cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jbernha...@apache.org
Subject [02/12] cxf-fediz git commit: Improving Websphere Plugin: * Using core handler * Improve ExceptionHandling for Group Mappings * Added WAS 8.5 Liberty Support * Added WAS HelloWorld Example
Date Fri, 20 Mar 2015 12:11:27 GMT
Improving Websphere Plugin:
 * Using core handler
 * Improve ExceptionHandling for Group Mappings
 * Added WAS 8.5 Liberty Support
 * Added WAS HelloWorld Example


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/ce7b4f1a
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/ce7b4f1a
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/ce7b4f1a

Branch: refs/heads/master
Commit: ce7b4f1ae15e688486dcfaca1683e4d63cb47970
Parents: 0f6a65d
Author: Jan Bernhardt <jbernhardt@talend.com>
Authored: Mon Mar 2 19:45:48 2015 +0100
Committer: Jan Bernhardt <jbernhardt@talend.com>
Committed: Thu Mar 19 17:26:13 2015 +0100

----------------------------------------------------------------------
 examples/websphereWebapp/README.txt             | 104 ++++++++
 examples/websphereWebapp/pom.xml                |  76 ++++++
 .../src/main/config/fediz_config.xml            |  36 +++
 .../cxf/fediz/example/FederationServlet.java    | 115 +++++++++
 .../src/main/resources/log4j.properties         |  17 ++
 .../src/main/resources/logging.properties       |  53 ++++
 .../src/main/webapp/META-INF/context.xml        |   3 +
 .../src/main/webapp/WEB-INF/web.xml             | 105 ++++++++
 .../websphereWebapp/src/main/webapp/index.html  |  25 ++
 .../src/main/webapp/secure/test.html            |  25 ++
 .../cxf/fediz/core/handler/SigninHandler.java   |   9 +-
 .../filter/SecurityContextTTLChecker.java       |   5 +-
 .../cxf/fediz/was/tai/FedizInterceptor.java     | 247 +++++++++----------
 13 files changed, 687 insertions(+), 133 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/ce7b4f1a/examples/websphereWebapp/README.txt
----------------------------------------------------------------------
diff --git a/examples/websphereWebapp/README.txt b/examples/websphereWebapp/README.txt
new file mode 100644
index 0000000..12ac9d9
--- /dev/null
+++ b/examples/websphereWebapp/README.txt
@@ -0,0 +1,104 @@
+Simple Web Application Demo
+===========================
+
+This demo shows how to build and deploy an SSO protected using Apache CXF Fediz
+web application.
+
+Running this sample consists of four steps:
+
+- Configure the Tomcat-IDP and Tomcat or Jetty-RP instances
+- Building the demo using Maven
+- Deploying the demo to the RP instance
+- Testing the demo
+
+Please review the README in the samples main directory before continuing.
+
+Configure the Tomcat-IDP
+------------------------
+Make sure the separate Tomcat instance hosting the Fediz IDP and IDP
+STS has been configured and is running as described here:  
+http://cxf.apache.org/fediz-idp.html.  Confirm the STS is active by
+checking that the WSDL is viewable from the browser using the URL given
+on that page--don't proceed further unless it is.
+
+
+a) Configure the Tomcat-RP instance
+-----------------------------------
+Tomcat installation holding the relying parties (the demo Web application
+for this sample) must be configured properly before applications can be
+deployed to it.  See this wiki page for instructions:
+http://cxf.apache.org/fediz-tomcat.html -- the "Installation" and "HTTPS
+Configuration" sections are the only parts that need configuration for this
+sample. 
+
+b) Configure the Jetty-RP instance
+----------------------------------
+Jetty installation holding the relying parties (the demo Web application
+for this sample) must be configured properly before applications can be
+deployed to it.  See this wiki page for instructions:
+http://cxf.apache.org/fediz-jetty.html -- the "Installation" and "HTTPS
+Configuration" sections are the only parts that need configuration for this
+sample. 
+
+Demo Web Application
+---------------------
+The main code lives in the class FederationServlet. This Servlet is protected
+and can be accessed only if the browser user is authenticated. The purpose of
+the FederationServlet is to illustrate the usage of the Java Servlet Security
+API to get the authenticated user and to check the roles he has. Further, 
+the FederationServlet shows how to access claims data (user data) which were 
+stored in the SAML token by using the Fediz interface FederationPrincipal.
+Beyond that, the FederationServlet illustrates how to access the SAML token
+if required. The classes SecurityTokenThreadLocal.java and FederationFilter.java
+can be used to achieve that. You could get this information directly from the
+HTTP session.
+
+
+Building the demo using Maven
+-----------------------------
+From the base directory of this sample (i.e., where this README file is
+located), the pom.xml file is used to build and run the demo. From a 
+command prompt, enter:
+
+  mvn clean install   (builds the demo and creates a WAR file for Servlet deployment)
+
+
+a) Deploying the demo to Tomcat
+-------------------------------
+First copy this sample's Fediz Configuration file (src/main/config/fediz_config.xml)
+into the Tomcat-RP's conf folder.  This configuration references the 
+Java keystore 'rp-ssl-server.jks' available in Fediz' examples/samplekeys folder 
+but should already be in the Tomcat RP's root folder when you configured this
+instance as stated in the prerequisites.
+
+Then, either manually copy this sample's generated WAR file to the Tomcat-RP's 
+webapps folder, or use the Tomcat Maven Plugin as described in the README file 
+in the example folder root.
+
+b) Deploying the demo to Jetty
+------------------------------
+First copy this sample's Fediz Configuration file (src/main/config/fediz_config.xml)
+into the Jetty-RP's etc folder.  This configuration references the 
+Java keystore 'rp-ssl-server.jks' available in Fediz' examples/samplekeys folder 
+but should already be in the Jetty RP's root folder when you configured this
+instance as stated in the prerequisites.
+
+Then, either manually copy this sample's generated WAR file to the Jetty-RP's 
+webapps folder, or use the Jetty Maven Plugin as described in the README file 
+in the example folder root.
+
+
+Test the demo
+-------------
+Enter the following URL into the browser (TCP port depends on your HTTP settings):
+
+https://localhost:8443/fedizhelloworld/secure/fedservlet
+
+The browser is redirected to the IDP and prompts for username and password. As described
+in the IDP installation, the following users are already set up:
+
+User: alice   Password: ecila
+User: bob     Password: bob
+User: ted     Password: det
+
+

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/ce7b4f1a/examples/websphereWebapp/pom.xml
----------------------------------------------------------------------
diff --git a/examples/websphereWebapp/pom.xml b/examples/websphereWebapp/pom.xml
new file mode 100644
index 0000000..fc87cb0
--- /dev/null
+++ b/examples/websphereWebapp/pom.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.apache.cxf.fediz</groupId>
+        <artifactId>examples</artifactId>
+        <version>1.2.0-SNAPSHOT</version>
+    </parent>
+
+    <groupId>org.apache.cxf.fediz.examples</groupId>
+    <artifactId>simpleWebapp</artifactId>
+    <name>Fediz Example: SimpleWebapp</name>
+    <packaging>war</packaging>
+
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>servlet-api</artifactId>
+            <version>${servlet.version}</version>
+            <scope>provided</scope>
+        </dependency>
+        <!-- Required to cast Principal to FederationPrincipal -->
+        <dependency>
+            <groupId>org.apache.cxf.fediz</groupId>
+            <artifactId>fediz-core</artifactId>
+            <version>${project.version}</version>
+            <scope>provided</scope>             
+        </dependency>
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+            <version>${commons.lang.version}</version>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin><!--for mvn tomcat:deploy/:undeploy/:redeploy -->
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>tomcat-maven-plugin</artifactId>
+                <version>1.1</version>
+                <configuration>
+                    <server>myTomcat</server>
+                    <url>http://localhost:8080/manager/text</url>
+                    <path>/${project.build.finalName}</path>
+                </configuration>
+            </plugin>
+        </plugins>
+        <!-- Name of the generated WAR file -->
+        <finalName>fedizhelloworld</finalName>
+    </build>
+
+</project>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/ce7b4f1a/examples/websphereWebapp/src/main/config/fediz_config.xml
----------------------------------------------------------------------
diff --git a/examples/websphereWebapp/src/main/config/fediz_config.xml b/examples/websphereWebapp/src/main/config/fediz_config.xml
new file mode 100644
index 0000000..b52f302
--- /dev/null
+++ b/examples/websphereWebapp/src/main/config/fediz_config.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<!-- Place in Tomcat conf folder or other location as designated in this sample's file. 
+     Keystore referenced below must have IDP STS' public cert included in it.  This example uses the
+     ststrust Truststore (ststrust.jks) for this task.
+     In Fediz 1.0, one keystore was used for SSL and the STS public certificate.
+-->
+<FedizConfig>
+	<contextConfig name="/fedizhelloworld">
+		<audienceUris>
+			<audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
+		</audienceUris>
+		<certificateStores>
+			<trustManager>
+				<keyStore file="ststrust.jks" password="storepass" type="JKS" />
+			</trustManager>
+		</certificateStores>
+		<trustedIssuers>
+			<issuer certificateValidation="PeerTrust" />
+		</trustedIssuers>
+		<maximumClockSkew>1000</maximumClockSkew>
+		<protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+			xsi:type="federationProtocolType" version="1.0.0">
+			<realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
+			<issuer>https://localhost:9443/fediz-idp/federation</issuer>
+			<roleDelimiter>,</roleDelimiter>
+			<roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+			<claimTypesRequested>
+				<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" optional="false" />
+				<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" optional="true" />
+				<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" optional="true" />
+				<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" optional="true" />
+			</claimTypesRequested>
+		</protocol>
+	</contextConfig>
+</FedizConfig>
+

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/ce7b4f1a/examples/websphereWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
----------------------------------------------------------------------
diff --git a/examples/websphereWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java b/examples/websphereWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
new file mode 100644
index 0000000..a20910d
--- /dev/null
+++ b/examples/websphereWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
@@ -0,0 +1,115 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.example;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.io.StringWriter;
+import java.security.Principal;
+import java.util.Arrays;
+import java.util.List;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.transform.OutputKeys;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.w3c.dom.Element;
+
+import org.apache.commons.lang3.StringEscapeUtils;
+import org.apache.cxf.fediz.core.Claim;
+import org.apache.cxf.fediz.core.ClaimCollection;
+import org.apache.cxf.fediz.core.FedizPrincipal;
+import org.apache.cxf.fediz.core.SecurityTokenThreadLocal;
+
+
+public class FederationServlet extends HttpServlet {
+
+    /**
+     * 
+     */
+    private static final long serialVersionUID = -9019993850246851112L;
+
+    public void doGet(HttpServletRequest request, HttpServletResponse response)
+        throws ServletException, IOException {
+
+        response.setContentType("text/html");
+        PrintWriter out = response.getWriter();
+
+        out.println("<html>");
+        out.println("<head><title>WS Federation Example</title></head>");
+        out.println("<body>");
+        out.println("<h1>Hello World</h1>");
+        out.println("Request url: " + request.getRequestURL().toString() + "<p>");
+
+
+        out.println("<br><b>User</b><p>");
+        Principal p = request.getUserPrincipal();
+        if (p != null) {
+            out.println("Principal: " + p.getName() + "<p>");
+        }
+
+        out.println("<br><b>Roles</b><p>");
+        List<String> roleListToCheck = Arrays.asList("Admin", "Manager", "User", "Authenticated");
+        for (String item: roleListToCheck) {
+            out.println("Has role '" + item + "': " + ((request.isUserInRole(item)) ? "<b>yes</b>" : "no") + "<p>");
+        }
+
+        if (p instanceof FedizPrincipal) {
+            FedizPrincipal fp = (FedizPrincipal)p;
+
+            out.println("<br><b>Claims</b><p>");
+            ClaimCollection claims = fp.getClaims();
+            for (Claim c: claims) {
+                out.println(c.getClaimType().toString() + ": " + c.getValue() + "<p>");
+            }
+        } else {
+            out.println("<p>Principal is not instance of FedizPrincipal");
+        }
+
+        Element el = SecurityTokenThreadLocal.getToken();
+        if (el != null) {
+            out.println("<br><b>Bootstrap token</b><p>");
+            String token = null;
+            try {
+                TransformerFactory transFactory = TransformerFactory.newInstance();
+                Transformer transformer = transFactory.newTransformer();
+                StringWriter buffer = new StringWriter();
+                transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
+                transformer.transform(new DOMSource(el),
+                                      new StreamResult(buffer));
+                token = buffer.toString();
+                out.println("<p>" + StringEscapeUtils.escapeXml11(token));
+            } catch (Exception ex) {
+                out.println("<p>Failed to transform cached element to string: " + ex.toString());
+            }
+        } else {
+            out.println("<p>Bootstrap token not cached in thread local storage");
+        }
+
+        out.println("</body>");
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/ce7b4f1a/examples/websphereWebapp/src/main/resources/log4j.properties
----------------------------------------------------------------------
diff --git a/examples/websphereWebapp/src/main/resources/log4j.properties b/examples/websphereWebapp/src/main/resources/log4j.properties
new file mode 100644
index 0000000..aaea9b4
--- /dev/null
+++ b/examples/websphereWebapp/src/main/resources/log4j.properties
@@ -0,0 +1,17 @@
+# Set root category priority to INFO and its only appender to CONSOLE.
+#log4j.rootCategory=FATAL, CONSOLE
+log4j.rootCategory=DEBUG, CONSOLE
+
+# CONSOLE is set to be a ConsoleAppender using a PatternLayout.
+log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
+log4j.appender.CONSOLE.Threshold=DEBUG
+log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
+log4j.appender.CONSOLE.layout.ConversionPattern=- %m%n
+
+# LOGFILE is set to be a File appender using a PatternLayout.
+log4j.appender.LOGFILE=org.apache.log4j.FileAppender
+log4j.appender.LOGFILE.File=target/wss4j.log
+log4j.appender.LOGFILE.Append=false
+log4j.appender.LOGFILE.Threshold=DEBUG
+log4j.appender.LOGFILE.layout=org.apache.log4j.PatternLayout
+log4j.appender.LOGFILE.layout.ConversionPattern=%-4r [%t] %-5p %c %x - %m%n

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/ce7b4f1a/examples/websphereWebapp/src/main/resources/logging.properties
----------------------------------------------------------------------
diff --git a/examples/websphereWebapp/src/main/resources/logging.properties b/examples/websphereWebapp/src/main/resources/logging.properties
new file mode 100644
index 0000000..51cfbec
--- /dev/null
+++ b/examples/websphereWebapp/src/main/resources/logging.properties
@@ -0,0 +1,53 @@
+############################################################
+#  	Default Logging Configuration File
+#
+# You can use a different file by specifying a filename
+# with the java.util.logging.config.file system property.  
+# For example java -Djava.util.logging.config.file=myfile
+############################################################
+
+############################################################
+#  	Global properties
+############################################################
+
+# "handlers" specifies a comma separated list of log Handler 
+# classes.  These handlers will be installed during VM startup.
+# Note that these classes must be on the system classpath.
+# By default we only configure a ConsoleHandler, which will only
+# show messages at the WARNING and above levels.
+handlers= java.util.logging.ConsoleHandler
+#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler
+
+# Default global logging level.
+# This specifies which kinds of events are logged across
+# all loggers.  For any given facility this global level
+# can be overridden by a facility specific level
+# Note that the ConsoleHandler also has a separate level
+# setting to limit messages printed to the console.
+.level= INFO
+
+############################################################
+# Handler specific properties.
+# Describes specific configuration info for Handlers.
+############################################################
+
+# default file output is in user's home directory.
+java.util.logging.FileHandler.pattern = %h/java%u.log
+java.util.logging.FileHandler.limit = 50000
+java.util.logging.FileHandler.count = 1
+java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter
+
+# Limit the message that are printed on the console to WARNING and above.
+java.util.logging.ConsoleHandler.level = FINEST
+java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
+java.util.logging.SimpleFormatter.format="HEL %1$tc %2$s%n%4$s: %5$s%6$s%n"
+
+############################################################
+# Facility specific properties.
+# Provides extra control for each logger.
+############################################################
+
+# For example, set the com.xyz.foo logger to only log SEVERE
+# messages:
+#com.xyz.foo.level = SEVERE
+org.apache.cxf.fediz.level = FINE
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/ce7b4f1a/examples/websphereWebapp/src/main/webapp/META-INF/context.xml
----------------------------------------------------------------------
diff --git a/examples/websphereWebapp/src/main/webapp/META-INF/context.xml b/examples/websphereWebapp/src/main/webapp/META-INF/context.xml
new file mode 100644
index 0000000..7fc734a
--- /dev/null
+++ b/examples/websphereWebapp/src/main/webapp/META-INF/context.xml
@@ -0,0 +1,3 @@
+<Context>
+        <Valve className="org.apache.cxf.fediz.tomcat.FederationAuthenticator" configFile="conf/fediz_config.xml" />        
+</Context>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/ce7b4f1a/examples/websphereWebapp/src/main/webapp/WEB-INF/web.xml
----------------------------------------------------------------------
diff --git a/examples/websphereWebapp/src/main/webapp/WEB-INF/web.xml b/examples/websphereWebapp/src/main/webapp/WEB-INF/web.xml
new file mode 100644
index 0000000..28d2a3a
--- /dev/null
+++ b/examples/websphereWebapp/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,105 @@
+<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+    version="3.0" metadata-complete="true">
+
+    <description>WS Federation Simple Web Application Example</description>
+    <display-name>WS Federation Simple Web Application Example</display-name>
+
+    <!-- Optional: Cache the security token in Thread Local Storage -->
+	<!-- 
+    <filter>
+        <filter-name>FederationFilter</filter-name>
+        <filter-class>org.apache.cxf.fediz.core.servlet.FederationFilter</filter-class>
+    </filter>
+	-->
+	
+	<filter>
+        <filter-name>FederationFilter</filter-name>
+        <filter-class>org.apache.cxf.fediz.was.servlet.filter.SecurityContextTTLChecker</filter-class>
+    </filter>
+
+    <filter-mapping>
+        <filter-name>FederationFilter</filter-name>
+        <url-pattern>/secure/*</url-pattern>
+    </filter-mapping>
+
+    <servlet>
+        <servlet-name>FederationServlet</servlet-name>
+        <servlet-class>org.apache.cxf.fediz.example.FederationServlet</servlet-class>
+    </servlet>
+
+    <servlet-mapping>
+        <servlet-name>FederationServlet</servlet-name>
+        <url-pattern>/secure/fedservlet</url-pattern>
+    </servlet-mapping>
+
+    <servlet-mapping>
+        <servlet-name>FederationServlet</servlet-name>
+        <url-pattern>/secure/admin/fedservlet</url-pattern>
+    </servlet-mapping>
+
+    <servlet-mapping>
+        <servlet-name>FederationServlet</servlet-name>
+        <url-pattern>/secure/user/fedservlet</url-pattern>
+    </servlet-mapping>
+
+    <servlet-mapping>
+        <servlet-name>FederationServlet</servlet-name>
+        <url-pattern>/secure/manager/fedservlet</url-pattern>
+    </servlet-mapping>
+
+    <security-role>
+        <role-name>Manager</role-name>
+    </security-role>
+    <security-role>
+        <role-name>User</role-name>
+    </security-role>
+    <security-role>
+        <role-name>Admin</role-name>
+    </security-role>
+    <security-role>
+        <role-name>Authenticated</role-name>
+    </security-role>
+
+    <security-constraint>
+        <web-resource-collection>
+            <web-resource-name>Protected Area</web-resource-name>
+            <url-pattern>/secure/*</url-pattern>
+        </web-resource-collection>
+        <auth-constraint>
+            <role-name>*</role-name>
+        </auth-constraint>
+    </security-constraint>
+
+    <security-constraint>
+        <web-resource-collection>
+            <web-resource-name>Protected Admin Area</web-resource-name>
+            <url-pattern>/secure/admin/*</url-pattern>
+        </web-resource-collection>
+        <auth-constraint>
+            <role-name>Admin</role-name>
+        </auth-constraint>
+    </security-constraint>
+
+    <security-constraint>
+        <web-resource-collection>
+            <web-resource-name>Protected Manager Area</web-resource-name>
+            <url-pattern>/secure/manager/*</url-pattern>
+        </web-resource-collection>
+        <auth-constraint>
+            <role-name>Manager</role-name>
+        </auth-constraint>
+    </security-constraint>
+
+    <security-constraint>
+        <web-resource-collection>
+            <web-resource-name>Protected User Area</web-resource-name>
+            <url-pattern>/secure/user/*</url-pattern>
+        </web-resource-collection>
+        <auth-constraint>
+            <role-name>User</role-name>
+            <role-name>Admin</role-name>
+            <role-name>Manager</role-name>
+        </auth-constraint>
+    </security-constraint>
+</web-app>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/ce7b4f1a/examples/websphereWebapp/src/main/webapp/index.html
----------------------------------------------------------------------
diff --git a/examples/websphereWebapp/src/main/webapp/index.html b/examples/websphereWebapp/src/main/webapp/index.html
new file mode 100644
index 0000000..1a1ef1d
--- /dev/null
+++ b/examples/websphereWebapp/src/main/webapp/index.html
@@ -0,0 +1,25 @@
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<HTML><HEAD><TITLE>WS Federation Tomcat Examples</TITLE>
+<META http-equiv=Content-Type content="text/html">
+</HEAD>
+<BODY>
+<P>
+<H3>Hello World</H3>
+<P></P>
+</BODY></HTML>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/ce7b4f1a/examples/websphereWebapp/src/main/webapp/secure/test.html
----------------------------------------------------------------------
diff --git a/examples/websphereWebapp/src/main/webapp/secure/test.html b/examples/websphereWebapp/src/main/webapp/secure/test.html
new file mode 100644
index 0000000..042ed67
--- /dev/null
+++ b/examples/websphereWebapp/src/main/webapp/secure/test.html
@@ -0,0 +1,25 @@
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<HTML><HEAD><TITLE>WS Federation Tomcat Examples</TITLE>
+<META http-equiv=Content-Type content="text/html">
+</HEAD>
+<BODY>
+<P>
+<H3>Secure Test</H3>
+<P></P>
+</BODY></HTML>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/ce7b4f1a/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
index e4cd349..54a6ab7 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
@@ -58,9 +58,9 @@ public abstract class SigninHandler implements RequestHandler {
                 LOG.debug("Validating RSTR...");
                 // process and validate the token
                 try {
-                    processSigninRequest(request, response);
+                    FedizResponse federationResponse = processSigninRequest(request, response);
                     LOG.info("RSTR validated successfully");
-                    resumeRequest();
+                    resumeRequest(request, response, federationResponse);
                     return true;
                 } catch (ProcessingException e) {
                     LOG.error("RSTR validated failed.");
@@ -74,8 +74,9 @@ public abstract class SigninHandler implements RequestHandler {
         return false;
     }
 
-    public abstract void resumeRequest();
-    
+    public abstract void resumeRequest(HttpServletRequest request, HttpServletResponse response,
+        FedizResponse federationResponse);
+
     public FedizResponse processSigninRequest(HttpServletRequest req, HttpServletResponse resp)
         throws ProcessingException {
         FedizRequest federationRequest = new FedizRequest();

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/ce7b4f1a/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/servlet/filter/SecurityContextTTLChecker.java
----------------------------------------------------------------------
diff --git a/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/servlet/filter/SecurityContextTTLChecker.java b/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/servlet/filter/SecurityContextTTLChecker.java
index 7bc2abd..aa17e61 100644
--- a/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/servlet/filter/SecurityContextTTLChecker.java
+++ b/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/servlet/filter/SecurityContextTTLChecker.java
@@ -50,8 +50,11 @@ import org.slf4j.LoggerFactory;
 
 /*
  * A Servlet Filter that MUST be configured to match the '/*' request scheme on each Web Application
- * to enforce SAML assertion TimeToLive checking 
+ * to enforce SAML assertion TimeToLive checking
+ *
+ * @deprecated  Not needed any longer since version 1.2.0
  */
+@Deprecated
 public class SecurityContextTTLChecker extends HttpServlet implements Filter {
     private static final Logger LOG = LoggerFactory.getLogger(SecurityContextTTLChecker.class);
     private static final long serialVersionUID = 5732969339258858728L;

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/ce7b4f1a/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java
----------------------------------------------------------------------
diff --git a/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java b/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java
index d33f45d..3a30b2e 100644
--- a/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java
+++ b/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java
@@ -22,12 +22,11 @@ import java.io.File;
 import java.io.IOException;
 import java.rmi.RemoteException;
 import java.util.ArrayList;
-import java.util.HashSet;
 import java.util.Hashtable;
+import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.Properties;
-import java.util.Set;
 
 import javax.naming.InitialContext;
 import javax.naming.NamingException;
@@ -39,23 +38,25 @@ import javax.servlet.http.HttpSession;
 import com.ibm.websphere.security.CustomRegistryException;
 import com.ibm.websphere.security.EntryNotFoundException;
 import com.ibm.websphere.security.UserRegistry;
+import com.ibm.websphere.security.WSSecurityException;
 import com.ibm.websphere.security.WebTrustAssociationException;
 import com.ibm.websphere.security.WebTrustAssociationFailedException;
+import com.ibm.websphere.security.auth.WSSubject;
 import com.ibm.wsspi.security.tai.TAIResult;
 import com.ibm.wsspi.security.tai.TrustAssociationInterceptor;
 import com.ibm.wsspi.security.token.AttributeNameConstants;
 
 import org.apache.cxf.fediz.core.FederationConstants;
 import org.apache.cxf.fediz.core.RequestState;
-import org.apache.cxf.fediz.core.SAMLSSOConstants;
-import org.apache.cxf.fediz.core.config.FederationProtocol;
 import org.apache.cxf.fediz.core.config.FedizConfigurator;
 import org.apache.cxf.fediz.core.config.FedizContext;
-import org.apache.cxf.fediz.core.config.SAMLProtocol;
 import org.apache.cxf.fediz.core.exception.ProcessingException;
+import org.apache.cxf.fediz.core.handler.LogoutHandler;
+import org.apache.cxf.fediz.core.handler.RequestHandler;
+import org.apache.cxf.fediz.core.handler.SigninHandler;
+import org.apache.cxf.fediz.core.metadata.MetadataDocumentHandler;
 import org.apache.cxf.fediz.core.processor.FederationProcessorImpl;
 import org.apache.cxf.fediz.core.processor.FedizProcessor;
-import org.apache.cxf.fediz.core.processor.FedizRequest;
 import org.apache.cxf.fediz.core.processor.FedizResponse;
 import org.apache.cxf.fediz.core.processor.RedirectionResponse;
 import org.apache.cxf.fediz.was.Constants;
@@ -71,7 +72,6 @@ import org.slf4j.LoggerFactory;
  */
 public class FedizInterceptor implements TrustAssociationInterceptor {
     private static final Logger LOG = LoggerFactory.getLogger(FedizInterceptor.class);
-    private static Set<String> authorizedWebApps = new HashSet<String>(15);
 
     private String configFile;
     private FedizConfigurator configurator;
@@ -117,26 +117,22 @@ public class FedizInterceptor implements TrustAssociationInterceptor {
      * Registers a WebApplication using its contextPath as a key. This method must be called by the associated
      * security ServletFilter instance of a secured application at initialization time
      * 
+     * @deprecated Not used/needed any longer since version 1.2.0
      * @param contextPath
      */
+    @Deprecated
     public static void registerContext(String contextPath) {
-        LOG.debug("Registering secured context-path: {}", contextPath);
-        authorizedWebApps.add(contextPath);
     }
 
     /**
      * Deregister a WebApplication using its contextPath as a key. This method must be called by the
      * associated security ServletFilter instance of a secured application in the #destroy() method
      * 
+     * @deprecated Not used/needed any longer since version 1.2.0
      * @param contextPath
      */
+    @Deprecated
     public static void deRegisterContext(String contextPath) {
-        if (authorizedWebApps.contains(contextPath)) {
-            LOG.debug("De-registering secured context-path {}", contextPath);
-            synchronized (authorizedWebApps) {
-                authorizedWebApps.remove(contextPath);
-            }
-        }
     }
 
     /*
@@ -147,6 +143,7 @@ public class FedizInterceptor implements TrustAssociationInterceptor {
     public int initialize(Properties props) throws WebTrustAssociationFailedException {
         if (props != null) {
             try {
+                @SuppressWarnings("deprecation")
                 String roleGroupMapper = props.containsKey(Constants.FEDIZ_ROLE_MAPPER)
                     ? props.getProperty(Constants.FEDIZ_ROLE_MAPPER)
                     : props.getProperty(Constants.ROLE_GROUP_MAPPER);
@@ -156,16 +153,15 @@ public class FedizInterceptor implements TrustAssociationInterceptor {
                         LOG.debug("Using the {} mapper class", roleGroupMapper);
                         mapper.initialize(props);
                     } catch (Exception e) {
-                        throw new TAIConfigurationException(
-                                                            "Invalid TAI configuration for idpRoleToGroupMapper: "
-                                                                + e.getClass().getName() + " "
-                                                                + e.getMessage());
+                        throw new TAIConfigurationException("Invalid TAI configuration for idpRoleToGroupMapper: "
+                                                            + e.getClass().getName() + " " + e.getMessage());
                     }
                 } else {
                     mapper = new DefaultRoleToGroupMapper();
                     LOG.debug("Using the DefaultRoleToGroupMapper mapper class");
                 }
 
+                @SuppressWarnings("deprecation")
                 String configFileLocation = props.containsKey(Constants.FEDIZ_CONFIG_LOCATION)
                     ? props.getProperty(Constants.FEDIZ_CONFIG_LOCATION)
                     : props.getProperty(Constants.CONFIGURATION_FILE_PARAMETER);
@@ -235,106 +231,109 @@ public class FedizInterceptor implements TrustAssociationInterceptor {
         }
 
         try {
-            // looks for the wa parameter as a way to determine the current step
-            String wa = req.getParameter(FederationConstants.PARAM_ACTION);
-            if (LOG.isDebugEnabled()) {
-                LOG.debug("WS-Federation action: " + (wa == null ? "<not set>" : wa));
+
+            // Handle Metadata Document requests
+            RequestHandler mddHandler = new MetadataDocumentHandler(fedCtx);
+            if (mddHandler.canHandleRequest(req)) {
+                boolean success = mddHandler.handleRequest(req, resp);
+                return TAIResult.create(success
+                    ? HttpServletResponse.SC_OK
+                    : HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
             }
-            if (wa == null) {
-                return handleNoWA(req, resp);
-            } else {
-                if (FederationConstants.ACTION_SIGNIN.equals(wa)) {
-                    return handleSignIn(req, resp);
-                } else {
-                    throw new Exception("Unsupported WS-Federation action [" + wa + "]");
-                }
+
+            // Handle Logout requests
+            LogoutHandler logoutHandler = new LogoutHandler(fedCtx);
+            if (logoutHandler.canHandleRequest(req)) {
+                boolean success = logoutHandler.handleRequest(req, resp);
+                return TAIResult.create(success
+                    ? HttpServletResponse.SC_OK
+                    : HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
             }
-        } catch (Exception e) {
-            LOG.error("Exception occured validating request", e);
-            throw new WebTrustAssociationFailedException(e.getMessage());
-        }
-    }
 
-    private TAIResult handleSignIn(HttpServletRequest req, HttpServletResponse resp)
-        throws ProcessingException, IOException, WebTrustAssociationFailedException, Exception {
-        if (req.getMethod().equals(Constants.HTTP_POST_METHOD)) {
-            LOG.debug("Sign-In-Response received");
-            String wresult = req.getParameter(FederationConstants.PARAM_RESULT);
-            String wctx = req.getParameter(FederationConstants.PARAM_CONTEXT);
-            if (wresult != null && wctx != null) {
-                LOG.debug("Validating RSTR...");
-                // process and validate the token
-                FedizResponse federationResponse = processSigninRequest(req, resp);
-                LOG.info("RSTR validated successfully");
-
-                HttpSession session = req.getSession(true);
-                session.setAttribute(Constants.SECURITY_TOKEN_SESSION_ATTRIBUTE_KEY, federationResponse);
-                RequestState requestState = (RequestState) session.getAttribute(wctx);
-                if (requestState != null && requestState.getTargetAddress() != null) {
-                    LOG.info("Redirecting request to {}", requestState.getTargetAddress());
-                    resp.sendRedirect(requestState.getTargetAddress());
-                    session.removeAttribute(wctx);
+            // Handle Signin requests
+            SigninHandler signinHandler = new SigninHandler(fedCtx) {
+                @Override
+                public void resumeRequest(HttpServletRequest request, HttpServletResponse response,
+                    FedizResponse federationResponse) {
+                    String wctx = request.getParameter(FederationConstants.PARAM_CONTEXT);
+                    HttpSession session = request.getSession(true);
+                    session.setAttribute(Constants.SECURITY_TOKEN_SESSION_ATTRIBUTE_KEY, federationResponse);
+                    RequestState requestState = (RequestState)session.getAttribute(wctx);
+                    if (requestState != null && requestState.getTargetAddress() != null) {
+                        LOG.info("Redirecting request to {}", requestState.getTargetAddress());
+                        try {
+                            response.sendRedirect(requestState.getTargetAddress());
+                        } catch (IOException e) {
+                            LOG.error("Cannot resume with original request.", e);
+                        }
+                        session.removeAttribute(wctx);
+                    }
                 }
+            };
+            if (signinHandler.canHandleRequest(req)) {
+                signinHandler.handleRequest(req, resp);
                 return TAIResult.create(HttpServletResponse.SC_FOUND);
+            }
+
+            // Check if user was authenticated previously and token is still valid
+            String user = req.getRemoteUser();
+            String principal = WSSubject.getCallerPrincipal();
+            Subject subject = null;
+            try {
+                subject = WSSubject.getCallerSubject();
+            } catch (WSSecurityException e) {
+                LOG.error("Could not read subject");
+            }
+            LOG.info("Remote User: {}, Principal: {}, Subject {}", user, principal, subject);
+            if (principal != null && subject != null) {
+                // return TAIResult.create(HttpServletResponse.SC_OK, principal, subject);
             } else {
-                throw new Exception("Missing required parameter [wctx or wresult]");
+                TAIResult taiResult = checkUserAuthentication(req);
+                if (taiResult != null) {
+                    return taiResult;
+                }
             }
-        } else {
-            throw new Exception("Incorrect method GET for Sign-In-Response");
+
+            LOG.info("No Subject found in existing session. Redirecting to IDP");
+            redirectToIdp(req, resp, fedCtx);
+            return TAIResult.create(HttpServletResponse.SC_FOUND);
+
+        } catch (Exception e) {
+            LOG.error("Exception occured validating request", e);
+            throw new WebTrustAssociationFailedException(e.getMessage());
         }
     }
 
-    private TAIResult handleNoWA(HttpServletRequest req, HttpServletResponse resp) throws IOException,
-        WebTrustAssociationFailedException, Exception {
+    private TAIResult checkUserAuthentication(HttpServletRequest req) throws Exception {
+        TAIResult result = null;
         HttpSession session = req.getSession(false);
-        if (session == null) {
-            LOG.debug("No session found. Sending a token request");
-            redirectToIdp(req, resp);
-            return TAIResult.create(HttpServletResponse.SC_FOUND);
-        } else {
+        if (session != null) {
             LOG.debug("Session ID is {}", session.getId());
-
             FedizResponse federationResponse = (FedizResponse)session
                 .getAttribute(Constants.SECURITY_TOKEN_SESSION_ATTRIBUTE_KEY);
             if (federationResponse != null) {
                 LOG.info("Security Token found in session: {}", federationResponse.getUsername());
 
-                TAIResult result = null;
                 // check that the target WebApp is properly configured for Token TTL enforcement
-                if (authorizedWebApps.contains(req.getContextPath())) {
-
-                    LOG.info("Security Filter properly configured - forwarding subject");
-
+                if (checkSecurityToken(federationResponse)) {
                     // proceed creating the JAAS Subject
+                    LOG.info("Security Filter properly configured - forwarding subject");
                     List<String> groupsIds = groupIdsFromTokenRoles(federationResponse);
                     Subject subject = createSubject(federationResponse, groupsIds, session.getId());
 
                     result = TAIResult.create(HttpServletResponse.SC_OK, federationResponse.getUsername(), subject);
-                } else {
-                    result = TAIResult.create(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
-                    LOG.warn("No Security Filter configured for {}", req.getContextPath());
                 }
                 // leave the Session untouched
-                session.removeAttribute(Constants.SECURITY_TOKEN_SESSION_ATTRIBUTE_KEY);
-                return result;
-            } else {
-                LOG.info("No Subject found in existing session. Redirecting to IDP");
-                redirectToIdp(req, resp);
-                return TAIResult.create(HttpServletResponse.SC_FOUND);
+                // session.removeAttribute(Constants.SECURITY_TOKEN_SESSION_ATTRIBUTE_KEY);
             }
         }
+        return result;
     }
 
-    protected void redirectToIdp(HttpServletRequest request, HttpServletResponse response)
+    protected void redirectToIdp(HttpServletRequest request, HttpServletResponse response, FedizContext fedCtx)
         throws IOException, WebTrustAssociationFailedException {
         FedizProcessor processor = new FederationProcessorImpl();
 
-        String contextName = request.getContextPath();
-        if (contextName == null || contextName.isEmpty()) {
-            contextName = "/";
-        }
-        FedizContext fedCtx = getFederationContext(request);
-
         try {
             RedirectionResponse redirectionResponse = processor.createSignInRequest(request, fedCtx);
             String redirectURL = redirectionResponse.getRedirectionURL();
@@ -360,36 +359,56 @@ public class FedizInterceptor implements TrustAssociationInterceptor {
             LOG.error("Failed to create SignInRequest", ex);
             throw new WebTrustAssociationFailedException(ex.getMessage());
         }
+    }
+
+    protected FedizResponse getCachedFederationResponse(Subject subject) {
+        Iterator<?> i = subject.getPublicCredentials().iterator();
+        while (i.hasNext()) {
+            Object o = i.next();
+            if (o instanceof Hashtable) {
+                Map<?, ?> table = (Hashtable<?, ?>)o;
+                return (FedizResponse)table.get(Constants.SUBJECT_TOKEN_KEY);
+            }
+        }
+        return null;
+    }
 
+    private boolean checkSecurityToken(FedizResponse response) {
+        long currentTime = System.currentTimeMillis();
+        return response.getTokenExpires().getTime() > currentTime;
     }
 
     private List<String> groupIdsFromTokenRoles(FedizResponse federationResponse) throws Exception {
+
+        List<String> localGroups = mapper.groupsFromRoles(federationResponse.getRoles());
+        List<String> groupIds = new ArrayList<String>(localGroups.size());
+
         InitialContext ctx = new InitialContext();
         try {
             UserRegistry reg = (UserRegistry)ctx.lookup(Constants.USER_REGISTRY_JNDI_NAME);
 
-            List<String> localGroups = mapper.groupsFromRoles(federationResponse.getRoles());
-
-            List<String> groupIds = new ArrayList<String>(1);
             if (localGroups != null) {
                 LOG.debug("Converting {} group names to uids", localGroups.size());
                 for (String localGroup : localGroups) {
-                    String guid = convertGroupNameToUniqueId(reg, localGroup);
-                    LOG.debug("Group '{}' maps to guid: {}", localGroup, guid);
-                    groupIds.add(guid);
+                    try {
+                        String guid = convertGroupNameToUniqueId(reg, localGroup);
+                        LOG.debug("Group '{}' maps to guid: {}", localGroup, guid);
+                        groupIds.add(guid);
+                    } catch (EntryNotFoundException e) {
+                        LOG.warn("Group entry could not be found in UserRegistry: {}", localGroup);
+                    }
                 }
             }
-            if (LOG.isInfoEnabled()) {
-                LOG.info("Group list: " + groupIds.toString());
-            }
-            return groupIds;
         } catch (NamingException ex) {
-            LOG.error("User Registry could not be loaded from JNDI context.");
-            LOG.warn("No groups/roles could be mapped for user: {}", federationResponse.getUsername());
-            return new ArrayList<String>();
+            LOG.error("User Registry could not be loaded via JNDI context.");
+            LOG.warn("GroupIDs from mapping will be used instead of UserRegistry mapping for user: {}",
+                     federationResponse.getUsername());
+            groupIds.addAll(localGroups);
         } finally {
             ctx.close();
         }
+        LOG.debug("Group list: {}", groupIds);
+        return groupIds;
     }
 
     /**
@@ -417,34 +436,6 @@ public class FedizInterceptor implements TrustAssociationInterceptor {
         return subject;
     }
 
-    public FedizResponse processSigninRequest(HttpServletRequest req, HttpServletResponse resp)
-        throws ProcessingException {
-        FedizContext fedCtx = getFederationContext(req);
-        FedizRequest federationRequest = new FedizRequest();
-
-        String wa = req.getParameter(FederationConstants.PARAM_ACTION);
-        String responseToken = getResponseToken(req, fedCtx);
-
-        federationRequest.setAction(wa);
-        federationRequest.setResponseToken(responseToken);
-        federationRequest.setState(req.getParameter("RelayState"));
-        federationRequest.setRequest(req);
-
-        LOG.debug("FederationRequest: {}", federationRequest);
-
-        FedizProcessor processor = new FederationProcessorImpl();
-        return processor.processRequest(federationRequest, fedCtx);
-    }
-
-    private String getResponseToken(HttpServletRequest request, FedizContext fedConfig) {
-        if (fedConfig.getProtocol() instanceof FederationProtocol) {
-            return request.getParameter(FederationConstants.PARAM_RESULT);
-        } else if (fedConfig.getProtocol() instanceof SAMLProtocol) {
-            return request.getParameter(SAMLSSOConstants.SAML_RESPONSE);
-        }
-        return null;
-    }
-
     /**
      * Convenience method for converting a list of group names to their unique group IDs
      * 


Mime
View raw message