cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [1/2] cxf-fediz git commit: Adding a system test for federating two WS-Federation IdPs. - The test is @Ignore'd for now. It works fine when accessed via a web browser....having some trouble getting htmlunit to work with it though
Date Mon, 02 Mar 2015 17:17:27 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master 518aab741 -> 2477283fe


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2477283f/systests/federation/wsfed/src/test/resources/realmb/security-config.xml
----------------------------------------------------------------------
diff --git a/systests/federation/wsfed/src/test/resources/realmb/security-config.xml b/systests/federation/wsfed/src/test/resources/realmb/security-config.xml
new file mode 100644
index 0000000..7b5b522
--- /dev/null
+++ b/systests/federation/wsfed/src/test/resources/realmb/security-config.xml
@@ -0,0 +1,96 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:security="http://www.springframework.org/schema/security"
+    xmlns:context="http://www.springframework.org/schema/context"
+    xsi:schemaLocation="
+        http://www.springframework.org/schema/beans
+        http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
+        http://www.springframework.org/schema/context
+        http://www.springframework.org/schema/context/spring-context-3.1.xsd
+        http://www.springframework.org/schema/security
+        http://www.springframework.org/schema/security/spring-security-3.1.xsd
+        ">
+
+    <context:property-placeholder location="classpath:realm.properties"/>
+    
+    <!-- DISABLE in production as it might log confidential information about the user
-->
+    <!-- <security:debug /> -->
+
+    <!-- Configure Spring Security -->
+    
+    <!-- If enabled, you can't access the Service layer within the Spring Webflow -->
+    <!-- The user has no role during the login phase of WS-Federation -->
+    <security:global-method-security pre-post-annotations="enabled"/>
+
+    <security:http pattern="/services/rs/**" use-expressions="true" authentication-manager-ref="restAuthenticationManager">
+        <security:custom-filter after="CHANNEL_FILTER" ref="stsPortFilter" />
+        <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher"
/>
+        <security:intercept-url pattern="/services/rs/**" access="isAuthenticated()"/>
+        <security:http-basic />
+    </security:http>
+
+    <bean id="bCryptPasswordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"
/>
+    
+    <bean id="defaultPasswordEncoder" class="org.springframework.security.crypto.password.StandardPasswordEncoder"
/>
+    
+    <security:authentication-manager id="restAuthenticationManager">
+        <security:authentication-provider>
+          <!-- <security:password-encoder ref="defaultPasswordEncoder"/>-->
+          <!-- <security:password-encoder hash="sha-256" base64="true" />-->
+          <!--  
+          <security:password-encoder hash="sha-256" base64="true">
+            <security:salt-source user-property="username"/>
+          </security:password-encoder>
+          -->
+          <security:user-service properties="classpath:/users.properties" />
+        </security:authentication-provider>
+        <security:authentication-provider ref="stsAuthProvider" />
+    </security:authentication-manager>
+
+    <security:http use-expressions="true">
+        <security:custom-filter after="CHANNEL_FILTER" ref="stsPortFilter" />
+        <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher"
/>
+        <security:intercept-url pattern="/FederationMetadata/2007-06/FederationMetadata.xml"
access="isAnonymous() or isAuthenticated()" />
+
+        <!-- MUST be http-basic thus systests run fine -->
+        <!--<security:form-login />-->
+        <security:http-basic />
+        <security:logout delete-cookies="FEDIZ_HOME_REALM" invalidate-session="true" />
+    </security:http>
+
+    <security:authentication-manager>
+        <security:authentication-provider ref="stsAuthProvider" />
+    </security:authentication-manager>
+	
+    <bean id="stsPortFilter" class="org.apache.cxf.fediz.service.idp.STSPortFilter" />
+    
+    <bean id="entitlementsEnricher" class="org.apache.cxf.fediz.service.idp.service.security.GrantedAuthorityEntitlements"
/>
+	
+    <bean id="stsAuthProvider" class="org.apache.cxf.fediz.service.idp.STSAuthenticationProvider">
+        <property name="wsdlLocation" value="https://localhost:0/fediz-idp-sts-realmb/${realm.STS_URI}/STSServiceTransportUT?wsdl"/>
+        <property name="wsdlEndpoint" value="TransportUT_Port"/>
+        <property name="wsdlService" value="SecurityTokenService"/>
+        <property name="appliesTo" value="urn:fediz:idp"/>
+        <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"/>
+    </bean>
+
+</beans>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2477283f/systests/federation/wsfed/src/test/resources/server.jks
----------------------------------------------------------------------
diff --git a/systests/federation/wsfed/src/test/resources/server.jks b/systests/federation/wsfed/src/test/resources/server.jks
new file mode 100644
index 0000000..2f0fdf3
Binary files /dev/null and b/systests/federation/wsfed/src/test/resources/server.jks differ

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2477283f/systests/federation/wsfed/src/test/resources/ststrust.jks
----------------------------------------------------------------------
diff --git a/systests/federation/wsfed/src/test/resources/ststrust.jks b/systests/federation/wsfed/src/test/resources/ststrust.jks
new file mode 100644
index 0000000..911945c
Binary files /dev/null and b/systests/federation/wsfed/src/test/resources/ststrust.jks differ

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2477283f/systests/federation/wsfed/src/test/resources/web.xml
----------------------------------------------------------------------
diff --git a/systests/federation/wsfed/src/test/resources/web.xml b/systests/federation/wsfed/src/test/resources/web.xml
new file mode 100644
index 0000000..0719288
--- /dev/null
+++ b/systests/federation/wsfed/src/test/resources/web.xml
@@ -0,0 +1,102 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+
+-->
+<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+    version="3.0" metadata-complete="true">
+
+    <description>Fediz IDP</description>
+    <display-name>Fediz IDP</display-name>
+
+    <context-param>
+        <param-name>contextConfigLocation</param-name>
+        <param-value>/WEB-INF/applicationContext.xml</param-value>
+    </context-param>
+
+    <context-param>
+        <param-name>spring.profiles.active</param-name>
+        <param-value>jpa</param-value>
+    </context-param>
+
+    <filter>
+        <filter-name>springSecurityFilterChain</filter-name>
+        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+    </filter>
+
+    <filter-mapping>
+        <filter-name>springSecurityFilterChain</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
+
+    <servlet>
+        <servlet-name>idp</servlet-name>
+        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
+        <init-param>
+            <param-name>publishContext</param-name>
+            <param-value>false</param-value>
+        </init-param>
+        <load-on-startup>1</load-on-startup>
+    </servlet>
+
+    <servlet>
+        <servlet-name>metadata</servlet-name>
+        <servlet-class>org.apache.cxf.fediz.service.idp.MetadataServlet</servlet-class>
+        <init-param>
+            <param-name>realm</param-name>
+            <param-value>urn:org:apache:cxf:fediz:idp:realm-B</param-value>
+        </init-param>
+    </servlet>
+
+    <servlet>
+        <servlet-name>CXFServlet</servlet-name>
+        <servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class>
+        <load-on-startup>1</load-on-startup>
+    </servlet>
+
+    <servlet-mapping>
+        <servlet-name>CXFServlet</servlet-name>
+        <url-pattern>/services/*</url-pattern>
+    </servlet-mapping>
+
+    <servlet-mapping>
+        <servlet-name>idp</servlet-name>
+        <url-pattern>/federation</url-pattern>
+    </servlet-mapping>
+
+    <servlet-mapping>
+        <servlet-name>metadata</servlet-name>
+        <url-pattern>/FederationMetadata/2007-06/FederationMetadata.xml</url-pattern>
+    </servlet-mapping>
+
+    <listener>
+        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+    </listener>
+
+    <!-- Uncomment this when using JNDI DataSource -->
+    <!-- The property jpa.platform must be updated in persistence.properties even you
use JNDI Datasource -->
+    <!-- 
+    <resource-ref>
+        <res-ref-name>jdbc/fedizDataSource</res-ref-name>
+        <res-type>javax.sql.DataSource</res-type>
+        <res-auth>Container</res-auth>
+    </resource-ref>
+    -->
+
+</web-app>


Mime
View raw message