cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From owu...@apache.org
Subject svn commit: r1514048 [2/2] - in /cxf/fediz/trunk: examples/spring2Webapp/src/main/resources/ examples/spring2Webapp/src/main/webapp/WEB-INF/ examples/springWebapp/src/main/resources/ examples/springWebapp/src/main/webapp/WEB-INF/ plugins/core/src/test/...
Date Wed, 14 Aug 2013 21:01:48 GMT
Modified: cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/federation-webflow.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/federation-webflow.xml?rev=1514048&r1=1514047&r2=1514048&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/federation-webflow.xml (original)
+++ cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/federation-webflow.xml Wed Aug 14
21:01:46 2013
@@ -1,89 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<flow xmlns="http://www.springframework.org/schema/webflow"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://www.springframework.org/schema/webflow
-                          http://www.springframework.org/schema/webflow/spring-webflow-2.0.xsd">
-
-    <on-start>
-        <evaluate expression="initialFlowSetupAction.submit(flowRequestContext)" />
-    </on-start>
-    
-    <!-- protocol check -->
-    <decision-state id="WSFederationRequestCheck">
-        <on-entry>
-            <set name="externalContext.sessionMap['wtrealm']" value="requestParameters.wtrealm"
/>
-            <set name="externalContext.sessionMap['wreply']" value="requestParameters.wreply"
/>
-            <set name="externalContext.sessionMap['wctx']" value="requestParameters.wctx"
/>
-            <set name="externalContext.sessionMap['wfresh']" value="requestParameters.wfresh"
/>
-            <set name="externalContext.sessionMap['wauth']" value="requestParameters.wauth"
/>
-        </on-entry>
-        <if test="requestParameters.wa == null" then="viewBadRequest" />
-        <if test="requestParameters.wa != 'wsignin1.0' and requestParameters.wa != 'wsignout1.0'
and requestParameters.wa != 'wsignoutcleanup1.0'" then="viewBadRequest" />
-        <if test="requestParameters.wa == 'wsignout1.0' or requestParameters.wa == 'wsignoutcleanup1.0'"
then="invalidateSessionAction" />
-        <if test="requestParameters.wtrealm == null or requestParameters.wtrealm.length()
== 0" then="viewBadRequest" />
-
-<!--    check if IDP token is expired -->
-        <if test="externalContext.sessionMap['IDP_TOKEN'].isExpired() == true" then="invalidateSessionAction"
/>
-<!--    check if IDP token is still valid but relying party requested new authentication
-->
-        <if test="requestParameters.wfresh != null and requestParameters.wfresh.equals('0')"
then="invalidateSessionAction" />
-<!--    check if IDP token is still valid but relying party requested new authentication
via wfresh -->
-        <if test="requestParameters.wfresh != null" then="wfreshParserAction" else="rpTokenAction"
/>
-    </decision-state>
-    
-    <!-- parse wfresh parameter, provided by resource RP, overriding ttl from 'IDP_TOKEN'
-->
-    <action-state id="wfreshParserAction">
-        <evaluate expression="wfreshParser.authenticationRequired(requestParameters.wfresh,
flowRequestContext)" />
-        <transition on="yes" to="invalidateSessionAction"/>
-        <transition on="no" to="rpTokenAction"/>
-<!--         <transition on-exception="java.lang.Throwable" to="scInternalServerError"
/> -->
-<!--     wfresh invalid, ignore exception, force authentication -->
-        <transition on-exception="java.lang.Throwable" to="invalidateSessionAction" />
-    </action-state>
-
-    <!-- produce RP security token (as String type) -->
-    <action-state id="rpTokenAction">
-        <evaluate expression="stsClientForRpAction.submit(externalContext.sessionMap['wtrealm'],
flowRequestContext)" 
-                    result="flowScope.rpToken" 
-                    result-type="java.lang.String" />
-        <transition to="formResponseView" />
-        <transition on-exception="java.lang.Throwable" to="scInternalServerError" />
-    </action-state>
-
-    <!-- normal exit point for login -->
-    <!-- browser redirection (self-submitted form 'signinresponseform.jsp') -->
-    <end-state id="formResponseView" view="signinresponseform"> 
-        <on-entry>
-            <evaluate expression="externalContext.sessionMap['wreply']" result="requestScope.fedAction"
/>
-            <evaluate expression="externalContext.sessionMap['wtrealm']" result="requestScope.fedWTrealm"
/>
-            <evaluate expression="externalContext.sessionMap['wctx']" result="requestScope.fedWCtx"
/>
-            <evaluate expression="flowScope.rpToken" result="requestScope.fedWResult"
/>
-        </on-entry>
-    </end-state>
-    
-    <!-- abnormal exit point : Http 400 Bad Request -->
-    <end-state id="viewBadRequest" view="genericerror">
-        <on-entry>
-            <evaluate expression="externalContext.nativeResponse.setStatus(400,flowRequestContext.currentTransition.toString())"
/>
-            <set name="requestScope.reason" value="flowRequestContext.currentTransition"
/>
-        </on-entry>
-    </end-state>
-
-    <!-- abnormal exit point : Http 500 Internal Server Error -->
-    <end-state id="scInternalServerError" view="genericerror">
-        <on-entry>
-            <evaluate expression="externalContext.nativeResponse.setStatus(500,'IDP is
unavailable, please contact the administrator')" />
-            <set name="requestScope.reason" value="'IDP is unavailable, please contact
the administrator'" />
-        </on-entry>
-    </end-state>
-
-    <!-- invalidate IDP session -->
-    <action-state id="invalidateSessionAction">
-        <evaluate expression="logoutAction.submit(flowRequestContext)" />
-        <transition on="success" to="endLogout" />
-        <transition on-exception="java.lang.Throwable" to="scInternalServerError" />
-    </action-state>
-
-    <!-- normal exit point for logout -->
-    <end-state id="endLogout" view="signoutresponse" /> 
-    
-</flow>

Modified: cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realma.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realma.xml?rev=1514048&r1=1514047&r2=1514048&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realma.xml (original)
+++ cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realma.xml Wed Aug 14
21:01:46 2013
@@ -4,11 +4,14 @@
 	xmlns:test="http://apache.org/hello_world_soap_http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 	xmlns:util="http://www.springframework.org/schema/util" xmlns:http="http://cxf.apache.org/transports/http/configuration"
 	xmlns:sec="http://cxf.apache.org/configuration/security"
+	xmlns:context="http://www.springframework.org/schema/context"
 	xsi:schemaLocation="
         http://cxf.apache.org/core
         http://cxf.apache.org/schemas/core.xsd
         http://www.springframework.org/schema/beans
         http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+        http://www.springframework.org/schema/context
+        http://www.springframework.org/schema/context/spring-context-3.0.xsd
         http://cxf.apache.org/jaxws                                     
         http://cxf.apache.org/schemas/jaxws.xsd
         http://www.springframework.org/schema/util
@@ -18,6 +21,7 @@
         http://cxf.apache.org/configuration/security
         http://cxf.apache.org/schemas/configuration/security.xsd">
 
+	<context:property-placeholder location="classpath:realm.properties"/>
 
     <bean id="config" class="org.apache.cxf.fediz.service.idp.service.ConfigServiceSpring">
     	<property name="idpConfigs">
@@ -40,7 +44,7 @@
         <property name="useCurrentIDP" value="true" />
         <!--<property name="certificate" value="" />-->   <!--  STS will sign
it -->
         <property name="stsUrl" value="https://localhost:0/fediz-idp-sts/REALMA" />
-        <property name="idpUrl" value="https://localhost:9443/fediz-idp/federation" />
+        <property name="idpUrl" value="https://localhost:${realmA.port}/fediz-idp/federation"
/>
         <property name="supportedProtocols">
         	<util:list>
         		<value>http://docs.oasis-open.org/wsfed/federation/200706</value>
@@ -50,8 +54,14 @@
         <property name="services">
         	<util:map>
 				<entry key="urn:org:apache:cxf:fediz:fedizhelloworld" value-ref="srv-fedizhelloworld"
/>
+				<!-- <entry key="https://localhost:8443/fedizhelloworld/" value-ref="srv-fedizhelloworld"
/>--> <!-- temp -->
         	</util:map>
         </property>
+        <property name="authenticationURIs">
+         	<util:map>
+				<entry key="default" value="/login/default" />
+        	</util:map>       
+        </property>
         <property name="trustedIDPs">
         	<util:map>
 				<entry key="urn:org:apache:cxf:fediz:idp:realm-B" value-ref="trusted-idp-realmB" />
@@ -65,8 +75,8 @@
     <bean id="trusted-idp-realmB" class="org.apache.cxf.fediz.service.idp.model.TrustedIDPConfig">
         <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-B" />
         <property name="cacheTokens" value="true" />
-        <property name="url" value="https://localhost:7443/fediz-idp/federation/REALMB"
/>
-        <property name="certificate" value="..." /> <!-- STS should now -->
+        <property name="url" value="https://localhost:${realmB.port}/fediz-idp-remote/federation"
/>
+        <property name="certificate" value="realmb.cert" />
         <property name="trustType" value="PEER_TRUST" />  <!-- Required for Fediz
Core, Process SignInResponse -->
         <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706"
/>
         <property name="federationType" value="FederateIdentity" /> <!-- Required
for STS Relationship -->
@@ -83,7 +93,7 @@
         <property name="serviceDescription" value="Web Application to illustrate WS-Federation"
/>
         <property name="role" value="ApplicationServiceType" />
         <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
/>
-        <property name="lifeTime" value="1800" />
+        <property name="lifeTime" value="3600" />
         <!-- <property name="encryptionCertificate" value="" /> -->
         <property name="requestedClaims">
         	<util:list>
@@ -101,7 +111,7 @@
         		</bean>
         		<bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
         			<property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
/>
-        			<property name="optional" value="false" />
+        			<property name="optional" value="true" />
         		</bean>        		        		        		
         	</util:list>
         </property>

Modified: cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realmb.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realmb.xml?rev=1514048&r1=1514047&r2=1514048&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realmb.xml (original)
+++ cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-config-realmb.xml Wed Aug 14
21:01:46 2013
@@ -4,11 +4,14 @@
 	xmlns:test="http://apache.org/hello_world_soap_http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 	xmlns:util="http://www.springframework.org/schema/util" xmlns:http="http://cxf.apache.org/transports/http/configuration"
 	xmlns:sec="http://cxf.apache.org/configuration/security"
+	xmlns:context="http://www.springframework.org/schema/context"
 	xsi:schemaLocation="
         http://cxf.apache.org/core
         http://cxf.apache.org/schemas/core.xsd
         http://www.springframework.org/schema/beans
         http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+        http://www.springframework.org/schema/context
+        http://www.springframework.org/schema/context/spring-context-3.0.xsd
         http://cxf.apache.org/jaxws                                     
         http://cxf.apache.org/schemas/jaxws.xsd
         http://www.springframework.org/schema/util
@@ -18,6 +21,7 @@
         http://cxf.apache.org/configuration/security
         http://cxf.apache.org/schemas/configuration/security.xsd">
 
+	<context:property-placeholder location="classpath:realm.properties"/>
     
     <bean id="config" class="org.apache.cxf.fediz.service.idp.service.ConfigServiceSpring">
     	<property name="idpConfigs">
@@ -39,8 +43,8 @@
         <property name="provideIDPList" value="false" />
         <property name="useCurrentIDP" value="true" />
         <!--<property name="certificate" value="" />-->   <!--  STS will sign
it -->
-        <property name="stsUrl" value="https://localhost:0/fediz-idp-sts/REALMB" />
-        <property name="idpUrl" value="https://localhost:7443/fediz-idp/federation" />
+        <property name="stsUrl" value="https://localhost:0/fediz-idp-sts-remote/REALMB"
/>
+        <property name="idpUrl" value="https://localhost:${realmB.port}/fediz-idp-remote/federation"
/>
         <property name="supportedProtocols">
         	<util:list>
         		<value>http://docs.oasis-open.org/wsfed/federation/200706</value>
@@ -49,7 +53,8 @@
         </property>
         <property name="services">
         	<util:map>
-				<entry key="urn:org:apache:cxf:fediz:idp:realm-B" value-ref="idp-realmA" />
+<!-- 				<entry key="urn:org:apache:cxf:fediz:idp:realm-B" value-ref="idp-realmA" />
-->
+				<entry key="urn:org:apache:cxf:fediz:idp:realm-A" value-ref="idp-realmA" />
         	</util:map>
         </property>
         <property name="authenticationURIs">

Modified: cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-servlet.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-servlet.xml?rev=1514048&r1=1514047&r2=1514048&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-servlet.xml (original)
+++ cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-servlet.xml Wed Aug 14 21:01:46
2013
@@ -2,11 +2,17 @@
 
 <beans xmlns="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	   xmlns:util="http://www.springframework.org/schema/util" 
        xmlns:webflow="http://www.springframework.org/schema/webflow-config"
-       xmlns:p="http://www.springframework.org/schema/p"       
+       xmlns:p="http://www.springframework.org/schema/p"
+       xmlns:context="http://www.springframework.org/schema/context"   
        xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+       http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd
+       http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
        http://www.springframework.org/schema/webflow-config http://www.springframework.org/schema/webflow-config/spring-webflow-config-2.0.xsd">
-       
+    
+    <context:property-placeholder location="classpath:realm.properties"/>
+      
     <bean class="org.springframework.webflow.mvc.servlet.FlowHandlerMapping" 
   		p:flowRegistry-ref="flowRegistry"
         p:order="2">
@@ -22,10 +28,33 @@
         <webflow:flow-execution-attributes>
             <webflow:always-redirect-on-pause value="false" />
         </webflow:flow-execution-attributes>
+
+	    <webflow:flow-execution-listeners>
+	        <webflow:listener ref="securityFlowExecutionListener" />
+	    </webflow:flow-execution-listeners>
+
     </webflow:flow-executor>
 
+    <bean id="securityFlowExecutionListener"
+      class="org.springframework.webflow.security.SecurityFlowExecutionListener">
+      <property name="accessDecisionManager" ref="accessDecisionManager" />
+    </bean>
+
+   <bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
+        <property name="decisionVoters">
+            <list>
+                <bean class="org.springframework.security.access.vote.RoleVoter">
+                    <property name="rolePrefix" value="ROLE_"/>
+                </bean>
+                <bean class="org.springframework.security.access.vote.AuthenticatedVoter"/>
+            </list>
+        </property>
+    </bean>
+
     <webflow:flow-registry id="flowRegistry" flow-builder-services="builder">
-        <webflow:flow-location path="/WEB-INF/federation-webflow.xml" id="federation"
/>
+        <webflow:flow-location path="/WEB-INF/federation-validate-request.xml" id="federation"
/>
+        <webflow:flow-location path="/WEB-INF/federation-signin-request.xml" id="signinRequest"
/>
+        <webflow:flow-location path="/WEB-INF/federation-signin-response.xml" id="signinResponse"
/>
     </webflow:flow-registry>
 
   <webflow:flow-builder-services id="builder" view-factory-creator="viewFactoryCreator"
@@ -47,17 +76,24 @@
 	</bean>
 
 	<bean id="stsClientForRpAction" class="org.apache.cxf.fediz.service.idp.beans.STSClientAction">
-        <property name="wsdlLocation" value="https://localhost:0/fediz-idp-sts/STSServiceTransport?wsdl"/>
+        <!--<property name="wsdlLocation" value="https://localhost:0/fediz-idp-sts/STSServiceTransport?wsdl"/>-->
+        <property name="wsdlLocation" value="https://localhost:0/fediz-idp-sts/${realm.STS_URI}/STSServiceTransport?wsdl"/>
 		<property name="wsdlEndpoint" value="Transport_Port"/>
 		<property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"/>
-		<property name="claimsRequired" value="true"/>
 	</bean>
 
+	<bean id="signInParamCacheAction" class="org.apache.cxf.fediz.service.idp.beans.SigninParametersCacheAction"
/>
+	
 	<bean id="logoutAction" class="org.apache.cxf.fediz.service.idp.beans.LogoutAction" />
 	
     <bean id="wfreshParser" class="org.apache.cxf.fediz.service.idp.beans.WfreshParser"
/>
     
-	<bean id="initialFlowSetupAction" class="org.apache.cxf.fediz.service.idp.beans.InitialFlowSetupAction"
>
-	</bean>
-	
+    <bean id="cacheTokenForWauthAction" class="org.apache.cxf.fediz.service.idp.beans.CacheTokenForWauthAction"
/>
+    
+    <bean id="processHRDSExpressionAction" class="org.apache.cxf.fediz.service.idp.beans.ProcessHRDSExpressionAction"
/>
+    
+    <bean id="validateTokenAction" class="org.apache.cxf.fediz.service.idp.beans.ValidateTokenAction"
/>
+
+    <bean id="homeRealmReminder" class="org.apache.cxf.fediz.service.idp.beans.HomeRealmReminder"
/>
+
 </beans>

Added: cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idplist.jsp
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idplist.jsp?rev=1514048&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idplist.jsp (added)
+++ cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idplist.jsp Wed Aug 14 21:01:46 2013
@@ -0,0 +1,31 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<%@page import="java.util.Map"%>
+<%@page import="org.apache.cxf.fediz.service.idp.model.IDPConfig"%>
+<%@page import="org.apache.cxf.fediz.service.idp.model.TrustedIDPConfig"%>
+<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
+<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
+<html>
+<head>
+<title>Trusted IDP List</title>
+</head>
+<body>
+	<h1>Trusted IDP List</h1>
+	<i>What are you from ? Please, select one Identity Provider in list which is able
to recognize you. </i>
+	<form:form method="POST" id="idplist" name="idplist">
+		<br />
+        <% IDPConfig idpConfig = (IDPConfig)request.getAttribute("idpConfig");
+        Map<String, TrustedIDPConfig> trustedIDPs = idpConfig.getTrustedIDPs(); %>
+      <select name="whr">
+        <option value="<%=idpConfig.getRealm()%>" selected="selected" ><%=idpConfig.getServiceDescription()%></option>
+        <% for (TrustedIDPConfig trustedIDP : trustedIDPs.values()) { %>
+        <option value="<%=trustedIDP.getRealm()%>"><%=trustedIDP.getDescription()%></option>
+        <% } %>
+      </select>
+      <br />
+      <input type="hidden" id="execution" name="execution" value="${flowExecutionKey}"/>
+      <br />
+      <input type="submit" name="_eventId_submit" value="Select Home Realm" />
+      <input type="submit" name="_eventId_cancel" value="Cancel" />
+    </form:form>
+</body>
+</html>
\ No newline at end of file

Modified: cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/security-config.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/security-config.xml?rev=1514048&r1=1514047&r2=1514048&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/security-config.xml (original)
+++ cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/security-config.xml Wed Aug 14 21:01:46
2013
@@ -8,8 +8,10 @@
            http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
            http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
 
+	<context:property-placeholder location="classpath:realm.properties"/>
+	
     <context:component-scan base-package="org.apache.cxf.fediz.service.idp"/>
-
+    
     <!-- DIABLE in production as it might log confidential information about the user
-->
     <security:debug />
 
@@ -21,7 +23,10 @@
 			default-target-url="/spring/main" authentication-failure-url="/spring/login?login_error=1"
/>
 		<security:logout logout-url="/spring/logout" logout-success-url="/spring/logoutSuccess"
/>
 		 -->
-		<security:intercept-url pattern="/federation" access="isAuthenticated()"/>
+		<!--
+ 		<security:intercept-url pattern="/federation" access="isAuthenticated()"/>
+		-->
+                <!-- MUST be http-basic thus systests run fine -->
 		<security:http-basic />
 		<!--<security:form-login />-->
 	</security:http>
@@ -33,11 +38,11 @@
 	<bean id="stsPortFilter" class="org.apache.cxf.fediz.service.idp.STSPortFilter" />
 	
 	<bean id="stsAuthProvider" class="org.apache.cxf.fediz.service.idp.STSAuthenticationProvider">
-        <property name="wsdlLocation" value="https://localhost:0/fediz-idp-sts/STSService?wsdl"/>
+        <property name="wsdlLocation" value="https://localhost:0/fediz-idp-sts/${realm.STS_URI}/STSServiceTransportUT?wsdl"/>
         <property name="wsdlEndpoint" value="TransportUT_Port"/>
         <property name="wsdlService" value="SecurityTokenService"/>
         <property name="appliesTo" value="urn:fediz:idp"/>
         <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"/>
     </bean>
 
-</beans>
\ No newline at end of file
+</beans>

Modified: cxf/fediz/trunk/services/sts/pom.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/pom.xml?rev=1514048&r1=1514047&r2=1514048&view=diff
==============================================================================
--- cxf/fediz/trunk/services/sts/pom.xml (original)
+++ cxf/fediz/trunk/services/sts/pom.xml Wed Aug 14 21:01:46 2013
@@ -166,6 +166,9 @@
 
 		<profile>
 			<id>realms</id>
+			<activation>
+				<activeByDefault>true</activeByDefault>
+			</activation>
 			<properties>
 
 			</properties>

Modified: cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/userClaims.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/userClaims.xml?rev=1514048&r1=1514047&r2=1514048&view=diff
==============================================================================
--- cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/userClaims.xml (original)
+++ cxf/fediz/trunk/services/sts/src/realms/webapp/WEB-INF/userClaims.xml Wed Aug 14 21:01:46
2013
@@ -36,7 +36,7 @@
 		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
 			value="bobwindsor@realma.org" />
 		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
-			value="user,manager,admin" />
+			value="User,Manager,Admin" />
 	</util:map>
 	
 	<util:map id="REALMA_tedClaims">

Modified: cxf/fediz/trunk/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyTest.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyTest.java?rev=1514048&r1=1514047&r2=1514048&view=diff
==============================================================================
--- cxf/fediz/trunk/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyTest.java
(original)
+++ cxf/fediz/trunk/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyTest.java
Wed Aug 14 21:01:46 2013
@@ -37,7 +37,9 @@ public class JettyTest extends AbstractT
         System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient",
"debug");
         System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow",
"debug");
         System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web",
"debug");
-        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz",
"debug"); 
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security",
"debug");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz",
"debug");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "debug");

 
         idpHttpsPort = System.getProperty("idp.https.port");
         Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
@@ -70,4 +72,5 @@ public class JettyTest extends AbstractT
     public String getServletContextName() {
         return "fedizhelloworld";
     }
+    
 }

Modified: cxf/fediz/trunk/systests/jetty8/src/test/resources/fediz_config.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/jetty8/src/test/resources/fediz_config.xml?rev=1514048&r1=1514047&r2=1514048&view=diff
==============================================================================
--- cxf/fediz/trunk/systests/jetty8/src/test/resources/fediz_config.xml (original)
+++ cxf/fediz/trunk/systests/jetty8/src/test/resources/fediz_config.xml Wed Aug 14 21:01:46
2013
@@ -16,6 +16,8 @@
 		<trustedIssuers>
 			<issuer subject=".*CN=www.sts.com.*" certificateValidation="ChainTrust"
 				name="DoubleItSTSIssuer" />
+			<issuer subject=".*CN=REALMA.*" certificateValidation="ChainTrust"
+			    name="REALM A"/>
 		</trustedIssuers>
 		<maximumClockSkew>1000</maximumClockSkew>
 		<protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
@@ -25,6 +27,7 @@
 			<roleDelimiter>,</roleDelimiter>
 			<roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
 			<freshness>10</freshness>
+			<homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-A</homeRealm>
 			<claimTypesRequested>
 				<claimType type="a particular claim type" optional="true" />
 			</claimTypesRequested>
@@ -42,6 +45,8 @@
 		<trustedIssuers>
 			<issuer subject=".*CN=www.sts.com.*" certificateValidation="ChainTrust"
 				name="DoubleItSTSIssuer" />
+			<issuer subject=".*CN=REALMA.*" certificateValidation="ChainTrust"
+			    name="REALM A"/>				
 		</trustedIssuers>
 		<maximumClockSkew>1000</maximumClockSkew>
 		<protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
@@ -50,6 +55,7 @@
 			<issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer>
 			<roleDelimiter>,</roleDelimiter>
 			<roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+			<homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-A</homeRealm>
 			<claimTypesRequested>
 				<claimType type="a particular claim type" optional="true" />
 			</claimTypesRequested>

Modified: cxf/fediz/trunk/systests/jetty8/src/test/resources/stsstore.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/jetty8/src/test/resources/stsstore.jks?rev=1514048&r1=1514047&r2=1514048&view=diff
==============================================================================
Files cxf/fediz/trunk/systests/jetty8/src/test/resources/stsstore.jks (original) and cxf/fediz/trunk/systests/jetty8/src/test/resources/stsstore.jks
Wed Aug 14 21:01:46 2013 differ

Modified: cxf/fediz/trunk/systests/spring/src/test/resources/fediz_config.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/spring/src/test/resources/fediz_config.xml?rev=1514048&r1=1514047&r2=1514048&view=diff
==============================================================================
--- cxf/fediz/trunk/systests/spring/src/test/resources/fediz_config.xml (original)
+++ cxf/fediz/trunk/systests/spring/src/test/resources/fediz_config.xml Wed Aug 14 21:01:46
2013
@@ -16,6 +16,8 @@
 		<trustedIssuers>
 			<issuer subject=".*CN=www.sts.com.*" certificateValidation="ChainTrust"
 				name="DoubleItSTSIssuer" />
+			<issuer subject=".*CN=REALMA.*" certificateValidation="ChainTrust"
+			    name="REALM A"/>				
 		</trustedIssuers>
 		<maximumClockSkew>1000</maximumClockSkew>
 		<protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
@@ -30,6 +32,7 @@
 			<!--<freshness>0</freshness>-->
 			<!--<reply>reply value</reply>-->
 			<!--<request>REQUEST</request>-->
+			<homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-A</homeRealm>
 			<claimTypesRequested>
 				<claimType type="a particular claim type" optional="true" />
 			</claimTypesRequested>
@@ -47,6 +50,8 @@
 		<trustedIssuers>
 			<issuer subject=".*CN=www.sts.com.*" certificateValidation="ChainTrust"
 				name="DoubleItSTSIssuer" />
+			<issuer subject=".*CN=REALMA.*" certificateValidation="ChainTrust"
+			    name="REALM A"/>				
 		</trustedIssuers>
 		<maximumClockSkew>1000</maximumClockSkew>
 		<protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
@@ -61,6 +66,7 @@
 			<!--<freshness>0</freshness>-->
 			<!--<reply>reply value</reply>-->
 			<!--<request>REQUEST</request>-->
+			<homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-A</homeRealm>
 			<claimTypesRequested>
 				<claimType type="a particular claim type" optional="true" />
 			</claimTypesRequested>

Modified: cxf/fediz/trunk/systests/spring2Webapp/src/main/resources/stsstore.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/spring2Webapp/src/main/resources/stsstore.jks?rev=1514048&r1=1514047&r2=1514048&view=diff
==============================================================================
Files cxf/fediz/trunk/systests/spring2Webapp/src/main/resources/stsstore.jks (original) and
cxf/fediz/trunk/systests/spring2Webapp/src/main/resources/stsstore.jks Wed Aug 14 21:01:46
2013 differ

Modified: cxf/fediz/trunk/systests/springWebapp/src/main/resources/stsstore.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/springWebapp/src/main/resources/stsstore.jks?rev=1514048&r1=1514047&r2=1514048&view=diff
==============================================================================
Files cxf/fediz/trunk/systests/springWebapp/src/main/resources/stsstore.jks (original) and
cxf/fediz/trunk/systests/springWebapp/src/main/resources/stsstore.jks Wed Aug 14 21:01:46
2013 differ

Modified: cxf/fediz/trunk/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java?rev=1514048&r1=1514047&r2=1514048&view=diff
==============================================================================
--- cxf/fediz/trunk/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
(original)
+++ cxf/fediz/trunk/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
Wed Aug 14 21:01:46 2013
@@ -79,8 +79,8 @@ public abstract class AbstractTests {
         Assert.assertTrue("User " + user + " claim " + claim + " is not 'Smith'",
                           response.indexOf(claim + "=Smith") > 0);
         claim = ClaimTypes.EMAILADDRESS.toString();
-        Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@mycompany.org'",
-                          response.indexOf(claim + "=alice@mycompany.org") > 0);
+        Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'",
+                          response.indexOf(claim + "=alice@realma.org") > 0);
 
     }
 
@@ -103,8 +103,8 @@ public abstract class AbstractTests {
         Assert.assertTrue("User " + user + " claim " + claim + " is not 'Windsor'",
                           response.indexOf(claim + "=Windsor") > 0);
         claim = ClaimTypes.EMAILADDRESS.toString();
-        Assert.assertTrue("User " + user + " claim " + claim + " is not 'bobwindsor@idp.org'",
-                          response.indexOf(claim + "=bobwindsor@idp.org") > 0);
+        Assert.assertTrue("User " + user + " claim " + claim + " is not 'bobwindsor@realma.org'",
+                          response.indexOf(claim + "=bobwindsor@realma.org") > 0);
     }
 
     @org.junit.Test
@@ -126,8 +126,8 @@ public abstract class AbstractTests {
         Assert.assertTrue("User " + user + " claim " + claim + " is not 'Cooper'",
                           response.indexOf(claim + "=Cooper") > 0);
         claim = ClaimTypes.EMAILADDRESS.toString();
-        Assert.assertTrue("User " + user + " claim " + claim + " is not 'tcooper@hereiam.org'",
-                          response.indexOf(claim + "=tcooper@hereiam.org") > 0);
+        Assert.assertTrue("User " + user + " claim " + claim + " is not 'tcooper@realma.org'",
+                          response.indexOf(claim + "=tcooper@realma.org") > 0);
     }
 
     @org.junit.Test

Modified: cxf/fediz/trunk/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java?rev=1514048&r1=1514047&r2=1514048&view=diff
==============================================================================
--- cxf/fediz/trunk/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java
(original)
+++ cxf/fediz/trunk/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java
Wed Aug 14 21:01:46 2013
@@ -223,8 +223,8 @@ public class TomcatTest extends Abstract
         Assert.assertTrue("User " + user + " claim " + claim + " is not 'Smith'",
                           response.indexOf(claim + "=Smith") > 0);
         claim = ClaimTypes.EMAILADDRESS.toString();
-        Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@mycompany.org'",
-                          response.indexOf(claim + "=alice@mycompany.org") > 0);
+        Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'",
+                          response.indexOf(claim + "=alice@realma.org") > 0);
 
     }
     

Modified: cxf/fediz/trunk/systests/tomcat7/src/test/resources/fediz_config.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/tomcat7/src/test/resources/fediz_config.xml?rev=1514048&r1=1514047&r2=1514048&view=diff
==============================================================================
--- cxf/fediz/trunk/systests/tomcat7/src/test/resources/fediz_config.xml (original)
+++ cxf/fediz/trunk/systests/tomcat7/src/test/resources/fediz_config.xml Wed Aug 14 21:01:46
2013
@@ -16,6 +16,8 @@
 		<trustedIssuers>
 			<issuer subject=".*CN=www.sts.com.*" certificateValidation="ChainTrust"
 				name="DoubleItSTSIssuer" />
+			<issuer subject=".*CN=REALMA.*" certificateValidation="ChainTrust"
+			    name="REALM A"/>					
 		</trustedIssuers>
 		<maximumClockSkew>1000</maximumClockSkew>
 		<protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
@@ -25,6 +27,7 @@
 			<roleDelimiter>,</roleDelimiter>
 			<roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
 			<freshness>10</freshness>
+			<homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-A</homeRealm>
 			<claimTypesRequested>
 				<claimType type="a particular claim type" optional="true" />
 			</claimTypesRequested>

Modified: cxf/fediz/trunk/systests/tomcat7/src/test/resources/stsstore.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/tomcat7/src/test/resources/stsstore.jks?rev=1514048&r1=1514047&r2=1514048&view=diff
==============================================================================
Files cxf/fediz/trunk/systests/tomcat7/src/test/resources/stsstore.jks (original) and cxf/fediz/trunk/systests/tomcat7/src/test/resources/stsstore.jks
Wed Aug 14 21:01:46 2013 differ



Mime
View raw message