cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf-fediz git commit: [FEDIZ-131] Adding a CXF plugin JAX-RS demo, with some updates pending
Date Thu, 15 Oct 2015 16:29:16 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master f4eeabd85 -> f9b182f07


[FEDIZ-131] Adding a CXF plugin JAX-RS demo, with some updates pending


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/f9b182f0
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/f9b182f0
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/f9b182f0

Branch: refs/heads/master
Commit: f9b182f07abf72331720f1c3476cef336144c798
Parents: f4eeabd
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Thu Oct 15 17:28:59 2015 +0100
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Thu Oct 15 17:28:59 2015 +0100

----------------------------------------------------------------------
 examples/jaxrsCxfPluginWebapp/README.txt        |  71 +++++++++++
 examples/jaxrsCxfPluginWebapp/pom.xml           | 107 +++++++++++++++++
 .../cxf/fediz/example/FederationService.java    | 118 +++++++++++++++++++
 .../src/main/resources/fediz_config.xml         |  56 +++++++++
 .../src/main/resources/log4j.properties         |  22 ++++
 .../src/main/resources/ststrust.jks             | Bin 0 -> 3908 bytes
 .../WEB-INF/applicationContext-security.xml     |  43 +++++++
 .../src/main/webapp/WEB-INF/fediz_config.xml    |  56 +++++++++
 .../src/main/webapp/WEB-INF/web.xml             |  72 +++++++++++
 .../src/main/webapp/index.html                  |  25 ++++
 .../src/main/webapp/secure/test.html            |  25 ++++
 11 files changed, 595 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f9b182f0/examples/jaxrsCxfPluginWebapp/README.txt
----------------------------------------------------------------------
diff --git a/examples/jaxrsCxfPluginWebapp/README.txt b/examples/jaxrsCxfPluginWebapp/README.txt
new file mode 100644
index 0000000..285b6e8
--- /dev/null
+++ b/examples/jaxrsCxfPluginWebapp/README.txt
@@ -0,0 +1,71 @@
+JAX-RS CXF Plugin Web Application Demo
+==================================
+
+This demo shows how to build and deploy an SSO protected CXF JAX-RS web application
+using Apache CXF Fediz and Fediz CXF Plugin.
+
+
+Running this sample consists of four steps:
+
+- Configure the Tomcat-IDP and Servlet Container for RP instances
+- Building the demo using Maven
+- Deploying the demo to the RP instance
+- Testing the demo
+
+Please review the README in the samples main directory before continuing.
+
+Configure the Tomcat-IDP and Servlet Container for RP instances
+---------------------------------------------------------------
+First, make sure the separate Tomcat instance hosting the Fediz IDP and IDP
+STS has been configured and is running as described here:  
+http://cxf.apache.org/fediz-idp.html.  Confirm the STS is active by
+checking that the WSDL is viewable from the browser using the URL given
+on that page--don't proceed further unless it is.
+
+
+Demo Web Application
+--------------------
+The main code lives in the class FederationService. This JAX-RS Service is protected
+and can be accessed only if the browser user is authenticated. The purpose of
+the FederationService is to illustrate the usage of the Java Servlet Security
+API to get the authenticated user and to check the roles he has. Further, 
+the FederationService shows how to access claims data (user data) which were 
+stored in the SAML token by using the Fediz interface FedizPrincipal.
+Beyond that, the FederationService illustrates how to access the SAML token
+if required. The classes SecurityTokenThreadLocal.java and FederationFilter.java
+can be used to achieve that. You could get this information directly from the
+HTTP session.
+
+
+Building the demo using Maven
+-----------------------------
+From the base directory of this sample (i.e., where this README file is
+located), the pom.xml file is used to build and run the demo. From a 
+command prompt, enter:
+
+  mvn clean install   (builds the demo and creates a WAR file for Servlet deployment)
+
+
+Deploying the demo to Tomcat
+----------------------------
+Either manually copy this sample's generated WAR file to the Tomcat-RP's 
+webapps folder, or use the Tomcat Maven Plugin as described in the README file 
+in the example folder root.
+It's recommended to not deploy this WAR into Servlet Container where Fediz is
+integrated into the Security Layer of the Container itself.
+
+
+Test the demo
+-------------
+Enter the following URL into the browser (TCP port depends on your HTTP settings):
+
+https://localhost:10443/fedizhelloworld/secure/fedservlet
+
+The browser is redirected to the IDP and prompts for username and password. As described
+in the IDP installation, the following users are already set up:
+
+User: alice   Password: ecila
+User: bob     Password: bob
+User: ted     Password: det
+
+

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f9b182f0/examples/jaxrsCxfPluginWebapp/pom.xml
----------------------------------------------------------------------
diff --git a/examples/jaxrsCxfPluginWebapp/pom.xml b/examples/jaxrsCxfPluginWebapp/pom.xml
new file mode 100644
index 0000000..d7b700f
--- /dev/null
+++ b/examples/jaxrsCxfPluginWebapp/pom.xml
@@ -0,0 +1,107 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.apache.cxf.fediz</groupId>
+        <artifactId>examples</artifactId>
+        <version>1.3.0-SNAPSHOT</version>
+    </parent>
+    <groupId>org.apache.cxf.fediz.examples</groupId>
+    <artifactId>jaxrsCxfPluginWebapp</artifactId>
+    <name>Fediz Example: SpringWebapp</name>
+    <packaging>war</packaging>
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    </properties>
+    <dependencies>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>servlet-api</artifactId>
+            <version>${servlet.version}</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.cxf</groupId>
+            <artifactId>cxf-rt-frontend-jaxrs</artifactId>
+            <version>${cxf.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-log4j12</artifactId>
+            <version>${slf4j.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.cxf.fediz</groupId>
+            <artifactId>fediz-cxf</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-web</artifactId>
+            <version>${spring.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+            <version>${commons.lang.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>log4j</groupId>
+            <artifactId>log4j</artifactId>
+            <version>${log4j.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>javax.mail</groupId>
+                    <artifactId>mail</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>javax.jms</groupId>
+                    <artifactId>jms</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>com.sun.jdmk</groupId>
+                    <artifactId>jmxtools</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>com.sun.jmx</groupId>
+                    <artifactId>jmxri</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+    </dependencies>
+    <build>
+        <plugins>
+            <plugin>
+                <!--for mvn tomcat:deploy/:undeploy/:redeploy -->
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>tomcat-maven-plugin</artifactId>
+                <version>1.1</version>
+                <configuration>
+                    <server>myTomcat</server>
+                    <url>http://localhost:10080/manager/text</url>
+                    <path>/${project.build.finalName}</path>
+                </configuration>
+            </plugin>
+        </plugins>
+        <!-- Name of the generated WAR file -->
+        <finalName>fedizhelloworld</finalName>
+    </build>
+</project>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f9b182f0/examples/jaxrsCxfPluginWebapp/src/main/java/org/apache/cxf/fediz/example/FederationService.java
----------------------------------------------------------------------
diff --git a/examples/jaxrsCxfPluginWebapp/src/main/java/org/apache/cxf/fediz/example/FederationService.java
b/examples/jaxrsCxfPluginWebapp/src/main/java/org/apache/cxf/fediz/example/FederationService.java
new file mode 100644
index 0000000..fa31a87
--- /dev/null
+++ b/examples/jaxrsCxfPluginWebapp/src/main/java/org/apache/cxf/fediz/example/FederationService.java
@@ -0,0 +1,118 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.example;
+
+import java.io.StringWriter;
+import java.security.Principal;
+import java.util.Arrays;
+import java.util.List;
+
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.Response.ResponseBuilder;
+import javax.ws.rs.core.SecurityContext;
+import javax.ws.rs.core.UriInfo;
+import javax.xml.transform.OutputKeys;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.w3c.dom.Element;
+
+import org.apache.commons.lang3.StringEscapeUtils;
+import org.apache.cxf.fediz.core.Claim;
+import org.apache.cxf.fediz.core.ClaimCollection;
+import org.apache.cxf.fediz.core.FedizPrincipal;
+import org.apache.cxf.fediz.core.SecurityTokenThreadLocal;
+
+
+
+@Path("/")
+public class FederationService {
+
+    @GET
+    public Response get(@Context UriInfo uriInfo,
+                        @Context SecurityContext securityContext) {
+
+        ResponseBuilder rb = Response.ok().type("text/html");
+
+        StringBuilder out = new StringBuilder();
+        out.append("<html>");
+        out.append("<head><title>WS Federation Spring Security Example</title></head>");
+        out.append("<body>");
+        out.append("<h1>Hello World</h1>");
+        out.append("Hello world<br>");
+        out.append("Request url: " + uriInfo.getAbsolutePath().toString() + "<p>");
+
+        out.append("<br><b>User</b><p>");
+        Principal p = securityContext.getUserPrincipal();
+        if (p != null) {
+            out.append("Principal: " + p.getName() + "<p>");
+        }
+
+        out.append("<br><b>Roles</b><p>");
+        List<String> roleListToCheck = Arrays.asList("Admin", "Manager", "User", "Authenticated");
+        for (String item: roleListToCheck) {
+            out.append("Has role '" + item + "': " 
+                + ((securityContext.isUserInRole(item)) ? "<b>yes</b>" : "no")
+ "<p>");
+        }
+
+        if (p instanceof FedizPrincipal) {
+            FedizPrincipal fp = (FedizPrincipal)p;
+
+            out.append("<br><b>Claims</b><p>");
+            ClaimCollection claims = fp.getClaims();
+            for (Claim c: claims) {
+                out.append(c.getClaimType().toString() + ": " + c.getValue() + "<p>");
+            }
+        } else {
+            out.append("Principal is not instance of FedizPrincipal");
+        }
+
+        Element el = SecurityTokenThreadLocal.getToken();
+        if (el != null) {
+            out.append("<p>Bootstrap token...");
+            String token = null;
+            try {
+                TransformerFactory transFactory = TransformerFactory.newInstance();
+                Transformer transformer = transFactory.newTransformer();
+                StringWriter buffer = new StringWriter();
+                transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
+                transformer.transform(new DOMSource(el), new StreamResult(buffer));
+                token = buffer.toString();
+                @SuppressWarnings("deprecation")
+                String escapedXml = StringEscapeUtils.escapeXml(token);
+                out.append("<p>" + escapedXml);
+            } catch (Exception ex) {
+                out.append("<p>Failed to transform cached element to string: " + ex.toString());
+            }
+        } else {
+            out.append("<p>Bootstrap token not cached in thread local storage");
+        }
+
+        out.append("</body>");
+
+        return rb.entity(out.toString()).build();
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f9b182f0/examples/jaxrsCxfPluginWebapp/src/main/resources/fediz_config.xml
----------------------------------------------------------------------
diff --git a/examples/jaxrsCxfPluginWebapp/src/main/resources/fediz_config.xml b/examples/jaxrsCxfPluginWebapp/src/main/resources/fediz_config.xml
new file mode 100644
index 0000000..529b645
--- /dev/null
+++ b/examples/jaxrsCxfPluginWebapp/src/main/resources/fediz_config.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<!-- Place in Tomcat conf folder or other location as designated in this sample's file.

+     Keystore referenced below must have IDP STS' public cert included in it.  This example
uses the
+     ststrust Truststore (ststrust.jks) for this task.
+     In Fediz 1.0, one keystore was used for SSL and the STS public certificate.
+-->
+<FedizConfig>
+    <contextConfig name="/fedizhelloworld">
+        <audienceUris>
+            <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
+        </audienceUris>
+        <certificateStores>
+            <trustManager>
+                <keyStore file="ststrust.jks" password="storepass"
+                    type="JKS" />
+            </trustManager>
+        </certificateStores>
+        <trustedIssuers>
+            <issuer certificateValidation="PeerTrust" />
+        </trustedIssuers>
+        <maximumClockSkew>1000</maximumClockSkew>
+        <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+            xsi:type="federationProtocolType" version="1.0.0">
+            <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
+            <issuer>https://localhost:8443/fediz-idp/federation</issuer>
+            <roleDelimiter>,</roleDelimiter>
+            <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+            <reply>/j_spring_fediz_security_check</reply>
+            <claimTypesRequested>
+                <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
optional="false" />
+				<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
optional="true" />
+				<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" optional="true"
/>
+				<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
optional="true" />
+            </claimTypesRequested>
+        </protocol>
+    </contextConfig>
+</FedizConfig>
+

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f9b182f0/examples/jaxrsCxfPluginWebapp/src/main/resources/log4j.properties
----------------------------------------------------------------------
diff --git a/examples/jaxrsCxfPluginWebapp/src/main/resources/log4j.properties b/examples/jaxrsCxfPluginWebapp/src/main/resources/log4j.properties
new file mode 100644
index 0000000..e16244a
--- /dev/null
+++ b/examples/jaxrsCxfPluginWebapp/src/main/resources/log4j.properties
@@ -0,0 +1,22 @@
+# Set root category priority to INFO and its only appender to CONSOLE.
+log4j.rootLogger=INFO, CONSOLE
+log4j.logger.org.springframework=INFO, CONSOLE
+log4j.additivity.org.springframework=false
+log4j.logger.org.springframework.security=DEBUG, CONSOLE
+log4j.additivity.org.springframework.security=false
+log4j.logger.org.apache.cxf.fediz=DEBUG, CONSOLE
+log4j.additivity.org.apache.cxf.fediz=false
+
+# CONSOLE is set to be a ConsoleAppender using a PatternLayout.
+log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
+log4j.appender.CONSOLE.Threshold=DEBUG
+log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
+log4j.appender.CONSOLE.layout.ConversionPattern=%d [%t] %-5p %c %x - %m%n
+
+# LOGFILE is set to be a File appender using a PatternLayout.
+log4j.appender.LOGFILE=org.apache.log4j.FileAppender
+log4j.appender.LOGFILE.File=fedizhelloworld.log
+log4j.appender.LOGFILE.Append=false
+log4j.appender.LOGFILE.Threshold=DEBUG
+log4j.appender.LOGFILE.layout=org.apache.log4j.PatternLayout
+log4j.appender.LOGFILE.layout.ConversionPattern=%d [%t] %-5p %c %x - %m%n

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f9b182f0/examples/jaxrsCxfPluginWebapp/src/main/resources/ststrust.jks
----------------------------------------------------------------------
diff --git a/examples/jaxrsCxfPluginWebapp/src/main/resources/ststrust.jks b/examples/jaxrsCxfPluginWebapp/src/main/resources/ststrust.jks
new file mode 100644
index 0000000..ef5a844
Binary files /dev/null and b/examples/jaxrsCxfPluginWebapp/src/main/resources/ststrust.jks
differ

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f9b182f0/examples/jaxrsCxfPluginWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml
----------------------------------------------------------------------
diff --git a/examples/jaxrsCxfPluginWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml
b/examples/jaxrsCxfPluginWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml
new file mode 100644
index 0000000..a29da25
--- /dev/null
+++ b/examples/jaxrsCxfPluginWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:jaxrs="http://cxf.apache.org/jaxrs" 
+    xsi:schemaLocation="
+        http://www.springframework.org/schema/beans
+        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+        http://cxf.apache.org/jaxrs
+        http://cxf.apache.org/schemas/jaxrs.xsd">
+
+    <bean id="filter" class="org.apache.cxf.fediz.cxf.plugin.FedizRedirectBindingFilter"
+        init-method="configure">
+    </bean>
+    <jaxrs:server address="/">
+        <jaxrs:serviceBeans>
+            <bean class="org.apache.cxf.fediz.example.FederationService"/>
+        </jaxrs:serviceBeans>
+        <jaxrs:providers>
+            <ref bean="filter"/>
+        </jaxrs:providers> 
+    </jaxrs:server>
+
+    
+</beans>
+

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f9b182f0/examples/jaxrsCxfPluginWebapp/src/main/webapp/WEB-INF/fediz_config.xml
----------------------------------------------------------------------
diff --git a/examples/jaxrsCxfPluginWebapp/src/main/webapp/WEB-INF/fediz_config.xml b/examples/jaxrsCxfPluginWebapp/src/main/webapp/WEB-INF/fediz_config.xml
new file mode 100644
index 0000000..529b645
--- /dev/null
+++ b/examples/jaxrsCxfPluginWebapp/src/main/webapp/WEB-INF/fediz_config.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<!-- Place in Tomcat conf folder or other location as designated in this sample's file.

+     Keystore referenced below must have IDP STS' public cert included in it.  This example
uses the
+     ststrust Truststore (ststrust.jks) for this task.
+     In Fediz 1.0, one keystore was used for SSL and the STS public certificate.
+-->
+<FedizConfig>
+    <contextConfig name="/fedizhelloworld">
+        <audienceUris>
+            <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
+        </audienceUris>
+        <certificateStores>
+            <trustManager>
+                <keyStore file="ststrust.jks" password="storepass"
+                    type="JKS" />
+            </trustManager>
+        </certificateStores>
+        <trustedIssuers>
+            <issuer certificateValidation="PeerTrust" />
+        </trustedIssuers>
+        <maximumClockSkew>1000</maximumClockSkew>
+        <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+            xsi:type="federationProtocolType" version="1.0.0">
+            <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
+            <issuer>https://localhost:8443/fediz-idp/federation</issuer>
+            <roleDelimiter>,</roleDelimiter>
+            <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+            <reply>/j_spring_fediz_security_check</reply>
+            <claimTypesRequested>
+                <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
optional="false" />
+				<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
optional="true" />
+				<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" optional="true"
/>
+				<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
optional="true" />
+            </claimTypesRequested>
+        </protocol>
+    </contextConfig>
+</FedizConfig>
+

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f9b182f0/examples/jaxrsCxfPluginWebapp/src/main/webapp/WEB-INF/web.xml
----------------------------------------------------------------------
diff --git a/examples/jaxrsCxfPluginWebapp/src/main/webapp/WEB-INF/web.xml b/examples/jaxrsCxfPluginWebapp/src/main/webapp/WEB-INF/web.xml
new file mode 100644
index 0000000..3015d20
--- /dev/null
+++ b/examples/jaxrsCxfPluginWebapp/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+    version="3.0" metadata-complete="true">
+
+    <description>WS Federation Spring Example</description>
+    <display-name>WS Federation Spring Example</display-name>
+
+    <!-- Optional: Cache the security token in Thread Local Storage -->
+    <filter>
+        <filter-name>FederationFilter</filter-name>
+        <filter-class>org.apache.cxf.fediz.core.servlet.FederationFilter</filter-class>
+    </filter>
+
+    <filter-mapping>
+        <filter-name>FederationFilter</filter-name>
+        <url-pattern>/secure/*</url-pattern>
+    </filter-mapping>
+
+    <context-param>
+        <param-name>contextConfigLocation</param-name>
+        <param-value>/WEB-INF/applicationContext-security.xml</param-value>
+    </context-param>
+
+    <listener>
+        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+    </listener>
+
+    <servlet>
+        <servlet-name>FederationServlet</servlet-name>
+        <servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class>
+    </servlet>
+
+    <servlet-mapping>
+        <servlet-name>FederationServlet</servlet-name>
+        <url-pattern>/secure/fedservlet</url-pattern>
+    </servlet-mapping>
+
+    <servlet-mapping>
+        <servlet-name>FederationServlet</servlet-name>
+        <url-pattern>/secure/admin/fedservlet</url-pattern>
+    </servlet-mapping>
+
+    <servlet-mapping>
+        <servlet-name>FederationServlet</servlet-name>
+        <url-pattern>/secure/user/fedservlet</url-pattern>
+    </servlet-mapping>
+
+    <servlet-mapping>
+        <servlet-name>FederationServlet</servlet-name>
+        <url-pattern>/secure/manager/fedservlet</url-pattern>
+    </servlet-mapping>
+
+</web-app>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f9b182f0/examples/jaxrsCxfPluginWebapp/src/main/webapp/index.html
----------------------------------------------------------------------
diff --git a/examples/jaxrsCxfPluginWebapp/src/main/webapp/index.html b/examples/jaxrsCxfPluginWebapp/src/main/webapp/index.html
new file mode 100644
index 0000000..1a1ef1d
--- /dev/null
+++ b/examples/jaxrsCxfPluginWebapp/src/main/webapp/index.html
@@ -0,0 +1,25 @@
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<HTML><HEAD><TITLE>WS Federation Tomcat Examples</TITLE>
+<META http-equiv=Content-Type content="text/html">
+</HEAD>
+<BODY>
+<P>
+<H3>Hello World</H3>
+<P></P>
+</BODY></HTML>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f9b182f0/examples/jaxrsCxfPluginWebapp/src/main/webapp/secure/test.html
----------------------------------------------------------------------
diff --git a/examples/jaxrsCxfPluginWebapp/src/main/webapp/secure/test.html b/examples/jaxrsCxfPluginWebapp/src/main/webapp/secure/test.html
new file mode 100644
index 0000000..042ed67
--- /dev/null
+++ b/examples/jaxrsCxfPluginWebapp/src/main/webapp/secure/test.html
@@ -0,0 +1,25 @@
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<HTML><HEAD><TITLE>WS Federation Tomcat Examples</TITLE>
+<META http-equiv=Content-Type content="text/html">
+</HEAD>
+<BODY>
+<P>
+<H3>Secure Test</H3>
+<P></P>
+</BODY></HTML>


Mime
View raw message