cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf-fediz git commit: Fix wsclientWebapp by configuring client auth against STS. Thanks to Andreas Vallen for the patch. This closes #4
Date Mon, 23 Feb 2015 21:16:30 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/1.1.x-fixes 355395768 -> 612dd077d


Fix wsclientWebapp by configuring client auth against STS. Thanks to Andreas Vallen for the
patch.  This closes #4

Conflicts:
	examples/wsclientWebapp/webapp/src/main/webapp/WEB-INF/applicationContext.xml


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/612dd077
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/612dd077
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/612dd077

Branch: refs/heads/1.1.x-fixes
Commit: 612dd077d2180da143d4923e004e69710baeccaa
Parents: 3553957
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon Feb 23 21:07:09 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon Feb 23 21:15:38 2015 +0000

----------------------------------------------------------------------
 examples/samplekeys/HowToGenerateKeysREADME.html |  16 +++++++++-------
 examples/samplekeys/ststrust.jks                 | Bin 2561 -> 3241 bytes
 .../webapp/src/main/resources/rp-ssl-key.jks     | Bin 0 -> 1124 bytes
 .../main/webapp/WEB-INF/applicationContext.xml   |   5 +++++
 services/sts/src/main/resources/ststrust.jks     | Bin 2561 -> 3241 bytes
 5 files changed, 14 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/612dd077/examples/samplekeys/HowToGenerateKeysREADME.html
----------------------------------------------------------------------
diff --git a/examples/samplekeys/HowToGenerateKeysREADME.html b/examples/samplekeys/HowToGenerateKeysREADME.html
index 6eb2957..5b020c9 100644
--- a/examples/samplekeys/HowToGenerateKeysREADME.html
+++ b/examples/samplekeys/HowToGenerateKeysREADME.html
@@ -1,3 +1,4 @@
+
 <html>
 <head/>
 <body>
@@ -14,8 +15,8 @@ is recommended.</p>
     <td><code>keytool -genkeypair -validity 730 -alias mytomidpkey -keystore
idp-ssl-server.jks -dname "cn=localhost" -keypass tompass -storepass tompass</code><br/><br/><code>keytool
-keystore idp-ssl-server.jks -storepass tompass -export -alias mytomidpkey -file MyTCIDP.cer</code></td>
     <td>Nobody</td><td>Fediz IDP module<br/><br/>wsclientWebapp's
webapp module<br/><br/>Browser</td></tr> 
 <tr><td>rp-ssl-server.jks (tompass)</td><td>mytomrpkey (tompass)</td><td>base
folder of Tomcat instance holding the relying party applications for both samples (simpleWebapp
and wsclientWebapp); STS public cert NOT imported anymore - instead use ststrust.jks</td>
-    <td><code>keytool -genkeypair -validity 730 -alias mytomrpkey -keystore rp-ssl-server.jks
-dname "cn=localhost" -keypass tompass -storepass tompass</code></td>
-    <td>Nobody</td><td>Browser</td></tr> 
+    <td><code>keytool -genkeypair -validity 730 -alias mytomrpkey -keystore rp-ssl-server.jks
-dname "cn=localhost" -keypass tompass -storepass tompass</code><br/><br/><code>keytool
-keystore rp-ssl-server.jks -storepass tompass -export -alias mytomrpkey -file MyTCRP.cer</code></td>
+    <td>Nobody</td><td>Browser<br/><br/>IDP STS</td></tr>

 <tr><td>wsp-ssl-server.jks (tompass)</td><td>mytomwspkey (tompass)</td><td>base
folder of Tomcat instance holding the web service provider in the second (wsClientWebapp)
sample</td>
     <td><code>keytool -genkeypair -validity 730 -alias mytomwspkey -keystore
wsp-ssl-server.jks -dname "cn=localhost" -keypass tompass -storepass tompass</code><br/><br/><code>keytool
-keystore wsp-ssl-server.jks -storepass tompass -export -alias mytomwspkey -file MyTCWSP.cer</code></td>
     <td>Nobody</td><td>wsclientWebapp's webapp module</td></tr>

@@ -23,24 +24,25 @@ is recommended.</p>
 <tr><td>idp-ssl-trust.jks (ispass)</td><td>myidpkey (ikpass)</td><td>services/idp/src/main/resources/idp-ssl-trust.jks</td>
     <td><code>keytool -import -trustcacerts -keystore idp-ssl-trust.jks -storepass
ispass -alias mytomidpkey -file MyTCIDP.cer -noprompt</code></td>
     <td>mytomidpkey (because of SSL call to IDP STS)</td><td>IDP STS</td></tr>

-<tr><td>stsrealm_a.jks (storepass)</td><td>realma (realma)</td><td>services/sts/src/realms/resources/stsrealm_a.jks</td>
+<tr><td>stsrealm_a.jks (storepass)</td><td>realma (realma)</td><td>services/sts/src/main/resources/stsrealm_a.jks</td>
     <td><code>
 keytool -genkeypair -keyalg RSA -validity 3600 -alias realma -keystore stsrealm_a.jks -dname
"cn=REALMA" -keypass realma -storepass storepass<br/><br/>
 keytool -export -rfc -keystore stsrealm_a.jks -storepass storepass -alias realma -file realma.cert
 </code>
-</td>
+</td>√
     <td>Nobody</td><td>By Relying Party (ststrust.jks)</td></tr>
-<tr><td>stsrealm_b.jks (storepass)</td><td>realmb (realmb)</td><td>services/sts/src/realms/resources/stsrealm_b.jks</td>
+<tr><td>stsrealm_b.jks (storepass)</td><td>realmb (realmb)</td><td>services/sts/src/main/resources/stsrealm_b.jks</td>
     <td><code>
 keytool -genkeypair -keyalg RSA -validity 3600 -alias realma -keystore stsrealm_b.jks -dname
"cn=REALMB" -keypass realmb -storepass storepass<br/><br/>
 keytool -export -rfc -keystore stsrealm_b.jks -storepass storepass -alias realmb -file realmb.cert
 </code>
 </td>
     <td>Nobody</td><td>By Relying Party (ststrust.jks)</td></tr>
-<tr><td>ststrust.jks (storepass)</td><td>N/A (no key, just a truststore)</td><td>examples/samplekeys/ststrust.jks<br/><br/>services/sts/src/realms/resources/ststrust.jks</td>
+<tr><td>ststrust.jks (storepass)</td><td>N/A (no key, just a truststore)</td><td>examples/samplekeys/ststrust.jks<br/><br/>services/sts/src/main/resources/ststrust.jks</td>
     <td><code>
 keytool -import -trustcacerts -keystore ststrust.jks -storepass storepass -alias realma -file
realma.cert -noprompt<br/><br/>
-keytool -import -trustcacerts -keystore ststrust.jks -storepass storepass -alias realmb -file
realmb.cert -noprompt
+keytool -import -trustcacerts -keystore ststrust.jks -storepass storepass -alias realmb -file
realmb.cert -noprompt<br/><br/>
+keytool -import -trustcacerts -keystore ststrust.jks -storepass storepass -alias rpcert -file
MyTCRP.cer -noprompt
 </code>
 </td>
     <td>Nobody</td><td>By Relying Party (Fediz configuration file)</td></tr>
   

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/612dd077/examples/samplekeys/ststrust.jks
----------------------------------------------------------------------
diff --git a/examples/samplekeys/ststrust.jks b/examples/samplekeys/ststrust.jks
index 911945c..bad73f4 100644
Binary files a/examples/samplekeys/ststrust.jks and b/examples/samplekeys/ststrust.jks differ

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/612dd077/examples/wsclientWebapp/webapp/src/main/resources/rp-ssl-key.jks
----------------------------------------------------------------------
diff --git a/examples/wsclientWebapp/webapp/src/main/resources/rp-ssl-key.jks b/examples/wsclientWebapp/webapp/src/main/resources/rp-ssl-key.jks
new file mode 100644
index 0000000..c37cbbf
Binary files /dev/null and b/examples/wsclientWebapp/webapp/src/main/resources/rp-ssl-key.jks
differ

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/612dd077/examples/wsclientWebapp/webapp/src/main/webapp/WEB-INF/applicationContext.xml
----------------------------------------------------------------------
diff --git a/examples/wsclientWebapp/webapp/src/main/webapp/WEB-INF/applicationContext.xml
b/examples/wsclientWebapp/webapp/src/main/webapp/WEB-INF/applicationContext.xml
index d5defb2..eea1ab2 100644
--- a/examples/wsclientWebapp/webapp/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/examples/wsclientWebapp/webapp/src/main/webapp/WEB-INF/applicationContext.xml
@@ -62,6 +62,11 @@
 			<sec:trustManagers>
 				<sec:keyStore type="jks" password="waspass" resource="webappKeystore.jks" />
 			</sec:trustManagers>
+                        <!-- new keyManager is needed for client cert authentication against
STS Transport_Port,
+                             rp-ssl-key.jks is a copy of the keystore rp-ssl-server.jks that
is used for SSL by the webapp. -->
+                        <sec:keyManagers keyPassword="tompass">
+                                <sec:keyStore type="jks" password="tompass" resource="rp-ssl-key.jks"/>
+                       </sec:keyManagers>
 		</http:tlsClientParameters>
 	</http:conduit>
 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/612dd077/services/sts/src/main/resources/ststrust.jks
----------------------------------------------------------------------
diff --git a/services/sts/src/main/resources/ststrust.jks b/services/sts/src/main/resources/ststrust.jks
index 911945c..3a408ae 100644
Binary files a/services/sts/src/main/resources/ststrust.jks and b/services/sts/src/main/resources/ststrust.jks
differ


Mime
View raw message