cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [1/2] cxf-fediz git commit: Renaming Jetty plugin to Jetty8
Date Tue, 01 Sep 2015 15:57:18 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master a6ec8c041 -> 27c94bbb5


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/27c94bbb/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationIdentityService.java
----------------------------------------------------------------------
diff --git a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationIdentityService.java
b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationIdentityService.java
new file mode 100644
index 0000000..846d522
--- /dev/null
+++ b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationIdentityService.java
@@ -0,0 +1,92 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.jetty8;
+
+import java.security.Principal;
+
+import javax.security.auth.Subject;
+
+import org.eclipse.jetty.security.IdentityService;
+import org.eclipse.jetty.security.RoleRunAsToken;
+import org.eclipse.jetty.security.RunAsToken;
+import org.eclipse.jetty.server.UserIdentity;
+import org.eclipse.jetty.util.log.Log;
+import org.eclipse.jetty.util.log.Logger;
+
+
+/**
+ * Federation Identity Service implementation.
+ * This service handles only role reference maps passed in an
+ * associated {@link org.eclipse.jetty.server.UserIdentity.Scope}.  If there are roles
+ * refs present, then associate will wrap the UserIdentity with one
+ * that uses the role references in the 
+ * {@link org.eclipse.jetty.server.UserIdentity#isUserInRole(String, org.eclipse.jetty.server.UserIdentity.Scope)}
+ * implementation. All other operations are effectively noops.
+ *
+ */
+public class FederationIdentityService implements IdentityService {
+    private static final Logger LOG = Log.getLogger(FederationIdentityService.class);
+
+    public FederationIdentityService() {
+    }
+
+
+    /** 
+     * If there are roles refs present in the scope, then wrap the UserIdentity 
+     * with one that uses the role references in the
+     * {@link UserIdentity#isUserInRole(String, org.eclipse.jetty.server.UserIdentity.Scope)}
+     */
+    public Object associate(UserIdentity user) {
+        return null;
+    }
+
+    public void disassociate(Object previous) {
+    }
+
+    public Object setRunAs(UserIdentity user, RunAsToken token) {
+        return token;
+    }
+
+    public void unsetRunAs(Object lastToken) {
+    }
+
+    public RunAsToken newRunAsToken(String runAsName) {
+        return new RoleRunAsToken(runAsName);
+    }
+
+    public UserIdentity getSystemUserIdentity() {
+        return null;
+    }
+
+    public UserIdentity newUserIdentity(
+        final Subject subject, final Principal userPrincipal, final String[] roles) {
+        
+        try {
+            FederationUserPrincipal fup = (FederationUserPrincipal)userPrincipal;
+            return new FederationUserIdentity(subject, userPrincipal, roles, fup.getFedizResponse());
+        } catch (ClassCastException ex) {
+            LOG.warn("Principal must be instance of FederationUserPrincipal");
+            throw new IllegalStateException("Principal must be instance of FederationUserPrincipal");
+        }
+        
+        
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/27c94bbb/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationLoginService.java
----------------------------------------------------------------------
diff --git a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationLoginService.java
b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationLoginService.java
new file mode 100644
index 0000000..629f43d
--- /dev/null
+++ b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationLoginService.java
@@ -0,0 +1,169 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.jetty8;
+
+import java.util.Collections;
+import java.util.Date;
+import java.util.List;
+
+import javax.security.auth.Subject;
+
+import org.apache.cxf.fediz.core.config.FedizContext;
+import org.apache.cxf.fediz.core.exception.ProcessingException;
+import org.apache.cxf.fediz.core.processor.FedizProcessor;
+import org.apache.cxf.fediz.core.processor.FedizProcessorFactory;
+import org.apache.cxf.fediz.core.processor.FedizRequest;
+import org.apache.cxf.fediz.core.processor.FedizResponse;
+import org.eclipse.jetty.security.IdentityService;
+import org.eclipse.jetty.security.LoginService;
+import org.eclipse.jetty.server.UserIdentity;
+import org.eclipse.jetty.util.component.AbstractLifeCycle;
+import org.eclipse.jetty.util.log.Log;
+import org.eclipse.jetty.util.log.Logger;
+
+public class FederationLoginService extends AbstractLifeCycle implements LoginService {
+    private static final Logger LOG = Log.getLogger(FederationLoginService.class);
+
+    protected IdentityService identityService = new FederationIdentityService();
+    protected String name;
+    
+
+    public FederationLoginService() {
+    }
+    
+    public FederationLoginService(String name) {
+        this.name = name;
+    }
+
+    @Override
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        if (isRunning()) {
+            throw new IllegalStateException("Running");
+        }
+        
+        this.name = name;
+    }
+
+    @Override
+    protected void doStart() throws Exception {
+        LOG.debug("doStart");
+        super.doStart();
+    }
+
+    /**
+     * username will be null since the credentials will contain all the relevant info
+     */
+    public UserIdentity login(String username, Object credentials, FedizContext config) {
+        
+        try {
+            FedizResponse wfRes = null;
+            FedizRequest wfReq = (FedizRequest)credentials;
+            
+            if (LOG.isDebugEnabled()) {
+                LOG.debug("Process SignIn request");
+                LOG.debug("token=\n" + wfReq.getResponseToken());
+            }
+            
+            FedizProcessor wfProc = 
+                FedizProcessorFactory.newFedizProcessor(config.getProtocol());
+            try {
+                wfRes = wfProc.processRequest(wfReq, config);
+            } catch (ProcessingException ex) {
+                LOG.warn("Federation processing failed: " + ex.getMessage());
+                return null;
+            }
+
+
+            // Validate the AudienceRestriction in Security Token (e.g. SAML) 
+            // against the configured list of audienceURIs
+            if (wfRes.getAudience() != null) {
+                List<String> audienceURIs = config.getAudienceUris();
+                boolean validAudience = false;
+                for (String a : audienceURIs) {
+                    if (wfRes.getAudience().startsWith(a)) {
+                        validAudience = true;
+                        break;
+                    }
+                }
+
+                if (!validAudience) {
+                    LOG.warn("Token AudienceRestriction [" + wfRes.getAudience()
+                             + "] doesn't match with specified list of URIs.");
+                    return null;
+                }
+            }
+
+            List<String> roles = wfRes.getRoles();
+            if (roles == null || roles.size() == 0) {
+                roles = Collections.singletonList("Authenticated");
+            }
+            
+            FederationUserPrincipal user = new FederationUserPrincipal(wfRes.getUsername(),
wfRes);
+
+            Subject subject = new Subject();
+            subject.getPrincipals().add(user);
+            
+            String[] aRoles = new String[roles.size()];
+            roles.toArray(aRoles);
+            
+            return identityService.newUserIdentity(subject, user, aRoles);
+
+        } catch (Exception ex) {
+            LOG.warn(ex);
+        }
+
+        return null;
+    }
+
+    public boolean validate(UserIdentity user) {
+        try {
+            FederationUserIdentity fui = (FederationUserIdentity)user;
+            return fui.getExpiryDate().after(new Date());
+        } catch (ClassCastException ex) {
+            LOG.warn("UserIdentity must be instance of FederationUserIdentity");
+            throw new IllegalStateException("UserIdentity must be instance of FederationUserIdentity");
+        }
+    }
+
+    @Override
+    public IdentityService getIdentityService() {
+        return identityService;
+    }
+
+    @Override
+    public void setIdentityService(IdentityService service) {
+        identityService = service;
+    }
+
+    public void logout(UserIdentity user) { 
+    
+    }
+
+    @Override
+    public UserIdentity login(String username, Object credentials) {
+        return null;
+    }
+
+
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/27c94bbb/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserIdentity.java
----------------------------------------------------------------------
diff --git a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserIdentity.java
b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserIdentity.java
new file mode 100644
index 0000000..c1e08e0
--- /dev/null
+++ b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserIdentity.java
@@ -0,0 +1,89 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.jetty8;
+
+
+import java.security.Principal;
+import java.util.Date;
+
+import javax.security.auth.Subject;
+
+import org.w3c.dom.Element;
+import org.apache.cxf.fediz.core.processor.FedizResponse;
+import org.eclipse.jetty.server.UserIdentity;
+
+public class FederationUserIdentity implements UserIdentity {
+    
+    private Subject subject;
+    private Principal principal;
+    private String[] roles;
+    private FedizResponse fedResponse;
+
+    public FederationUserIdentity(Subject subject, Principal principal,
+                                  String[] roles, FedizResponse fedResponse) {
+        this.subject = subject;
+        this.principal = principal;
+        this.roles = roles;
+        this.fedResponse = fedResponse;
+    }
+
+
+    public Subject getSubject() {
+        return subject;
+    }
+
+    public Principal getUserPrincipal() {
+        return principal;
+    }
+
+    public boolean isUserInRole(String role, Scope scope) {
+        if (scope != null && scope.getRoleRefMap() != null) {
+            role = scope.getRoleRefMap().get(role);
+        }
+        
+        for (String r : this.roles) {
+            if (r.equals(role)) {
+                return true;
+            }
+        }
+        return false;
+    }
+    
+    public Date getExpiryDate() {
+        return fedResponse.getTokenExpires();
+    }
+    
+    public String getIssuer() {
+        return fedResponse.getIssuer();
+    }
+    
+    public String getAudience() {
+        return fedResponse.getAudience();
+    }
+    
+    public String getId() {
+        return fedResponse.getUniqueTokenId();
+    }
+    
+    public Element getToken() {
+        return fedResponse.getToken();
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/27c94bbb/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserPrincipal.java
----------------------------------------------------------------------
diff --git a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserPrincipal.java
b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserPrincipal.java
new file mode 100644
index 0000000..04cf061
--- /dev/null
+++ b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserPrincipal.java
@@ -0,0 +1,62 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.jetty8;
+
+import org.w3c.dom.Element;
+import org.apache.cxf.fediz.core.ClaimCollection;
+import org.apache.cxf.fediz.core.FederationPrincipal;
+import org.apache.cxf.fediz.core.processor.FedizResponse;
+
+@SuppressWarnings("deprecation")
+public class FederationUserPrincipal implements FederationPrincipal {
+    private String name;
+    private ClaimCollection claims;
+    private FedizResponse response;
+
+    public FederationUserPrincipal(String name, FedizResponse response) {
+        this.name = name;
+        this.response = response;
+        this.claims = new ClaimCollection(response.getClaims());
+    }
+
+    @Override
+    public String getName() {
+        return name;
+    }
+
+
+    @Override
+    public ClaimCollection getClaims() {
+        return claims;
+    }
+    
+    // not public available
+    //[TODO] maybe find better approach, custom UserIdentity
+    FedizResponse getFedizResponse() {
+        return response;
+    }
+
+    @Override
+    public Element getLoginToken() {
+        return response.getToken();
+    }
+    
+
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/27c94bbb/plugins/pom.xml
----------------------------------------------------------------------
diff --git a/plugins/pom.xml b/plugins/pom.xml
index f7b275b..c46461e 100644
--- a/plugins/pom.xml
+++ b/plugins/pom.xml
@@ -32,7 +32,7 @@
    <modules>
       <module>core</module>
       <module>tomcat7</module>
-      <module>jetty</module>
+      <module>jetty8</module>
       <module>spring</module>
       <module>spring2</module>
       <module>cxf</module>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/27c94bbb/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 052060c..83d375a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -52,7 +52,7 @@
         <javax.el.version>2.2</javax.el.version>
         <javax.validation.version>1.1.0.Final</javax.validation.version>
         <jericho.version>3.3</jericho.version>
-        <jetty.version>8.1.12.v20130726</jetty.version>
+        <jetty8.version>8.1.12.v20130726</jetty8.version>
         <junit.version>4.12</junit.version>
         <log4j.version>1.2.17</log4j.version>
         <ognl.version>3.0.8</ognl.version>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/27c94bbb/services/idp/pom.xml
----------------------------------------------------------------------
diff --git a/services/idp/pom.xml b/services/idp/pom.xml
index 17335e3..31dd4fe 100644
--- a/services/idp/pom.xml
+++ b/services/idp/pom.xml
@@ -364,7 +364,7 @@
             <plugin>
                 <groupId>org.mortbay.jetty</groupId>
                 <artifactId>jetty-maven-plugin</artifactId>
-                <version>${jetty.version}</version>
+                <version>${jetty8.version}</version>
                 <configuration>
                     <stopPort>${idp.stop.port}</stopPort>
                     <stopKey>STOP</stopKey>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/27c94bbb/services/sts/pom.xml
----------------------------------------------------------------------
diff --git a/services/sts/pom.xml b/services/sts/pom.xml
index e299c06..8bab90b 100644
--- a/services/sts/pom.xml
+++ b/services/sts/pom.xml
@@ -185,7 +185,7 @@
             <plugin>
                 <groupId>org.mortbay.jetty</groupId>
                 <artifactId>jetty-maven-plugin</artifactId>
-                <version>${jetty.version}</version>
+                <version>${jetty8.version}</version>
                 <inherited>true</inherited>
                 <configuration>
                     <webApp>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/27c94bbb/systests/jetty8/pom.xml
----------------------------------------------------------------------
diff --git a/systests/jetty8/pom.xml b/systests/jetty8/pom.xml
index b87dabb..2e8e73d 100644
--- a/systests/jetty8/pom.xml
+++ b/systests/jetty8/pom.xml
@@ -27,7 +27,7 @@
     </parent>
     <groupId>org.apache.cxf.fediz.systests</groupId>
     <artifactId>fediz-systests-jetty8</artifactId>
-    <name>Apache Fediz Systests Jetty 8</name>
+    <name>Apache Fediz Systests for Jetty 8</name>
     <packaging>jar</packaging>
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@@ -37,29 +37,29 @@
         <dependency>
             <groupId>org.eclipse.jetty</groupId>
             <artifactId>jetty-server</artifactId>
-            <version>${jetty.version}</version>
+            <version>${jetty8.version}</version>
         </dependency>
         <dependency>
             <groupId>org.eclipse.jetty</groupId>
             <artifactId>jetty-security</artifactId>
-            <version>${jetty.version}</version>
+            <version>${jetty8.version}</version>
         </dependency>
         <dependency>
             <groupId>org.eclipse.jetty</groupId>
             <artifactId>jetty-xml</artifactId>
-            <version>${jetty.version}</version>
+            <version>${jetty8.version}</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.eclipse.jetty</groupId>
             <artifactId>jetty-webapp</artifactId>
-            <version>${jetty.version}</version>
+            <version>${jetty8.version}</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.eclipse.jetty</groupId>
             <artifactId>jetty-jsp</artifactId>
-            <version>${jetty.version}</version>
+            <version>${jetty8.version}</version>
             <scope>test</scope>
         </dependency>
         <dependency>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/27c94bbb/systests/spring/pom.xml
----------------------------------------------------------------------
diff --git a/systests/spring/pom.xml b/systests/spring/pom.xml
index 694ee3d..20a2a5b 100644
--- a/systests/spring/pom.xml
+++ b/systests/spring/pom.xml
@@ -37,29 +37,29 @@
         <dependency>
             <groupId>org.eclipse.jetty</groupId>
             <artifactId>jetty-server</artifactId>
-            <version>${jetty.version}</version>
+            <version>${jetty8.version}</version>
         </dependency>
         <dependency>
             <groupId>org.eclipse.jetty</groupId>
             <artifactId>jetty-security</artifactId>
-            <version>${jetty.version}</version>
+            <version>${jetty8.version}</version>
         </dependency>
         <dependency>
             <groupId>org.eclipse.jetty</groupId>
             <artifactId>jetty-xml</artifactId>
-            <version>${jetty.version}</version>
+            <version>${jetty8.version}</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.eclipse.jetty</groupId>
             <artifactId>jetty-webapp</artifactId>
-            <version>${jetty.version}</version>
+            <version>${jetty8.version}</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.eclipse.jetty</groupId>
             <artifactId>jetty-jsp</artifactId>
-            <version>${jetty.version}</version>
+            <version>${jetty8.version}</version>
             <scope>test</scope>
         </dependency>
         <dependency>


Mime
View raw message