cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From owu...@apache.org
Subject svn commit: r1483086 - in /cxf/fediz/trunk/services/idp/src/main: java/org/apache/cxf/fediz/service/idp/ java/org/apache/cxf/fediz/service/idp/model/ java/org/apache/cxf/fediz/service/idp/service/ webapp/WEB-INF/
Date Wed, 15 May 2013 21:17:36 GMT
Author: owulff
Date: Wed May 15 21:17:35 2013
New Revision: 1483086

URL: http://svn.apache.org/r1483086
Log:
[FEDIZ-3] added configuration beans

Added:
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/FederationEntryPoint.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/IDPConfig.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/RequestClaim.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/ServiceConfig.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/TrustedIDPConfig.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigService.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigServiceJPA.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigServiceSpring.java
    cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realma.xml
    cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realmb.xml
Modified:
    cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml

Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/FederationEntryPoint.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/FederationEntryPoint.java?rev=1483086&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/FederationEntryPoint.java
(added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/FederationEntryPoint.java
Wed May 15 21:17:35 2013
@@ -0,0 +1,149 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp;
+
+import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.URL;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.cxf.fediz.core.FederationConstants;
+import org.apache.cxf.fediz.service.idp.model.IDPConfig;
+import org.apache.cxf.fediz.service.idp.service.ConfigService;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import org.springframework.beans.BeansException;
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.ApplicationContextAware;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.util.Assert;
+
+
+/**
+ * Used by the <code>ExceptionTranslationFilter</code> to commence authentication
via the
+ * WS-Federation protocol.
+ * <p>
+ * The user's browser will be redirected to the IDP.
+ *
+ */
+public class FederationEntryPoint implements AuthenticationEntryPoint,
+    InitializingBean, ApplicationContextAware {
+    
+    private static final Logger LOG = LoggerFactory.getLogger(FederationEntryPoint.class);
+    
+    private ApplicationContext appContext;
+    private ConfigService configService;
+    private String realm;
+    private IDPConfig idpConfig;
+
+    public ConfigService getConfigService() {
+        return configService;
+    }
+
+    public void setConfigService(ConfigService configService) {
+        this.configService = configService;
+    }
+    
+    public String getRealm() {
+        return realm;
+    }
+
+    public void setRealm(String realm) {
+        this.realm = realm;
+    }
+    
+    public void afterPropertiesSet() throws Exception {
+        Assert.notNull(this.appContext, "ApplicationContext cannot be null.");
+        Assert.notNull(this.configService, "ConfigService cannot be null.");
+        Assert.notNull(this.realm, "realm cannot be null.");
+        idpConfig = configService.getIDPConfig(realm);
+        Assert.notNull(this.idpConfig, "idpConfig cannot be null. Check realm and config
service implementation");
+    }
+
+    public final void commence(final HttpServletRequest servletRequest, final HttpServletResponse
response,
+            final AuthenticationException authenticationException) throws IOException, ServletException
{
+
+        String redirectUrl = null;
+        String wauth = servletRequest.getParameter(FederationConstants.PARAM_AUTH_TYPE);
+        if (wauth == null) {
+            wauth = "default";
+        }
+        String loginUri = idpConfig.getAuthenticationURIs().get(wauth);
+        if (loginUri == null) {
+            LOG.warn("wauth value '" + wauth + "' not supported");
+            response.sendError(
+                    HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "wauth value '" + wauth
+ "' not supported");
+        }
+        redirectUrl = new StringBuffer(extractFullContextPath(servletRequest))
+            .append(realm).append(loginUri).toString();
+        
+        preCommence(servletRequest, response);
+        if (LOG.isInfoEnabled()) {
+            LOG.info("Redirect to " + redirectUrl);
+        }  
+        response.sendRedirect(redirectUrl);
+    }
+
+
+    /**
+     * Template method for you to do your own pre-processing before the redirect occurs.
+     *
+     * @param request the HttpServletRequest
+     * @param response the HttpServletResponse
+     */
+    protected void preCommence(final HttpServletRequest request, final HttpServletResponse
response) {
+
+    }
+
+    @Override
+    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException
{
+        this.appContext = applicationContext;
+    }
+    
+    protected String extractFullContextPath(HttpServletRequest request) throws MalformedURLException
{
+        String result = null;
+        String contextPath = request.getContextPath();
+        String requestUrl = request.getRequestURL().toString();
+        String requestPath = new URL(requestUrl).getPath();
+        // Cut request path of request url and add context path if not ROOT
+        if (requestPath != null && requestPath.length() > 0) {
+            int lastIndex = requestUrl.lastIndexOf(requestPath);
+            result = requestUrl.substring(0, lastIndex);
+        } else {
+            result = requestUrl;
+        }
+        if (contextPath != null && contextPath.length() > 0) {
+            // contextPath contains starting slash
+            result = result + contextPath + "/";
+        } else {
+            result = result + "/";
+        }
+        return result;
+    }
+
+
+
+}

Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/IDPConfig.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/IDPConfig.java?rev=1483086&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/IDPConfig.java
(added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/IDPConfig.java
Wed May 15 21:17:35 2013
@@ -0,0 +1,230 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.model;
+
+import java.util.List;
+import java.util.Map;
+
+//import javax.persistence.Column;
+//import javax.persistence.Entity;
+//import javax.persistence.Id;
+//import javax.persistence.Table;
+
+//@Entity
+//@Table(name = "IDP")
+public class IDPConfig {
+        
+    //@Id
+    //private Long id;
+
+    //@Column(name = "REALM", nullable = false, length = FIELD_LENGTH)
+    //Unique
+    //fed:TargetScope
+    private String realm;  //wtrealm, whr
+
+    //Unique
+    //https://<host>:<port>/fediz-idp/<IDP uri>/
+    private String uri;
+    
+    //Home Realm Discovery Service
+    //Spring EL
+    private String hrds;
+    
+    //@Column(name = "INACTIVE", nullable = true, length = FIELD_LENGTH)
+    //if HRDS can't determine the home realm, should
+    //the list of trusted IDPs be shown to make a choice
+    private boolean provideIDPList;
+    
+    //If HRDS can't discover a home realm and displaying IDP list is not enabled
+    //it falls back to current IDP if an authentication domain is configured
+    private boolean useCurrentIDP;
+    
+    //Store certificate in DB or filesystem, provide options?
+    //md:KeyDescriptor, use="signing"
+    private String certificate;
+    
+    //fed:SecurityTokenSerivceEndpoint
+    private String stsUrl;
+    
+    //fed:PassiveRequestorEndpoint
+    //published hostname, port must be configured
+    private String idpUrl;
+    
+    //RoleDescriptor protocolSupportEnumeration=
+    // "http://docs.oasis-open.org/wsfed/federation/200706"
+    // "http://docs.oasis-open.org/ws-sx/ws-trust/200512"
+    // Could be more in the future
+    private List<String> supportedProtocols;
+    
+    //list of RPs and RP-IDPs from whom we accept SignInResponse
+    //which includes RP IDPs
+    //key: wtrealm
+    private Map<String, ServiceConfig> services;
+    
+    //list of trusted IDP from whom we accept SignInResponse
+    //key: whr
+    private Map<String, TrustedIDPConfig> trustedIDPs;
+    
+    //which URI to redirect for authentication
+    //fediz-idp/<IDP uri>/login/auth/<auth URI>
+    //wauth to auth URI mapping
+    private Map<String, String> authenticationURIs;
+    
+    //required to create Federation Metadata document
+    //fed:TokenTypesOffered
+    private List<String> tokenTypesOffered;
+    
+    //fed:ClaimTypesOffered
+    private List<String> claimTypesOffered;
+    
+    //ServiceDisplayName
+    private String serviceDisplayName;
+    
+    //ServiceDescription
+    private String serviceDescription;
+
+    public String getRealm() {
+        return realm;
+    }
+
+    public void setRealm(String realm) {
+        this.realm = realm;
+    }
+
+    public String getUri() {
+        return uri;
+    }
+
+    public void setUri(String uri) {
+        this.uri = uri;
+    }
+
+    public String getHrds() {
+        return hrds;
+    }
+
+    public void setHrds(String hrds) {
+        this.hrds = hrds;
+    }
+
+    public boolean isProvideIDPList() {
+        return provideIDPList;
+    }
+
+    public void setProvideIDPList(boolean provideIDPList) {
+        this.provideIDPList = provideIDPList;
+    }
+
+    public boolean isUseCurrentIDP() {
+        return useCurrentIDP;
+    }
+
+    public void setUseCurrentIDP(boolean useCurrentIDP) {
+        this.useCurrentIDP = useCurrentIDP;
+    }
+
+    public String getCertificate() {
+        return certificate;
+    }
+
+    public void setCertificate(String certificate) {
+        this.certificate = certificate;
+    }
+
+    public String getStsUrl() {
+        return stsUrl;
+    }
+
+    public void setStsUrl(String stsUrl) {
+        this.stsUrl = stsUrl;
+    }
+
+    public String getIdpUrl() {
+        return idpUrl;
+    }
+
+    public void setIdpUrl(String idpUrl) {
+        this.idpUrl = idpUrl;
+    }
+
+    public List<String> getSupportedProtocols() {
+        return supportedProtocols;
+    }
+
+    public void setSupportedProtocols(List<String> supportedProtocols) {
+        this.supportedProtocols = supportedProtocols;
+    }
+
+    public Map<String, ServiceConfig> getServices() {
+        return services;
+    }
+
+    public void setServices(Map<String, ServiceConfig> services) {
+        this.services = services;
+    }
+
+    public Map<String, TrustedIDPConfig> getTrustedIDPs() {
+        return trustedIDPs;
+    }
+
+    public void setTrustedIDPs(Map<String, TrustedIDPConfig> trustedIDPs) {
+        this.trustedIDPs = trustedIDPs;
+    }
+
+    public Map<String, String> getAuthenticationURIs() {
+        return authenticationURIs;
+    }
+
+    public void setAuthenticationURIs(Map<String, String> authenticationURIs) {
+        this.authenticationURIs = authenticationURIs;
+    }
+
+    public List<String> getTokenTypesOffered() {
+        return tokenTypesOffered;
+    }
+
+    public void setTokenTypesOffered(List<String> tokenTypesOffered) {
+        this.tokenTypesOffered = tokenTypesOffered;
+    }
+
+    public List<String> getClaimTypesOffered() {
+        return claimTypesOffered;
+    }
+
+    public void setClaimTypesOffered(List<String> claimTypesOffered) {
+        this.claimTypesOffered = claimTypesOffered;
+    }
+
+    public String getServiceDisplayName() {
+        return serviceDisplayName;
+    }
+
+    public void setServiceDisplayName(String serviceDisplayName) {
+        this.serviceDisplayName = serviceDisplayName;
+    }
+
+    public String getServiceDescription() {
+        return serviceDescription;
+    }
+
+    public void setServiceDescription(String serviceDescription) {
+        this.serviceDescription = serviceDescription;
+    }
+
+}

Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/RequestClaim.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/RequestClaim.java?rev=1483086&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/RequestClaim.java
(added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/RequestClaim.java
Wed May 15 21:17:35 2013
@@ -0,0 +1,42 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.model;
+
+import java.net.URI;
+
+public class RequestClaim {
+    
+    private URI claimType;
+    
+    private boolean optional;
+    
+    
+    public void setClaimType(URI claimType) {
+        this.claimType = claimType;
+    }
+    public URI getClaimType() {
+        return claimType;
+    }
+    public void setOptional(boolean optional) {
+        this.optional = optional;
+    }
+    public boolean isOptional() {
+        return optional;
+    }
+}

Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/ServiceConfig.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/ServiceConfig.java?rev=1483086&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/ServiceConfig.java
(added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/ServiceConfig.java
Wed May 15 21:17:35 2013
@@ -0,0 +1,146 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.model;
+
+import java.util.List;
+
+//import javax.persistence.Column;
+//import javax.persistence.Entity;
+//import javax.persistence.Id;
+//import javax.persistence.Table;
+
+//@Entity
+//@Table(name = "SERVICE")
+public class ServiceConfig {
+
+        
+    //@Id
+    //private Long id;
+
+            
+    //Could be imported from Metadata document or manually filled
+    
+    //@Column(name = "REALM", nullable = true, length = FIELD_LENGTH)
+    private String realm;  //wtrealm, whr
+
+    //Could be read from Metadata, RoleDescriptor protocolSupportEnumeration=
+    // "http://docs.oasis-open.org/wsfed/federation/200706"
+    // Metadata could provide more than one but one must be chosen
+    private String protocol;
+ 
+    // Public key only
+    // Could be read from Metadata, md:KeyDescriptor, use="encryption"
+    private String encryptionCertificate;
+    
+    // Could be read from Metadata, fed:ClaimTypesRequested
+    private List<RequestClaim> requestedClaims;
+    
+    //Could be read from Metadata, ServiceDisplayName
+    //usage for list of application where user is logged in
+    private String serviceDisplayName;
+    
+    //Could be read from Metadata, ServiceDescription
+    //usage for list of application where user is logged in
+    private String serviceDescription;
+    
+    //Could be read from Metadata, RoleDescriptor
+    //fed:ApplicationServiceType, fed:SecurityTokenServiceType
+    private String role;
+    
+    
+    // Not in Metadata, configured in IDP or passed in wreq parameter
+    private String tokenType;
+    
+    // Not in Metadata, configured in IDP or passed in wreq parameter
+    private String lifeTime;
+
+    public String getRealm() {
+        return realm;
+    }
+
+    public void setRealm(String realm) {
+        this.realm = realm;
+    }
+
+    public String getProtocol() {
+        return protocol;
+    }
+
+    public void setProtocol(String protocol) {
+        this.protocol = protocol;
+    }
+
+    public String getEncryptionCertificate() {
+        return encryptionCertificate;
+    }
+
+    public void setEncryptionCertificate(String encryptionCertificate) {
+        this.encryptionCertificate = encryptionCertificate;
+    }
+
+    public List<RequestClaim> getRequestedClaims() {
+        return requestedClaims;
+    }
+
+    public void setRequestedClaims(List<RequestClaim> requestedClaims) {
+        this.requestedClaims = requestedClaims;
+    }
+
+    public String getServiceDisplayName() {
+        return serviceDisplayName;
+    }
+
+    public void setServiceDisplayName(String serviceDisplayName) {
+        this.serviceDisplayName = serviceDisplayName;
+    }
+
+    public String getServiceDescription() {
+        return serviceDescription;
+    }
+
+    public void setServiceDescription(String serviceDescription) {
+        this.serviceDescription = serviceDescription;
+    }
+
+    public String getRole() {
+        return role;
+    }
+
+    public void setRole(String role) {
+        this.role = role;
+    }
+
+    public String getTokenType() {
+        return tokenType;
+    }
+
+    public void setTokenType(String tokenType) {
+        this.tokenType = tokenType;
+    }
+
+    public String getLifeTime() {
+        return lifeTime;
+    }
+
+    public void setLifeTime(String lifeTime) {
+        this.lifeTime = lifeTime;
+    }
+        
+
+}

Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/TrustedIDPConfig.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/TrustedIDPConfig.java?rev=1483086&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/TrustedIDPConfig.java
(added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/model/TrustedIDPConfig.java
Wed May 15 21:17:35 2013
@@ -0,0 +1,150 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.model;
+
+
+//import javax.persistence.Column;
+//import javax.persistence.Entity;
+//import javax.persistence.Id;
+//import javax.persistence.Table;
+
+//@Entity
+//@Table(name = "TRUSTEDIDP")
+public class TrustedIDPConfig {
+
+        
+    //@Id
+    //private Long id;
+
+    //@Column(name = "REALM", nullable = true, length = FIELD_LENGTH)
+    private String realm;  //wtrealm, whr
+
+    // Should tokens be cached from trusted IDPs
+    // to avoid redirection to the trusted IDP again for next SignIn request
+    private boolean cacheTokens;
+    
+    //Could be read from Metadata, PassiveRequestorEndpoint
+    private String url;
+    
+    //Could be read from Metadata, md:KeyDescriptor, use="signing"
+    //Store certificate in DB or filesystem, provide options?
+    private String certificate;
+    
+    //Direct trust (signing cert imported), Indirect trust (CA certs imported, subject configured)
+    private String trustType;
+    
+    //Could be read from Metadata, RoleDescriptor protocolSupportEnumeration=
+    // "http://docs.oasis-open.org/wsfed/federation/200706"
+    // Metadata could provide more than one but one must be chosen
+    private String protocol;
+    
+    //FederateIdentity, FederateClaims
+    private String federationType;
+    
+    //optional (to provide a list of IDPs)
+    private String name;
+    
+    //optional (to provide a list of IDPs)
+    private String description;
+    
+    //optional (to provide a list of IDPs)
+    private String logo;
+
+    public String getRealm() {
+        return realm;
+    }
+
+    public void setRealm(String realm) {
+        this.realm = realm;
+    }
+
+    public boolean isCacheTokens() {
+        return cacheTokens;
+    }
+
+    public void setCacheTokens(boolean cacheTokens) {
+        this.cacheTokens = cacheTokens;
+    }
+
+    public String getUrl() {
+        return url;
+    }
+
+    public void setUrl(String url) {
+        this.url = url;
+    }
+
+    public String getCertificate() {
+        return certificate;
+    }
+
+    public void setCertificate(String certificate) {
+        this.certificate = certificate;
+    }
+
+    public String getProtocol() {
+        return protocol;
+    }
+
+    public void setProtocol(String protocol) {
+        this.protocol = protocol;
+    }
+
+    public String getFederationType() {
+        return federationType;
+    }
+
+    public void setFederationType(String federationType) {
+        this.federationType = federationType;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public String getDescription() {
+        return description;
+    }
+
+    public void setDescription(String description) {
+        this.description = description;
+    }
+
+    public String getLogo() {
+        return logo;
+    }
+
+    public void setLogo(String logo) {
+        this.logo = logo;
+    }
+
+    public String getTrustType() {
+        return trustType;
+    }
+
+    public void setTrustType(String trustType) {
+        this.trustType = trustType;
+    }
+               
+
+}

Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigService.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigService.java?rev=1483086&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigService.java
(added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigService.java
Wed May 15 21:17:35 2013
@@ -0,0 +1,29 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.service;
+
+import org.apache.cxf.fediz.service.idp.model.IDPConfig;
+import org.apache.cxf.fediz.service.idp.model.ServiceConfig;
+
+public interface ConfigService {
+    
+    ServiceConfig getServiceConfig(String realm);
+    
+    IDPConfig getIDPConfig(String realm);
+}

Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigServiceJPA.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigServiceJPA.java?rev=1483086&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigServiceJPA.java
(added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigServiceJPA.java
Wed May 15 21:17:35 2013
@@ -0,0 +1,38 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.service;
+
+import org.apache.cxf.fediz.service.idp.model.IDPConfig;
+import org.apache.cxf.fediz.service.idp.model.ServiceConfig;
+
+public class ConfigServiceJPA implements ConfigService {
+
+    @Override
+    public ServiceConfig getServiceConfig(String realm) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    public IDPConfig getIDPConfig(String realm) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+}

Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigServiceSpring.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigServiceSpring.java?rev=1483086&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigServiceSpring.java
(added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigServiceSpring.java
Wed May 15 21:17:35 2013
@@ -0,0 +1,69 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.service;
+
+import java.util.List;
+
+import org.apache.cxf.fediz.service.idp.model.IDPConfig;
+import org.apache.cxf.fediz.service.idp.model.ServiceConfig;
+
+public class ConfigServiceSpring implements ConfigService {
+
+    private List<ServiceConfig> serviceConfigs;
+    private List<IDPConfig> idpConfigs;
+
+    
+    
+    @Override
+    public ServiceConfig getServiceConfig(String realm) {
+        for (ServiceConfig cfg : serviceConfigs) {
+            if (realm.equals(cfg.getRealm())) {
+                return cfg;
+            }
+        }
+        return null;
+    }
+
+    @Override
+    public IDPConfig getIDPConfig(String realm) {
+        for (IDPConfig cfg : idpConfigs) {
+            if (realm.equals(cfg.getRealm())) {
+                return cfg;
+            }
+        }
+        return null;
+    }
+    
+    public List<ServiceConfig> getServiceConfigs() {
+        return serviceConfigs;
+    }
+
+    public void setServiceConfigs(List<ServiceConfig> serviceConfigs) {
+        this.serviceConfigs = serviceConfigs;
+    }
+
+    public List<IDPConfig> getIdpConfigs() {
+        return idpConfigs;
+    }
+
+    public void setIdpConfigs(List<IDPConfig> idpConfigs) {
+        this.idpConfigs = idpConfigs;
+    }
+
+}

Modified: cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml?rev=1483086&r1=1483085&r2=1483086&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml (original)
+++ cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml Wed May 15
21:17:35 2013
@@ -21,6 +21,8 @@
 	<import resource="classpath:META-INF/cxf/cxf.xml" />
 
     <import resource="security-config.xml" />
+    <import resource="idp-config-realma.xml" />
+    <!--<import resource="idp-config-realmb.xml" />-->
 
 	<cxf:bus>
 		<cxf:features>

Added: cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realma.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realma.xml?rev=1483086&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realma.xml (added)
+++ cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realma.xml Wed May 15
21:17:35 2013
@@ -0,0 +1,133 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:cxf="http://cxf.apache.org/core" xmlns:jaxws="http://cxf.apache.org/jaxws"
+	xmlns:test="http://apache.org/hello_world_soap_http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:util="http://www.springframework.org/schema/util" xmlns:http="http://cxf.apache.org/transports/http/configuration"
+	xmlns:sec="http://cxf.apache.org/configuration/security"
+	xsi:schemaLocation="
+        http://cxf.apache.org/core
+        http://cxf.apache.org/schemas/core.xsd
+        http://www.springframework.org/schema/beans
+        http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+        http://cxf.apache.org/jaxws                                     
+        http://cxf.apache.org/schemas/jaxws.xsd
+        http://www.springframework.org/schema/util
+        http://www.springframework.org/schema/util/spring-util-2.0.xsd
+        http://cxf.apache.org/transports/http/configuration
+        http://cxf.apache.org/schemas/configuration/http-conf.xsd
+        http://cxf.apache.org/configuration/security
+        http://cxf.apache.org/schemas/configuration/security.xsd">
+
+
+    <bean id="config" class="org.apache.cxf.fediz.service.idp.service.ConfigServiceSpring">
+    	<property name="idpConfigs">
+    		<util:list>
+    			<ref bean="idp-realmA" />
+    		</util:list>
+    	</property>
+    	<property name="serviceConfigs">
+    		<util:list>
+    			<ref bean="srv-fedizhelloworld" />
+    		</util:list>
+    	</property>     	
+    </bean>        
+	
+    <bean id="idp-realmA" class="org.apache.cxf.fediz.service.idp.model.IDPConfig">
+        <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-A" />
+        <property name="uri" value="realma" />
+        <!--<property name="hrds" value="" />--> <!-- TBD, not defined, provide
list if enabled -->
+        <property name="provideIDPList" value="true" />
+        <property name="useCurrentIDP" value="true" />
+        <!--<property name="certificate" value="" />-->   <!--  STS will sign
it -->
+        <property name="stsUrl" value="https://localhost:0/fediz-idp-sts/REALMA" />
+        <property name="idpUrl" value="https://localhost:9443/fediz-idp/federation" />
+        <property name="supportedProtocols">
+        	<util:list>
+        		<value>http://docs.oasis-open.org/wsfed/federation/200706</value>
+        		<value>http://docs.oasis-open.org/ws-sx/ws-trust/200512</value>
+        	</util:list>
+        </property>
+        <property name="services">
+        	<util:map>
+				<entry key="urn:org:apache:cxf:fediz:fedizhelloworld" value-ref="srv-fedizhelloworld"
/>
+        	</util:map>
+        </property>
+        <property name="trustedIDPs">
+        	<util:map>
+				<entry key="urn:org:apache:cxf:fediz:idp:realm-B" value-ref="trusted-idp-realmB" />
+        	</util:map>
+        </property>
+        <property name="serviceDisplayName" value="REALM A" />
+        <property name="serviceDescription" value="IDP of Realm A" />
+    </bean>
+
+
+    <bean id="trusted-idp-realmB" class="org.apache.cxf.fediz.service.idp.model.TrustedIDPConfig">
+        <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-B" />
+        <property name="cacheTokens" value="true" />
+        <property name="url" value="https://localhost:7443/fediz-idp/federation/REALMB"
/>
+        <property name="certificate" value="..." /> <!-- STS should now -->
+        <property name="trustType" value="PEER_TRUST" />  <!-- Required for Fediz
Core, Process SignInResponse -->
+        <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706"
/>
+        <property name="federationType" value="FederateIdentity" /> <!-- Required
for STS Relationship -->
+        <property name="name" value="REALM B" />
+        <property name="description" value="IDP of Realm B" />
+        <!--<property name="logo" value="true" />--> 
+    </bean>
+    
+    
+    <bean id="srv-fedizhelloworld" class="org.apache.cxf.fediz.service.idp.model.ServiceConfig">
+        <property name="realm" value="urn:org:apache:cxf:fediz:fedizhelloworld" />
+        <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706"
/>
+        <property name="serviceDisplayName" value="Fedizhelloworld" />
+        <property name="serviceDescription" value="Web Application to illustrate WS-Federation"
/>
+        <property name="role" value="ApplicationServiceType" />
+        <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
/>
+        <property name="lifeTime" value="1800" />
+        <!-- <property name="encryptionCertificate" value="" /> -->
+        <property name="requestedClaims">
+        	<util:list>
+        		<bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
+        			<property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
/>
+        			<property name="optional" value="false" />
+        		</bean>
+        		<bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
+        			<property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
/>
+        			<property name="optional" value="false" />
+        		</bean>
+        		<bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
+        			<property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
/>
+        			<property name="optional" value="false" />
+        		</bean>
+        		<bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
+        			<property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
/>
+        			<property name="optional" value="false" />
+        		</bean>        		        		        		
+        	</util:list>
+        </property>
+    </bean>
+        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+</beans>
+

Added: cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realmb.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realmb.xml?rev=1483086&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realmb.xml (added)
+++ cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realmb.xml Wed May 15
21:17:35 2013
@@ -0,0 +1,118 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:cxf="http://cxf.apache.org/core" xmlns:jaxws="http://cxf.apache.org/jaxws"
+	xmlns:test="http://apache.org/hello_world_soap_http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:util="http://www.springframework.org/schema/util" xmlns:http="http://cxf.apache.org/transports/http/configuration"
+	xmlns:sec="http://cxf.apache.org/configuration/security"
+	xsi:schemaLocation="
+        http://cxf.apache.org/core
+        http://cxf.apache.org/schemas/core.xsd
+        http://www.springframework.org/schema/beans
+        http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+        http://cxf.apache.org/jaxws                                     
+        http://cxf.apache.org/schemas/jaxws.xsd
+        http://www.springframework.org/schema/util
+        http://www.springframework.org/schema/util/spring-util-2.0.xsd
+        http://cxf.apache.org/transports/http/configuration
+        http://cxf.apache.org/schemas/configuration/http-conf.xsd
+        http://cxf.apache.org/configuration/security
+        http://cxf.apache.org/schemas/configuration/security.xsd">
+
+    
+    <bean id="config" class="org.apache.cxf.fediz.service.idp.service.ConfigServiceSpring">
+    	<property name="idpConfigs">
+    		<util:list>
+    			<ref bean="idp-realmB" />
+    		</util:list>
+    	</property>
+    	<property name="serviceConfigs">
+    		<util:list>
+    			<ref bean="idp-realmA" />
+    		</util:list>
+    	</property>    	
+    </bean>
+	
+    <bean id="idp-realmB" class="org.apache.cxf.fediz.service.idp.model.IDPConfig">
+        <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-B" />
+        <property name="uri" value="realmb" />
+        <!--<property name="hrds" value="" />--> <!-- TBD, not defined, provide
list if enabled -->
+        <property name="provideIDPList" value="false" />
+        <property name="useCurrentIDP" value="true" />
+        <!--<property name="certificate" value="" />-->   <!--  STS will sign
it -->
+        <property name="stsUrl" value="https://localhost:0/fediz-idp-sts/REALMB" />
+        <property name="idpUrl" value="https://localhost:7443/fediz-idp/federation" />
+        <property name="supportedProtocols">
+        	<util:list>
+        		<value>http://docs.oasis-open.org/wsfed/federation/200706</value>
+        		<value>http://docs.oasis-open.org/ws-sx/ws-trust/200512</value>
+        	</util:list>
+        </property>
+        <property name="services">
+        	<util:map>
+				<entry key="urn:org:apache:cxf:fediz:idp:realm-B" value-ref="idp-realmA" />
+        	</util:map>
+        </property>
+        <property name="authenticationURIs">
+         	<util:map>
+				<entry key="default" value="/login/default" />
+        	</util:map>       
+        </property>
+        <property name="serviceDisplayName" value="REALM B" />
+        <property name="serviceDescription" value="IDP of Realm B" />
+    </bean>   
+    
+    <bean id="idp-realmA" class="org.apache.cxf.fediz.service.idp.model.ServiceConfig">
+        <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-A" />
+        <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706"
/>
+        <property name="serviceDisplayName" value="Resource IDP Realm A" />
+        <property name="serviceDescription" value="Resource IDP Realm A" />
+        <property name="role" value="SecurityTokenServiceType" />
+        <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
/>
+        <property name="lifeTime" value="3600" />
+        <!-- <property name="encryptionCertificate" value="" /> -->
+        <property name="requestedClaims">
+        	<util:list>
+        		<bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
+        			<property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
/>
+        			<property name="optional" value="false" />
+        		</bean>
+        		<bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
+        			<property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
/>
+        			<property name="optional" value="false" />
+        		</bean>
+        		<bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
+        			<property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
/>
+        			<property name="optional" value="false" />
+        		</bean>
+        		<bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
+        			<property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
/>
+        			<property name="optional" value="false" />
+        		</bean>        		        		        		
+        	</util:list>
+        </property>
+    </bean>
+        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+</beans>
+



Mime
View raw message