cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject git commit: Adding a "Kerberos" profile to the STS
Date Mon, 25 Aug 2014 14:36:52 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master 040ed9a50 -> 3df6b1445


Adding a "Kerberos" profile to the STS


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/3df6b144
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/3df6b144
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/3df6b144

Branch: refs/heads/master
Commit: 3df6b1445fa8c73cd5d892906348af88c42175a3
Parents: 040ed9a
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon Aug 25 15:36:28 2014 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon Aug 25 15:36:28 2014 +0100

----------------------------------------------------------------------
 pom.xml                                         |   4 +-
 services/sts/pom.xml                            |   6 +
 .../sts/src/main/webapp/WEB-INF/kerberos.jaas   |   8 ++
 .../sts/src/main/webapp/WEB-INF/kerberos.xml    |  78 +++++++++++
 .../main/webapp/WEB-INF/userClaimsKerberos.xml  | 138 +++++++++++++++++++
 5 files changed, 232 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3df6b144/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index e1cb718..c0b8146 100644
--- a/pom.xml
+++ b/pom.xml
@@ -38,7 +38,7 @@
     <properties>
         <commons.lang.version>3.3.2</commons.lang.version>
         <commons.logging.version>1.1.3</commons.logging.version>
-        <cxf.version>3.0.1</cxf.version>
+        <cxf.version>3.0.2-SNAPSHOT</cxf.version>
         <cxf.build-utils.version>2.6.0</cxf.build-utils.version>
         <easymock.version>3.1</easymock.version>
         <ehcache.version>2.8.3</ehcache.version>
@@ -58,7 +58,7 @@
         <spring.version>3.2.6.RELEASE</spring.version>
         <spring.security.version>3.1.4.RELEASE</spring.security.version>
         <tomcat.version>7.0.54</tomcat.version>
-        <wss4j.version>2.0.1</wss4j.version>
+        <wss4j.version>2.0.2-SNAPSHOT</wss4j.version>
         <bval.version>0.5</bval.version>
 
         <tomcat.url>http://localhost:8080/manager/text</tomcat.url>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3df6b144/services/sts/pom.xml
----------------------------------------------------------------------
diff --git a/services/sts/pom.xml b/services/sts/pom.xml
index 694a5eb..98d012f 100644
--- a/services/sts/pom.xml
+++ b/services/sts/pom.xml
@@ -321,5 +321,11 @@
                 </dependency>
             </dependencies>
         </profile>
+        <profile>
+            <id>kerberos</id>
+            <properties>
+                <adapter.resource>kerberos</adapter.resource>
+            </properties>
+        </profile>
     </profiles>
 </project>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3df6b144/services/sts/src/main/webapp/WEB-INF/kerberos.jaas
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/kerberos.jaas b/services/sts/src/main/webapp/WEB-INF/kerberos.jaas
new file mode 100644
index 0000000..b773cf6
--- /dev/null
+++ b/services/sts/src/main/webapp/WEB-INF/kerberos.jaas
@@ -0,0 +1,8 @@
+
+alice {
+    com.sun.security.auth.module.Krb5LoginModule required refreshKrb5Config=true useKeyTab=true
keyTab="/etc/alice.keytab" principal="alice";
+};
+
+bob {
+    com.sun.security.auth.module.Krb5LoginModule required refreshKrb5Config=true useKeyTab=true
storeKey=true keyTab="/etc/bob.keytab" principal="bob/service.ws.apache.org";
+};

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3df6b144/services/sts/src/main/webapp/WEB-INF/kerberos.xml
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/kerberos.xml b/services/sts/src/main/webapp/WEB-INF/kerberos.xml
new file mode 100644
index 0000000..06ef44e
--- /dev/null
+++ b/services/sts/src/main/webapp/WEB-INF/kerberos.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:util="http://www.springframework.org/schema/util"
+    xmlns:jaxws="http://cxf.apache.org/jaxws"
+    xsi:schemaLocation="
+        http://www.springframework.org/schema/beans
+        http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+        http://www.springframework.org/schema/util
+        http://www.springframework.org/schema/util/spring-util-2.0.xsd
+        http://cxf.apache.org/jaxws
+        http://cxf.apache.org/schemas/jaxws.xsd">
+
+    <import resource="userClaimsKerberos.xml" />
+
+    <util:list id="claimHandlerList">
+        <ref bean="claimsHandlerA" />
+        <ref bean="claimsHandlerB" />
+    </util:list>
+
+    <bean id="claimsHandlerA"
+        class="org.apache.cxf.fediz.service.sts.realms.RealmFileClaimsHandler">
+        <property name="userClaims" ref="userClaimsREALMA" />
+        <property name="supportedClaims" ref="supportedClaims" />
+        <property name="realm" value="REALMA" />
+    </bean>
+
+    <bean id="claimsHandlerB"
+        class="org.apache.cxf.fediz.service.sts.realms.RealmFileClaimsHandler">
+        <property name="userClaims" ref="userClaimsREALMB" />
+        <property name="supportedClaims" ref="supportedClaims" />
+        <property name="realm" value="REALMB" />
+    </bean>
+    
+    <bean id="kerberosValidator" class="org.apache.wss4j.dom.validate.KerberosTokenValidator">
+        <property name="contextName" value="bob"/>
+        <property name="serviceName" value="bob@service.ws.apache.org"/>
+    </bean>
+
+    <jaxws:endpoint id="transportSTSRealmAKerberos"
+        implementor="#transportSTSProviderBean" address="/REALMA/STSServiceTransportKerberos"
+        wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
+        xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+        serviceName="ns1:SecurityTokenService" endpointName="ns1:TransportKerberos_Port">
+        <jaxws:properties>
+            <entry key="ws-security.bst.validator" value-ref="kerberosValidator"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
+
+    <jaxws:endpoint id="transportSTSRealmBKerberos"
+        implementor="#transportSTSProviderBean" address="/REALMB/STSServiceTransportKerberos"
+        wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
+        xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+        serviceName="ns1:SecurityTokenService" endpointName="ns1:TransportKerberos_Port">
+        <jaxws:properties>
+            <entry key="ws-security.bst.validator" value-ref="kerberosValidator"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
+
+</beans>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3df6b144/services/sts/src/main/webapp/WEB-INF/userClaimsKerberos.xml
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/userClaimsKerberos.xml b/services/sts/src/main/webapp/WEB-INF/userClaimsKerberos.xml
new file mode 100644
index 0000000..38ff27c
--- /dev/null
+++ b/services/sts/src/main/webapp/WEB-INF/userClaimsKerberos.xml
@@ -0,0 +1,138 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:util="http://www.springframework.org/schema/util"
+    xsi:schemaLocation="
+        http://www.springframework.org/schema/beans
+        http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+        http://www.springframework.org/schema/util
+        http://www.springframework.org/schema/util/spring-util-2.0.xsd">
+
+    <util:map id="userClaimsREALMA">
+        <entry key="alice@WS.APACHE.ORG" value-ref="REALMA_aliceClaims" />
+        <entry key="bob/service.ws.apache.org@WS.APACHE.ORG" value-ref="REALMA_bobClaims"
/>
+        <entry key="ted@WS.APACHE.ORG" value-ref="REALMA_tedClaims" />
+    </util:map>
+
+    <util:map id="REALMA_aliceClaims">
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+            value="Alice" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+            value="Smith" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+            value="alice@realma.org" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+            value="User" />
+    </util:map>
+
+    <util:map id="REALMA_bobClaims">
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+            value="Bob" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+            value="Windsor" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+            value="bobwindsor@realma.org" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+            value="User,Manager,Admin" />
+    </util:map>
+
+    <util:map id="REALMA_tedClaims">
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+            value="Ted" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+            value="Cooper" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+            value="tcooper@realma.org" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+            value="" />
+    </util:map>
+
+    <util:map id="userClaimsREALMB">
+        <entry key="ALICE" value-ref="REALMB_aliceClaims" />
+        <entry key="BOB" value-ref="REALMB_bobClaims" />
+        <entry key="TED" value-ref="REALMB_tedClaims" />
+    </util:map>
+
+    <util:map id="REALMB_aliceClaims">
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+            value="Alice" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+            value="Smith" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+            value="alice@realmb.org" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+            value="USER" />
+    </util:map>
+
+    <util:map id="REALMB_bobClaims">
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+            value="Bob" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+            value="Windsor" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+            value="bobwindsor@realmb.org" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+            value="USER,MANAGER,ADMIN" />
+    </util:map>
+
+    <util:map id="REALMB_tedClaims">
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+            value="Ted" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+            value="Cooper" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+            value="tcooper@realmb.org" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+            value="" />
+    </util:map>
+
+    <util:list id="supportedClaims">
+        <value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname</value>
+        <value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname</value>
+        <value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress</value>
+        <value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</value>
+    </util:list>
+
+</beans>
\ No newline at end of file


Mime
View raw message