src/test/resources/server.jks
      - copied, changed from r1425109, cxf/fediz/trunk/plugins/jetty/src/test/resources/tomcat-idp.jks
    cxf/fediz/trunk/systests/tests/src/test/resources/stsstore.jks
      - copied, changed from r1425109, cxf/fediz/trunk/plugins/jetty/src/test/resources/stsstore.jks
Removed:
    cxf/fediz/trunk/plugins/jetty/src/test/java/org/apache/cxf/fediz/jetty/BrowserTest.java
    cxf/fediz/trunk/plugins/jetty/src/test/resources/fediz_config.xml
    cxf/fediz/trunk/plugins/jetty/src/test/resources/fedizhelloworld.war
    cxf/fediz/trunk/plugins/jetty/src/test/resources/fedserver.xml
    cxf/fediz/trunk/plugins/jetty/src/test/resources/idpserver.xml
    cxf/fediz/trunk/plugins/jetty/src/test/resources/stsstore.jks
    cxf/fediz/trunk/plugins/jetty/src/test/resources/tomcat-idp.jks
Modified:
    cxf/fediz/trunk/pom.xml

Modified: cxf/fediz/trunk/pom.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/pom.xml?rev=1425349&r1=1425348&r2=1425349&view=diff
==============================================================================
--- cxf/fediz/trunk/pom.xml (original)
+++ cxf/fediz/trunk/pom.xml Sat Dec 22 21:37:14 2012
@@ -208,6 +208,7 @@
     <modules>
         <module>services</module>
         <module>plugins</module>
+        <module>systests</module>
         <module>examples</module>
         <module>apache-fediz</module>
     </modules>
@@ -601,6 +602,11 @@
                     </dependencies>
                 </plugin>
 -->
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-war-plugin</artifactId>
+                    <version>2.3</version>
+               </plugin>
             </plugins>
         </pluginManagement>
     </build>

Added: cxf/fediz/trunk/systests/idp/pom.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/idp/pom.xml?rev=1425349&view=auto
==============================================================================
--- cxf/fediz/trunk/systests/idp/pom.xml (added)
+++ cxf/fediz/trunk/systests/idp/pom.xml Sat Dec 22 21:37:14 2012
@@ -0,0 +1,118 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+	<modelVersion>4.0.0</modelVersion>
+	<parent>
+		<groupId>org.apache.cxf.fediz</groupId>
+		<artifactId>systests</artifactId>
+		<version>1.1.0-SNAPSHOT</version>
+	</parent>
+        <groupId>org.apache.cxf.fediz.systests</groupId>
+	<artifactId>systests-fediz-idp</artifactId>
+	<name>Apache Fediz Systests IDP</name>
+	<packaging>war</packaging>
+
+	<dependencyManagement>
+		<dependencies>
+		</dependencies>
+	</dependencyManagement>
+
+	<properties>
+		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+	</properties>
+
+	<dependencies>
+
+		<dependency>
+			<groupId>javax.servlet</groupId>
+			<artifactId>servlet-api</artifactId>
+			<version>2.5</version>
+			<scope>provided</scope>
+		</dependency>
+		<dependency>
+           <groupId>org.springframework</groupId>
+           <artifactId>spring-web</artifactId>
+           <version>${spring.version}</version>
+        </dependency>
+		<dependency>
+			<groupId>org.slf4j</groupId>
+			<artifactId>slf4j-api</artifactId>
+			<version>${slf4j.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>org.slf4j</groupId>
+			<artifactId>slf4j-jdk14</artifactId>
+			<version>${slf4j.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.cxf</groupId>
+			<artifactId>cxf-rt-ws-security</artifactId>
+			<version>${cxf.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.cxf</groupId>
+			<artifactId>cxf-rt-transports-http</artifactId>
+			<version>${cxf.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.cxf</groupId>
+			<artifactId>cxf-rt-ws-policy</artifactId>
+			<version>${cxf.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.commons</groupId>
+			<artifactId>commons-lang3</artifactId>
+			<version>3.0.1</version>
+		</dependency>
+	</dependencies>
+
+    <build>
+<plugins>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-war-plugin</artifactId>
+				<configuration>
+					<webResources>
+						<resource>
+							<directory>src/main/webapp</directory>
+							<filtering>true</filtering>
+							<includes>
+          <include>**/web.xml</include>
+          <include>**/applicationContext.xml</include>
+							</includes>
+						</resource>
+						<resource>
+							<directory>src/main/webapp</directory>
+							<filtering>false</filtering>
+							<excludes>
+          <exclude>**/web.xml</exclude>
+          <exclude>**/applicationContext.xml</exclude>
+							</excludes>
+						</resource>
+					</webResources>
+				</configuration>
+			</plugin>
+</plugins>
+        <!-- Name of the generated WAR file -->
+        <finalName>fedizidp</finalName>
+    </build>
+
+</project>

Added: cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/AbstractAuthFilter.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/AbstractAuthFilter.java?rev=1425349&view=auto
==============================================================================
--- cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/AbstractAuthFilter.java (added)
+++ cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/AbstractAuthFilter.java Sat Dec 22 21:37:14 2012
@@ -0,0 +1,183 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp;
+
+import java.io.IOException;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+public abstract class AbstractAuthFilter implements Filter {
+
+    public static final String PRE_STATE = "pre-state";
+    public static final String NEXT_STATE = "next-state";
+    public static final String PROCESSING_STATE = "processing-state";
+    
+    //@SuppressWarnings("PMD")
+    //protected static Logger LOG;
+    private static final Logger LOG = LoggerFactory.getLogger(AbstractAuthFilter.class);
+
+    // String used because of custom states, state set during processing time are stored in AuthContext
+    private String preState;
+    private String nextState;
+
+    enum ProcessingState {
+        CONTINUE,
+        SEND_RESPONSE
+    }
+    
+    public void setNextState(String state, AuthContext context) {
+        context.put(NEXT_STATE, state);
+    }
+    
+    public String getNextState(AuthContext context, boolean remove) {
+        String updatedNextState = (String)context.get(NEXT_STATE);
+        if (updatedNextState != null) {
+            if (LOG.isDebugEnabled()) {
+                LOG.debug("next-state [" + updatedNextState + "] overwritten by filter");
+            }
+            if (remove) {
+                context.remove(NEXT_STATE);
+            }
+            return updatedNextState;
+        } else {
+            return nextState;
+        }
+    }
+    
+    public String getNextState(AuthContext context) {
+        return getNextState(context, false);
+    }
+    
+
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+        preState = filterConfig.getInitParameter(PRE_STATE);
+        if (LOG.isDebugEnabled()) {
+            if (preState == null) {
+                LOG.debug("Parameter '" + PRE_STATE + "' not defined");
+            } else {
+                LOG.debug("Parameter '" + PRE_STATE + "' set to [" + preState + "]");
+            }
+        }
+        
+        nextState = filterConfig.getInitParameter(NEXT_STATE);
+        if (LOG.isDebugEnabled()) {
+            if (nextState == null) {
+                LOG.debug("Parameter '" + NEXT_STATE + "' not defined");
+            } else {
+                LOG.debug("Parameter '" + NEXT_STATE + "' set to [" + nextState + "]");
+            }
+        }
+
+    }
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response,
+                         FilterChain chain) throws IOException, ServletException {
+
+        HttpServletRequest hrequest = null;
+        if (request instanceof HttpServletRequest) {
+            hrequest = (HttpServletRequest)request;
+        } else {
+            throw new IllegalStateException("ServletRequest not of type HttpServletRequest");
+        }
+        HttpSession session = (HttpSession)hrequest.getSession(true);
+        AuthContext context = new AuthContext(session, hrequest);
+        
+        String currentState = null;
+        if (context.get(AuthContext.CURRENT_STATE) == null) {
+            currentState = States.NOT_AUTHENTICATED.toString();
+            context.put(AuthContext.CURRENT_STATE, currentState);
+            LOG.info("No state defined. Defaulting to [" + States.NOT_AUTHENTICATED.toString() + "]");
+        } else {
+            currentState = (String)context.get(AuthContext.CURRENT_STATE);
+            LOG.info("Current state: " + currentState);
+        }
+        if (preState == null) {
+            LOG.info("No pre-state defined. State condition ignored");
+            //throw new IllegalStateException("No pre-state defined");
+        }
+        if (preState == null || preState.equals(currentState)) {
+            if (preState == null) {
+                LOG.info("No pre-state defined. State condition ignored");
+            } else {
+                LOG.info("State condition met for " + this.getClass().getName());
+            }
+            try {
+                this.process(hrequest, (HttpServletResponse)response, context);
+                String resolvedNextState = getNextState(context, true);
+                if (resolvedNextState != null) {
+                    context.put(AuthContext.CURRENT_STATE, resolvedNextState);
+                    LOG.info("State changed to [" + resolvedNextState + "]");
+                } else {
+                    LOG.info("State remains at [" + currentState + "]");
+                }
+            } catch (ProcessingException ex) {
+                LOG.info("ProcessingException occured. Sending repsonse.");
+                //response message prepared by underlying filter, error code
+                return;
+            }
+        } else {
+            LOG.debug("State condition not met for " + this.getClass().getName() + ". Ignored."); 
+        }
+        if (context.get(PROCESSING_STATE) == null
+            || ProcessingState.CONTINUE.equals((ProcessingState)context.get(PROCESSING_STATE))) {
+            chain.doFilter(request, response);
+        } else {
+            LOG.info("Processing aborted. Invalidate session. Sending response.");
+            //session.invalidate(); //why???
+            //context.remove(PROCESSING_STATE); //why???
+        }
+        
+        if (hrequest.getSession(false) != null) {
+            context.put(AuthContext.CURRENT_STATE, context.get(AuthContext.CURRENT_STATE), true);
+            
+            if (context.get(AuthContext.INVALIDATE_SESSION) != null
+                && Boolean.TRUE.equals((Boolean)context.get(AuthContext.INVALIDATE_SESSION))) {
+                context.remove(AuthContext.INVALIDATE_SESSION);
+                session.invalidate();
+                LOG.info("Session invalidated");
+            }
+        }
+        
+        
+    }
+
+    @Override
+    public void destroy() {
+
+    }
+
+    public abstract void process(HttpServletRequest request, HttpServletResponse response, AuthContext context)
+        throws IOException, ServletException, ProcessingException;
+
+
+}

Added: cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/AuthContext.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/AuthContext.java?rev=1425349&view=auto
==============================================================================
--- cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/AuthContext.java (added)
+++ cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/AuthContext.java Sat Dec 22 21:37:14 2012
@@ -0,0 +1,132 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp;
+
+import java.util.Collection;
+import java.util.Map;
+import java.util.Set;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
+public class AuthContext implements Map<String, Object> {
+
+    public static final String CURRENT_STATE = "current-state";
+    public static final String INVALIDATE_SESSION = "invalidate-session";
+    public static final String IDP_PRINCIPAL = "IDP_PRINCIPAL";
+    public static final String AUTH_USERNAME = "auth-username";
+    public static final String AUTH_PASSWORD = "auth-password";
+
+
+    private HttpSession session;
+    private HttpServletRequest request;
+
+    public AuthContext(HttpSession session, HttpServletRequest request) {
+        this.session = session;
+        this.request = request;
+    }
+
+    @Override
+    public int size() {
+        throw new UnsupportedOperationException("method 'size' not supported");
+    }
+
+    @Override
+    public boolean isEmpty() {
+        throw new UnsupportedOperationException("method 'isEmpty' not supported");
+    }
+
+    @Override
+    public boolean containsKey(Object key) {
+        throw new UnsupportedOperationException("method 'containsKey' not supported");
+    }
+
+    @Override
+    public boolean containsValue(Object value) {
+        throw new UnsupportedOperationException("method 'containsValue' not supported");
+    }
+
+    @Override
+    public Object get(Object key) {
+        Object value = request.getAttribute((String)key);
+        if (value != null) {
+            return value;
+        }
+        value = session.getAttribute((String)key);
+        return value;
+    }
+
+    @Override
+    public Object put(String key, Object value) {
+        Object oldValue = request.getAttribute((String)key);
+        request.setAttribute(key, value);
+        return oldValue;
+    }
+    
+    public Object put(String key, Object value, boolean storeInSession) {
+        Object oldValue = null;
+        if (storeInSession) {
+            oldValue = session.getAttribute((String)key);
+            session.setAttribute(key, value);
+        } else {
+            oldValue = request.getAttribute((String)key);
+            request.setAttribute(key, value);
+        }
+        return oldValue;
+    }
+
+    @Override
+    public Object remove(Object key) {
+        Object value = request.getAttribute((String)key);
+        if (value != null) {
+            request.removeAttribute((String)key);
+        }
+        value = session.getAttribute((String)key);
+        if (value != null) {
+            session.removeAttribute((String)key);
+        }
+        return value;
+    }
+
+    @Override
+    public void putAll(Map<? extends String, ? extends Object> m) {
+        throw new UnsupportedOperationException("method 'putAll' not supported");
+    }
+
+    @Override
+    public void clear() {
+        throw new UnsupportedOperationException("method 'clear' not supported");
+    }
+
+    @Override
+    public Set<String> keySet() {
+        throw new UnsupportedOperationException("method 'keySet' not supported");
+    }
+
+    @Override
+    public Collection<Object> values() {
+        throw new UnsupportedOperationException("method 'values' not supported");
+    }
+
+    @Override
+    public Set<java.util.Map.Entry<String, Object>> entrySet() {
+        throw new UnsupportedOperationException("method 'entrySet' not supported");
+    }
+
+}

Added: cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/AuthenticationFilter.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/AuthenticationFilter.java?rev=1425349&view=auto
==============================================================================
--- cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/AuthenticationFilter.java (added)
+++ cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/AuthenticationFilter.java Sat Dec 22 21:37:14 2012
@@ -0,0 +1,50 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class AuthenticationFilter extends AbstractAuthFilter {
+
+    private static final Logger LOG = LoggerFactory.getLogger(AuthenticationFilter.class);
+//    static {
+//        LOG = LoggerFactory.getLogger(AuthenticationFilter.class);
+//    }
+    
+    @Override
+    public void process(HttpServletRequest request,
+                        HttpServletResponse response, AuthContext context)
+        throws IOException, ServletException, ProcessingException {
+
+        //Only Username/password authentication supported
+        //otherwise parse wauth parameter
+        if (context.get(FederationFilter.PARAM_WAUTH) != null) {
+            LOG.warn("Parameter 'wauth' ignored");
+        }
+        this.setNextState(States.USERNAME_PASSWORD_REQUIRED.toString(), context);
+    }
+
+}

Added: cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/BasicAuthenticationFilter.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/BasicAuthenticationFilter.java?rev=1425349&view=auto
==============================================================================
--- cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/BasicAuthenticationFilter.java (added)
+++ cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/BasicAuthenticationFilter.java Sat Dec 22 21:37:14 2012
@@ -0,0 +1,100 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp;
+
+import java.io.IOException;
+import java.util.StringTokenizer;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.cxf.common.util.Base64Utility;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class BasicAuthenticationFilter extends AbstractAuthFilter {
+
+    public static final String AUTH_HEADER_NAME = "WWW-Authenticate";
+
+    private static final Logger LOG = LoggerFactory.getLogger(BasicAuthenticationFilter.class);
+    
+//    static {
+//        LOG = LoggerFactory.getLogger(BasicAuthenticationFilter.class);
+//    }
+
+    @Override
+    public void process(HttpServletRequest request,
+                        HttpServletResponse response, AuthContext context)
+        throws IOException, ServletException {
+
+        String auth = request.getHeader("Authorization");
+        LOG.debug("Authorization header: " + auth);
+
+        if (auth == null) {
+            // request authentication from browser
+            StringBuilder value = new StringBuilder(16);
+            value.append("Basic realm=\"IDP\"");
+            response.setHeader(AUTH_HEADER_NAME, value.toString());
+            response.setHeader("Cache-Control", "no-store, no-cache, must-revalidate, private");
+            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+            this.setNextState(States.USERNAME_PASSWORD_REQUIRED.toString(), context);
+            // signal to send response to client or throw exception
+            // SEND_RESPONSE, CONTINUE
+            context.put(AbstractAuthFilter.PROCESSING_STATE, AbstractAuthFilter.ProcessingState.SEND_RESPONSE);
+            return;
+
+        } else {
+            String username = null;
+            String password = null;
+
+            try {
+                StringTokenizer st = new StringTokenizer(auth, " ");
+                String authType = st.nextToken();
+                String encoded = st.nextToken();
+
+                if (!authType.equalsIgnoreCase("basic")) {
+                    response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Invalid Authorization header");
+                    return;
+                }
+
+                String decoded = new String(
+                                            Base64Utility.decode(encoded));
+
+                int colon = decoded.indexOf(':');
+                if (colon < 0) {
+                    username = decoded;
+                } else {
+                    username = decoded.substring(0, colon);
+                    password = decoded.substring(colon + 1,
+                                                 decoded.length());
+                }
+                context.put(AuthContext.AUTH_USERNAME, username);
+                context.put(AuthContext.AUTH_PASSWORD, password);
+
+            } catch (Exception ex) {
+                LOG.error("Invalid Authorization header", ex);
+                response.sendError(HttpServletResponse.SC_BAD_REQUEST,
+                    "Invalid Authorization header");
+                throw new ProcessingException("Invalid Authorization header");
+            }
+        }
+    }
+
+}

Added: cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/FederationFilter.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/FederationFilter.java?rev=1425349&view=auto
==============================================================================
--- cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/FederationFilter.java (added)
+++ cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/FederationFilter.java Sat Dec 22 21:37:14 2012
@@ -0,0 +1,153 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp;
+
+import java.io.IOException;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class FederationFilter extends AbstractAuthFilter {
+
+    public static final String PARAM_ACTION = "wa";
+
+    public static final String ACTION_SIGNIN = "wsignin1.0";
+
+    public static final String ACTION_SIGNOUT = "wsignout1.0";
+
+    public static final String ACTION_SIGNOUT_CLEANUP = "wsignoutcleanup1.0";
+
+    public static final String PARAM_WTREALM = "wtrealm";
+
+    public static final String PARAM_WREPLY = "wreply";
+
+    public static final String PARAM_WRESULT = "wresult";
+
+    public static final String PARAM_WCONTEXT = "wctx";
+
+    public static final String PARAM_WFRESH = "wfresh";
+
+    public static final String PARAM_WAUTH = "wauth";
+    
+    public static final String PARAM_SESSION_TOKEN = "session.token";
+
+    private static final Logger LOG = LoggerFactory.getLogger(FederationFilter.class);
+    
+    
+    private String sessionToken;
+//    static {
+//        LOG = LoggerFactory.getLogger(FederationFilter.class);
+//    }
+    
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+        super.init(filterConfig);
+        
+        sessionToken = filterConfig.getInitParameter(PARAM_SESSION_TOKEN);
+        if (sessionToken != null && sessionToken.length() > 0) {
+            LOG.info("Configured Session token: " + sessionToken);
+        }
+    }
+
+    @Override
+    public void process(HttpServletRequest request,
+                        HttpServletResponse response, AuthContext context)
+        throws IOException, ServletException, ProcessingException {
+
+
+        String action = request.getParameter(PARAM_ACTION);
+        String wtrealm = request.getParameter(PARAM_WTREALM);
+        String wctx = request.getParameter(PARAM_WCONTEXT);
+        String wreply = request.getParameter(PARAM_WREPLY);
+        String wfresh = request.getParameter(PARAM_WFRESH);
+        String wauth = request.getParameter(PARAM_WAUTH);
+
+        if (action == null) {
+            //[TODO] should not fail because other filter might be relevant
+            //Initial session state (AUTHENTICATED) ignored, but STSClientFilter requires SECURITY_TOKEN_REQUIRED
+            LOG.info("Not a WS-Federation request");
+            return;
+            /* LOG.error("Bad request. HTTP parameter '" + PARAM_ACTION
+                      + "' missing");
+            response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Parameter "
+                               + PARAM_ACTION + " missing");
+            throw new ProcessingException("Bad request. HTTP parameter '" + PARAM_ACTION
+                                          + "' missing");
+                                          */
+        }
+        if (action.equals(ACTION_SIGNIN)) {
+            LOG.debug("Sign-In request [" + PARAM_ACTION + "=" + ACTION_SIGNIN
+                      + "] ...");
+
+            if (wtrealm == null || wtrealm.length() == 0) {
+                LOG.error("Bad request. HTTP parameter '" + ACTION_SIGNIN
+                          + "' missing");
+                response.sendError(HttpServletResponse.SC_BAD_REQUEST,
+                                   "Parameter " + ACTION_SIGNIN + " missing");
+                throw new ProcessingException("Bad request. HTTP parameter '" + ACTION_SIGNIN
+                                              + "' missing");
+            }
+            boolean authenticationRequired = false;
+
+            context.put(PARAM_WCONTEXT, wctx);
+            context.put(PARAM_WTREALM, wtrealm);
+            context.put(PARAM_WREPLY, wreply);
+            context.put(PARAM_WAUTH, wauth);
+            context.put(PARAM_ACTION, action);
+
+
+            SecurityToken idpToken = null;
+            idpToken = (SecurityToken)context.get(sessionToken);
+            String user = (String)context.get(AuthContext.IDP_PRINCIPAL);
+            if (idpToken == null) {
+                LOG.debug("IDP token not found");
+                authenticationRequired = true;
+            } else {
+                if (idpToken.isExpired()) {
+                    LOG.info("IDP token of '" + user + "' expired. Require authentication.");
+                    authenticationRequired = idpToken.isExpired();
+                } else if (wfresh != null && wfresh.equals("0")) {
+                    LOG.info("IDP token of '" + user + "' valid but relying party requested new authentication");
+                    authenticationRequired = true;
+                } else {
+                    LOG.debug("Session found for '" + user + "'.");
+                    //Add it to the request context
+                    context.put(sessionToken, idpToken);
+                    context.put(AuthContext.IDP_PRINCIPAL, user);
+                }
+            }
+            if (authenticationRequired) {
+                context.remove(sessionToken);
+                this.setNextState(States.AUTHENTICATION_REQUIRED.toString(), context);
+            } else {
+                this.setNextState(States.SECURITY_TOKEN_REQUIRED.toString(), context);
+            }
+
+        }
+    }
+
+
+
+}

Added: cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/FederationPostFilter.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/FederationPostFilter.java?rev=1425349&view=auto
==============================================================================
--- cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/FederationPostFilter.java (added)
+++ cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/FederationPostFilter.java Sat Dec 22 21:37:14 2012
@@ -0,0 +1,136 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang3.StringEscapeUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class FederationPostFilter extends AbstractAuthFilter {
+
+    private static final String PARAM_TOKEN_STORE_NAME = "token.store.name";
+
+    private static final Logger LOG = LoggerFactory.getLogger(FederationPostFilter.class);
+    
+//    static {
+//        LOG = LoggerFactory.getLogger(FederationPostFilter.class);
+//    }
+    
+    protected String tokenStoreName;
+
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+        super.init(filterConfig);
+
+        tokenStoreName = filterConfig.getInitParameter(PARAM_TOKEN_STORE_NAME);
+        if (tokenStoreName == null) {
+            throw new ServletException(
+                                       "Parameter '" + PARAM_TOKEN_STORE_NAME + "' not configured");
+        }
+    }
+
+    @Override
+    public void process(HttpServletRequest request,
+                        HttpServletResponse response, AuthContext context)
+        throws IOException, ServletException, ProcessingException {
+
+        if (context.get(FederationFilter.PARAM_ACTION) == null) {
+            LOG.info("Not a WS-Federation request");            
+            return;
+        }
+        
+        try {
+            Object obj = context.get(tokenStoreName);
+            if (!(obj instanceof String)) {
+                LOG.error("Token in '" + tokenStoreName + "' not of type String/RSTR");
+                throw new IllegalStateException("Token in '" + tokenStoreName + "' not of type String/RSTR");
+            }
+            request.setAttribute("fed." + FederationFilter.PARAM_WRESULT,
+                                 StringEscapeUtils.escapeXml((String)obj));
+            String wctx = (String)context.get(FederationFilter.PARAM_WCONTEXT);
+            if (wctx != null) {
+                request.setAttribute("fed." + FederationFilter.PARAM_WCONTEXT,
+                                     StringEscapeUtils.escapeXml(wctx));
+            }
+            String wreply = (String)context.get(FederationFilter.PARAM_WREPLY);
+            String wtrealm = (String)context.get(FederationFilter.PARAM_WTREALM);
+            if (wreply == null) {
+                request.setAttribute("fed.action", wtrealm);
+            } else {
+                request.setAttribute("fed.action", wreply);
+            }
+
+        } catch (Exception ex) {
+            LOG.warn("Requesting security token failed", ex);
+            response.sendError(HttpServletResponse.SC_FORBIDDEN,
+                "Requesting security token failed");
+            throw new ProcessingException("Requesting security token failed");          
+        }
+
+        setResponseBody(request, response);
+        context.put(AbstractAuthFilter.PROCESSING_STATE, AbstractAuthFilter.ProcessingState.SEND_RESPONSE);
+
+    }
+    
+    private void setResponseBody(HttpServletRequest request, HttpServletResponse response) {
+        
+        try {
+            response.setContentType("text/html");
+            PrintWriter out = response.getWriter();
+            
+            out.println("<html>");
+            out.println("<head><title>IDP SignIn Response Form</title></head>");
+            out.println("<body>");
+            out.println("<form method=\"POST\" name=\"hiddenform\" action=\"" 
+                        + request.getAttribute("fed.action") + "\">");
+            out.println("<input type=\"hidden\" name=\"wa\" value=\"wsignin1.0\" />");
+            out.println("<input type=\"hidden\" name=\"wresult\" value=\"" 
+                        + request.getAttribute("fed.wresult") + "\"/>");
+            out.println("<input type=\"hidden\" name=\"wctx\" value=\"" 
+                        + request.getAttribute("fed.wctx") + "\"/>");
+            out.println("<noscript>");
+            out.println("<p>Script is disabled. Click Submit to continue.</p>");
+            out.println("<input type=\"submit\" value=\"Submit\" />");
+            out.println("</noscript>");
+            out.println("</form>");
+            out.println("<script language=\"javascript\">window.setTimeout('document.forms[0].submit()',0);</script>");
+            out.println("</body>");
+            out.println("</html>");
+            
+        } catch (IOException ex) {
+            LOG.error("Failed to create SignInResponse message", ex);
+            try {
+                response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
+                                   "Failed to create SignInResponse message");
+            } catch (IOException e) {
+                LOG.error("Failed to write error reponse", e);
+            }
+        }
+        
+    }
+}
+

Added: cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/HttpFormAuthenticationFilter.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/HttpFormAuthenticationFilter.java?rev=1425349&view=auto
==============================================================================
--- cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/HttpFormAuthenticationFilter.java (added)
+++ cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/HttpFormAuthenticationFilter.java Sat Dec 22 21:37:14 2012
@@ -0,0 +1,93 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp;
+
+import java.io.IOException;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class HttpFormAuthenticationFilter extends AbstractAuthFilter {
+
+    public static final String PARAM_TAG = "cxf.fediz.loginform.tag";
+    public static final String PARAM_USERNAME = "cxf.fediz.loginform.username";
+    public static final String PARAM_PASSWORD = "cxf.fediz.loginform.password";
+    public static final String FORM_LOGIN_PAGE_URI_DEFAULT = "/WEB-INF/signinform.jsp";
+
+    private static final Logger LOG = LoggerFactory.getLogger(HttpFormAuthenticationFilter.class);
+    
+    private static final String PARAM_FORM_LOGIN_PAGE = "form.login.page";
+    
+    protected String formLoginPage;
+
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+        super.init(filterConfig);
+        formLoginPage = filterConfig.getInitParameter(PARAM_FORM_LOGIN_PAGE);
+        if (formLoginPage != null && formLoginPage.length() > 0) {
+            LOG.info("Configured form login page: " + formLoginPage);
+        }
+    }
+    
+    @Override
+    public void process(HttpServletRequest request,
+                        HttpServletResponse response, AuthContext context)
+        throws IOException, ServletException {
+
+        String tag = request.getParameter(PARAM_TAG);
+
+        if (tag == null) {
+            // request authentication from user
+            response.setHeader("Cache-Control", "no-store, no-cache, must-revalidate, private");
+            
+            if (formLoginPage != null && formLoginPage.length() > 0) {
+                request.getRequestDispatcher(formLoginPage)
+                    .forward(request, response);
+            } else {
+                request.getRequestDispatcher(FORM_LOGIN_PAGE_URI_DEFAULT)
+                    .forward(request, response);
+            }
+            
+            setNextState(States.USERNAME_PASSWORD_REQUIRED.toString(), context);
+            context.put(AbstractAuthFilter.PROCESSING_STATE,
+                        AbstractAuthFilter.ProcessingState.SEND_RESPONSE);
+            return;
+
+        } else {
+            String username = request.getParameter(PARAM_USERNAME);
+            String password = request.getParameter(PARAM_PASSWORD);
+
+            try {
+                context.put(AuthContext.AUTH_USERNAME, username);
+                context.put(AuthContext.AUTH_PASSWORD, password);
+            } catch (Exception ex) {
+                LOG.error("Invalid Authorization header", ex);
+                response.sendError(HttpServletResponse.SC_BAD_REQUEST,
+                    "Invalid http form format");
+                throw new ProcessingException("Invalid http form format");
+            }
+        }
+    }
+
+}

Added: cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpSTSClient.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpSTSClient.java?rev=1425349&view=auto
==============================================================================
--- cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpSTSClient.java (added)
+++ cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpSTSClient.java Sat Dec 22 21:37:14 2012
@@ -0,0 +1,193 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp;
+
+import java.io.StringWriter;
+import java.security.cert.X509Certificate;
+
+import javax.xml.transform.OutputKeys;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.w3c.dom.Element;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.binding.soap.SoapBindingConstants;
+import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.service.model.BindingOperationInfo;
+import org.apache.cxf.staxutils.StaxUtils;
+import org.apache.cxf.staxutils.W3CDOMStreamWriter;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.trust.STSClient;
+import org.apache.cxf.ws.security.trust.STSUtils;
+import org.apache.ws.security.components.crypto.Crypto;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class IdpSTSClient extends STSClient {
+
+    private static final Logger LOG = LoggerFactory.getLogger(IdpSTSClient.class);
+
+    public IdpSTSClient(Bus b) {
+        super(b);
+    }
+
+    public String requestSecurityTokenResponse() throws Exception {
+        return requestSecurityTokenResponse(null);
+    }
+
+    public String requestSecurityTokenResponse(String appliesTo) throws Exception {
+        String action = null;
+        if (isSecureConv) {
+            action = namespace + "/RST/SCT";
+        }
+        return requestSecurityTokenResponse(appliesTo, action, "/Issue", null);
+    }
+
+    public String requestSecurityTokenResponse(String appliesTo, String action,
+            String requestType, SecurityToken target) throws Exception {
+        createClient();
+        BindingOperationInfo boi = findOperation("/RST/Issue");
+
+        client.getRequestContext().putAll(ctx);
+        if (action != null) {
+            client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION,
+                    action);
+        } else {
+            client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION,
+                    namespace + "/RST/Issue");
+        }
+
+        W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
+        writer.writeStartElement("wst", "RequestSecurityToken", namespace);
+        writer.writeNamespace("wst", namespace);
+        if (context != null) {
+            writer.writeAttribute(null, "Context", context);
+        }
+
+        boolean wroteKeySize = false;
+        String keyTypeTemplate = null;
+        String sptt = null;
+
+        if (template != null) {
+            if (this.useSecondaryParameters()) {
+                writer.writeStartElement("wst", "SecondaryParameters",
+                        namespace);
+            }
+
+            Element tl = DOMUtils.getFirstElement(template);
+            while (tl != null) {
+                StaxUtils.copy(tl, writer);
+                if ("KeyType".equals(tl.getLocalName())) {
+                    keyTypeTemplate = DOMUtils.getContent(tl);
+                } else if ("KeySize".equals(tl.getLocalName())) {
+                    wroteKeySize = true;
+                    keySize = Integer.parseInt(DOMUtils.getContent(tl));
+                } else if ("TokenType".equals(tl.getLocalName())) {
+                    sptt = DOMUtils.getContent(tl);
+                }
+                tl = DOMUtils.getNextElement(tl);
+            }
+
+            if (this.useSecondaryParameters()) {
+                writer.writeEndElement();
+            }
+        }
+
+        addRequestType(requestType, writer);
+        if (enableAppliesTo) {
+            addAppliesTo(writer, appliesTo);
+        }
+
+        addClaims(writer);
+
+        Element onBehalfOfToken = getOnBehalfOfToken();
+        if (onBehalfOfToken != null) {
+            writer.writeStartElement("wst", "OnBehalfOf", namespace);
+            StaxUtils.copy(onBehalfOfToken, writer);
+            writer.writeEndElement();
+        }
+        if (sptt == null) {
+            addTokenType(writer);
+        }
+        if (isSecureConv || enableLifetime) {
+            addLifetime(writer);
+        }
+        if (keyTypeTemplate == null) {
+            keyTypeTemplate = writeKeyType(writer, keyType);
+        }
+
+        byte[] requestorEntropy = null;
+        X509Certificate cert = null;
+        Crypto crypto = null;
+
+        if (keySize <= 0) {
+            keySize = 256;
+        }
+        if (keyTypeTemplate != null && keyTypeTemplate.endsWith("SymmetricKey")) {
+            requestorEntropy = writeElementsForRSTSymmetricKey(writer,
+                    wroteKeySize);
+        } else if (keyTypeTemplate != null
+                && keyTypeTemplate.endsWith("PublicKey")) {
+            crypto = createCrypto(false);
+            cert = getCert(crypto);
+            writeElementsForRSTPublicKey(writer, cert);
+        }
+
+        if (target != null) {
+            writer.writeStartElement("wst", "RenewTarget", namespace);
+            Element el = target.getUnattachedReference();
+            if (el == null) {
+                el = target.getAttachedReference();
+            }
+            StaxUtils.copy(el, writer);
+            writer.writeEndElement();
+        }
+
+        Element actAsSecurityToken = getActAsToken();
+        if (actAsSecurityToken != null) {
+            writer.writeStartElement(STSUtils.WST_NS_08_02, "ActAs");
+            StaxUtils.copy(actAsSecurityToken, writer);
+            writer.writeEndElement();
+        }
+
+        writer.writeEndElement();
+
+        Object obj[] = client.invoke(boi, new DOMSource(writer.getDocument()
+                .getDocumentElement()));
+
+        DOMSource rstr = (DOMSource) obj[0];
+
+        StringWriter sw = new StringWriter();
+        try {
+            Transformer t = TransformerFactory.newInstance().newTransformer();
+            t.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
+            t.transform(rstr, new StreamResult(sw));
+        } catch (TransformerException te) {
+            LOG.warn("nodeToString Transformer Exception");
+        }
+        return sw.toString();
+
+    }
+
+}

Added: cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/LogoutFilter.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/LogoutFilter.java?rev=1425349&view=auto
==============================================================================
--- cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/LogoutFilter.java (added)
+++ cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/LogoutFilter.java Sat Dec 22 21:37:14 2012
@@ -0,0 +1,91 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp;
+
+import java.io.IOException;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class LogoutFilter extends AbstractAuthFilter {
+
+    public static final String PARAM_LOGOUT_URI = "logout.uri";
+    
+    private static final Logger LOG = LoggerFactory.getLogger(LogoutFilter.class);
+
+    private String logoutUri;
+    
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+        super.init(filterConfig);
+        
+        logoutUri = filterConfig.getInitParameter(PARAM_LOGOUT_URI);
+        if (logoutUri != null && logoutUri.length() > 0) {
+            LOG.info("Configured logout URI: " + logoutUri);
+        }
+    }
+    
+    @Override
+    public void process(HttpServletRequest request,
+                        HttpServletResponse response, AuthContext context)
+        throws IOException, ServletException, ProcessingException {
+
+        if (request.getParameter(this.logoutUri) != null) {
+            HttpSession session = request.getSession(false);
+            if (session == null) {
+                LOG.info("Logout ignored. No session available.");
+                return;
+            }
+            
+            LOG.info("Logout session for '" + context.get(AuthContext.IDP_PRINCIPAL) + "'");
+            context.put(AuthContext.INVALIDATE_SESSION, Boolean.TRUE);
+            //Session invalidation occurs in AbstractAuthFilter due to session access for
+            //State management
+            //session.invalidate();
+            this.setNextState(States.NOT_AUTHENTICATED.toString(), context);
+            context.put(AbstractAuthFilter.PROCESSING_STATE, AbstractAuthFilter.ProcessingState.SEND_RESPONSE);
+        }
+        
+    }
+
+}

Added: cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/ProcessingException.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/ProcessingException.java?rev=1425349&view=auto
==============================================================================
--- cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/ProcessingException.java (added)
+++ cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/ProcessingException.java Sat Dec 22 21:37:14 2012
@@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp;
+
+import javax.servlet.ServletException;
+
+public class ProcessingException extends ServletException {
+
+    private static final long serialVersionUID = -7826089555569489534L;
+    
+    public ProcessingException() {
+        super();
+    }
+
+    public ProcessingException(String message, Throwable rootCause) {
+        super(message, rootCause);
+    }
+
+    public ProcessingException(String message) {
+        super(message);
+    }
+
+    public ProcessingException(Throwable rootCause) {
+        super(rootCause);
+    }
+
+}

Added: cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSClientFilter.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSClientFilter.java?rev=1425349&view=auto
==============================================================================
--- cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSClientFilter.java (added)
+++ cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSClientFilter.java Sat Dec 22 21:37:14 2012
@@ -0,0 +1,347 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp;
+
+import java.io.IOException;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.namespace.QName;
+
+import org.w3c.dom.Element;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.staxutils.W3CDOMStreamWriter;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.trust.STSUtils;
+import org.apache.ws.security.WSConstants;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.context.ApplicationContext;
+
+
+public class STSClientFilter extends AbstractAuthFilter {
+
+    private static final String PARAM_TOKENTYPE = "tokentype";
+
+    private static final String PARAM_STS_WSDL_ENDPOINT = "sts.wsdl.endpoint";
+
+    private static final String PARAM_STS_WSDL_SERVICE = "sts.wsdl.service";
+
+    private static final String PARAM_STS_WSDL_URL = "sts.wsdl.url";
+
+    private static final String PARAM_STS_APPLIES_TO = "sts.applies-to";
+
+    private static final String PARAM_STS_CLAIMS_REQUIRED = "sts.claims.required";
+
+    private static final String PARAM_STS_AUTH_TYPE = "sts.auth-type";
+
+    private static final String PARAM_TOKEN_STORE_NAME = "token.store.name";
+
+    //private static final String PARAM_TOKEN_STORE_SESSION = "token.store.session";
+    
+    private static final String PARAM_RSTR_CONTENT_TYPE = "sts.rstr.content-type";
+
+    private static final String PARAM_STS_ONBEHALFOF_TOKEN_NAME = "sts.onbehalfof.token.name";
+
+    private static final Logger LOG = LoggerFactory.getLogger(STSClientFilter.class);
+    
+//    static {
+//        LOG = LoggerFactory.getLogger(STSClientFilter.class);
+//    }
+    
+    enum AuthenticationType {
+        USERNAME_PASSWORD,
+        NONE
+    }
+
+    protected String tokenType;
+    protected String stsWsdlEndpoint;
+    protected String stsWsdlService;
+    protected String stsWsdlUrl;
+
+    protected String authenticationType;   //Send UsernameToken
+    protected boolean claimsRequired; // = false;  //
+    protected String onBehalfOfTokenName;  //idp-token
+    //protected boolean storeTokenInSession; // = false;
+    protected String tokenStoreName;
+    protected String appliesTo; // $wtrealm
+    protected String contentType;  //token, rstr
+
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+        super.init(filterConfig);
+        tokenType = filterConfig.getInitParameter(PARAM_TOKENTYPE);
+        if (tokenType != null && tokenType.length() > 0) {
+            LOG.info("Configured Tokentype: " + tokenType);
+        }
+
+        stsWsdlUrl = filterConfig.getInitParameter(PARAM_STS_WSDL_URL);
+        if (stsWsdlUrl == null) {
+            throw new ServletException(
+                                       "Parameter '" + PARAM_STS_WSDL_URL + "' not configured");
+        }
+
+        stsWsdlService = filterConfig.getInitParameter(PARAM_STS_WSDL_SERVICE);
+        if (stsWsdlService == null) {
+            throw new ServletException(
+                                       "Parameter '" + PARAM_STS_WSDL_SERVICE + "' not configured");
+        }
+
+        stsWsdlEndpoint = filterConfig.getInitParameter(PARAM_STS_WSDL_ENDPOINT);
+        if (stsWsdlEndpoint == null) {
+            throw new ServletException(
+                                       "Parameter '" + PARAM_STS_WSDL_ENDPOINT + "' not configured");
+        }
+
+        appliesTo = filterConfig.getInitParameter(PARAM_STS_APPLIES_TO);
+        if (appliesTo == null) {
+            throw new ServletException(
+                                       "Parameter '" + PARAM_STS_APPLIES_TO + "' not configured");
+        }
+
+        tokenStoreName = filterConfig.getInitParameter(PARAM_TOKEN_STORE_NAME);
+        if (tokenStoreName == null) {
+            throw new ServletException(
+                                       "Parameter '" + PARAM_TOKEN_STORE_NAME + "' not configured");
+        }
+
+        onBehalfOfTokenName = filterConfig.getInitParameter(PARAM_STS_ONBEHALFOF_TOKEN_NAME);
+
+        try {
+            String claimsParam = filterConfig.getInitParameter(PARAM_STS_CLAIMS_REQUIRED);
+            if (claimsParam != null) {
+                claimsRequired = Boolean.valueOf(claimsParam).booleanValue();
+            } else {
+                claimsRequired = false;
+            }
+        } catch (Exception ex) {
+            LOG.error("Failed to parse parameter '" + PARAM_STS_CLAIMS_REQUIRED + "': " + ex.toString());
+            throw new ServletException(
+                                       "Failed to parse parameter '" + PARAM_STS_CLAIMS_REQUIRED + "'");
+        }
+
+        /*
+        try {
+            String storeSession = filterConfig.getInitParameter(PARAM_TOKEN_STORE_SESSION);
+            if (storeSession != null) {
+                storeTokenInSession = Boolean.valueOf(storeSession).booleanValue();
+            } else {
+                storeTokenInSession = false;
+            }
+        } catch (Exception ex) {
+            LOG.error("Failed to parse parameter '" + PARAM_TOKEN_STORE_SESSION + "': " + ex.toString());
+            throw new ServletException(
+                                       "Failed to parse parameter '" + PARAM_TOKEN_STORE_SESSION + "'");
+        }
+        */
+
+        authenticationType = filterConfig.getInitParameter(PARAM_STS_AUTH_TYPE);
+        if (authenticationType == null) {
+            throw new ServletException(
+                                       "Parameter '" + PARAM_STS_AUTH_TYPE + "' not configured");
+        }
+        
+        contentType = filterConfig.getInitParameter(PARAM_RSTR_CONTENT_TYPE);
+        if (PARAM_RSTR_CONTENT_TYPE == null) {
+            throw new ServletException(
+                                       "Parameter '" + PARAM_RSTR_CONTENT_TYPE + "' not configured");
+        }
+        
+        
+
+    }
+
+    @Override
+    public void process(HttpServletRequest request,
+                        HttpServletResponse response, AuthContext context)
+        throws IOException, ServletException, ProcessingException {
+
+
+        String resolvedAppliesTo = null;
+        try {
+            
+            if (context.get(tokenStoreName) != null) {
+                LOG.info("Security token '" + tokenStoreName + "' already created.");
+                return;
+            }
+
+            Bus bus = BusFactory.getDefaultBus();
+
+            IdpSTSClient sts = new IdpSTSClient(bus);
+            sts.setAddressingNamespace("http://www.w3.org/2005/08/addressing");
+            if (tokenType != null && tokenType.length() > 0) {
+                sts.setTokenType(tokenType);
+            } else {
+                sts.setTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
+            }
+            sts.setKeyType("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer");
+
+            sts.setWsdlLocation(stsWsdlUrl);
+            sts.setServiceQName(new QName(
+                                          "http://docs.oasis-open.org/ws-sx/ws-trust/200512/",
+                                          stsWsdlService));
+            sts.setEndpointQName(new QName(
+                                           "http://docs.oasis-open.org/ws-sx/ws-trust/200512/",
+                                           stsWsdlEndpoint));
+            String username = null;
+            if (authenticationType.equals(AuthenticationType.USERNAME_PASSWORD.toString())) {
+                username = (String)context.get(AuthContext.AUTH_USERNAME);
+                String password = (String)context.get(AuthContext.AUTH_PASSWORD);
+                context.remove(AuthContext.AUTH_USERNAME);
+                context.remove(AuthContext.AUTH_PASSWORD);
+                sts.getProperties().put(SecurityConstants.USERNAME, username);
+                sts.getProperties().put(SecurityConstants.PASSWORD, password);
+            }
+
+
+            /*
+            if (getInitParameter(S_PARAM_TOKEN_INTERNAL_LIFETIME) != null) {
+                sts.setEnableLifetime(true);
+                int ttl = Integer.parseInt(getInitParameter(S_PARAM_TOKEN_INTERNAL_LIFETIME));
+                sts.setTtl(ttl);
+            }
+             */
+
+
+            if (appliesTo.startsWith("$")) {
+                resolvedAppliesTo = (String)context.get(appliesTo.substring(1));
+                if (resolvedAppliesTo == null) {
+                    LOG.error("Parameter '" + appliesTo.substring(1) + "' not found in context");
+                    response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
+                                       "Parameter '" + appliesTo.substring(1) + "' not found in context");
+                    throw new ProcessingException("Parameter '" + appliesTo.substring(1) + "' not found in context");
+                }
+            } else {
+                resolvedAppliesTo = appliesTo;
+            }
+
+            if (this.claimsRequired) {
+                List<String> realmClaims = null;
+                ApplicationContext ctx = (ApplicationContext) bus
+                .getExtension(ApplicationContext.class);
+                try {
+                    @SuppressWarnings("unchecked")
+                    Map<String, List<String>> realmClaimsMap = (Map<String, List<String>>) ctx
+                    .getBean("realm2ClaimsMap");
+                    realmClaims = realmClaimsMap.get(resolvedAppliesTo);
+                    if (realmClaims != null && realmClaims.size() > 0 && LOG.isDebugEnabled()) {
+                        LOG.debug("claims for realm " + resolvedAppliesTo);
+                        for (String item : realmClaims) {
+                            LOG.debug("  " + item);
+                        }
+                    }
+                    Element claims = createClaimsElement(realmClaims);
+                    if (claims != null) {
+                        sts.setClaims(claims);
+                    }
+
+                } catch (Exception ex) {
+                    LOG.error("Failed to read bean 'realm2ClaimsMap'", ex);
+                    response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
+                                       "Failed to read bean 'realm2ClaimsMap'");
+                    throw new ProcessingException("Failed to read bean 'realm2ClaimsMap'");
+                }
+            }
+
+            if (this.onBehalfOfTokenName != null) {
+                SecurityToken token = (SecurityToken)context.get(onBehalfOfTokenName);
+                if (token == null) {
+                    LOG.error("Token '" + onBehalfOfTokenName + "' not found");
+                    response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
+                                       "Token '" + onBehalfOfTokenName + "' not found");
+                    throw new ProcessingException("Token '" + onBehalfOfTokenName + "' not found");
+                }
+                sts.setOnBehalfOf(token.getToken());
+            }
+
+            Object token = null;
+            if (contentType != null && contentType.equalsIgnoreCase("TOKEN")) {
+                token = sts.requestSecurityToken(resolvedAppliesTo);
+            } else if (contentType != null && contentType.equalsIgnoreCase("RSTR")) {
+                token = sts.requestSecurityTokenResponse(resolvedAppliesTo);
+            } else {
+                LOG.error("Unknown content type '" + contentType + "'");
+                response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
+                                   "Unknown content type '" + contentType + "'");
+                throw new ProcessingException("Unknown content type '" + contentType + "'");
+            }
+
+            //[TODO] SessionCacheFilter, use this filter instead of code here
+            /* not needed anymore due to SessionCacheFilter
+            if (this.storeTokenInSession) {
+                request.getSession().setAttribute(tokenStoreName, token);
+                LOG.info("Token '" + tokenStoreName + "' stored in session.");
+            } else {
+                context.put(tokenStoreName, token);
+                LOG.info("Token '" + tokenStoreName + "' stored in request.");
+            }*/
+            context.put(tokenStoreName, token);
+            LOG.info("Token '" + tokenStoreName + "' stored in request.");
+            
+            if (username != null) {
+                context.put(AuthContext.IDP_PRINCIPAL, username);
+            }
+            
+
+        } catch (Exception ex) {
+            LOG.info("Requesting security token for '" + resolvedAppliesTo + "' failed", ex);
+            response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
+                               "Requesting security token for '" + resolvedAppliesTo + "'failed");
+            throw new ProcessingException("Requesting security token for '" + resolvedAppliesTo + "' failed");
+        }
+
+    }
+
+    private Element createClaimsElement(List<String> realmClaims)
+        throws Exception {
+        if (realmClaims == null || realmClaims.size() == 0) {
+            return null;
+        }
+
+        W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
+        writer.writeStartElement("wst", "Claims", STSUtils.WST_NS_05_12);
+        writer.writeNamespace("wst", STSUtils.WST_NS_05_12);
+        writer.writeNamespace("ic",
+            "http://schemas.xmlsoap.org/ws/2005/05/identity");
+        writer.writeAttribute("Dialect",
+            "http://schemas.xmlsoap.org/ws/2005/05/identity");
+
+        if (realmClaims != null && realmClaims.size() > 0) {
+            for (String item : realmClaims) {
+                LOG.debug("claim: " + item);
+                writer.writeStartElement("ic", "ClaimType",
+                    "http://schemas.xmlsoap.org/ws/2005/05/identity");
+                writer.writeAttribute("Uri", item);
+                writer.writeEndElement();
+            }
+        }
+
+        writer.writeEndElement();
+
+        return writer.getDocument().getDocumentElement();
+    }
+
+}

Added: cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/SessionCacheFilter.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/SessionCacheFilter.java?rev=1425349&view=auto
==============================================================================
--- cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/SessionCacheFilter.java (added)
+++ cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/SessionCacheFilter.java Sat Dec 22 21:37:14 2012
@@ -0,0 +1,89 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.List;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class SessionCacheFilter extends AbstractAuthFilter {
+
+    private static final Logger LOG = LoggerFactory.getLogger(SessionCacheFilter.class);
+
+    protected List<String> cacheAttributes = new ArrayList<String>();
+    
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+        super.init(filterConfig);
+        
+        Enumeration enumParams = filterConfig.getInitParameterNames();   
+        while (enumParams.hasMoreElements()) {
+            String paramName = (String)enumParams.nextElement();
+            String paramValue = filterConfig.getInitParameter(paramName);
+            if (paramValue != null && paramValue.length() > 0
+                && paramName.startsWith("item")) {
+                cacheAttributes.add(filterConfig.getInitParameter(paramName));
+                if (LOG.isDebugEnabled()) {
+                    LOG.debug("Attribute '" + paramValue + "' configured to be stored in session.");
+                } 
+            } else  {
+                if (LOG.isDebugEnabled()) {
+                    LOG.debug("Attribute '" + paramName + "' is ignored, null or empty.");
+                }
+            }
+            
+        }
+        
+    }
+    
+    @Override
+    public void process(HttpServletRequest request,
+                        HttpServletResponse response, AuthContext context)
+        throws IOException, ServletException, ProcessingException {
+        
+        if (LOG.isDebugEnabled()) {
+            Enumeration e = request.getAttributeNames();
+            StringBuffer sb = new StringBuffer();
+            sb.append("Cachable attributes:").append(System.getProperty("line.separator"));
+            while (e.hasMoreElements()) {
+                sb.append((String)e.nextElement()).append(System.getProperty("line.separator"));
+            }
+            LOG.debug(sb.toString());
+        }
+        
+        for (String item : cacheAttributes) {
+            Object value = request.getAttribute(item);
+            request.getSession().setAttribute(item, value);
+            if (LOG.isInfoEnabled()) {
+                LOG.info("Attribute '" + item + "' [" + value + "] stored in session");
+            }
+        }
+        
+    }
+
+}

Added: cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/States.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/States.java?rev=1425349&view=auto
==============================================================================
--- cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/States.java (added)
+++ cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/States.java Sat Dec 22 21:37:14 2012
@@ -0,0 +1,29 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp;
+
+public enum States {
+    NOT_AUTHENTICATED,
+    AUTHENTICATION_REQUIRED,
+    LOGOUT_REQUIRED,
+    USERNAME_PASSWORD_REQUIRED,
+    SECURITY_TOKEN_REQUIRED,
+    SECURITY_TOKEN_CACHED,  //maybe replace by AUTHENTICATED
+    AUTHENTICATED,
+}

Added: cxf/fediz/trunk/systests/idp/src/main/resources/idpstore.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/idp/src/main/resources/idpstore.jks?rev=1425349&view=auto
==============================================================================
Files cxf/fediz/trunk/systests/idp/src/main/resources/idpstore.jks (added) and cxf/fediz/trunk/systests/idp/src/main/resources/idpstore.jks Sat Dec 22 21:37:14 2012 differ

Added: cxf/fediz/trunk/systests/idp/src/main/resources/log4j.properties
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/idp/src/main/resources/log4j.properties?rev=1425349&view=auto
==============================================================================
--- cxf/fediz/trunk/systests/idp/src/main/resources/log4j.properties (added)
+++ cxf/fediz/trunk/systests/idp/src/main/resources/log4j.properties Sat Dec 22 21:37:14 2012
@@ -0,0 +1,17 @@
+# Set root category priority to INFO and its only appender to CONSOLE.
+log4j.rootCategory=FATAL, CONSOLE
+#log4j.rootCategory=DEBUG, CONSOLE
+
+# CONSOLE is set to be a ConsoleAppender using a PatternLayout.
+log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
+log4j.appender.CONSOLE.Threshold=DEBUG
+log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
+log4j.appender.CONSOLE.layout.ConversionPattern=- %m%n
+
+# LOGFILE is set to be a File appender using a PatternLayout.
+log4j.appender.LOGFILE=org.apache.log4j.FileAppender
+log4j.appender.LOGFILE.File=target/wss4j.log
+log4j.appender.LOGFILE.Append=false
+log4j.appender.LOGFILE.Threshold=DEBUG
+log4j.appender.LOGFILE.layout=org.apache.log4j.PatternLayout
+log4j.appender.LOGFILE.layout.ConversionPattern=%-4r [%t] %-5p %c %x - %m%n



Mime
View raw message