cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/2] cxf-fediz git commit: Renaming Jetty plugin to Jetty8
Date Tue, 01 Sep 2015 15:57:19 GMT
Renaming Jetty plugin to Jetty8


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/27c94bbb
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/27c94bbb
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/27c94bbb

Branch: refs/heads/master
Commit: 27c94bbb5136bb7239c36a1f475cdb9b23efc60c
Parents: a6ec8c0
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Sep 1 16:57:01 2015 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Sep 1 16:57:01 2015 +0100

----------------------------------------------------------------------
 plugins/jetty/README.txt                        |  10 -
 plugins/jetty/pom.xml                           | 183 ------
 plugins/jetty/src/main/assembly/assembly.xml    |  18 -
 .../fediz/jetty/FederationAuthenticator.java    | 561 -------------------
 .../fediz/jetty/FederationIdentityService.java  |  92 ---
 .../cxf/fediz/jetty/FederationLoginService.java | 169 ------
 .../cxf/fediz/jetty/FederationUserIdentity.java |  89 ---
 .../fediz/jetty/FederationUserPrincipal.java    |  62 --
 plugins/jetty8/README.txt                       |  10 +
 plugins/jetty8/pom.xml                          | 183 ++++++
 plugins/jetty8/src/main/assembly/assembly.xml   |  18 +
 .../fediz/jetty8/FederationAuthenticator.java   | 561 +++++++++++++++++++
 .../fediz/jetty8/FederationIdentityService.java |  92 +++
 .../fediz/jetty8/FederationLoginService.java    | 169 ++++++
 .../fediz/jetty8/FederationUserIdentity.java    |  89 +++
 .../fediz/jetty8/FederationUserPrincipal.java   |  62 ++
 plugins/pom.xml                                 |   2 +-
 pom.xml                                         |   2 +-
 services/idp/pom.xml                            |   2 +-
 services/sts/pom.xml                            |   2 +-
 systests/jetty8/pom.xml                         |  12 +-
 systests/spring/pom.xml                         |  10 +-
 22 files changed, 1199 insertions(+), 1199 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/27c94bbb/plugins/jetty/README.txt
----------------------------------------------------------------------
diff --git a/plugins/jetty/README.txt b/plugins/jetty/README.txt
deleted file mode 100644
index 266a6f8..0000000
--- a/plugins/jetty/README.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-Fediz configuration in Jetty
-----------------------------
-
-The Jetty installation must be updated before a Web Application can be deployed.
-
-The following wiki page gives instructions how to do that:
-http://cxf.apache.org/fediz-jetty.html
-
-The following wiki page explains the fediz configuration which is Container independent:
-http://cxf.apache.org/fediz-configuration.html

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/27c94bbb/plugins/jetty/pom.xml
----------------------------------------------------------------------
diff --git a/plugins/jetty/pom.xml b/plugins/jetty/pom.xml
deleted file mode 100644
index 92a74ef..0000000
--- a/plugins/jetty/pom.xml
+++ /dev/null
@@ -1,183 +0,0 @@
-<?xml version="1.0"?>
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
- 
-  http://www.apache.org/licenses/LICENSE-2.0
- 
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-    <modelVersion>4.0.0</modelVersion>
-    <parent>
-        <groupId>org.apache.cxf.fediz</groupId>
-        <artifactId>plugin</artifactId>
-        <version>1.3.0-SNAPSHOT</version>
-        <relativePath>../pom.xml</relativePath>
-    </parent>
-    <artifactId>fediz-jetty</artifactId>
-    <name>Apache Fediz Plugin Jetty</name>
-    <packaging>bundle</packaging>
-    <properties>
-        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    </properties>
-    <dependencies>
-        <dependency>
-            <groupId>org.eclipse.jetty</groupId>
-            <artifactId>jetty-server</artifactId>
-            <version>${jetty.version}</version>
-            <scope>provided</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.eclipse.jetty</groupId>
-            <artifactId>jetty-security</artifactId>
-            <version>${jetty.version}</version>
-            <scope>provided</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.eclipse.jetty</groupId>
-            <artifactId>jetty-util</artifactId>
-            <version>${jetty.version}</version>
-            <scope>provided</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.eclipse.jetty</groupId>
-            <artifactId>jetty-xml</artifactId>
-            <version>${jetty.version}</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.eclipse.jetty</groupId>
-            <artifactId>jetty-webapp</artifactId>
-            <version>${jetty.version}</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.eclipse.jetty</groupId>
-            <artifactId>jetty-jsp</artifactId>
-            <version>${jetty.version}</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>junit</groupId>
-            <artifactId>junit</artifactId>
-            <version>${junit.version}</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf.fediz</groupId>
-            <artifactId>fediz-core</artifactId>
-            <version>${project.version}</version>
-            <type>jar</type>
-            <scope>compile</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.httpcomponents</groupId>
-            <artifactId>httpclient</artifactId>
-            <version>${httpclient.version}</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>net.htmlparser.jericho</groupId>
-            <artifactId>jericho-html</artifactId>
-            <version>${jericho.version}</version>
-            <scope>test</scope>
-        </dependency>
-    </dependencies>
-    <build>
-        <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-assembly-plugin</artifactId>
-                <executions>
-                    <execution>
-                        <id>zip-file</id>
-                        <phase>package</phase>
-                        <goals>
-                            <goal>attached</goal>
-                        </goals>
-                        <configuration>
-                            <descriptors>
-                                <descriptor>src/main/assembly/assembly.xml</descriptor>
-                            </descriptors>
-                        </configuration>
-                    </execution>
-                </executions>
-            </plugin>
-            <plugin>
-                <groupId>org.apache.felix</groupId>
-                <artifactId>maven-bundle-plugin</artifactId>
-                <extensions>true</extensions>
-                <configuration>
-                    <instructions>
-                        <Implementation-Title>Apache CXF Fediz</Implementation-Title>
-                        <Implementation-Vendor>The Apache Software
-                            Foundation</Implementation-Vendor>
-                        <Implementation-Vendor-Id>org.apache</Implementation-Vendor-Id>
-                        <Implementation-Version>${project.version}</Implementation-Version>
-                        <Specification-Title>Apache CXF Fediz</Specification-Title>
-                        <Specification-Vendor>The Apache Software
-                            Foundation</Specification-Vendor>
-                        <Specification-Version>${project.version}</Specification-Version>
-                        <Export-Package>
-                            org.apache.cxf.fediz.jetty.*;version="${project.version}"
-                        </Export-Package>
-                        <Import-Package>
-                            !org.apache.cxf.fediz.jetty*,
-                            org.eclipse.jetty.*;version="[7.6,9)",
-                            org.apache.cxf.fediz.core.*,
-                            *;resolution:=optional
-                        </Import-Package>
-                    </instructions>
-                </configuration>
-            </plugin>
-<!--
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-dependency-plugin</artifactId>
-                <executions>
-                    <execution>
-                        <id>copy-idp-sts</id>
-                        <phase>generate-resources</phase>
-                        <goals>
-                            <goal>copy</goal>
-                        </goals>
-                        <configuration>
-                            <artifactItems>
-                                <artifactItem>
-                                    <groupId>org.apache.cxf.fediz</groupId>
-                                    <artifactId>fediz-idp</artifactId>
-                                    <version>${project.version}</version>
-                                    <type>war</type>
-                                    <overWrite>true</overWrite>
-                                </artifactItem>
-                                <artifactItem>
-                                    <groupId>org.apache.cxf.fediz</groupId>
-                                    <artifactId>fediz-idp-sts</artifactId>
-                                    <version>${project.version}</version>
-                                    <type>war</type>
-                                    <overWrite>true</overWrite>
-                                </artifactItem>
-                            </artifactItems>
-                            <outputAbsoluteArtifactFilename>true</outputAbsoluteArtifactFilename>
-                            <outputDirectory>target</outputDirectory>
-                            <overWriteSnapshots>true</overWriteSnapshots>
-                            <overWriteIfNewer>true</overWriteIfNewer>
-                        </configuration>
-                    </execution>
-                </executions>
-            </plugin>
--->
-        </plugins>
-    </build>
-</project>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/27c94bbb/plugins/jetty/src/main/assembly/assembly.xml
----------------------------------------------------------------------
diff --git a/plugins/jetty/src/main/assembly/assembly.xml b/plugins/jetty/src/main/assembly/assembly.xml
deleted file mode 100644
index fb0d6aa..0000000
--- a/plugins/jetty/src/main/assembly/assembly.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<assembly xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0"
-  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-  xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0
-http://maven.apache.org/xsd/assembly-1.1.0.xsd">
-  <id>zip-with-dependencies</id>
-  <formats>
-    <format>zip</format>
-  </formats>
-  <includeBaseDirectory>false</includeBaseDirectory>
-  <dependencySets>
-    <dependencySet>
-      <outputDirectory>/</outputDirectory>
-      <useProjectArtifact>true</useProjectArtifact>
-      <unpack>false</unpack>
-      <scope>runtime</scope>
-    </dependencySet>
-  </dependencySets>
-</assembly>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/27c94bbb/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
----------------------------------------------------------------------
diff --git a/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java b/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
deleted file mode 100644
index 7597c1a..0000000
--- a/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
+++ /dev/null
@@ -1,561 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.fediz.jetty;
-
-import java.io.File;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.PrintWriter;
-import java.io.UnsupportedEncodingException;
-import java.security.cert.X509Certificate;
-import java.util.Map;
-
-import javax.servlet.ServletOutputStream;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-import javax.xml.bind.JAXBException;
-
-import org.w3c.dom.Document;
-
-import org.apache.cxf.fediz.core.FederationConstants;
-import org.apache.cxf.fediz.core.SAMLSSOConstants;
-import org.apache.cxf.fediz.core.config.FederationProtocol;
-import org.apache.cxf.fediz.core.config.FedizConfigurator;
-import org.apache.cxf.fediz.core.config.FedizContext;
-import org.apache.cxf.fediz.core.config.SAMLProtocol;
-import org.apache.cxf.fediz.core.exception.ProcessingException;
-import org.apache.cxf.fediz.core.processor.FedizProcessor;
-import org.apache.cxf.fediz.core.processor.FedizProcessorFactory;
-import org.apache.cxf.fediz.core.processor.FedizRequest;
-import org.apache.cxf.fediz.core.processor.FedizResponse;
-import org.apache.cxf.fediz.core.processor.RedirectionResponse;
-import org.apache.wss4j.common.util.DOM2Writer;
-import org.eclipse.jetty.http.HttpMethods;
-import org.eclipse.jetty.http.MimeTypes;
-import org.eclipse.jetty.security.ServerAuthException;
-import org.eclipse.jetty.security.UserAuthentication;
-import org.eclipse.jetty.security.authentication.DeferredAuthentication;
-import org.eclipse.jetty.security.authentication.LoginAuthenticator;
-import org.eclipse.jetty.security.authentication.SessionAuthentication;
-import org.eclipse.jetty.server.AbstractHttpConnection;
-import org.eclipse.jetty.server.Authentication;
-import org.eclipse.jetty.server.Authentication.User;
-import org.eclipse.jetty.server.Request;
-import org.eclipse.jetty.server.UserIdentity;
-import org.eclipse.jetty.util.MultiMap;
-import org.eclipse.jetty.util.URIUtil;
-import org.eclipse.jetty.util.log.Log;
-import org.eclipse.jetty.util.log.Logger;
-
-/**
- * Federation Authenticator.
- * <p>
- * This authenticator implements form authentication will redirect to the Identity Provider
- * by sending a WS-Federation SignIn request.
- * </p>
- * <p>
- * The federation authenticator redirects unauthenticated requests to an Identity Provider which use any kind of 
- * mechanism to authenticate the user.
- * FederationAuthentication uses {@link SessionAuthentication} to wrap Authentication results so that they are
- * associated with the session.
- * </p>
- */
-// CHECKSTYLE:OFF
-public class FederationAuthenticator extends LoginAuthenticator {
-    
-    public static final String J_URI = "org.eclipse.jetty.security.form_URI";
-    public static final String J_POST = "org.eclipse.jetty.security.form_POST";
-
-    private static final Logger LOG = Log.getLogger(FederationAuthenticator.class);
-    
-    private static final String SECURITY_TOKEN_ATTR = "org.apache.fediz.SECURITY_TOKEN";
-       
-    private String configFile;
-    private FedizConfigurator configurator;
-    private String encoding = "UTF-8";
-
-    public FederationAuthenticator() {
-    }
-
-
-    /**
-     * 
-     */
-    @Override
-    public void setConfiguration(AuthConfiguration configuration) {
-        super.setConfiguration(configuration);
-        // is called after the bean setting -> do initialization here
-        LOG.debug(configuration.getInitParameterNames().toString());
-        try {
-            File f = new File(getConfigFile());
-            if (!f.exists()) {
-                String jettyHome = System.getProperty("jetty.home");
-                if (jettyHome != null && jettyHome.length() > 0) {
-                    f = new File(jettyHome.concat(File.separator + getConfigFile()));
-                }
-            }
-            configurator = new FedizConfigurator();
-            configurator.loadConfig(f);
-            LOG.debug("Fediz configuration read from " + f.getAbsolutePath());
-        } catch (JAXBException e) {
-            //[TODO] use other exception
-            throw new RuntimeException("Failed to load Fediz configuration",
-                    e);
-            //throw new ServerAuthException("Failed to load Fediz configuration",
-            //                              e);
-        }
-        
-    }
-
-    /* ------------------------------------------------------------ */
-    public String getAuthMethod() {
-        return "WSFED";
-    }
-
-    public String getConfigFile() {
-        return configFile;
-    }
-
-    public void setConfigFile(String configFile) {
-        this.configFile = configFile;
-    }
-    
-    public String getEncoding() {
-        return encoding;
-    }
-
-    public void setEncoding(String encoding) {
-        this.encoding = encoding;
-    }
-    
-    /* ------------------------------------------------------------ */
-    public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory)
-        throws ServerAuthException {
-        
-        HttpServletRequest request = (HttpServletRequest)req;
-        HttpServletResponse response = (HttpServletResponse)res;
-
-        HttpSession session = request.getSession(true);
-        
-        String contextName = request.getSession().getServletContext().getContextPath();
-        if (contextName == null || contextName.isEmpty()) {
-            contextName = "/";
-        }
-        FedizContext fedConfig = getContextConfiguration(contextName);
-        
-        // Check to see if it is a metadata request
-        try {
-            if (request.getRequestURL().indexOf(FederationConstants.METADATA_PATH_URI) != -1
-                || request.getRequestURL().indexOf(getMetadataURI(fedConfig)) != -1) {
-                if (LOG.isDebugEnabled()) {
-                    LOG.debug("Metadata document requested");
-                }
-                response.setContentType("text/xml");
-                PrintWriter out = response.getWriter();
-                
-                FedizProcessor wfProc = 
-                    FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
-                try {
-                    Document metadata = wfProc.getMetaData(request, fedConfig);
-                    out.write(DOM2Writer.nodeToString(metadata));
-                    return Authentication.SEND_CONTINUE;
-                } catch (Exception ex) {
-                    LOG.warn("Failed to get metadata document: " + ex.getMessage());
-                    response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
-                    return Authentication.SEND_FAILURE;
-                }            
-            }
-        } catch (IOException e) {
-            throw new ServerAuthException(e);
-        }
-
-        if (!mandatory) {
-            return new DeferredAuthentication(this);
-        }
-        
-        try {
-            req.setCharacterEncoding(this.encoding);
-        } catch (UnsupportedEncodingException ex) {
-            LOG.warn("Unsupported encoding '" + this.encoding + "'", ex);
-        }
-        
-        String uri = request.getRequestURI();
-        if (uri == null) {
-            uri = URIUtil.SLASH;
-        }
-
-        try {
-            String action = request.getParameter(FederationConstants.PARAM_ACTION);
-            String responseToken = getResponseToken(request, fedConfig);
-            
-            // Handle a request for authentication.
-            if (isSignInRequest(request, fedConfig)) {
-
-                FedizResponse wfRes = null;
-                if (LOG.isDebugEnabled()) {
-                    LOG.debug("SignIn request found");
-                }
-
-                if (responseToken == null) {
-                    if (LOG.isDebugEnabled()) {
-                        LOG.debug("SignIn request must contain a response token from the IdP");
-                    }
-                    response.sendError(HttpServletResponse.SC_BAD_REQUEST);
-                    return Authentication.SEND_FAILURE;
-                } else {
-
-                    FedizRequest wfReq = new FedizRequest();
-                    wfReq.setAction(action);
-                    wfReq.setResponseToken(responseToken);
-                    wfReq.setState(request.getParameter("RelayState"));
-                    wfReq.setRequest(request);
-
-                    X509Certificate certs[] = 
-                        (X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
-                    wfReq.setCerts(certs);
-
-                    FederationLoginService fedLoginService = (FederationLoginService)this._loginService;
-                    UserIdentity user = fedLoginService.login(null, wfReq, fedConfig);
-                    if (user != null)
-                    {
-                        session=renewSession(request,response);
-
-                        FederationUserIdentity  fui = (FederationUserIdentity)user;
-                        session.setAttribute(SECURITY_TOKEN_ATTR, fui.getToken());
-
-                        // Redirect to original request
-                        String nuri;
-                        synchronized(session)
-                        {
-                            nuri = (String) session.getAttribute(J_URI);
-
-                            if (nuri == null || nuri.length() == 0)
-                            {
-                                nuri = request.getContextPath();
-                                if (nuri.length() == 0) { 
-                                    nuri = URIUtil.SLASH;
-                                }
-                            }
-                            Authentication cached=new SessionAuthentication(getAuthMethod(), user, wfRes);
-                            session.setAttribute(SessionAuthentication.__J_AUTHENTICATED, cached);
-                        }
-                        response.setContentLength(0);   
-                        response.sendRedirect(response.encodeRedirectURL(nuri));
-
-                        return new FederationAuthentication(getAuthMethod(), user);
-                    }
-
-                    // not authenticated
-                    if (LOG.isDebugEnabled()) {
-                        LOG.debug("WSFED authentication FAILED");
-                    }
-                    if (response != null) {
-                        response.sendError(HttpServletResponse.SC_FORBIDDEN);
-                    }
-
-                }
-            } else if (FederationConstants.ACTION_SIGNOUT_CLEANUP.equals(action)) {
-                if (LOG.isDebugEnabled()) {
-                    LOG.debug("SignOutCleanup request found");
-                    LOG.debug("SignOutCleanup action...");
-                }
-                session.invalidate();
-
-                final ServletOutputStream responseOutputStream = response.getOutputStream();
-                InputStream inputStream = this.getClass().getClassLoader().getResourceAsStream("logout.jpg");
-                if (inputStream == null) {
-                    LOG.warn("Could not write logout.jpg");
-                    return Authentication.SEND_FAILURE;
-                }
-                int read = 0;
-                byte[] buf = new byte[1024];
-                while ((read = inputStream.read(buf)) != -1) {
-                    responseOutputStream.write(buf, 0, read);
-                }
-                inputStream.close();
-                responseOutputStream.flush();
-                return Authentication.SEND_SUCCESS;
-            } else if (action != null) {
-                LOG.warn("Not supported action found in parameter wa: " + action);
-                response.sendError(HttpServletResponse.SC_BAD_REQUEST);
-                return Authentication.UNAUTHENTICATED;
-            }
-
-            // Look for cached authentication
-            Authentication authentication = (Authentication) session.getAttribute(SessionAuthentication.__J_AUTHENTICATED);
-            if (authentication != null) 
-            {
-                // Has authentication been revoked?
-                if (authentication instanceof Authentication.User && 
-                    _loginService!=null &&
-                    !_loginService.validate(((Authentication.User)authentication).getUserIdentity()))
-                {
-                
-                    session.removeAttribute(SessionAuthentication.__J_AUTHENTICATED);
-                }
-                else
-                {
-                    //logout
-                    String logoutUrl = fedConfig.getLogoutURL();
-                    if (logoutUrl != null && !logoutUrl.isEmpty() && uri.equals(contextName + logoutUrl)) {
-                        session.invalidate();
-
-                        FedizProcessor wfProc = 
-                            FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
-                        signOutRedirectToIssuer(request, response, wfProc);
-
-                        return Authentication.SEND_CONTINUE;
-                    }
-
-                    String j_uri = (String)session.getAttribute(J_URI);
-                    if (j_uri != null)
-                    {
-                        @SuppressWarnings("unchecked")
-                        MultiMap<String> j_post = (MultiMap<String>)session.getAttribute(J_POST);
-                        if (j_post != null)
-                        {
-                            StringBuffer buf = request.getRequestURL();
-                            if (request.getQueryString() != null) {
-                                buf.append("?").append(request.getQueryString());
-                            }
-
-                            if (j_uri.equals(buf.toString()))
-                            {
-                                // This is a retry of an original POST request
-                                // so restore method and parameters
-
-                                session.removeAttribute(J_POST);                        
-                                Request base_request = (req instanceof Request)?(Request)req:AbstractHttpConnection.getCurrentConnection().getRequest();
-                                base_request.setMethod(HttpMethods.POST);
-                                base_request.setParameters(j_post);
-                            }
-                        }
-                        else
-                            session.removeAttribute(J_URI);
-                            
-                    }
-                    return authentication;
-                }
-            }          
-            
-
-            // if we can't send challenge
-            if (DeferredAuthentication.isDeferred(response))
-            {
-                LOG.debug("auth deferred {}",session.getId());
-                return Authentication.UNAUTHENTICATED;
-            }
-            
-            // remember the current URI
-            synchronized (session)
-            {
-                // But only if it is not set already, or we save every uri that leads to a login form redirect
-                if (session.getAttribute(J_URI)==null) // || alwaysSaveUri)
-                {  
-                    StringBuffer buf = request.getRequestURL();
-                    if (request.getQueryString() != null) {
-                        buf.append("?").append(request.getQueryString());
-                    }
-                    session.setAttribute(J_URI, buf.toString());
-                    
-                    if (MimeTypes.FORM_ENCODED.equalsIgnoreCase(req.getContentType()) && HttpMethods.POST.equals(request.getMethod()))
-                    {
-                        Request base_request = (req instanceof Request)?(Request)req:AbstractHttpConnection.getCurrentConnection().getRequest();
-                        base_request.extractParameters();                        
-                        session.setAttribute(J_POST, new MultiMap<String>(base_request.getParameters()));
-                    }
-                }
-            }
-            
-            FedizProcessor wfProc = 
-                FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
-            signInRedirectToIssuer(request, response, wfProc);
-
-            return Authentication.SEND_CONTINUE;
-
-        } catch (IOException e) {
-            throw new ServerAuthException(e);
-        }
-        /*
-         * catch (ServletException e) { throw new ServerAuthException(e); }
-         */
-    }
-
-    private boolean isSignInRequest(ServletRequest request, FedizContext fedConfig) {
-        if (fedConfig.getProtocol() instanceof FederationProtocol
-            && FederationConstants.ACTION_SIGNIN.equals(
-                request.getParameter(FederationConstants.PARAM_ACTION))) {
-            return true;
-        } else if (fedConfig.getProtocol() instanceof SAMLProtocol
-            && request.getParameter(SAMLSSOConstants.RELAY_STATE) != null) {
-            return true;
-        }
-
-        return false;
-    }
-    
-    private String getResponseToken(ServletRequest request, FedizContext fedConfig) {
-        if (fedConfig.getProtocol() instanceof FederationProtocol) {
-            return request.getParameter(FederationConstants.PARAM_RESULT);
-        } else if (fedConfig.getProtocol() instanceof SAMLProtocol) {
-            return request.getParameter(SAMLSSOConstants.SAML_RESPONSE);
-        }
-        return null;
-    }
-    
-    private String getMetadataURI(FedizContext fedConfig) {
-        if (fedConfig.getProtocol().getMetadataURI() != null) {
-            return fedConfig.getProtocol().getMetadataURI();
-        } else if (fedConfig.getProtocol() instanceof FederationProtocol) {
-            return FederationConstants.METADATA_PATH_URI;
-        } else if (fedConfig.getProtocol() instanceof SAMLProtocol) {
-            return SAMLSSOConstants.FEDIZ_SAML_METADATA_PATH_URI;
-        }
-        
-        return FederationConstants.METADATA_PATH_URI;
-    }
-
-    /* ------------------------------------------------------------ */
-    public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory,
-                                  User validatedUser) throws ServerAuthException {
-        return true;
-    }    
-    
-    /**
-     * Called to redirect sign-in to the IDP/Issuer
-     * 
-     * @param request
-     *            Request we are processing
-     * @param response
-     *            Response we are populating
-     * @param processor
-     *            FederationProcessor
-     * @throws IOException
-     *             If the forward to the login page fails and the call to
-     *             {@link HttpServletResponse#sendError(int, String)} throws an
-     *             {@link IOException}
-     */
-    protected void signInRedirectToIssuer(HttpServletRequest request, HttpServletResponse response, FedizProcessor processor)
-        throws IOException {
-
-        //Not supported in jetty 7.6
-        //String contextName = request.getServletContext().getContextPath();
-        String contextName = request.getSession().getServletContext().getContextPath();
-        if (contextName == null || contextName.isEmpty()) {
-            contextName = "/";
-        }
-        FedizContext fedCtx = this.configurator.getFedizContext(contextName);
-        try {
-            RedirectionResponse redirectionResponse = processor.createSignInRequest(request, fedCtx);
-            String redirectURL = redirectionResponse.getRedirectionURL();
-            if (redirectURL != null) {
-                Map<String, String> headers = redirectionResponse.getHeaders();
-                if (!headers.isEmpty()) {
-                    for (String headerName : headers.keySet()) {
-                        response.addHeader(headerName, headers.get(headerName));
-                    }
-                }
-                
-                response.sendRedirect(redirectURL);
-            } else {
-                LOG.warn("Failed to create SignInRequest.");
-                response.sendError(
-                        HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to create SignInRequest.");
-            }
-        } catch (ProcessingException ex) {
-            LOG.warn("Failed to create SignInRequest: " + ex.getMessage());
-            response.sendError(
-                               HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to create SignInRequest.");
-        }
-        
-    }
-
-    protected void signOutRedirectToIssuer(HttpServletRequest request, HttpServletResponse response, FedizProcessor processor)
-            throws IOException {
-
-        //Not supported in jetty 7.6
-        //String contextName = request.getServletContext().getContextPath();
-        String contextName = request.getSession().getServletContext().getContextPath();
-        if (contextName == null || contextName.isEmpty()) {
-            contextName = "/";
-        }
-        FedizContext fedCtx = this.configurator.getFedizContext(contextName);
-        try {
-            RedirectionResponse redirectionResponse = 
-                processor.createSignOutRequest(request, null, fedCtx); //TODO
-            String redirectURL = redirectionResponse.getRedirectionURL();
-            if (redirectURL != null) {
-                Map<String, String> headers = redirectionResponse.getHeaders();
-                if (!headers.isEmpty()) {
-                    for (String headerName : headers.keySet()) {
-                        response.addHeader(headerName, headers.get(headerName));
-                    }
-                }
-                
-                response.sendRedirect(redirectURL);
-            } else {
-                LOG.warn("Failed to create SignOutRequest.");
-                response.sendError(
-                        HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to create SignOutRequest.");
-            }
-        } catch (ProcessingException ex) {
-            LOG.warn("Failed to create SignOutRequest: " + ex.getMessage());
-            response.sendError(
-                    HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to create SignOutRequest.");
-        }
-    }
-    
-    private FedizContext getContextConfiguration(String contextName) {
-        if (configurator == null) {
-            throw new IllegalStateException("No Fediz configuration available");
-        }
-        FedizContext config = configurator.getFedizContext(contextName);
-        if (config == null) {
-            throw new IllegalStateException("No Fediz configuration for context :" + contextName);
-        }
-        
-        String jettyHome = System.getProperty("jetty.home");
-        if (jettyHome != null && jettyHome.length() > 0) {
-            config.setRelativePath(jettyHome);
-        }
-        return config;
-    }
-
-    /* ------------------------------------------------------------ */
-    /**
-     * This Authentication represents a just completed Federation authentication. Subsequent requests from the same
-     * user are authenticated by the presents of a {@link SessionAuthentication} instance in their session.
-     */
-    public static class FederationAuthentication extends UserAuthentication implements
-        Authentication.ResponseSent {
-        
-        public FederationAuthentication(String method, UserIdentity userIdentity) {
-            super(method, userIdentity);
-        }
-
-        @Override
-        public String toString() {
-            return "WSFED" + super.toString();
-        }
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/27c94bbb/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationIdentityService.java
----------------------------------------------------------------------
diff --git a/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationIdentityService.java b/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationIdentityService.java
deleted file mode 100644
index c1c53c8..0000000
--- a/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationIdentityService.java
+++ /dev/null
@@ -1,92 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.fediz.jetty;
-
-import java.security.Principal;
-
-import javax.security.auth.Subject;
-
-import org.eclipse.jetty.security.IdentityService;
-import org.eclipse.jetty.security.RoleRunAsToken;
-import org.eclipse.jetty.security.RunAsToken;
-import org.eclipse.jetty.server.UserIdentity;
-import org.eclipse.jetty.util.log.Log;
-import org.eclipse.jetty.util.log.Logger;
-
-
-/**
- * Federation Identity Service implementation.
- * This service handles only role reference maps passed in an
- * associated {@link org.eclipse.jetty.server.UserIdentity.Scope}.  If there are roles
- * refs present, then associate will wrap the UserIdentity with one
- * that uses the role references in the 
- * {@link org.eclipse.jetty.server.UserIdentity#isUserInRole(String, org.eclipse.jetty.server.UserIdentity.Scope)}
- * implementation. All other operations are effectively noops.
- *
- */
-public class FederationIdentityService implements IdentityService {
-    private static final Logger LOG = Log.getLogger(FederationIdentityService.class);
-
-    public FederationIdentityService() {
-    }
-
-
-    /** 
-     * If there are roles refs present in the scope, then wrap the UserIdentity 
-     * with one that uses the role references in the
-     * {@link UserIdentity#isUserInRole(String, org.eclipse.jetty.server.UserIdentity.Scope)}
-     */
-    public Object associate(UserIdentity user) {
-        return null;
-    }
-
-    public void disassociate(Object previous) {
-    }
-
-    public Object setRunAs(UserIdentity user, RunAsToken token) {
-        return token;
-    }
-
-    public void unsetRunAs(Object lastToken) {
-    }
-
-    public RunAsToken newRunAsToken(String runAsName) {
-        return new RoleRunAsToken(runAsName);
-    }
-
-    public UserIdentity getSystemUserIdentity() {
-        return null;
-    }
-
-    public UserIdentity newUserIdentity(
-        final Subject subject, final Principal userPrincipal, final String[] roles) {
-        
-        try {
-            FederationUserPrincipal fup = (FederationUserPrincipal)userPrincipal;
-            return new FederationUserIdentity(subject, userPrincipal, roles, fup.getFedizResponse());
-        } catch (ClassCastException ex) {
-            LOG.warn("Principal must be instance of FederationUserPrincipal");
-            throw new IllegalStateException("Principal must be instance of FederationUserPrincipal");
-        }
-        
-        
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/27c94bbb/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationLoginService.java
----------------------------------------------------------------------
diff --git a/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationLoginService.java b/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationLoginService.java
deleted file mode 100644
index bb850f1..0000000
--- a/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationLoginService.java
+++ /dev/null
@@ -1,169 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.fediz.jetty;
-
-import java.util.Collections;
-import java.util.Date;
-import java.util.List;
-
-import javax.security.auth.Subject;
-
-import org.apache.cxf.fediz.core.config.FedizContext;
-import org.apache.cxf.fediz.core.exception.ProcessingException;
-import org.apache.cxf.fediz.core.processor.FedizProcessor;
-import org.apache.cxf.fediz.core.processor.FedizProcessorFactory;
-import org.apache.cxf.fediz.core.processor.FedizRequest;
-import org.apache.cxf.fediz.core.processor.FedizResponse;
-import org.eclipse.jetty.security.IdentityService;
-import org.eclipse.jetty.security.LoginService;
-import org.eclipse.jetty.server.UserIdentity;
-import org.eclipse.jetty.util.component.AbstractLifeCycle;
-import org.eclipse.jetty.util.log.Log;
-import org.eclipse.jetty.util.log.Logger;
-
-public class FederationLoginService extends AbstractLifeCycle implements LoginService {
-    private static final Logger LOG = Log.getLogger(FederationLoginService.class);
-
-    protected IdentityService identityService = new FederationIdentityService();
-    protected String name;
-    
-
-    public FederationLoginService() {
-    }
-    
-    public FederationLoginService(String name) {
-        this.name = name;
-    }
-
-    @Override
-    public String getName() {
-        return name;
-    }
-
-    public void setName(String name) {
-        if (isRunning()) {
-            throw new IllegalStateException("Running");
-        }
-        
-        this.name = name;
-    }
-
-    @Override
-    protected void doStart() throws Exception {
-        LOG.debug("doStart");
-        super.doStart();
-    }
-
-    /**
-     * username will be null since the credentials will contain all the relevant info
-     */
-    public UserIdentity login(String username, Object credentials, FedizContext config) {
-        
-        try {
-            FedizResponse wfRes = null;
-            FedizRequest wfReq = (FedizRequest)credentials;
-            
-            if (LOG.isDebugEnabled()) {
-                LOG.debug("Process SignIn request");
-                LOG.debug("token=\n" + wfReq.getResponseToken());
-            }
-            
-            FedizProcessor wfProc = 
-                FedizProcessorFactory.newFedizProcessor(config.getProtocol());
-            try {
-                wfRes = wfProc.processRequest(wfReq, config);
-            } catch (ProcessingException ex) {
-                LOG.warn("Federation processing failed: " + ex.getMessage());
-                return null;
-            }
-
-
-            // Validate the AudienceRestriction in Security Token (e.g. SAML) 
-            // against the configured list of audienceURIs
-            if (wfRes.getAudience() != null) {
-                List<String> audienceURIs = config.getAudienceUris();
-                boolean validAudience = false;
-                for (String a : audienceURIs) {
-                    if (wfRes.getAudience().startsWith(a)) {
-                        validAudience = true;
-                        break;
-                    }
-                }
-
-                if (!validAudience) {
-                    LOG.warn("Token AudienceRestriction [" + wfRes.getAudience()
-                             + "] doesn't match with specified list of URIs.");
-                    return null;
-                }
-            }
-
-            List<String> roles = wfRes.getRoles();
-            if (roles == null || roles.size() == 0) {
-                roles = Collections.singletonList("Authenticated");
-            }
-            
-            FederationUserPrincipal user = new FederationUserPrincipal(wfRes.getUsername(), wfRes);
-
-            Subject subject = new Subject();
-            subject.getPrincipals().add(user);
-            
-            String[] aRoles = new String[roles.size()];
-            roles.toArray(aRoles);
-            
-            return identityService.newUserIdentity(subject, user, aRoles);
-
-        } catch (Exception ex) {
-            LOG.warn(ex);
-        }
-
-        return null;
-    }
-
-    public boolean validate(UserIdentity user) {
-        try {
-            FederationUserIdentity fui = (FederationUserIdentity)user;
-            return fui.getExpiryDate().after(new Date());
-        } catch (ClassCastException ex) {
-            LOG.warn("UserIdentity must be instance of FederationUserIdentity");
-            throw new IllegalStateException("UserIdentity must be instance of FederationUserIdentity");
-        }
-    }
-
-    @Override
-    public IdentityService getIdentityService() {
-        return identityService;
-    }
-
-    @Override
-    public void setIdentityService(IdentityService service) {
-        identityService = service;
-    }
-
-    public void logout(UserIdentity user) { 
-    
-    }
-
-    @Override
-    public UserIdentity login(String username, Object credentials) {
-        return null;
-    }
-
-
-}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/27c94bbb/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationUserIdentity.java
----------------------------------------------------------------------
diff --git a/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationUserIdentity.java b/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationUserIdentity.java
deleted file mode 100644
index 724d3a5..0000000
--- a/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationUserIdentity.java
+++ /dev/null
@@ -1,89 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.fediz.jetty;
-
-
-import java.security.Principal;
-import java.util.Date;
-
-import javax.security.auth.Subject;
-
-import org.w3c.dom.Element;
-import org.apache.cxf.fediz.core.processor.FedizResponse;
-import org.eclipse.jetty.server.UserIdentity;
-
-public class FederationUserIdentity implements UserIdentity {
-    
-    private Subject subject;
-    private Principal principal;
-    private String[] roles;
-    private FedizResponse fedResponse;
-
-    public FederationUserIdentity(Subject subject, Principal principal,
-                                  String[] roles, FedizResponse fedResponse) {
-        this.subject = subject;
-        this.principal = principal;
-        this.roles = roles;
-        this.fedResponse = fedResponse;
-    }
-
-
-    public Subject getSubject() {
-        return subject;
-    }
-
-    public Principal getUserPrincipal() {
-        return principal;
-    }
-
-    public boolean isUserInRole(String role, Scope scope) {
-        if (scope != null && scope.getRoleRefMap() != null) {
-            role = scope.getRoleRefMap().get(role);
-        }
-        
-        for (String r : this.roles) {
-            if (r.equals(role)) {
-                return true;
-            }
-        }
-        return false;
-    }
-    
-    public Date getExpiryDate() {
-        return fedResponse.getTokenExpires();
-    }
-    
-    public String getIssuer() {
-        return fedResponse.getIssuer();
-    }
-    
-    public String getAudience() {
-        return fedResponse.getAudience();
-    }
-    
-    public String getId() {
-        return fedResponse.getUniqueTokenId();
-    }
-    
-    public Element getToken() {
-        return fedResponse.getToken();
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/27c94bbb/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationUserPrincipal.java
----------------------------------------------------------------------
diff --git a/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationUserPrincipal.java b/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationUserPrincipal.java
deleted file mode 100644
index 917f03d..0000000
--- a/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationUserPrincipal.java
+++ /dev/null
@@ -1,62 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.fediz.jetty;
-
-import org.w3c.dom.Element;
-import org.apache.cxf.fediz.core.ClaimCollection;
-import org.apache.cxf.fediz.core.FederationPrincipal;
-import org.apache.cxf.fediz.core.processor.FedizResponse;
-
-@SuppressWarnings("deprecation")
-public class FederationUserPrincipal implements FederationPrincipal {
-    private String name;
-    private ClaimCollection claims;
-    private FedizResponse response;
-
-    public FederationUserPrincipal(String name, FedizResponse response) {
-        this.name = name;
-        this.response = response;
-        this.claims = new ClaimCollection(response.getClaims());
-    }
-
-    @Override
-    public String getName() {
-        return name;
-    }
-
-
-    @Override
-    public ClaimCollection getClaims() {
-        return claims;
-    }
-    
-    // not public available
-    //[TODO] maybe find better approach, custom UserIdentity
-    FedizResponse getFedizResponse() {
-        return response;
-    }
-
-    @Override
-    public Element getLoginToken() {
-        return response.getToken();
-    }
-    
-
-}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/27c94bbb/plugins/jetty8/README.txt
----------------------------------------------------------------------
diff --git a/plugins/jetty8/README.txt b/plugins/jetty8/README.txt
new file mode 100644
index 0000000..266a6f8
--- /dev/null
+++ b/plugins/jetty8/README.txt
@@ -0,0 +1,10 @@
+Fediz configuration in Jetty
+----------------------------
+
+The Jetty installation must be updated before a Web Application can be deployed.
+
+The following wiki page gives instructions how to do that:
+http://cxf.apache.org/fediz-jetty.html
+
+The following wiki page explains the fediz configuration which is Container independent:
+http://cxf.apache.org/fediz-configuration.html

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/27c94bbb/plugins/jetty8/pom.xml
----------------------------------------------------------------------
diff --git a/plugins/jetty8/pom.xml b/plugins/jetty8/pom.xml
new file mode 100644
index 0000000..ec3ce73
--- /dev/null
+++ b/plugins/jetty8/pom.xml
@@ -0,0 +1,183 @@
+<?xml version="1.0"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.apache.cxf.fediz</groupId>
+        <artifactId>plugin</artifactId>
+        <version>1.3.0-SNAPSHOT</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+    <artifactId>fediz-jetty8</artifactId>
+    <name>Apache Fediz Plugin for Jetty 8</name>
+    <packaging>bundle</packaging>
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    </properties>
+    <dependencies>
+        <dependency>
+            <groupId>org.eclipse.jetty</groupId>
+            <artifactId>jetty-server</artifactId>
+            <version>${jetty8.version}</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.jetty</groupId>
+            <artifactId>jetty-security</artifactId>
+            <version>${jetty8.version}</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.jetty</groupId>
+            <artifactId>jetty-util</artifactId>
+            <version>${jetty8.version}</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.jetty</groupId>
+            <artifactId>jetty-xml</artifactId>
+            <version>${jetty8.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.jetty</groupId>
+            <artifactId>jetty-webapp</artifactId>
+            <version>${jetty8.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.jetty</groupId>
+            <artifactId>jetty-jsp</artifactId>
+            <version>${jetty8.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <version>${junit.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.cxf.fediz</groupId>
+            <artifactId>fediz-core</artifactId>
+            <version>${project.version}</version>
+            <type>jar</type>
+            <scope>compile</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.httpcomponents</groupId>
+            <artifactId>httpclient</artifactId>
+            <version>${httpclient.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>net.htmlparser.jericho</groupId>
+            <artifactId>jericho-html</artifactId>
+            <version>${jericho.version}</version>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-assembly-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>zip-file</id>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>attached</goal>
+                        </goals>
+                        <configuration>
+                            <descriptors>
+                                <descriptor>src/main/assembly/assembly.xml</descriptor>
+                            </descriptors>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.felix</groupId>
+                <artifactId>maven-bundle-plugin</artifactId>
+                <extensions>true</extensions>
+                <configuration>
+                    <instructions>
+                        <Implementation-Title>Apache CXF Fediz</Implementation-Title>
+                        <Implementation-Vendor>The Apache Software
+                            Foundation</Implementation-Vendor>
+                        <Implementation-Vendor-Id>org.apache</Implementation-Vendor-Id>
+                        <Implementation-Version>${project.version}</Implementation-Version>
+                        <Specification-Title>Apache CXF Fediz</Specification-Title>
+                        <Specification-Vendor>The Apache Software
+                            Foundation</Specification-Vendor>
+                        <Specification-Version>${project.version}</Specification-Version>
+                        <Export-Package>
+                            org.apache.cxf.fediz.jetty.*;version="${project.version}"
+                        </Export-Package>
+                        <Import-Package>
+                            !org.apache.cxf.fediz.jetty*,
+                            org.eclipse.jetty.*;version="[7.6,9)",
+                            org.apache.cxf.fediz.core.*,
+                            *;resolution:=optional
+                        </Import-Package>
+                    </instructions>
+                </configuration>
+            </plugin>
+<!--
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-dependency-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>copy-idp-sts</id>
+                        <phase>generate-resources</phase>
+                        <goals>
+                            <goal>copy</goal>
+                        </goals>
+                        <configuration>
+                            <artifactItems>
+                                <artifactItem>
+                                    <groupId>org.apache.cxf.fediz</groupId>
+                                    <artifactId>fediz-idp</artifactId>
+                                    <version>${project.version}</version>
+                                    <type>war</type>
+                                    <overWrite>true</overWrite>
+                                </artifactItem>
+                                <artifactItem>
+                                    <groupId>org.apache.cxf.fediz</groupId>
+                                    <artifactId>fediz-idp-sts</artifactId>
+                                    <version>${project.version}</version>
+                                    <type>war</type>
+                                    <overWrite>true</overWrite>
+                                </artifactItem>
+                            </artifactItems>
+                            <outputAbsoluteArtifactFilename>true</outputAbsoluteArtifactFilename>
+                            <outputDirectory>target</outputDirectory>
+                            <overWriteSnapshots>true</overWriteSnapshots>
+                            <overWriteIfNewer>true</overWriteIfNewer>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+-->
+        </plugins>
+    </build>
+</project>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/27c94bbb/plugins/jetty8/src/main/assembly/assembly.xml
----------------------------------------------------------------------
diff --git a/plugins/jetty8/src/main/assembly/assembly.xml b/plugins/jetty8/src/main/assembly/assembly.xml
new file mode 100644
index 0000000..fb0d6aa
--- /dev/null
+++ b/plugins/jetty8/src/main/assembly/assembly.xml
@@ -0,0 +1,18 @@
+<assembly xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0
+http://maven.apache.org/xsd/assembly-1.1.0.xsd">
+  <id>zip-with-dependencies</id>
+  <formats>
+    <format>zip</format>
+  </formats>
+  <includeBaseDirectory>false</includeBaseDirectory>
+  <dependencySets>
+    <dependencySet>
+      <outputDirectory>/</outputDirectory>
+      <useProjectArtifact>true</useProjectArtifact>
+      <unpack>false</unpack>
+      <scope>runtime</scope>
+    </dependencySet>
+  </dependencySets>
+</assembly>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/27c94bbb/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java
----------------------------------------------------------------------
diff --git a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java
new file mode 100644
index 0000000..d2f01f6
--- /dev/null
+++ b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java
@@ -0,0 +1,561 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.jetty8;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.PrintWriter;
+import java.io.UnsupportedEncodingException;
+import java.security.cert.X509Certificate;
+import java.util.Map;
+
+import javax.servlet.ServletOutputStream;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import javax.xml.bind.JAXBException;
+
+import org.w3c.dom.Document;
+
+import org.apache.cxf.fediz.core.FederationConstants;
+import org.apache.cxf.fediz.core.SAMLSSOConstants;
+import org.apache.cxf.fediz.core.config.FederationProtocol;
+import org.apache.cxf.fediz.core.config.FedizConfigurator;
+import org.apache.cxf.fediz.core.config.FedizContext;
+import org.apache.cxf.fediz.core.config.SAMLProtocol;
+import org.apache.cxf.fediz.core.exception.ProcessingException;
+import org.apache.cxf.fediz.core.processor.FedizProcessor;
+import org.apache.cxf.fediz.core.processor.FedizProcessorFactory;
+import org.apache.cxf.fediz.core.processor.FedizRequest;
+import org.apache.cxf.fediz.core.processor.FedizResponse;
+import org.apache.cxf.fediz.core.processor.RedirectionResponse;
+import org.apache.wss4j.common.util.DOM2Writer;
+import org.eclipse.jetty.http.HttpMethods;
+import org.eclipse.jetty.http.MimeTypes;
+import org.eclipse.jetty.security.ServerAuthException;
+import org.eclipse.jetty.security.UserAuthentication;
+import org.eclipse.jetty.security.authentication.DeferredAuthentication;
+import org.eclipse.jetty.security.authentication.LoginAuthenticator;
+import org.eclipse.jetty.security.authentication.SessionAuthentication;
+import org.eclipse.jetty.server.AbstractHttpConnection;
+import org.eclipse.jetty.server.Authentication;
+import org.eclipse.jetty.server.Authentication.User;
+import org.eclipse.jetty.server.Request;
+import org.eclipse.jetty.server.UserIdentity;
+import org.eclipse.jetty.util.MultiMap;
+import org.eclipse.jetty.util.URIUtil;
+import org.eclipse.jetty.util.log.Log;
+import org.eclipse.jetty.util.log.Logger;
+
+/**
+ * Federation Authenticator.
+ * <p>
+ * This authenticator implements form authentication will redirect to the Identity Provider
+ * by sending a WS-Federation SignIn request.
+ * </p>
+ * <p>
+ * The federation authenticator redirects unauthenticated requests to an Identity Provider which use any kind of 
+ * mechanism to authenticate the user.
+ * FederationAuthentication uses {@link SessionAuthentication} to wrap Authentication results so that they are
+ * associated with the session.
+ * </p>
+ */
+// CHECKSTYLE:OFF
+public class FederationAuthenticator extends LoginAuthenticator {
+    
+    public static final String J_URI = "org.eclipse.jetty.security.form_URI";
+    public static final String J_POST = "org.eclipse.jetty.security.form_POST";
+
+    private static final Logger LOG = Log.getLogger(FederationAuthenticator.class);
+    
+    private static final String SECURITY_TOKEN_ATTR = "org.apache.fediz.SECURITY_TOKEN";
+       
+    private String configFile;
+    private FedizConfigurator configurator;
+    private String encoding = "UTF-8";
+
+    public FederationAuthenticator() {
+    }
+
+
+    /**
+     * 
+     */
+    @Override
+    public void setConfiguration(AuthConfiguration configuration) {
+        super.setConfiguration(configuration);
+        // is called after the bean setting -> do initialization here
+        LOG.debug(configuration.getInitParameterNames().toString());
+        try {
+            File f = new File(getConfigFile());
+            if (!f.exists()) {
+                String jettyHome = System.getProperty("jetty.home");
+                if (jettyHome != null && jettyHome.length() > 0) {
+                    f = new File(jettyHome.concat(File.separator + getConfigFile()));
+                }
+            }
+            configurator = new FedizConfigurator();
+            configurator.loadConfig(f);
+            LOG.debug("Fediz configuration read from " + f.getAbsolutePath());
+        } catch (JAXBException e) {
+            //[TODO] use other exception
+            throw new RuntimeException("Failed to load Fediz configuration",
+                    e);
+            //throw new ServerAuthException("Failed to load Fediz configuration",
+            //                              e);
+        }
+        
+    }
+
+    /* ------------------------------------------------------------ */
+    public String getAuthMethod() {
+        return "WSFED";
+    }
+
+    public String getConfigFile() {
+        return configFile;
+    }
+
+    public void setConfigFile(String configFile) {
+        this.configFile = configFile;
+    }
+    
+    public String getEncoding() {
+        return encoding;
+    }
+
+    public void setEncoding(String encoding) {
+        this.encoding = encoding;
+    }
+    
+    /* ------------------------------------------------------------ */
+    public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory)
+        throws ServerAuthException {
+        
+        HttpServletRequest request = (HttpServletRequest)req;
+        HttpServletResponse response = (HttpServletResponse)res;
+
+        HttpSession session = request.getSession(true);
+        
+        String contextName = request.getSession().getServletContext().getContextPath();
+        if (contextName == null || contextName.isEmpty()) {
+            contextName = "/";
+        }
+        FedizContext fedConfig = getContextConfiguration(contextName);
+        
+        // Check to see if it is a metadata request
+        try {
+            if (request.getRequestURL().indexOf(FederationConstants.METADATA_PATH_URI) != -1
+                || request.getRequestURL().indexOf(getMetadataURI(fedConfig)) != -1) {
+                if (LOG.isDebugEnabled()) {
+                    LOG.debug("Metadata document requested");
+                }
+                response.setContentType("text/xml");
+                PrintWriter out = response.getWriter();
+                
+                FedizProcessor wfProc = 
+                    FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
+                try {
+                    Document metadata = wfProc.getMetaData(request, fedConfig);
+                    out.write(DOM2Writer.nodeToString(metadata));
+                    return Authentication.SEND_CONTINUE;
+                } catch (Exception ex) {
+                    LOG.warn("Failed to get metadata document: " + ex.getMessage());
+                    response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+                    return Authentication.SEND_FAILURE;
+                }            
+            }
+        } catch (IOException e) {
+            throw new ServerAuthException(e);
+        }
+
+        if (!mandatory) {
+            return new DeferredAuthentication(this);
+        }
+        
+        try {
+            req.setCharacterEncoding(this.encoding);
+        } catch (UnsupportedEncodingException ex) {
+            LOG.warn("Unsupported encoding '" + this.encoding + "'", ex);
+        }
+        
+        String uri = request.getRequestURI();
+        if (uri == null) {
+            uri = URIUtil.SLASH;
+        }
+
+        try {
+            String action = request.getParameter(FederationConstants.PARAM_ACTION);
+            String responseToken = getResponseToken(request, fedConfig);
+            
+            // Handle a request for authentication.
+            if (isSignInRequest(request, fedConfig)) {
+
+                FedizResponse wfRes = null;
+                if (LOG.isDebugEnabled()) {
+                    LOG.debug("SignIn request found");
+                }
+
+                if (responseToken == null) {
+                    if (LOG.isDebugEnabled()) {
+                        LOG.debug("SignIn request must contain a response token from the IdP");
+                    }
+                    response.sendError(HttpServletResponse.SC_BAD_REQUEST);
+                    return Authentication.SEND_FAILURE;
+                } else {
+
+                    FedizRequest wfReq = new FedizRequest();
+                    wfReq.setAction(action);
+                    wfReq.setResponseToken(responseToken);
+                    wfReq.setState(request.getParameter("RelayState"));
+                    wfReq.setRequest(request);
+
+                    X509Certificate certs[] = 
+                        (X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
+                    wfReq.setCerts(certs);
+
+                    FederationLoginService fedLoginService = (FederationLoginService)this._loginService;
+                    UserIdentity user = fedLoginService.login(null, wfReq, fedConfig);
+                    if (user != null)
+                    {
+                        session=renewSession(request,response);
+
+                        FederationUserIdentity  fui = (FederationUserIdentity)user;
+                        session.setAttribute(SECURITY_TOKEN_ATTR, fui.getToken());
+
+                        // Redirect to original request
+                        String nuri;
+                        synchronized(session)
+                        {
+                            nuri = (String) session.getAttribute(J_URI);
+
+                            if (nuri == null || nuri.length() == 0)
+                            {
+                                nuri = request.getContextPath();
+                                if (nuri.length() == 0) { 
+                                    nuri = URIUtil.SLASH;
+                                }
+                            }
+                            Authentication cached=new SessionAuthentication(getAuthMethod(), user, wfRes);
+                            session.setAttribute(SessionAuthentication.__J_AUTHENTICATED, cached);
+                        }
+                        response.setContentLength(0);   
+                        response.sendRedirect(response.encodeRedirectURL(nuri));
+
+                        return new FederationAuthentication(getAuthMethod(), user);
+                    }
+
+                    // not authenticated
+                    if (LOG.isDebugEnabled()) {
+                        LOG.debug("WSFED authentication FAILED");
+                    }
+                    if (response != null) {
+                        response.sendError(HttpServletResponse.SC_FORBIDDEN);
+                    }
+
+                }
+            } else if (FederationConstants.ACTION_SIGNOUT_CLEANUP.equals(action)) {
+                if (LOG.isDebugEnabled()) {
+                    LOG.debug("SignOutCleanup request found");
+                    LOG.debug("SignOutCleanup action...");
+                }
+                session.invalidate();
+
+                final ServletOutputStream responseOutputStream = response.getOutputStream();
+                InputStream inputStream = this.getClass().getClassLoader().getResourceAsStream("logout.jpg");
+                if (inputStream == null) {
+                    LOG.warn("Could not write logout.jpg");
+                    return Authentication.SEND_FAILURE;
+                }
+                int read = 0;
+                byte[] buf = new byte[1024];
+                while ((read = inputStream.read(buf)) != -1) {
+                    responseOutputStream.write(buf, 0, read);
+                }
+                inputStream.close();
+                responseOutputStream.flush();
+                return Authentication.SEND_SUCCESS;
+            } else if (action != null) {
+                LOG.warn("Not supported action found in parameter wa: " + action);
+                response.sendError(HttpServletResponse.SC_BAD_REQUEST);
+                return Authentication.UNAUTHENTICATED;
+            }
+
+            // Look for cached authentication
+            Authentication authentication = (Authentication) session.getAttribute(SessionAuthentication.__J_AUTHENTICATED);
+            if (authentication != null) 
+            {
+                // Has authentication been revoked?
+                if (authentication instanceof Authentication.User && 
+                    _loginService!=null &&
+                    !_loginService.validate(((Authentication.User)authentication).getUserIdentity()))
+                {
+                
+                    session.removeAttribute(SessionAuthentication.__J_AUTHENTICATED);
+                }
+                else
+                {
+                    //logout
+                    String logoutUrl = fedConfig.getLogoutURL();
+                    if (logoutUrl != null && !logoutUrl.isEmpty() && uri.equals(contextName + logoutUrl)) {
+                        session.invalidate();
+
+                        FedizProcessor wfProc = 
+                            FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
+                        signOutRedirectToIssuer(request, response, wfProc);
+
+                        return Authentication.SEND_CONTINUE;
+                    }
+
+                    String j_uri = (String)session.getAttribute(J_URI);
+                    if (j_uri != null)
+                    {
+                        @SuppressWarnings("unchecked")
+                        MultiMap<String> j_post = (MultiMap<String>)session.getAttribute(J_POST);
+                        if (j_post != null)
+                        {
+                            StringBuffer buf = request.getRequestURL();
+                            if (request.getQueryString() != null) {
+                                buf.append("?").append(request.getQueryString());
+                            }
+
+                            if (j_uri.equals(buf.toString()))
+                            {
+                                // This is a retry of an original POST request
+                                // so restore method and parameters
+
+                                session.removeAttribute(J_POST);                        
+                                Request base_request = (req instanceof Request)?(Request)req:AbstractHttpConnection.getCurrentConnection().getRequest();
+                                base_request.setMethod(HttpMethods.POST);
+                                base_request.setParameters(j_post);
+                            }
+                        }
+                        else
+                            session.removeAttribute(J_URI);
+                            
+                    }
+                    return authentication;
+                }
+            }          
+            
+
+            // if we can't send challenge
+            if (DeferredAuthentication.isDeferred(response))
+            {
+                LOG.debug("auth deferred {}",session.getId());
+                return Authentication.UNAUTHENTICATED;
+            }
+            
+            // remember the current URI
+            synchronized (session)
+            {
+                // But only if it is not set already, or we save every uri that leads to a login form redirect
+                if (session.getAttribute(J_URI)==null) // || alwaysSaveUri)
+                {  
+                    StringBuffer buf = request.getRequestURL();
+                    if (request.getQueryString() != null) {
+                        buf.append("?").append(request.getQueryString());
+                    }
+                    session.setAttribute(J_URI, buf.toString());
+                    
+                    if (MimeTypes.FORM_ENCODED.equalsIgnoreCase(req.getContentType()) && HttpMethods.POST.equals(request.getMethod()))
+                    {
+                        Request base_request = (req instanceof Request)?(Request)req:AbstractHttpConnection.getCurrentConnection().getRequest();
+                        base_request.extractParameters();                        
+                        session.setAttribute(J_POST, new MultiMap<String>(base_request.getParameters()));
+                    }
+                }
+            }
+            
+            FedizProcessor wfProc = 
+                FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
+            signInRedirectToIssuer(request, response, wfProc);
+
+            return Authentication.SEND_CONTINUE;
+
+        } catch (IOException e) {
+            throw new ServerAuthException(e);
+        }
+        /*
+         * catch (ServletException e) { throw new ServerAuthException(e); }
+         */
+    }
+
+    private boolean isSignInRequest(ServletRequest request, FedizContext fedConfig) {
+        if (fedConfig.getProtocol() instanceof FederationProtocol
+            && FederationConstants.ACTION_SIGNIN.equals(
+                request.getParameter(FederationConstants.PARAM_ACTION))) {
+            return true;
+        } else if (fedConfig.getProtocol() instanceof SAMLProtocol
+            && request.getParameter(SAMLSSOConstants.RELAY_STATE) != null) {
+            return true;
+        }
+
+        return false;
+    }
+    
+    private String getResponseToken(ServletRequest request, FedizContext fedConfig) {
+        if (fedConfig.getProtocol() instanceof FederationProtocol) {
+            return request.getParameter(FederationConstants.PARAM_RESULT);
+        } else if (fedConfig.getProtocol() instanceof SAMLProtocol) {
+            return request.getParameter(SAMLSSOConstants.SAML_RESPONSE);
+        }
+        return null;
+    }
+    
+    private String getMetadataURI(FedizContext fedConfig) {
+        if (fedConfig.getProtocol().getMetadataURI() != null) {
+            return fedConfig.getProtocol().getMetadataURI();
+        } else if (fedConfig.getProtocol() instanceof FederationProtocol) {
+            return FederationConstants.METADATA_PATH_URI;
+        } else if (fedConfig.getProtocol() instanceof SAMLProtocol) {
+            return SAMLSSOConstants.FEDIZ_SAML_METADATA_PATH_URI;
+        }
+        
+        return FederationConstants.METADATA_PATH_URI;
+    }
+
+    /* ------------------------------------------------------------ */
+    public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory,
+                                  User validatedUser) throws ServerAuthException {
+        return true;
+    }    
+    
+    /**
+     * Called to redirect sign-in to the IDP/Issuer
+     * 
+     * @param request
+     *            Request we are processing
+     * @param response
+     *            Response we are populating
+     * @param processor
+     *            FederationProcessor
+     * @throws IOException
+     *             If the forward to the login page fails and the call to
+     *             {@link HttpServletResponse#sendError(int, String)} throws an
+     *             {@link IOException}
+     */
+    protected void signInRedirectToIssuer(HttpServletRequest request, HttpServletResponse response, FedizProcessor processor)
+        throws IOException {
+
+        //Not supported in jetty 7.6
+        //String contextName = request.getServletContext().getContextPath();
+        String contextName = request.getSession().getServletContext().getContextPath();
+        if (contextName == null || contextName.isEmpty()) {
+            contextName = "/";
+        }
+        FedizContext fedCtx = this.configurator.getFedizContext(contextName);
+        try {
+            RedirectionResponse redirectionResponse = processor.createSignInRequest(request, fedCtx);
+            String redirectURL = redirectionResponse.getRedirectionURL();
+            if (redirectURL != null) {
+                Map<String, String> headers = redirectionResponse.getHeaders();
+                if (!headers.isEmpty()) {
+                    for (String headerName : headers.keySet()) {
+                        response.addHeader(headerName, headers.get(headerName));
+                    }
+                }
+                
+                response.sendRedirect(redirectURL);
+            } else {
+                LOG.warn("Failed to create SignInRequest.");
+                response.sendError(
+                        HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to create SignInRequest.");
+            }
+        } catch (ProcessingException ex) {
+            LOG.warn("Failed to create SignInRequest: " + ex.getMessage());
+            response.sendError(
+                               HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to create SignInRequest.");
+        }
+        
+    }
+
+    protected void signOutRedirectToIssuer(HttpServletRequest request, HttpServletResponse response, FedizProcessor processor)
+            throws IOException {
+
+        //Not supported in jetty 7.6
+        //String contextName = request.getServletContext().getContextPath();
+        String contextName = request.getSession().getServletContext().getContextPath();
+        if (contextName == null || contextName.isEmpty()) {
+            contextName = "/";
+        }
+        FedizContext fedCtx = this.configurator.getFedizContext(contextName);
+        try {
+            RedirectionResponse redirectionResponse = 
+                processor.createSignOutRequest(request, null, fedCtx); //TODO
+            String redirectURL = redirectionResponse.getRedirectionURL();
+            if (redirectURL != null) {
+                Map<String, String> headers = redirectionResponse.getHeaders();
+                if (!headers.isEmpty()) {
+                    for (String headerName : headers.keySet()) {
+                        response.addHeader(headerName, headers.get(headerName));
+                    }
+                }
+                
+                response.sendRedirect(redirectURL);
+            } else {
+                LOG.warn("Failed to create SignOutRequest.");
+                response.sendError(
+                        HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to create SignOutRequest.");
+            }
+        } catch (ProcessingException ex) {
+            LOG.warn("Failed to create SignOutRequest: " + ex.getMessage());
+            response.sendError(
+                    HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to create SignOutRequest.");
+        }
+    }
+    
+    private FedizContext getContextConfiguration(String contextName) {
+        if (configurator == null) {
+            throw new IllegalStateException("No Fediz configuration available");
+        }
+        FedizContext config = configurator.getFedizContext(contextName);
+        if (config == null) {
+            throw new IllegalStateException("No Fediz configuration for context :" + contextName);
+        }
+        
+        String jettyHome = System.getProperty("jetty.home");
+        if (jettyHome != null && jettyHome.length() > 0) {
+            config.setRelativePath(jettyHome);
+        }
+        return config;
+    }
+
+    /* ------------------------------------------------------------ */
+    /**
+     * This Authentication represents a just completed Federation authentication. Subsequent requests from the same
+     * user are authenticated by the presents of a {@link SessionAuthentication} instance in their session.
+     */
+    public static class FederationAuthentication extends UserAuthentication implements
+        Authentication.ResponseSent {
+        
+        public FederationAuthentication(String method, UserIdentity userIdentity) {
+            super(method, userIdentity);
+        }
+
+        @Override
+        public String toString() {
+            return "WSFED" + super.toString();
+        }
+    }
+}


Mime
View raw message