cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r958573 - in /websites/production/cxf/content: cache/main.pageCache fediz-cxf.html
Date Thu, 16 Jul 2015 15:47:27 GMT
Author: buildbot
Date: Thu Jul 16 15:47:27 2015
New Revision: 958573

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/main.pageCache
    websites/production/cxf/content/fediz-cxf.html

Modified: websites/production/cxf/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/fediz-cxf.html
==============================================================================
--- websites/production/cxf/content/fediz-cxf.html (original)
+++ websites/production/cxf/content/fediz-cxf.html Thu Jul 16 15:47:27 2015
@@ -109,37 +109,56 @@ Apache CXF -- Fediz CXF
          <td height="100%">
            <!-- Content -->
            <div class="wiki-content">
-<div id="ConfluenceContent"><h1 id="FedizCXF-CXFPlugin(1.1)">CXF Plugin (1.1)</h1>
-<p>The subproject Fediz purpose is to provide Single Sign On for Web Applications which
is independent of an underlying Web Services framework like Apache CXF. The Fediz plugins
for Tomcat, Jetty, etc. are independent of Apache CXF, whereas the Fediz IDP leverages the
capabilities of the CXF STS to issue SAML tokens with Claims information to build applications
which use Claims Based Authorization with all the benefits.</p>
-
-<p>If the Fediz protected web application integrates with another application using
Web Services you need to bundle a Web Services framework like Apache CXF with your web application.
If it is required to support impersonation to call the Web Service, the security context of
the application server must be delegated to the Web Services stack thus it can make the Web
Service call on behalf of the browser user.</p>
-
-<p>In release 1.1, the Fediz CXF plugin supports delegating the application server
security context (SAML token) to the STS client of CXF. CXF is then able to request a security
token for the target Web Service from the STS on behalf of the browser user. Prior to release
1.1, this Java code had to be developed by the application developer.</p>
-
-<p>It is required that one of the other Fediz plugins are deployed to WS-Federation
enable the application. After this step, the Fediz CXF plugin can be installed to integrate
the Web SSO layer with the Web Services stack of Apache CXF.</p>
-
-
-<h3 id="FedizCXF-Installation">Installation</h3>
-<p>It's recommended to use Maven to resolve the dependencies as illustrated in the
the example <code>wsclientWebapp</code>.</p>
-
-<div class="code panel pdl" style="border-style: solid;border-width: 1px;"><div
class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;border-bottom-style: solid;"><b>pom.xml</b></div><div
class="codeContent panelContent pdl">
-<pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;">
-    &lt;dependency&gt;
+<div id="ConfluenceContent"><h1 id="FedizCXF-CXFPlugin(1.1/1.2)">CXF Plugin (1.1/1.2)</h1><p>The
Fediz plugin for CXF contains two separate pieces of functionality. The first is a CallbackHandler
that allows the SAML Token of the Web SSO session to be used by the CXF Web Services Stack,
i.e. for delegation (available since 1.1). The second is a full WS-Federation RP plugin based
solely on Apache CXF JAX-RS, which is container independent (available since 1.2.0).</p><h2
id="FedizCXF-CXFPluginsupportforWS-Federation">CXF Plugin support for WS-Federation</h2><p>The
new CXF plugin for WS-Federation available from Fediz 1.2.0 means that it is now possible
to add support for WS-Federation to your JAX-RS CXF service without having to specify a container-specific
plugin. Here is an example Spring based configuration:</p><div class="code panel
pdl" style="border-width: 1px;"><div class="codeHeader panelHeader pdl" style="border-bottom-width:
1px;"><b>CXF spring configuration</b></div><div cl
 ass="codeContent panelContent pdl">
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">&lt;bean
id="serviceBean" class="org.apache.cxf.fediz.example.Service"&gt;
+&lt;/bean&gt;
+   
+&lt;bean id="fedizFilter" class="org.apache.cxf.fediz.cxf.plugin.FedizRedirectBindingFilter"&gt;
+    &lt;property name="configFile" value="fediz_config.xml"/&gt;
+&lt;/bean&gt;
+
+   
+&lt;bean id="authorizationInterceptor"
+      class="org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor"&gt;
+   &lt;property name="securedObject" ref="serviceBean" /&gt;
+&lt;/bean&gt;
+
+&lt;jaxrs:server address="/"&gt;
+    &lt;jaxrs:serviceBeans&gt;
+        &lt;ref bean="serviceBean"/&gt;
+    &lt;/jaxrs:serviceBeans&gt;
+    &lt;jaxrs:providers&gt;
+        &lt;ref bean="fedizFilter"/&gt;
+        &lt;ref bean="exceptionMapper"/&gt;
+    &lt;/jaxrs:providers&gt;
+    &lt;jaxrs:inInterceptors&gt;
+        &lt;ref bean="authorizationInterceptor"/&gt;
+    &lt;/jaxrs:inInterceptors&gt;
+&lt;/jaxrs:server&gt;</pre>
+</div></div><p>Here we have a JAX-RS service which is secured via the SecureAnnotationsInterceptor.
For example:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>CXF Service
Bean</b></div><div class="codeContent panelContent pdl">
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">@Path("/secure/")
+@Produces("text/html")
+public class Service {
+    @Context
+    private MessageContext messageContext;
+    @Path("/admin/fedservlet")
+    @RolesAllowed("Admin")
+    @GET
+    public String doGetAdmin(@Context UriInfo uriInfo) throws Exception {
+        return doGet(uriInfo);
+    }
+    
+    ...
+}</pre>
+</div></div><p>The FedizRedirectBindingFilter is instantiated with a link
to the Fediz plugin configuration and is added as a JAX-RS provider.</p><h2 id="FedizCXF-DelegationScenario">Delegation
Scenario</h2><p>The subproject Fediz purpose is to provide Single Sign On for
Web Applications which is independent of an underlying Web Services framework like Apache
CXF. The Fediz plugins for Tomcat, Jetty, etc. are independent of Apache CXF, whereas the
Fediz IDP leverages the capabilities of the CXF STS to issue SAML tokens with Claims information
to build applications which use Claims Based Authorization with all the benefits.</p><p>If
the Fediz protected web application integrates with another application using Web Services
you need to bundle a Web Services framework like Apache CXF with your web application. If
it is required to support impersonation to call the Web Service, the security context of the
application server must be delegated to the Web Services stack thus it can make the
  Web Service call on behalf of the browser user.</p><p>In release 1.1, the Fediz
CXF plugin supports delegating the application server security context (SAML token) to the
STS client of CXF. CXF is then able to request a security token for the target Web Service
from the STS on behalf of the browser user. Prior to release 1.1, this Java code had to be
developed by the application developer.</p><p>It is required that one of the other
Fediz plugins are deployed to WS-Federation enable the application. After this step, the Fediz
CXF plugin can be installed to integrate the Web SSO layer with the Web Services stack of
Apache CXF.</p><h3 id="FedizCXF-Installation">Installation</h3><p>It's
recommended to use Maven to resolve the dependencies as illustrated in the the example <code>wsclientWebapp</code>.</p><div
class="code panel pdl" style="border-style: solid;border-width: 1px;"><div class="codeHeader
panelHeader pdl" style="border-bottom-width: 1px;border-bottom-style: solid;"><b>pom.xm
 l</b></div><div class="codeContent panelContent pdl">
+<pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;">   
&lt;dependency&gt;
         &lt;groupId&gt;org.apache.cxf.fediz&lt;/groupId&gt;
         &lt;artifactId&gt;fediz-cxf&lt;/artifactId&gt;
         &lt;version&gt;1.1.0&lt;/version&gt;
     &lt;/dependency&gt;
 </pre>
-</div></div>
-
-<p>The example contains a README with instructions for building and deployment.</p>
-
-<h3 id="FedizCXF-Configuration">Configuration</h3>
-<p>Two configurations are required in <code>web.xml</code> to enable the
<code>FederationFilter</code> to cache the security context in the thread local
storage and in the spring configuration file <code>applicationContext.xml</code>
to configure a callback handler to provide the STS client the security context stored in the
thread local storage. </p>
-
-<div class="code panel pdl" style="border-style: solid;border-width: 1px;"><div
class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;border-bottom-style: solid;"><b>web.xml</b></div><div
class="codeContent panelContent pdl">
-<pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;">
-    &lt;filter&gt;
+</div></div><p>The example contains a README with instructions for building
and deployment.</p><h3 id="FedizCXF-Configuration">Configuration</h3><p>Two
configurations are required in <code>web.xml</code> to enable the <code>FederationFilter</code>
to cache the security context in the thread local storage and in the spring configuration
file <code>applicationContext.xml</code> to configure a callback handler to provide
the STS client the security context stored in the thread local storage.</p><div class="code
panel pdl" style="border-style: solid;border-width: 1px;"><div class="codeHeader panelHeader
pdl" style="border-bottom-width: 1px;border-bottom-style: solid;"><b>web.xml</b></div><div
class="codeContent panelContent pdl">
+<pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;">   
&lt;filter&gt;
         &lt;filter-name&gt;FederationFilter&lt;/filter-name&gt;
         &lt;filter-class&gt;org.apache.cxf.fediz.core.servlet.FederationFilter&lt;/filter-class&gt;
     &lt;/filter&gt;
@@ -149,13 +168,8 @@ Apache CXF -- Fediz CXF
         &lt;url-pattern&gt;/secure/*&lt;/url-pattern&gt;
     &lt;/filter-mapping&gt;
 </pre>
-</div></div>
-
-<p>The <code>FederationFilter</code> is part of the library <code>fediz-core</code>.</p>
-
-<div class="code panel pdl" style="border-style: solid;border-width: 1px;"><div
class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;border-bottom-style: solid;"><b>applicationContext.xml</b></div><div
class="codeContent panelContent pdl">
-<pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;">
-    &lt;bean id="delegationCallbackHandler"
+</div></div><p>The <code>FederationFilter</code> is part of
the library <code>fediz-core</code>.</p><div class="code panel pdl" style="border-style:
solid;border-width: 1px;"><div class="codeHeader panelHeader pdl" style="border-bottom-width:
1px;border-bottom-style: solid;"><b>applicationContext.xml</b></div><div
class="codeContent panelContent pdl">
+<pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;">   
&lt;bean id="delegationCallbackHandler"
         class="org.apache.cxf.fediz.cxf.web.ThreadLocalCallbackHandler" /&gt;
 
     &lt;jaxws:client id="HelloServiceClient" serviceName="svc:GreeterService"
@@ -174,17 +188,8 @@ Apache CXF -- Fediz CXF
     &lt;/jaxws:client&gt;
 
 </pre>
-</div></div>
-
-<p>The <code>ThreadLocalCallbackHandler</code> is part of the library <code>fediz-cxf</code>.</p>
-
-<p>If you have set the property <code>ws-security.cache.issued.token.in.endpoint</code>
to false, CXF will cache the issued token per security context dependent on the returned lifetime
element of the STS. When the cached token for the target web services is expired, CXF will
request a new token from the STS on-behalf-of the cached Fediz security context.</p>
-
-<p>There is no special Java code required to get this functionality as illustrated
in the following code snippet:</p>
-
-<div class="code panel pdl" style="border-style: solid;border-width: 1px;"><div
class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;border-bottom-style: solid;"><b>FederationServlet.java</b></div><div
class="codeContent panelContent pdl">
-<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">
-    Greeter service = (Greeter)ApplicationContextProvider.getContext().getBean("HelloServiceClient");
+</div></div><p>The <code>ThreadLocalCallbackHandler</code>
is part of the library <code>fediz-cxf</code>.</p><p>If you have set
the property <code>ws-security.cache.issued.token.in.endpoint</code> to false,
CXF will cache the issued token per security context dependent on the returned lifetime element
of the STS. When the cached token for the target web services is expired, CXF will request
a new token from the STS on-behalf-of the cached Fediz security context.</p><p>There
is no special Java code required to get this functionality as illustrated in the following
code snippet:</p><div class="code panel pdl" style="border-style: solid;border-width:
1px;"><div class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;border-bottom-style:
solid;"><b>FederationServlet.java</b></div><div class="codeContent
panelContent pdl">
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">  
 Greeter service = (Greeter)ApplicationContextProvider.getContext().getBean("HelloServiceClient");
     String reply = service.greetMe();
 </pre>
 </div></div></div>



Mime
View raw message