cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From owu...@apache.org
Subject svn commit: r1571817 - in /cxf/fediz/trunk/services/idp/src: main/resources/ main/webapp/WEB-INF/ test/java/org/apache/cxf/fediz/service/idp/integrationtests/
Date Tue, 25 Feb 2014 20:30:26 GMT
Author: owulff
Date: Tue Feb 25 20:30:26 2014
New Revision: 1571817

URL: http://svn.apache.org/r1571817
Log:
REST services secured with Spring Security

Added:
    cxf/fediz/trunk/services/idp/src/main/resources/restContext.xml
      - copied, changed from r1571407, cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml
    cxf/fediz/trunk/services/idp/src/main/resources/users.properties
Modified:
    cxf/fediz/trunk/services/idp/src/main/resources/log4j.properties
    cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml
    cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/security-config.xml
    cxf/fediz/trunk/services/idp/src/test/java/org/apache/cxf/fediz/service/idp/integrationtests/RestITTest.java

Modified: cxf/fediz/trunk/services/idp/src/main/resources/log4j.properties
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/resources/log4j.properties?rev=1571817&r1=1571816&r2=1571817&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/resources/log4j.properties (original)
+++ cxf/fediz/trunk/services/idp/src/main/resources/log4j.properties Tue Feb 25 20:30:26 2014
@@ -2,6 +2,7 @@
 #log4j.rootCategory=FATAL, CONSOLE
 log4j.rootCategory=INFO, CONSOLE, LOGFILE
 log4j.logger.org.springframework.webflow=INFO,LOGFILE
+log4j.logger.org.springframework.security=DEBUG, CONSOLE, LOGFILE
 
 # CONSOLE is set to be a ConsoleAppender using a PatternLayout.
 log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender

Copied: cxf/fediz/trunk/services/idp/src/main/resources/restContext.xml (from r1571407, cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml)
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/resources/restContext.xml?p2=cxf/fediz/trunk/services/idp/src/main/resources/restContext.xml&p1=cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml&r1=1571407&r2=1571817&rev=1571817&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml (original)
+++ cxf/fediz/trunk/services/idp/src/main/resources/restContext.xml Tue Feb 25 20:30:26 2014
@@ -18,66 +18,22 @@
   under the License.
 -->
 <beans xmlns="http://www.springframework.org/schema/beans"
-    xmlns:cxf="http://cxf.apache.org/core"
-    xmlns:jaxws="http://cxf.apache.org/jaxws"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xmlns:util="http://www.springframework.org/schema/util"
-    xmlns:http="http://cxf.apache.org/transports/http/configuration"
-    xmlns:sec="http://cxf.apache.org/configuration/security"
     xmlns:context="http://www.springframework.org/schema/context"
     xmlns:jaxrs="http://cxf.apache.org/jaxrs"
+    xmlns:security="http://www.springframework.org/schema/security"
     xsi:schemaLocation="
-        http://cxf.apache.org/core
-        http://cxf.apache.org/schemas/core.xsd
         http://www.springframework.org/schema/beans
         http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
-        http://cxf.apache.org/jaxws
-        http://cxf.apache.org/schemas/jaxws.xsd
-        http://www.springframework.org/schema/util
-        http://www.springframework.org/schema/util/spring-util-2.0.xsd
-        http://cxf.apache.org/transports/http/configuration
-        http://cxf.apache.org/schemas/configuration/http-conf.xsd
         http://www.springframework.org/schema/context
         http://www.springframework.org/schema/context/spring-context-3.0.xsd
-        http://cxf.apache.org/configuration/security
-        http://cxf.apache.org/schemas/configuration/security.xsd
         http://cxf.apache.org/jaxrs
-        http://cxf.apache.org/schemas/jaxrs.xsd">
-
-    <!-- Use http://www.baeldung.com/2012/02/06/properties-with-spring/ instead -->
-    <bean
-        class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
-        <property name="locations">
-            <list>
-                <value>classpath:persistence.properties</value>
-            </list>
-        </property>
-        <property name="ignoreResourceNotFound" value="true" />
-        <property name="ignoreUnresolvablePlaceholders" value="true" />
-    </bean>
-
-    <import resource="classpath:META-INF/cxf/cxf.xml" />
-
-    <import resource="security-config.xml" />
-    <import resource="${idp-config}" />
-    <import resource="classpath:persistenceContext.xml" />
-
-    <cxf:bus>
-        <cxf:features>
-            <cxf:logging />
-        </cxf:features>
-    </cxf:bus>
-
-    <http:conduit name="*.http-conduit">
-        <http:tlsClientParameters
-            disableCNCheck="true">
-            <sec:trustManagers>
-                <sec:keyStore type="jks" password="ispass" resource="idp-ssl-trust.jks"
/>
-            </sec:trustManagers>
-        </http:tlsClientParameters>
-    </http:conduit>
-
+        http://cxf.apache.org/schemas/jaxrs.xsd
+        http://www.springframework.org/schema/security
+        http://www.springframework.org/schema/security/spring-security-3.1.xsd">
 
+    <context:property-placeholder location="classpath:realm.properties"/>
+    
     <bean id="jaxbProvider" class="org.apache.cxf.jaxrs.provider.JAXBElementProvider">
         <property name="depthProperties">
             <bean id="depthProperties"
@@ -131,6 +87,40 @@
 
     <bean id="trustedIdpServiceImpl"
         class="org.apache.cxf.fediz.service.idp.rest.TrustedIdpServiceImpl" />
+
+    <security:http pattern="/services/rs/**" auto-config="false" use-expressions="true">
+        <security:custom-filter after="CHANNEL_FILTER" ref="stsPortFilter" />
+        <security:intercept-url pattern="/**" access="isAuthenticated()"/>
+        <security:http-basic />
+    </security:http>
+
+    <bean id="bCryptPasswordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"
/>
+    
+    <bean id="defaultPasswordEncoder" class="org.springframework.security.crypto.password.StandardPasswordEncoder"
/>
+    
+    <security:authentication-manager>
+        <security:authentication-provider>
+          <!-- <security:password-encoder ref="defaultPasswordEncoder"/>-->
+          <!-- <security:password-encoder hash="sha-256" base64="true" />-->
+          <!--  
+          <security:password-encoder hash="sha-256" base64="true">
+            <security:salt-source user-property="username"/>
+          </security:password-encoder>
+          -->
+          <security:user-service properties="classpath:/users.properties" />
+        </security:authentication-provider>
+        <security:authentication-provider ref="stsAuthProvider" />
+    </security:authentication-manager>
+
+    <bean id="stsPortFilter" class="org.apache.cxf.fediz.service.idp.STSPortFilter" />
+    
+    <bean id="stsAuthProvider" class="org.apache.cxf.fediz.service.idp.STSAuthenticationProvider">
+        <property name="wsdlLocation" value="https://localhost:0/fediz-idp-sts/${realm.STS_URI}/STSServiceTransportUT?wsdl"/>
+        <property name="wsdlEndpoint" value="TransportUT_Port"/>
+        <property name="wsdlService" value="SecurityTokenService"/>
+        <property name="appliesTo" value="urn:fediz:idp"/>
+        <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"/>
+    </bean>
     
 </beans>
 

Added: cxf/fediz/trunk/services/idp/src/main/resources/users.properties
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/resources/users.properties?rev=1571817&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/resources/users.properties (added)
+++ cxf/fediz/trunk/services/idp/src/main/resources/users.properties Tue Feb 25 20:30:26 2014
@@ -0,0 +1,2 @@
+user=password,ROLE_USER,enabled
+admin=password,ROLE_USER,ROLE_ADMIN,enabled
\ No newline at end of file

Modified: cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml?rev=1571817&r1=1571816&r2=1571817&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml (original)
+++ cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml Tue Feb 25
20:30:26 2014
@@ -61,6 +61,7 @@
     <import resource="security-config.xml" />
     <import resource="${idp-config}" />
     <import resource="classpath:persistenceContext.xml" />
+    <import resource="classpath:restContext.xml" />
 
     <cxf:bus>
         <cxf:features>
@@ -76,61 +77,6 @@
             </sec:trustManagers>
         </http:tlsClientParameters>
     </http:conduit>
-
-
-    <bean id="jaxbProvider" class="org.apache.cxf.jaxrs.provider.JAXBElementProvider">
-        <property name="depthProperties">
-            <bean id="depthProperties"
-                class="org.apache.cxf.staxutils.DocumentDepthProperties">
-                <property name="innerElementCountThreshold" value="500" />
-            </bean>
-        </property>
-        <property name="marshallerProperties">
-            <map>
-                <entry key="jaxb.formatted.output">
-                    <value type="java.lang.Boolean">true</value>
-                </entry>
-            </map>
-        </property>
-    </bean>
-
-    <bean id="exceptionMapper"
-        class="org.apache.cxf.fediz.service.idp.rest.RestServiceExceptionMapper" />
-
-    <bean id="jsonProvider" class="org.codehaus.jackson.jaxrs.JacksonJaxbJsonProvider"
/>
-
-    <jaxrs:server id="idpService" address="/rs">
-        <jaxrs:serviceBeans>
-            <ref bean="idpServiceImpl" />
-            <ref bean="claimServiceImpl" />
-            <ref bean="applicationServiceImpl" />
-            <ref bean="trustedIdpServiceImpl" />
-            <ref bean="rootServiceImpl" />
-        </jaxrs:serviceBeans>
-        <jaxrs:providers>
-            <ref bean="jaxbProvider" />
-            <ref bean="jsonProvider" />
-            <ref bean="exceptionMapper" />
-        </jaxrs:providers>
-        <jaxrs:extensionMappings>
-            <entry key="json" value="application/json;charset=UTF-8" />
-            <entry key="xml" value="application/xml;charset=UTF-8" />
-        </jaxrs:extensionMappings>
-    </jaxrs:server>
-
-    <bean id="rootServiceImpl"
-        class="org.apache.cxf.fediz.service.idp.rest.RootServiceImpl" />
-
-    <bean id="idpServiceImpl" class="org.apache.cxf.fediz.service.idp.rest.IdpServiceImpl"
/>
-
-    <bean id="claimServiceImpl"
-        class="org.apache.cxf.fediz.service.idp.rest.ClaimServiceImpl" />
-
-    <bean id="applicationServiceImpl"
-        class="org.apache.cxf.fediz.service.idp.rest.ApplicationServiceImpl" />
-
-    <bean id="trustedIdpServiceImpl"
-        class="org.apache.cxf.fediz.service.idp.rest.TrustedIdpServiceImpl" />
     
 </beans>
 

Modified: cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/security-config.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/security-config.xml?rev=1571817&r1=1571816&r2=1571817&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/security-config.xml (original)
+++ cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/security-config.xml Tue Feb 25 20:30:26
2014
@@ -31,11 +31,11 @@
 
     <context:property-placeholder location="classpath:realm.properties"/>
     
-    <!-- DIABLE in production as it might log confidential information about the user
-->
+    <!-- DISABLE in production as it might log confidential information about the user
-->
     <!-- <security:debug /> -->
 
     <!-- Configure Spring Security -->
-    <security:http auto-config="false" use-expressions="true">
+    <security:http pattern="/federation/**" auto-config="false" use-expressions="true">
         <security:custom-filter after="CHANNEL_FILTER" ref="stsPortFilter" />
         <security:intercept-url pattern="/FederationMetadata/2007-06/FederationMetadata.xml"
access="isAnonymous() or isAuthenticated()" />
 

Modified: cxf/fediz/trunk/services/idp/src/test/java/org/apache/cxf/fediz/service/idp/integrationtests/RestITTest.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/test/java/org/apache/cxf/fediz/service/idp/integrationtests/RestITTest.java?rev=1571817&r1=1571816&r2=1571817&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/test/java/org/apache/cxf/fediz/service/idp/integrationtests/RestITTest.java
(original)
+++ cxf/fediz/trunk/services/idp/src/test/java/org/apache/cxf/fediz/service/idp/integrationtests/RestITTest.java
Tue Feb 25 20:30:26 2014
@@ -18,6 +18,7 @@
  */
 package org.apache.cxf.fediz.service.idp.integrationtests;
 
+import java.io.UnsupportedEncodingException;
 import java.net.URI;
 import java.net.URL;
 
@@ -34,6 +35,7 @@ import org.apache.cxf.fediz.service.idp.
 import org.apache.cxf.fediz.service.idp.domain.Idp;
 import org.apache.cxf.fediz.service.idp.domain.RequestClaim;
 import org.apache.cxf.fediz.service.idp.rest.Idps;
+import org.apache.xml.security.utils.Base64;
 import org.junit.AfterClass;
 import org.junit.Assert;
 import org.junit.BeforeClass;
@@ -77,11 +79,12 @@ public class RestITTest {
     }
     
     @Test
-    public void testGetAllIdps() {
+    public void testGetAllIdps() throws UnsupportedEncodingException {
         String address = "https://localhost:" + idpHttpsPort + "/fediz-idp/services/rs";
         Client client = ClientBuilder.newClient();
         Idps idps = client.target(address).path("idps")
-            .request("application/xml").get(Idps.class);
+            .request("application/xml").header("Authorization", getBasicAuthentication("admin",
"password"))
+            .get(Idps.class);
         Assert.assertEquals(1L, idps.getIdps().size());
         
         Idp idp = idps.getIdps().iterator().next();
@@ -118,16 +121,17 @@ public class RestITTest {
     }
 
     @Test
-    public void testReadExistingIdpEmbeddedTrustedIdps() {
+    public void testReadExistingIdpEmbeddedTrustedIdps() throws UnsupportedEncodingException
{
         String address = "https://localhost:" + idpHttpsPort + "/fediz-idp/services/rs";
         Client client = ClientBuilder.newClient();
         Idp idp = client.target(address).path("idps/").path("urn:org:apache:cxf:fediz:idp:realm-A")
-            .request("application/xml").get(Idp.class);
+            .request("application/xml").header("Authorization", getBasicAuthentication("admin",
"password"))
+            .get(Idp.class);
         Assert.assertEquals("", "urn:org:apache:cxf:fediz:idp:realm-A", idp.getRealm());
     }
     
     @Test
-    public void testAddClaimToApplication() {
+    public void testAddClaimToApplication() throws UnsupportedEncodingException {
         
         String address = "https://localhost:" + idpHttpsPort + "/fediz-idp/services/rs";
         Client client = ClientBuilder.newClient();
@@ -144,7 +148,8 @@ public class RestITTest {
         application.setTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
         
         Response response = client.target(address).path("applications/")
-            .request("application/xml").post(Entity.entity(application, MediaType.APPLICATION_XML));
+            .request("application/xml").header("Authorization", getBasicAuthentication("admin",
"password"))
+            .post(Entity.entity(application, MediaType.APPLICATION_XML));
         Assert.assertEquals(Status.CREATED.getStatusCode(), response.getStatus());
         
         //Testcase
@@ -153,14 +158,22 @@ public class RestITTest {
         requestClaim.setClaimType(URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"));
         
         response = client.target(address).path("applications").path(realm).path("claims")
-            .request("application/xml").post(Entity.entity(requestClaim, MediaType.APPLICATION_XML));
+            .request("application/xml").header("Authorization", getBasicAuthentication("admin",
"password"))
+            .post(Entity.entity(requestClaim, MediaType.APPLICATION_XML));
         Assert.assertEquals(Status.NO_CONTENT.getStatusCode(), response.getStatus());
         
         application = client.target(address).path("applications").path(realm).queryParam("expand",
"claims")
-            .request("application/xml").get(Application.class);
+            .request("application/xml").header("Authorization", getBasicAuthentication("admin",
"password"))
+            .get(Application.class);
         Assert.assertEquals("Claims size should be 1 instead of " + application.getRequestedClaims().size(),
                             1, application.getRequestedClaims().size());
     }
+    
+    private String getBasicAuthentication(String username, String password) throws UnsupportedEncodingException
{
+        String token = username + ":" + password;
+        System.out.println("Basic " + Base64.encode(token.getBytes()));
+        return "Basic " + Base64.encode(token.getBytes());
+    }
 
 
 }



Mime
View raw message