cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From owu...@apache.org
Subject svn commit: r1426985 - in /cxf/fediz/trunk: examples/ examples/springWebapp/ examples/springWebapp/src/ examples/springWebapp/src/main/ examples/springWebapp/src/main/config/ examples/springWebapp/src/main/java/ examples/springWebapp/src/main/java/org/...
Date Sun, 30 Dec 2012 20:13:24 GMT
Author: owulff
Date: Sun Dec 30 20:13:23 2012
New Revision: 1426985

URL: http://svn.apache.org/viewvc?rev=1426985&view=rev
Log:
[FEDIZ-38] Initial commit

Added:
    cxf/fediz/trunk/examples/springWebapp/
    cxf/fediz/trunk/examples/springWebapp/README.txt
    cxf/fediz/trunk/examples/springWebapp/pom.xml
    cxf/fediz/trunk/examples/springWebapp/src/
    cxf/fediz/trunk/examples/springWebapp/src/main/
    cxf/fediz/trunk/examples/springWebapp/src/main/config/
    cxf/fediz/trunk/examples/springWebapp/src/main/config/fediz_config.xml
    cxf/fediz/trunk/examples/springWebapp/src/main/java/
    cxf/fediz/trunk/examples/springWebapp/src/main/java/org/
    cxf/fediz/trunk/examples/springWebapp/src/main/java/org/apache/
    cxf/fediz/trunk/examples/springWebapp/src/main/java/org/apache/cxf/
    cxf/fediz/trunk/examples/springWebapp/src/main/java/org/apache/cxf/fediz/
    cxf/fediz/trunk/examples/springWebapp/src/main/java/org/apache/cxf/fediz/example/
    cxf/fediz/trunk/examples/springWebapp/src/main/java/org/apache/cxf/fediz/example/FederationFilter.java
    cxf/fediz/trunk/examples/springWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
    cxf/fediz/trunk/examples/springWebapp/src/main/java/org/apache/cxf/fediz/example/SecurityTokenThreadLocal.java
    cxf/fediz/trunk/examples/springWebapp/src/main/resources/
    cxf/fediz/trunk/examples/springWebapp/src/main/resources/log4j.properties
    cxf/fediz/trunk/examples/springWebapp/src/main/webapp/
    cxf/fediz/trunk/examples/springWebapp/src/main/webapp/META-INF/
    cxf/fediz/trunk/examples/springWebapp/src/main/webapp/META-INF/context.xml
    cxf/fediz/trunk/examples/springWebapp/src/main/webapp/WEB-INF/
    cxf/fediz/trunk/examples/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml
    cxf/fediz/trunk/examples/springWebapp/src/main/webapp/WEB-INF/web.xml
    cxf/fediz/trunk/examples/springWebapp/src/main/webapp/index.html
    cxf/fediz/trunk/examples/springWebapp/src/main/webapp/secure/
    cxf/fediz/trunk/examples/springWebapp/src/main/webapp/secure/test.html
    cxf/fediz/trunk/plugins/spring/
    cxf/fediz/trunk/plugins/spring/pom.xml
    cxf/fediz/trunk/plugins/spring/src/
    cxf/fediz/trunk/plugins/spring/src/main/
    cxf/fediz/trunk/plugins/spring/src/main/assembly/
    cxf/fediz/trunk/plugins/spring/src/main/assembly/assembly.xml
    cxf/fediz/trunk/plugins/spring/src/main/java/
    cxf/fediz/trunk/plugins/spring/src/main/java/org/
    cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/
    cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/
    cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/
    cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/
    cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/FederationPreAuthenticatedProcessingFilter.java
    cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/FederationUser.java
    cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/PreAuthenticatedGrantedAuthoritiesUserDetailsFederationService.java
Modified:
    cxf/fediz/trunk/examples/pom.xml
    cxf/fediz/trunk/plugins/pom.xml

Modified: cxf/fediz/trunk/examples/pom.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/pom.xml?rev=1426985&r1=1426984&r2=1426985&view=diff
==============================================================================
--- cxf/fediz/trunk/examples/pom.xml (original)
+++ cxf/fediz/trunk/examples/pom.xml Sun Dec 30 20:13:23 2012
@@ -27,11 +27,12 @@
     </parent>
     <groupId>org.apache.cxf.fediz</groupId>
     <artifactId>examples</artifactId>
-    <name>Apache CXF Fediz Examples</name>
+    <name>Apache Fediz Examples</name>
     <packaging>pom</packaging>
 
     <modules>
         <module>simpleWebapp</module>
         <module>wsclientWebapp</module>
+        <module>springWebapp</module>
     </modules>
 </project>

Added: cxf/fediz/trunk/examples/springWebapp/README.txt
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/springWebapp/README.txt?rev=1426985&view=auto
==============================================================================
--- cxf/fediz/trunk/examples/springWebapp/README.txt (added)
+++ cxf/fediz/trunk/examples/springWebapp/README.txt Sun Dec 30 20:13:23 2012
@@ -0,0 +1,81 @@
+Simple Web Application Demo
+===========================
+
+This demo shows how to build and deploy an SSO protected using Apache CXF Fediz
+web application.
+
+Running this sample consists of four steps:
+
+- Configure the Tomcat-IDP and Tomcat-RP instances
+- Building the demo using Maven
+- Deploying the demo to the Tomcat-RP instance
+- Testing the demo
+
+Please review the README in the samples main directory before continuing.
+
+Configure the Tomcat-IDP and Tomcat-RP instances
+------------------------------------------------
+First, make sure the separate Tomcat instance hosting the Fediz IDP and IDP
+STS has been configured and is running as described here:  
+http://cxf.apache.org/fediz-idp.html.  Confirm the STS is active by
+checking that the WSDL is viewable from the browser using the URL given
+on that page--don't proceed further unless it is.
+
+Next, the Tomcat installation holding the relying parties (the demo Web application
+for this sample) must be configured properly before applications can be
+deployed to it.  See this wiki page for instructions:
+http://cxf.apache.org/fediz-tomcat.html -- the "Installation" and "HTTPS
+Configuration" sections are the only parts that need configuration for this
+sample. 
+
+
+Demo Web Application
+---------------------
+The main code lives in the class FederationServlet. This Servlet is protected
+and can be accessed only if the browser user is authenticated. The purpose of
+the FederationServlet is to illustrate the usage of the Java Servlet Security
+API to get the authenticated user and to check the roles he has. Further, 
+the FederationServlet shows how to access claims data (user data) which were 
+stored in the SAML token by using the Fediz interface FederationPrincipal.
+Beyond that, the FederationServlet illustrates how to access the SAML token
+if required. The classes SecurityTokenThreadLocal.java and FederationFilter.java
+can be used to achieve that. You could get this information directly from the
+HTTP session.
+
+
+Building the demo using Maven
+-----------------------------
+From the base directory of this sample (i.e., where this README file is
+located), the pom.xml file is used to build and run the demo. From a 
+command prompt, enter:
+
+  mvn clean install   (builds the demo and creates a WAR file for Servlet deployment)
+
+
+Deploying the demo to Tomcat
+----------------------------
+First copy this sample's Fediz Configuration file (src/main/config/fediz_config.xml)
+into the Tomcat-RP's conf folder.  This configuration references the 
+Java keystore 'tomcat-rp.jks' available in Fediz' examples/samplekeys folder 
+but should already be in the Tomcat RP's root folder when you configured this
+instance as stated in the prerequisites.
+
+Then, either manually copy this sample's generated WAR file to the Tomcat-RP's 
+webapps folder, or use the Tomcat Maven Plugin as described in the README file 
+in the example folder root.
+
+
+Test the demo
+-------------
+Enter the following URL into the browser (TCP port depends on your HTTP settings):
+
+https://localhost:8443/fedizhelloworld/secure/fedservlet
+
+The browser is redirected to the IDP and prompts for username and password. As described
+in the IDP installation, the following users are already set up:
+
+User: alice   Password: ecila
+User: bob     Password: bob
+User: ted     Password: det
+
+

Added: cxf/fediz/trunk/examples/springWebapp/pom.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/springWebapp/pom.xml?rev=1426985&view=auto
==============================================================================
--- cxf/fediz/trunk/examples/springWebapp/pom.xml (added)
+++ cxf/fediz/trunk/examples/springWebapp/pom.xml Sun Dec 30 20:13:23 2012
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.apache.cxf.fediz</groupId>
+        <artifactId>examples</artifactId>
+        <version>1.1.0-SNAPSHOT</version>
+    </parent>
+
+    <groupId>org.apache.cxf.fediz.examples</groupId>
+    <artifactId>springWebapp</artifactId>
+    <name>Fediz Example: SpringWebapp</name>
+    <packaging>war</packaging>
+
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    </properties>
+
+    <dependencies>
+       <dependency>
+            <groupId>commons-logging</groupId>
+            <artifactId>commons-logging</artifactId>
+            <version>1.1.1</version>
+            <scope>provided</scope>
+        </dependency>    
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>servlet-api</artifactId>
+            <version>2.5</version>
+            <scope>provided</scope>
+        </dependency>
+        <!-- Required to cast Principal to FederationPrincipal -->
+        <dependency>
+            <groupId>org.apache.cxf.fediz</groupId>
+            <artifactId>fediz-core</artifactId>
+            <version>${project.version}</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.cxf.fediz</groupId>
+            <artifactId>fediz-spring</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+            <version>3.0.1</version>
+        </dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-web</artifactId>
+			<version>3.1.3.RELEASE</version>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-config</artifactId>
+			<version>3.1.3.RELEASE</version>
+		</dependency>
+		<dependency>
+			<groupId>log4j</groupId>
+			<artifactId>log4j</artifactId>
+			<version>1.2.15</version>
+			  <exclusions>
+    <exclusion>
+      <groupId>javax.mail</groupId>
+      <artifactId>mail</artifactId>
+    </exclusion>
+    <exclusion>
+      <groupId>javax.jms</groupId>
+      <artifactId>jms</artifactId>
+    </exclusion>
+    <exclusion>
+      <groupId>com.sun.jdmk</groupId>
+      <artifactId>jmxtools</artifactId>
+    </exclusion>
+    <exclusion>
+      <groupId>com.sun.jmx</groupId>
+      <artifactId>jmxri</artifactId>
+    </exclusion>
+  </exclusions>
+		</dependency>					
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin><!--for mvn tomcat:deploy/:undeploy/:redeploy -->
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>tomcat-maven-plugin</artifactId>
+                <version>1.1</version>
+                <configuration>
+                    <server>myTomcat</server>
+                    <url>http://localhost:8080/manager/text</url>
+                    <path>/${project.build.finalName}</path>
+                </configuration>
+            </plugin>
+        </plugins>
+        <!-- Name of the generated WAR file -->
+        <finalName>fedizhelloworld</finalName>
+    </build>
+
+</project>

Added: cxf/fediz/trunk/examples/springWebapp/src/main/config/fediz_config.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/springWebapp/src/main/config/fediz_config.xml?rev=1426985&view=auto
==============================================================================
--- cxf/fediz/trunk/examples/springWebapp/src/main/config/fediz_config.xml (added)
+++ cxf/fediz/trunk/examples/springWebapp/src/main/config/fediz_config.xml Sun Dec 30 20:13:23 2012
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<!-- Place in Tomcat conf folder or other location as designated in this sample's webapp/META-INF/context.xml file. 
+     Keystore referenced below must have IDP STS' public cert included in it.  This example re-uses the Tomcat SSL 
+     keystore (tomcat-rp.jks) for this task; alternatively you may wish to use a Fediz-specific keystore instead. 
+-->
+<FedizConfig>
+	<contextConfig name="/fedizhelloworld">
+		<audienceUris>
+			<audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
+		</audienceUris>
+		<certificateStores>
+			<trustManager>
+				<keyStore file="tomcat-rp.jks" password="tompass" type="JKS" />
+			</trustManager>
+		</certificateStores>
+		<trustedIssuers>
+			<issuer subject=".*CN=www.sts.com.*" certificateValidation="ChainTrust"
+				name="DoubleItSTSIssuer" />
+		</trustedIssuers>
+		<maximumClockSkew>1000</maximumClockSkew>
+		<protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+			xsi:type="federationProtocolType" version="1.0.0">
+			<realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
+			<issuer>https://localhost:9443/fedizidp/</issuer>
+			<roleDelimiter>,</roleDelimiter>
+			<roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+			<!--<authenticationType type="String">some auth type</authenticationType>-->
+			<!--<homeRealm type="Class">org.apache.fediz.realm.MyHomeRealm</homeRealm>-->
+			<!--<freshness>0</freshness>-->
+			<!--<reply>reply value</reply>-->
+			<!--<request>REQUEST</request>-->
+			<claimTypesRequested>
+				<claimType type="a particular claim type" optional="true" />
+			</claimTypesRequested>
+		</protocol>
+	</contextConfig>
+</FedizConfig>
+

Added: cxf/fediz/trunk/examples/springWebapp/src/main/java/org/apache/cxf/fediz/example/FederationFilter.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/springWebapp/src/main/java/org/apache/cxf/fediz/example/FederationFilter.java?rev=1426985&view=auto
==============================================================================
--- cxf/fediz/trunk/examples/springWebapp/src/main/java/org/apache/cxf/fediz/example/FederationFilter.java (added)
+++ cxf/fediz/trunk/examples/springWebapp/src/main/java/org/apache/cxf/fediz/example/FederationFilter.java Sun Dec 30 20:13:23 2012
@@ -0,0 +1,81 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.example;
+
+import java.io.IOException;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+
+import org.w3c.dom.Element;
+
+/**
+ * Add security token to thread local
+ */
+public class FederationFilter implements Filter {
+
+    private static final String DEFAULT_SECURITY_TOKEN_ATTR = "org.apache.fediz.SECURITY_TOKEN";
+    private static final String SECURITY_TOKEN_ATTR_CONFIG = "security.token.attribute";
+
+    private String securityTokenAttr = DEFAULT_SECURITY_TOKEN_ATTR;
+
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+        String attrName = filterConfig.getInitParameter(SECURITY_TOKEN_ATTR_CONFIG);
+        if (attrName != null) {
+            securityTokenAttr = attrName;
+        }
+    }
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response,
+                         FilterChain chain) throws IOException, ServletException {
+
+        if (request instanceof HttpServletRequest) {
+            HttpServletRequest hrequest = (HttpServletRequest)request;
+            Element el = (Element)hrequest.getSession().getAttribute(securityTokenAttr);
+            if (el != null) {
+                try {
+                    SecurityTokenThreadLocal.setToken(el);
+                    chain.doFilter(request, response);
+                } finally {
+                    SecurityTokenThreadLocal.setToken(null);
+                }
+            } else {
+                chain.doFilter(request, response);
+            }
+
+        } else {
+            chain.doFilter(request, response);
+        }
+    }
+
+    @Override
+    public void destroy() {
+        // TODO Auto-generated method stub
+
+    }
+
+}

Added: cxf/fediz/trunk/examples/springWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/springWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java?rev=1426985&view=auto
==============================================================================
--- cxf/fediz/trunk/examples/springWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java (added)
+++ cxf/fediz/trunk/examples/springWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java Sun Dec 30 20:13:23 2012
@@ -0,0 +1,120 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.example;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.io.StringWriter;
+import java.security.Principal;
+import java.util.Arrays;
+import java.util.List;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.transform.OutputKeys;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.w3c.dom.Element;
+
+import org.apache.commons.lang3.StringEscapeUtils;
+import org.apache.cxf.fediz.core.Claim;
+import org.apache.cxf.fediz.core.ClaimCollection;
+import org.apache.cxf.fediz.core.FederationPrincipal;
+
+import org.springframework.security.core.context.SecurityContextHolder;
+
+
+public class FederationServlet extends HttpServlet {
+
+    /**
+     * 
+     */
+    private static final long serialVersionUID = -9019993850246851112L;
+
+    public void doGet(HttpServletRequest request, HttpServletResponse response)
+        throws ServletException, IOException {
+
+        response.setContentType("text/html");
+        PrintWriter out = response.getWriter();
+
+        out.println("<html>");
+        out.println("<head><title>WS Federation Tomcat Examples</title></head>");
+        out.println("<body>");
+        out.println("<h1>Hello World</h1>");
+        out.println("Hello world<br>");
+        out.println("Request url: " + request.getRequestURL().toString() + "<p>");
+
+
+        out.println("<br><b>User</b><p>");
+        Principal p = request.getUserPrincipal();
+        if (p != null) {
+            out.println("Principal: " + p.getName() + "<p>");
+        }
+
+        out.println("<br><b>Roles</b><p>");
+        List<String> roleListToCheck = Arrays.asList("Admin", "Manager", "User", "Authenticated");
+        for (String item: roleListToCheck) {
+            out.println("Has role '" + item + "': " + ((request.isUserInRole(item)) ? "<b>yes</b>" : "no") + "<p>");
+        }
+
+        if (p instanceof FederationPrincipal) {
+            FederationPrincipal fp = (FederationPrincipal)p;
+
+            out.println("<br><b>Claims</b><p>");
+            ClaimCollection claims = fp.getClaims();
+            for (Claim c: claims) {
+                out.println(c.getClaimType().toString() + ": " + c.getValue() + "<p>");
+            }
+        } else {
+            out.println("Principal is not instance of FederationPrincipal");
+        }
+
+        // Access Spring security context
+        SecurityContextHolder.getContext().getAuthentication();
+
+        Element el = SecurityTokenThreadLocal.getToken();
+        if (el != null) {
+            out.println("<p>Bootstrap token...");
+            String token = null;
+            try {
+                TransformerFactory transFactory = TransformerFactory.newInstance();
+                Transformer transformer = transFactory.newTransformer();
+                StringWriter buffer = new StringWriter();
+                transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
+                transformer.transform(new DOMSource(el),
+                                      new StreamResult(buffer));
+                token = buffer.toString();
+                out.println("<p>" + StringEscapeUtils.escapeXml(token));
+            } catch (Exception ex) {
+                out.println("<p>Failed to transform cached element to string: " + ex.toString());
+            }
+        } else {
+            out.println("<p>Bootstrap token not cached in thread local storage");
+        }
+
+        out.println("</body>");
+    }
+
+}
\ No newline at end of file

Added: cxf/fediz/trunk/examples/springWebapp/src/main/java/org/apache/cxf/fediz/example/SecurityTokenThreadLocal.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/springWebapp/src/main/java/org/apache/cxf/fediz/example/SecurityTokenThreadLocal.java?rev=1426985&view=auto
==============================================================================
--- cxf/fediz/trunk/examples/springWebapp/src/main/java/org/apache/cxf/fediz/example/SecurityTokenThreadLocal.java (added)
+++ cxf/fediz/trunk/examples/springWebapp/src/main/java/org/apache/cxf/fediz/example/SecurityTokenThreadLocal.java Sun Dec 30 20:13:23 2012
@@ -0,0 +1,49 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.example;
+
+import org.w3c.dom.Element;
+
+
+/**
+ * Thread local storage for security token
+ */
+public final class SecurityTokenThreadLocal {
+
+    private static final ThreadLocal<Element> TLS = 
+        new ThreadLocal<Element>();
+
+    private SecurityTokenThreadLocal() {
+    }    
+        
+    public static void setToken(Element token) {
+        if (token == null) { 
+            TLS.remove();
+        } else {
+            TLS.set(token);
+        }
+    }
+
+    public static Element getToken() {
+        return TLS.get();
+    }
+    
+
+}

Added: cxf/fediz/trunk/examples/springWebapp/src/main/resources/log4j.properties
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/springWebapp/src/main/resources/log4j.properties?rev=1426985&view=auto
==============================================================================
--- cxf/fediz/trunk/examples/springWebapp/src/main/resources/log4j.properties (added)
+++ cxf/fediz/trunk/examples/springWebapp/src/main/resources/log4j.properties Sun Dec 30 20:13:23 2012
@@ -0,0 +1,17 @@
+# Set root category priority to INFO and its only appender to CONSOLE.
+log4j.rootLogger=INFO, CONSOLE
+log4j.logger.org.springframework=INFO, CONSOLE
+
+# CONSOLE is set to be a ConsoleAppender using a PatternLayout.
+log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
+log4j.appender.CONSOLE.Threshold=DEBUG
+log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
+log4j.appender.CONSOLE.layout.ConversionPattern=%d [%t] %-5p %c %x - %m%n
+
+# LOGFILE is set to be a File appender using a PatternLayout.
+log4j.appender.LOGFILE=org.apache.log4j.FileAppender
+log4j.appender.LOGFILE.File=fedizhelloworld.log
+log4j.appender.LOGFILE.Append=false
+log4j.appender.LOGFILE.Threshold=DEBUG
+log4j.appender.LOGFILE.layout=org.apache.log4j.PatternLayout
+log4j.appender.LOGFILE.layout.ConversionPattern=%d [%t] %-5p %c %x - %m%n

Added: cxf/fediz/trunk/examples/springWebapp/src/main/webapp/META-INF/context.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/springWebapp/src/main/webapp/META-INF/context.xml?rev=1426985&view=auto
==============================================================================
--- cxf/fediz/trunk/examples/springWebapp/src/main/webapp/META-INF/context.xml (added)
+++ cxf/fediz/trunk/examples/springWebapp/src/main/webapp/META-INF/context.xml Sun Dec 30 20:13:23 2012
@@ -0,0 +1,3 @@
+<Context>
+        <Valve className="org.apache.cxf.fediz.tomcat.FederationAuthenticator" configFile="conf/fediz_config.xml" />        
+</Context>

Added: cxf/fediz/trunk/examples/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml?rev=1426985&view=auto
==============================================================================
--- cxf/fediz/trunk/examples/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml (added)
+++ cxf/fediz/trunk/examples/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml Sun Dec 30 20:13:23 2012
@@ -0,0 +1,96 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  - Sample namespace-based configuration
+  -
+  -->
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:sec="http://www.springframework.org/schema/security"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
+
+    <bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy">
+        <sec:filter-chain-map path-type="ant">
+            <sec:filter-chain pattern="/**" filters="sif,j2eePreAuthFilter,logoutFilter,etf,fsi"/>
+        </sec:filter-chain-map>
+    </bean>
+
+    <bean id="sif" class="org.springframework.security.web.context.SecurityContextPersistenceFilter"/>
+
+    <sec:authentication-manager alias="authenticationManager">
+        <sec:authentication-provider ref='preAuthenticatedAuthenticationProvider'/>
+    </sec:authentication-manager>
+
+    <bean id="preAuthenticatedAuthenticationProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
+        <property name="preAuthenticatedUserDetailsService" ref="preAuthenticatedUserDetailsService"/>
+    </bean>
+
+	<!-- 
+    <bean id="preAuthenticatedUserDetailsService"
+            class="org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService"/>
+    -->
+    <bean id="preAuthenticatedUserDetailsService"
+            class="org.apache.cxf.fediz.spring.PreAuthenticatedGrantedAuthoritiesUserDetailsFederationService"/>    
+    
+    <!--<bean id="j2eePreAuthFilter" class="org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter">-->
+    <bean id="j2eePreAuthFilter" class="org.apache.cxf.fediz.spring.FederationPreAuthenticatedProcessingFilter">
+        <property name="authenticationManager" ref="authenticationManager"/>
+        <property name="authenticationDetailsSource">
+            <bean class="org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource">
+                <property name="mappableRolesRetriever">
+                    <bean class="org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever" />
+                </property>
+                <property name="userRoles2GrantedAuthoritiesMapper">
+                    <bean class="org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper">
+                        <property name="convertAttributeToUpperCase" value="true"/>
+                    </bean>
+                </property>
+            </bean>
+        </property>
+    </bean>
+
+    <bean id="preAuthenticatedProcessingFilterEntryPoint"
+            class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint"/>
+
+    <bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
+        <constructor-arg value="/"/>
+        <constructor-arg>
+            <list>
+                <bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
+            </list>
+        </constructor-arg>
+    </bean>
+
+    <bean id="servletContext" class="org.springframework.web.context.support.ServletContextFactoryBean"/>
+
+    <bean id="etf" class="org.springframework.security.web.access.ExceptionTranslationFilter">
+        <property name="authenticationEntryPoint" ref="preAuthenticatedProcessingFilterEntryPoint"/>
+    </bean>
+
+    <bean id="httpRequestAccessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
+        <property name="allowIfAllAbstainDecisions" value="false"/>
+        <property name="decisionVoters">
+            <list>
+                <ref bean="roleVoter"/>
+            </list>
+        </property>
+    </bean>
+
+    <bean id="fsi" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
+        <property name="authenticationManager" ref="authenticationManager"/>
+        <property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/>
+        <property name="securityMetadataSource">
+            <sec:filter-invocation-definition-source>
+                <sec:intercept-url pattern="/secure/**" access="ROLE_MANAGER"/>
+                <sec:intercept-url pattern="/**" access="ROLE_USER"/>
+            </sec:filter-invocation-definition-source>
+        </property>
+    </bean>
+
+    <bean id="roleVoter" class="org.springframework.security.access.vote.RoleVoter"/>
+
+    <bean id="securityContextHolderAwareRequestFilter" class="org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter"/>
+
+</beans>

Added: cxf/fediz/trunk/examples/springWebapp/src/main/webapp/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/springWebapp/src/main/webapp/WEB-INF/web.xml?rev=1426985&view=auto
==============================================================================
--- cxf/fediz/trunk/examples/springWebapp/src/main/webapp/WEB-INF/web.xml (added)
+++ cxf/fediz/trunk/examples/springWebapp/src/main/webapp/WEB-INF/web.xml Sun Dec 30 20:13:23 2012
@@ -0,0 +1,93 @@
+<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+                      http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+	version="3.0" metadata-complete="true">
+
+	<description>
+    WS Federation Spring Example
+    </description>
+	<display-name>WS Federation Spring Example</display-name>
+	
+
+
+    <!--
+      - Location of the XML file that defines the root application context
+      - Applied by ContextLoaderListener.
+      -->
+    <context-param>
+        <param-name>contextConfigLocation</param-name>
+        <param-value>
+            /WEB-INF/applicationContext-security.xml
+        </param-value>
+    </context-param>
+
+    <filter>
+        <filter-name>filterChainProxy</filter-name>
+        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+    </filter>
+    
+    <filter>
+		<filter-name>FederationFilter</filter-name>
+		<filter-class>org.apache.cxf.fediz.example.FederationFilter</filter-class>
+	</filter>
+
+ 
+	<filter-mapping>
+		<filter-name>FederationFilter</filter-name>
+		<url-pattern>/*</url-pattern>
+	</filter-mapping>
+
+    <filter-mapping>
+      <filter-name>filterChainProxy</filter-name>
+      <url-pattern>/*</url-pattern>
+    </filter-mapping>
+
+    <!--
+      - Loads the root application context of this web app at startup.
+      - The application context is then available via
+      - WebApplicationContextUtils.getWebApplicationContext(servletContext).
+    -->
+    <listener>
+        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+    </listener>
+     
+	<servlet>
+		<servlet-name>FederationServlet</servlet-name>
+		<servlet-class>org.apache.cxf.fediz.example.FederationServlet</servlet-class>
+	</servlet>
+
+	<servlet-mapping>
+		<servlet-name>FederationServlet</servlet-name>
+		<url-pattern>/secure/fedservlet</url-pattern>
+	</servlet-mapping>
+
+ 
+	<security-role>
+		<role-name>Manager</role-name>
+	</security-role>
+	<security-role>
+		<role-name>User</role-name>
+	</security-role>
+	<security-role>
+		<role-name>Admin</role-name>
+	</security-role>
+	<security-role>
+		<role-name>Authenticated</role-name>
+	</security-role>				
+
+	<security-constraint>
+		<web-resource-collection>
+			<web-resource-name>Protected Area</web-resource-name>
+			<url-pattern>/secure/*</url-pattern>
+		</web-resource-collection>
+		<auth-constraint>
+			<role-name>*</role-name>			
+		</auth-constraint>
+	</security-constraint>
+ 
+	<login-config>
+		<auth-method>WSFED</auth-method>
+		<realm-name>WSFED</realm-name>
+	</login-config>
+
+</web-app>

Added: cxf/fediz/trunk/examples/springWebapp/src/main/webapp/index.html
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/springWebapp/src/main/webapp/index.html?rev=1426985&view=auto
==============================================================================
--- cxf/fediz/trunk/examples/springWebapp/src/main/webapp/index.html (added)
+++ cxf/fediz/trunk/examples/springWebapp/src/main/webapp/index.html Sun Dec 30 20:13:23 2012
@@ -0,0 +1,25 @@
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<HTML><HEAD><TITLE>WS Federation Tomcat Examples</TITLE>
+<META http-equiv=Content-Type content="text/html">
+</HEAD>
+<BODY>
+<P>
+<H3>Hello World</H3>
+<P></P>
+</BODY></HTML>

Added: cxf/fediz/trunk/examples/springWebapp/src/main/webapp/secure/test.html
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/springWebapp/src/main/webapp/secure/test.html?rev=1426985&view=auto
==============================================================================
--- cxf/fediz/trunk/examples/springWebapp/src/main/webapp/secure/test.html (added)
+++ cxf/fediz/trunk/examples/springWebapp/src/main/webapp/secure/test.html Sun Dec 30 20:13:23 2012
@@ -0,0 +1,25 @@
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<HTML><HEAD><TITLE>WS Federation Tomcat Examples</TITLE>
+<META http-equiv=Content-Type content="text/html">
+</HEAD>
+<BODY>
+<P>
+<H3>Secure Test</H3>
+<P></P>
+</BODY></HTML>

Modified: cxf/fediz/trunk/plugins/pom.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/pom.xml?rev=1426985&r1=1426984&r2=1426985&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/pom.xml (original)
+++ cxf/fediz/trunk/plugins/pom.xml Sun Dec 30 20:13:23 2012
@@ -33,5 +33,6 @@
       <module>core</module>
       <module>tomcat</module>
       <module>jetty</module>
+      <module>spring</module>
    </modules>
 </project>

Added: cxf/fediz/trunk/plugins/spring/pom.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/spring/pom.xml?rev=1426985&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/spring/pom.xml (added)
+++ cxf/fediz/trunk/plugins/spring/pom.xml Sun Dec 30 20:13:23 2012
@@ -0,0 +1,103 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+	<modelVersion>4.0.0</modelVersion>
+	<parent>
+		<groupId>org.apache.cxf.fediz</groupId>
+		<artifactId>fediz</artifactId>
+		<version>1.1.0-SNAPSHOT</version>
+		<relativePath>../../pom.xml</relativePath>
+	</parent>
+	<artifactId>fediz-spring</artifactId>
+	<name>Apache Fediz Plugin Spring</name>
+	<packaging>bundle</packaging>
+
+	<properties>
+		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+                <spring.version>3.1.3.RELEASE</spring.version>
+	</properties>
+
+	<dependencies>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-web</artifactId>
+			<version>${spring.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-config</artifactId>
+			<version>${spring.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>junit</groupId>
+			<artifactId>junit</artifactId>
+			<version>${junit.version}</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.cxf.fediz</groupId>
+			<artifactId>fediz-core</artifactId>
+			<version>${project.version}</version>
+			<type>jar</type>
+			<scope>compile</scope>
+		</dependency>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>servlet-api</artifactId>
+            <version>2.5</version>
+            <scope>provided</scope>
+        </dependency>
+	</dependencies>
+
+	<build>
+		<plugins>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-assembly-plugin</artifactId>
+				<version>2.2.1</version>
+				<executions>
+					<execution>
+						<id>zip-file</id>
+						<phase>package</phase>
+						<goals>
+							<goal>attached</goal>
+						</goals>
+						<configuration>
+							<descriptors>
+								<descriptor>src/main/assembly/assembly.xml</descriptor>
+							</descriptors>
+						</configuration>
+					</execution>
+				</executions>
+			</plugin>
+			<plugin>
+				<groupId>org.apache.felix</groupId>
+				<artifactId>maven-bundle-plugin</artifactId>
+				<version>2.3.4</version>
+				<extensions>true</extensions>
+				<configuration>
+					<instructions>
+						<Implementation-Title>Apache CXF Fediz</Implementation-Title>
+						<Implementation-Vendor>The Apache Software Foundation</Implementation-Vendor>
+						<Implementation-Vendor-Id>org.apache</Implementation-Vendor-Id>
+						<Implementation-Version>${project.version}</Implementation-Version>
+						<Specification-Title>Apache CXF Fediz</Specification-Title>
+						<Specification-Vendor>The Apache Software Foundation</Specification-Vendor>
+						<Specification-Version>${project.version}</Specification-Version>
+
+						<Export-Package>
+							org.apache.cxf.fediz.spring.*;version="${project.version}"
+                        </Export-Package>
+						<Import-Package>
+							!org.apache.cxf.fediz.spring*,
+							org.apache.cxf.fediz.core.*,
+							*;resolution:=optional
+                        </Import-Package>
+					</instructions>
+				</configuration>
+			</plugin>
+		</plugins>
+	</build>
+
+</project>
+ 

Added: cxf/fediz/trunk/plugins/spring/src/main/assembly/assembly.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/spring/src/main/assembly/assembly.xml?rev=1426985&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/spring/src/main/assembly/assembly.xml (added)
+++ cxf/fediz/trunk/plugins/spring/src/main/assembly/assembly.xml Sun Dec 30 20:13:23 2012
@@ -0,0 +1,18 @@
+<assembly xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0
+http://maven.apache.org/xsd/assembly-1.1.0.xsd">
+  <id>zip-with-dependencies</id>
+  <formats>
+    <format>zip</format>
+  </formats>
+  <includeBaseDirectory>false</includeBaseDirectory>
+  <dependencySets>
+    <dependencySet>
+      <outputDirectory>/</outputDirectory>
+      <useProjectArtifact>true</useProjectArtifact>
+      <unpack>false</unpack>
+      <scope>runtime</scope>
+    </dependencySet>
+  </dependencySets>
+</assembly>

Added: cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/FederationPreAuthenticatedProcessingFilter.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/FederationPreAuthenticatedProcessingFilter.java?rev=1426985&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/FederationPreAuthenticatedProcessingFilter.java (added)
+++ cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/FederationPreAuthenticatedProcessingFilter.java Sun Dec 30 20:13:23 2012
@@ -0,0 +1,71 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.spring;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.cxf.fediz.core.FederationPrincipal;
+import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
+
+/**
+ * This AbstractPreAuthenticatedProcessingFilter implementation is based on the
+ * J2EE container-based authentication mechanism. It will use the J2EE user
+ * principal name as the pre-authenticated principal and the WS-Federation signin request
+ * as the credentials.
+ *
+ * @author Ruud Senden
+ * @since 2.0
+ */
+public class FederationPreAuthenticatedProcessingFilter extends AbstractPreAuthenticatedProcessingFilter {
+
+    private static final String SECURITY_TOKEN_ATTR = "org.apache.fediz.SECURITY_TOKEN";
+        
+    /**
+     * Return the J2EE user name.
+     */
+    protected Object getPreAuthenticatedPrincipal(HttpServletRequest httpRequest) {
+        Object principal = httpRequest.getUserPrincipal();
+        if (logger.isDebugEnabled()) {
+            logger.debug("PreAuthenticated J2EE principal: "
+                         + httpRequest.getUserPrincipal() == null ? null : httpRequest.getUserPrincipal().getName());
+        }
+        return principal;
+    }
+
+    /**
+     * For J2EE container-based authentication there is no generic way to
+     * retrieve the credentials, as such this method returns a fixed dummy
+     * value.
+     */
+    protected Object getPreAuthenticatedCredentials(HttpServletRequest httpRequest) {
+        Object principal = httpRequest.getUserPrincipal() == null ? null : httpRequest.getUserPrincipal();
+        if (principal instanceof FederationPrincipal) {
+            Object obj = httpRequest.getSession(false).getAttribute(SECURITY_TOKEN_ATTR);
+            if (obj != null)  {
+                return obj;
+            } else {
+                throw new IllegalStateException("Session must contain Federation response");
+            }
+        } else {
+            throw new IllegalStateException("Principal must be instance of FederationPrincipal");
+        }
+        //return "N/A";
+    }
+}

Added: cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/FederationUser.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/FederationUser.java?rev=1426985&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/FederationUser.java (added)
+++ cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/FederationUser.java Sun Dec 30 20:13:23 2012
@@ -0,0 +1,53 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.spring;
+
+import java.util.Collection;
+
+import org.apache.cxf.fediz.core.ClaimCollection;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.userdetails.User;
+
+public class FederationUser extends User {
+
+    private static final long serialVersionUID = -2231762973730849416L;
+    
+    private ClaimCollection claims;
+    
+    public FederationUser(String username, String password, boolean enabled, boolean accountNonExpired,
+                          boolean credentialsNonExpired, boolean accountNonLocked,
+                          Collection<? extends GrantedAuthority> authorities) {
+        super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
+    }
+    
+    public FederationUser(String username, String password, 
+                          Collection<? extends GrantedAuthority> authorities, ClaimCollection claims) {
+        super(username, password, true, true, true, true, authorities);
+        this.claims = claims;
+    }
+
+    public ClaimCollection getClaims() {
+        return this.claims;
+    }
+
+    
+    
+    
+}

Added: cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/PreAuthenticatedGrantedAuthoritiesUserDetailsFederationService.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/PreAuthenticatedGrantedAuthoritiesUserDetailsFederationService.java?rev=1426985&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/PreAuthenticatedGrantedAuthoritiesUserDetailsFederationService.java (added)
+++ cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/PreAuthenticatedGrantedAuthoritiesUserDetailsFederationService.java Sun Dec 30 20:13:23 2012
@@ -0,0 +1,79 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.spring;
+
+import java.util.*;
+
+import org.apache.cxf.fediz.core.ClaimCollection;
+import org.apache.cxf.fediz.core.FederationPrincipal;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.GrantedAuthoritiesContainer;
+import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
+
+import org.springframework.util.Assert;
+
+/**
+ * <p>
+ * This AuthenticationUserDetailsService implementation creates a UserDetails
+ * object based solely on the information contained in the given
+ * PreAuthenticatedAuthenticationToken. The user name is set to the name as
+ * returned by PreAuthenticatedAuthenticationToken.getName(), the password is
+ * set to a fixed dummy value (it will not be used by the
+ * PreAuthenticatedAuthenticationProvider anyway), and the Granted Authorities
+ * are retrieved from the details object as returned by
+ * PreAuthenticatedAuthenticationToken.getDetails().
+ *
+ * <p>
+ * The details object as returned by PreAuthenticatedAuthenticationToken.getDetails() must implement the
+ * {@link GrantedAuthoritiesContainer} interface for this implementation to work.
+ *l
+ */
+public class PreAuthenticatedGrantedAuthoritiesUserDetailsFederationService
+        implements AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken> {
+    /**
+     * Get a UserDetails object based on the user name contained in the given
+     * token, and the GrantedAuthorities as returned by the
+     * GrantedAuthoritiesContainer implementation as returned by
+     * the token.getDetails() method.
+     */
+    public final UserDetails loadUserDetails(PreAuthenticatedAuthenticationToken token) throws AuthenticationException {
+        Assert.notNull(token.getDetails());
+        Assert.isInstanceOf(GrantedAuthoritiesContainer.class, token.getDetails());
+        Assert.isInstanceOf(FederationPrincipal.class, token.getPrincipal());
+        Collection<? extends GrantedAuthority> authorities = 
+            ((GrantedAuthoritiesContainer) token.getDetails()).getGrantedAuthorities();
+        
+        return createuserDetails(token, authorities, ((FederationPrincipal)token.getPrincipal()).getClaims());
+    }
+
+    /**
+     * Creates the final <tt>UserDetails</tt> object. Can be overridden to customize the contents.
+     *
+     * @param token the authentication request token
+     * @param authorities the pre-authenticated authorities.
+     */
+    protected UserDetails createuserDetails(Authentication token,
+        Collection<? extends GrantedAuthority> authorities, ClaimCollection claims) {
+        return new FederationUser(token.getName(), "N/A", authorities, claims);
+    }
+}



Mime
View raw message