cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [4/4] git commit: [FEDIZ-7] - Largish refactor of Fediz code to accomadate other protocols
Date Thu, 19 Jun 2014 16:31:01 GMT
[FEDIZ-7] - Largish refactor of Fediz code to accomadate other protocols


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/08af52b6
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/08af52b6
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/08af52b6

Branch: refs/heads/master
Commit: 08af52b6f97621e96a44497345b7cd86c58bf14c
Parents: 9260c9e
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Jun 19 17:30:19 2014 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Jun 19 17:30:19 2014 +0100

----------------------------------------------------------------------
 .../cxf/fediz/core/FederationPrincipal.java     |  11 +-
 .../cxf/fediz/core/FederationProcessor.java     |  38 --
 .../cxf/fediz/core/FederationProcessorImpl.java | 677 ------------------
 .../cxf/fediz/core/FederationRequest.java       |  62 --
 .../cxf/fediz/core/FederationResponse.java      | 107 ---
 .../apache/cxf/fediz/core/FedizPrincipal.java   |  32 +
 .../apache/cxf/fediz/core/TokenValidator.java   |   4 +-
 .../core/config/FederationConfigurator.java     | 115 ----
 .../fediz/core/config/FederationContext.java    | 391 -----------
 .../fediz/core/config/FederationProtocol.java   |  84 +--
 .../fediz/core/config/FedizConfigurator.java    | 115 ++++
 .../cxf/fediz/core/config/FedizContext.java     | 397 +++++++++++
 .../apache/cxf/fediz/core/config/Protocol.java  |  77 +++
 .../cxf/fediz/core/config/SAMLProtocol.java     |  61 ++
 .../cxf/fediz/core/metadata/MetadataWriter.java |   4 +-
 .../core/processor/FederationProcessorImpl.java | 681 +++++++++++++++++++
 .../fediz/core/processor/FedizProcessor.java    |  38 ++
 .../core/processor/FedizProcessorFactory.java   |  44 ++
 .../cxf/fediz/core/processor/FedizRequest.java  |  62 ++
 .../cxf/fediz/core/processor/FedizResponse.java | 109 +++
 .../fediz/core/processor/SAMLProcessorImpl.java | 648 ++++++++++++++++++
 .../cxf/fediz/core/saml/SAMLTokenValidator.java |  17 +-
 .../src/main/resources/schemas/FedizConfig.xsd  |  23 +-
 .../apache/cxf/fediz/core/CustomValidator.java  |   4 +-
 .../cxf/fediz/core/FederationMetaDataTest.java  |  26 +-
 .../cxf/fediz/core/FederationProcessorTest.java | 205 +++---
 .../fediz/core/SAMLTokenValidatorOldTest.java   |  46 +-
 .../fediz/core/config/CallbackHandlerTest.java  |   8 +-
 .../core/config/FedizConfigurationTest.java     |  10 +-
 .../config/FedizConfigurationWriterTest.java    |   8 +-
 .../fediz/jetty/FederationAuthenticator.java    |  40 +-
 .../fediz/jetty/FederationIdentityService.java  |   2 +-
 .../cxf/fediz/jetty/FederationLoginService.java |  18 +-
 .../cxf/fediz/jetty/FederationUserIdentity.java |   7 +-
 .../fediz/jetty/FederationUserPrincipal.java    |  10 +-
 .../cxf/fediz/spring/FederationConfig.java      |   9 +-
 .../cxf/fediz/spring/FederationConfigImpl.java  |  22 +-
 .../AbstractFederationUserDetailsService.java   |   6 +-
 .../FederationAuthenticationProvider.java       |  18 +-
 .../FederationAuthenticationToken.java          |  10 +-
 .../FederationResponseAuthenticationToken.java  |   8 +-
 ...AuthoritiesUserDetailsFederationService.java |   4 +-
 ...erationPreAuthenticatedProcessingFilter.java |   8 +-
 ...AuthoritiesUserDetailsFederationService.java |   6 +-
 .../web/FederationAuthenticationEntryPoint.java |  12 +-
 .../web/FederationAuthenticationFilter.java     |   4 +-
 .../spring/web/FederationLogoutFilter.java      |   2 +-
 .../web/FederationLogoutSuccessHandler.java     |  11 +-
 .../cxf/fediz/spring/FederationConfig.java      |   9 +-
 .../cxf/fediz/spring/FederationConfigImpl.java  |  22 +-
 .../AbstractFederationUserDetailsService.java   |   6 +-
 .../FederationAuthenticationProvider.java       |  20 +-
 .../FederationAuthenticationToken.java          |  10 +-
 .../FederationResponseAuthenticationToken.java  |   8 +-
 ...AuthoritiesUserDetailsFederationService.java |   4 +-
 ...erationPreAuthenticatedProcessingFilter.java |   8 +-
 ...AuthoritiesUserDetailsFederationService.java |  12 +-
 .../web/FederationAuthenticationEntryPoint.java |  16 +-
 .../web/FederationAuthenticationFilter.java     |   5 +-
 .../fediz/tomcat/FederationAuthenticator.java   |  72 +-
 .../fediz/tomcat/FederationPrincipalImpl.java   |   2 +-
 .../TrustedIdpWSFedProtocolHandler.java         |  25 +-
 .../cxf/fediz/example/FederationServlet.java    |   8 +-
 .../cxf/fediz/example/FederationServlet.java    |   2 +-
 .../cxf/fediz/example/FederationServlet.java    |   8 +-
 .../cxf/fediz/example/FederationServlet.java    |   2 +-
 66 files changed, 2672 insertions(+), 1868 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/08af52b6/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationPrincipal.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationPrincipal.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationPrincipal.java
index 74cd953..e996bc5 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationPrincipal.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationPrincipal.java
@@ -19,14 +19,7 @@
 
 package org.apache.cxf.fediz.core;
 
-import java.security.Principal;
-
-import org.w3c.dom.Element;
-
-public interface FederationPrincipal extends Principal {
-
-    ClaimCollection getClaims();
-    
-    Element getLoginToken();
+@Deprecated
+public interface FederationPrincipal extends FedizPrincipal {
 
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/08af52b6/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessor.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessor.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessor.java
deleted file mode 100644
index 5948452..0000000
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessor.java
+++ /dev/null
@@ -1,38 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.fediz.core;
-
-import javax.servlet.http.HttpServletRequest;
-import org.w3c.dom.Document;
-import org.apache.cxf.fediz.core.config.FederationContext;
-import org.apache.cxf.fediz.core.exception.ProcessingException;
-
-
-public interface FederationProcessor {
-
-    FederationResponse processRequest(FederationRequest request, FederationContext config) throws ProcessingException;
-    
-    String createSignInRequest(HttpServletRequest request, FederationContext config) throws ProcessingException;
-
-    String createSignOutRequest(HttpServletRequest request, FederationContext config) throws ProcessingException;
-
-    Document getMetaData(FederationContext config) throws ProcessingException;
-
-}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/08af52b6/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java
deleted file mode 100644
index d181b2f..0000000
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java
+++ /dev/null
@@ -1,677 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.fediz.core;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.net.MalformedURLException;
-import java.net.URL;
-import java.net.URLEncoder;
-import java.text.DateFormat;
-import java.text.ParseException;
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.List;
-import java.util.Map;
-
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.UnsupportedCallbackException;
-import javax.servlet.http.HttpServletRequest;
-
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.apache.cxf.fediz.core.config.FederationContext;
-import org.apache.cxf.fediz.core.config.FederationProtocol;
-import org.apache.cxf.fediz.core.config.KeyManager;
-import org.apache.cxf.fediz.core.exception.ProcessingException;
-import org.apache.cxf.fediz.core.exception.ProcessingException.TYPE;
-import org.apache.cxf.fediz.core.metadata.MetadataWriter;
-import org.apache.cxf.fediz.core.spi.FreshnessCallback;
-import org.apache.cxf.fediz.core.spi.HomeRealmCallback;
-import org.apache.cxf.fediz.core.spi.IDPCallback;
-import org.apache.cxf.fediz.core.spi.RealmCallback;
-import org.apache.cxf.fediz.core.spi.SignInQueryCallback;
-import org.apache.cxf.fediz.core.spi.WAuthCallback;
-import org.apache.cxf.fediz.core.spi.WReqCallback;
-import org.apache.cxf.fediz.core.util.DOMUtils;
-import org.apache.wss4j.common.ext.WSPasswordCallback;
-import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.dom.WSConstants;
-import org.apache.wss4j.dom.WSDataRef;
-import org.apache.wss4j.dom.WSDocInfo;
-import org.apache.wss4j.dom.WSSConfig;
-import org.apache.wss4j.dom.WSSecurityEngine;
-import org.apache.wss4j.dom.WSSecurityEngineResult;
-import org.apache.wss4j.dom.handler.RequestData;
-import org.apache.wss4j.dom.processor.EncryptedDataProcessor;
-import org.apache.wss4j.dom.processor.Processor;
-import org.apache.wss4j.dom.util.XmlSchemaDateFormat;
-import org.joda.time.DateTime;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public class FederationProcessorImpl implements FederationProcessor {
-
-    private static final Logger LOG = LoggerFactory.getLogger(FederationProcessorImpl.class);
-
-    /**
-     * Default constructor
-     */
-    public FederationProcessorImpl() {
-        super();
-    }
-
-    @Override
-    public FederationResponse processRequest(FederationRequest request,
-                                             FederationContext config)
-        throws ProcessingException {
-        
-        if (!(config.getProtocol() instanceof FederationProtocol)) {
-            LOG.error("Unsupported protocol");
-            throw new IllegalStateException("Unsupported protocol");
-        }
-        FederationResponse response = null;
-        if (FederationConstants.ACTION_SIGNIN.equals(request.getWa())) {
-            response = this.processSignInRequest(request, config);
-        } else {
-            LOG.error("Invalid action '" + request.getWa() + "'");
-            throw new ProcessingException(TYPE.INVALID_REQUEST);
-        }
-        return response;
-    }
-    
-
-    public Document getMetaData(FederationContext config) throws ProcessingException {
-        return new MetadataWriter().getMetaData(config);
-    }
-    
-    protected FederationResponse processSignInRequest(
-            FederationRequest request, FederationContext config)
-        throws ProcessingException {
-        
-        byte[] wresult = request.getWresult().getBytes();
-
-        Document doc = null;
-        Element el = null;
-        try {
-            doc = DOMUtils.readXml(new ByteArrayInputStream(wresult));
-            el = doc.getDocumentElement();
-
-        } catch (Exception e) {
-            LOG.warn("Failed to parse wresult: " + e.getMessage());
-            throw new ProcessingException(TYPE.INVALID_REQUEST);
-        }
-
-        if ("RequestSecurityTokenResponseCollection".equals(el.getLocalName())) {
-            el = DOMUtils.getFirstElement(el);
-        }
-        if (!"RequestSecurityTokenResponse".equals(el.getLocalName())) {
-            LOG.warn("Unexpected root element of wresult: '" + el.getLocalName() + "'");
-            throw new ProcessingException(TYPE.INVALID_REQUEST);
-        }
-        el = DOMUtils.getFirstElement(el);
-        Element rst = null;
-        Element lifetimeElem = null;
-        String tt = null;
-
-        while (el != null) {
-            String ln = el.getLocalName();
-            if (FederationConstants.WS_TRUST_13_NS.equals(el.getNamespaceURI()) 
-                || FederationConstants.WS_TRUST_2005_02_NS.equals(el.getNamespaceURI())) {
-                if ("Lifetime".equals(ln)) {
-                    lifetimeElem = el;
-                } else if ("RequestedSecurityToken".equals(ln)) {
-                    rst = DOMUtils.getFirstElement(el);
-                } else if ("TokenType".equals(ln)) {
-                    tt = DOMUtils.getContent(el);
-                }
-            }
-            el = DOMUtils.getNextElement(el);
-        }
-        if (LOG.isDebugEnabled()) {
-            LOG.debug("RST: " + ((rst != null) ? rst.toString() : "null"));
-            LOG.debug("Lifetime: "
-                    + ((lifetimeElem != null) ? lifetimeElem.toString()
-                            : "null"));
-            LOG.debug("Tokentype: " + ((tt != null) ? tt.toString() : "null"));
-        }
-        if (rst == null) {
-            LOG.warn("RequestedSecurityToken element not found in wresult");
-            throw new ProcessingException(TYPE.BAD_REQUEST);
-        }
-        LifeTime lifeTime = null;
-        if (lifetimeElem != null) {
-            lifeTime = processLifeTime(lifetimeElem);
-        }
-
-        if (config.isDetectExpiredTokens() && lifeTime != null) {
-            Date currentDate = new Date();
-            if (currentDate.after(lifeTime.getExpires())) {
-                LOG.warn("RSTR Lifetime expired");
-                throw new ProcessingException(TYPE.TOKEN_EXPIRED);
-            }
-            DateTime currentTime = new DateTime();
-            DateTime validFrom = new DateTime(lifeTime.created);
-            currentTime = currentTime.plusSeconds(config.getMaximumClockSkew().intValue());
-            if (validFrom.isAfter(currentTime)) {
-                LOG.debug("RSTR Lifetime not yet valid");
-                throw new ProcessingException(TYPE.TOKEN_INVALID);
-            }
-        }
-        
-        // Check to see if RST is encrypted
-        if ("EncryptedData".equals(rst.getLocalName())
-            && WSConstants.ENC_NS.equals(rst.getNamespaceURI())) {
-            Element decryptedRST = decryptEncryptedRST(rst, config);
-            if (decryptedRST != null) {
-                rst = decryptedRST;
-            }
-        }
-        
-        TokenValidatorResponse validatorResponse = null;
-        List<TokenValidator> validators = ((FederationProtocol)config.getProtocol()).getTokenValidators();
-        for (TokenValidator validator : validators) {
-            boolean canHandle = false;
-            if (tt != null) {
-                canHandle = validator.canHandleTokenType(tt);
-            } else {
-                canHandle = validator.canHandleToken(rst);
-            }
-            if (canHandle) {
-                try {
-                    TokenValidatorRequest validatorRequest = 
-                        new TokenValidatorRequest(rst, request.getCerts());
-                    validatorResponse = validator.validateAndProcessToken(validatorRequest, config);
-                } catch (ProcessingException ex) {
-                    throw ex;
-                } catch (Exception ex) {
-                    LOG.warn("Failed to validate token", ex);
-                    throw new ProcessingException(TYPE.TOKEN_INVALID);
-                }
-                break;
-            } else {
-                LOG.warn("No security token validator found for '" + tt + "'");
-                throw new ProcessingException(TYPE.BAD_REQUEST);
-            }
-        }
-
-        // Check whether token already used for signin
-        if (validatorResponse.getUniqueTokenId() != null
-                && config.isDetectReplayedTokens()) {
-            // Check whether token has already been processed once, prevent
-            // replay attack
-            if (!config.getTokenReplayCache().contains(validatorResponse.getUniqueTokenId())) {
-                // not cached
-                Date expires = null;
-                if (lifeTime != null && lifeTime.getExpires() != null) {
-                    expires = lifeTime.getExpires();
-                } else {
-                    expires = validatorResponse.getExpires();
-                }
-                if (expires != null) {
-                    Date currentTime = new Date();
-                    long ttl = expires.getTime() - currentTime.getTime();
-                    config.getTokenReplayCache().add(validatorResponse.getUniqueTokenId(), ttl / 1000L);
-                } else {
-                    config.getTokenReplayCache().add(validatorResponse.getUniqueTokenId());
-                }
-            } else {
-                LOG.error("Replay attack with token id: " + validatorResponse.getUniqueTokenId());
-                throw new ProcessingException("Replay attack with token id: "
-                        + validatorResponse.getUniqueTokenId(), TYPE.TOKEN_REPLAY);
-            }
-        }
-
-        FederationResponse fedResponse = new FederationResponse(
-                validatorResponse.getUsername(), validatorResponse.getIssuer(),
-                validatorResponse.getRoles(), validatorResponse.getClaims(),
-                validatorResponse.getAudience(),
-                (lifeTime != null) ? lifeTime.getCreated() : null,
-                        (lifeTime != null) ? lifeTime.getExpires() : null, rst,
-                            validatorResponse.getUniqueTokenId());
-
-        return fedResponse;
-    }
-    
-    private Element decryptEncryptedRST(
-        Element encryptedRST,
-        FederationContext config
-    ) throws ProcessingException {
-
-        KeyManager decryptionKeyManager = config.getDecryptionKey();
-        if (decryptionKeyManager == null || decryptionKeyManager.getCrypto() == null) {
-            LOG.debug(
-                "We must have a decryption Crypto instance configured to decrypt encrypted tokens"
-            );
-            throw new ProcessingException(TYPE.BAD_REQUEST);
-        }
-        String keyPassword = decryptionKeyManager.getKeyPassword();
-        if (keyPassword == null) {
-            LOG.debug(
-                "We must have a decryption key password to decrypt encrypted tokens"
-            );
-            throw new ProcessingException(TYPE.BAD_REQUEST);
-        }
-        
-        EncryptedDataProcessor proc = new EncryptedDataProcessor();
-        WSDocInfo docInfo = new WSDocInfo(encryptedRST.getOwnerDocument());
-        RequestData data = new RequestData();
-        
-        // Disable WSS4J processing of the (decrypted) SAML Token
-        WSSConfig wssConfig = WSSConfig.getNewInstance();
-        wssConfig.setProcessor(WSSecurityEngine.SAML_TOKEN, new NOOpProcessor());
-        wssConfig.setProcessor(WSSecurityEngine.SAML2_TOKEN, new NOOpProcessor());
-        data.setWssConfig(wssConfig);
-        
-        data.setDecCrypto(decryptionKeyManager.getCrypto());
-        data.setCallbackHandler(new DecryptionCallbackHandler(keyPassword));
-        try {
-            List<WSSecurityEngineResult> result =
-                proc.handleToken(encryptedRST, data, docInfo);
-            if (result.size() > 0) {
-                @SuppressWarnings("unchecked")
-                List<WSDataRef> dataRefs = 
-                    (List<WSDataRef>)result.get(result.size() - 1).get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
-                if (dataRefs != null && dataRefs.size() > 0) {
-                    return dataRefs.get(0).getProtectedElement();
-                }
-            }
-        } catch (WSSecurityException e) {
-            LOG.debug(e.getMessage(), e);
-            throw new ProcessingException(TYPE.TOKEN_INVALID);
-        }
-        return null;
-    }
-
-    private LifeTime processLifeTime(Element lifetimeElem) throws ProcessingException {
-        try {
-            Element createdElem = DOMUtils.getFirstChildWithName(lifetimeElem,
-                    WSConstants.WSU_NS, WSConstants.CREATED_LN);
-            DateFormat zulu = new XmlSchemaDateFormat();
-
-            Date created = zulu.parse(DOMUtils.getContent(createdElem));
-
-            Element expiresElem = DOMUtils.getFirstChildWithName(lifetimeElem,
-                    WSConstants.WSU_NS, WSConstants.EXPIRES_LN);
-            Date expires = zulu.parse(DOMUtils.getContent(expiresElem));
-
-            return new LifeTime(created, expires);
-
-        } catch (ParseException e) {
-            LOG.error("Failed to parse lifetime element in wresult: " + e.getMessage());
-            throw new ProcessingException(TYPE.BAD_REQUEST);
-        }
-    }
-
-    public class LifeTime {
-
-        private Date created;
-        private Date expires;
-
-        public LifeTime(Date created, Date expires) {
-            this.created = created;
-            this.expires = expires;
-        }
-
-        public Date getCreated() {
-            return created;
-        }
-
-        public Date getExpires() {
-            return expires;
-        }
-
-    }
-
-    @Override
-    public String createSignInRequest(HttpServletRequest request, FederationContext config)
-        throws ProcessingException {
-
-        String redirectURL = null;
-        try {
-            if (!(config.getProtocol() instanceof FederationProtocol)) {
-                LOG.error("Unsupported protocol");
-                throw new IllegalStateException("Unsupported protocol");
-            }
-            
-            String issuerURL = resolveIssuer(request, config);
-            LOG.info("Issuer url: " + issuerURL);
-            if (issuerURL != null && issuerURL.length() > 0) {
-                redirectURL = issuerURL;
-            }
-            
-            String wAuth = resolveAuthenticationType(request, config);
-            LOG.info("WAuth: " + wAuth);
-            
-            String wReq = resolveRequest(request, config);
-            LOG.info("WReq: " + wReq);
-            
-            String homeRealm = resolveHomeRealm(request, config);
-            LOG.info("HomeRealm: " + homeRealm);
-            
-            String freshness = resolveFreshness(request, config);
-            LOG.info("Freshness: " + freshness);
-            
-            String signInQuery = resolveSignInQuery(request, config);
-            LOG.info("SignIn Query: " + signInQuery);
-            
-             
-            StringBuilder sb = new StringBuilder();
-            sb.append(FederationConstants.PARAM_ACTION).append('=').append(FederationConstants.ACTION_SIGNIN);
-            
-            String reply = ((FederationProtocol)config.getProtocol()).getReply();
-            if (reply == null || reply.length() == 0) {
-                reply = request.getRequestURL().toString();
-            } else {
-                try {
-                    new URL(reply);
-                } catch (MalformedURLException ex) {
-                    if (reply.startsWith("/")) {
-                        reply = extractFullContextPath(request).concat(reply.substring(1));
-                    } else {
-                        reply = extractFullContextPath(request).concat(reply);
-                    }
-                }
-            }
-            
-            LOG.debug("wreply=" + reply);
-            sb.append('&').append(FederationConstants.PARAM_REPLY).append('=');
-            sb.append(URLEncoder.encode(reply, "UTF-8"));
-
-            String realm = resolveWTRealm(request, config);
-            LOG.debug("wtrealm=" + realm);
-
-            //add wtrealm parameter
-            sb.append('&').append(FederationConstants.PARAM_TREALM).append('=')
-                .append(URLEncoder.encode(realm, "UTF-8"));
-            
-            // add authentication type parameter wauth if set
-            if (wAuth != null && wAuth.length() > 0) {
-                sb.append('&').append(FederationConstants.PARAM_AUTH_TYPE).append('=')
-                    .append(URLEncoder.encode(wAuth, "UTF-8"));
-            }
-            
-            // add tokenRequest parameter wreq if set
-            if (wReq != null && wReq.length() > 0) {
-                sb.append('&').append(FederationConstants.PARAM_REQUEST).append('=')
-                    .append(URLEncoder.encode(wReq, "UTF-8"));
-            }
-            
-            // add home realm parameter whr if set
-            if (homeRealm != null && homeRealm.length() > 0) {
-                sb.append('&').append(FederationConstants.PARAM_HOME_REALM).append('=')
-                    .append(URLEncoder.encode(homeRealm, "UTF-8"));
-            }
-            
-            // add freshness parameter wfresh if set
-            if (freshness != null && freshness.length() > 0) {
-                sb.append('&').append(FederationConstants.PARAM_FRESHNESS).append('=')
-                    .append(URLEncoder.encode(freshness, "UTF-8"));
-            }
-            
-            // add current time parameter wct
-            Date creationTime = new Date();
-            XmlSchemaDateFormat fmt = new XmlSchemaDateFormat();
-            String wct = fmt.format(creationTime);
-            sb.append('&').append(FederationConstants.PARAM_CURRENT_TIME).append('=')
-            .append(URLEncoder.encode(wct, "UTF-8"));
-            
-            // add signin query extensions
-            if (signInQuery != null && signInQuery.length() > 0) {
-                sb.append('&').append(signInQuery);
-            }
-            
-            redirectURL = redirectURL + "?" + sb.toString();
-        } catch (Exception ex) {
-            LOG.error("Failed to create SignInRequest", ex);
-            throw new ProcessingException("Failed to create SignInRequest");
-        }        
-        return redirectURL;
-    }
-
-    @Override
-    public String createSignOutRequest(HttpServletRequest request, FederationContext config)
-        throws ProcessingException {
-
-        String redirectURL = null;
-        try {
-            if (!(config.getProtocol() instanceof FederationProtocol)) {
-                LOG.error("Unsupported protocol");
-                throw new IllegalStateException("Unsupported protocol");
-            }
-
-            String issuerURL = resolveIssuer(request, config);
-            LOG.info("Issuer url: " + issuerURL);
-            if (issuerURL != null && issuerURL.length() > 0) {
-                redirectURL = issuerURL;
-            }
-
-            StringBuilder sb = new StringBuilder();
-            sb.append(FederationConstants.PARAM_ACTION).append('=').append(FederationConstants.ACTION_SIGNOUT);
-
-            String logoutRedirectTo = config.getLogoutRedirectTo();
-            if (logoutRedirectTo != null && !logoutRedirectTo.isEmpty()) {
-
-                if (logoutRedirectTo.startsWith("/")) {
-                    logoutRedirectTo = extractFullContextPath(request).concat(logoutRedirectTo.substring(1));
-                } else {
-                    logoutRedirectTo = extractFullContextPath(request).concat(logoutRedirectTo);
-                }
-
-                LOG.debug("wreply=" + logoutRedirectTo);
-
-                sb.append('&').append(FederationConstants.PARAM_REPLY).append('=');
-                sb.append(URLEncoder.encode(logoutRedirectTo, "UTF-8"));
-            }
-
-            redirectURL = redirectURL + "?" + sb.toString();
-        } catch (Exception ex) {
-            LOG.error("Failed to create SignInRequest", ex);
-            throw new ProcessingException("Failed to create SignInRequest");
-        }
-        return redirectURL;
-    }
-
-    private String resolveSignInQuery(HttpServletRequest request, FederationContext config)
-        throws IOException, UnsupportedCallbackException, UnsupportedEncodingException {
-        Object signInQueryObj = ((FederationProtocol)config.getProtocol()).getSignInQuery();
-        String signInQuery = null;
-        if (signInQueryObj != null) {
-            if (signInQueryObj instanceof String) {
-                signInQuery = (String)signInQueryObj;
-            } else if (signInQueryObj instanceof CallbackHandler) {
-                CallbackHandler frCB = (CallbackHandler)signInQueryObj;
-                SignInQueryCallback callback = new SignInQueryCallback(request);
-                frCB.handle(new Callback[] {callback});
-                Map<String, String> signInQueryMap = callback.getSignInQueryParamMap();
-                StringBuilder sbQuery = new StringBuilder();
-                for (String key : signInQueryMap.keySet()) {
-                    if (sbQuery.length() > 0) {
-                        sbQuery.append("&");
-                    }
-                    sbQuery.append(key).append('=').
-                    append(URLEncoder.encode(signInQueryMap.get(key), "UTF-8"));
-                }
-                signInQuery = sbQuery.toString();
-               
-            }
-        }
-        return signInQuery;
-    }
-
-    private String resolveFreshness(HttpServletRequest request, FederationContext config) throws IOException,
-        UnsupportedCallbackException {
-        Object freshnessObj = ((FederationProtocol)config.getProtocol()).getFreshness();
-        String freshness = null;
-        if (freshnessObj != null) {
-            if (freshnessObj instanceof String) {
-                freshness = (String)freshnessObj;
-            } else if (freshnessObj instanceof CallbackHandler) {
-                CallbackHandler frCB = (CallbackHandler)freshnessObj;
-                FreshnessCallback callback = new FreshnessCallback(request);
-                frCB.handle(new Callback[] {callback});
-                freshness = callback.getFreshness();
-            }
-        }
-        return freshness;
-    }
-
-    private String resolveHomeRealm(HttpServletRequest request, FederationContext config) throws IOException,
-        UnsupportedCallbackException {
-        Object homeRealmObj = ((FederationProtocol)config.getProtocol()).getHomeRealm();
-        String homeRealm = null;
-        if (homeRealmObj != null) {
-            if (homeRealmObj instanceof String) {
-                homeRealm = (String)homeRealmObj;
-            } else if (homeRealmObj instanceof CallbackHandler) {
-                CallbackHandler hrCB = (CallbackHandler)homeRealmObj;
-                HomeRealmCallback callback = new HomeRealmCallback(request);
-                hrCB.handle(new Callback[] {callback});
-                homeRealm = callback.getHomeRealm();
-            }
-        }
-        return homeRealm;
-    }
-
-    private String resolveAuthenticationType(HttpServletRequest request, FederationContext config)
-        throws IOException, UnsupportedCallbackException {
-        Object wAuthObj = ((FederationProtocol)config.getProtocol()).getAuthenticationType();
-        String wAuth = null;
-        if (wAuthObj != null) {
-            if (wAuthObj instanceof String) {
-                wAuth = (String)wAuthObj;
-            } else if (wAuthObj instanceof CallbackHandler) {
-                CallbackHandler wauthCB = (CallbackHandler)wAuthObj;
-                WAuthCallback callback = new WAuthCallback(request);
-                wauthCB.handle(new Callback[] {callback});
-                wAuth = callback.getWauth();
-            }  
-        }
-        return wAuth;
-    }
-    
-    private String resolveRequest(HttpServletRequest request, FederationContext config)
-        throws IOException, UnsupportedCallbackException {
-        Object wReqObj = ((FederationProtocol)config.getProtocol()).getRequest();
-        String wReq = null;
-        if (wReqObj != null) {
-            if (wReqObj instanceof String) {
-                wReq = (String)wReqObj;
-            } else if (wReqObj instanceof CallbackHandler) {
-                CallbackHandler wauthCB = (CallbackHandler)wReqObj;
-                WReqCallback callback = new WReqCallback(request);
-                wauthCB.handle(new Callback[] {callback});
-                wReq = callback.getWreq();
-            }  
-        }
-        return wReq;
-    }
-
-    private String resolveIssuer(HttpServletRequest request, FederationContext config) throws IOException,
-        UnsupportedCallbackException {
-        Object issuerObj = ((FederationProtocol)config.getProtocol()).getIssuer();
-        String issuerURL = null;
-        if (issuerObj instanceof String) {
-            issuerURL = (String)issuerObj;
-        } else if (issuerObj instanceof CallbackHandler) {
-            CallbackHandler issuerCB = (CallbackHandler)issuerObj;
-            IDPCallback callback = new IDPCallback(request);
-            issuerCB.handle(new Callback[] {callback});
-            issuerURL = callback.getIssuerUrl().toString();
-        }
-        return issuerURL;
-    }
-
-    private String resolveWTRealm(HttpServletRequest request, FederationContext config) throws IOException,
-        UnsupportedCallbackException {
-        Object wtRealmObj = ((FederationProtocol)config.getProtocol()).getRealm();
-        String wtRealm = null;
-        if (wtRealmObj != null) {
-            if (wtRealmObj instanceof String) {
-                wtRealm = (String)wtRealmObj;
-            } else if (wtRealmObj instanceof CallbackHandler) {
-                CallbackHandler hrCB = (CallbackHandler)wtRealmObj;
-                RealmCallback callback = new RealmCallback(request);
-                hrCB.handle(new Callback[] {callback});
-                wtRealm = callback.getRealm();
-            }
-        } else {
-            wtRealm = extractFullContextPath(request); //default value
-        }
-        return wtRealm;
-    }
-
-
-    private String extractFullContextPath(HttpServletRequest request) throws MalformedURLException {
-        String result = null;
-        String contextPath = request.getContextPath();
-        String requestUrl = request.getRequestURL().toString();
-        String requestPath = new URL(requestUrl).getPath();
-        // Cut request path of request url and add context path if not ROOT
-        if (requestPath != null && requestPath.length() > 0) {
-            int lastIndex = requestUrl.lastIndexOf(requestPath);
-            result = requestUrl.substring(0, lastIndex);
-        } else {
-            result = requestUrl;
-        }
-        if (contextPath != null && contextPath.length() > 0) {
-            // contextPath contains starting slash
-            result = result + contextPath + "/";
-        } else {
-            result = result + "/";
-        }
-        return result;
-    }
-    
-    private static class DecryptionCallbackHandler implements CallbackHandler {
-        
-        private final String password;
-        
-        public DecryptionCallbackHandler(String password) {
-            this.password = password;
-        }
-
-        @Override
-        public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
-            for (int i = 0; i < callbacks.length; i++) {
-                if (callbacks[i] instanceof WSPasswordCallback) {
-                    WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
-                    pc.setPassword(password);
-                } else {
-                    throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
-                }
-            }
-        }
-        
-    }
-
-    private static class NOOpProcessor implements Processor {
-
-        @Override
-        public List<WSSecurityEngineResult> handleToken(Element arg0, RequestData arg1, WSDocInfo arg2)
-            throws WSSecurityException {
-            return new ArrayList<WSSecurityEngineResult>();
-        }
-        
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/08af52b6/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationRequest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationRequest.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationRequest.java
deleted file mode 100644
index 0b2d4d5..0000000
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationRequest.java
+++ /dev/null
@@ -1,62 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.fediz.core;
-
-import java.io.Serializable;
-import java.security.cert.Certificate;
-
-public class FederationRequest implements Serializable {
-
-    private static final long serialVersionUID = 1L;
-    
-    private String wa;
-    private String wresult;
-    private String wct;
-    private Certificate[] certs;
-
-
-    public String getWct() {
-        return wct;
-    }
-    public void setWct(String wct) {
-        this.wct = wct;
-    }
-
-    public String getWa() {
-        return wa;
-    }
-    public void setWa(String wa) {
-        this.wa = wa;
-    }
-    public String getWresult() {
-        return wresult;
-    }
-    public void setWresult(String wresult) {
-        this.wresult = wresult;
-    }
-    public Certificate[] getCerts() {
-        return certs;
-    }
-    public void setCerts(Certificate[] certs) {
-        this.certs = certs;
-    }
-
-
-}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/08af52b6/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationResponse.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationResponse.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationResponse.java
deleted file mode 100644
index 758fbab..0000000
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationResponse.java
+++ /dev/null
@@ -1,107 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.fediz.core;
-
-import java.io.Serializable;
-import java.util.Collections;
-import java.util.Date;
-import java.util.List;
-
-import org.w3c.dom.Element;
-
-public class FederationResponse implements Serializable {
-
-    private static final long serialVersionUID = 1L;
-    
-    private String audience;
-    private String username;
-    private List<String> roles;
-    private String issuer;
-    private List<Claim> claims;
-    private Element token;
-    private String uniqueTokenId;
-
-    /**
-     * Created time
-     */
-    private Date tokenCreated;
-
-    /**
-     * Expiration time
-     */
-    private Date tokenExpires;
-
-    //CHECKSTYLE:OFF
-    public FederationResponse(String username, String issuer, List<String> roles, List<Claim> claims, String audience, Date created, Date expires, Element token, String uniqueTokenId) {
-        this.username = username;
-        this.issuer = issuer;
-        this.roles = roles;
-        this.claims = claims;
-        this.audience = audience;
-        this.tokenCreated = created;
-        this.tokenExpires = expires;
-        this.token = token;
-        this.uniqueTokenId = uniqueTokenId;
-    }
-
-    public String getUniqueTokenId() {
-        return uniqueTokenId;
-    }
-
-    public String getAudience() {
-        return audience;
-    }
-
-    public String getUsername() {
-        return username;
-    }
-
-    public List<String> getRoles() {
-        if (roles == null) {
-            return null;
-        }
-        return Collections.unmodifiableList(roles);
-    }
-
-    public String getIssuer() {
-        return issuer;
-    }
-
-    public List<Claim> getClaims() {
-        if (claims == null) {
-            return null;
-        }
-        return Collections.unmodifiableList(claims);
-    }
-
-    public Date getTokenCreated() {
-        return tokenCreated;
-    }
-
-    public Date getTokenExpires() {
-        return tokenExpires;
-    }
-
-    public Element getToken() {
-        return token;
-    }
-
-
-}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/08af52b6/plugins/core/src/main/java/org/apache/cxf/fediz/core/FedizPrincipal.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/FedizPrincipal.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/FedizPrincipal.java
new file mode 100644
index 0000000..4a2c63e
--- /dev/null
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/FedizPrincipal.java
@@ -0,0 +1,32 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.core;
+
+import java.security.Principal;
+
+import org.w3c.dom.Element;
+
+public interface FedizPrincipal extends Principal {
+
+    ClaimCollection getClaims();
+    
+    Element getLoginToken();
+
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/08af52b6/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidator.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidator.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidator.java
index 7280029..f05a45b 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidator.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidator.java
@@ -20,7 +20,7 @@
 package org.apache.cxf.fediz.core;
 
 import org.w3c.dom.Element;
-import org.apache.cxf.fediz.core.config.FederationContext;
+import org.apache.cxf.fediz.core.config.FedizContext;
 import org.apache.cxf.fediz.core.exception.ProcessingException;
 
 public interface TokenValidator {
@@ -45,6 +45,6 @@ public interface TokenValidator {
      */
     TokenValidatorResponse validateAndProcessToken(
         TokenValidatorRequest request, 
-        FederationContext config
+        FedizContext config
     ) throws ProcessingException;
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/08af52b6/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationConfigurator.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationConfigurator.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationConfigurator.java
deleted file mode 100644
index b03fdc1..0000000
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationConfigurator.java
+++ /dev/null
@@ -1,115 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.fediz.core.config;
-
-import java.io.File;
-import java.io.Reader;
-import java.io.Writer;
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBException;
-
-import org.apache.cxf.fediz.core.config.jaxb.ContextConfig;
-import org.apache.cxf.fediz.core.config.jaxb.FedizConfig;
-
-public class FederationConfigurator {
-
-    private FedizConfig rootConfig;
-
-    private JAXBContext jaxbContext;
-    
-    private List<FederationContext> federationContextList;
-
-    public FedizConfig loadConfig(File f) throws JAXBException {
-        rootConfig = (FedizConfig) getJaxbContext().createUnmarshaller().unmarshal(f);
-        parseFederationContextList();
-        return rootConfig;
-    }
-
-    public FedizConfig loadConfig(Reader reader) throws JAXBException {
-        rootConfig = (FedizConfig) getJaxbContext().createUnmarshaller().unmarshal(reader);
-        parseFederationContextList();
-        return rootConfig;
-    }
-    
-    private void parseFederationContextList() {
-        federationContextList = new ArrayList<FederationContext>();
-        for (ContextConfig config : rootConfig.getContextConfig()) {
-            federationContextList.add(new FederationContext(config));            
-        }
-    }
-
-    public void saveConfiguration(File f) throws JAXBException {
-        if (f.canWrite()) {
-            jaxbContext.createMarshaller().marshal(rootConfig, f);
-        }
-    }
-
-    public void saveConfiguration(Writer writer) throws JAXBException {
-        jaxbContext.createMarshaller().marshal(rootConfig, writer);
-    }
-
-    private JAXBContext getJaxbContext() throws JAXBException {
-        if (jaxbContext == null) {
-            jaxbContext = JAXBContext.newInstance(FedizConfig.class);
-        }
-        return jaxbContext;
-    }
-
-    public List<FederationContext> getFederationContextList() {
-        return federationContextList;
-    }
-    
-    public FederationContext getFederationContext(String contextName) {
-        if (contextName == null || contextName.isEmpty()) {
-            throw new IllegalArgumentException("Invalid Context Name '" + contextName + "'");
-        }
-        if (rootConfig == null) {
-            throw new IllegalArgumentException("No configuration loaded");
-        }
-        for (FederationContext fedContext : federationContextList) {
-            if (fedContext.getName().equals(contextName)) {
-                fedContext.init();
-                return fedContext;
-            }
-        }
-        
-        return null;
-    }
-
-    public ContextConfig getContextConfig(String contextName) throws IllegalArgumentException {
-        if (contextName == null || contextName.isEmpty()) {
-            throw new IllegalArgumentException("Invalid Context Name '" + contextName + "'");
-        }
-        if (rootConfig == null) {
-            throw new IllegalArgumentException("No configuration loaded");
-        }
-
-        for (ContextConfig config : rootConfig.getContextConfig()) {
-            if (contextName.equals(config.getName())) {
-                return config;
-            }
-        }
-        return null;
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/08af52b6/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
deleted file mode 100644
index b86d60e..0000000
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
+++ /dev/null
@@ -1,391 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.fediz.core.config;
-
-import java.io.BufferedInputStream;
-import java.io.Closeable;
-import java.io.File;
-import java.io.IOException;
-import java.io.InputStream;
-import java.math.BigInteger;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Properties;
-
-import org.apache.cxf.fediz.core.config.jaxb.CertificateStores;
-import org.apache.cxf.fediz.core.config.jaxb.ContextConfig;
-import org.apache.cxf.fediz.core.config.jaxb.FederationProtocolType;
-import org.apache.cxf.fediz.core.config.jaxb.KeyManagersType;
-import org.apache.cxf.fediz.core.config.jaxb.KeyStoreType;
-import org.apache.cxf.fediz.core.config.jaxb.ProtocolType;
-import org.apache.cxf.fediz.core.config.jaxb.TrustManagersType;
-import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuerType;
-import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuers;
-import org.apache.cxf.fediz.core.exception.IllegalConfigurationException;
-import org.apache.wss4j.common.cache.ReplayCache;
-import org.apache.wss4j.common.cache.ReplayCacheFactory;
-import org.apache.wss4j.common.crypto.CertificateStore;
-import org.apache.wss4j.common.crypto.Crypto;
-import org.apache.wss4j.common.crypto.CryptoFactory;
-import org.apache.wss4j.common.crypto.Merlin;
-import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.common.util.Loader;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public class FederationContext implements Closeable {
-    
-    public static final String CACHE_KEY_PREFIX = "fediz.replay.cache";
-
-    private static final Logger LOG = LoggerFactory.getLogger(FederationContext.class);
-    
-    private ContextConfig config;
-
-    private boolean detectExpiredTokens = true;
-    private boolean detectReplayedTokens = true;
-    private String relativePath;
-    private ReplayCache replayCache;
-    private FederationProtocol protocol;
-    private List<TrustManager> certificateStores;
-    private KeyManager keyManager;
-    private KeyManager decryptionKeyManager;
-    private ClassLoader classloader;
-    
-
-    public FederationContext(ContextConfig config) {
-        this.config = config;
-        
-    }
-    
-    public void init() {
-        //get validators initialized
-        getProtocol();
-    }
-
-    public List<String> getAudienceUris() {
-        return config.getAudienceUris().getAudienceItem();
-    }
-
-    public List<TrustedIssuer> getTrustedIssuers() {
-        TrustedIssuers issuers = config.getTrustedIssuers();
-        List<TrustedIssuerType> trustManagers =  issuers.getIssuer();
-        List<TrustedIssuer> trustedIssuers = new ArrayList<TrustedIssuer>();
-        for (TrustedIssuerType manager:trustManagers) {
-            trustedIssuers.add(new TrustedIssuer(manager));
-        }
-        return trustedIssuers; 
-    }
-    
-    public List<TrustManager> getCertificateStores() {
-        if (certificateStores != null) {
-            return certificateStores;
-        }
-        certificateStores = new ArrayList<TrustManager>();
-        CertificateStores certStores = config.getCertificateStores();
-        List<TrustManagersType> trustManagers = certStores.getTrustManager();
-        for (TrustManagersType manager:trustManagers) {
-            TrustManager tm = new TrustManager(manager);
-            
-            Crypto crypto = null;
-            try {
-                if (manager.getKeyStore().getType().equalsIgnoreCase("PEM")) {
-                    X509Certificate[] certificates = new X509Certificate[1];
-                    certificates[0] = readX509Certificate(tm.getName());
-                    crypto = new CertificateStore(certificates);
-                } else {
-                    Properties sigProperties = createCryptoProperties(manager);
-                    crypto = CryptoFactory.getInstance(sigProperties);
-                }
-                tm.setCrypto(crypto);
-                certificateStores.add(tm);
-            } catch (WSSecurityException e) {
-                LOG.error("Failed to load keystore '" + tm.getName() + "'", e);
-                throw new IllegalConfigurationException("Failed to load keystore '" + tm.getName() + "'");
-            }
-        }
-        return certificateStores; 
-    }
-
-    public BigInteger getMaximumClockSkew() {
-        if (config.getMaximumClockSkew() == null) {
-            return BigInteger.valueOf(5L);
-        } else {
-            return config.getMaximumClockSkew();
-        }
-    }
-    
-    public void setMaximumClockSkew(BigInteger maximumClockSkew) {
-        config.setMaximumClockSkew(maximumClockSkew);
-    }
-
-    //    public TrustManager getServiceCertificate() {
-    //        return new TrustManager(config.getServiceCertificate());
-    //    }
-
-    public Protocol getProtocol() {
-        if (protocol != null) {
-            return protocol;
-        }
-        ProtocolType type = config.getProtocol();
-        if (type instanceof FederationProtocolType) {
-            protocol = new FederationProtocol(type);
-            protocol.setClassloader(getClassloader());
-        }
-        return protocol;
-    }
-
-    public String getLogoutURL() {
-        return config.getLogoutURL();
-    }
-
-    public String getLogoutRedirectTo() {
-        return config.getLogoutRedirectTo();
-    }
-    
-    
-    public KeyManager getSigningKey() {
-        //return new KeyManager(config.getSigningKey());
-        
-        if (keyManager != null) {
-            return keyManager;
-        }
-        keyManager = new KeyManager(config.getSigningKey());
-        Properties sigProperties = createCryptoProperties(config.getSigningKey());
-        Crypto crypto;
-        try {
-            crypto = CryptoFactory.getInstance(sigProperties);
-            keyManager.setCrypto(crypto);
-        } catch (WSSecurityException e) {
-            keyManager = null;
-            LOG.error("Failed to load keystore '" + keyManager.getName() + "'", e);
-            throw new IllegalConfigurationException("Failed to load keystore '" + keyManager.getName() + "'");
-        }
-        
-        return keyManager; 
-        
-    }
-    
-    public KeyManager getDecryptionKey() {
-        if (decryptionKeyManager != null) {
-            return decryptionKeyManager;
-        }
-        decryptionKeyManager = new KeyManager(config.getTokenDecryptionKey());
-        Properties decProperties = createCryptoProperties(config.getTokenDecryptionKey());
-        Crypto crypto;
-        try {
-            crypto = CryptoFactory.getInstance(decProperties);
-            decryptionKeyManager.setCrypto(crypto);
-        } catch (WSSecurityException e) {
-            decryptionKeyManager = null;
-            LOG.error("Failed to load keystore '" + decryptionKeyManager.getName() + "'", e);
-            throw new IllegalConfigurationException("Failed to load keystore '" + decryptionKeyManager.getName() + "'");
-        }
-        
-        return decryptionKeyManager; 
-        
-    }
-
-    public ReplayCache getTokenReplayCache() {
-        if (replayCache != null) {
-            return replayCache;
-        }
-        String replayCacheString = config.getTokenReplayCache();
-        String cacheKey = CACHE_KEY_PREFIX + "-" + config.getName();
-        ReplayCacheFactory replayCacheFactory = ReplayCacheFactory.newInstance();
-        if (replayCacheString == null || "".equals(replayCacheString)) {
-            replayCache = replayCacheFactory.newReplayCache(cacheKey, "fediz-ehcache.xml");
-        } else {
-            try {
-                Class<?> replayCacheClass = Loader.loadClass(replayCacheString);
-                replayCache = (ReplayCache) replayCacheClass.newInstance();
-            } catch (ClassNotFoundException e) {
-                replayCache = replayCacheFactory.newReplayCache(cacheKey, "fediz-ehcache.xml");
-            } catch (InstantiationException e) {
-                replayCache = replayCacheFactory.newReplayCache(cacheKey, "fediz-ehcache.xml");
-            } catch (IllegalAccessException e) {
-                replayCache = replayCacheFactory.newReplayCache(cacheKey, "fediz-ehcache.xml");
-            }
-        }
-        return replayCache;
-    }
-
-    public String getName() {
-        return config.getName();
-    }
-
-
-    public boolean isDetectExpiredTokens() {
-        return detectExpiredTokens;
-    }
-    
-    public void setDetectExpiredTokens(boolean detectExpiredTokens) {
-        this.detectExpiredTokens = detectExpiredTokens;
-    }
-
-    
-    public boolean isDetectReplayedTokens() {
-        return detectReplayedTokens;
-    }
-
-    public void setDetectReplayedTokens(boolean detectReplayedTokens) {
-        this.detectReplayedTokens = detectReplayedTokens;
-    }
-
-    public void setRelativePath(String relativePath) {
-        this.relativePath = relativePath;
-    }
-
-    public String getRelativePath() {
-        return relativePath;
-    }
-
-    @Override
-    public void close() throws IOException {
-        if (replayCache != null) {
-            replayCache.close();
-        }
-    }
-    
-    private Properties createCryptoProperties(TrustManagersType tm) {
-        String trustStoreFile = null;
-        String trustStorePw = null;
-        KeyStoreType ks = tm.getKeyStore();
-        if (ks.getFile() != null && !ks.getFile().isEmpty()) {
-            trustStoreFile = ks.getFile();
-            trustStorePw = ks.getPassword();
-        } else {
-            throw new IllegalStateException("No certificate store configured");
-        }
-        File f = new File(trustStoreFile);
-        if (!f.exists() && getRelativePath() != null && !getRelativePath().isEmpty()) {
-            trustStoreFile = getRelativePath().concat(File.separator + trustStoreFile);
-        }
-        
-        if (trustStoreFile == null || trustStoreFile.isEmpty()) {
-            throw new IllegalConfigurationException("truststoreFile not configured");
-        }
-        if (trustStorePw == null || trustStorePw.isEmpty()) {
-            throw new IllegalConfigurationException("trustStorePw not configured");
-        }
-        Properties p = new Properties();
-        p.put("org.apache.ws.security.crypto.provider",
-                "org.apache.ws.security.components.crypto.Merlin");
-        p.put("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
-        p.put("org.apache.ws.security.crypto.merlin.keystore.password",
-              trustStorePw);
-        p.put("org.apache.ws.security.crypto.merlin.keystore.file",
-              trustStoreFile);
-        return p;
-    }
-    
-    private Properties createCryptoProperties(KeyManagersType km) {
-        String keyStoreFile = null;
-        String keyStorePw = null;
-        String keyType = "jks";
-        KeyStoreType ks = km.getKeyStore();
-        if (ks.getFile() != null && !ks.getFile().isEmpty()) {
-            keyStoreFile = ks.getFile();
-            keyStorePw = ks.getPassword();
-        } else {
-            throw new IllegalStateException("No certificate store configured");
-        }
-        File f = new File(keyStoreFile);
-        if (!f.exists() && getRelativePath() != null && !getRelativePath().isEmpty()) {
-            keyStoreFile = getRelativePath().concat(File.separator + keyStoreFile);
-        }
-        
-        if (keyStoreFile == null || keyStoreFile.isEmpty()) {
-            throw new IllegalConfigurationException("truststoreFile not configured");
-        }
-        if (keyStorePw == null || keyStorePw.isEmpty()) {
-            throw new IllegalConfigurationException("trustStorePw not configured");
-        }
-        if (ks.getType() != null) {
-            keyType = ks.getType();
-        }
-        
-        Properties p = new Properties();
-        p.put("org.apache.ws.security.crypto.provider",
-                "org.apache.ws.security.components.crypto.Merlin");
-        p.put("org.apache.ws.security.crypto.merlin.keystore.type", keyType);
-        p.put("org.apache.ws.security.crypto.merlin.keystore.password",
-              keyStorePw);
-        p.put("org.apache.ws.security.crypto.merlin.keystore.file",
-              keyStoreFile);
-        return p;
-    }
-    
-    private X509Certificate readX509Certificate(String filename) {
-        Certificate cert = null;
-        BufferedInputStream bis = null;
-        try {
-            ClassLoader cl = getClassloader();
-            if (cl == null) {
-                cl = Thread.currentThread().getContextClassLoader();
-            }
-            InputStream is = Merlin.loadInputStream(cl, filename);
-            
-            bis = new BufferedInputStream(is);
-
-            CertificateFactory cf = CertificateFactory.getInstance("X.509");
-
-            if (bis.available() > 0) {
-                cert = cf.generateCertificate(bis);
-                if (!(cert instanceof X509Certificate)) {
-                    LOG.error("Certificate " + filename + " is not of type X509Certificate");
-                    throw new IllegalConfigurationException("Certificate "
-                                                            + filename + " is not of type X509Certificate");
-                }
-                if (bis.available() > 0) {
-                    LOG.warn("There are more certificates configured in " + filename + ". Only first is parsed");
-                }
-                return (X509Certificate)cert;    
-            } else  {
-                LOG.error("No bytes can be read in certificate file " + filename);
-                throw new IllegalConfigurationException("No bytes can be read in certificate file " + filename);
-            }
-        } catch (IllegalConfigurationException ex) {
-            throw ex;
-        } catch (Exception ex) {
-            LOG.error("Failed to read certificate file " + filename, ex);
-            throw new IllegalConfigurationException("Failed to read certificate file " + filename, ex);
-        } finally {
-            try {
-                bis.close();
-            } catch (IOException ex) {
-                LOG.error("Failed to close certificate file " + filename, ex);
-            }
-        }
-    }
-
-    public ClassLoader getClassloader() {
-        return classloader;
-    }
-
-    public void setClassloader(ClassLoader classloader) {
-        this.classloader = classloader;
-    }
-    
-    
-
-}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/08af52b6/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
index e63b5dc..c98bb7b 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
@@ -25,7 +25,6 @@ import java.util.List;
 import javax.security.auth.callback.CallbackHandler;
 
 import org.apache.cxf.fediz.core.TokenValidator;
-import org.apache.cxf.fediz.core.config.jaxb.ArgumentType;
 import org.apache.cxf.fediz.core.config.jaxb.CallbackType;
 import org.apache.cxf.fediz.core.config.jaxb.ClaimType;
 import org.apache.cxf.fediz.core.config.jaxb.ClaimTypesRequested;
@@ -42,14 +41,11 @@ public class FederationProtocol extends Protocol {
     
     private Object request;
     private Object authenticationType;
-    private Object issuer;
     private Object homeRealm;
     private Object freshness;
     private Object signInQuery;
     private Object realm;
     private List<TokenValidator> validators = new ArrayList<TokenValidator>();
-    private ClassLoader classloader;
-    
     
     public FederationProtocol(ProtocolType protocolType) {
         super(protocolType);
@@ -59,10 +55,10 @@ public class FederationProtocol extends Protocol {
             for (String validatorClassname : fp.getTokenValidators().getValidator()) {
                 Object obj = null;
                 try {
-                    if (this.classloader == null) {
+                    if (super.getClassloader() == null) {
                         obj = ClassLoaderUtils.loadClass(validatorClassname, this.getClass()).newInstance();
                     } else {
-                        obj = this.classloader.loadClass(validatorClassname).newInstance();
+                        obj = super.getClassloader().loadClass(validatorClassname).newInstance();
                     }
                 } catch (Exception ex) {
                     LOG.error("Failed to instantiate TokenValidator implementation class: '"
@@ -91,10 +87,6 @@ public class FederationProtocol extends Protocol {
         super.setProtocolType(federationProtocol);
     }
 
-    public int hashCode() {
-        return getFederationProtocol().hashCode();
-    }
-
     public Object getRealm() {
         if (this.realm != null) {
             return this.realm;
@@ -116,26 +108,6 @@ public class FederationProtocol extends Protocol {
         }
     }
 
-    public boolean equals(Object obj) {
-        return getFederationProtocol().equals(obj);
-    }
-
-    public String getRoleDelimiter() {
-        return getFederationProtocol().getRoleDelimiter();
-    }
-
-    public void setRoleDelimiter(String value) {
-        getFederationProtocol().setRoleDelimiter(value);
-    }
-
-    public String getRoleURI() {
-        return getFederationProtocol().getRoleURI();
-    }
-
-    public void setRoleURI(String value) {
-        getFederationProtocol().setRoleURI(value);
-    }
-    
     public String getApplicationServiceURL() {
         return getFederationProtocol().getApplicationServiceURL();
     }
@@ -186,27 +158,6 @@ public class FederationProtocol extends Protocol {
         }
     }
     
-    public Object getIssuer() {
-        if (this.issuer != null) {
-            return this.issuer;
-        }
-        CallbackType cbt = getFederationProtocol().getIssuer();
-        this.issuer = loadCallbackType(cbt, "Issuer");
-        return this.issuer;
-    }
-
-    public void setIssuer(Object value) {
-        final boolean isString = value instanceof String;
-        final boolean isCallbackHandler = value instanceof CallbackHandler;
-        if (isString || isCallbackHandler) {
-            this.issuer = value;
-        } else {
-            LOG.error("Unsupported 'Issuer' object");
-            throw new IllegalArgumentException("Unsupported 'Issuer' object. Type must be "
-                                               + "java.lang.String or javax.security.auth.callback.CallbackHandler.");
-        }
-    }
-    
     public Object getFreshness() {
         if (this.freshness != null) {
             return this.freshness;
@@ -307,35 +258,4 @@ public class FederationProtocol extends Protocol {
         return getFederationProtocol().toString();
     }
     
-    public ClassLoader getClassloader() {
-        return classloader;
-    }
-
-    public void setClassloader(ClassLoader classloader) {
-        this.classloader = classloader;
-    }
-    
-    private Object loadCallbackType(CallbackType cbt, String name) {
-        if (cbt == null) {
-            return null;
-        }
-        if (cbt.getType() == null || cbt.getType().equals(ArgumentType.STRING)) {
-            return new String(cbt.getValue());
-        } else if (cbt.getType().equals(ArgumentType.CLASS)) {
-            try {
-                if (this.classloader == null) {
-                    return ClassLoaderUtils.loadClass(cbt.getValue(), this.getClass()).newInstance();
-                } else {
-                    return this.classloader.loadClass(cbt.getValue()).newInstance();
-                }
-            } catch (Exception e) {
-                LOG.error("Failed to create instance of " + cbt.getValue(), e);
-                throw new IllegalStateException("Failed to create instance of " + cbt.getValue());
-            }            
-        } else {
-            LOG.error("Only String and Class are supported for '" + name + "'");
-            throw new IllegalStateException("Only String and Class are supported for '" + name + "'");
-        }
-    }
-
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/08af52b6/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizConfigurator.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizConfigurator.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizConfigurator.java
new file mode 100644
index 0000000..f8b0844
--- /dev/null
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizConfigurator.java
@@ -0,0 +1,115 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.core.config;
+
+import java.io.File;
+import java.io.Reader;
+import java.io.Writer;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBException;
+
+import org.apache.cxf.fediz.core.config.jaxb.ContextConfig;
+import org.apache.cxf.fediz.core.config.jaxb.FedizConfig;
+
+public class FedizConfigurator {
+
+    private FedizConfig rootConfig;
+
+    private JAXBContext jaxbContext;
+    
+    private List<FedizContext> fedizContextList;
+
+    public FedizConfig loadConfig(File f) throws JAXBException {
+        rootConfig = (FedizConfig) getJaxbContext().createUnmarshaller().unmarshal(f);
+        parseFedizContextList();
+        return rootConfig;
+    }
+
+    public FedizConfig loadConfig(Reader reader) throws JAXBException {
+        rootConfig = (FedizConfig) getJaxbContext().createUnmarshaller().unmarshal(reader);
+        parseFedizContextList();
+        return rootConfig;
+    }
+    
+    private void parseFedizContextList() {
+        fedizContextList = new ArrayList<FedizContext>();
+        for (ContextConfig config : rootConfig.getContextConfig()) {
+            fedizContextList.add(new FedizContext(config));            
+        }
+    }
+
+    public void saveConfiguration(File f) throws JAXBException {
+        if (f.canWrite()) {
+            jaxbContext.createMarshaller().marshal(rootConfig, f);
+        }
+    }
+
+    public void saveConfiguration(Writer writer) throws JAXBException {
+        jaxbContext.createMarshaller().marshal(rootConfig, writer);
+    }
+
+    private JAXBContext getJaxbContext() throws JAXBException {
+        if (jaxbContext == null) {
+            jaxbContext = JAXBContext.newInstance(FedizConfig.class);
+        }
+        return jaxbContext;
+    }
+
+    public List<FedizContext> getFedizContextList() {
+        return fedizContextList;
+    }
+    
+    public FedizContext getFedizContext(String contextName) {
+        if (contextName == null || contextName.isEmpty()) {
+            throw new IllegalArgumentException("Invalid Context Name '" + contextName + "'");
+        }
+        if (rootConfig == null) {
+            throw new IllegalArgumentException("No configuration loaded");
+        }
+        for (FedizContext fedContext : fedizContextList) {
+            if (fedContext.getName().equals(contextName)) {
+                fedContext.init();
+                return fedContext;
+            }
+        }
+        
+        return null;
+    }
+
+    public ContextConfig getContextConfig(String contextName) throws IllegalArgumentException {
+        if (contextName == null || contextName.isEmpty()) {
+            throw new IllegalArgumentException("Invalid Context Name '" + contextName + "'");
+        }
+        if (rootConfig == null) {
+            throw new IllegalArgumentException("No configuration loaded");
+        }
+
+        for (ContextConfig config : rootConfig.getContextConfig()) {
+            if (contextName.equals(config.getName())) {
+                return config;
+            }
+        }
+        return null;
+    }
+
+}


Mime
View raw message