cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf-fediz git commit: More STS refactoring
Date Thu, 15 Sep 2016 13:33:26 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master 150ca5d8e -> 3d732f516


More STS refactoring


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/3d732f51
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/3d732f51
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/3d732f51

Branch: refs/heads/master
Commit: 3d732f5168f940b03cdc674d31830d384ed0ba50
Parents: 150ca5d
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Sep 15 14:33:09 2016 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Sep 15 14:33:09 2016 +0100

----------------------------------------------------------------------
 services/sts/src/main/resources/sts.properties  |  22 ++
 .../src/main/webapp/WEB-INF/cxf-transport.xml   | 122 ++++++++++-
 .../src/main/webapp/WEB-INF/data/cxf-sts.xml    | 209 -------------------
 .../sts/src/main/webapp/WEB-INF/data/realms.xml |  77 +++++++
 4 files changed, 220 insertions(+), 210 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3d732f51/services/sts/src/main/resources/sts.properties
----------------------------------------------------------------------
diff --git a/services/sts/src/main/resources/sts.properties b/services/sts/src/main/resources/sts.properties
new file mode 100644
index 0000000..4bb5c7e
--- /dev/null
+++ b/services/sts/src/main/resources/sts.properties
@@ -0,0 +1,22 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+signature.properties=stsTruststore.properties
+encryption.properties=stsEncryption.properties
+issuer=Fediz STS
+callback.handler=org.apache.cxf.fediz.service.sts.PasswordCallbackHandler

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3d732f51/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml b/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml
index fedc7e0..0cac6a7 100644
--- a/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml
+++ b/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml
@@ -39,13 +39,133 @@
         http://cxf.apache.org/configuration/security
         http://cxf.apache.org/schemas/configuration/security.xsd">
 
+    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
+        <property name="location" value="classpath:./sts.properties"/>
+    </bean>
+    
     <import resource="classpath:META-INF/cxf/cxf.xml" />
 
-    <import resource="data/cxf-sts.xml" />
+    <import resource="data/realms.xml" />
     
     <!-- Per default the resource <file.xml> is imported.
          If built with Maven Profile 'ldap', the resource <ldap.xml> is imported -->
     <import resource="./${adapter.resource}.xml" />
+    
+    <bean id="loggerListener" class="org.apache.cxf.sts.event.map.EventMapper">
+        <constructor-arg>
+            <bean class="org.apache.cxf.sts.event.map.MapEventLogger" />
+        </constructor-arg>
+    </bean>
+
+    <util:list id="delegationHandlers">
+        <bean id="samlDelegationHandler"
+            class="org.apache.cxf.fediz.service.sts.FedizSAMLDelegationHandler" />
+        <bean id="x509DelegationHandler"
+            class="org.apache.cxf.fediz.service.sts.FedizX509DelegationHandler" />
+    </util:list>
+
+    <bean id="transportSTSProviderBean"
+        class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider">
+        <property name="issueOperation" ref="transportIssueDelegate" />
+        <property name="validateOperation" ref="transportValidateDelegate" />
+    </bean>
+
+    <bean id="transportIssueDelegate" class="org.apache.cxf.sts.operation.TokenIssueOperation">
+        <property name="tokenProviders" ref="transportTokenProviders" />
+        <property name="services" ref="transportServices" />
+        <property name="stsProperties" ref="transportSTSProperties" />
+        <property name="claimsManager" ref="claimsManager" />
+        <property name="tokenValidators" ref="transportTokenValidators" />
+        <property name="eventListener" ref="loggerListener" />
+        <property name="delegationHandlers" ref="delegationHandlers" />
+        <property name="encryptIssuedToken" value="true"/>
+    </bean>
+
+    <bean id="transportValidateDelegate" class="org.apache.cxf.sts.operation.TokenValidateOperation">
+        <property name="tokenValidators" ref="transportTokenValidators" />
+        <property name="stsProperties" ref="transportSTSProperties" />
+        <property name="eventListener" ref="loggerListener" />
+    </bean>
+
+    <util:list id="transportTokenProviders">
+        <ref bean="transportSamlTokenProvider" />
+    </util:list>
+
+    <util:list id="transportTokenValidators">
+        <ref bean="transportSamlTokenValidator" />
+        <bean class="org.apache.cxf.sts.token.validator.X509TokenValidator" />
+    </util:list>
+
+    <bean id="transportSamlTokenProvider" class="org.apache.cxf.sts.token.provider.SAMLTokenProvider">
+        <property name="attributeStatementProviders" ref="attributeStatementProvidersList"
/>
+        <property name="realmMap" ref="realms" />
+        <property name="conditionsProvider" ref="conditionsProvider" />
+        <property name="subjectProvider" ref="subjectProvider" />
+    </bean>
+
+    <bean id="conditionsProvider"
+        class="org.apache.cxf.sts.token.provider.DefaultConditionsProvider">
+        <property name="lifetime" value="1200" />
+        <property name="acceptClientLifetime" value="true" />
+    </bean>
+    
+    <bean id="subjectProvider"
+        class="org.apache.cxf.sts.token.provider.DefaultSubjectProvider">
+        <property name="subjectNameIDFormat" 
+                  value="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />
+    </bean>
+
+    <util:list id="attributeStatementProvidersList">
+        <ref bean="claimAttributeProvider" />
+    </util:list>
+
+    <bean id="claimAttributeProvider"
+        class="org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider">
+    </bean>
+
+    <bean id="claimsManager" class="org.apache.cxf.sts.claims.ClaimsManager">
+        <property name="claimHandlers" ref="claimHandlerList" />
+    </bean>
+
+    <bean id="identityMapper"
+        class="org.apache.cxf.fediz.service.sts.realms.IdentityMapperImpl" />
+
+    <bean id="samlRealmCodec"
+        class="org.apache.cxf.fediz.service.sts.realms.SamlRealmCodec" />
+
+    <bean id="customRealmParser" class="org.apache.cxf.fediz.service.sts.realms.UriRealmParser">
+		<property name="realmMap" ref="realms" />
+	</bean>
+
+    <bean id="transportSamlTokenValidator"
+        class="org.apache.cxf.sts.token.validator.SAMLTokenValidator">
+        <property name="samlRealmCodec" ref="samlRealmCodec" />
+    </bean>
+
+    <bean id="transportUsernameTokenValidator"
+        class="org.apache.cxf.sts.token.validator.UsernameTokenValidator">
+    </bean>
+    
+    <util:list id="transportServices">
+        <ref bean="transportService" />
+    </util:list>
+
+    <bean id="transportService" class="org.apache.cxf.sts.service.StaticService">
+        <property name="endpoints">
+            <util:list>
+                <value>.*</value>
+            </util:list>
+        </property>
+    </bean>
+    
+    <bean id="transportSTSProperties" class="org.apache.cxf.sts.StaticSTSProperties">
+        <property name="callbackHandlerClass" value="${callback.handler}" />
+        <property name="issuer" value="${issuer}" />
+        <property name="realmParser" ref="customRealmParser" />
+        <property name="signatureCryptoProperties" value="${signature.properties}" />
+        <property name="encryptionCryptoProperties" value="${encryption.properties}"/>
+        <property name="relationships" ref="relationships" />
+    </bean>
 
     <jaxws:endpoint id="transportSTSRealmA" implementor="#transportSTSProviderBean"
         address="/REALMA/STSServiceTransport" wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3d732f51/services/sts/src/main/webapp/WEB-INF/data/cxf-sts.xml
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/data/cxf-sts.xml b/services/sts/src/main/webapp/WEB-INF/data/cxf-sts.xml
deleted file mode 100644
index b2d43d7..0000000
--- a/services/sts/src/main/webapp/WEB-INF/data/cxf-sts.xml
+++ /dev/null
@@ -1,209 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
- 
-  http://www.apache.org/licenses/LICENSE-2.0
- 
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
-    xmlns:cxf="http://cxf.apache.org/core"
-    xmlns:jaxws="http://cxf.apache.org/jaxws"
-    xmlns:test="http://apache.org/hello_world_soap_http"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xmlns:util="http://www.springframework.org/schema/util"
-    xmlns:http="http://cxf.apache.org/transports/http/configuration"
-    xmlns:sec="http://cxf.apache.org/configuration/security"
-    xsi:schemaLocation="
-        http://cxf.apache.org/core
-        http://cxf.apache.org/schemas/core.xsd
-        http://www.springframework.org/schema/beans
-        http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
-        http://cxf.apache.org/jaxws
-        http://cxf.apache.org/schemas/jaxws.xsd
-        http://www.springframework.org/schema/util
-        http://www.springframework.org/schema/util/spring-util-2.0.xsd
-        http://cxf.apache.org/transports/http/configuration
-        http://cxf.apache.org/schemas/configuration/http-conf.xsd
-        http://cxf.apache.org/configuration/security
-        http://cxf.apache.org/schemas/configuration/security.xsd">
-
-    <bean id="loggerListener" class="org.apache.cxf.sts.event.map.EventMapper">
-        <constructor-arg>
-            <bean class="org.apache.cxf.sts.event.map.MapEventLogger" />
-        </constructor-arg>
-    </bean>
-
-    <util:list id="delegationHandlers">
-        <bean id="samlDelegationHandler"
-            class="org.apache.cxf.fediz.service.sts.FedizSAMLDelegationHandler" />
-        <bean id="x509DelegationHandler"
-            class="org.apache.cxf.fediz.service.sts.FedizX509DelegationHandler" />
-    </util:list>
-
-    <bean id="transportSTSProviderBean"
-        class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider">
-        <property name="issueOperation" ref="transportIssueDelegate" />
-        <property name="validateOperation" ref="transportValidateDelegate" />
-    </bean>
-
-    <bean id="transportIssueDelegate" class="org.apache.cxf.sts.operation.TokenIssueOperation">
-        <property name="tokenProviders" ref="transportTokenProviders" />
-        <property name="services" ref="transportServices" />
-        <property name="stsProperties" ref="transportSTSProperties" />
-        <property name="claimsManager" ref="claimsManager" />
-        <property name="tokenValidators" ref="transportTokenValidators" />
-        <property name="eventListener" ref="loggerListener" />
-        <property name="delegationHandlers" ref="delegationHandlers" />
-        <property name="encryptIssuedToken" value="true"/>
-    </bean>
-
-    <bean id="transportValidateDelegate" class="org.apache.cxf.sts.operation.TokenValidateOperation">
-        <property name="tokenValidators" ref="transportTokenValidators" />
-        <property name="stsProperties" ref="transportSTSProperties" />
-        <property name="eventListener" ref="loggerListener" />
-    </bean>
-
-    <util:list id="relationships">
-        <bean class="org.apache.cxf.sts.token.realm.Relationship">
-            <property name="sourceRealm" value="REALMA" />
-            <property name="targetRealm" value="REALMB" />
-            <property name="identityMapper" ref="identityMapper" />
-            <property name="type" value="FederatedIdentity" />
-        </bean>
-        <bean class="org.apache.cxf.sts.token.realm.Relationship">
-            <property name="sourceRealm" value="REALMB" />
-            <property name="targetRealm" value="REALMA" />
-            <property name="identityMapper" ref="identityMapper" />
-            <property name="type" value="FederatedIdentity" />
-        </bean>
-    </util:list>
-
-    <util:list id="transportTokenProviders">
-        <ref bean="transportSamlTokenProvider" />
-    </util:list>
-
-    <util:list id="transportTokenValidators">
-        <ref bean="transportSamlTokenValidator" />
-        <bean class="org.apache.cxf.sts.token.validator.X509TokenValidator" />
-    </util:list>
-
-    <bean id="realmA" class="org.apache.cxf.sts.token.realm.SAMLRealm">
-        <property name="issuer" value="STS Realm A" />
-        <property name="signaturePropertiesFile" value="stsKeystoreA.properties" />
-        <property name="callbackHandlerClass"
-            value="org.apache.cxf.fediz.service.sts.PasswordCallbackHandler" />
-    </bean>
-
-    <bean id="realmB" class="org.apache.cxf.sts.token.realm.SAMLRealm">
-        <property name="issuer" value="STS Realm B" />
-        <property name="signaturePropertiesFile" value="stsKeystoreB.properties" />
-        <property name="callbackHandlerClass"
-            value="org.apache.cxf.fediz.service.sts.PasswordCallbackHandler" />
-    </bean>
-
-    <util:map id="realms">
-        <entry key="REALMA" value-ref="realmA" />
-        <entry key="REALMB" value-ref="realmB" />
-    </util:map>
-    
-    <bean id="transportSamlTokenProvider" class="org.apache.cxf.sts.token.provider.SAMLTokenProvider">
-        <property name="attributeStatementProviders" ref="attributeStatementProvidersList"
/>
-        <property name="realmMap" ref="realms" />
-        <property name="conditionsProvider" ref="conditionsProvider" />
-        <property name="subjectProvider" ref="subjectProvider" />
-    </bean>
-
-    <bean id="conditionsProvider"
-        class="org.apache.cxf.sts.token.provider.DefaultConditionsProvider">
-        <property name="lifetime" value="1200" />
-        <property name="acceptClientLifetime" value="true" />
-    </bean>
-    
-    <bean id="subjectProvider"
-        class="org.apache.cxf.sts.token.provider.DefaultSubjectProvider">
-        <property name="subjectNameIDFormat" 
-                  value="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />
-    </bean>
-
-    <util:list id="attributeStatementProvidersList">
-        <ref bean="claimAttributeProvider" />
-    </util:list>
-
-    <bean id="claimAttributeProvider"
-        class="org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider">
-    </bean>
-
-    <bean id="claimsManager" class="org.apache.cxf.sts.claims.ClaimsManager">
-        <property name="claimHandlers" ref="claimHandlerList" />
-    </bean>
-
-    <bean id="identityMapper"
-        class="org.apache.cxf.fediz.service.sts.realms.IdentityMapperImpl" />
-
-    <bean id="samlRealmCodec"
-        class="org.apache.cxf.fediz.service.sts.realms.SamlRealmCodec" />
-
-    <bean id="customRealmParser" class="org.apache.cxf.fediz.service.sts.realms.UriRealmParser">
-		<property name="realmMap" ref="realms" />
-	</bean>
-
-    <bean id="transportSamlTokenValidator"
-        class="org.apache.cxf.sts.token.validator.SAMLTokenValidator">
-        <property name="samlRealmCodec" ref="samlRealmCodec" />
-    </bean>
-
-    <bean id="transportUsernameTokenValidator"
-        class="org.apache.cxf.sts.token.validator.UsernameTokenValidator">
-    </bean>
-
-    <util:list id="transportServices">
-        <ref bean="myEncryptionService" />
-        <ref bean="transportService" />
-    </util:list>
-
-    <bean id="transportService" class="org.apache.cxf.sts.service.StaticService">
-        <property name="endpoints">
-            <util:list>
-                <value>.*</value>
-            </util:list>
-        </property>
-    </bean>
-    
-    <bean id="myEncryptionService" class="org.apache.cxf.sts.service.StaticService">
-        <property name="endpoints">
-            <util:list>
-                <value>myServiceB.*</value>
-            </util:list>
-        </property>
-        <property name="encryptionProperties">
-            <bean class="org.apache.cxf.sts.service.EncryptionProperties">
-                <property name="encryptionName" value="serviceB"/>
-                <property name="encryptionAlgorithm" value="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
-            </bean>
-        </property>
-    </bean>
-
-    <bean id="transportSTSProperties" class="org.apache.cxf.sts.StaticSTSProperties">
-        <property name="callbackHandlerClass"
-            value="org.apache.cxf.fediz.service.sts.PasswordCallbackHandler" />
-        <property name="issuer" value="Fediz STS" />
-        <property name="realmParser" ref="customRealmParser" />
-        <property name="signatureCryptoProperties" value="stsTruststore.properties" />
-        <property name="encryptionCryptoProperties" value="stsEncryption.properties"/>
-        <property name="relationships" ref="relationships" />
-    </bean>
-
-</beans>
-

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3d732f51/services/sts/src/main/webapp/WEB-INF/data/realms.xml
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/data/realms.xml b/services/sts/src/main/webapp/WEB-INF/data/realms.xml
new file mode 100644
index 0000000..836e223
--- /dev/null
+++ b/services/sts/src/main/webapp/WEB-INF/data/realms.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:cxf="http://cxf.apache.org/core"
+    xmlns:jaxws="http://cxf.apache.org/jaxws"
+    xmlns:test="http://apache.org/hello_world_soap_http"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:util="http://www.springframework.org/schema/util"
+    xmlns:http="http://cxf.apache.org/transports/http/configuration"
+    xmlns:sec="http://cxf.apache.org/configuration/security"
+    xsi:schemaLocation="
+        http://cxf.apache.org/core
+        http://cxf.apache.org/schemas/core.xsd
+        http://www.springframework.org/schema/beans
+        http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+        http://cxf.apache.org/jaxws
+        http://cxf.apache.org/schemas/jaxws.xsd
+        http://www.springframework.org/schema/util
+        http://www.springframework.org/schema/util/spring-util-2.0.xsd
+        http://cxf.apache.org/transports/http/configuration
+        http://cxf.apache.org/schemas/configuration/http-conf.xsd
+        http://cxf.apache.org/configuration/security
+        http://cxf.apache.org/schemas/configuration/security.xsd">
+
+    <util:list id="relationships">
+        <bean class="org.apache.cxf.sts.token.realm.Relationship">
+            <property name="sourceRealm" value="REALMA" />
+            <property name="targetRealm" value="REALMB" />
+            <property name="identityMapper" ref="identityMapper" />
+            <property name="type" value="FederatedIdentity" />
+        </bean>
+        <bean class="org.apache.cxf.sts.token.realm.Relationship">
+            <property name="sourceRealm" value="REALMB" />
+            <property name="targetRealm" value="REALMA" />
+            <property name="identityMapper" ref="identityMapper" />
+            <property name="type" value="FederatedIdentity" />
+        </bean>
+    </util:list>
+
+    <bean id="realmA" class="org.apache.cxf.sts.token.realm.SAMLRealm">
+        <property name="issuer" value="STS Realm A" />
+        <property name="signaturePropertiesFile" value="stsKeystoreA.properties" />
+        <property name="callbackHandlerClass"
+            value="org.apache.cxf.fediz.service.sts.PasswordCallbackHandler" />
+    </bean>
+
+    <bean id="realmB" class="org.apache.cxf.sts.token.realm.SAMLRealm">
+        <property name="issuer" value="STS Realm B" />
+        <property name="signaturePropertiesFile" value="stsKeystoreB.properties" />
+        <property name="callbackHandlerClass"
+            value="org.apache.cxf.fediz.service.sts.PasswordCallbackHandler" />
+    </bean>
+
+    <util:map id="realms">
+        <entry key="REALMA" value-ref="realmA" />
+        <entry key="REALMB" value-ref="realmB" />
+    </util:map>
+    
+</beans>
+


Mime
View raw message