cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From owu...@apache.org
Subject svn commit: r1452990 - in /cxf/fediz/trunk: examples/springPreauthWebapp/ examples/springWebapp/ examples/springWebapp/src/main/config/ examples/springWebapp/src/main/java/org/apache/cxf/fediz/example/ examples/springWebapp/src/main/resources/ examples...
Date Tue, 05 Mar 2013 20:42:50 GMT
Author: owulff
Date: Tue Mar  5 20:42:49 2013
New Revision: 1452990

URL: http://svn.apache.org/r1452990
Log:
[FEDIZ-39] Spring Security Federation Authenticator

Added:
    cxf/fediz/trunk/examples/springWebapp/README.txt
      - copied, changed from r1452989, cxf/fediz/trunk/examples/springPreauthWebapp/README.txt
    cxf/fediz/trunk/examples/springWebapp/pom.xml
    cxf/fediz/trunk/examples/springWebapp/src/main/config/fediz_config.xml
    cxf/fediz/trunk/examples/springWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
    cxf/fediz/trunk/examples/springWebapp/src/main/resources/log4j.properties
    cxf/fediz/trunk/examples/springWebapp/src/main/resources/stsstore.jks   (with props)
    cxf/fediz/trunk/examples/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.form.xml
    cxf/fediz/trunk/examples/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.wsfed.xml
    cxf/fediz/trunk/examples/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml
    cxf/fediz/trunk/examples/springWebapp/src/main/webapp/WEB-INF/fediz_config.xml
    cxf/fediz/trunk/examples/springWebapp/src/main/webapp/WEB-INF/web.xml
    cxf/fediz/trunk/examples/springWebapp/src/main/webapp/index.html
    cxf/fediz/trunk/examples/springWebapp/src/main/webapp/secure/test.html
    cxf/fediz/trunk/plugins/spring/README.txt
    cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/SpringFedizMessageSource.java
    cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/
    cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/
    cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/AbstractFederationUserDetailsService.java
    cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/FederationAuthenticationEntryPoint.java
    cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/FederationAuthenticationFilter.java
    cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/FederationAuthenticationProvider.java
    cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/FederationAuthenticationToken.java
    cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/FederationConfig.java
    cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/FederationConfigImpl.java
    cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/FederationResponseAuthenticationToken.java
    cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/GrantedAuthoritiesUserDetailsFederationService.java
    cxf/fediz/trunk/plugins/spring/src/main/resources/
    cxf/fediz/trunk/plugins/spring/src/main/resources/org/
    cxf/fediz/trunk/plugins/spring/src/main/resources/org/apache/
    cxf/fediz/trunk/plugins/spring/src/main/resources/org/apache/cxf/
    cxf/fediz/trunk/plugins/spring/src/main/resources/org/apache/cxf/fediz/
    cxf/fediz/trunk/plugins/spring/src/main/resources/org/apache/cxf/fediz/spring/
    cxf/fediz/trunk/plugins/spring/src/main/resources/org/apache/cxf/fediz/spring/messages.properties
Modified:
    cxf/fediz/trunk/examples/springPreauthWebapp/README.txt
    cxf/fediz/trunk/plugins/spring/pom.xml

Modified: cxf/fediz/trunk/examples/springPreauthWebapp/README.txt
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/springPreauthWebapp/README.txt?rev=1452990&r1=1452989&r2=1452990&view=diff
==============================================================================
--- cxf/fediz/trunk/examples/springPreauthWebapp/README.txt (original)
+++ cxf/fediz/trunk/examples/springPreauthWebapp/README.txt Tue Mar  5 20:42:49 2013
@@ -1,33 +1,50 @@
-Simple Web Application Demo
-===========================
+Simple Spring (Pre-Authentication) Web Application Demo
+=======================================================
 
 This demo shows how to build and deploy an SSO protected using Apache CXF Fediz
-web application.
+web application where WS-Federation based login is managed by the container but
+Fediz initializes the Spring Security Context which provides a richer security
+API and configuration than the Java Servlet API.
+
+The Spring Security reference documentation provides more background information
+about Pre-Authentication support in Spring Security:
+http://static.springsource.org/spring-security/site/docs/3.2.x/reference/springsecurity-single.html#preauth
 
 Running this sample consists of four steps:
 
-- Configure the Tomcat-IDP and Tomcat-RP instances
+- Configure the Tomcat-IDP and Tomcat or Jetty-RP instances
 - Building the demo using Maven
-- Deploying the demo to the Tomcat-RP instance
+- Deploying the demo to the RP instance
 - Testing the demo
 
 Please review the README in the samples main directory before continuing.
 
-Configure the Tomcat-IDP and Tomcat-RP instances
-------------------------------------------------
-First, make sure the separate Tomcat instance hosting the Fediz IDP and IDP
+Configure the Tomcat-IDP
+------------------------
+Make sure the separate Tomcat instance hosting the Fediz IDP and IDP
 STS has been configured and is running as described here:  
 http://cxf.apache.org/fediz-idp.html.  Confirm the STS is active by
 checking that the WSDL is viewable from the browser using the URL given
 on that page--don't proceed further unless it is.
 
-Next, the Tomcat installation holding the relying parties (the demo Web application
+
+a) Configure the Tomcat-RP instance
+-----------------------------------
+Tomcat installation holding the relying parties (the demo Web application
 for this sample) must be configured properly before applications can be
 deployed to it.  See this wiki page for instructions:
 http://cxf.apache.org/fediz-tomcat.html -- the "Installation" and "HTTPS
 Configuration" sections are the only parts that need configuration for this
 sample. 
 
+b) Configure the Jetty-RP instance
+----------------------------------
+Jetty installation holding the relying parties (the demo Web application
+for this sample) must be configured properly before applications can be
+deployed to it.  See this wiki page for instructions:
+http://cxf.apache.org/fediz-jetty.html -- the "Installation" and "HTTPS
+Configuration" sections are the only parts that need configuration for this
+sample. 
 
 Demo Web Application
 ---------------------
@@ -52,8 +69,8 @@ command prompt, enter:
   mvn clean install   (builds the demo and creates a WAR file for Servlet deployment)
 
 
-Deploying the demo to Tomcat
-----------------------------
+a) Deploying the demo to Tomcat
+-------------------------------
 First copy this sample's Fediz Configuration file (src/main/config/fediz_config.xml)
 into the Tomcat-RP's conf folder.  This configuration references the 
 Java keystore 'tomcat-rp.jks' available in Fediz' examples/samplekeys folder 
@@ -64,6 +81,18 @@ Then, either manually copy this sample's
 webapps folder, or use the Tomcat Maven Plugin as described in the README file 
 in the example folder root.
 
+b) Deploying the demo to Jetty
+------------------------------
+First copy this sample's Fediz Configuration file (src/main/config/fediz_config.xml)
+into the Jetty-RP's etc folder.  This configuration references the 
+Java keystore 'tomcat-rp.jks' available in Fediz' examples/samplekeys folder 
+but should already be in the Jetty RP's root folder when you configured this
+instance as stated in the prerequisites.
+
+Then, either manually copy this sample's generated WAR file to the Jetty-RP's 
+webapps folder, or use the Jetty Maven Plugin as described in the README file 
+in the example folder root.
+
 
 Test the demo
 -------------

Copied: cxf/fediz/trunk/examples/springWebapp/README.txt (from r1452989, cxf/fediz/trunk/examples/springPreauthWebapp/README.txt)
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/springWebapp/README.txt?p2=cxf/fediz/trunk/examples/springWebapp/README.txt&p1=cxf/fediz/trunk/examples/springPreauthWebapp/README.txt&r1=1452989&r2=1452990&rev=1452990&view=diff
==============================================================================
--- cxf/fediz/trunk/examples/springPreauthWebapp/README.txt (original)
+++ cxf/fediz/trunk/examples/springWebapp/README.txt Tue Mar  5 20:42:49 2013
@@ -1,40 +1,39 @@
-Simple Web Application Demo
-===========================
+Simple Spring Web Application Demo
+==================================
 
 This demo shows how to build and deploy an SSO protected using Apache CXF Fediz
-web application.
+for a spring security based web application.
 
 Running this sample consists of four steps:
 
-- Configure the Tomcat-IDP and Tomcat-RP instances
+- Configure the Tomcat-IDP and Servlet Container for RP instances
 - Building the demo using Maven
-- Deploying the demo to the Tomcat-RP instance
+- Deploying the demo to the RP instance
 - Testing the demo
 
 Please review the README in the samples main directory before continuing.
 
-Configure the Tomcat-IDP and Tomcat-RP instances
-------------------------------------------------
+Configure the Tomcat-IDP and Servlet Container for RP instances
+---------------------------------------------------------------
 First, make sure the separate Tomcat instance hosting the Fediz IDP and IDP
 STS has been configured and is running as described here:  
 http://cxf.apache.org/fediz-idp.html.  Confirm the STS is active by
 checking that the WSDL is viewable from the browser using the URL given
 on that page--don't proceed further unless it is.
 
-Next, the Tomcat installation holding the relying parties (the demo Web application
-for this sample) must be configured properly before applications can be
-deployed to it.  See this wiki page for instructions:
-http://cxf.apache.org/fediz-tomcat.html -- the "Installation" and "HTTPS
-Configuration" sections are the only parts that need configuration for this
-sample. 
+The benefit of using Spring Security which is packaged with the demo application
+there are no plugin deployments required for the RP Servlet Container. 
+See this wiki page for instructions:
+http://cxf.apache.org/fediz-spring.html -- the "HTTPS Configuration" sections
+are the only parts that need configuration for this sample. 
 
 
 Demo Web Application
----------------------
+--------------------
 The main code lives in the class FederationServlet. This Servlet is protected
 and can be accessed only if the browser user is authenticated. The purpose of
-the FederationServlet is to illustrate the usage of the Java Servlet Security
-API to get the authenticated user and to check the roles he has. Further, 
+the FederationServlet is to illustrate the usage of the Spring Security API and
+Configuration to get the authenticated user and to check the roles he has. Further, 
 the FederationServlet shows how to access claims data (user data) which were 
 stored in the SAML token by using the Fediz interface FederationPrincipal.
 Beyond that, the FederationServlet illustrates how to access the SAML token
@@ -54,22 +53,18 @@ command prompt, enter:
 
 Deploying the demo to Tomcat
 ----------------------------
-First copy this sample's Fediz Configuration file (src/main/config/fediz_config.xml)
-into the Tomcat-RP's conf folder.  This configuration references the 
-Java keystore 'tomcat-rp.jks' available in Fediz' examples/samplekeys folder 
-but should already be in the Tomcat RP's root folder when you configured this
-instance as stated in the prerequisites.
-
-Then, either manually copy this sample's generated WAR file to the Tomcat-RP's 
+Either manually copy this sample's generated WAR file to the Tomcat-RP's 
 webapps folder, or use the Tomcat Maven Plugin as described in the README file 
 in the example folder root.
+It's recommended to not deploy this WAR into Servlet Container where Fediz is
+integrated into the Security Layer of the Container itself.
 
 
 Test the demo
 -------------
 Enter the following URL into the browser (TCP port depends on your HTTP settings):
 
-https://localhost:8443/fedizhelloworld/secure/fedservlet
+https://localhost:10443/fedizhelloworld/secure/fedservlet
 
 The browser is redirected to the IDP and prompts for username and password. As described
 in the IDP installation, the following users are already set up:

Added: cxf/fediz/trunk/examples/springWebapp/pom.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/springWebapp/pom.xml?rev=1452990&view=auto
==============================================================================
--- cxf/fediz/trunk/examples/springWebapp/pom.xml (added)
+++ cxf/fediz/trunk/examples/springWebapp/pom.xml Tue Mar  5 20:42:49 2013
@@ -0,0 +1,127 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.apache.cxf.fediz</groupId>
+        <artifactId>examples</artifactId>
+        <version>1.1.0-SNAPSHOT</version>
+    </parent>
+    <groupId>org.apache.cxf.fediz.examples</groupId>
+    <artifactId>springWebapp</artifactId>
+    <name>Fediz Example: SpringWebapp</name>
+    <packaging>war</packaging>
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <spring.version>3.1.3.RELEASE</spring.version>
+    </properties>
+    <dependencies>
+<!--
+        <dependency>
+            <groupId>commons-logging</groupId>
+            <artifactId>commons-logging</artifactId>
+            <version>${commons.logging.version}</version>
+            <scope>provided</scope>
+        </dependency>
+-->
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>servlet-api</artifactId>
+            <version>${servlet.version}</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.cxf.fediz</groupId>
+            <artifactId>fediz-cxf</artifactId>
+            <version>${project.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>            
+        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-log4j12</artifactId>
+            <version>${slf4j.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.cxf.fediz</groupId>
+            <artifactId>fediz-spring</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+            <version>${commons.lang.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-web</artifactId>
+            <version>${spring.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-config</artifactId>
+            <version>${spring.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>log4j</groupId>
+            <artifactId>log4j</artifactId>
+            <version>${log4j.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>javax.mail</groupId>
+                    <artifactId>mail</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>javax.jms</groupId>
+                    <artifactId>jms</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>com.sun.jdmk</groupId>
+                    <artifactId>jmxtools</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>com.sun.jmx</groupId>
+                    <artifactId>jmxri</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+    </dependencies>
+    <build>
+        <plugins>
+            <plugin>
+                <!--for mvn tomcat:deploy/:undeploy/:redeploy -->
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>tomcat-maven-plugin</artifactId>
+                <version>1.1</version>
+                <configuration>
+                    <server>myTomcat</server>
+                    <url>http://localhost:10080/manager/text</url>
+                    <path>/${project.build.finalName}</path>
+                </configuration>
+            </plugin>
+        </plugins>
+        <!-- Name of the generated WAR file -->
+        <finalName>fedizhelloworld</finalName>
+    </build>
+</project>

Added: cxf/fediz/trunk/examples/springWebapp/src/main/config/fediz_config.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/springWebapp/src/main/config/fediz_config.xml?rev=1452990&view=auto
==============================================================================
--- cxf/fediz/trunk/examples/springWebapp/src/main/config/fediz_config.xml (added)
+++ cxf/fediz/trunk/examples/springWebapp/src/main/config/fediz_config.xml Tue Mar  5 20:42:49 2013
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<!-- Place in Tomcat conf folder or other location as designated in this sample's webapp/META-INF/context.xml file. 
+     Keystore referenced below must have IDP STS' public cert included in it.  This example re-uses the Tomcat SSL 
+     keystore (tomcat-rp.jks) for this task; alternatively you may wish to use a Fediz-specific keystore instead. 
+-->
+<FedizConfig>
+	<contextConfig name="/fedizhelloworld">
+		<audienceUris>
+			<audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
+		</audienceUris>
+		<certificateStores>
+			<trustManager>
+				<keyStore file="tomcat-rp.jks" password="tompass" type="JKS" />
+			</trustManager>
+		</certificateStores>
+		<trustedIssuers>
+			<issuer subject=".*CN=www.sts.com.*" certificateValidation="ChainTrust"
+				name="DoubleItSTSIssuer" />
+		</trustedIssuers>
+		<maximumClockSkew>1000</maximumClockSkew>
+		<protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+			xsi:type="federationProtocolType" version="1.0.0">
+			<realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
+			<issuer>https://localhost:9443/fediz-idp/</issuer>
+			<roleDelimiter>,</roleDelimiter>
+			<roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+			<!--<authenticationType type="String">some auth type</authenticationType>-->
+			<!--<homeRealm type="Class">org.apache.fediz.realm.MyHomeRealm</homeRealm>-->
+			<!--<freshness>0</freshness>-->
+			<!--<reply>reply value</reply>-->
+			<!--<request>REQUEST</request>-->
+			<claimTypesRequested>
+				<claimType type="a particular claim type" optional="true" />
+			</claimTypesRequested>
+		</protocol>
+	</contextConfig>
+</FedizConfig>
+

Added: cxf/fediz/trunk/examples/springWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/springWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java?rev=1452990&view=auto
==============================================================================
--- cxf/fediz/trunk/examples/springWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java (added)
+++ cxf/fediz/trunk/examples/springWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java Tue Mar  5 20:42:49 2013
@@ -0,0 +1,125 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.example;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.io.StringWriter;
+import java.security.Principal;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.transform.OutputKeys;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.w3c.dom.Element;
+
+import org.apache.commons.lang3.StringEscapeUtils;
+import org.apache.cxf.fediz.core.Claim;
+import org.apache.cxf.fediz.core.ClaimCollection;
+import org.apache.cxf.fediz.cxf.web.SecurityTokenThreadLocal;
+import org.apache.cxf.fediz.spring.FederationUser;
+import org.apache.cxf.fediz.spring.web.authentication.FederationAuthenticationToken;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
+
+
+public class FederationServlet extends HttpServlet {
+
+    /**
+     * 
+     */
+    private static final long serialVersionUID = -9019993850246851112L;
+
+    public void doGet(HttpServletRequest request, HttpServletResponse response)
+        throws ServletException, IOException {
+
+        response.setContentType("text/html");
+        PrintWriter out = response.getWriter();
+
+        out.println("<html>");
+        out.println("<head><title>WS Federation Tomcat Examples</title></head>");
+        out.println("<body>");
+        out.println("<h1>Hello World</h1>");
+        out.println("Hello world<br>");
+        out.println("Request url: " + request.getRequestURL().toString() + "<p>");
+
+
+        out.println("<br><b>User</b><p>");
+        Principal p = request.getUserPrincipal();
+        if (p != null) {
+            out.println("Principal: " + p.getName() + "<p>");
+        }
+        
+        // Access Spring security context
+        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+        if (auth instanceof FederationAuthenticationToken) {
+            out.println("Roles of user:<p><ul>");
+            FederationAuthenticationToken fedAuthToken = (FederationAuthenticationToken)auth;
+            for (GrantedAuthority item : fedAuthToken.getAuthorities()) {
+                out.println("<li>" + item.getAuthority() + "</li>");
+            }
+            out.println("</ul>");
+            
+            if (fedAuthToken.getUserDetails() instanceof FederationUser) {
+                out.println("<br><b>Claims</b><p>");
+                ClaimCollection claims = ((FederationUser)fedAuthToken.getUserDetails()).getClaims();
+                for (Claim c: claims) {
+                    out.println(c.getClaimType().toString() + ": " + c.getValue() + "<p>");
+                }
+            } else {
+                out.println("FederationAuthenticationToken found but not FederationUser");
+            }
+            
+        } else {
+            out.println("No FederationAuthenticationToken found in Spring Security Context.");
+        }
+
+        Element el = SecurityTokenThreadLocal.getToken();
+        if (el != null) {
+            out.println("<p>Bootstrap token...");
+            String token = null;
+            try {
+                TransformerFactory transFactory = TransformerFactory.newInstance();
+                Transformer transformer = transFactory.newTransformer();
+                StringWriter buffer = new StringWriter();
+                transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
+                transformer.transform(new DOMSource(el),
+                                      new StreamResult(buffer));
+                token = buffer.toString();
+                out.println("<p>" + StringEscapeUtils.escapeXml(token));
+            } catch (Exception ex) {
+                out.println("<p>Failed to transform cached element to string: " + ex.toString());
+            }
+        } else {
+            out.println("<p>Bootstrap token not cached in thread local storage");
+        }
+
+        out.println("</body>");
+    }
+
+}
\ No newline at end of file

Added: cxf/fediz/trunk/examples/springWebapp/src/main/resources/log4j.properties
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/springWebapp/src/main/resources/log4j.properties?rev=1452990&view=auto
==============================================================================
--- cxf/fediz/trunk/examples/springWebapp/src/main/resources/log4j.properties (added)
+++ cxf/fediz/trunk/examples/springWebapp/src/main/resources/log4j.properties Tue Mar  5 20:42:49 2013
@@ -0,0 +1,22 @@
+# Set root category priority to INFO and its only appender to CONSOLE.
+log4j.rootLogger=INFO, CONSOLE
+log4j.logger.org.springframework=INFO, CONSOLE
+log4j.additivity.org.springframework=false
+log4j.logger.org.springframework.security=DEBUG, CONSOLE
+log4j.additivity.org.springframework.security=false
+log4j.logger.org.apache.cxf.fediz=DEBUG, CONSOLE
+log4j.additivity.org.apache.cxf.fediz=false
+
+# CONSOLE is set to be a ConsoleAppender using a PatternLayout.
+log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
+log4j.appender.CONSOLE.Threshold=DEBUG
+log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
+log4j.appender.CONSOLE.layout.ConversionPattern=%d [%t] %-5p %c %x - %m%n
+
+# LOGFILE is set to be a File appender using a PatternLayout.
+log4j.appender.LOGFILE=org.apache.log4j.FileAppender
+log4j.appender.LOGFILE.File=fedizhelloworld.log
+log4j.appender.LOGFILE.Append=false
+log4j.appender.LOGFILE.Threshold=DEBUG
+log4j.appender.LOGFILE.layout=org.apache.log4j.PatternLayout
+log4j.appender.LOGFILE.layout.ConversionPattern=%d [%t] %-5p %c %x - %m%n

Added: cxf/fediz/trunk/examples/springWebapp/src/main/resources/stsstore.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/springWebapp/src/main/resources/stsstore.jks?rev=1452990&view=auto
==============================================================================
Files cxf/fediz/trunk/examples/springWebapp/src/main/resources/stsstore.jks (added) and cxf/fediz/trunk/examples/springWebapp/src/main/resources/stsstore.jks Tue Mar  5 20:42:49 2013 differ

Propchange: cxf/fediz/trunk/examples/springWebapp/src/main/resources/stsstore.jks
------------------------------------------------------------------------------
    svn:executable = *

Added: cxf/fediz/trunk/examples/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.form.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.form.xml?rev=1452990&view=auto
==============================================================================
--- cxf/fediz/trunk/examples/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.form.xml (added)
+++ cxf/fediz/trunk/examples/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.form.xml Tue Mar  5 20:42:49 2013
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:sec="http://www.springframework.org/schema/security"
+    xmlns:p="http://www.springframework.org/schema/p"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:context="http://www.springframework.org/schema/context"
+    xmlns:util="http://www.springframework.org/schema/util"
+    xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
+http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd
+http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
+
+  <sec:debug />
+
+  <sec:http auto-config='true'>
+    <sec:intercept-url pattern="/**" access="ROLE_USER" />
+  </sec:http>
+
+
+
+  <sec:authentication-manager>
+    <sec:authentication-provider>
+      <sec:user-service>
+        <sec:user name="jimi" password="jimispassword" authorities="ROLE_USER, ROLE_ADMIN" />
+        <sec:user name="bob" password="bobspassword" authorities="ROLE_USER" />
+      </sec:user-service>
+    </sec:authentication-provider>
+  </sec:authentication-manager>
+
+
+</beans>
+

Added: cxf/fediz/trunk/examples/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.wsfed.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.wsfed.xml?rev=1452990&view=auto
==============================================================================
--- cxf/fediz/trunk/examples/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.wsfed.xml (added)
+++ cxf/fediz/trunk/examples/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.wsfed.xml Tue Mar  5 20:42:49 2013
@@ -0,0 +1,127 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:sec="http://www.springframework.org/schema/security"
+    xmlns:p="http://www.springframework.org/schema/p"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:context="http://www.springframework.org/schema/context"
+    xmlns:util="http://www.springframework.org/schema/util"
+    xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
+http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd
+http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
+
+  <sec:debug />
+
+    <sec:http entry-point-ref="federationEntryPoint" use-expressions="true">
+        <sec:intercept-url pattern="/" access="permitAll"/>
+        <sec:intercept-url pattern="/fediz" access="permitAll"/>
+        <sec:intercept-url pattern="/index.jsp" access="permitAll"/>
+<!--
+        <intercept-url pattern="/index.jsp" access="permitAll"/>
+        <intercept-url pattern="/cas-logout.jsp" access="permitAll"/>
+        <intercept-url pattern="/casfailed.jsp" access="permitAll"/>
+-->
+        <sec:intercept-url pattern="/secure/fedservlet" access="isAuthenticated()"/>
+        <sec:intercept-url pattern="/secure/manager/**" access="ROLE_MANAGER"/>
+        <sec:intercept-url pattern="/secure/admin/**" access="ROLE_ADMIN"/>
+<!-- Constructor threw exception; nested exception is java.lang.IllegalArgumentException: Failed to parse expression 'ROLE_USER ROLE_ADMIN ROLE_MANAGER' -->
+<!--        <sec:intercept-url pattern="/secure/user/**" access="ROLE_USER ROLE_ADMIN ROLE_MANAGER"/>-->
+<!--        <sec:intercept-url pattern="/secure/fedservlet" access="ROLE_USER,ROLE_ADMIN,ROLE_MANAGER,ROLE_AUTHENTICATED"/>-->
+<!--
+        <custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER"/>
+        <custom-filter ref="singleLogoutFilter" before="CAS_FILTER"/>
+        <custom-filter ref="casFilter" position="CAS_FILTER" />
+        <logout logout-success-url="/cas-logout.jsp"/>
+-->
+
+
+        <sec:custom-filter ref="federationFilter" after="BASIC_AUTH_FILTER" />
+        <sec:session-management session-authentication-strategy-ref="sas"/>
+
+    </sec:http>
+
+
+    <sec:authentication-manager alias="authManager">
+        <sec:authentication-provider ref="federationAuthProvider" />
+    </sec:authentication-manager>
+<!--
+    <bean id="serviceProperties"
+        class="org.apache.cxf.fediz.spring.ServiceProperties"
+        p:fedizConfig="fediz_config.xml"/>
+-->
+    <bean id="fedizConfig" class="org.apache.cxf.fediz.spring.web.authentication.FederationConfigImpl" init-method="init"
+        p:configFile="WEB-INF/fediz_config.xml" />
+
+    <bean id="federationEntryPoint"
+        class="org.apache.cxf.fediz.spring.web.authentication.FederationAuthenticationEntryPoint"
+        p:federationConfig-ref="fedizConfig" />
+
+    <bean id="federationFilter"
+        class="org.apache.cxf.fediz.spring.web.authentication.FederationAuthenticationFilter"
+        p:authenticationManager-ref="authManager" p:sessionAuthenticationStrategy-ref="sas">
+<!--
+        <property name="authenticationDetailsSource">
+            <bean class="org.springframework.security.cas.web.authentication.ServiceAuthenticationDetailsSource"/>
+        </property>
+-->
+        <property name="authenticationFailureHandler">
+            <bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"
+                p:defaultFailureUrl="/casfailed.jsp"/>
+        </property>
+    </bean>
+<!--
+    <b:bean id="pgtStorage" class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl"/>
+-->
+    <bean id="federationAuthProvider" class="org.apache.cxf.fediz.spring.web.authentication.FederationAuthenticationProvider"
+        p:federationConfig-ref="fedizConfig">
+        <property name="authenticationUserDetailsService">
+            <bean class="org.apache.cxf.fediz.spring.web.authentication.GrantedAuthoritiesUserDetailsFederationService"/>
+<!--
+            <bean
+                class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
+                <constructor-arg ref="userService" />
+            </bean>
+-->
+        </property>
+<!--
+        <property name="ticketValidator">
+            <bean
+                class="org.jasig.cas.client.validation.Cas20ProxyTicketValidator"
+                p:acceptAnyProxy="true"
+                p:proxyCallbackUrl="https://${cas.service.host}/cas-sample/j_spring_cas_security_proxyreceptor"
+                p:proxyGrantingTicketStorage-ref="pgtStorage">
+                <b:constructor-arg value="https://${cas.server.host}/cas" />
+            </bean>
+        </property>
+        <property name="statelessTicketCache">
+            <bean class="org.springframework.security.cas.authentication.EhCacheBasedTicketCache">
+                <property name="cache">
+                    <bean class="net.sf.ehcache.Cache"
+                      init-method="initialise"
+                      destroy-method="dispose">
+                        <constructor-arg value="casTickets"/>
+                        <constructor-arg value="50"/>
+                        <constructor-arg value="true"/>
+                        <constructor-arg value="false"/>
+                        <constructor-arg value="3600"/>
+                        <constructor-arg value="900"/>
+                    </bean>
+                </property>
+            </bean>
+        </property>
+-->
+    </bean>
+
+    <bean id="sas" class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy" />
+
+    <!-- Configuration for the environment can be overriden by system properties -->
+<!--
+    <context:property-placeholder system-properties-mode="OVERRIDE" properties-ref="environment"/>
+    <util:properties id="environment">
+        <b:prop key="cas.service.host">localhost:8443</b:prop>
+        <b:prop key="cas.server.host">localhost:9443</b:prop>
+    </util:properties>
+-->
+</beans>
+

Added: cxf/fediz/trunk/examples/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml?rev=1452990&view=auto
==============================================================================
--- cxf/fediz/trunk/examples/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml (added)
+++ cxf/fediz/trunk/examples/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml Tue Mar  5 20:42:49 2013
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:sec="http://www.springframework.org/schema/security"
+    xmlns:p="http://www.springframework.org/schema/p"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:context="http://www.springframework.org/schema/context"
+    xmlns:util="http://www.springframework.org/schema/util"
+    xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
+http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd
+http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
+
+    <!-- DIABLE in production as it might log confidential information about the user -->
+    <sec:debug />
+
+    <sec:http entry-point-ref="federationEntryPoint" use-expressions="true">
+        <sec:intercept-url pattern="/" access="permitAll"/>
+        <sec:intercept-url pattern="/fediz" access="permitAll"/>
+        <sec:intercept-url pattern="/index.html" access="permitAll"/>
+        <sec:intercept-url pattern="/secure/fedservlet" access="isAuthenticated()"/>
+        <sec:intercept-url pattern="/secure/manager/**" access="hasRole('ROLE_MANAGER')"/>
+        <sec:intercept-url pattern="/secure/admin/**" access="hasRole('ROLE_ADMIN')"/>
+        <sec:intercept-url pattern="/secure/user/**" access="hasAnyRole('ROLE_USER','ROLE_ADMIN','ROLE_MANAGER')"/>
+        <sec:custom-filter ref="federationFilter" after="BASIC_AUTH_FILTER" />
+        <sec:session-management session-authentication-strategy-ref="sas"/>
+    </sec:http>
+
+
+    <sec:authentication-manager alias="authManager">
+        <sec:authentication-provider ref="federationAuthProvider" />
+    </sec:authentication-manager>
+
+    <bean id="fedizConfig" class="org.apache.cxf.fediz.spring.web.authentication.FederationConfigImpl" init-method="init"
+        p:configFile="WEB-INF/fediz_config.xml" />
+
+    <bean id="federationEntryPoint"
+        class="org.apache.cxf.fediz.spring.web.authentication.FederationAuthenticationEntryPoint"
+        p:federationConfig-ref="fedizConfig" />
+
+    <bean id="federationFilter"
+        class="org.apache.cxf.fediz.spring.web.authentication.FederationAuthenticationFilter"
+        p:authenticationManager-ref="authManager" p:sessionAuthenticationStrategy-ref="sas">
+
+        <property name="authenticationFailureHandler">
+            <bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler" />
+        </property>
+    </bean>
+
+    <bean id="federationAuthProvider" class="org.apache.cxf.fediz.spring.web.authentication.FederationAuthenticationProvider"
+        p:federationConfig-ref="fedizConfig">
+        <property name="authenticationUserDetailsService">
+            <bean class="org.apache.cxf.fediz.spring.web.authentication.GrantedAuthoritiesUserDetailsFederationService"/>
+        </property>
+    </bean>
+
+    <bean id="sas" class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy" />
+</beans>
+

Added: cxf/fediz/trunk/examples/springWebapp/src/main/webapp/WEB-INF/fediz_config.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/springWebapp/src/main/webapp/WEB-INF/fediz_config.xml?rev=1452990&view=auto
==============================================================================
--- cxf/fediz/trunk/examples/springWebapp/src/main/webapp/WEB-INF/fediz_config.xml (added)
+++ cxf/fediz/trunk/examples/springWebapp/src/main/webapp/WEB-INF/fediz_config.xml Tue Mar  5 20:42:49 2013
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<!-- Place in Tomcat conf folder or other location as designated in this sample's webapp/META-INF/context.xml file. 
+     Keystore referenced below must have IDP STS' public cert included in it.  This example re-uses the Tomcat SSL 
+     keystore (tomcat-rp.jks) for this task; alternatively you may wish to use a Fediz-specific keystore instead. 
+-->
+<FedizConfig>
+	<contextConfig name="/fedizhelloworld">
+		<audienceUris>
+			<audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
+		</audienceUris>
+		<certificateStores>
+			<trustManager>
+				<keyStore file="stsstore.jks" password="stsspass" type="JKS" />
+			</trustManager>
+		</certificateStores>
+		<trustedIssuers>
+			<issuer subject=".*CN=www.sts.com.*" certificateValidation="ChainTrust"
+				name="DoubleItSTSIssuer" />
+		</trustedIssuers>
+		<maximumClockSkew>1000</maximumClockSkew>
+		<protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+			xsi:type="federationProtocolType" version="1.0.0">
+			<realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
+			<issuer>https://localhost:9443/fediz-idp/</issuer>
+			<roleDelimiter>,</roleDelimiter>
+			<roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+                        <reply>/j_spring_fediz_security_check</reply>
+			<!--<authenticationType type="String">some auth type</authenticationType>-->
+			<!--<homeRealm type="Class">org.apache.fediz.realm.MyHomeRealm</homeRealm>-->
+			<!--<freshness>0</freshness>-->
+			<!--<reply>reply value</reply>-->
+			<!--<request>REQUEST</request>-->
+			<claimTypesRequested>
+				<claimType type="a particular claim type" optional="true" />
+			</claimTypesRequested>
+		</protocol>
+	</contextConfig>
+</FedizConfig>
+

Added: cxf/fediz/trunk/examples/springWebapp/src/main/webapp/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/springWebapp/src/main/webapp/WEB-INF/web.xml?rev=1452990&view=auto
==============================================================================
--- cxf/fediz/trunk/examples/springWebapp/src/main/webapp/WEB-INF/web.xml (added)
+++ cxf/fediz/trunk/examples/springWebapp/src/main/webapp/WEB-INF/web.xml Tue Mar  5 20:42:49 2013
@@ -0,0 +1,66 @@
+<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+                      http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+	version="3.0" metadata-complete="true">
+
+	<description>
+    WS Federation Spring Example
+    </description>
+	<display-name>WS Federation Spring Example</display-name>
+	
+      <filter>
+    <filter-name>springSecurityFilterChain</filter-name>
+    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+  </filter>
+
+  <filter-mapping>
+    <filter-name>springSecurityFilterChain</filter-name>
+    <url-pattern>/*</url-pattern>
+  </filter-mapping>
+
+    <!--
+      - Location of the XML file that defines the root application context
+      - Applied by ContextLoaderListener.
+      -->
+    <context-param>
+        <param-name>contextConfigLocation</param-name>
+        <param-value>
+            /WEB-INF/applicationContext-security.xml
+        </param-value>
+    </context-param>
+
+    <!--
+      - Loads the root application context of this web app at startup.
+      - The application context is then available via
+      - WebApplicationContextUtils.getWebApplicationContext(servletContext).
+    -->
+    <listener>
+        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+    </listener>
+     
+	<servlet>
+		<servlet-name>FederationServlet</servlet-name>
+		<servlet-class>org.apache.cxf.fediz.example.FederationServlet</servlet-class>
+	</servlet>
+
+	<servlet-mapping>
+		<servlet-name>FederationServlet</servlet-name>
+		<url-pattern>/secure/fedservlet</url-pattern>
+	</servlet-mapping>
+
+	<servlet-mapping>
+		<servlet-name>FederationServlet</servlet-name>
+		<url-pattern>/secure/admin/fedservlet</url-pattern>
+	</servlet-mapping>
+	
+	<servlet-mapping>
+		<servlet-name>FederationServlet</servlet-name>
+		<url-pattern>/secure/user/fedservlet</url-pattern>
+	</servlet-mapping>
+	
+	<servlet-mapping>
+		<servlet-name>FederationServlet</servlet-name>
+		<url-pattern>/secure/manager/fedservlet</url-pattern>
+	</servlet-mapping>
+
+</web-app>

Added: cxf/fediz/trunk/examples/springWebapp/src/main/webapp/index.html
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/springWebapp/src/main/webapp/index.html?rev=1452990&view=auto
==============================================================================
--- cxf/fediz/trunk/examples/springWebapp/src/main/webapp/index.html (added)
+++ cxf/fediz/trunk/examples/springWebapp/src/main/webapp/index.html Tue Mar  5 20:42:49 2013
@@ -0,0 +1,25 @@
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<HTML><HEAD><TITLE>WS Federation Tomcat Examples</TITLE>
+<META http-equiv=Content-Type content="text/html">
+</HEAD>
+<BODY>
+<P>
+<H3>Hello World</H3>
+<P></P>
+</BODY></HTML>

Added: cxf/fediz/trunk/examples/springWebapp/src/main/webapp/secure/test.html
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/springWebapp/src/main/webapp/secure/test.html?rev=1452990&view=auto
==============================================================================
--- cxf/fediz/trunk/examples/springWebapp/src/main/webapp/secure/test.html (added)
+++ cxf/fediz/trunk/examples/springWebapp/src/main/webapp/secure/test.html Tue Mar  5 20:42:49 2013
@@ -0,0 +1,25 @@
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<HTML><HEAD><TITLE>WS Federation Tomcat Examples</TITLE>
+<META http-equiv=Content-Type content="text/html">
+</HEAD>
+<BODY>
+<P>
+<H3>Secure Test</H3>
+<P></P>
+</BODY></HTML>

Added: cxf/fediz/trunk/plugins/spring/README.txt
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/spring/README.txt?rev=1452990&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/spring/README.txt (added)
+++ cxf/fediz/trunk/plugins/spring/README.txt Tue Mar  5 20:42:49 2013
@@ -0,0 +1,13 @@
+Fediz configuration for Spring Security
+---------------------------------------
+
+The Servlet Container installation doesn't have to be updated before a Web Application can be deployed.
+
+It's recommended to use HTTPS to avoid sending tokens/cookies in clear text on the network.
+Please check your Servlet Container documentation how to set it up.
+
+Please check the Spring Security example to get more information how to deploy a web application
+using Spring Security.
+
+The following wiki page explains the fediz configuration which is Container independent:
+http://cxf.apache.org/fediz-configuration.html

Modified: cxf/fediz/trunk/plugins/spring/pom.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/spring/pom.xml?rev=1452990&r1=1452989&r2=1452990&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/spring/pom.xml (original)
+++ cxf/fediz/trunk/plugins/spring/pom.xml Tue Mar  5 20:42:49 2013
@@ -42,7 +42,7 @@
             <groupId>org.springframework.security</groupId>
             <artifactId>spring-security-config</artifactId>
             <version>${spring.version}</version>
-        </dependency>
+        </dependency>     
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
@@ -62,6 +62,11 @@
             <version>${servlet.version}</version>
             <scope>provided</scope>
         </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-api</artifactId>
+            <version>${slf4j.version}</version>
+        </dependency>        
     </dependencies>
     <build>
         <plugins>

Added: cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/SpringFedizMessageSource.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/SpringFedizMessageSource.java?rev=1452990&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/SpringFedizMessageSource.java (added)
+++ cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/SpringFedizMessageSource.java Tue Mar  5 20:42:49 2013
@@ -0,0 +1,45 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.spring;
+
+import org.springframework.context.support.MessageSourceAccessor;
+import org.springframework.context.support.ResourceBundleMessageSource;
+
+
+/**
+ * The default <code>MessageSource</code> used by Spring Security.
+ * <p>All Spring Security classes requiring messge localization will by default use this class.
+ * However, all such classes will also implement <code>MessageSourceAware</code> so that the application context can
+ * inject an alternative message source. Therefore this class is only used when the deployment environment has not
+ * specified an alternative message source.</p>
+ *
+ * @author Ben Alex
+ */
+public class SpringFedizMessageSource extends ResourceBundleMessageSource {
+
+    public SpringFedizMessageSource() {
+        setBasename("org.apache.cxf.fediz.spring.messages");
+    }
+
+
+    public static MessageSourceAccessor getAccessor() {
+        return new MessageSourceAccessor(new SpringFedizMessageSource());
+    }
+}

Added: cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/AbstractFederationUserDetailsService.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/AbstractFederationUserDetailsService.java?rev=1452990&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/AbstractFederationUserDetailsService.java (added)
+++ cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/AbstractFederationUserDetailsService.java Tue Mar  5 20:42:49 2013
@@ -0,0 +1,42 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.spring.web.authentication;
+
+import org.apache.cxf.fediz.core.FederationResponse;
+import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
+import org.springframework.security.core.userdetails.UserDetails;
+
+/**
+ * Abstract class to construct a new User object based on the provided FederationResponseAuthenticationToken.
+ */
+public abstract class AbstractFederationUserDetailsService
+        implements AuthenticationUserDetailsService<FederationResponseAuthenticationToken> {
+
+    public final UserDetails loadUserDetails(final FederationResponseAuthenticationToken token) {
+        return loadUserDetails(token.getResponse());
+    }
+
+    /**
+     * Protected template method for construct a {@link org.springframework.security.core.userdetails.UserDetails} 
+     * via the supplied FederationResponse
+     *
+     * @return the newly created UserDetails object.
+     */
+    protected abstract UserDetails loadUserDetails(FederationResponse response);
+}

Added: cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/FederationAuthenticationEntryPoint.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/FederationAuthenticationEntryPoint.java?rev=1452990&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/FederationAuthenticationEntryPoint.java (added)
+++ cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/FederationAuthenticationEntryPoint.java Tue Mar  5 20:42:49 2013
@@ -0,0 +1,119 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.spring.web.authentication;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.cxf.fediz.core.FederationProcessor;
+import org.apache.cxf.fediz.core.FederationProcessorImpl;
+import org.apache.cxf.fediz.core.config.FederationContext;
+import org.apache.cxf.fediz.core.exception.ProcessingException;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import org.springframework.beans.BeansException;
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.ApplicationContextAware;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.util.Assert;
+
+
+/**
+ * Used by the <code>ExceptionTranslationFilter</code> to commence authentication via the
+ * WS-Federation protocol.
+ * <p>
+ * The user's browser will be redirected to the IDP.
+ *
+ */
+public class FederationAuthenticationEntryPoint implements AuthenticationEntryPoint,
+    InitializingBean, ApplicationContextAware {
+    
+    private static final Logger LOG = LoggerFactory.getLogger(FederationAuthenticationEntryPoint.class);
+    
+    private ApplicationContext appContext;
+    private FederationConfig federationConfig;
+
+    public FederationConfig getFederationConfig() {
+        return federationConfig;
+    }
+
+    public void setFederationConfig(FederationConfig federationConfig) {
+        this.federationConfig = federationConfig;
+    }
+
+    public void afterPropertiesSet() throws Exception {
+        Assert.notNull(this.appContext, "ApplicationContext cannot be null.");
+        Assert.notNull(this.federationConfig, "FederationConfig cannot be null.");
+    }
+
+    public final void commence(final HttpServletRequest servletRequest, final HttpServletResponse response,
+            final AuthenticationException authenticationException) throws IOException, ServletException {
+
+        String redirectUrl = null;
+        FederationContext fedContext = federationConfig.getFederationContext();
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("Federation context: " + fedContext);
+        }
+        try {
+            FederationProcessor wfProc = new FederationProcessorImpl();
+            redirectUrl = wfProc.createSignInRequest(servletRequest, fedContext);
+            if (redirectUrl == null) {
+                LOG.warn("Failed to create SignInRequest.");
+                response.sendError(
+                        HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to create SignInRequest.");
+            }
+        } catch (ProcessingException ex) {
+            System.err.println("Failed to create SignInRequest: " + ex.getMessage());
+            LOG.warn("Failed to create SignInRequest: " + ex.getMessage());
+            response.sendError(
+                               HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to create SignInRequest.");
+        }
+        
+        preCommence(servletRequest, response);
+        if (LOG.isInfoEnabled()) {
+            LOG.info("Redirecting to IDP: " + redirectUrl);
+        }
+        response.sendRedirect(redirectUrl);
+    }
+
+
+    /**
+     * Template method for you to do your own pre-processing before the redirect occurs.
+     *
+     * @param request the HttpServletRequest
+     * @param response the HttpServletResponse
+     */
+    protected void preCommence(final HttpServletRequest request, final HttpServletResponse response) {
+
+    }
+
+    @Override
+    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
+        this.appContext = applicationContext;
+    }
+
+}

Added: cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/FederationAuthenticationFilter.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/FederationAuthenticationFilter.java?rev=1452990&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/FederationAuthenticationFilter.java (added)
+++ cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/FederationAuthenticationFilter.java Tue Mar  5 20:42:49 2013
@@ -0,0 +1,75 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.spring.web.authentication;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.cxf.fediz.core.FederationRequest;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
+import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
+
+
+public class FederationAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
+    
+    public FederationAuthenticationFilter() {
+        super("/j_spring_fediz_security_check");
+        setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler());
+    }
+
+    @Override
+    public Authentication attemptAuthentication(final HttpServletRequest request, final HttpServletResponse response)
+        throws AuthenticationException, IOException {
+
+        
+        String wa = request.getParameter("wa");
+        String wresult = request.getParameter("wresult");
+        FederationRequest wfReq = new FederationRequest();
+        wfReq.setWa(wa);
+        wfReq.setWresult(wresult);
+        
+        final UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(null, wfReq);
+
+        authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
+
+        return this.getAuthenticationManager().authenticate(authRequest);
+    }
+  
+
+    /**
+     * 
+     */
+    @Override
+    protected boolean requiresAuthentication(final HttpServletRequest request, final HttpServletResponse response) {
+        final boolean result = request.getRequestURI().contains(getFilterProcessesUrl());
+        
+        if (logger.isDebugEnabled()) {
+            logger.debug("requiresAuthentication = " + result);
+        }
+        return result;
+    }
+
+
+}
\ No newline at end of file

Added: cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/FederationAuthenticationProvider.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/FederationAuthenticationProvider.java?rev=1452990&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/FederationAuthenticationProvider.java (added)
+++ cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/FederationAuthenticationProvider.java Tue Mar  5 20:42:49 2013
@@ -0,0 +1,155 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.spring.web.authentication;
+
+import org.apache.cxf.fediz.core.FederationProcessor;
+import org.apache.cxf.fediz.core.FederationProcessorImpl;
+import org.apache.cxf.fediz.core.FederationRequest;
+import org.apache.cxf.fediz.core.FederationResponse;
+import org.apache.cxf.fediz.spring.SpringFedizMessageSource;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.context.MessageSource;
+import org.springframework.context.MessageSourceAware;
+import org.springframework.context.support.MessageSourceAccessor;
+import org.springframework.security.authentication.AccountStatusUserDetailsChecker;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
+import org.springframework.security.core.authority.mapping.NullAuthoritiesMapper;
+import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsChecker;
+import org.springframework.util.Assert;
+
+
+/**
+ * This {@link AuthenticationProvider} implements the integration with the Identity Provider
+ * based on the WS-Federation Passive Requestor Profile.
+ */
+public class FederationAuthenticationProvider implements AuthenticationProvider, InitializingBean, MessageSourceAware {
+    private static final Logger LOG = LoggerFactory.getLogger(FederationAuthenticationProvider.class);
+    
+    protected MessageSourceAccessor messages = SpringFedizMessageSource.getAccessor();
+    
+    private AuthenticationUserDetailsService<FederationResponseAuthenticationToken> authenticationUserDetailsService;
+    private FederationConfig federationConfig;
+    
+    private final UserDetailsChecker userDetailsChecker = new AccountStatusUserDetailsChecker();
+    private GrantedAuthoritiesMapper authoritiesMapper = new NullAuthoritiesMapper();
+        
+    public AuthenticationUserDetailsService<FederationResponseAuthenticationToken>
+    getAuthenticationUserDetailsService() {
+        return authenticationUserDetailsService;
+    }
+
+    public void setAuthenticationUserDetailsService(
+        AuthenticationUserDetailsService<FederationResponseAuthenticationToken> authenticationUserDetailsService) {
+        this.authenticationUserDetailsService = authenticationUserDetailsService;
+    }
+    
+    public FederationConfig getFederationConfig() {
+        return federationConfig;
+    }
+
+    public void setFederationConfig(FederationConfig federationConfig) {
+        this.federationConfig = federationConfig;
+    }
+    
+
+
+    public void afterPropertiesSet() throws Exception {
+        Assert.notNull(this.authenticationUserDetailsService, "An authenticationUserDetailsService must be set");
+        Assert.notNull(this.messages, "A message source must be set");
+        Assert.notNull(this.federationConfig, "FederationConfig cannot be null.");
+    }
+
+    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+        if (!supports(authentication.getClass())) {
+            return null;
+        }
+
+        if (!(authentication instanceof UsernamePasswordAuthenticationToken)) {
+            return null;
+        }
+
+        // Ensure credentials are provided
+        if ((authentication.getCredentials() == null) || "".equals(authentication.getCredentials())) {
+            throw new BadCredentialsException(messages.getMessage("FederationAuthenticationProvider.noSignInRequest",
+                    "Failed to get SignIn request"));
+        }
+
+        FederationAuthenticationToken result = null;
+        
+        if (result == null) {
+            result = this.authenticateNow(authentication);
+            result.setDetails(authentication.getDetails());
+        }
+
+        return result;
+    }
+
+    private FederationAuthenticationToken authenticateNow(final Authentication authentication)
+        throws AuthenticationException {
+        try {
+            FederationRequest wfReq = (FederationRequest)authentication.getCredentials();
+            FederationProcessor wfProc = new FederationProcessorImpl();
+            FederationResponse wfRes = wfProc.processRequest(wfReq, federationConfig.getFederationContext());
+
+            final UserDetails userDetails = loadUserByFederationResponse(wfRes);
+            userDetailsChecker.check(userDetails);
+            return new FederationAuthenticationToken(userDetails, authentication.getCredentials(),
+                    authoritiesMapper.mapAuthorities(userDetails.getAuthorities()), userDetails, wfRes);
+        } catch (Exception e) {
+            LOG.error("Failed to validate SignIn request", e);
+            throw new BadCredentialsException(e.getMessage(), e);
+        }
+    }
+
+    /**
+     * Template method for retrieving the UserDetails based on the federation response (wresult parameter).
+     *
+     * @param response The WS Federation response
+     * @return the UserDetails.
+     */
+    protected UserDetails loadUserByFederationResponse(final FederationResponse response) {
+        final FederationResponseAuthenticationToken token = new FederationResponseAuthenticationToken(response);
+        return this.authenticationUserDetailsService.loadUserDetails(token);
+    }
+
+    public void setMessageSource(final MessageSource messageSource) {
+        this.messages = new MessageSourceAccessor(messageSource);
+    }
+    
+    public void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper) {
+        this.authoritiesMapper = authoritiesMapper;
+    }
+
+    public boolean supports(final Class<?> authentication) {
+        return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication))
+            || (FederationAuthenticationToken.class.isAssignableFrom(authentication));
+    }
+}

Added: cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/FederationAuthenticationToken.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/FederationAuthenticationToken.java?rev=1452990&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/FederationAuthenticationToken.java (added)
+++ cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/FederationAuthenticationToken.java Tue Mar  5 20:42:49 2013
@@ -0,0 +1,86 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.spring.web.authentication;
+
+import java.io.Serializable;
+import java.util.Collection;
+
+import org.apache.cxf.fediz.core.FederationResponse;
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.SpringSecurityCoreVersion;
+import org.springframework.security.core.userdetails.UserDetails;
+
+/**
+ * Represents a successful WS-Federation based authentication.
+ */
+public class FederationAuthenticationToken extends AbstractAuthenticationToken implements Serializable {
+
+    private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
+    private final Object credentials;
+    private final Object principal;
+    private final UserDetails userDetails;
+    private final FederationResponse response;
+
+    
+    public FederationAuthenticationToken(final Object principal, final Object credentials,
+        final Collection<? extends GrantedAuthority> authorities, final UserDetails userDetails,
+        final FederationResponse response) {
+        super(authorities);
+
+        if ((principal == null) || "".equals(principal) || (credentials == null)
+            || "".equals(credentials) || (authorities == null) || (userDetails == null) || (response == null)) {
+            throw new IllegalArgumentException("Cannot pass null or empty values to constructor");
+        }
+
+        this.principal = principal;
+        this.credentials = credentials;
+        this.userDetails = userDetails;
+        this.response = response;
+        setAuthenticated(true);
+    }
+
+    public Object getCredentials() {
+        return this.credentials;
+    }
+
+    public Object getPrincipal() {
+        return this.principal;
+    }
+
+    public FederationResponse getResponse() {
+        return this.response;
+    }
+
+    public UserDetails getUserDetails() {
+        return userDetails;
+    }
+
+    public String toString() {
+        StringBuilder sb = new StringBuilder();
+        sb.append(super.toString());
+        sb.append(" Response: ").append(this.response);
+        sb.append(" Credentials: ").append(this.credentials);
+
+        return sb.toString();
+    }
+
+}

Added: cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/FederationConfig.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/FederationConfig.java?rev=1452990&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/FederationConfig.java (added)
+++ cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/FederationConfig.java Tue Mar  5 20:42:49 2013
@@ -0,0 +1,32 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.spring.web.authentication;
+
+import java.util.List;
+import org.apache.cxf.fediz.core.config.FederationContext;
+
+public interface FederationConfig {
+
+    List<FederationContext> getFederationContextList();
+    
+    FederationContext getFederationContext(String contextName);
+    
+    FederationContext getFederationContext();
+}

Added: cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/FederationConfigImpl.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/FederationConfigImpl.java?rev=1452990&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/FederationConfigImpl.java (added)
+++ cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/FederationConfigImpl.java Tue Mar  5 20:42:49 2013
@@ -0,0 +1,108 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.spring.web.authentication;
+
+import java.util.List;
+
+import javax.servlet.ServletContext;
+
+import org.apache.cxf.fediz.core.config.FederationConfigurator;
+import org.apache.cxf.fediz.core.config.FederationContext;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import org.springframework.beans.factory.BeanCreationException;
+import org.springframework.core.io.Resource;
+import org.springframework.util.Assert;
+import org.springframework.web.context.ServletContextAware;
+
+public class FederationConfigImpl implements FederationConfig, ServletContextAware {
+
+    private static final Logger LOG = LoggerFactory.getLogger(FederationConfigImpl.class);
+    
+    private Resource configFile;
+    private String contextName;
+    
+    private ServletContext servletContext;
+    private FederationConfigurator configurator = new FederationConfigurator();
+    
+    
+    public Resource getConfigFile() {
+        return configFile;
+    }
+
+    public void setConfigFile(Resource configFile) {
+        this.configFile = configFile;
+    }
+    
+    public String getContextName() {
+        return contextName;
+    }
+
+    public void setContextName(String contextName) {
+        this.contextName = contextName;
+    }
+    
+    public void init() {
+        Assert.notNull(this.configFile, "property 'configFile' mandatory");
+        try {
+            configurator.loadConfig(this.configFile.getFile());
+        } catch (Exception e) {
+            LOG.error("Failed to parse '" + configFile.getDescription() + "'", e);
+            throw new BeanCreationException("Failed to parse '" + configFile.getDescription() + "'");
+        }
+    }
+
+    @Override
+    public List<FederationContext> getFederationContextList() {
+        return configurator.getFederationContextList();
+    }
+
+    @Override
+    public FederationContext getFederationContext(String context) {
+        FederationContext ctx = configurator.getFederationContext(context);
+        if (ctx == null) {
+            LOG.error("Federation context '" + context + "' not found.");
+            throw new IllegalStateException("Federation context '" + context + "' not found.");
+        }
+        return ctx;
+    }
+
+    @Override
+    public FederationContext getFederationContext() {
+        if (servletContext != null) {
+            if (LOG.isDebugEnabled()) {
+                LOG.debug("Reading federation configuration for context '"
+                             + servletContext.getContextPath() + "'");
+            }
+            return getFederationContext(servletContext.getContextPath());
+        } else {
+            Assert.notNull(contextName, "Property 'contextName' must be configured because ServletContext null");
+            return getFederationContext(contextName);
+        }
+    }
+
+    @Override
+    public void setServletContext(ServletContext servletContext) {
+        this.servletContext = servletContext;
+    }
+
+}

Added: cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/FederationResponseAuthenticationToken.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/FederationResponseAuthenticationToken.java?rev=1452990&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/FederationResponseAuthenticationToken.java (added)
+++ cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/FederationResponseAuthenticationToken.java Tue Mar  5 20:42:49 2013
@@ -0,0 +1,54 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.spring.web.authentication;
+
+import java.util.ArrayList;
+
+import org.apache.cxf.fediz.core.FederationResponse;
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.SpringSecurityCoreVersion;
+
+public final class FederationResponseAuthenticationToken extends AbstractAuthenticationToken {
+
+    private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
+    private final FederationResponse response;
+
+
+    public FederationResponseAuthenticationToken(final FederationResponse response) {
+        super(new ArrayList<GrantedAuthority>());
+
+        this.response = response;
+    }
+
+    public Object getPrincipal() {
+        return this.response.getUsername();
+    }
+
+    public Object getCredentials() {
+        return this.response;
+    }
+    
+    public FederationResponse getResponse() {
+        return this.response;
+    }
+
+}
\ No newline at end of file

Added: cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/GrantedAuthoritiesUserDetailsFederationService.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/GrantedAuthoritiesUserDetailsFederationService.java?rev=1452990&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/GrantedAuthoritiesUserDetailsFederationService.java (added)
+++ cxf/fediz/trunk/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/authentication/GrantedAuthoritiesUserDetailsFederationService.java Tue Mar  5 20:42:49 2013
@@ -0,0 +1,49 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.spring.web.authentication;
+
+import java.util.*;
+
+import org.apache.cxf.fediz.core.ClaimCollection;
+import org.apache.cxf.fediz.core.FederationResponse;
+import org.apache.cxf.fediz.spring.FederationUser;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+
+/**
+ * This AuthenticationUserDetailsService implementation creates a FederationUser
+ * object based on the data in the provided FederationResponseAuthenticationToken.
+ */
+public class GrantedAuthoritiesUserDetailsFederationService
+        extends AbstractFederationUserDetailsService {
+
+    @Override
+    protected UserDetails loadUserDetails(FederationResponse response) {
+        
+        final List<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>();
+        
+        for (final String role : response.getRoles()) {
+            grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_" + role.toUpperCase()));
+        }
+        return new FederationUser(response.getUsername(), "N/A",
+                        grantedAuthorities, new ClaimCollection(response.getClaims()));
+        
+    }
+}

Added: cxf/fediz/trunk/plugins/spring/src/main/resources/org/apache/cxf/fediz/spring/messages.properties
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/spring/src/main/resources/org/apache/cxf/fediz/spring/messages.properties?rev=1452990&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/spring/src/main/resources/org/apache/cxf/fediz/spring/messages.properties (added)
+++ cxf/fediz/trunk/plugins/spring/src/main/resources/org/apache/cxf/fediz/spring/messages.properties Tue Mar  5 20:42:49 2013
@@ -0,0 +1,2 @@
+FederationAuthenticationProvider.incorrectKey=The presented FederationAuthenticationToken does not contain the expected key
+FederationAuthenticationProvider.noSignInRequest=Failed to get SignIn request



Mime
View raw message