cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From owu...@apache.org
Subject svn commit: r1575001 - in /cxf/fediz/trunk/services/idp: ./ src/main/java/org/apache/cxf/fediz/service/idp/beans/ src/main/java/org/apache/cxf/fediz/service/idp/protocols/ src/main/java/org/apache/cxf/fediz/service/idp/rest/ src/main/java/org/apache/cx...
Date Thu, 06 Mar 2014 18:53:13 GMT
Author: owulff
Date: Thu Mar  6 18:53:13 2014
New Revision: 1575001

URL: http://svn.apache.org/r1575001
Log:
[FEDIZ-72] Make Trusted IDP protocol customizable

Added:
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/TrustedIdpProtocolAction.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationProtocolControllerImpl.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationWSFedProtocolHandler.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ProtocolController.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpProtocolControllerImpl.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java
      - copied, changed from r1574223, cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ValidateTokenAction.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ProtocolSupportValidator.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ProtocolSupported.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/spi/
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/spi/ApplicationProtocolHandler.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/spi/ProtocolHandler.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/spi/TrustedIdpProtocolHandler.java
Removed:
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ValidateTokenAction.java
Modified:
    cxf/fediz/trunk/services/idp/pom.xml
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdpServiceImpl.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationEntity.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpEntity.java
    cxf/fediz/trunk/services/idp/src/main/resources/entities-realma.xml
    cxf/fediz/trunk/services/idp/src/main/resources/entities-realmb.xml
    cxf/fediz/trunk/services/idp/src/main/resources/log4j.properties
    cxf/fediz/trunk/services/idp/src/main/resources/persistenceContext.xml
    cxf/fediz/trunk/services/idp/src/main/resources/restContext.xml
    cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml
    cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/federation-signin-response.xml
    cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml
    cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-servlet.xml
    cxf/fediz/trunk/services/idp/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/TestDBLoader.java
    cxf/fediz/trunk/services/idp/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpDAOJPATest.java
    cxf/fediz/trunk/services/idp/src/test/resources/testContext.xml

Modified: cxf/fediz/trunk/services/idp/pom.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/pom.xml?rev=1575001&r1=1575000&r2=1575001&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/pom.xml (original)
+++ cxf/fediz/trunk/services/idp/pom.xml Thu Mar  6 18:53:13 2014
@@ -215,6 +215,7 @@
             <artifactId>bval-jsr303</artifactId>
             <version>${bval.version}</version>
         </dependency>
+        
     </dependencies>
     <build>
         <resources>

Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/TrustedIdpProtocolAction.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/TrustedIdpProtocolAction.java?rev=1575001&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/TrustedIdpProtocolAction.java (added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/TrustedIdpProtocolAction.java Thu Mar  6 18:53:13 2014
@@ -0,0 +1,104 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.beans;
+
+import java.net.URL;
+
+import org.apache.cxf.fediz.service.idp.domain.Idp;
+import org.apache.cxf.fediz.service.idp.domain.TrustedIdp;
+import org.apache.cxf.fediz.service.idp.protocols.ProtocolController;
+import org.apache.cxf.fediz.service.idp.spi.TrustedIdpProtocolHandler;
+import org.apache.cxf.fediz.service.idp.util.WebUtils;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.webflow.execution.RequestContext;
+
+/**
+ * This class is responsible to clear security context and invalidate IDP session.
+ */
+
+public class TrustedIdpProtocolAction {
+
+    private static final Logger LOG = LoggerFactory.getLogger(TrustedIdpProtocolAction.class);
+    
+    private static final String IDP_CONFIG = "idpConfig";
+
+    
+    @Autowired
+    // Qualifier workaround. See http://www.jayway.com/2013/11/03/spring-and-autowiring-of-generic-types/
+    @Qualifier("trustedIdpProtocolControllerImpl")
+    private ProtocolController<TrustedIdpProtocolHandler> trustedIdpProtocolHandlers;
+    
+    public String mapSignInRequest(RequestContext requestContext) {
+        String trustedIdpRealm = requestContext.getFlowScope().getString("whr");
+        LOG.info("Prepare redirect to Trusted IDP '{}'", trustedIdpRealm);
+        
+        Idp idpConfig = (Idp) WebUtils.getAttributeFromFlowScope(requestContext, IDP_CONFIG);
+        
+        TrustedIdp trustedIdp = idpConfig.findTrustedIdp(trustedIdpRealm);
+        if (trustedIdp == null) {
+            LOG.error("TrustedIdp '{}' not configured", trustedIdpRealm);
+            throw new IllegalStateException("TrustedIdp '" + trustedIdpRealm + "'");
+        }
+        
+        String protocol = trustedIdp.getProtocol();
+        LOG.debug("TrustedIdp '{}' supports protocol {}", trustedIdpRealm, protocol);
+        
+        TrustedIdpProtocolHandler protocolHandler = trustedIdpProtocolHandlers.getProtocolHandler(protocol);
+        if (protocolHandler == null) {
+            LOG.error("No ProtocolHandler found for {}", protocol);
+            throw new IllegalStateException("No ProtocolHandler found for '" + protocol + "'");
+        }
+        URL redirectUrl = protocolHandler.mapSignInRequest(requestContext, idpConfig, trustedIdp);
+        LOG.info("Redirect url {}", redirectUrl.toString());
+        return redirectUrl.toString();
+    }
+    
+    public SecurityToken mapSignInResponse(RequestContext requestContext) {
+        String trustedIdpRealm = requestContext.getFlowScope().getString("whr");
+        LOG.info("Prepare validate SignInResponse of Trusted IDP '{}'", trustedIdpRealm);
+        
+        Idp idpConfig = (Idp) WebUtils.getAttributeFromFlowScope(requestContext, IDP_CONFIG);
+        
+        TrustedIdp trustedIdp = idpConfig.findTrustedIdp(trustedIdpRealm);
+        if (trustedIdp == null) {
+            LOG.error("TrustedIdp '{}' not configured", trustedIdpRealm);
+            throw new IllegalStateException("TrustedIdp '" + trustedIdpRealm + "'");
+        }
+        
+        String protocol = trustedIdp.getProtocol();
+        LOG.debug("TrustedIdp '{}' supports protocol {}", trustedIdpRealm, protocol);
+        
+        TrustedIdpProtocolHandler protocolHandler = trustedIdpProtocolHandlers.getProtocolHandler(protocol);
+        if (protocolHandler == null) {
+            LOG.error("No ProtocolHandler found for {}", protocol);
+            throw new IllegalStateException("No ProtocolHandler found for '" + protocol + "'");
+        }
+        SecurityToken token = protocolHandler.mapSignInResponse(requestContext, idpConfig, trustedIdp);
+        if (token != null) {
+            LOG.info("SignInResponse successfully validated and SecurityToken created");
+        }
+        return token;
+    }
+}

Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationProtocolControllerImpl.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationProtocolControllerImpl.java?rev=1575001&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationProtocolControllerImpl.java (added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationProtocolControllerImpl.java Thu Mar  6 18:53:13 2014
@@ -0,0 +1,60 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp.protocols;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.apache.cxf.fediz.service.idp.spi.ApplicationProtocolHandler;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+@Component
+public class ApplicationProtocolControllerImpl implements ProtocolController<ApplicationProtocolHandler> {
+
+    private static final Logger LOG = LoggerFactory.getLogger(ApplicationProtocolControllerImpl.class);
+    
+    @Autowired
+    private List<ApplicationProtocolHandler> protocolHandlers;
+    
+    @Override
+    public ApplicationProtocolHandler getProtocolHandler(String protocol) {
+        for (ApplicationProtocolHandler protocolHandler : protocolHandlers) {
+            if (protocolHandler.equals(protocol)) {
+                return protocolHandler;
+            }
+        }
+        LOG.warn("No protocol handler found for {}", protocol);
+        return null;
+    }
+    
+    @Override
+    public List<String> getProtocols() {
+        List<String> protocols = new ArrayList<String>();
+        for (ApplicationProtocolHandler protocolHandler : protocolHandlers) {
+            protocols.add(protocolHandler.getProtocol());
+        }
+        return Collections.unmodifiableList(protocols);
+    }
+
+}

Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationWSFedProtocolHandler.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationWSFedProtocolHandler.java?rev=1575001&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationWSFedProtocolHandler.java (added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationWSFedProtocolHandler.java Thu Mar  6 18:53:13 2014
@@ -0,0 +1,57 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp.protocols;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.cxf.fediz.service.idp.spi.ApplicationProtocolHandler;
+
+import org.springframework.stereotype.Component;
+import org.springframework.webflow.execution.RequestContext;
+
+@Component
+public class ApplicationWSFedProtocolHandler implements ApplicationProtocolHandler {
+    
+    public static final String PROTOCOL = "http://docs.oasis-open.org/wsfed/federation/200706";
+
+    //private static final Logger LOG = LoggerFactory.getLogger(ApplicationWSFedProtocolHandler.class);
+
+    @Override
+    public boolean canHandleRequest(HttpServletRequest request) {
+        // TODO Auto-generated method stub
+        return false;
+    }
+
+    @Override
+    public String getProtocol() {
+        return PROTOCOL;
+    }
+
+    @Override
+    public void mapSignInRequest(RequestContext context) {
+        // TODO Auto-generated method stub
+    }
+
+    @Override
+    public void mapSignInResponse(RequestContext context) {
+        // TODO Auto-generated method stub
+    }
+
+}

Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ProtocolController.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ProtocolController.java?rev=1575001&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ProtocolController.java (added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ProtocolController.java Thu Mar  6 18:53:13 2014
@@ -0,0 +1,32 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp.protocols;
+
+import java.util.List;
+
+import org.apache.cxf.fediz.service.idp.spi.ProtocolHandler;
+
+public interface ProtocolController<T extends ProtocolHandler> {
+
+    T getProtocolHandler(String protocol);
+
+    List<String> getProtocols();
+
+}

Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpProtocolControllerImpl.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpProtocolControllerImpl.java?rev=1575001&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpProtocolControllerImpl.java (added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpProtocolControllerImpl.java Thu Mar  6 18:53:13 2014
@@ -0,0 +1,60 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp.protocols;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.apache.cxf.fediz.service.idp.spi.TrustedIdpProtocolHandler;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+@Component
+public class TrustedIdpProtocolControllerImpl implements ProtocolController<TrustedIdpProtocolHandler> {
+
+    private static final Logger LOG = LoggerFactory.getLogger(TrustedIdpProtocolControllerImpl.class);
+    
+    @Autowired
+    private List<TrustedIdpProtocolHandler> protocolHandlers;
+    
+    @Override
+    public TrustedIdpProtocolHandler getProtocolHandler(String protocol) {
+        for (TrustedIdpProtocolHandler protocolHandler : protocolHandlers) {
+            if (protocolHandler.getProtocol().equals(protocol)) {
+                return protocolHandler;
+            }
+        }
+        LOG.warn("No protocol handler found for {}", protocol);
+        return null;
+    }
+    
+    @Override
+    public List<String> getProtocols() {
+        List<String> protocols = new ArrayList<String>();
+        for (TrustedIdpProtocolHandler protocolHandler : protocolHandlers) {
+            protocols.add(protocolHandler.getProtocol());
+        }
+        return Collections.unmodifiableList(protocols);
+    }
+
+}

Copied: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java (from r1574223, cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ValidateTokenAction.java)
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java?p2=cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java&p1=cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ValidateTokenAction.java&r1=1574223&r2=1575001&rev=1575001&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ValidateTokenAction.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java Thu Mar  6 18:53:13 2014
@@ -16,16 +16,23 @@
  * specific language governing permissions and limitations
  * under the License.
  */
-package org.apache.cxf.fediz.service.idp.beans;
+
+package org.apache.cxf.fediz.service.idp.protocols;
 
 import java.io.ByteArrayInputStream;
-import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.net.URLEncoder;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.util.Collections;
 
+import javax.servlet.http.HttpServletRequest;
+
 import org.w3c.dom.Element;
+
 import org.apache.cxf.fediz.core.FederationConstants;
 import org.apache.cxf.fediz.core.FederationProcessor;
 import org.apache.cxf.fediz.core.FederationProcessorImpl;
@@ -43,100 +50,136 @@ import org.apache.cxf.fediz.core.config.
 import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuers;
 import org.apache.cxf.fediz.core.config.jaxb.ValidationType;
 import org.apache.cxf.fediz.core.exception.ProcessingException;
-import org.apache.cxf.fediz.core.exception.ProcessingException.TYPE;
 import org.apache.cxf.fediz.service.idp.domain.Idp;
 import org.apache.cxf.fediz.service.idp.domain.TrustedIdp;
+import org.apache.cxf.fediz.service.idp.spi.TrustedIdpProtocolHandler;
 import org.apache.cxf.fediz.service.idp.util.WebUtils;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.wss4j.common.crypto.CertificateStore;
 import org.apache.xml.security.exceptions.Base64DecodingException;
 import org.apache.xml.security.stax.impl.util.IDGenerator;
 import org.apache.xml.security.utils.Base64;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.webflow.execution.RequestContext;
-
-/**
- * This class is responsible to validate token returned by
- * requestor IDP.
- */
-
-public class ValidateTokenAction {
-
-    private static final String IDP_CONFIG = "idpConfig";
-    private static final Logger LOG = LoggerFactory
-            .getLogger(ValidateTokenAction.class);
-
-    public SecurityToken submit(RequestContext context)
-        throws ProcessingException, IOException {
-        Idp idpConfig = (Idp) WebUtils.getAttributeFromFlowScope(
-                context, IDP_CONFIG);
-
-        if (idpConfig == null) {
-            throw new ProcessingException("IDP configuration is null",
-                    TYPE.BAD_REQUEST);
-        }
 
-        String whr = (String) WebUtils.getAttributeFromFlowScope(context,
-                FederationConstants.PARAM_HOME_REALM);
+import org.springframework.stereotype.Component;
+import org.springframework.webflow.execution.RequestContext;
 
-        if (whr == null) {
-            throw new ProcessingException("Home realm is null",
-                    TYPE.BAD_REQUEST);
-        }
+@Component
+public class TrustedIdpWSFedProtocolHandler implements TrustedIdpProtocolHandler {
+    
+    public static final String PROTOCOL = "http://docs.oasis-open.org/wsfed/federation/200706";
 
-        String wresult = (String) WebUtils.getAttributeFromFlowScope(context,
-                FederationConstants.PARAM_RESULT);
+    private static final Logger LOG = LoggerFactory.getLogger(TrustedIdpWSFedProtocolHandler.class);
 
-        if (wresult == null) {
-            throw new ProcessingException("No security token issued",
-                    TYPE.BAD_REQUEST);
-        }
+    @Override
+    public boolean canHandleRequest(HttpServletRequest request) {
+        // TODO Auto-generated method stub
+        return false;
+    }
 
-        TrustedIdp trustedIDPConfig = idpConfig.findTrustedIdp(whr);
+    @Override
+    public String getProtocol() {
+        return PROTOCOL;
+    }
 
-        if (trustedIDPConfig == null) {
-            throw new ProcessingException(
-                    "No trusted IDP config found for home realm " + whr,
-                    TYPE.BAD_REQUEST);
+    @Override
+    public URL mapSignInRequest(RequestContext context, Idp idp, TrustedIdp trustedIdp) {
+        
+        try {
+            StringBuffer sb = new StringBuffer();
+            sb.append(trustedIdp.getUrl());
+            sb.append("?").append(FederationConstants.PARAM_ACTION).append('=');
+            sb.append(FederationConstants.ACTION_SIGNIN);
+            sb.append("&").append(FederationConstants.PARAM_TREALM).append('=');
+            sb.append(URLEncoder.encode(idp.getRealm(), "UTF-8"));
+            sb.append("&").append(FederationConstants.PARAM_REPLY).append('=');
+            sb.append(URLEncoder.encode(idp.getIdpUrl().toString(), "UTF-8"));
+            
+            String wfresh = context.getFlowScope().getString(FederationConstants.PARAM_FRESHNESS);
+            if (wfresh != null) {
+                sb.append("&").append(FederationConstants.PARAM_FRESHNESS).append('=');
+                sb.append(URLEncoder.encode(wfresh, "UTF-8"));
+            }
+            String wctx = context.getFlowScope().getString(FederationConstants.PARAM_CONTEXT);
+            if (wctx != null) {
+                sb.append("&").append(FederationConstants.PARAM_CONTEXT).append('=');
+                sb.append(wctx);
+            }
+        
+            return new URL(sb.toString());
+        } catch (MalformedURLException ex) {
+            LOG.error("Invalid Redirect URL for Trusted Idp", ex);
+            throw new IllegalStateException("Invalid Redirect URL for Trusted Idp");
+        } catch (UnsupportedEncodingException ex) {
+            LOG.error("Invalid Redirect URL for Trusted Idp", ex);
+            throw new IllegalStateException("Invalid Redirect URL for Trusted Idp");
         }
+    }
 
-        FederationContext fedContext = getFederationContext(idpConfig,
-                trustedIDPConfig);
-
-        FederationRequest wfReq = new FederationRequest();
-        wfReq.setWa(FederationConstants.ACTION_SIGNIN);
-        wfReq.setWresult(wresult);
-
-        FederationProcessor wfProc = new FederationProcessorImpl();
-        FederationResponse wfResp = wfProc.processRequest(wfReq, fedContext);
-
-        fedContext.close();
+    @Override
+    public SecurityToken mapSignInResponse(RequestContext context, Idp idp, TrustedIdp trustedIdp) {
 
-        Element e = wfResp.getToken();
-        
-        // Create new Security token with new id. 
-        // Parameters for freshness computation are copied from original IDP_TOKEN
-        String id = IDGenerator.generateID("_");
-        SecurityToken idpToken = new SecurityToken(id,
-            wfResp.getTokenCreated(), wfResp.getTokenExpires());
-
-        idpToken.setToken(e);
-        LOG.info("[IDP_TOKEN=" + id + "] for user '" + wfResp.getUsername()
-                + "' created from [RP_TOKEN=" + wfResp.getUniqueTokenId()
-                + "] issued by home realm [" + whr + "/"
-                + wfResp.getIssuer() + "].");
-        if (LOG.isDebugEnabled()) {
-            LOG.debug("Created date=" + wfResp.getTokenCreated());
-            LOG.debug("Expired date=" + wfResp.getTokenExpires());
-        }
-        if (LOG.isDebugEnabled()) {
-            LOG.debug("Validated 'wresult' : "
+        try {
+            String whr = (String) WebUtils.getAttributeFromFlowScope(context,
+                                                                     FederationConstants.PARAM_HOME_REALM);
+    
+            if (whr == null) {
+                LOG.warn("Home realm is null");
+                throw new IllegalStateException("Home realm is null");
+            }
+    
+            String wresult = (String) WebUtils.getAttributeFromFlowScope(context,
+                                                                         FederationConstants.PARAM_RESULT);
+    
+            if (wresult == null) {
+                LOG.warn("Parameter wresult not found");
+                throw new IllegalStateException("No security token issued");
+            }
+    
+            FederationContext fedContext = getFederationContext(idp, trustedIdp);
+    
+            FederationRequest wfReq = new FederationRequest();
+            wfReq.setWa(FederationConstants.ACTION_SIGNIN);
+            wfReq.setWresult(wresult);
+    
+            FederationProcessor wfProc = new FederationProcessorImpl();
+            FederationResponse wfResp = wfProc.processRequest(wfReq, fedContext);
+    
+            fedContext.close();
+    
+            Element e = wfResp.getToken();
+    
+            // Create new Security token with new id. 
+            // Parameters for freshness computation are copied from original IDP_TOKEN
+            String id = IDGenerator.generateID("_");
+            SecurityToken idpToken = new SecurityToken(id,
+                                                       wfResp.getTokenCreated(), wfResp.getTokenExpires());
+    
+            idpToken.setToken(e);
+            LOG.info("[IDP_TOKEN=" + id + "] for user '" + wfResp.getUsername()
+                     + "' created from [RP_TOKEN=" + wfResp.getUniqueTokenId()
+                     + "] issued by home realm [" + whr + "/"
+                     + wfResp.getIssuer() + "].");
+            if (LOG.isDebugEnabled()) {
+                LOG.debug("Created date=" + wfResp.getTokenCreated());
+                LOG.debug("Expired date=" + wfResp.getTokenExpires());
+            }
+            if (LOG.isDebugEnabled()) {
+                LOG.debug("Validated 'wresult' : "
                     + System.getProperty("line.separator") + wresult);
+            }
+            return idpToken;
+        } catch (IllegalStateException ex) {
+            throw ex;
+        } catch (Exception ex) {
+            LOG.warn("Unexpected exception occured", ex);
+            throw new IllegalStateException("Unexpected exception occured: " + ex.getMessage());
         }
-        return idpToken;
     }
-
+    
+    
     private FederationContext getFederationContext(Idp idpConfig,
             TrustedIdp trustedIdpConfig) throws ProcessingException {
 
@@ -207,5 +250,6 @@ public class ValidateTokenAction {
         return (X509Certificate)CertificateFactory.getInstance("X.509").
             generateCertificate(new ByteArrayInputStream(decoded));
     }
+    
 
 }

Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdpServiceImpl.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdpServiceImpl.java?rev=1575001&r1=1575000&r2=1575001&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdpServiceImpl.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdpServiceImpl.java Thu Mar  6 18:53:13 2014
@@ -42,7 +42,6 @@ public class TrustedIdpServiceImpl imple
 
     @Autowired
     private TrustedIdpDAO trustedIdpDAO;
-
     
     
     @Override

Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationEntity.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationEntity.java?rev=1575001&r1=1575000&r2=1575001&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationEntity.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationEntity.java Thu Mar  6 18:53:13 2014
@@ -45,6 +45,7 @@ public class ApplicationEntity {
     // "http://docs.oa14sis-open.org/wsfed/federation/200706"
     // Metadata could provide more than one but one must be chosen
     @NotNull
+    @ProtocolSupported
     private String protocol;
  
     // Public key only

Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ProtocolSupportValidator.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ProtocolSupportValidator.java?rev=1575001&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ProtocolSupportValidator.java (added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ProtocolSupportValidator.java Thu Mar  6 18:53:13 2014
@@ -0,0 +1,92 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.service.jpa;
+
+import java.util.List;
+
+import javax.validation.ConstraintValidator;
+import javax.validation.ConstraintValidatorContext;
+
+import org.apache.bval.jsr303.ConstraintValidatorContextImpl;
+import org.apache.cxf.fediz.service.idp.protocols.ProtocolController;
+import org.apache.cxf.fediz.service.idp.spi.ApplicationProtocolHandler;
+import org.apache.cxf.fediz.service.idp.spi.TrustedIdpProtocolHandler;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.stereotype.Component;
+
+@Component
+public class ProtocolSupportValidator implements ConstraintValidator<ProtocolSupported, String> {
+
+    private static final Logger LOG = LoggerFactory.getLogger(ProtocolSupportValidator.class);
+    
+    @Autowired
+    // Qualifier workaround. See http://www.jayway.com/2013/11/03/spring-and-autowiring-of-generic-types/
+    @Qualifier("trustedIdpProtocolControllerImpl")
+    private ProtocolController<TrustedIdpProtocolHandler> trustedIdpProtocolHandlers;
+    
+    @Autowired
+    @Qualifier("applicationProtocolControllerImpl")
+    private ProtocolController<ApplicationProtocolHandler> applicationProtocolHandlers;
+    
+    
+    /*
+    public ProtocolSupportValidator() {
+        try {
+            throw new Exception("test");
+        } catch (Exception ex) {
+            LOG.error("", ex);
+        }
+    }
+    */
+    
+    @Override
+    public boolean isValid(String object, ConstraintValidatorContext constraintContext) {
+        
+        
+        ConstraintValidatorContextImpl x = (ConstraintValidatorContextImpl)constraintContext;
+        Class<?> owner = x.getValidationContext().getCurrentOwner();
+        
+        List<String> protocols = null;
+        if (owner.equals(TrustedIdpEntity.class)) {
+            protocols = trustedIdpProtocolHandlers.getProtocols();
+        } else if (owner.equals(ApplicationEntity.class)) {
+            protocols = applicationProtocolHandlers.getProtocols();
+        } else {
+            LOG.warn("Invalid owner {}. Ignoring validation.", owner.getCanonicalName());
+            return true;
+        }
+        
+        for (String protocol : protocols) {
+            if (protocol.equals(object)) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    @Override
+    public void initialize(ProtocolSupported constraintAnnotation) {
+    }
+
+}
\ No newline at end of file

Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ProtocolSupported.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ProtocolSupported.java?rev=1575001&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ProtocolSupported.java (added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ProtocolSupported.java Thu Mar  6 18:53:13 2014
@@ -0,0 +1,51 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp.service.jpa;
+
+
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+import static java.lang.annotation.ElementType.ANNOTATION_TYPE;
+import static java.lang.annotation.ElementType.FIELD;
+import static java.lang.annotation.ElementType.METHOD;
+
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+import javax.validation.Constraint;
+import javax.validation.Payload;
+
+
+
+@Target({ METHOD, FIELD, ANNOTATION_TYPE })
+@Retention(RUNTIME)
+@Constraint(validatedBy = ProtocolSupportValidator.class)
+@Documented
+public @interface ProtocolSupported {
+
+    String message() default "{Protocol not supported}";
+
+    Class<?>[] groups() default { };
+
+    Class<? extends Payload>[] payload() default { };
+
+}
\ No newline at end of file

Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpEntity.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpEntity.java?rev=1575001&r1=1575000&r2=1575001&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpEntity.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpEntity.java Thu Mar  6 18:53:13 2014
@@ -59,6 +59,7 @@ public class TrustedIdpEntity {
     //Could be read from Metadata, RoleDescriptor protocolSupportEnumeration=
     // "http://docs.oasis-open.org/wsfed/federation/200706"
     // Metadata could provide more than one but one must be chosen
+    @ProtocolSupported
     private String protocol;
     
     //FederateIdentity, FederateClaims

Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/spi/ApplicationProtocolHandler.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/spi/ApplicationProtocolHandler.java?rev=1575001&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/spi/ApplicationProtocolHandler.java (added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/spi/ApplicationProtocolHandler.java Thu Mar  6 18:53:13 2014
@@ -0,0 +1,33 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.spi;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.springframework.webflow.execution.RequestContext;
+
+public interface ApplicationProtocolHandler extends ProtocolHandler {
+    
+    boolean canHandleRequest(HttpServletRequest request);
+
+    void mapSignInRequest(RequestContext context);
+    
+    void mapSignInResponse(RequestContext context);
+
+}

Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/spi/ProtocolHandler.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/spi/ProtocolHandler.java?rev=1575001&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/spi/ProtocolHandler.java (added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/spi/ProtocolHandler.java Thu Mar  6 18:53:13 2014
@@ -0,0 +1,25 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.spi;
+
+public interface ProtocolHandler {
+
+    String getProtocol();
+
+}

Added: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/spi/TrustedIdpProtocolHandler.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/spi/TrustedIdpProtocolHandler.java?rev=1575001&view=auto
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/spi/TrustedIdpProtocolHandler.java (added)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/spi/TrustedIdpProtocolHandler.java Thu Mar  6 18:53:13 2014
@@ -0,0 +1,40 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.spi;
+
+import java.net.URL;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.cxf.fediz.service.idp.domain.Idp;
+import org.apache.cxf.fediz.service.idp.domain.TrustedIdp;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.springframework.webflow.execution.RequestContext;
+
+public interface TrustedIdpProtocolHandler extends ProtocolHandler {
+    
+    boolean canHandleRequest(HttpServletRequest request);
+
+    // Only supports HTTP GET SignIn Requests
+    URL mapSignInRequest(RequestContext context, Idp idp, TrustedIdp trustedIdp);
+    
+    //Hook in <action-state id="validateToken"> of federation-signin-response.xml
+    SecurityToken mapSignInResponse(RequestContext context, Idp idp, TrustedIdp trustedIdp);
+
+}

Modified: cxf/fediz/trunk/services/idp/src/main/resources/entities-realma.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/resources/entities-realma.xml?rev=1575001&r1=1575000&r2=1575001&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/resources/entities-realma.xml (original)
+++ cxf/fediz/trunk/services/idp/src/main/resources/entities-realma.xml Thu Mar  6 18:53:13 2014
@@ -241,7 +241,7 @@
     <bean id="entitlement_trustedidp_create"
         class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
         <property name="name"
-            value="TRUSTEDIDP" />
+            value="TRUSTEDIDP_CREATE" />
         <property name="description"
             value="Description for TRUSTEDIDP_CREATE" />
     </bean>

Modified: cxf/fediz/trunk/services/idp/src/main/resources/entities-realmb.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/resources/entities-realmb.xml?rev=1575001&r1=1575000&r2=1575001&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/resources/entities-realmb.xml (original)
+++ cxf/fediz/trunk/services/idp/src/main/resources/entities-realmb.xml Thu Mar  6 18:53:13 2014
@@ -200,7 +200,7 @@
     <bean id="entitlement_trustedidp_create"
         class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
         <property name="name"
-            value="TRUSTEDIDP" />
+            value="TRUSTEDIDP_CREATE" />
         <property name="description"
             value="Description for TRUSTEDIDP_CREATE" />
     </bean>

Modified: cxf/fediz/trunk/services/idp/src/main/resources/log4j.properties
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/resources/log4j.properties?rev=1575001&r1=1575000&r2=1575001&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/resources/log4j.properties (original)
+++ cxf/fediz/trunk/services/idp/src/main/resources/log4j.properties Thu Mar  6 18:53:13 2014
@@ -1,8 +1,8 @@
 # Set root category priority to INFO and its only appender to CONSOLE.
 #log4j.rootCategory=FATAL, CONSOLE
 log4j.rootCategory=INFO, CONSOLE, LOGFILE
-log4j.logger.org.springframework.webflow=INFO,LOGFILE
-log4j.logger.org.springframework.security=DEBUG, CONSOLE, LOGFILE
+log4j.logger.org.springframework.webflow=DEBUG,LOGFILE
+log4j.logger.org.springframework.security=DEBUG,LOGFILE
 
 # CONSOLE is set to be a ConsoleAppender using a PatternLayout.
 log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender

Modified: cxf/fediz/trunk/services/idp/src/main/resources/persistenceContext.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/resources/persistenceContext.xml?rev=1575001&r1=1575000&r2=1575001&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/resources/persistenceContext.xml (original)
+++ cxf/fediz/trunk/services/idp/src/main/resources/persistenceContext.xml Thu Mar  6 18:53:13 2014
@@ -49,6 +49,11 @@
                 <property name="databasePlatform" value="org.apache.openjpa.jdbc.sql.${jpa.platform}" />
             </bean>
         </property>
+        <property name="jpaPropertyMap">
+            <map>
+                <entry key="javax.persistence.validation.factory" value-ref="validator" />
+            </map>
+        </property>
     </bean>
 
     <bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean">
@@ -97,11 +102,6 @@
     <bean id="dbListener"
         class="org.apache.cxf.fediz.service.idp.service.jpa.DBInitApplicationListener" />
         
-    <bean id="validator" class="org.springframework.validation.beanvalidation.LocalValidatorFactoryBean">
-    <!-- 
-        <property name="providerClass"
-                  value="org.apache.bval.jsr303.ApacheValidationProvider" />
-                  -->
-    </bean>
+    <bean id="validator" class="org.springframework.validation.beanvalidation.LocalValidatorFactoryBean" />
 
 </beans>
\ No newline at end of file

Modified: cxf/fediz/trunk/services/idp/src/main/resources/restContext.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/resources/restContext.xml?rev=1575001&r1=1575000&r2=1575001&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/resources/restContext.xml (original)
+++ cxf/fediz/trunk/services/idp/src/main/resources/restContext.xml Thu Mar  6 18:53:13 2014
@@ -32,6 +32,13 @@
         http://www.springframework.org/schema/security
         http://www.springframework.org/schema/security/spring-security-3.1.xsd">
 
+<!-- 
+<context:component-scan base-package="org.apache.cxf.fediz.service.idp.protocols" />
+    
+    
+    <bean
+        class="org.apache.cxf.fediz.service.idp.protocols.TrustedIdpProtocolHandlerImpl" />
+      -->   
     <context:property-placeholder location="classpath:realm.properties"/>
     
     <bean id="jaxbProvider" class="org.apache.cxf.jaxrs.provider.JAXBElementProvider">

Modified: cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml?rev=1575001&r1=1575000&r2=1575001&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml (original)
+++ cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml Thu Mar  6 18:53:13 2014
@@ -44,6 +44,9 @@
         http://cxf.apache.org/jaxrs
         http://cxf.apache.org/schemas/jaxrs.xsd">
 
+    <context:component-scan base-package="org.apache.cxf.fediz.service.idp.protocols" />
+        
+        
     <!-- Use http://www.baeldung.com/2012/02/06/properties-with-spring/ instead -->
     <bean
         class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">

Modified: cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/federation-signin-response.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/federation-signin-response.xml?rev=1575001&r1=1575000&r2=1575001&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/federation-signin-response.xml (original)
+++ cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/federation-signin-response.xml Thu Mar  6 18:53:13 2014
@@ -34,10 +34,25 @@
     </on-start>
 
     <!-- validate token issued by requestor IDP ('wresult') given its 'whr' -->
+    <!--  
     <action-state id="validateToken">
         <evaluate expression="validateTokenAction.submit(flowRequestContext)"
             result="flowScope.rpIdpToken" result-type="org.apache.cxf.ws.security.tokenstore.SecurityToken" />
         <transition to="requestRpToken">
+            <set name="externalContext.sessionMap[flowScope.whr]"
+                value="flowScope.rpIdpToken" />
+        </transition>
+        <transition
+            on-exception="org.apache.cxf.fediz.core.exception.ProcessingException"
+            to="viewBadRequest" />
+        <transition on-exception="java.lang.Throwable" to="scInternalServerError" />
+    </action-state>
+    -->
+    
+    <action-state id="validateToken">
+        <evaluate expression="trustedIdpProtocolAction.mapSignInResponse(flowRequestContext)"
+            result="flowScope.rpIdpToken" result-type="org.apache.cxf.ws.security.tokenstore.SecurityToken" />
+        <transition to="requestRpToken">
             <!-- cache validated token under key = requestor home realm -->
             <set name="externalContext.sessionMap[flowScope.whr]"
                 value="flowScope.rpIdpToken" />

Modified: cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml?rev=1575001&r1=1575000&r2=1575001&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml (original)
+++ cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml Thu Mar  6 18:53:13 2014
@@ -80,7 +80,7 @@
         </transition>
         <transition on="viewBadRequest" to="viewBadRequest" />
         <transition on="scInternalServerError" to="scInternalServerError" />
-        <transition on="redirectToTrustedIDP" to="redirectToTrustedIDP">
+        <transition on="redirectToTrustedIDP" to="processTrustedIdpProtocol">
             <set name="flowScope.whr" value="currentEvent.attributes.whr" />
             <set name="flowScope.wctx" value="currentEvent.attributes.wctx" />
         </transition>
@@ -122,6 +122,14 @@
         <transition to="formResponseView" />
         <transition on-exception="java.lang.Throwable" to="scInternalServerError" />
     </action-state>
+    
+    <action-state id="processTrustedIdpProtocol">
+        <evaluate expression="trustedIdpProtocolAction.mapSignInRequest(flowRequestContext)"
+                      result="flowScope.remoteIdpUrl"/>
+        <transition to="redirectToTrustedIDP" />
+        <transition on-exception="java.lang.Throwable" to="scInternalServerError" />
+    </action-state>
+    
 
     <!-- normal exit point for login -->
     <!-- browser redirection (self-submitted form 'signinresponseform.jsp') -->
@@ -182,6 +190,7 @@
 
     <!-- redirect to remote idp -->
     <end-state id="redirectToTrustedIDP" view="externalRedirect:${flowScope.remoteIdpUrl}">
+    <!-- 
         <on-entry>
             <set name="flowScope.remoteIdpUrl"
                 value="flowScope.idpConfig.findTrustedIdp(flowScope.whr).url
@@ -191,7 +200,8 @@
                 +(flowScope.wfresh != null ? '&amp;wfresh='+flowScope.wfresh : '')
                 +(flowScope.wctx != null ? '&amp;wctx='+flowScope.wctx : '')">
             </set>
-        </on-entry> 
+        </on-entry>
+         --> 
     </end-state>
 
     <end-state id="redirectToLocalIDP" view="externalRedirect:${flowScope.localIdpUrl}">

Modified: cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-servlet.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-servlet.xml?rev=1575001&r1=1575000&r2=1575001&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-servlet.xml (original)
+++ cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/idp-servlet.xml Thu Mar  6 18:53:13 2014
@@ -33,6 +33,8 @@
         http://www.springframework.org/schema/webflow-config/spring-webflow-config-2.0.xsd">
 
     <context:property-placeholder location="classpath:realm.properties" />
+    
+    <context:component-scan base-package="org.apache.cxf.fediz.service.idp.beans" />
 
     <bean class="org.springframework.webflow.mvc.servlet.FlowHandlerMapping"
         p:flowRegistry-ref="flowRegistry" p:order="2">
@@ -125,10 +127,10 @@
     <bean id="processHRDSExpressionAction"
         class="org.apache.cxf.fediz.service.idp.beans.ProcessHRDSExpressionAction" />
 
-    <bean id="validateTokenAction"
-        class="org.apache.cxf.fediz.service.idp.beans.ValidateTokenAction" />
-
     <bean id="homeRealmReminder"
         class="org.apache.cxf.fediz.service.idp.beans.HomeRealmReminder" />
+        
+    <bean id="trustedIdpProtocolAction"
+        class="org.apache.cxf.fediz.service.idp.beans.TrustedIdpProtocolAction" />
 
 </beans>

Modified: cxf/fediz/trunk/services/idp/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/TestDBLoader.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/TestDBLoader.java?rev=1575001&r1=1575000&r2=1575001&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/TestDBLoader.java (original)
+++ cxf/fediz/trunk/services/idp/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/TestDBLoader.java Thu Mar  6 18:53:13 2014
@@ -58,7 +58,7 @@ public class TestDBLoader implements DBL
             ApplicationEntity entity2 = new ApplicationEntity();
             entity2.setEncryptionCertificate("my encryption cert2");
             entity2.setLifeTime(1800);
-            entity2.setProtocol("22protocol");
+            entity2.setProtocol("http://docs.oasis-open.org/wsfed/federation/200706");
             entity2.setRealm("myrealm2");
             entity2.setRole("myrole");
             entity2.setServiceDescription("service description2");

Modified: cxf/fediz/trunk/services/idp/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpDAOJPATest.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpDAOJPATest.java?rev=1575001&r1=1575000&r2=1575001&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpDAOJPATest.java (original)
+++ cxf/fediz/trunk/services/idp/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpDAOJPATest.java Thu Mar  6 18:53:13 2014
@@ -129,7 +129,7 @@ public class TrustedIdpDAOJPATest {
         trustedIdp.setDescription("URealm B description");
         trustedIdp.setFederationType(FederationType.FEDERATE_CLAIMS);
         trustedIdp.setName("URealm B");
-        trustedIdp.setProtocol("Uhttp://docs.oasis-open.org/wsfed/federation/200706");
+        trustedIdp.setProtocol("http://docs.oasis-open.org/wsfed/federation/200706");
         trustedIdp.setTrustType(TrustType.INDIRECT_TRUST);
         trustedIdp.setUrl("Uhttps://localhost:12443/fediz-idp-remote/federation");
         
@@ -145,7 +145,7 @@ public class TrustedIdpDAOJPATest {
                       "FederationType doesn't match");        
         Assert.isTrue("URealm B".equals(trustedIdp.getName()),
                       "Name doesn't match");      
-        Assert.isTrue("Uhttp://docs.oasis-open.org/wsfed/federation/200706".equals(trustedIdp.getProtocol()),
+        Assert.isTrue("http://docs.oasis-open.org/wsfed/federation/200706".equals(trustedIdp.getProtocol()),
                       "Protocol doesn't match");          
         Assert.isTrue(realm.equals(trustedIdp.getRealm()),
                       "Realm doesn't match");          

Modified: cxf/fediz/trunk/services/idp/src/test/resources/testContext.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/test/resources/testContext.xml?rev=1575001&r1=1575000&r2=1575001&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/test/resources/testContext.xml (original)
+++ cxf/fediz/trunk/services/idp/src/test/resources/testContext.xml Thu Mar  6 18:53:13 2014
@@ -29,9 +29,10 @@
         http://www.springframework.org/schema/context
         http://www.springframework.org/schema/context/spring-context-3.0.xsd">
 
-    <import resource="classpath:persistenceContext.xml" />
-
     <context:component-scan base-package="org.apache.cxf.fediz.service.idp.service" />
+    <context:component-scan base-package="org.apache.cxf.fediz.service.idp.protocols" />
+
+    <import resource="classpath:persistenceContext.xml" />
 
     <!-- Use http://www.baeldung.com/2012/02/06/properties-with-spring/ instead -->
     <bean



Mime
View raw message