cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From owu...@apache.org
Subject svn commit: r1572730 [1/2] - in /cxf/fediz/trunk/services/idp/src: main/java/org/apache/cxf/fediz/service/idp/ main/java/org/apache/cxf/fediz/service/idp/domain/ main/java/org/apache/cxf/fediz/service/idp/rest/ main/java/org/apache/cxf/fediz/service/id...
Date Thu, 27 Feb 2014 21:04:16 GMT
Author: owulff
Date: Thu Feb 27 21:04:15 2014
New Revision: 1572730

URL: http://svn.apache.org/r1572730
Log:
[FEDIZ-77] RBAC Support for REST Interface

Added:
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Role.java
      - copied, changed from r1572238, cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Entitlement.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/EntitlementService.java
      - copied, changed from r1572238, cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/ClaimService.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/EntitlementServiceImpl.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/Entitlements.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleService.java
      - copied, changed from r1572238, cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/ApplicationService.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleServiceImpl.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/Roles.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/RoleDAO.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/RoleDAOJPAImpl.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/RoleEntity.java
      - copied, changed from r1572238, cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Entitlement.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/security/
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/security/GrantedAuthorityEntitlements.java
Modified:
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Entitlement.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/ApplicationService.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/ClaimService.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/IdpService.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/RootServiceImpl.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdpService.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ConfigServiceJPA.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/DBLoaderSpring.java
    cxf/fediz/trunk/services/idp/src/main/resources/META-INF/orm.xml
    cxf/fediz/trunk/services/idp/src/main/resources/entities-realma.xml
    cxf/fediz/trunk/services/idp/src/main/resources/entities-realmb.xml
    cxf/fediz/trunk/services/idp/src/main/resources/restContext.xml
    cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/security-config.xml
    cxf/fediz/trunk/services/idp/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/EntitlementDAOJPATest.java

Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java?rev=1572730&r1=1572729&r2=1572730&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java Thu Feb 27 21:04:15 2014
@@ -146,6 +146,8 @@ public class STSAuthenticationProvider i
                 }
             }
             
+            //Add IDP_LOGIN role to be able to access resource Idp, TrustedIdp, etc.
+            authorities.add(new SimpleGrantedAuthority("ROLE_IDP_LOGIN"));
             UsernamePasswordAuthenticationToken upat = new UsernamePasswordAuthenticationToken(
                 authentication.getName(), authentication.getCredentials(), authorities);
             

Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Entitlement.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Entitlement.java?rev=1572730&r1=1572729&r2=1572730&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Entitlement.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Entitlement.java Thu Feb 27 21:04:15 2014
@@ -22,8 +22,10 @@ import java.io.Serializable;
 
 import javax.xml.bind.annotation.XmlAttribute;
 import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlType;
 
 @XmlRootElement(name = "entitlement", namespace = "http://org.apache.cxf.fediz/")
+@XmlType(propOrder = {"name", "description", "internal", "id" })
 public class Entitlement implements Serializable {
     
     private static final long serialVersionUID = 2635896159019665467L;

Copied: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Role.java (from r1572238, cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Entitlement.java)
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Role.java?p2=cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Role.java&p1=cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Entitlement.java&r1=1572238&r2=1572730&rev=1572730&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Entitlement.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Role.java Thu Feb 27 21:04:15 2014
@@ -19,19 +19,24 @@
 package org.apache.cxf.fediz.service.idp.domain;
 
 import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.List;
 
 import javax.xml.bind.annotation.XmlAttribute;
 import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlType;
 
-@XmlRootElement(name = "entitlement", namespace = "http://org.apache.cxf.fediz/")
-public class Entitlement implements Serializable {
+@XmlRootElement(name = "role", namespace = "http://org.apache.cxf.fediz/")
+@XmlType(propOrder = {"name", "description", "entitlements", "id" })
+public class Role implements Serializable {
     
     private static final long serialVersionUID = 2635896159019665467L;
     
     protected String name;
     protected String description;
     protected int id;
-    protected boolean internal;
+    
+    protected List<Entitlement> entitlements = new ArrayList<Entitlement>();
     
     @XmlAttribute
     public int getId() {
@@ -58,11 +63,12 @@ public class Entitlement implements Seri
         this.description = description;
     }
 
-    public boolean isInternal() {
-        return internal;
+    public List<Entitlement> getEntitlements() {
+        return entitlements;
     }
 
-    public void setInternal(boolean internal) {
-        this.internal = internal;
+    public void setEntitlements(List<Entitlement> entitlements) {
+        this.entitlements = entitlements;
     }
+
 }

Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/ApplicationService.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/ApplicationService.java?rev=1572730&r1=1572729&r2=1572730&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/ApplicationService.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/ApplicationService.java Thu Feb 27 21:04:15 2014
@@ -39,6 +39,8 @@ import javax.ws.rs.core.UriInfo;
 import org.apache.cxf.fediz.service.idp.domain.Application;
 import org.apache.cxf.fediz.service.idp.domain.RequestClaim;
 
+import org.springframework.security.access.prepost.PreAuthorize;
+
 
 @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
 @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@@ -46,6 +48,7 @@ import org.apache.cxf.fediz.service.idp.
 public interface ApplicationService {
 
     @GET
+    @PreAuthorize("hasRole('APPLICATION_LIST')")
     Applications getApplications(@QueryParam("start") int start,
                                  @QueryParam("size") @DefaultValue("2") int size,
                                  @QueryParam("expand") @DefaultValue("all")  List<String> expand,
@@ -53,26 +56,32 @@ public interface ApplicationService {
 
     @GET
     @Path("{realm}")
+    @PreAuthorize("hasRole('APPLICATION_LIST')")
     Application getApplication(@PathParam("realm") String realm,
                                @QueryParam("expand") @DefaultValue("all")  List<String> expand);
 
     @POST
+    @PreAuthorize("hasRole('APPLICATION_CREATE')")
     Response addApplication(@Context UriInfo ui, Application service);
     
     @PUT
     @Path("{realm}")
+    @PreAuthorize("hasRole('APPLICATION_UPDATE')")
     Response updateApplication(@Context UriInfo ui, @PathParam("realm") String realm, Application application);
     
     @DELETE
     @Path("{realm}")
+    @PreAuthorize("hasRole('APPLICATION_DELETE')")
     Response deleteApplication(@PathParam("realm") String realm);
     
     @POST
     @Path("{realm}/claims")
+    @PreAuthorize("hasRole('APPLICATION_UPDATE')")
     Response addClaimToApplication(@Context UriInfo ui, @PathParam("realm") String realm, RequestClaim claim);
     
     @DELETE
     @Path("{realm}/claims/{claimType}")
+    @PreAuthorize("hasRole('APPLICATION_UPDATE')")
     Response removeClaimFromApplication(@Context UriInfo ui, @PathParam("realm") String realm,
                                         @PathParam("claimType") String claimType);
 

Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/ClaimService.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/ClaimService.java?rev=1572730&r1=1572729&r2=1572730&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/ClaimService.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/ClaimService.java Thu Feb 27 21:04:15 2014
@@ -36,6 +36,8 @@ import javax.ws.rs.core.UriInfo;
 
 import org.apache.cxf.fediz.service.idp.domain.Claim;
 
+import org.springframework.security.access.prepost.PreAuthorize;
+
 
 @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
 @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@@ -43,23 +45,28 @@ import org.apache.cxf.fediz.service.idp.
 public interface ClaimService {
 
     @GET
+    @PreAuthorize("hasRole('CLAIM_LIST')")
     Response getClaims(@QueryParam("start") int start,
                        @QueryParam("size") @DefaultValue("2") int size,
                        @Context UriInfo uriInfo);
     
     @GET
     @Path("{claimType}")
+    @PreAuthorize("hasRole('CLAIM_READ')")
     Claim getClaim(@PathParam("claimType") String claimType);
 
     @POST
+    @PreAuthorize("hasRole('CLAIM_CREATE')")
     Response addClaim(@Context UriInfo ui, Claim claim);
     
     @PUT
     @Path("{claimType}")
+    @PreAuthorize("hasRole('CLAIM_UPDATE')")
     Response updateClaim(@Context UriInfo ui, @PathParam("claimType") String claimType, Claim claim);
     
     @DELETE
     @Path("{claimType}")
+    @PreAuthorize("hasRole('CLAIM_DELETE')")
     Response deleteClaim(@PathParam("claimType") String claimType);
 
 }

Copied: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/EntitlementService.java (from r1572238, cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/ClaimService.java)
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/EntitlementService.java?p2=cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/EntitlementService.java&p1=cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/ClaimService.java&r1=1572238&r2=1572730&rev=1572730&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/ClaimService.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/EntitlementService.java Thu Feb 27 21:04:15 2014
@@ -34,32 +34,40 @@ import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriInfo;
 
-import org.apache.cxf.fediz.service.idp.domain.Claim;
+import org.apache.cxf.fediz.service.idp.domain.Entitlement;
+
+import org.springframework.security.access.prepost.PreAuthorize;
 
 
 @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
 @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
-@Path("claims")
-public interface ClaimService {
+@Path("entitlements")
+public interface EntitlementService {
 
     @GET
-    Response getClaims(@QueryParam("start") int start,
-                       @QueryParam("size") @DefaultValue("2") int size,
-                       @Context UriInfo uriInfo);
-    
+    @PreAuthorize("hasRole('ENTITLEMENT_LIST')")
+    Entitlements getEntitlements(@QueryParam("start") int start,
+                                 @QueryParam("size") @DefaultValue("5") int size,
+                                 @Context UriInfo uriInfo);
+
     @GET
-    @Path("{claimType}")
-    Claim getClaim(@PathParam("claimType") String claimType);
+    @Path("{name}")
+    @PreAuthorize("hasRole('ENTITLEMENT_READ')")
+    Entitlement getEntitlement(@PathParam("name") String name);
 
     @POST
-    Response addClaim(@Context UriInfo ui, Claim claim);
+    @PreAuthorize("hasRole('ENTITLEMENT_CREATE')")
+    Response addEntitlement(@Context UriInfo ui, Entitlement entitlement);
     
     @PUT
-    @Path("{claimType}")
-    Response updateClaim(@Context UriInfo ui, @PathParam("claimType") String claimType, Claim claim);
+    @Path("{name}")
+    @PreAuthorize("hasRole('ENTITLEMENT_UPDATE')")
+    Response updateEntitlement(@Context UriInfo ui, @PathParam("name") String name, Entitlement entitlement);
     
     @DELETE
-    @Path("{claimType}")
-    Response deleteClaim(@PathParam("claimType") String claimType);
+    @Path("{name}")
+    @PreAuthorize("hasRole('ENTITLEMENT_DELETE')")
+    Response deleteEntitlement(@PathParam("name") String name);
+    
 
 }

Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/EntitlementServiceImpl.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/EntitlementServiceImpl.java?rev=1572730&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/EntitlementServiceImpl.java (added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/EntitlementServiceImpl.java Thu Feb 27 21:04:15 2014
@@ -0,0 +1,98 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp.rest;
+
+import java.net.URI;
+import java.util.List;
+
+import javax.ws.rs.BadRequestException;
+import javax.ws.rs.NotFoundException;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.UriBuilder;
+import javax.ws.rs.core.UriInfo;
+
+import org.apache.cxf.fediz.service.idp.domain.Entitlement;
+import org.apache.cxf.fediz.service.idp.service.EntitlementDAO;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+@Component
+public class EntitlementServiceImpl implements EntitlementService {
+
+    private static final Logger LOG = LoggerFactory
+            .getLogger(EntitlementServiceImpl.class);
+
+    @Autowired
+    private EntitlementDAO entitlementDAO;
+
+    @Override
+    public Entitlements getEntitlements(int start, int size, UriInfo uriInfo) {
+        List<Entitlement> entitlements = entitlementDAO.getEntitlements(start, size);
+        
+        Entitlements list = new Entitlements();
+        list.setEntitlements(entitlements);
+        
+        return list;
+    }
+    
+    @Override
+    public Response addEntitlement(UriInfo ui, Entitlement entitlement) {
+        Entitlement createdEntitlement = entitlementDAO.addEntitlement(entitlement);
+        
+        UriBuilder uriBuilder = UriBuilder.fromUri(ui.getRequestUri());
+        uriBuilder.path("{index}");
+        URI location = uriBuilder.build(createdEntitlement.getName());
+        
+        LOG.debug("Entitlement '" + createdEntitlement.getName() + "' added");
+        return Response.created(location).entity(entitlement).build();
+    }
+    
+    @Override
+    public Entitlement getEntitlement(String name) {
+        Entitlement entitlement = entitlementDAO.getEntitlement(name);
+        if (entitlement == null) {
+            throw new NotFoundException();
+        } else {
+            return entitlement;
+        }
+    }
+
+    @Override
+    public Response updateEntitlement(UriInfo ui, String name, Entitlement entitlement) {
+        if (!name.equals(entitlement.getName())) {
+            throw new BadRequestException();
+        }
+        entitlementDAO.updateEntitlement(name, entitlement);
+        
+        LOG.debug("Entitlement '" + entitlement.getName() + "' updated");
+        return Response.noContent().build();
+    }
+
+    @Override
+    public Response deleteEntitlement(String name) {
+        entitlementDAO.deleteEntitlement(name);
+        
+        LOG.debug("Entitlement '" + name + "' deleted");
+        return Response.noContent().build();
+    }
+
+}
\ No newline at end of file

Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/Entitlements.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/Entitlements.java?rev=1572730&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/Entitlements.java (added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/Entitlements.java Thu Feb 27 21:04:15 2014
@@ -0,0 +1,49 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp.rest;
+
+import java.util.Collection;
+
+import javax.xml.bind.annotation.XmlElementRef;
+import javax.xml.bind.annotation.XmlRootElement;
+
+import org.apache.cxf.fediz.service.idp.domain.Entitlement;
+
+@XmlRootElement(name = "entitlements", namespace = "http://org.apache.cxf.fediz/")
+public class Entitlements {
+
+    private Collection<Entitlement> entitlements;
+
+    public Entitlements() {
+    }
+
+    public Entitlements(Collection<Entitlement> entitlements) {
+        this.entitlements = entitlements;
+    }
+
+    @XmlElementRef
+    public Collection<Entitlement> getEntitlements() {
+        return entitlements;
+    }
+
+    public void setEntitlements(Collection<Entitlement> entitlements) {
+        this.entitlements = entitlements;
+    }
+}
\ No newline at end of file

Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/IdpService.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/IdpService.java?rev=1572730&r1=1572729&r2=1572730&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/IdpService.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/IdpService.java Thu Feb 27 21:04:15 2014
@@ -41,12 +41,15 @@ import org.apache.cxf.fediz.service.idp.
 import org.apache.cxf.fediz.service.idp.domain.Idp;
 import org.apache.cxf.fediz.service.idp.domain.TrustedIdp;
 
+import org.springframework.security.access.prepost.PreAuthorize;
+
 @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
 @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
 @Path("idps")
 public interface IdpService {
 
     @GET
+    @PreAuthorize("hasRole('IDP_LIST')")
     Idps getIdps(@QueryParam("start") int start,
                  @QueryParam("size") @DefaultValue("2") int size,
                  @QueryParam("expand") @DefaultValue("all")  List<String> expand,
@@ -54,47 +57,57 @@ public interface IdpService {
 
     @GET
     @Path("{realm}")
+    @PreAuthorize("hasRole('IDP_READ')")
     Idp getIdp(@PathParam("realm") String realm,
                @QueryParam("expand") @DefaultValue("all")  List<String> expand);
 
     @POST
+    @PreAuthorize("hasRole('IDP_CREATE')")
     Response addIdp(@Context UriInfo ui, Idp idp);
     
     @PUT
     @Path("{realm}")
+    @PreAuthorize("hasRole('IDP_UPDATE')")
     Response updateIdp(@Context UriInfo ui, @PathParam("realm") String realm, Idp idp);
     
     @DELETE
     @Path("{realm}")
+    @PreAuthorize("hasRole('IDP_DELETE')")
     Response deleteIdp(@PathParam("realm") String realm);
     
     @POST
     @Path("{realm}/applications")
+    @PreAuthorize("hasRole('IDP_UPDATE')")
     Response addApplicationToIdp(@Context UriInfo ui, @PathParam("realm") String realm,
                                  Application application);
     
     @DELETE
     @Path("{realm}/applications/{realmApplication}")
+    @PreAuthorize("hasRole('IDP_UPDATE')")
     Response removeApplicationFromIdp(@Context UriInfo ui, @PathParam("realm") String realm,
                                       @PathParam("realmApplication") String applicationRealm);
     
     @POST
     @Path("{realm}/trusted-idps")
+    @PreAuthorize("hasRole('IDP_UPDATE')")
     Response addTrustedIdpToIdp(@Context UriInfo ui, @PathParam("realm") String realm,
                                 TrustedIdp trustedIdp);
     
     @DELETE
     @Path("{realm}/trusted-idps/{realmTrustedIdp}")
+    @PreAuthorize("hasRole('IDP_UPDATE')")
     Response removeTrustedIdpFromIdp(@Context UriInfo ui, @PathParam("realm") String realm,
                                      @PathParam("realmTrustedIdp") String trustedIdpRealm);
     
     @POST
     @Path("{realm}/claims")
+    @PreAuthorize("hasRole('IDP_UPDATE')")
     Response addClaimToIdp(@Context UriInfo ui, @PathParam("realm") String realm,
                            Claim claim);
     
     @DELETE
     @Path("{realm}/claims/{claimType}")
+    @PreAuthorize("hasRole('IDP_UPDATE')")
     Response removeClaimFromIdp(@Context UriInfo ui, @PathParam("realm") String realm,
                                 @PathParam("claimType") String claimType);    
 

Copied: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleService.java (from r1572238, cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/ApplicationService.java)
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleService.java?p2=cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleService.java&p1=cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/ApplicationService.java&r1=1572238&r2=1572730&rev=1572730&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/ApplicationService.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleService.java Thu Feb 27 21:04:15 2014
@@ -36,44 +36,53 @@ import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriInfo;
 
-import org.apache.cxf.fediz.service.idp.domain.Application;
-import org.apache.cxf.fediz.service.idp.domain.RequestClaim;
+import org.apache.cxf.fediz.service.idp.domain.Entitlement;
+import org.apache.cxf.fediz.service.idp.domain.Role;
+
+import org.springframework.security.access.prepost.PreAuthorize;
 
 
 @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
 @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
-@Path("applications")
-public interface ApplicationService {
+@Path("roles")
+public interface RoleService {
 
     @GET
-    Applications getApplications(@QueryParam("start") int start,
+    @PreAuthorize("hasRole('ROLE_LIST')")
+    Roles getRoles(@QueryParam("start") int start,
                                  @QueryParam("size") @DefaultValue("2") int size,
                                  @QueryParam("expand") @DefaultValue("all")  List<String> expand,
                                  @Context UriInfo uriInfo);
 
     @GET
-    @Path("{realm}")
-    Application getApplication(@PathParam("realm") String realm,
+    @Path("{name}")
+    @PreAuthorize("hasRole('ROLE_CREATE')")
+    Role getRole(@PathParam("name") String realm,
                                @QueryParam("expand") @DefaultValue("all")  List<String> expand);
 
     @POST
-    Response addApplication(@Context UriInfo ui, Application service);
+    @PreAuthorize("hasRole('ROLE_CREATE')")
+    Response addRole(@Context UriInfo ui, Role role);
     
     @PUT
-    @Path("{realm}")
-    Response updateApplication(@Context UriInfo ui, @PathParam("realm") String realm, Application application);
+    @Path("{name}")
+    @PreAuthorize("hasRole('ROLE_UPDATE')")
+    Response updateRole(@Context UriInfo ui, @PathParam("name") String name, Role role);
     
     @DELETE
-    @Path("{realm}")
-    Response deleteApplication(@PathParam("realm") String realm);
+    @Path("{name}")
+    @PreAuthorize("hasRole('ROLE_DELETE')")
+    Response deleteRole(@PathParam("name") String name);
     
     @POST
-    @Path("{realm}/claims")
-    Response addClaimToApplication(@Context UriInfo ui, @PathParam("realm") String realm, RequestClaim claim);
+    @Path("{name}/entitlements")
+    @PreAuthorize("hasRole('ROLE_UPDATE')")
+    Response addEntitlementToRole(@Context UriInfo ui, @PathParam("name") String name, Entitlement entitlement);
     
     @DELETE
-    @Path("{realm}/claims/{claimType}")
-    Response removeClaimFromApplication(@Context UriInfo ui, @PathParam("realm") String realm,
-                                        @PathParam("claimType") String claimType);
+    @Path("{name}/entitlements/{entitlementName}")
+    @PreAuthorize("hasRole('ROLE_UPDATE')")
+    Response removeEntitlementFromRole(@Context UriInfo ui, @PathParam("name") String name,
+                                        @PathParam("entitlementName") String entitlementName);
 
 }

Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleServiceImpl.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleServiceImpl.java?rev=1572730&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleServiceImpl.java (added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleServiceImpl.java Thu Feb 27 21:04:15 2014
@@ -0,0 +1,134 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp.rest;
+
+import java.net.URI;
+import java.util.List;
+
+import javax.ws.rs.BadRequestException;
+import javax.ws.rs.NotFoundException;
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.Response.Status;
+import javax.ws.rs.core.UriBuilder;
+import javax.ws.rs.core.UriInfo;
+
+import org.apache.cxf.fediz.service.idp.domain.Entitlement;
+import org.apache.cxf.fediz.service.idp.domain.Role;
+import org.apache.cxf.fediz.service.idp.service.EntitlementDAO;
+import org.apache.cxf.fediz.service.idp.service.RoleDAO;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+@Component
+public class RoleServiceImpl implements RoleService {
+
+    private static final Logger LOG = LoggerFactory
+            .getLogger(RoleServiceImpl.class);
+
+    @Autowired
+    private RoleDAO roleDAO;
+    
+    @Autowired
+    private EntitlementDAO entitlementDAO;
+           
+    @Override
+    public Roles getRoles(int start, int size, List<String> expand, UriInfo uriInfo) {
+        List<Role> roles = roleDAO.getRoles(start, size, expand);
+        
+        Roles list = new Roles();
+        list.setRoles(roles);
+        return list;
+    }
+    
+    @Override
+    public Role getRole(String name, List<String> expand) {
+        Role role = roleDAO.getRole(name, expand);
+        if (role == null) {
+            throw new NotFoundException();
+        } else {
+            return role;
+        }
+    }
+    
+    @Override
+    public Response addRole(UriInfo ui, Role role) {
+        if (role.getEntitlements() != null && role.getEntitlements().size() > 0) {
+            LOG.warn("Role resource contains sub resource 'entitlements'");
+            throw new WebApplicationException(Status.BAD_REQUEST);
+        }
+        Role createdRole = roleDAO.addRole(role);
+        
+        UriBuilder uriBuilder = UriBuilder.fromUri(ui.getRequestUri());
+        uriBuilder.path("{index}");
+        URI location = uriBuilder.build(createdRole.getName());
+        
+        LOG.debug("Role '" + role.getName() + "' added");
+        return Response.created(location).entity(role).build();
+    }
+    
+    @Override
+    public Response updateRole(UriInfo ui, String name, Role role) {
+        if (!name.equals(role.getName().toString())) {
+            throw new BadRequestException();
+        }
+        if (role.getEntitlements() != null && role.getEntitlements().size() > 0) {
+            LOG.warn("Role resource contains sub resource 'entitlements'");
+            throw new WebApplicationException(Status.BAD_REQUEST);
+        }
+        roleDAO.updateRole(name, role);
+        
+        LOG.debug("Role '" + role.getName() + "' updated");
+        return Response.noContent().build();
+    }
+ 
+    @Override
+    public Response deleteRole(String name) {
+        roleDAO.deleteRole(name);
+        
+        LOG.debug("Role '" + name + "' deleted");
+        return Response.noContent().build();
+    }
+    
+    @Override
+    public Response addEntitlementToRole(UriInfo ui, String name, Entitlement entitlement) {
+        Role role = roleDAO.getRole(name, null);
+        
+        Entitlement foundEntitlement = entitlementDAO.getEntitlement(entitlement.getName());
+        roleDAO.addEntitlementToRole(role, foundEntitlement);
+        
+        LOG.debug("Entitlement '" + entitlement.getName() + "' added to Role '" + name + "'");
+        return Response.noContent().build();
+    }
+    
+    @Override
+    public Response removeEntitlementFromRole(UriInfo ui, String name, String entitlementName) {
+        Role role = roleDAO.getRole(name, null);
+        Entitlement entitlement = entitlementDAO.getEntitlement(entitlementName);
+        
+        roleDAO.removeEntitlementFromRole(role, entitlement);
+        
+        LOG.debug("Entitlement '" + entitlementName + "' removed from Role '" + name + "'");
+        return Response.noContent().build();
+    }
+
+}
\ No newline at end of file

Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/Roles.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/Roles.java?rev=1572730&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/Roles.java (added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/Roles.java Thu Feb 27 21:04:15 2014
@@ -0,0 +1,49 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp.rest;
+
+import java.util.Collection;
+
+import javax.xml.bind.annotation.XmlElementRef;
+import javax.xml.bind.annotation.XmlRootElement;
+
+import org.apache.cxf.fediz.service.idp.domain.Role;
+
+@XmlRootElement(name = "roles", namespace = "http://org.apache.cxf.fediz/")
+public class Roles {
+
+    private Collection<Role> roles;
+
+    public Roles() {
+    }
+
+    public Roles(Collection<Role> roles) {
+        this.roles = roles;
+    }
+
+    @XmlElementRef
+    public Collection<Role> getRoles() {
+        return roles;
+    }
+
+    public void setRoles(Collection<Role> roles) {
+        this.roles = roles;
+    }
+}
\ No newline at end of file

Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/RootServiceImpl.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/RootServiceImpl.java?rev=1572730&r1=1572729&r2=1572730&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/RootServiceImpl.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/RootServiceImpl.java Thu Feb 27 21:04:15 2014
@@ -37,6 +37,8 @@ public class RootServiceImpl implements 
         URI idpUrl = absolute.clone().path("idps").build();
         URI applicationUrl = absolute.clone().path("applications").build();
         URI trustedIdpUrl = absolute.clone().path("trusted-idps").build();
+        URI rolesUrl = absolute.clone().path("roles").build();
+        URI entitlementsUrl = absolute.clone().path("entitlements").build();
         javax.ws.rs.core.Link claims = javax.ws.rs.core.Link.fromUri(claimUrl).rel("claims")
             .type("application/xml").build();
         javax.ws.rs.core.Link idps = javax.ws.rs.core.Link.fromUri(idpUrl).rel("idps")
@@ -45,8 +47,13 @@ public class RootServiceImpl implements 
             .type("application/xml").build();
         javax.ws.rs.core.Link trustedIdps = javax.ws.rs.core.Link.fromUri(trustedIdpUrl).rel("trusted-idps")
             .type("application/xml").build();
+        javax.ws.rs.core.Link roles = javax.ws.rs.core.Link.fromUri(rolesUrl).rel("roles")
+            .type("application/xml").build();
+        javax.ws.rs.core.Link entitlements = javax.ws.rs.core.Link.fromUri(entitlementsUrl).rel("entitlements")
+            .type("application/xml").build();
 
-        Response.ResponseBuilder builder = Response.ok().links(claims, idps, applications, trustedIdps);
+        Response.ResponseBuilder builder = Response.ok().links(
+            claims, idps, applications, trustedIdps, roles, entitlements);
         return builder.build();
     }
 

Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdpService.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdpService.java?rev=1572730&r1=1572729&r2=1572730&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdpService.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdpService.java Thu Feb 27 21:04:15 2014
@@ -36,6 +36,7 @@ import javax.ws.rs.core.UriInfo;
 
 import org.apache.cxf.fediz.service.idp.domain.TrustedIdp;
 
+import org.springframework.security.access.prepost.PreAuthorize;
 
 @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
 @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@@ -43,23 +44,28 @@ import org.apache.cxf.fediz.service.idp.
 public interface TrustedIdpService {
 
     @GET
+    @PreAuthorize("hasRole('TRUSTEDIDP_LIST')")
     TrustedIdps getTrustedIDPs(@QueryParam("start") int start,
                                @QueryParam("size") @DefaultValue("2") int size,
                                @Context UriInfo uriInfo);
 
     @GET
     @Path("{realm}")
+    @PreAuthorize("hasRole('TRUSTEDIDP_READ')")
     TrustedIdp getTrustedIDP(@PathParam("realm") String realm);
 
     @POST
+    @PreAuthorize("hasRole('TRUSTEDIDP_CREATE')")
     Response addTrustedIDP(@Context UriInfo ui, TrustedIdp trustedIdp);
     
     @PUT
     @Path("{realm}")
+    @PreAuthorize("hasRole('TRUSTEDIDP_UPDATE')")
     Response updateTrustedIDP(@Context UriInfo ui, @PathParam("realm") String realm, TrustedIdp trustedIdp);
     
     @DELETE
     @Path("{realm}")
+    @PreAuthorize("hasRole('TRUSTEDIDP_DELETE')")
     Response deleteTrustedIDP(@PathParam("realm") String realm);
 
 }

Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/RoleDAO.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/RoleDAO.java?rev=1572730&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/RoleDAO.java (added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/RoleDAO.java Thu Feb 27 21:04:15 2014
@@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp.service;
+
+import java.util.List;
+
+import org.apache.cxf.fediz.service.idp.domain.Entitlement;
+import org.apache.cxf.fediz.service.idp.domain.Role;
+
+public interface RoleDAO {
+
+    List<Role> getRoles(int start, int size, List<String> expand);
+
+    Role getRole(String name, List<String> expand);
+
+    Role addRole(Role role);
+
+    void updateRole(String realm, Role role);
+
+    void deleteRole(String name);
+
+    void addEntitlementToRole(Role role, Entitlement entitlement);
+    
+    void removeEntitlementFromRole(Role role, Entitlement entitlement);
+
+}

Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ConfigServiceJPA.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ConfigServiceJPA.java?rev=1572730&r1=1572729&r2=1572730&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ConfigServiceJPA.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ConfigServiceJPA.java Thu Feb 27 21:04:15 2014
@@ -20,22 +20,49 @@
 package org.apache.cxf.fediz.service.idp.service.jpa;
 
 import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
 
 import org.apache.cxf.fediz.service.idp.domain.Idp;
 import org.apache.cxf.fediz.service.idp.rest.IdpService;
 import org.apache.cxf.fediz.service.idp.service.ConfigService;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
+
 
 public class ConfigServiceJPA implements ConfigService {
 
+    private static final Logger LOG = LoggerFactory.getLogger(TrustedIdpDAOJPAImpl.class);
+    
     IdpService idpService;
 
     @Override
     public Idp getIDP(String realm) {
-        if (realm == null || realm.length() == 0) {
-            return idpService.getIdps(0, 1, Arrays.asList("all"), null).getIdps().iterator().next();
-        } else {
-            return idpService.getIdp(realm, Arrays.asList("all"));
+        Authentication currentAuthentication = SecurityContextHolder.getContext().getAuthentication();
+        try {
+            final Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
+            authorities.add(new SimpleGrantedAuthority("IDP_LIST"));
+            
+            UsernamePasswordAuthenticationToken technicalUser =
+                new UsernamePasswordAuthenticationToken("IDP_TEST", "N.A", authorities);
+            
+            SecurityContextHolder.getContext().setAuthentication(technicalUser);
+            
+            if (realm == null || realm.length() == 0) {
+                return idpService.getIdps(0, 1, Arrays.asList("all"), null).getIdps().iterator().next();
+            } else {
+                return idpService.getIdp(realm, Arrays.asList("all"));
+            }
+        } finally {
+            SecurityContextHolder.getContext().setAuthentication(currentAuthentication);
+            LOG.error("Old Spring security context restored");
         }
     }
 

Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/DBLoaderSpring.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/DBLoaderSpring.java?rev=1572730&r1=1572729&r2=1572730&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/DBLoaderSpring.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/DBLoaderSpring.java Thu Feb 27 21:04:15 2014
@@ -78,8 +78,13 @@ public class DBLoaderSpring implements D
             }
             LOG.info(entitlements.size() + " EntitlementEntity added");
             
-            LOG.info("" + ctx.getBeanDefinitionCount());
-            LOG.info(ctx.getBeanDefinitionNames().toString());
+            Collection<RoleEntity> roles = ctx.
+                getBeansOfType(RoleEntity.class, true, true).values();
+            for (RoleEntity r : roles) {
+                em.persist(r);
+            }
+            LOG.info(roles.size() + " RoleEntity added");
+            
             Collection<ClaimEntity> claims = ctx.getBeansOfType(ClaimEntity.class, true, true).values();
             for (ClaimEntity c : claims) {
                 em.persist(c);

Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/RoleDAOJPAImpl.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/RoleDAOJPAImpl.java?rev=1572730&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/RoleDAOJPAImpl.java (added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/RoleDAOJPAImpl.java Thu Feb 27 21:04:15 2014
@@ -0,0 +1,217 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.service.jpa;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+import javax.persistence.EntityManager;
+import javax.persistence.EntityNotFoundException;
+import javax.persistence.PersistenceContext;
+import javax.persistence.Query;
+
+import org.apache.cxf.fediz.service.idp.domain.Entitlement;
+import org.apache.cxf.fediz.service.idp.domain.Role;
+import org.apache.cxf.fediz.service.idp.service.RoleDAO;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Repository;
+import org.springframework.transaction.annotation.Transactional;
+
+@Repository
+@Transactional
+public class RoleDAOJPAImpl implements RoleDAO {
+    
+    private static final Logger LOG = LoggerFactory.getLogger(RoleDAOJPAImpl.class);
+
+    private EntityManager em;
+    
+    @PersistenceContext
+    public void setEntityManager(EntityManager entityManager) {
+        this.em = entityManager;
+    }
+    
+    @Override
+    public List<Role> getRoles(int start, int size, List<String> expandList) {
+        List<Role> list = new ArrayList<Role>();
+        
+        Query query = null;
+        query = em.createQuery("select r from Role r");
+        
+        //@SuppressWarnings("rawtypes")
+        List roleEntities = query
+            .setFirstResult(start)
+            .setMaxResults(size)
+            .getResultList();
+    
+        for (Object obj : roleEntities) {
+            RoleEntity entity = (RoleEntity) obj;
+            list.add(entity2domain(entity, expandList));
+        }
+        return list;
+    }
+    
+    @Override
+    public Role getRole(String name, List<String> expandList) {
+        Query query = null;
+        query = em.createQuery("select r from Role r where r.name=:name");
+        query.setParameter("name", name);
+        
+        //@SuppressWarnings("rawtypes")
+        Object roleObj = query.getSingleResult();
+        return entity2domain((RoleEntity)roleObj, expandList);
+    }
+    
+    @Override
+    public Role addRole(Role role) {
+        RoleEntity entity = new RoleEntity();
+        domain2entity(role, entity);
+        em.persist(entity);
+        
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("Role '" + role.getName() + "' added");
+        }
+        return entity2domain(entity, Arrays.asList("all"));
+    }
+
+    @Override
+    public void updateRole(String name, Role role) {
+        Query query = null;
+        query = em.createQuery("select r from Role r where r.name=:name");
+        query.setParameter("name", name);
+        
+        //@SuppressWarnings("rawtypes")
+        RoleEntity roleEntity = (RoleEntity)query.getSingleResult();
+        
+        domain2entity(role, roleEntity);
+        
+        em.persist(roleEntity);
+        
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("Role '" + role.getName() + "' updated");
+        }
+    }
+
+    @Override
+    public void deleteRole(String name) {
+        Query query = null;
+        query = em.createQuery("select r from Role r where r.name=:name");
+        query.setParameter("name", name);
+        
+        //@SuppressWarnings("rawtypes")
+        Object roleObj = query.getSingleResult();
+        em.remove(roleObj);
+        
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("Role '" + name + "' deleted");
+        }
+        
+    }
+    
+    @Override
+    public void addEntitlementToRole(Role role, Entitlement entitlement) {
+        RoleEntity roleEntity = null;
+        if (role.getId() != 0) {
+            roleEntity = em.find(RoleEntity.class, role.getId());
+        } else {
+            roleEntity = getRoleEntity(role.getName(), em);
+        }
+        
+        EntitlementEntity entitlementEntity = null;
+        if (entitlement.getId() != 0) {
+            entitlementEntity = em.find(EntitlementEntity.class, entitlement.getId());
+        } else {
+            entitlementEntity = EntitlementDAOJPAImpl.getEntitlementEntity(entitlement.getName(), em);
+        }
+        
+        roleEntity.getEntitlements().add(entitlementEntity);
+        
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("Entitlement '" + entitlement.getName() + "' added to Role '" + role.getName() + "'");
+        }
+    }
+    
+    @Override
+    public void removeEntitlementFromRole(Role role, Entitlement entitlement) {
+        RoleEntity roleEntity = null;
+        if (role.getId() != 0) {
+            roleEntity = em.find(RoleEntity.class, role.getId());
+        } else {
+            roleEntity = getRoleEntity(role.getName(), em);
+        }
+        
+        EntitlementEntity entitlementEntity = null;
+        if (entitlement.getId() != 0) {
+            entitlementEntity = em.find(EntitlementEntity.class, entitlement.getId());
+        } else {
+            entitlementEntity = EntitlementDAOJPAImpl.getEntitlementEntity(entitlement.getName(), em);
+        }
+        
+        if (entitlementEntity == null) {
+            throw new EntityNotFoundException("EntitlementEntity not found");
+        }
+        
+        if (!roleEntity.getEntitlements().remove(entitlementEntity)) {
+            throw new EntityNotFoundException("EntitlementEntity not assigned to RoleEntity");
+        }
+                
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("Entitlement '" + entitlement.getName() + "' removed from Role '" + role.getName() + "'");
+        }
+    }
+    
+    static RoleEntity getRoleEntity(String realm, EntityManager em) {
+        Query query = null;
+        query = em.createQuery("select i from IDP i where i.realm=:realm");
+        query.setParameter("realm", realm);
+        
+        //@SuppressWarnings("rawtypes")
+        return (RoleEntity)query.getSingleResult();
+    }
+    
+    public static void domain2entity(Role role, RoleEntity entity) {
+        //The ID must not be updated if the entity has got an id already (update case)
+        if (role.getId() > 0) {
+            entity.setId(role.getId());
+        }
+        
+        entity.setName(role.getName());
+        entity.setDescription(role.getDescription());
+    }
+
+    
+    public static Role entity2domain(RoleEntity entity, List<String> expandList) {
+        Role role = new Role();
+        role.setId(entity.getId());
+        role.setName(entity.getName());
+        role.setDescription(entity.getDescription());
+        
+        if (expandList != null && (expandList.contains("all") || expandList.contains("entitlements"))) {
+            for (EntitlementEntity item : entity.getEntitlements()) {
+                Entitlement entitlement = EntitlementDAOJPAImpl.entity2domain(item);
+                role.getEntitlements().add(entitlement);
+            }
+        }
+        
+        return role;
+    }
+
+}

Copied: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/RoleEntity.java (from r1572238, cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Entitlement.java)
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/RoleEntity.java?p2=cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/RoleEntity.java&p1=cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Entitlement.java&r1=1572238&r2=1572730&rev=1572730&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Entitlement.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/RoleEntity.java Thu Feb 27 21:04:15 2014
@@ -16,24 +16,32 @@
  * specific language governing permissions and limitations
  * under the License.
  */
-package org.apache.cxf.fediz.service.idp.domain;
+package org.apache.cxf.fediz.service.idp.service.jpa;
 
-import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.List;
 
-import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlRootElement;
+import javax.persistence.CascadeType;
+import javax.persistence.Entity;
+import javax.persistence.Id;
+import javax.persistence.ManyToMany;
 
-@XmlRootElement(name = "entitlement", namespace = "http://org.apache.cxf.fediz/")
-public class Entitlement implements Serializable {
+import org.apache.openjpa.persistence.jdbc.Index;
+
+@Entity(name = "Role")
+public class RoleEntity {
+    
+    @Id
+    private int id;
+    
+    @Index
+    private String name;
     
-    private static final long serialVersionUID = 2635896159019665467L;
+    private String description;
     
-    protected String name;
-    protected String description;
-    protected int id;
-    protected boolean internal;
+    @ManyToMany(cascade = CascadeType.ALL)
+    private List<EntitlementEntity> entitlements = new ArrayList<EntitlementEntity>();
     
-    @XmlAttribute
     public int getId() {
         return id;
     }
@@ -57,12 +65,13 @@ public class Entitlement implements Seri
     public void setDescription(String description) {
         this.description = description;
     }
-
-    public boolean isInternal() {
-        return internal;
+    
+    public List<EntitlementEntity> getEntitlements() {
+        return entitlements;
     }
 
-    public void setInternal(boolean internal) {
-        this.internal = internal;
+    public void setEntitlements(List<EntitlementEntity> entitlements) {
+        this.entitlements = entitlements;
     }
+
 }

Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/security/GrantedAuthorityEntitlements.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/security/GrantedAuthorityEntitlements.java?rev=1572730&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/security/GrantedAuthorityEntitlements.java (added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/security/GrantedAuthorityEntitlements.java Thu Feb 27 21:04:15 2014
@@ -0,0 +1,102 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.service.security;
+
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+
+import org.apache.cxf.fediz.service.idp.domain.Entitlement;
+import org.apache.cxf.fediz.service.idp.domain.Role;
+import org.apache.cxf.fediz.service.idp.service.RoleDAO;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.web.filter.GenericFilterBean;
+
+public class GrantedAuthorityEntitlements extends GenericFilterBean {
+
+    private static final Logger LOG = LoggerFactory.getLogger(GrantedAuthorityEntitlements.class);
+    
+    @Autowired
+    private RoleDAO roleDAO;
+    
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+        throws IOException, ServletException {
+        
+        try {
+            Authentication currentAuth = SecurityContextHolder.getContext().getAuthentication();
+            if (currentAuth == null) {
+                chain.doFilter(request, response);
+                return;
+            }
+            
+            final Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
+            if (currentAuth.getAuthorities() != null) {
+                authorities.addAll(currentAuth.getAuthorities());
+            }
+            
+            Iterator<? extends GrantedAuthority> authIt = currentAuth.getAuthorities().iterator();
+            while (authIt.hasNext()) {
+                GrantedAuthority ga = authIt.next();
+                String roleName = ga.getAuthority();
+                
+                try {
+                    Role role = roleDAO.getRole(roleName.substring(5), Arrays.asList("all"));
+                    for (Entitlement e : role.getEntitlements()) {
+                        authorities.add(new SimpleGrantedAuthority(e.getName()));
+                    }
+                } catch (Exception ex) {
+                    LOG.error("Role '" + roleName + "' not found");
+                }
+            }
+            
+            if (LOG.isDebugEnabled()) {
+                LOG.debug(authorities.toString());
+            }
+            UsernamePasswordAuthenticationToken enrichedAuthentication = new UsernamePasswordAuthenticationToken(
+                currentAuth.getName(), currentAuth.getCredentials(), authorities);
+            enrichedAuthentication.setDetails(currentAuth.getDetails());
+            
+            SecurityContextHolder.getContext().setAuthentication(enrichedAuthentication);
+            LOG.info("Enriched AuthenticationToken added");
+            
+        } catch (Exception ex) {
+            LOG.error("Failed to enrich security context with entitlements", ex);
+        }
+        
+        chain.doFilter(request, response);
+    }
+
+}

Modified: cxf/fediz/trunk/services/idp/src/main/resources/META-INF/orm.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/resources/META-INF/orm.xml?rev=1572730&r1=1572729&r2=1572730&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/resources/META-INF/orm.xml (original)
+++ cxf/fediz/trunk/services/idp/src/main/resources/META-INF/orm.xml Thu Feb 27 21:04:15 2014
@@ -153,4 +153,31 @@
             </id>
         </attributes>
     </entity>
+    
+    <entity class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity">
+        <table>
+            <unique-constraint>
+                <column-name>name</column-name>
+            </unique-constraint>
+        </table>
+        <attributes>
+            <id name="id">
+                <generated-value generator="SEQ_ROLE"
+                    strategy="TABLE" />
+                <table-generator name="SEQ_ROLE"
+                    pk-column-value="SEQ_ROLE" initial-value="100" />
+            </id>
+            <many-to-many name="entitlements">
+                <join-table name="role_entitlements">
+                    <join-column name="role_id" />
+                    <inverse-join-column name="entitlement_id" />
+                    <unique-constraint>
+                        <column-name>role_id</column-name>
+                        <column-name>entitlement_id</column-name>
+                    </unique-constraint>
+                </join-table>
+            </many-to-many>
+        </attributes>
+    </entity>
+    
 </entity-mappings>

Modified: cxf/fediz/trunk/services/idp/src/main/resources/entities-realma.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/resources/entities-realma.xml?rev=1572730&r1=1572729&r2=1572730&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/resources/entities-realma.xml (original)
+++ cxf/fediz/trunk/services/idp/src/main/resources/entities-realma.xml Thu Feb 27 21:04:15 2014
@@ -194,6 +194,271 @@
             value="Description for CLAIM_DELETE" />
     </bean>
 
+    <bean id="entitlement_application_list"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="APPLICATION_LIST" />
+        <property name="description"
+            value="Description for APPLICATION_LIST" />
+    </bean>
+    <bean id="entitlement_application_create"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="APPLICATION_CREATE" />
+        <property name="description"
+            value="Description for APPLICATION_CREATE" />
+    </bean>
+    <bean id="entitlement_application_read"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="APPLICATION_READ" />
+        <property name="description"
+            value="Description for APPLICATION_READ" />
+    </bean>
+    <bean id="entitlement_application_update"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="APPLICATION_UPDATE" />
+        <property name="description"
+            value="Description for APPLICATION_UPDATE" />
+    </bean>
+    <bean id="entitlement_application_delete"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="APPLICATION_DELETE" />
+        <property name="description"
+            value="Description for APPLICATION_DELETE" />
+    </bean>
+    
+    <bean id="entitlement_trustedidp_list"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="TRUSTEDIDP_LIST" />
+        <property name="description"
+            value="Description for TRUSTEDIDP_LIST" />
+    </bean>
+    <bean id="entitlement_trustedidp_create"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="TRUSTEDIDP" />
+        <property name="description"
+            value="Description for TRUSTEDIDP_CREATE" />
+    </bean>
+    <bean id="entitlement_trustedidp_read"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="TRUSTEDIDP_READ" />
+        <property name="description"
+            value="Description for TRUSTEDIDP_READ" />
+    </bean>
+    <bean id="entitlement_trustedidp_update"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="TRUSTEDIDP_UPDATE" />
+        <property name="description"
+            value="Description for TRUSTEDIDP_UPDATE" />
+    </bean>
+    <bean id="entitlement_trustedidp_delete"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="TRUSTEDIDP_DELETE" />
+        <property name="description"
+            value="Description for TRUSTEDIDP_DELETE" />
+    </bean>
+
+    <bean id="entitlement_idp_list"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="IDP_LIST" />
+        <property name="description"
+            value="Description for IDP_LIST" />
+    </bean>
+    <bean id="entitlement_idp_create"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="IDP_CREATE" />
+        <property name="description"
+            value="Description for IDP_CREATE" />
+    </bean>
+    <bean id="entitlement_idp_read"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="IDP_READ" />
+        <property name="description"
+            value="Description for IDP_READ" />
+    </bean>
+    <bean id="entitlement_idp_update"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="IDP_UPDATE" />
+        <property name="description"
+            value="Description for IDP_UPDATE" />
+    </bean>
+    <bean id="entitlement_idp_delete"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="IDP_DELETE" />
+        <property name="description"
+            value="Description for IDP_DELETE" />
+    </bean>
+    
+    <bean id="entitlement_role_list"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="ROLE_LIST" />
+        <property name="description"
+            value="Description for ROLE_LIST" />
+    </bean>
+    <bean id="entitlement_role_create"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="ROLE_CREATE" />
+        <property name="description"
+            value="Description for ROLE_CREATE" />
+    </bean>
+    <bean id="entitlement_role_read"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="ROLE_READ" />
+        <property name="description"
+            value="Description for ROLE_READ" />
+    </bean>
+    <bean id="entitlement_role_update"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="ROLE_UPDATE" />
+        <property name="description"
+            value="Description for ROLE_UPDATE" />
+    </bean>
+    <bean id="entitlement_role_delete"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="ROLE_DELETE" />
+        <property name="description"
+            value="Description for ROLE_DELETE" />
+    </bean>
+    
+    <bean id="entitlement_entitlement_list"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="ENTITLEMENT_LIST" />
+        <property name="description"
+            value="Description for ENTITLEMENT_LIST" />
+    </bean>
+    <bean id="entitlement_entitlement_create"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="ENTITLEMENT_CREATE" />
+        <property name="description"
+            value="Description for ENTITLEMENT_CREATE" />
+    </bean>
+    <bean id="entitlement_entitlement_read"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="ENTITLEMENT_READ" />
+        <property name="description"
+            value="Description for ENTITLEMENT_READ" />
+    </bean>
+    <bean id="entitlement_entitlement_update"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="ENTITLEMENT_UPDATE" />
+        <property name="description"
+            value="Description for ENTITLEMENT_UPDATE" />
+    </bean>
+    <bean id="entitlement_entitlement_delete"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="ENTITLEMENT_DELETE" />
+        <property name="description"
+            value="Description for ENTITLEMENT_DELETE" />
+    </bean>
+    
+    <bean id="role_admin"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity">
+        <property name="name"
+            value="ADMIN" />
+        <property name="description"
+            value="This is the administrator role with full access" />
+        <property name="entitlements">
+            <util:list>
+                <ref bean="entitlement_claim_list" />
+                <ref bean="entitlement_claim_create" />
+                <ref bean="entitlement_claim_read" />
+                <ref bean="entitlement_claim_update" />
+                <ref bean="entitlement_claim_delete" />
+                <ref bean="entitlement_idp_list" />
+                <ref bean="entitlement_idp_create" />
+                <ref bean="entitlement_idp_read" />
+                <ref bean="entitlement_idp_update" />
+                <ref bean="entitlement_idp_delete" />
+                <ref bean="entitlement_trustedidp_list" />
+                <ref bean="entitlement_trustedidp_create" />
+                <ref bean="entitlement_trustedidp_read" />
+                <ref bean="entitlement_trustedidp_update" />
+                <ref bean="entitlement_trustedidp_delete" />
+                <ref bean="entitlement_application_list" />
+                <ref bean="entitlement_application_create" />
+                <ref bean="entitlement_application_read" />
+                <ref bean="entitlement_application_update" />
+                <ref bean="entitlement_application_delete" />
+                <ref bean="entitlement_role_list" />
+                <ref bean="entitlement_role_create" />
+                <ref bean="entitlement_role_read" />
+                <ref bean="entitlement_role_update" />
+                <ref bean="entitlement_role_delete" />
+                <ref bean="entitlement_entitlement_list" />
+                <ref bean="entitlement_entitlement_create" />
+                <ref bean="entitlement_entitlement_read" />
+                <ref bean="entitlement_entitlement_update" />
+                <ref bean="entitlement_entitlement_delete" />
+            </util:list>
+        </property>
+    </bean>
+    <bean id="role_user"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity">
+        <property name="name"
+            value="USER" />
+        <property name="description"
+            value="This is the user role with read access" />
+        <property name="entitlements">
+            <util:list>
+                <ref bean="entitlement_claim_list" />
+                <ref bean="entitlement_claim_read" />
+                <ref bean="entitlement_idp_list" />
+                <ref bean="entitlement_idp_read" />
+                <ref bean="entitlement_trustedidp_list" />
+                <ref bean="entitlement_trustedidp_read" />
+                <ref bean="entitlement_application_list" />
+                <ref bean="entitlement_application_read" />
+                <ref bean="entitlement_role_list" />
+                <ref bean="entitlement_role_read" />
+                <ref bean="entitlement_entitlement_list" />
+                <ref bean="entitlement_entitlement_read" />
+            </util:list>
+        </property>
+    </bean>
+    <bean id="role_idp_login"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity">
+        <property name="name"
+            value="IDP_LOGIN" />
+        <property name="description"
+            value="This is the IDP login role which is applied to Users during the IDP SSO" />
+        <property name="entitlements">
+            <util:list>
+                <ref bean="entitlement_claim_list" />
+                <ref bean="entitlement_claim_read" />
+                <ref bean="entitlement_idp_list" />
+                <ref bean="entitlement_idp_read" />
+                <ref bean="entitlement_trustedidp_list" />
+                <ref bean="entitlement_trustedidp_read" />
+                <ref bean="entitlement_application_list" />
+                <ref bean="entitlement_application_read" />
+            </util:list>
+        </property>
+    </bean>
+    
+
 
 </beans>
 



Mime
View raw message