cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From owu...@apache.org
Subject svn commit: r1482105 [1/2] - in /cxf/fediz/trunk/services/sts: ./ src/main/java/org/apache/cxf/fediz/service/sts/ src/main/java/org/apache/cxf/fediz/service/sts/realms/ src/realms/ src/realms/resources/ src/realms/webapp/ src/realms/webapp/WEB-INF/ src...
Date Mon, 13 May 2013 21:01:52 GMT
Author: owulff
Date: Mon May 13 21:01:51 2013
New Revision: 1482105

URL: http://svn.apache.org/r1482105
Log:
[FEDIZ-3] Support for two realms added in STS

Added:
    cxf/fediz/trunk/services/sts/README.txt
    cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/
    cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/IdentityMapperImpl.java
    cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/RealmFileClaimsHandler.java
    cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/SamlRealmCodec.java
    cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/UriRealmParser.java
    cxf/fediz/trunk/services/sts/src/realms/
    cxf/fediz/trunk/services/sts/src/realms/resources/
    cxf/fediz/trunk/services/sts/src/realms/resources/log4j.properties
    cxf/fediz/trunk/services/sts/src/realms/resources/org.apache.cxf.Logger
    cxf/fediz/trunk/services/sts/src/realms/resources/realma.cert
    cxf/fediz/trunk/services/sts/src/realms/resources/realmb.cert
    cxf/fediz/trunk/services/sts/src/realms/resources/stsKeystoreA.properties
    cxf/fediz/trunk/services/sts/src/realms/resources/stsKeystoreB.properties
    cxf/fediz/trunk/services/sts/src/realms/resources/stsTruststore.properties
    cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_a.jks
    cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_b.jks
    cxf/fediz/trunk/services/sts/src/realms/resources/ststrust.jks
    cxf/fediz/trunk/services/sts/src/realms/webapp/
    cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/
    cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/cxf-transport.xml
    cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/passwords.xml
    cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/userClaims.xml
    cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/wsdl/
    cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl
    cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/wsdl/ws-trust-1.4.wsdl
    cxf/fediz/trunk/services/sts/src/test/
    cxf/fediz/trunk/services/sts/src/test/java/
    cxf/fediz/trunk/services/sts/src/test/java/org/
    cxf/fediz/trunk/services/sts/src/test/java/org/apache/
    cxf/fediz/trunk/services/sts/src/test/java/org/apache/cxf/
    cxf/fediz/trunk/services/sts/src/test/java/org/apache/cxf/fediz/
    cxf/fediz/trunk/services/sts/src/test/java/org/apache/cxf/fediz/sts/
    cxf/fediz/trunk/services/sts/src/test/java/org/apache/cxf/fediz/sts/AbstractSTSTest.java
    cxf/fediz/trunk/services/sts/src/test/java/org/apache/cxf/fediz/sts/Utils.java
    cxf/fediz/trunk/services/sts/src/test/java/org/apache/cxf/fediz/sts/realms/
    cxf/fediz/trunk/services/sts/src/test/java/org/apache/cxf/fediz/sts/realms/ITCrossRealmTest.java
    cxf/fediz/trunk/services/sts/src/test/resources/
    cxf/fediz/trunk/services/sts/src/test/resources/logback.xml
    cxf/fediz/trunk/services/sts/src/test/resources/org/
    cxf/fediz/trunk/services/sts/src/test/resources/org/apache/
    cxf/fediz/trunk/services/sts/src/test/resources/org/apache/cxf/
    cxf/fediz/trunk/services/sts/src/test/resources/org/apache/cxf/fediz/
    cxf/fediz/trunk/services/sts/src/test/resources/org/apache/cxf/fediz/sts/
    cxf/fediz/trunk/services/sts/src/test/resources/org/apache/cxf/fediz/sts/realms/
    cxf/fediz/trunk/services/sts/src/test/resources/org/apache/cxf/fediz/sts/realms/ITCrossRealmTest-testRealmAtoRealmB.properties
    cxf/fediz/trunk/services/sts/src/test/resources/org/apache/cxf/fediz/sts/realms/ITCrossRealmTest-testRealmAtoRealmBWithClaims.properties
    cxf/fediz/trunk/services/sts/src/test/resources/org/apache/cxf/fediz/sts/realms/ITCrossRealmTest.properties
    cxf/fediz/trunk/services/sts/src/test/resources/org/apache/cxf/fediz/sts/realms/sts-client.xml
    cxf/fediz/trunk/services/sts/src/test/resources/stsclient.properties
Modified:
    cxf/fediz/trunk/services/sts/pom.xml
    cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/PasswordCallbackHandler.java

Added: cxf/fediz/trunk/services/sts/README.txt
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/README.txt?rev=1482105&view=auto
==============================================================================
--- cxf/fediz/trunk/services/sts/README.txt (added)
+++ cxf/fediz/trunk/services/sts/README.txt Mon May 13 21:01:51 2013
@@ -0,0 +1,30 @@
+Build the STS
+----------------------------
+
+
+STS with LDAP backend
+---------------------
+
+Build the STS:
+mvn clean install -Pldap
+
+
+STS with two realms
+-------------------
+
+Build the STS:
+mvn clean install -Prealms
+
+Proceed with the following steps to update the signing certificates:
+
+keytool -genkeypair -validity 3600 -alias realma -keystore stsrealm_a.jks -dname "cn=REALMA" -keypass realma -storepass storepass
+keytool -keystore stsrealm_a.jks -storepass storepass -export -alias realma -file realma.cert
+
+
+keytool -genkeypair -validity 3600 -alias realmb -keystore stsrealm_b.jks -dname "cn=REALMB" -keypass realmb -storepass storepass
+keytool -keystore stsrealm_b.jks -storepass storepass -export -alias realmb -file realmb.cert
+
+keytool -import -trustcacerts -keystore ststrust.jks -storepass storepass -alias realma -file realma.cert -noprompt
+keytool -import -trustcacerts -keystore ststrust.jks -storepass storepass -alias realmb -file realmb.cert -noprompt
+
+

Modified: cxf/fediz/trunk/services/sts/pom.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/pom.xml?rev=1482105&r1=1482104&r2=1482105&view=diff
==============================================================================
--- cxf/fediz/trunk/services/sts/pom.xml (original)
+++ cxf/fediz/trunk/services/sts/pom.xml Mon May 13 21:01:51 2013
@@ -1,107 +1,87 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
- 
-  http://www.apache.org/licenses/LICENSE-2.0
- 
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-    <modelVersion>4.0.0</modelVersion>
-    <parent>
-        <groupId>org.apache.cxf.fediz</groupId>
-        <artifactId>fediz</artifactId>
-        <version>1.1.0-SNAPSHOT</version>
-        <relativePath>../../pom.xml</relativePath>
-    </parent>
-    <artifactId>fediz-idp-sts</artifactId>
-    <name>Apache Fediz STS</name>
-    <packaging>war</packaging>
-    <properties>
-        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <adapter.resource>file</adapter.resource>
-    </properties>
-    <dependencies>
-        <dependency>
-            <groupId>org.springframework</groupId>
-            <artifactId>spring-web</artifactId>
-            <version>${spring.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-transports-http</artifactId>
-            <version>${cxf.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-frontend-jaxws</artifactId>
-            <version>${cxf.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-ws-policy</artifactId>
-            <version>${cxf.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf.services.sts</groupId>
-            <artifactId>cxf-services-sts-core</artifactId>
-            <version>${cxf.version}</version>
-            <!--
-            <exclusions>
-                                <exclusion>
-                                        <artifactId>slf4j-jdk14</artifactId>
-                                        <groupId>org.slf4j</groupId>
-                                </exclusion>
-                                <exclusion>
-                                        <artifactId>slf4j-api</artifactId>
-                                        <groupId>org.slf4j</groupId>
-                                </exclusion>
-                        </exclusions>
-                        -->
-        </dependency>        
-        <dependency>
-            <groupId>org.slf4j</groupId>
-            <artifactId>slf4j-api</artifactId>
-            <version>${slf4j.version}</version>
-            <scope>compile</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.slf4j</groupId>
-            <artifactId>slf4j-jdk14</artifactId>
-            <version>${slf4j.version}</version>
-            <scope>runtime</scope>
-        </dependency>
-  		<dependency>
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor 
+	license agreements. See the NOTICE file distributed with this work for additional 
+	information regarding copyright ownership. The ASF licenses this file to 
+	you under the Apache License, Version 2.0 (the "License"); you may not use 
+	this file except in compliance with the License. You may obtain a copy of 
+	the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required 
+	by applicable law or agreed to in writing, software distributed under the 
+	License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS 
+	OF ANY KIND, either express or implied. See the License for the specific 
+	language governing permissions and limitations under the License. -->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+	<parent>
+		<groupId>org.apache.cxf.fediz</groupId>
+		<artifactId>fediz</artifactId>
+		<version>1.1.0-SNAPSHOT</version>
+		<relativePath>../../pom.xml</relativePath>
+	</parent>
+	<artifactId>fediz-idp-sts</artifactId>
+	<name>Apache Fediz STS</name>
+	<packaging>war</packaging>
+	<properties>
+		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+		<adapter.resource>file</adapter.resource>
+	</properties>
+	<dependencies>
+		<dependency>
+			<groupId>org.springframework</groupId>
+			<artifactId>spring-web</artifactId>
+			<version>${spring.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.cxf</groupId>
+			<artifactId>cxf-rt-transports-http</artifactId>
+			<version>${cxf.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.cxf</groupId>
+			<artifactId>cxf-rt-frontend-jaxws</artifactId>
+			<version>${cxf.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.cxf</groupId>
+			<artifactId>cxf-rt-ws-policy</artifactId>
+			<version>${cxf.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.cxf.services.sts</groupId>
+			<artifactId>cxf-services-sts-core</artifactId>
+			<version>${cxf.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>org.slf4j</groupId>
+			<artifactId>slf4j-api</artifactId>
+			<version>${slf4j.version}</version>
+			<scope>compile</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.slf4j</groupId>
+			<artifactId>slf4j-log4j12</artifactId>
+			<version>${slf4j.version}</version>
+			<scope>runtime</scope>
+		</dependency>
+		<dependency>
 			<groupId>org.springframework.ldap</groupId>
 			<artifactId>spring-ldap-core</artifactId>
 			<version>1.3.1.RELEASE</version>
 			<scope>compile</scope>
-		</dependency>        
-<!--
+		</dependency>
 		<dependency>
-			<groupId>org.slf4j</groupId>
-			<artifactId>slf4j-api</artifactId>
-			<version>${slf4j.version}</version>
-			<scope>provided</scope>
+			<groupId>junit</groupId>
+			<artifactId>junit</artifactId>
+			<version>${junit.version}</version>
+			<scope>test</scope>
 		</dependency>
--->
 
-   </dependencies>
+	</dependencies>
 
-    <build>
-        <plugins>
-        	<plugin>
+	<build>
+		<plugins>
+			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-war-plugin</artifactId>
 				<version>2.1.1</version>
@@ -124,43 +104,50 @@
 					</webResources>
 				</configuration>
 			</plugin>
-            <!--
-            <plugin>
-                <groupId>org.apache.tomcat.maven</groupId>
-                <artifactId>tomcat-maven-plugin</artifactId>
-                <version>2.0-SNAPSHOT</version>
-                <configuration>
-                     <server>myTomcat</server>
-                     <url>http://localhost:8080/manager/text</url>
-                     <warFile>${project.build.finalName}.war</warFile>
-                </configuration>
-            </plugin>
-            -->
-            <plugin>
-                <!--for mvn tomcat:deploy/:undeploy/:redeploy -->
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>tomcat-maven-plugin</artifactId>
-                <version>1.1</version>
-                <configuration>
-                    <server>myTomcat</server>
-                    <url>http://localhost:9080/manager/text</url>
-                    <path>/${project.build.finalName}</path>
-                </configuration>
-            </plugin>
-        </plugins>
-        <!-- Name of the generated WAR file -->
-        <finalName>fediz-idp-sts</finalName>
-    </build>
-    
-    <profiles>
-    	<profile>
-    		<id>ldap</id>
-    		<properties>
-    		<adapter.resource>ldap</adapter.resource>
-    		</properties>
-    		<dependencyManagement>
+			<plugin>
+				<artifactId>maven-surefire-plugin</artifactId>
+				<version>2.14</version>
+				<executions>
+					<execution>
+						<id>default-test</id>
+						<phase>test</phase>
+						<goals>
+							<goal>test</goal>
+						</goals>
+						<configuration>
+							<excludes>
+								<exclude>**/realms/**/IT*Test.java</exclude>
+							</excludes>
+						</configuration>
+					</execution>
+				</executions>
+			</plugin>
+			<plugin>
+				<!--for mvn tomcat:deploy/:undeploy/:redeploy -->
+				<groupId>org.codehaus.mojo</groupId>
+				<artifactId>tomcat-maven-plugin</artifactId>
+				<version>1.1</version>
+				<configuration>
+					<server>myTomcat</server>
+					<url>http://localhost:9080/manager/text</url>
+					<path>/${project.build.finalName}</path>
+				</configuration>
+			</plugin>
+		</plugins>
+
+		<!-- Name of the generated WAR file -->
+		<finalName>fediz-idp-sts</finalName>
+	</build>
+
+	<profiles>
+		<profile>
+			<id>ldap</id>
+			<properties>
+				<adapter.resource>ldap</adapter.resource>
+			</properties>
+			<dependencyManagement>
 				<dependencies>
-		    		<!-- spring-ldap-core uses 3.0.5 -->
+					<!-- spring-ldap-core uses 3.0.5 -->
 					<dependency>
 						<groupId>org.springframework</groupId>
 						<artifactId>spring-tx</artifactId>
@@ -168,14 +155,214 @@
 					</dependency>
 				</dependencies>
 			</dependencyManagement>
-    		<dependencies>
-    			<dependency>
+			<dependencies>
+				<dependency>
 					<groupId>org.springframework.ldap</groupId>
 					<artifactId>spring-ldap-core</artifactId>
 					<version>1.3.1.RELEASE</version>
 				</dependency>
-    		</dependencies>
-    	</profile>
-    
-    </profiles>
+			</dependencies>
+		</profile>
+
+		<profile>
+			<id>realms</id>
+			<properties>
+
+			</properties>
+			<build>
+				<plugins>
+					<plugin>
+						<groupId>org.apache.maven.plugins</groupId>
+						<artifactId>maven-resources-plugin</artifactId>
+						<configuration>
+							<overwrite>true</overwrite>
+						</configuration>
+					</plugin>
+
+					<plugin>
+						<groupId>org.apache.maven.plugins</groupId>
+						<artifactId>maven-war-plugin</artifactId>
+						<version>2.1.1</version>
+						<configuration>
+							<webResources>
+								<resource>
+									<directory>src/realms/webapp</directory>
+									<filtering>true</filtering>
+									<includes>
+										<include>**/cxf-transport.xml</include>
+									</includes>
+								</resource>
+								<resource>
+									<directory>src/realms/webapp</directory>
+									<filtering>false</filtering>
+									<excludes>
+										<exclude>**/cxf-transport.xml</exclude>
+									</excludes>
+								</resource>
+							</webResources>
+						</configuration>
+					</plugin>
+					<plugin>
+						<groupId>org.codehaus.mojo</groupId>
+						<artifactId>keytool-maven-plugin</artifactId>
+						<version>1.2</version>
+						<executions>
+							<execution>
+								<phase>generate-resources</phase>
+								<id>clean</id>
+								<goals>
+									<goal>clean</goal>
+								</goals>
+							</execution>
+							<execution>
+								<phase>generate-resources</phase>
+								<id>generateKeyPair</id>
+								<goals>
+									<goal>generateKeyPair</goal>
+								</goals>
+							</execution>
+						</executions>
+						<configuration>
+							<keystore>${project.build.directory}/test-classes/jetty-ssl.keystore</keystore>
+							<dname>cn=localhost</dname>
+							<keypass>jettypw</keypass>
+							<storepass>jettypw</storepass>
+							<alias>jetty</alias>
+							<keyalg>RSA</keyalg>
+						</configuration>
+					</plugin>
+
+					<!-- logback property ignored if set in jetty maven plugin -->
+					<!-- http://docs.codehaus.org/display/JETTY/Maven+Jetty+Plugin#MavenJettyPlugin-Logging -->
+					<plugin>
+						<groupId>org.codehaus.mojo</groupId>
+						<artifactId>properties-maven-plugin</artifactId>
+						<version>1.0-alpha-2</version>
+						<executions>
+							<execution>
+								<goals>
+									<goal>set-system-properties</goal>
+								</goals>
+								<configuration>
+									<properties>
+										<property>
+											<name>logback.configurationFile</name>
+											<value>${project.baseUri}/src/test/resources/logback.xml</value>
+										</property>
+									</properties>
+								</configuration>
+							</execution>
+						</executions>
+					</plugin>
+					<plugin>
+						<groupId>org.codehaus.mojo</groupId>
+						<artifactId>build-helper-maven-plugin</artifactId>
+						<version>1.7</version>
+						<executions>
+							<execution>
+								<id>reserve-network-port</id>
+								<goals>
+									<goal>reserve-network-port</goal>
+								</goals>
+								<phase>initialize</phase>
+								<configuration>
+									<portNames>
+										<portName>sts.https.port</portName>
+										<portName>jetty.port</portName>
+									</portNames>
+								</configuration>
+							</execution>
+						</executions>
+					</plugin>
+					<plugin>
+						<groupId>org.mortbay.jetty</groupId>
+						<artifactId>jetty-maven-plugin</artifactId>
+						<version>7.6.8.v20121106</version>
+						<inherited>true</inherited>
+						<configuration>
+							<webApp>
+								<contextPath>/fediz-idp-sts</contextPath>
+							</webApp>
+
+							<scanIntervalSeconds>0</scanIntervalSeconds>
+							<connectors>
+								<connector
+									implementation="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
+									<port>${sts.https.port}</port>
+									<maxIdleTime>60000</maxIdleTime>
+									<keystore>${project.build.directory}/test-classes/jetty-ssl.keystore</keystore>
+									<password>jettypw</password>
+									<keyPassword>jettypw</keyPassword>
+									<wantClientAuth>true</wantClientAuth>
+								</connector>
+							</connectors>
+							<stopPort>${jetty.port}</stopPort>
+							<stopKey>STOP</stopKey>
+							<systemProperties>
+							</systemProperties>
+						</configuration>
+						<executions>
+							<execution>
+								<id>start-jetty</id>
+								<phase>pre-integration-test</phase>
+								<inherited>true</inherited>
+								<goals>
+									<goal>deploy-war</goal>
+								</goals>
+								<configuration>
+									<daemon>true</daemon>
+								</configuration>
+							</execution>
+							<execution>
+								<id>stop-jetty</id>
+								<phase>post-integration-test</phase>
+								<inherited>true</inherited>
+								<goals>
+									<goal>stop</goal>
+								</goals>
+							</execution>
+						</executions>
+					</plugin>
+					<plugin>
+						<artifactId>maven-failsafe-plugin</artifactId>
+						<version>2.12.2</version>
+						<inherited>true</inherited>
+						<executions>
+							<execution>
+								<id>integration-test</id>
+								<phase>integration-test</phase>
+								<goals>
+									<goal>integration-test</goal>
+								</goals>
+								<configuration>
+									<skip>false</skip>
+									<systemPropertyVariables>
+										<sts.https.port>${sts.https.port}</sts.https.port>
+									</systemPropertyVariables>
+
+									<includes>
+										<include>**/IT*.java</include>
+									</includes>
+
+								</configuration>
+							</execution>
+							<execution>
+								<id>verify</id>
+								<phase>verify</phase>
+								<goals>
+									<goal>verify</goal>
+								</goals>
+							</execution>
+						</executions>
+					</plugin>
+				</plugins>
+				<resources>
+					<resource>
+						<directory>src/realms/resources</directory>
+					</resource>
+				</resources>
+			</build>
+		</profile>
+
+	</profiles>
 </project>

Modified: cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/PasswordCallbackHandler.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/PasswordCallbackHandler.java?rev=1482105&r1=1482104&r2=1482105&view=diff
==============================================================================
--- cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/PasswordCallbackHandler.java (original)
+++ cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/PasswordCallbackHandler.java Mon May 13 21:01:51 2013
@@ -31,6 +31,13 @@ public class PasswordCallbackHandler imp
         for (int i = 0; i < callbacks.length; i++) {
             if (callbacks[i] instanceof WSPasswordCallback) { // CXF
                 WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+                if ("realma".equals(pc.getIdentifier())) {
+                    pc.setPassword("realma");
+                    break;
+                } else if ("realmb".equals(pc.getIdentifier())) {
+                    pc.setPassword("realmb");
+                    break;
+                }
                 if ("mystskey".equals(pc.getIdentifier())) {
                     pc.setPassword("stskpass");
                     break;

Added: cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/IdentityMapperImpl.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/IdentityMapperImpl.java?rev=1482105&view=auto
==============================================================================
--- cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/IdentityMapperImpl.java (added)
+++ cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/IdentityMapperImpl.java Mon May 13 21:01:51 2013
@@ -0,0 +1,56 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.sts.realms;
+
+import java.security.Principal;
+import java.util.logging.Logger;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.sts.IdentityMapper;
+import org.apache.ws.security.CustomTokenPrincipal;
+
+/**
+ * A test implementation of IdentityMapper.
+ */
+public class IdentityMapperImpl implements IdentityMapper {
+
+    private static final Logger LOG = LogUtils.getL7dLogger(IdentityMapperImpl.class);
+    
+    /**
+     * Map a principal in the source realm to the target realm
+     * @param sourceRealm the source realm of the Principal
+     * @param sourcePrincipal the principal in the source realm
+     * @param targetRealm the target realm of the Principal
+     * @return the principal in the target realm
+     */
+    public Principal mapPrincipal(String sourceRealm, Principal sourcePrincipal, String targetRealm) {
+        if ("REALMA".equals(sourceRealm)) {
+            String name = sourcePrincipal.getName().toUpperCase();
+            LOG.info("Principal '" + sourcePrincipal.getName() + "' mapped to '" + name);
+            return new CustomTokenPrincipal(name);
+        } else if ("REALMB".equals(sourceRealm)) {
+            String name = sourcePrincipal.getName().toLowerCase();
+            LOG.info("Principal '" + sourcePrincipal.getName() + "' mapped to '" + name);
+            return new CustomTokenPrincipal(name);
+        }
+        return null;
+    }
+
+}

Added: cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/RealmFileClaimsHandler.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/RealmFileClaimsHandler.java?rev=1482105&view=auto
==============================================================================
--- cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/RealmFileClaimsHandler.java (added)
+++ cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/RealmFileClaimsHandler.java Mon May 13 21:01:51 2013
@@ -0,0 +1,121 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.sts.realms;
+
+import java.net.URI;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.logging.Logger;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.sts.claims.Claim;
+import org.apache.cxf.sts.claims.ClaimCollection;
+import org.apache.cxf.sts.claims.ClaimsHandler;
+import org.apache.cxf.sts.claims.ClaimsParameters;
+import org.apache.cxf.sts.claims.RequestClaim;
+import org.apache.cxf.sts.claims.RequestClaimCollection;
+
+/**
+ * A custom ClaimsHandler implementation for use in the tests.
+ */
+public class RealmFileClaimsHandler implements ClaimsHandler {
+
+    public static final URI ROLE = 
+        URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
+
+    private static final Logger LOG = LogUtils.getL7dLogger(RealmFileClaimsHandler.class);
+    
+    private Map<String, Map<String, String>> userClaims;
+    private List<URI> supportedClaims;
+    private String realm;
+
+    public void setUserClaims(Map<String, Map<String, String>> userClaims) {
+        this.userClaims = userClaims;
+    }
+
+    public Map<String, Map<String, String>> getUserClaims() {
+        return userClaims;
+    }
+    
+    public void setSupportedClaims(List<URI> supportedClaims) {
+        this.supportedClaims = supportedClaims;
+    }
+    
+    public void setRealm(String realm) {
+        this.realm = realm;
+    }
+
+    public String getRealm() {
+        return realm;
+    }
+    
+    @Override
+    public List<URI> getSupportedClaimTypes() {
+        return Collections.unmodifiableList(this.supportedClaims);
+    }
+    
+
+    @Override
+    public ClaimCollection retrieveClaimValues(RequestClaimCollection claims,
+            ClaimsParameters parameters) {
+        
+        if (parameters.getRealm() == null || !parameters.getRealm().equalsIgnoreCase(getRealm())) {
+            LOG.fine("Realm '" + parameters.getRealm() + "' doesn't match with configured realm '" + getRealm() + "'");
+            return new ClaimCollection();
+        }
+        if (getUserClaims() == null || parameters.getPrincipal() == null) {
+            return new ClaimCollection();
+        }
+
+        if (claims == null || claims.size() == 0) {
+            LOG.fine("No claims requested");
+            return new ClaimCollection();
+        }
+
+        Map<String, String> claimMap = getUserClaims().get(parameters.getPrincipal().getName());
+        if (claimMap == null || claimMap.size() == 0) {
+            LOG.fine("Claims requested for principal '" + parameters.getPrincipal().getName()
+                     + "' but not found");
+            return new ClaimCollection();
+        }
+        LOG.fine("Claims found for principal '" + parameters.getPrincipal().getName() + "'");
+
+        if (claims != null && claims.size() > 0) {
+            ClaimCollection claimCollection = new ClaimCollection();
+            for (RequestClaim requestClaim : claims) { 
+                String claimValue = claimMap.get(requestClaim.getClaimType().toString());
+                if (claimValue != null) {
+                    Claim claim = new Claim();
+                    claim.setClaimType(requestClaim.getClaimType());
+                    claim.setIssuer("Test Issuer");
+                    claim.setOriginalIssuer("Original Issuer");
+                    claim.addValue(claimValue);
+                    claimCollection.add(claim);
+                }   
+            }
+            return claimCollection;
+        }
+        return null;
+
+    }
+
+
+
+}

Added: cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/SamlRealmCodec.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/SamlRealmCodec.java?rev=1482105&view=auto
==============================================================================
--- cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/SamlRealmCodec.java (added)
+++ cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/SamlRealmCodec.java Mon May 13 21:01:51 2013
@@ -0,0 +1,47 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.sts.realms;
+
+import java.security.cert.X509Certificate;
+
+import javax.security.auth.x500.X500Principal;
+
+import org.apache.cxf.sts.token.realm.SAMLRealmCodec;
+import org.apache.ws.security.saml.SAMLKeyInfo;
+import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class SamlRealmCodec implements SAMLRealmCodec {
+
+    private static final Logger LOG = LoggerFactory.getLogger(SamlRealmCodec.class);
+
+    @Override
+    public String getRealmFromToken(AssertionWrapper assertion) {
+        SAMLKeyInfo ki = assertion.getSignatureKeyInfo();
+        X509Certificate[] certs = ki.getCerts();
+        X500Principal subject = certs[0].getSubjectX500Principal();
+        String name = subject.getName();
+        String realm = name.substring(name.indexOf("CN=") + 3);
+        LOG.info("Realm parsed in certificate: " + realm);
+        return realm.toUpperCase();
+    }
+
+}

Added: cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/UriRealmParser.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/UriRealmParser.java?rev=1482105&view=auto
==============================================================================
--- cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/UriRealmParser.java (added)
+++ cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/UriRealmParser.java Mon May 13 21:01:51 2013
@@ -0,0 +1,64 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.sts.realms;
+
+import java.util.StringTokenizer;
+
+import javax.xml.ws.WebServiceContext;
+
+import org.apache.cxf.sts.RealmParser;
+import org.apache.cxf.ws.security.sts.provider.STSException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class UriRealmParser implements RealmParser {
+
+    public enum REALMS { REALMA, REALMB };
+
+    private static final Logger LOG = LoggerFactory.getLogger(UriRealmParser.class);
+
+    @Override
+    public String parseRealm(WebServiceContext context) throws STSException {
+        String url = (String)context.getMessageContext().get("org.apache.cxf.request.url");
+
+        // Get the realm of the request url
+        // Example: https://localhost:9443/fediz-idp-sts/REALMA/STSServiceTransport
+        // realm = REALMA
+        StringTokenizer st = new StringTokenizer(url, "/");
+        String realm = null;
+        int count = st.countTokens();
+        if (count <= 1) {
+            return null;
+        }
+        count--;
+        for (int i = 0; i < count; i++) {
+            realm = st.nextToken();
+        }
+        realm = realm.toUpperCase();
+        try {
+            REALMS.valueOf(realm);
+        } catch (IllegalArgumentException ex) {
+            LOG.warn("Unknown realm: " + realm);
+            throw new STSException("Unknown realm: " + realm);
+        }
+        return realm;
+    }
+
+}

Added: cxf/fediz/trunk/services/sts/src/realms/resources/log4j.properties
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/realms/resources/log4j.properties?rev=1482105&view=auto
==============================================================================
--- cxf/fediz/trunk/services/sts/src/realms/resources/log4j.properties (added)
+++ cxf/fediz/trunk/services/sts/src/realms/resources/log4j.properties Mon May 13 21:01:51 2013
@@ -0,0 +1,14 @@
+# Set root category priority to INFO and its only appender to CONSOLE.
+#log4j.rootCategory=FATAL, CONSOLE
+log4j.rootLogger=INFO, CONSOLE
+log4j.logger.org.apache.cxf.sts=DEBUG, CONSOLE
+log4j.additivity.org.apache.cxf.sts=false
+log4j.logger.org.apache.cxf.fediz=DEBUG, CONSOLE
+log4j.additivity.org.apache.cxf.fediz=false
+
+# CONSOLE is set to be a ConsoleAppender using a PatternLayout.
+log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
+log4j.appender.CONSOLE.Threshold=DEBUG
+log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
+log4j.appender.CONSOLE.layout.ConversionPattern=%d [%t] %-5p %c %x - %m%n
+

Added: cxf/fediz/trunk/services/sts/src/realms/resources/org.apache.cxf.Logger
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/realms/resources/org.apache.cxf.Logger?rev=1482105&view=auto
==============================================================================
--- cxf/fediz/trunk/services/sts/src/realms/resources/org.apache.cxf.Logger (added)
+++ cxf/fediz/trunk/services/sts/src/realms/resources/org.apache.cxf.Logger Mon May 13 21:01:51 2013
@@ -0,0 +1 @@
+org.apache.cxf.common.logging.Log4JLogger
\ No newline at end of file

Added: cxf/fediz/trunk/services/sts/src/realms/resources/realma.cert
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/realms/resources/realma.cert?rev=1482105&view=auto
==============================================================================
Files cxf/fediz/trunk/services/sts/src/realms/resources/realma.cert (added) and cxf/fediz/trunk/services/sts/src/realms/resources/realma.cert Mon May 13 21:01:51 2013 differ

Added: cxf/fediz/trunk/services/sts/src/realms/resources/realmb.cert
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/realms/resources/realmb.cert?rev=1482105&view=auto
==============================================================================
Files cxf/fediz/trunk/services/sts/src/realms/resources/realmb.cert (added) and cxf/fediz/trunk/services/sts/src/realms/resources/realmb.cert Mon May 13 21:01:51 2013 differ

Added: cxf/fediz/trunk/services/sts/src/realms/resources/stsKeystoreA.properties
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/realms/resources/stsKeystoreA.properties?rev=1482105&view=auto
==============================================================================
--- cxf/fediz/trunk/services/sts/src/realms/resources/stsKeystoreA.properties (added)
+++ cxf/fediz/trunk/services/sts/src/realms/resources/stsKeystoreA.properties Mon May 13 21:01:51 2013
@@ -0,0 +1,6 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=storepass
+org.apache.ws.security.crypto.merlin.keystore.alias=realma
+org.apache.ws.security.crypto.merlin.file=stsrealm_a.jks
+

Added: cxf/fediz/trunk/services/sts/src/realms/resources/stsKeystoreB.properties
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/realms/resources/stsKeystoreB.properties?rev=1482105&view=auto
==============================================================================
--- cxf/fediz/trunk/services/sts/src/realms/resources/stsKeystoreB.properties (added)
+++ cxf/fediz/trunk/services/sts/src/realms/resources/stsKeystoreB.properties Mon May 13 21:01:51 2013
@@ -0,0 +1,6 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=storepass
+org.apache.ws.security.crypto.merlin.keystore.alias=realmb
+org.apache.ws.security.crypto.merlin.file=stsrealm_b.jks
+

Added: cxf/fediz/trunk/services/sts/src/realms/resources/stsTruststore.properties
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/realms/resources/stsTruststore.properties?rev=1482105&view=auto
==============================================================================
--- cxf/fediz/trunk/services/sts/src/realms/resources/stsTruststore.properties (added)
+++ cxf/fediz/trunk/services/sts/src/realms/resources/stsTruststore.properties Mon May 13 21:01:51 2013
@@ -0,0 +1,5 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=storepass
+org.apache.ws.security.crypto.merlin.file=ststrust.jks
+

Added: cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_a.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_a.jks?rev=1482105&view=auto
==============================================================================
Files cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_a.jks (added) and cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_a.jks Mon May 13 21:01:51 2013 differ

Added: cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_b.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_b.jks?rev=1482105&view=auto
==============================================================================
Files cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_b.jks (added) and cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_b.jks Mon May 13 21:01:51 2013 differ

Added: cxf/fediz/trunk/services/sts/src/realms/resources/ststrust.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/realms/resources/ststrust.jks?rev=1482105&view=auto
==============================================================================
Files cxf/fediz/trunk/services/sts/src/realms/resources/ststrust.jks (added) and cxf/fediz/trunk/services/sts/src/realms/resources/ststrust.jks Mon May 13 21:01:51 2013 differ

Added: cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/cxf-transport.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/cxf-transport.xml?rev=1482105&view=auto
==============================================================================
--- cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/cxf-transport.xml (added)
+++ cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/cxf-transport.xml Mon May 13 21:01:51 2013
@@ -0,0 +1,218 @@
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:cxf="http://cxf.apache.org/core" xmlns:jaxws="http://cxf.apache.org/jaxws"
+	xmlns:test="http://apache.org/hello_world_soap_http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:util="http://www.springframework.org/schema/util" xmlns:http="http://cxf.apache.org/transports/http/configuration"
+	xmlns:sec="http://cxf.apache.org/configuration/security"
+	xsi:schemaLocation="
+        http://cxf.apache.org/core
+        http://cxf.apache.org/schemas/core.xsd
+        http://www.springframework.org/schema/beans
+        http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+        http://cxf.apache.org/jaxws                                     
+        http://cxf.apache.org/schemas/jaxws.xsd
+        http://www.springframework.org/schema/util
+        http://www.springframework.org/schema/util/spring-util-2.0.xsd
+        http://cxf.apache.org/transports/http/configuration
+        http://cxf.apache.org/schemas/configuration/http-conf.xsd
+        http://cxf.apache.org/configuration/security
+        http://cxf.apache.org/schemas/configuration/security.xsd">
+
+	<import resource="classpath:META-INF/cxf/cxf.xml" />
+
+	<import resource="passwords.xml" />
+	<import resource="userClaims.xml" />
+
+	<cxf:bus>
+		<cxf:features>
+			<cxf:logging />
+		</cxf:features>
+	</cxf:bus>
+
+	<bean id="transportSTSProviderBean"
+		class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider">
+		<property name="issueOperation" ref="transportIssueDelegate" />
+		<property name="validateOperation" ref="transportValidateDelegate" />
+	</bean>
+
+	<bean id="transportIssueDelegate" class="org.apache.cxf.sts.operation.TokenIssueOperation">
+		<property name="tokenProviders" ref="transportTokenProviders" />
+		<property name="services" ref="transportService" />
+		<property name="stsProperties" ref="transportSTSProperties" />
+		<property name="claimsManager" ref="claimsManager" />
+		<property name="tokenValidators" ref="transportTokenValidators" />
+	</bean>
+
+	<bean id="transportValidateDelegate" class="org.apache.cxf.sts.operation.TokenValidateOperation">
+		<property name="tokenValidators" ref="transportTokenValidators" />
+		<property name="stsProperties" ref="transportSTSProperties" />
+	</bean>
+    
+    <util:list id="relationships">
+		<bean class="org.apache.cxf.sts.token.realm.Relationship">
+			<property name="sourceRealm" value="REALMA" />
+			<property name="targetRealm" value="REALMB"/>
+			<property name="identityMapper" ref="identityMapper" />
+			<property name="type" value="FederatedIdentity" />
+		</bean>
+		<bean class="org.apache.cxf.sts.token.realm.Relationship">
+			<property name="sourceRealm" value="REALMB" />
+			<property name="targetRealm" value="REALMA"/>
+			<property name="identityMapper" ref="identityMapper" />
+			<property name="type" value="FederatedIdentity" />
+		</bean>		
+	</util:list>
+ 
+ 
+	<util:list id="transportTokenProviders">
+		<ref bean="transportSamlTokenProvider" />
+	</util:list>
+
+	<util:list id="transportTokenValidators">
+		<ref bean="transportSamlTokenValidator" />
+	</util:list>
+
+
+	<bean id="realmA"
+        class="org.apache.cxf.sts.token.realm.SAMLRealm">
+        <property name="issuer" value="STS Realm A"/>
+        <property name="signaturePropertiesFile" value="stsKeystoreA.properties" />
+        <property name="callbackHandlerClass" value="org.apache.cxf.fediz.service.sts.PasswordCallbackHandler" />
+    </bean>
+    
+    <bean id="realmB"
+        class="org.apache.cxf.sts.token.realm.SAMLRealm">
+        <property name="issuer" value="STS Realm B"/>
+        <property name="signaturePropertiesFile" value="stsKeystoreB.properties" />
+        <property name="callbackHandlerClass" value="org.apache.cxf.fediz.service.sts.PasswordCallbackHandler" />
+    </bean>
+    
+    <util:map id="realms">
+        <entry key="REALMA" value-ref="realmA"/>
+        <entry key="REALMB" value-ref="realmB"/>
+    </util:map>
+
+
+	<bean id="transportSamlTokenProvider" class="org.apache.cxf.sts.token.provider.SAMLTokenProvider">
+		<property name="attributeStatementProviders" ref="attributeStatementProvidersList" />
+		<property name="realmMap" ref="realms" />
+		<property name="conditionsProvider" ref="conditionsProvider" />
+	</bean>
+	
+	<bean id="conditionsProvider"
+		class="org.apache.cxf.sts.token.provider.DefaultConditionsProvider">
+		<property name="lifetime" value="1200" />
+		<property name="acceptClientLifetime" value="true" />
+	</bean>
+
+	<util:list id="attributeStatementProvidersList">
+		<ref bean="claimAttributeProvider" />
+	</util:list>
+
+	<bean id="claimAttributeProvider"
+		class="org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider">
+	</bean>
+
+	<bean id="claimsManager" class="org.apache.cxf.sts.claims.ClaimsManager">
+		<property name="claimHandlers" ref="claimHandlerList" />
+	</bean>
+
+	<util:list id="claimHandlerList">
+		<ref bean="claimsHandlerA" />
+		<ref bean="claimsHandlerB" />
+	</util:list>
+    
+	<bean id="claimsHandlerA" class="org.apache.cxf.fediz.service.sts.realms.RealmFileClaimsHandler">
+		<property name="userClaims" ref="userClaimsREALMA" />
+		<property name="supportedClaims" ref="supportedClaims" />
+		<property name="realm" value="REALMA" />
+	</bean>
+	
+	<bean id="claimsHandlerB" class="org.apache.cxf.fediz.service.sts.realms.RealmFileClaimsHandler">
+		<property name="userClaims" ref="userClaimsREALMB" />
+		<property name="supportedClaims" ref="supportedClaims" />
+		<property name="realm" value="REALMB" />
+	</bean>
+	
+	<bean id="identityMapper" class="org.apache.cxf.fediz.service.sts.realms.IdentityMapperImpl" />
+	
+	<bean id="samlRealmCodec" class="org.apache.cxf.fediz.service.sts.realms.SamlRealmCodec" />
+	
+	<bean id="customRealmParser" class="org.apache.cxf.fediz.service.sts.realms.UriRealmParser"/>
+	
+    <bean id="upCallBackHandlerRealmA"
+		class="org.apache.cxf.fediz.service.sts.UsernamePasswordCallbackHandler">
+		<property name="passwords" ref="REALMA" />
+	</bean>
+
+    <bean id="upCallBackHandlerRealmB"
+		class="org.apache.cxf.fediz.service.sts.UsernamePasswordCallbackHandler">
+		<property name="passwords" ref="REALMB" />
+	</bean>
+	
+	<bean id="transportSamlTokenValidator" class="org.apache.cxf.sts.token.validator.SAMLTokenValidator">
+	    <property name="samlRealmCodec" ref="samlRealmCodec" />
+	</bean>
+	
+	<bean id="transportUsernameTokenValidator"
+		class="org.apache.cxf.sts.token.validator.UsernameTokenValidator">
+	</bean>
+
+	<bean id="transportService" class="org.apache.cxf.sts.service.StaticService">
+		<property name="endpoints" ref="transportEndpoints" />
+	</bean>
+
+	<util:list id="transportEndpoints">
+		<value>.*</value>
+	</util:list>
+	  
+	<bean id="transportSTSProperties" class="org.apache.cxf.sts.StaticSTSProperties">
+		<property name="callbackHandlerClass"
+			value="org.apache.cxf.fediz.service.sts.PasswordCallbackHandler" />
+		<property name="issuer" value="Fediz STS" />
+		<property name="realmParser" ref="customRealmParser"/>
+		<property name="signaturePropertiesFile" value="stsTruststore.properties" />
+		<property name="relationships" ref="relationships" />
+	</bean>
+	
+	
+	<jaxws:endpoint id="transportSTSRealmA" implementor="#transportSTSProviderBean"
+		address="/REALMA/STSServiceTransport" wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
+		xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+		serviceName="ns1:SecurityTokenService" endpointName="ns1:Transport_Port">
+		<jaxws:properties>
+		</jaxws:properties>
+	</jaxws:endpoint>
+	
+
+
+	<jaxws:endpoint id="transportSTSRealmB" implementor="#transportSTSProviderBean"
+		address="/REALMB/STSServiceTransport" wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
+		xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+		serviceName="ns1:SecurityTokenService" endpointName="ns1:Transport_Port">
+		<jaxws:properties>
+		</jaxws:properties>
+	</jaxws:endpoint>
+
+	<jaxws:endpoint id="transportSTSRealmAUT" implementor="#transportSTSProviderBean"
+		address="/REALMA/STSServiceTransportUT" wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
+		xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+		serviceName="ns1:SecurityTokenService" endpointName="ns1:TransportUT_Port">
+		<jaxws:properties>
+			<entry key="ws-security.callback-handler" value-ref="upCallBackHandlerRealmA" />
+		</jaxws:properties>
+	</jaxws:endpoint>
+
+	<jaxws:endpoint id="transportSTSRealmBUT" implementor="#transportSTSProviderBean"
+		address="/REALMB/STSServiceTransportUT" wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
+		xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+		serviceName="ns1:SecurityTokenService" endpointName="ns1:TransportUT_Port">
+		<jaxws:properties>
+			<entry key="ws-security.callback-handler" value-ref="upCallBackHandlerRealmB" />
+		</jaxws:properties>
+	</jaxws:endpoint>
+
+
+
+ 
+</beans>
+

Added: cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/passwords.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/passwords.xml?rev=1482105&view=auto
==============================================================================
--- cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/passwords.xml (added)
+++ cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/passwords.xml Mon May 13 21:01:51 2013
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:util="http://www.springframework.org/schema/util"
+	xsi:schemaLocation="
+        http://www.springframework.org/schema/beans
+        http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+        http://www.springframework.org/schema/util
+        http://www.springframework.org/schema/util/spring-util-2.0.xsd">
+
+
+	<util:map id="REALMA">
+		<entry key="alice"
+			value="ecila" />
+		<entry key="bob"
+			value="bob" />
+		<entry key="ted"
+			value="det" />
+	</util:map>
+	
+	<util:map id="REALMB">
+		<entry key="ALICE"
+			value="ECILA" />
+		<entry key="BOB"
+			value="BOB" />
+		<entry key="TED"
+			value="DET" />
+	</util:map>
+
+</beans>
\ No newline at end of file

Added: cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/userClaims.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/userClaims.xml?rev=1482105&view=auto
==============================================================================
--- cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/userClaims.xml (added)
+++ cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/userClaims.xml Mon May 13 21:01:51 2013
@@ -0,0 +1,103 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:util="http://www.springframework.org/schema/util"
+	xsi:schemaLocation="
+        http://www.springframework.org/schema/beans
+        http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+        http://www.springframework.org/schema/util
+        http://www.springframework.org/schema/util/spring-util-2.0.xsd">
+
+	<util:map id="userClaimsREALMA">
+		<entry key="alice"
+			value-ref="REALMA_aliceClaims" />
+		<entry key="bob"
+			value-ref="REALMA_bobClaims" />
+		<entry key="ted"
+			value-ref="REALMA_tedClaims" />
+	</util:map>
+	
+	<util:map id="REALMA_aliceClaims">
+		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+			value="Alice" />
+		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+			value="Smith" />
+		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+			value="alice@realma.org" />
+		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+			value="User" />
+			
+	</util:map>
+	
+	<util:map id="REALMA_bobClaims">
+		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+			value="Bob" />
+		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+			value="Windsor" />
+		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+			value="bobwindsor@realma.org" />
+		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+			value="user,manager,admin" />
+	</util:map>
+	
+	<util:map id="REALMA_tedClaims">
+		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+			value="Ted" />
+		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+			value="Cooper" />
+		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+			value="tcooper@realma.org" />
+		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+			value="" />			
+	</util:map>
+	
+	<util:map id="userClaimsREALMB">
+		<entry key="ALICE"
+			value-ref="REALMB_aliceClaims" />
+		<entry key="BOB"
+			value-ref="REALMB_bobClaims" />
+		<entry key="TED"
+			value-ref="REALMB_tedClaims" />
+	</util:map>
+	
+	<util:map id="REALMB_aliceClaims">
+		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+			value="Alice" />
+		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+			value="Smith" />
+		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+			value="alice@realmb.org" />
+		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+			value="USER" />
+			
+	</util:map>
+	
+	<util:map id="REALMB_bobClaims">
+		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+			value="Bob" />
+		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+			value="Windsor" />
+		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+			value="bobwindsor@realmb.org" />
+		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+			value="USER,MANAGER,ADMIN" />
+	</util:map>
+	
+	<util:map id="REALMB_tedClaims">
+		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+			value="Ted" />
+		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+			value="Cooper" />
+		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+			value="tcooper@realmb.org" />
+		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+			value="" />			
+	</util:map>
+	
+	<util:list id="supportedClaims">
+		<value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname</value>
+		<value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname</value>
+		<value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress</value>
+		<value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</value>
+	</util:list>
+
+</beans>
\ No newline at end of file



Mime
View raw message