cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [09/19] cxf-fediz git commit: FEDIZ-155 - Move .java components out of idp webapp and into a separate JAR
Date Fri, 27 Jan 2017 11:22:52 GMT
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/EntitlementDAOJPATest.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/EntitlementDAOJPATest.java b/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/EntitlementDAOJPATest.java
new file mode 100644
index 0000000..1d63fde
--- /dev/null
+++ b/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/EntitlementDAOJPATest.java
@@ -0,0 +1,115 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.service.jpa;
+
+import java.util.List;
+
+import org.apache.cxf.fediz.service.idp.domain.Entitlement;
+import org.apache.cxf.fediz.service.idp.service.EntitlementDAO;
+
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.dao.DataIntegrityViolationException;
+import org.springframework.dao.EmptyResultDataAccessException;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.util.Assert;
+
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration(locations = { "classpath:testContext.xml" })
+public class EntitlementDAOJPATest {
+
+    @Autowired
+    private EntitlementDAO entitlementDAO;
+    
+    
+    @BeforeClass
+    public static void init() {
+        System.setProperty("spring.profiles.active", "jpa");
+    }
+    
+    
+    @Test
+    public void testReadAllEntitlements() {
+        List<Entitlement> entitlements = entitlementDAO.getEntitlements(0, 999);
+        Assert.isTrue(30 == entitlements.size(), "Size doesn't match");
+    }
+    
+    @Test
+    public void testReadExistingEntitlement() {
+        Entitlement entitlement = entitlementDAO.getEntitlement("CLAIM_LIST");
+        Assert.isTrue("CLAIM_LIST".equals(entitlement.getName()),
+                      "Entitlement name doesn't match");
+        Assert.isTrue("Description for CLAIM_LIST".equals(entitlement.getDescription()),
+                      "Entitlement Description doesn't match");
+    }
+    
+    
+    @Test(expected = EmptyResultDataAccessException.class)
+    public void testTryReadNonexistingEntitlement() {
+        entitlementDAO.getEntitlement("CLAIM_NOT_EXIST");
+    }
+    
+    
+    @Test
+    public void testAddNewEntitlement() {
+        Entitlement entitlement5 = new Entitlement();
+        entitlement5.setName("GUGUS_CREATE");
+        entitlement5.setDescription("Any entitlement");
+        entitlementDAO.addEntitlement(entitlement5);
+        
+        List<Entitlement> entitlements = entitlementDAO.getEntitlements(0, 999);
+        Assert.isTrue(31 == entitlements.size(), "Size doesn't match. Entitlement not added");
+    }
+    
+    
+    @Test(expected = DataIntegrityViolationException.class)
+    public void testTryAddExistingEntitlement() {
+        Entitlement entitlement5 = new Entitlement();
+        entitlement5.setName("CLAIM_DELETE");
+        entitlement5.setDescription("Description for CLAIM_DELETE");
+        entitlementDAO.addEntitlement(entitlement5);
+    }
+    
+    
+    @Test(expected = EmptyResultDataAccessException.class)
+    public void testTryRemoveUnknownEntitlement() {
+        entitlementDAO.deleteEntitlement("GUGUS_NOT_EXIST");
+    }
+    
+    
+    @Test(expected = EmptyResultDataAccessException.class)
+    public void testRemoveExistingEntitlement() {
+        
+        Entitlement entitlement5 = new Entitlement();
+        entitlement5.setName("CLAIM_TO_DELETE");
+        entitlement5.setDescription("Description for CLAIM_TO_DELETE");
+        entitlementDAO.addEntitlement(entitlement5);
+        
+        entitlementDAO.deleteEntitlement("CLAIM_TO_DELETE");
+        
+        entitlementDAO.getEntitlement("CLAIM_TO_DELETE");
+    }
+    
+
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpDAOJPATest.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpDAOJPATest.java b/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpDAOJPATest.java
new file mode 100644
index 0000000..6256371
--- /dev/null
+++ b/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpDAOJPATest.java
@@ -0,0 +1,653 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.service.jpa;
+
+import java.net.MalformedURLException;
+import java.net.URI;
+import java.net.URL;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.cxf.fediz.service.idp.domain.Application;
+import org.apache.cxf.fediz.service.idp.domain.Claim;
+import org.apache.cxf.fediz.service.idp.domain.Idp;
+import org.apache.cxf.fediz.service.idp.domain.TrustedIdp;
+import org.apache.cxf.fediz.service.idp.service.IdpDAO;
+import org.apache.wss4j.dom.WSConstants;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.dao.DataIntegrityViolationException;
+import org.springframework.dao.EmptyResultDataAccessException;
+import org.springframework.orm.jpa.JpaObjectRetrievalFailureException;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.util.Assert;
+
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration(locations = { "classpath:testContext.xml" })
+public class IdpDAOJPATest {
+
+    @Autowired
+    private IdpDAO idpDAO;
+    
+    
+    @BeforeClass
+    public static void init() {
+        System.setProperty("spring.profiles.active", "jpa");
+    }
+    
+    
+    @Test
+    public void testReadAllIdps() {
+        List<Idp> idps = idpDAO.getIdps(0, 999, null);
+        // Idp could have been removed, Order not given as per JUnit design
+        Assert.isTrue(0 < idps.size(), "Size doesn't match [" + idps.size() + "]");
+    }
+    
+    
+    @Test
+    public void testReadExistingIdpEmbeddedAll() throws MalformedURLException {
+        Idp idp = idpDAO.getIdp("urn:org:apache:cxf:fediz:idp:realm-A", Arrays.asList("all"));
+        
+        Assert.isTrue("stsKeystoreA.properties".equals(idp.getCertificate()),
+                      "Certificate doesn't match");
+        Assert.isTrue("realma".equals(idp.getCertificatePassword()),
+                      "Certificate password doesn't match");
+        Assert.isTrue("urn:org:apache:cxf:fediz:idp:realm-A".equals(idp.getRealm()),
+                      "Realm doesn't match");
+        Assert.isTrue("IDP of Realm A".equals(idp.getServiceDescription()),
+                      "ServiceDescription doesn't match");
+        Assert.isTrue("REALM A".equals(idp.getServiceDisplayName()),
+                      "ServiceDisplayName doesn't match");        
+        Assert.isTrue(new URL("https://localhost:9443/fediz-idp/federation").equals(idp.getIdpUrl()),
+                      "IdpUrl doesn't match");
+        Assert.isTrue(new URL("https://localhost:9443/fediz-idp-sts/REALMA").equals(idp.getStsUrl()),
+                      "StsUrl doesn't match");
+        Assert.isTrue("realma".equals(idp.getUri()),
+                      "Uri doesn't match");
+        Assert.isTrue(idp.isProvideIdpList(),
+                      "ProvideIDPList doesn't match");
+        Assert.isTrue(idp.isUseCurrentIdp(),
+                      "UseCurrentIDP doesn't match");
+        Assert.isTrue(4 == idp.getAuthenticationURIs().size(),
+                      "Number of AuthenticationURIs doesn't match");
+        Assert.isTrue(2 == idp.getSupportedProtocols().size(),
+                      "Number of SupportedProtocols doesn't match");
+        Assert.isTrue(2 == idp.getTokenTypesOffered().size(),
+                      "Number of TokenTypesOffered doesn't match");
+        Assert.isTrue(2 == idp.getApplications().size(),
+                      "Number of applications doesn't match");
+        Assert.isTrue(1 == idp.getTrustedIdps().size(),
+                      "Number of trusted IDPs doesn't match");
+        Assert.isTrue(4 == idp.getClaimTypesOffered().size(),
+                      "Number of claims doesn't match");
+    }
+    
+    @Test
+    public void testReadExistingIdpEmbeddedTrustedIdps() {
+        Idp idp = idpDAO.getIdp("urn:org:apache:cxf:fediz:idp:realm-A",
+                                                                Arrays.asList("trusted-idps"));
+        
+        Assert.isTrue(1 == idp.getTrustedIdps().size(),
+                      "Number of trusted IDPs doesn't match");
+    }
+    
+    @Test
+    public void testReadExistingIdpEmbeddedClaims() {
+        Idp idp = idpDAO.getIdp("urn:org:apache:cxf:fediz:idp:realm-A",
+                                                                Arrays.asList("claims"));
+        
+        Assert.isTrue(4 == idp.getClaimTypesOffered().size(),
+                      "Number of claims doesn't match");
+    }
+    
+    @Test
+    public void testReadExistingIdpEmbeddedApplications() {
+        Idp idp = idpDAO.getIdp("urn:org:apache:cxf:fediz:idp:realm-A", Arrays.asList("applications"));
+        
+        Assert.isTrue(2 == idp.getApplications().size(), "Number of applications doesn't match");
+    }
+    
+    @Test
+    public void testReadExistingIdpEmbeddedNull() {
+        Idp idp = idpDAO.getIdp("urn:org:apache:cxf:fediz:idp:realm-A",
+                                                                null);
+        
+        Assert.isTrue(0 == idp.getClaimTypesOffered().size(),
+                      "Number of claims doesn't match");
+        Assert.isTrue(0 == idp.getApplications().size(),
+                      "Number of applications doesn't match");
+        Assert.isTrue(0 == idp.getTrustedIdps().size(),
+                      "Number of trusted IDPs doesn't match");
+       
+    }
+    
+    
+    @Test(expected = EmptyResultDataAccessException.class)
+    public void testTryReadNonexistingIdp() {
+        idpDAO.getIdp("urn:org:apache:cxf:fediz:idp:NOTEXIST", null);
+    }
+    
+    
+    @Test
+    public void testAddNewIdp() throws MalformedURLException {
+        Idp idp = new Idp();
+        idp.setRealm("urn:org:apache:cxf:fediz:idp:testadd");
+        idp.setCertificate("stsKeystoreA.properties");
+        idp.setCertificatePassword("realma");
+        idp.setIdpUrl(new URL("https://localhost:9443/fediz-idp/federation"));
+        idp.setStsUrl(new URL("https://localhost:9443/fediz-idp-sts/REALMN"));
+        idp.setServiceDisplayName("NEW REALM");
+        idp.setServiceDescription("IDP of New Realm");
+        idp.setUri("realmn");
+        idp.setProvideIdpList(true);
+        Map<String, String> authUris = new HashMap<>();
+        authUris.put("default", "/login/default");
+        idp.setAuthenticationURIs(authUris);
+        List<String> protocols = new ArrayList<>();
+        protocols.add("http://docs.oasis-open.org/wsfed/federation/200706");
+        protocols.add("http://docs.oasis-open.org/ws-sx/ws-trust/200512");
+        idp.setSupportedProtocols(protocols);
+        List<String> tokenTypes = new ArrayList<>();
+        tokenTypes.add(WSConstants.SAML2_NS);
+        tokenTypes.add(WSConstants.SAML_NS);
+        idp.setTokenTypesOffered(tokenTypes);
+        idp.setUseCurrentIdp(true);
+        
+        idpDAO.addIdp(idp);
+        
+        idp = idpDAO.getIdp("urn:org:apache:cxf:fediz:idp:testadd", null);
+        
+        Assert.isTrue("stsKeystoreA.properties".equals(idp.getCertificate()),
+                      "Certificate doesn't match");
+        Assert.isTrue("realma".equals(idp.getCertificatePassword()),
+                      "Certificate password doesn't match");
+        Assert.isTrue("urn:org:apache:cxf:fediz:idp:testadd".equals(idp.getRealm()),
+                      "Realm doesn't match");
+        Assert.isTrue("IDP of New Realm".equals(idp.getServiceDescription()),
+                      "ServiceDescription doesn't match");
+        Assert.isTrue("NEW REALM".equals(idp.getServiceDisplayName()),
+                      "ServiceDisplayName doesn't match");        
+        Assert.isTrue(new URL("https://localhost:9443/fediz-idp/federation").equals(idp.getIdpUrl()),
+                      "IdpUrl doesn't match");
+        Assert.isTrue(new URL("https://localhost:9443/fediz-idp-sts/REALMN").equals(idp.getStsUrl()),
+                      "StsUrl doesn't match");
+        Assert.isTrue("realmn".equals(idp.getUri()),
+                      "Uri doesn't match");
+        Assert.isTrue(idp.isProvideIdpList(),
+                      "ProvideIDPList doesn't match");
+        Assert.isTrue(idp.isUseCurrentIdp(),
+                      "UseCurrentIDP doesn't match");
+        Assert.isTrue(1 == idp.getAuthenticationURIs().size(),
+                      "Number of AuthenticationURIs doesn't match");
+        Assert.isTrue(2 == idp.getSupportedProtocols().size(),
+                      "Number of SupportedProtocols doesn't match");
+        Assert.isTrue(2 == idp.getTokenTypesOffered().size(),
+                      "Number of TokenTypesOffered doesn't match");
+        Assert.isTrue(0 == idp.getApplications().size(),
+                      "Number of applications doesn't match");
+        Assert.isTrue(0 == idp.getTrustedIdps().size(),
+                      "Number of trusted IDPs doesn't match");
+        Assert.isTrue(0 == idp.getClaimTypesOffered().size(),
+                      "Number of claims doesn't match");
+
+    }
+    
+    
+    @Test(expected = DataIntegrityViolationException.class)
+    public void testTryAddExistingIdp() throws MalformedURLException {
+        Idp idp = createIdp("urn:org:apache:cxf:fediz:idp:realm-A");
+        idpDAO.addIdp(idp);
+    }
+    
+    
+    @Test(expected = EmptyResultDataAccessException.class)
+    public void testTryRemoveUnknownIdp() {
+        idpDAO.deleteIdp("urn:org:apache:cxf:fediz:idp:NOTEXIST");
+    }
+    
+    
+    @Test(expected = EmptyResultDataAccessException.class)
+    public void testRemoveExistingIdp() throws MalformedURLException {
+        Idp idp = createIdp("urn:org:apache:cxf:fediz:idp:testdelete");
+        
+        idpDAO.addIdp(idp);
+        
+        idpDAO.deleteIdp("urn:org:apache:cxf:fediz:idp:testdelete");
+        
+        idpDAO.getIdp("urn:org:apache:cxf:fediz:idp:testdelete", null);
+    }
+    
+    @Test
+    public void testUpdateIdp() throws MalformedURLException {
+        String realm = "urn:org:apache:cxf:fediz:idp:testupdate";
+        //Prepare
+        Idp idp = createIdp(realm);
+        idpDAO.addIdp(idp);
+        
+        //Testcase
+        idp = new Idp();
+        idp.setRealm(realm);
+        idp.setCertificate("UstsKeystoreA.properties");
+        idp.setCertificatePassword("Urealma");
+        idp.setIdpUrl(new URL("https://localhost:9443/fediz-idp/federationUU"));
+        idp.setStsUrl(new URL("https://localhost:9443/fediz-idp-sts/REALMAUU"));
+        idp.setServiceDisplayName("UNEW REALM");
+        idp.setServiceDescription("UIDP of New Realm");
+        idp.setUri("Urealmn");
+        idp.setProvideIdpList(true);
+        Map<String, String> authUris = new HashMap<>();
+        authUris.put("default", "/login/default");
+        idp.setAuthenticationURIs(authUris);
+        List<String> protocols = new ArrayList<>();
+        protocols.add("http://docs.oasis-open.org/wsfed/federation/200706");
+        idp.setSupportedProtocols(protocols);
+        List<String> tokenTypes = new ArrayList<>();
+        tokenTypes.add(WSConstants.SAML2_NS);
+        idp.setTokenTypesOffered(tokenTypes);
+        idp.setUseCurrentIdp(false);
+        idpDAO.updateIdp(realm, idp);
+        
+        idp = idpDAO.getIdp(realm, null);
+        
+        Assert.isTrue("UstsKeystoreA.properties".equals(idp.getCertificate()),
+                      "Certificate doesn't match");
+        Assert.isTrue("Urealma".equals(idp.getCertificatePassword()),
+                      "Certificate password doesn't match");
+        Assert.isTrue(realm.equals(idp.getRealm()),
+                      "Realm doesn't match");
+        Assert.isTrue("UIDP of New Realm".equals(idp.getServiceDescription()),
+                      "ServiceDescription doesn't match");
+        Assert.isTrue("UNEW REALM".equals(idp.getServiceDisplayName()),
+                      "ServiceDisplayName doesn't match");        
+        Assert.isTrue(new URL("https://localhost:9443/fediz-idp/federationUU").equals(idp.getIdpUrl()),
+                      "IdpUrl doesn't match");
+        Assert.isTrue(new URL("https://localhost:9443/fediz-idp-sts/REALMAUU").equals(idp.getStsUrl()),
+                      "StsUrl doesn't match");
+        Assert.isTrue("Urealmn".equals(idp.getUri()),
+                      "Uri doesn't match");
+        Assert.isTrue(idp.isProvideIdpList(),
+                      "ProvideIDPList doesn't match");
+        Assert.isTrue(!idp.isUseCurrentIdp(),
+                      "UseCurrentIDP doesn't match");
+        Assert.isTrue(1 == idp.getAuthenticationURIs().size(),
+                      "Number of AuthenticationURIs doesn't match");
+        Assert.isTrue(1 == idp.getSupportedProtocols().size(),
+                      "Number of SupportedProtocols doesn't match");
+        Assert.isTrue(1 == idp.getTokenTypesOffered().size(),
+                      "Number of TokenTypesOffered doesn't match");
+        Assert.isTrue(0 == idp.getApplications().size(),
+                      "Number of applications doesn't match");
+        Assert.isTrue(0 == idp.getTrustedIdps().size(),
+                      "Number of trusted IDPs doesn't match");
+        Assert.isTrue(0 == idp.getClaimTypesOffered().size(),
+                      "Number of claims doesn't match");
+        
+    }
+    
+    @Test(expected = EmptyResultDataAccessException.class)
+    public void testUpdateUnknownIdp() throws MalformedURLException {
+        String realm = "urn:org:apache:cxf:fediz:idp:testupdate2";
+        
+        //Prepare
+        Idp idp = createIdp(realm);
+        idpDAO.addIdp(idp);
+        
+        //Testcase
+        idp = new Idp();
+        idp.setRealm(realm);
+        idp.setCertificate("UstsKeystoreA.properties");
+        idp.setCertificatePassword("Urealma");
+        idp.setIdpUrl(new URL("https://localhost:9443/fediz-idp/federationUU"));
+        idp.setStsUrl(new URL("https://localhost:9443/fediz-idp-sts/REALMNUU"));
+        idp.setServiceDisplayName("UNEW REALM");
+        idp.setServiceDescription("UIDP of New Realm");
+        idp.setUri("Urealmn");
+        idp.setProvideIdpList(true);
+        Map<String, String> authUris = new HashMap<>();
+        authUris.put("default", "/login/default");
+        idp.setAuthenticationURIs(authUris);
+        List<String> protocols = new ArrayList<>();
+        protocols.add("http://docs.oasis-open.org/wsfed/federation/200706");
+        idp.setSupportedProtocols(protocols);
+        List<String> tokenTypes = new ArrayList<>();
+        tokenTypes.add(WSConstants.SAML2_NS);
+        idp.setTokenTypesOffered(tokenTypes);
+        idp.setUseCurrentIdp(false);
+        idpDAO.updateIdp("urn:UNKNOWN", idp);
+    }
+    
+    @Test
+    public void testAddClaimToIdp() throws MalformedURLException {
+        String realm = "urn:org:apache:cxf:fediz:idp:testaddclaim";
+        
+        //Prepare
+        Idp idp = createIdp(realm);
+        idpDAO.addIdp(idp);
+        
+        //Testcase
+        Claim claim = new Claim();
+        claim.setClaimType(URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"));
+        
+        idpDAO.addClaimToIdp(idp, claim);
+               
+        idp = idpDAO.getIdp(realm, Arrays.asList("all"));
+        
+        Assert.isTrue(1 == idp.getClaimTypesOffered().size(), "claimTypesOffered size doesn't match");
+    }
+    
+    @Test(expected = DataIntegrityViolationException.class)
+    public void testTryAddExistingClaimToIdp() {
+        Idp idp = new Idp();
+        idp.setRealm("urn:org:apache:cxf:fediz:idp:realm-A");
+        
+        Claim claim = new Claim();
+        claim.setClaimType(URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"));
+        
+        idpDAO.addClaimToIdp(idp, claim);
+    }
+    
+    @Test(expected = EmptyResultDataAccessException.class)
+    public void testTryAddUnknownClaimToIdp() {
+        Idp idp = new Idp();
+        idp.setRealm("urn:org:apache:cxf:fediz:idp:realm-A");
+        
+        Claim claim = new Claim();
+        claim.setClaimType(URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/UNKOWN"));
+        
+        idpDAO.addClaimToIdp(idp, claim);
+        
+    }
+    
+    @Test
+    public void testRemoveClaimFromIdp() throws MalformedURLException {
+        String realm = "urn:org:apache:cxf:fediz:fedizhelloworld:testremoveclaim";
+        //Prepare step
+        Idp idp = createIdp(realm);
+        idpDAO.addIdp(idp);
+        
+        Claim claim = new Claim();
+        claim.setClaimType(URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"));
+        idpDAO.addClaimToIdp(idp, claim);
+               
+        idp = idpDAO.getIdp(realm, Arrays.asList("all"));
+        Assert.isTrue(1 == idp.getClaimTypesOffered().size(),
+                      "claimTypesOffered size doesn't match [" + idp.getClaimTypesOffered().size() + "]");
+        
+        //Testcase
+        idpDAO.removeClaimFromIdp(idp, claim);
+        idp = idpDAO.getIdp(realm, Arrays.asList("all"));
+        Assert.isTrue(0 == idp.getClaimTypesOffered().size(),
+                      "claimTypesOffered size doesn't match [" + idp.getClaimTypesOffered().size() + "]");
+    }
+    
+    @Test(expected = JpaObjectRetrievalFailureException.class)
+    public void testTryRemoveNotAssignedClaimFromIdp() {
+        Idp idp = new Idp();
+        idp.setRealm("urn:org:apache:cxf:fediz:idp:realm-A");
+                
+        Claim claim = new Claim();
+        claim.setClaimType(URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/city"));
+        
+        idpDAO.removeClaimFromIdp(idp, claim);
+    }
+    
+    @Test(expected = EmptyResultDataAccessException.class)
+    public void testTryRemoveUnknownClaimFromIdp() {
+        Idp idp = new Idp();
+        idp.setRealm("urn:org:apache:cxf:fediz:idp:realm-A");
+                
+        Claim claim = new Claim();
+        claim.setClaimType(URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/UNKNOWN"));
+        
+        idpDAO.removeClaimFromIdp(idp, claim);
+    }
+    
+    @Test
+    public void testAddApplicationToIdp() throws MalformedURLException {
+        String realm = "urn:org:apache:cxf:fediz:app:testaddApplication";
+        
+        //Prepare
+        Idp idp = createIdp(realm);
+        idpDAO.addIdp(idp);
+        
+        //Testcase
+        //Application app = createApplication(realm);
+        Application app = new Application();
+        app.setRealm("urn:org:apache:cxf:fediz:fedizhelloworld");
+        idpDAO.addApplicationToIdp(idp, app);
+               
+        idp = idpDAO.getIdp(realm, Arrays.asList("all"));
+        
+        Assert.isTrue(1 == idp.getApplications().size(), "applications size doesn't match");
+    }
+    
+    
+    @Test(expected = DataIntegrityViolationException.class)
+    public void testTryAddExistingApplicationToIdp() {
+        Idp idp = new Idp();
+        idp.setRealm("urn:org:apache:cxf:fediz:idp:realm-A");
+        
+        Application app = new Application();
+        app.setRealm("urn:org:apache:cxf:fediz:fedizhelloworld");
+        
+        idpDAO.addApplicationToIdp(idp, app);
+    }
+    
+    @Test(expected = EmptyResultDataAccessException.class)
+    public void testTryAddUnknownApplicationToIdp() {
+        Idp idp = new Idp();
+        idp.setRealm("urn:org:apache:cxf:fediz:idp:realm-A");
+        
+        Application app = new Application();
+        app.setRealm("urn:org:apache:cxf:fediz:UNKNOWN");
+        
+        idpDAO.addApplicationToIdp(idp, app);
+        
+    }
+    
+    @Test
+    public void testRemoveApplicationFromIdp() throws MalformedURLException {
+        String realm = "urn:org:apache:cxf:fediz:fedizhelloworld:testremoveapp";
+        //Prepare step
+        Idp idp = createIdp(realm);
+        idpDAO.addIdp(idp);
+        
+        Application app = new Application();
+        app.setRealm("urn:org:apache:cxf:fediz:fedizhelloworld");
+        idpDAO.addApplicationToIdp(idp, app);
+               
+        idp = idpDAO.getIdp(realm, Arrays.asList("all"));
+        Assert.isTrue(1 == idp.getApplications().size(),
+                      "applications size doesn't match [" + idp.getApplications().size() + "]");
+        
+        //Testcase
+        idpDAO.removeApplicationFromIdp(idp, app);
+        idp = idpDAO.getIdp(realm, Arrays.asList("all"));
+        Assert.isTrue(0 == idp.getApplications().size(),
+                      "applications size doesn't match [" + idp.getApplications().size() + "]");
+    }
+    
+    
+    @Test(expected = JpaObjectRetrievalFailureException.class)
+    public void testTryRemoveNotAssignedApplicationFromIdp() {
+        Idp idp = new Idp();
+        idp.setRealm("urn:org:apache:cxf:fediz:idp:realm-A");
+                
+        Application app = new Application();
+        app.setRealm("myrealm2");
+        
+        idpDAO.removeApplicationFromIdp(idp, app);
+    }
+    
+    
+    @Test(expected = EmptyResultDataAccessException.class)
+    public void testTryRemoveUnknownApplicationFromIdp() {
+        Idp idp = new Idp();
+        idp.setRealm("urn:org:apache:cxf:fediz:idp:realm-A");
+                
+        Application app = new Application();
+        app.setRealm("urn:org:apache:cxf:fediz:UNKNOWN");
+        
+        idpDAO.removeApplicationFromIdp(idp, app);
+    }
+    
+    
+    
+    
+    
+    
+    @Test
+    public void testAddTrustedIdpToIdp() throws MalformedURLException {
+        String realm = "urn:org:apache:cxf:fediz:trusted-idp:testaddTrustedIdp";
+        
+        //Prepare
+        Idp idp = createIdp(realm);
+        idpDAO.addIdp(idp);
+        
+        //Testcase
+        //Application app = createApplication(realm);
+        TrustedIdp trustedIdp = new TrustedIdp();
+        trustedIdp.setRealm("urn:org:apache:cxf:fediz:idp:realm-B");
+        idpDAO.addTrustedIdpToIdp(idp, trustedIdp);
+               
+        idp = idpDAO.getIdp(realm, Arrays.asList("all"));
+        
+        Assert.isTrue(1 == idp.getTrustedIdps().size(), "applications size doesn't match");
+    }
+    
+    /*
+    @Test(expected = DataIntegrityViolationException.class)
+    public void testTryAddExistingTrustedIdpToIdp() {
+        Idp idp = new Idp();
+        idp.setRealm("urn:org:apache:cxf:fediz:idp:realm-A");
+        
+        TrustedIdp trustedIdp = new TrustedIdp();
+        trustedIdp.setRealm("urn:org:apache:cxf:fediz:idp:realm-B");
+        
+        idpDAO.addTrustedIdpToIdp(idp, trustedIdp);
+    }
+    
+    @Test(expected = NoResultException.class)
+    public void testTryAddUnknownTrustedIdpToIdp() {
+        Idp idp = new Idp();
+        idp.setRealm("urn:org:apache:cxf:fediz:idp:realm-A");
+        
+        TrustedIdp trustedIdp = new TrustedIdp();
+        trustedIdp.setRealm("urn:org:apache:cxf:fediz:UNKNOWN");
+        
+        idpDAO.addTrustedIdpToIdp(idp, trustedIdp);
+    }
+    
+    @Test
+    public void testRemoveTrustedIdpFromIdp() {
+        String realm = "urn:org:apache:cxf:fediz:trustedidp:testremove";
+        //Prepare step
+        Idp idp = createIdp(realm);
+        idpDAO.addIdp(idp);
+        
+        TrustedIdp trustedIdp = new TrustedIdp();
+        trustedIdp.setRealm("urn:org:apache:cxf:fediz:idp:realm-B");
+        idpDAO.addTrustedIdpToIdp(idp, trustedIdp);
+               
+        idp = idpDAO.getIdp(realm, Arrays.asList("all"));
+        Assert.isTrue(1 == idp.getTrustedIdps().size(),
+                      "trustedIdps size doesn't match [" + idp.getTrustedIdps().size() + "]");
+        
+        //Testcase
+        idpDAO.removeTrustedIdpFromIdp(idp, trustedIdp);
+        idp = idpDAO.getIdp(realm, Arrays.asList("all"));
+        Assert.isTrue(0 == idp.getTrustedIdps().size(),
+                      "trustedIdps size doesn't match [" + idp.getTrustedIdps().size() + "]");
+    }
+    
+    
+    @Test(expected = EntityNotFoundException.class)
+    public void testTryRemoveNotAssignedTrustedIdpFromIdp() {
+        Idp idp = new Idp();
+        idp.setRealm("urn:org:apache:cxf:fediz:idp:realm-A");
+                
+        TrustedIdp trustedIdp = new TrustedIdp();
+        trustedIdp.setRealm("trustedidp2realm");
+        
+        idpDAO.removeTrustedIdpFromIdp(idp, trustedIdp);
+    }
+    
+    
+    @Test(expected = NoResultException.class)
+    public void testTryRemoveUnknownTrustedIdpFromIdp() {
+        Idp idp = new Idp();
+        idp.setRealm("urn:org:apache:cxf:fediz:idp:realm-A");
+                
+        TrustedIdp trustedIdp = new TrustedIdp();
+        trustedIdp.setRealm("urn:org:apache:cxf:fediz:UNKNOWN");
+        
+        idpDAO.removeTrustedIdpFromIdp(idp, trustedIdp);
+    }
+    */
+    
+    
+    private static Idp createIdp(String realm) throws MalformedURLException {
+        Idp idp = new Idp();
+        idp.setRealm(realm);
+        idp.setCertificate("stsKeystoreA.properties");
+        idp.setCertificatePassword("realma");
+        idp.setIdpUrl(new URL("https://localhost:9443/fediz-idp/federation"));
+        idp.setStsUrl(new URL("https://localhost:9443/fediz-idp-sts/REALMA"));
+        idp.setServiceDisplayName("NEW REALM");
+        idp.setServiceDescription("IDP of New Realm");
+        idp.setUri("realma");
+        idp.setProvideIdpList(true);
+        Map<String, String> authUris = new HashMap<>();
+        authUris.put("default", "/login/default");
+        idp.setAuthenticationURIs(authUris);
+        List<String> protocols = new ArrayList<>();
+        protocols.add("http://docs.oasis-open.org/wsfed/federation/200706");
+        protocols.add("http://docs.oasis-open.org/ws-sx/ws-trust/200512");
+        idp.setSupportedProtocols(protocols);
+        List<String> tokenTypes = new ArrayList<>();
+        tokenTypes.add(WSConstants.SAML2_NS);
+        tokenTypes.add(WSConstants.SAML_NS);
+        idp.setTokenTypesOffered(tokenTypes);
+        idp.setUseCurrentIdp(true);
+        return idp;
+    }
+    /*
+    private static Application createApplication(String realm) {
+        Application application = new Application();
+        application.setRealm(realm);
+        application.setEncryptionCertificate("");
+        application.setLifeTime("3600");
+        application.setProtocol("http://docs.oasis-open.org/wsfed/federation/200706");
+        application.setRole("ApplicationServiceType");
+        application.setServiceDescription("Fedizhelloworld description");
+        application.setServiceDisplayName("Fedizhelloworld");
+        application.setTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
+        return application;
+    }
+    */
+    
+
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/TestDBLoader.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/TestDBLoader.java b/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/TestDBLoader.java
new file mode 100644
index 0000000..222277a
--- /dev/null
+++ b/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/TestDBLoader.java
@@ -0,0 +1,93 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.service.jpa;
+
+import javax.persistence.EntityManager;
+import javax.persistence.PersistenceContext;
+
+import org.apache.cxf.fediz.service.idp.domain.FederationType;
+import org.apache.cxf.fediz.service.idp.domain.TrustType;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.transaction.annotation.Transactional;
+
+@Transactional
+public class TestDBLoader implements DBLoader {
+    
+    public static final String NAME = "UNITTESTDBLOADER";
+    
+    private static final Logger LOG = LoggerFactory.getLogger(TestDBLoader.class);
+    
+    private EntityManager em;
+
+    @PersistenceContext
+    public void setEntityManager(EntityManager entityManager) {
+        this.em = entityManager;
+    }
+    
+    @Override
+    public String getName() {
+        return NAME;
+    }
+    
+    public void load() {
+        
+        try {
+            ClaimEntity claimEntity5 = new ClaimEntity();
+            claimEntity5.setClaimType("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/city");
+            claimEntity5.setDisplayName("city");
+            claimEntity5.setDescription("Description for city");
+            em.persist(claimEntity5);
+                        
+            ApplicationEntity entity2 = new ApplicationEntity();
+            entity2.setEncryptionCertificate("my encryption cert2");
+            entity2.setLifeTime(1800);
+            entity2.setProtocol("http://docs.oasis-open.org/wsfed/federation/200706");
+            entity2.setRealm("myrealm2");
+            entity2.setRole("myrole");
+            entity2.setServiceDescription("service description2");
+            entity2.setServiceDisplayName("service displayname2");
+            entity2.setTokenType("my tokentype");
+            // must be persistet here already as the ApplicationClaimEntity requires the Application Id
+            em.persist(entity2);
+            ApplicationClaimEntity ace5 = new ApplicationClaimEntity(entity2, claimEntity5);
+            ace5.setOptional(false);
+            em.persist(ace5);
+            entity2.getRequestedClaims().add(ace5);
+            em.persist(entity2);
+            
+            TrustedIdpEntity entity4 = new TrustedIdpEntity();
+            entity4.setCacheTokens(true);
+            entity4.setCertificate("trusted cert");
+            entity4.setDescription("Realm B description");
+            entity4.setFederationType(FederationType.FEDERATE_IDENTITY);
+            entity4.setName("Realm B");
+            entity4.setProtocol("http://docs.oasis-open.org/wsfed/federation/200706");
+            entity4.setRealm("trustedidp2realm");
+            entity4.setTrustType(TrustType.PEER_TRUST);
+            entity4.setUrl("https://localhost:${realmB.port}/fediz-idp-remote/federation");
+            em.persist(entity4);
+            
+            em.flush();
+            
+        } catch (Exception ex) {
+            LOG.warn("Failed to initialize DB with data", ex);
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpDAOJPATest.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpDAOJPATest.java b/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpDAOJPATest.java
new file mode 100644
index 0000000..2ebe5ba
--- /dev/null
+++ b/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpDAOJPATest.java
@@ -0,0 +1,202 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.service.jpa;
+
+import java.util.List;
+
+import org.apache.cxf.fediz.service.idp.domain.FederationType;
+import org.apache.cxf.fediz.service.idp.domain.TrustType;
+import org.apache.cxf.fediz.service.idp.domain.TrustedIdp;
+import org.apache.cxf.fediz.service.idp.service.TrustedIdpDAO;
+
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.dao.DataIntegrityViolationException;
+import org.springframework.dao.EmptyResultDataAccessException;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.util.Assert;
+
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration(locations = { "classpath:testContext.xml" })
+public class TrustedIdpDAOJPATest {
+
+    @Autowired
+    private TrustedIdpDAO trustedIdpDAO;
+        
+    
+    @BeforeClass
+    public static void init() {
+        System.setProperty("spring.profiles.active", "jpa");
+    }
+    
+    
+    @Test
+    public void testReadAllTrustedIdps() {
+        List<TrustedIdp> trustedIdps = trustedIdpDAO.getTrustedIDPs(0, 999);
+        Assert.isTrue(2 <= trustedIdps.size(), "Size doesn't match");
+    }
+    
+    @Test
+    public void testReadExistingTrustedIdp() {
+        TrustedIdp trustedIdp = trustedIdpDAO.getTrustedIDP("urn:org:apache:cxf:fediz:idp:realm-B");
+        Assert.isTrue("realmb.cert".equals(trustedIdp.getCertificate()),
+                      "Certificate name doesn't match");
+        Assert.isTrue("Realm B description".equals(trustedIdp.getDescription()),
+                      "Description name doesn't match");
+        Assert.isTrue(FederationType.FEDERATE_IDENTITY.equals(trustedIdp.getFederationType()),
+                      "FederationType doesn't match");        
+        Assert.isTrue("Realm B".equals(trustedIdp.getName()),
+                      "Name doesn't match");      
+        Assert.isTrue("http://docs.oasis-open.org/wsfed/federation/200706".equals(trustedIdp.getProtocol()),
+                      "Protocol doesn't match");          
+        Assert.isTrue("urn:org:apache:cxf:fediz:idp:realm-B".equals(trustedIdp.getRealm()),
+                      "Realm doesn't match");          
+        Assert.isTrue(TrustType.PEER_TRUST.equals(trustedIdp.getTrustType()),
+                      "TrustType doesn't match");
+        Assert.isTrue("https://localhost:12443/fediz-idp-remote/federation".equals(trustedIdp.getUrl()),
+                      "Url doesn't match"); 
+        Assert.isTrue(trustedIdp.isCacheTokens(), "CacheTokens doesn't match"); 
+    }
+    
+    
+    @Test(expected = EmptyResultDataAccessException.class)
+    public void testTryReadNonexistingTrustedIdp() {
+        trustedIdpDAO.getTrustedIDP("urn:org:apache:cxf:fediz:idp:NOTEXIST");
+    }
+    
+    
+    @Test
+    public void testAddNewTrustedIdp() {
+        String realm = "urn:org:apache:cxf:fediz:trusted-idp:testadd";
+        TrustedIdp trustedIdp = createTrustedIdp(realm);
+        trustedIdpDAO.addTrustedIDP(trustedIdp);
+        
+        trustedIdp = trustedIdpDAO.getTrustedIDP(realm);
+        
+        Assert.isTrue("realmb.cert".equals(trustedIdp.getCertificate()),
+                      "Certificate name doesn't match");
+        Assert.isTrue("Realm B description".equals(trustedIdp.getDescription()),
+                      "Description name doesn't match");
+        Assert.isTrue(FederationType.FEDERATE_IDENTITY.equals(trustedIdp.getFederationType()),
+                      "FederationType doesn't match");        
+        Assert.isTrue("Realm B".equals(trustedIdp.getName()),
+                      "Name doesn't match");      
+        Assert.isTrue("http://docs.oasis-open.org/wsfed/federation/200706".equals(trustedIdp.getProtocol()),
+                      "Protocol doesn't match");          
+        Assert.isTrue(realm.equals(trustedIdp.getRealm()),
+                      "Realm doesn't match");          
+        Assert.isTrue(TrustType.PEER_TRUST.equals(trustedIdp.getTrustType()),
+                      "TrustType doesn't match");
+        Assert.isTrue("https://localhost:12443/fediz-idp-remote/federation".equals(trustedIdp.getUrl()),
+                      "Url doesn't match"); 
+        Assert.isTrue(!trustedIdp.isCacheTokens(), "CacheTokens doesn't match"); 
+    }
+    
+    
+    @Test
+    public void testUpdateTrustedIdp() {
+        String realm = "urn:org:apache:cxf:fediz:trusted-idp:testupdate";
+        //Prepare
+        TrustedIdp trustedIdp = createTrustedIdp(realm);
+        trustedIdpDAO.addTrustedIDP(trustedIdp);
+        
+        //Testcase
+        trustedIdp = new TrustedIdp();
+        trustedIdp.setRealm(realm);
+        trustedIdp.setCacheTokens(true);
+        trustedIdp.setCertificate("Utrusted cert");
+        trustedIdp.setDescription("URealm B description");
+        trustedIdp.setFederationType(FederationType.FEDERATE_CLAIMS);
+        trustedIdp.setName("URealm B");
+        trustedIdp.setProtocol("http://docs.oasis-open.org/wsfed/federation/200706");
+        trustedIdp.setTrustType(TrustType.INDIRECT_TRUST);
+        trustedIdp.setUrl("Uhttps://localhost:12443/fediz-idp-remote/federation");
+        
+        trustedIdpDAO.updateTrustedIDP(realm, trustedIdp);
+        
+        trustedIdp = trustedIdpDAO.getTrustedIDP(realm);
+        
+        Assert.isTrue("Utrusted cert".equals(trustedIdp.getCertificate()),
+                      "Certificate name doesn't match");
+        Assert.isTrue("URealm B description".equals(trustedIdp.getDescription()),
+                      "Description name doesn't match");
+        Assert.isTrue(FederationType.FEDERATE_CLAIMS.equals(trustedIdp.getFederationType()),
+                      "FederationType doesn't match");        
+        Assert.isTrue("URealm B".equals(trustedIdp.getName()),
+                      "Name doesn't match");      
+        Assert.isTrue("http://docs.oasis-open.org/wsfed/federation/200706".equals(trustedIdp.getProtocol()),
+                      "Protocol doesn't match");          
+        Assert.isTrue(realm.equals(trustedIdp.getRealm()),
+                      "Realm doesn't match");          
+        Assert.isTrue(TrustType.INDIRECT_TRUST.equals(trustedIdp.getTrustType()),
+                      "TrustType doesn't match");
+        Assert.isTrue("Uhttps://localhost:12443/fediz-idp-remote/federation".equals(trustedIdp.getUrl()),
+                      "Url doesn't match"); 
+        Assert.isTrue(trustedIdp.isCacheTokens(), "CacheTokens doesn't match");
+        
+    }
+    
+    
+    @Test(expected = DataIntegrityViolationException.class)
+    public void testTryAddExistingTrustedIdp() {
+        TrustedIdp trustedIdp = createTrustedIdp("urn:org:apache:cxf:fediz:idp:realm-B");
+        trustedIdpDAO.addTrustedIDP(trustedIdp);
+    }
+    
+    
+    @Test(expected = EmptyResultDataAccessException.class)
+    public void testTryRemoveUnknownTrustedIdp() {
+        trustedIdpDAO.deleteTrustedIDP("urn:org:apache:cxf:fediz:trusted-idp:NOTEXIST");
+    }
+    
+    
+    @Test(expected = EmptyResultDataAccessException.class)
+    public void testRemoveExistingTrustedIdp() {
+        String realm = "urn:org:apache:cxf:fediz:trusted-idp:testdelete";
+        TrustedIdp trustedIdp = createTrustedIdp(realm);
+        
+        trustedIdpDAO.addTrustedIDP(trustedIdp);
+        
+        trustedIdpDAO.deleteTrustedIDP(realm);
+        
+        trustedIdpDAO.getTrustedIDP(realm);
+    }
+    
+    
+    private static TrustedIdp createTrustedIdp(String realm) {
+        TrustedIdp trustedIdp = new TrustedIdp();
+        trustedIdp.setRealm(realm);
+        trustedIdp.setCacheTokens(false);
+        trustedIdp.setCertificate("realmb.cert");
+        trustedIdp.setDescription("Realm B description");
+        trustedIdp.setFederationType(FederationType.FEDERATE_IDENTITY);
+        trustedIdp.setName("Realm B");
+        trustedIdp.setProtocol("http://docs.oasis-open.org/wsfed/federation/200706");
+        trustedIdp.setTrustType(TrustType.PEER_TRUST);
+        trustedIdp.setUrl("https://localhost:12443/fediz-idp-remote/federation");
+        return trustedIdp;
+    }
+    
+
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/util/MetadataWriterTest.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/util/MetadataWriterTest.java b/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/util/MetadataWriterTest.java
new file mode 100644
index 0000000..85c369b
--- /dev/null
+++ b/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/util/MetadataWriterTest.java
@@ -0,0 +1,57 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp.util;
+
+import org.w3c.dom.Document;
+import org.apache.cxf.fediz.service.idp.domain.Idp;
+import org.apache.cxf.fediz.service.idp.metadata.IdpMetadataWriter;
+import org.apache.cxf.fediz.service.idp.service.ConfigService;
+import org.apache.wss4j.common.util.DOM2Writer;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.support.ClassPathXmlApplicationContext;
+import org.springframework.util.Assert;
+
+public class MetadataWriterTest {
+
+    private static ApplicationContext applicationContext;
+    
+    @BeforeClass
+    public static void init() {
+        applicationContext = new ClassPathXmlApplicationContext("/idp-config.xml");
+    }
+    
+    @Test
+    public void testWriteIDPMetadata() {
+        ConfigService config = (ConfigService)applicationContext.getBean("config");
+        Assert.notNull(config, "ConfigService must not be null");
+        Idp idpConfig = config.getIDP("urn:org:apache:cxf:fediz:idp:realm-A");
+        Assert.notNull(idpConfig, "IDPConfig must not be null");
+        
+        IdpMetadataWriter writer = new IdpMetadataWriter();
+        Document doc = writer.getMetaData(idpConfig);
+        Assert.notNull(doc, "doc must not be null");
+        
+        System.out.println(DOM2Writer.nodeToString(doc));
+        
+    }
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/test/resources/entities-realma.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/test/resources/entities-realma.xml b/services/idp-core/src/test/resources/entities-realma.xml
new file mode 100644
index 0000000..61cfa0d
--- /dev/null
+++ b/services/idp-core/src/test/resources/entities-realma.xml
@@ -0,0 +1,504 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:util="http://www.springframework.org/schema/util"
+    xsi:schemaLocation="
+        http://www.springframework.org/schema/beans
+        http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
+        http://www.springframework.org/schema/util
+        http://www.springframework.org/schema/util/spring-util-4.3.xsd">
+
+    <bean id="idp-realmA" class="org.apache.cxf.fediz.service.idp.service.jpa.IdpEntity">
+        <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-A" />
+        <property name="uri" value="realma" />
+        <property name="provideIdpList" value="true" />
+        <property name="useCurrentIdp" value="true" />
+        <property name="certificate" value="stsKeystoreA.properties" />
+        <property name="certificatePassword" value="realma" />
+        <property name="stsUrl" value="https://localhost:9443/fediz-idp-sts/REALMA" />
+        <property name="idpUrl" value="https://localhost:9443/fediz-idp/federation" />
+        <property name="rpSingleSignOutConfirmation" value="true"/>
+        <property name="supportedProtocols">
+            <util:list>
+                <value>http://docs.oasis-open.org/wsfed/federation/200706</value>
+                <value>http://docs.oasis-open.org/ws-sx/ws-trust/200512</value>
+            </util:list>
+        </property>
+        <property name="tokenTypesOffered">
+            <util:list>
+                <value>urn:oasis:names:tc:SAML:1.0:assertion</value>
+                <value>urn:oasis:names:tc:SAML:2.0:assertion</value>
+            </util:list>
+        </property>
+        <property name="authenticationURIs">
+            <util:map>
+                <entry key="default"
+                       value="federation/up" />
+                <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/SslAndKey" 
+                       value="federation/krb" />
+                <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/default"
+                       value="federation/up" />
+                <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/Ssl"
+                       value="federation/clientcert" />
+            </util:map>
+        </property>
+        <property name="serviceDisplayName" value="REALM A" />
+        <property name="serviceDescription" value="IDP of Realm A" />
+        <property name="applications">
+            <util:list>
+                <ref bean="srv-fedizhelloworld" />
+				<ref bean="srv-oidc" />
+            </util:list>
+        </property>
+        <property name="trustedIdps">
+            <util:list>
+                <ref bean="trusted-idp-realmB" />
+            </util:list>
+        </property>
+        <property name="claimTypesOffered">
+            <util:list>
+                <ref bean="claim_role" />
+                <ref bean="claim_surname" />
+                <ref bean="claim_givenname" />
+                <ref bean="claim_email" />
+            </util:list>
+        </property>
+    </bean>
+
+    <bean id="trusted-idp-realmB"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.TrustedIdpEntity">
+        <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-B" />
+        <property name="cacheTokens" value="true" />
+        <property name="url" value="https://localhost:12443/fediz-idp-remote/federation" />
+        <property name="certificate" value="realmb.cert" />
+        <property name="trustType" value="PEER_TRUST" />
+        <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706" />
+        <property name="federationType" value="FEDERATE_IDENTITY" />
+        <property name="name" value="Realm B" />
+        <property name="description" value="Realm B description" />
+    </bean>
+
+    <bean id="srv-fedizhelloworld" class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationEntity">
+        <property name="realm" value="urn:org:apache:cxf:fediz:fedizhelloworld" />
+        <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706" />
+        <property name="serviceDisplayName" value="Fedizhelloworld" />
+        <property name="serviceDescription" value="Web Application to illustrate WS-Federation" />
+        <property name="role" value="ApplicationServiceType" />
+        <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
+        <property name="lifeTime" value="3600" />
+        <property name="passiveRequestorEndpointConstraint" value="https://localhost:?(\d)*/.*" />
+    </bean>
+	
+	<bean id="srv-oidc" class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationEntity">
+        <property name="realm" value="urn:org:apache:cxf:fediz:oidc" />
+        <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706" />
+        <property name="serviceDisplayName" value="OIDC Provider" />
+        <property name="serviceDescription" value="OpenID Connect Provider" />
+        <property name="role" value="ApplicationServiceType" />
+        <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
+        <property name="lifeTime" value="3600" />
+        <property name="passiveRequestorEndpointConstraint" value="https://localhost:?(\d)*/fediz-oidc/.*" />
+    </bean>
+    
+    <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
+        <property name="application" ref="srv-fedizhelloworld" />
+        <property name="claim" ref="claim_role" />
+        <property name="optional" value="false" />
+    </bean>
+    <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
+        <property name="application" ref="srv-fedizhelloworld" />
+        <property name="claim" ref="claim_givenname" />
+        <property name="optional" value="false" />
+    </bean>
+    <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
+        <property name="application" ref="srv-fedizhelloworld" />
+        <property name="claim" ref="claim_surname" />
+        <property name="optional" value="false" />
+    </bean>
+    <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
+        <property name="application" ref="srv-fedizhelloworld" />
+        <property name="claim" ref="claim_email" />
+        <property name="optional" value="false" />
+    </bean>
+    
+    <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
+        <property name="application" ref="srv-oidc" />
+        <property name="claim" ref="claim_role" />
+        <property name="optional" value="false" />
+    </bean>
+    <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
+        <property name="application" ref="srv-oidc" />
+        <property name="claim" ref="claim_givenname" />
+        <property name="optional" value="false" />
+    </bean>
+    <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
+        <property name="application" ref="srv-oidc" />
+        <property name="claim" ref="claim_surname" />
+        <property name="optional" value="false" />
+    </bean>
+    <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
+        <property name="application" ref="srv-oidc" />
+        <property name="claim" ref="claim_email" />
+        <property name="optional" value="false" />
+    </bean>
+    
+    <bean id="claim_role"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity">
+        <property name="claimType"
+            value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" />
+        <property name="displayName"
+            value="role" />
+        <property name="description"
+            value="Description for role" />
+    </bean>
+    <bean id="claim_givenname"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity">
+        <property name="claimType"
+            value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" />
+        <property name="displayName"
+            value="firstname" />
+        <property name="description"
+            value="Description for firstname" />
+    </bean>
+    <bean id="claim_surname"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity">
+        <property name="claimType"
+            value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" />
+        <property name="displayName"
+            value="lastname" />
+        <property name="description"
+            value="Description for lastname" />
+    </bean>
+    <bean id="claim_email"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity">
+        <property name="claimType"
+            value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" />
+        <property name="displayName"
+            value="email" />
+        <property name="description"
+            value="Description for email" />
+    </bean>
+    
+    
+    <bean id="entitlement_claim_list"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="CLAIM_LIST" />
+        <property name="description"
+            value="Description for CLAIM_LIST" />
+    </bean>
+    <bean id="entitlement_claim_create"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="CLAIM_CREATE" />
+        <property name="description"
+            value="Description for CLAIM_CREATE" />
+    </bean>
+    <bean id="entitlement_claim_read"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="CLAIM_READ" />
+        <property name="description"
+            value="Description for CLAIM_READ" />
+    </bean>
+    <bean id="entitlement_claim_update"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="CLAIM_UPDATE" />
+        <property name="description"
+            value="Description for CLAIM_UPDATE" />
+    </bean>
+    <bean id="entitlement_claim_delete"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="CLAIM_DELETE" />
+        <property name="description"
+            value="Description for CLAIM_DELETE" />
+    </bean>
+
+    <bean id="entitlement_application_list"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="APPLICATION_LIST" />
+        <property name="description"
+            value="Description for APPLICATION_LIST" />
+    </bean>
+    <bean id="entitlement_application_create"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="APPLICATION_CREATE" />
+        <property name="description"
+            value="Description for APPLICATION_CREATE" />
+    </bean>
+    <bean id="entitlement_application_read"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="APPLICATION_READ" />
+        <property name="description"
+            value="Description for APPLICATION_READ" />
+    </bean>
+    <bean id="entitlement_application_update"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="APPLICATION_UPDATE" />
+        <property name="description"
+            value="Description for APPLICATION_UPDATE" />
+    </bean>
+    <bean id="entitlement_application_delete"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="APPLICATION_DELETE" />
+        <property name="description"
+            value="Description for APPLICATION_DELETE" />
+    </bean>
+    
+    <bean id="entitlement_trustedidp_list"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="TRUSTEDIDP_LIST" />
+        <property name="description"
+            value="Description for TRUSTEDIDP_LIST" />
+    </bean>
+    <bean id="entitlement_trustedidp_create"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="TRUSTEDIDP_CREATE" />
+        <property name="description"
+            value="Description for TRUSTEDIDP_CREATE" />
+    </bean>
+    <bean id="entitlement_trustedidp_read"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="TRUSTEDIDP_READ" />
+        <property name="description"
+            value="Description for TRUSTEDIDP_READ" />
+    </bean>
+    <bean id="entitlement_trustedidp_update"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="TRUSTEDIDP_UPDATE" />
+        <property name="description"
+            value="Description for TRUSTEDIDP_UPDATE" />
+    </bean>
+    <bean id="entitlement_trustedidp_delete"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="TRUSTEDIDP_DELETE" />
+        <property name="description"
+            value="Description for TRUSTEDIDP_DELETE" />
+    </bean>
+
+    <bean id="entitlement_idp_list"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="IDP_LIST" />
+        <property name="description"
+            value="Description for IDP_LIST" />
+    </bean>
+    <bean id="entitlement_idp_create"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="IDP_CREATE" />
+        <property name="description"
+            value="Description for IDP_CREATE" />
+    </bean>
+    <bean id="entitlement_idp_read"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="IDP_READ" />
+        <property name="description"
+            value="Description for IDP_READ" />
+    </bean>
+    <bean id="entitlement_idp_update"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="IDP_UPDATE" />
+        <property name="description"
+            value="Description for IDP_UPDATE" />
+    </bean>
+    <bean id="entitlement_idp_delete"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="IDP_DELETE" />
+        <property name="description"
+            value="Description for IDP_DELETE" />
+    </bean>
+    
+    <bean id="entitlement_role_list"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="ROLE_LIST" />
+        <property name="description"
+            value="Description for ROLE_LIST" />
+    </bean>
+    <bean id="entitlement_role_create"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="ROLE_CREATE" />
+        <property name="description"
+            value="Description for ROLE_CREATE" />
+    </bean>
+    <bean id="entitlement_role_read"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="ROLE_READ" />
+        <property name="description"
+            value="Description for ROLE_READ" />
+    </bean>
+    <bean id="entitlement_role_update"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="ROLE_UPDATE" />
+        <property name="description"
+            value="Description for ROLE_UPDATE" />
+    </bean>
+    <bean id="entitlement_role_delete"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="ROLE_DELETE" />
+        <property name="description"
+            value="Description for ROLE_DELETE" />
+    </bean>
+    
+    <bean id="entitlement_entitlement_list"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="ENTITLEMENT_LIST" />
+        <property name="description"
+            value="Description for ENTITLEMENT_LIST" />
+    </bean>
+    <bean id="entitlement_entitlement_create"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="ENTITLEMENT_CREATE" />
+        <property name="description"
+            value="Description for ENTITLEMENT_CREATE" />
+    </bean>
+    <bean id="entitlement_entitlement_read"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="ENTITLEMENT_READ" />
+        <property name="description"
+            value="Description for ENTITLEMENT_READ" />
+    </bean>
+    <bean id="entitlement_entitlement_update"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="ENTITLEMENT_UPDATE" />
+        <property name="description"
+            value="Description for ENTITLEMENT_UPDATE" />
+    </bean>
+    <bean id="entitlement_entitlement_delete"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity">
+        <property name="name"
+            value="ENTITLEMENT_DELETE" />
+        <property name="description"
+            value="Description for ENTITLEMENT_DELETE" />
+    </bean>
+    
+    <bean id="role_admin"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity">
+        <property name="name"
+            value="ADMIN" />
+        <property name="description"
+            value="This is the administrator role with full access" />
+        <property name="entitlements">
+            <util:list>
+                <ref bean="entitlement_claim_list" />
+                <ref bean="entitlement_claim_create" />
+                <ref bean="entitlement_claim_read" />
+                <ref bean="entitlement_claim_update" />
+                <ref bean="entitlement_claim_delete" />
+                <ref bean="entitlement_idp_list" />
+                <ref bean="entitlement_idp_create" />
+                <ref bean="entitlement_idp_read" />
+                <ref bean="entitlement_idp_update" />
+                <ref bean="entitlement_idp_delete" />
+                <ref bean="entitlement_trustedidp_list" />
+                <ref bean="entitlement_trustedidp_create" />
+                <ref bean="entitlement_trustedidp_read" />
+                <ref bean="entitlement_trustedidp_update" />
+                <ref bean="entitlement_trustedidp_delete" />
+                <ref bean="entitlement_application_list" />
+                <ref bean="entitlement_application_create" />
+                <ref bean="entitlement_application_read" />
+                <ref bean="entitlement_application_update" />
+                <ref bean="entitlement_application_delete" />
+                <ref bean="entitlement_role_list" />
+                <ref bean="entitlement_role_create" />
+                <ref bean="entitlement_role_read" />
+                <ref bean="entitlement_role_update" />
+                <ref bean="entitlement_role_delete" />
+                <ref bean="entitlement_entitlement_list" />
+                <ref bean="entitlement_entitlement_create" />
+                <ref bean="entitlement_entitlement_read" />
+                <ref bean="entitlement_entitlement_update" />
+                <ref bean="entitlement_entitlement_delete" />
+            </util:list>
+        </property>
+    </bean>
+    <bean id="role_user"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity">
+        <property name="name"
+            value="USER" />
+        <property name="description"
+            value="This is the user role with read access" />
+        <property name="entitlements">
+            <util:list>
+                <ref bean="entitlement_claim_list" />
+                <ref bean="entitlement_claim_read" />
+                <ref bean="entitlement_idp_list" />
+                <ref bean="entitlement_idp_read" />
+                <ref bean="entitlement_trustedidp_list" />
+                <ref bean="entitlement_trustedidp_read" />
+                <ref bean="entitlement_application_list" />
+                <ref bean="entitlement_application_read" />
+                <ref bean="entitlement_role_list" />
+                <ref bean="entitlement_role_read" />
+                <ref bean="entitlement_entitlement_list" />
+                <ref bean="entitlement_entitlement_read" />
+            </util:list>
+        </property>
+    </bean>
+    <bean id="role_idp_login"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity">
+        <property name="name"
+            value="IDP_LOGIN" />
+        <property name="description"
+            value="This is the IDP login role which is applied to Users during the IDP SSO" />
+        <property name="entitlements">
+            <util:list>
+                <ref bean="entitlement_claim_list" />
+                <ref bean="entitlement_claim_read" />
+                <ref bean="entitlement_idp_list" />
+                <ref bean="entitlement_idp_read" />
+                <ref bean="entitlement_trustedidp_list" />
+                <ref bean="entitlement_trustedidp_read" />
+                <ref bean="entitlement_application_list" />
+                <ref bean="entitlement_application_read" />
+            </util:list>
+        </property>
+    </bean>
+    
+
+
+</beans>
+

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/test/resources/idp-config.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/test/resources/idp-config.xml b/services/idp-core/src/test/resources/idp-config.xml
new file mode 100644
index 0000000..61d0bbd
--- /dev/null
+++ b/services/idp-core/src/test/resources/idp-config.xml
@@ -0,0 +1,152 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xmlns:util="http://www.springframework.org/schema/util"
+       xmlns:http="http://cxf.apache.org/transports/http/configuration"
+       xmlns:context="http://www.springframework.org/schema/context"
+       xsi:schemaLocation="http://www.springframework.org/schema/beans
+        http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
+        http://www.springframework.org/schema/context
+        http://www.springframework.org/schema/context/spring-context-4.3.xsd
+        http://www.springframework.org/schema/util
+        http://www.springframework.org/schema/util/spring-util-4.3.xsd
+        http://cxf.apache.org/transports/http/configuration
+        http://cxf.apache.org/schemas/configuration/http-conf.xsd">
+
+    <context:property-placeholder location="classpath:realm.properties" />
+
+    <bean id="config"
+        class="org.apache.cxf.fediz.service.idp.service.ConfigServiceSpring">
+        <property name="idpConfigs">
+            <util:list>
+                <ref bean="idp-realmA" />
+            </util:list>
+        </property>
+        <property name="serviceConfigs">
+            <util:list>
+                <ref bean="srv-fedizhelloworld" />
+            </util:list>
+        </property>
+    </bean>
+
+    <bean id="idp-realmA" class="org.apache.cxf.fediz.service.idp.model.IDPConfig">
+        <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-A" />
+        <property name="uri" value="realma" />
+        <!--<property name="hrds" value="" /> --> <!-- TBD, not defined, provide list if enabled -->
+        <property name="provideIdpList" value="true" />
+        <property name="useCurrentIdp" value="true" />
+        <!-- <property name="certificate" value="realma.cert" /> -->   <!-- STS will sign token, IDP signs Metadata -->
+        <property name="certificate" value="stsKeystoreA.properties" />
+        <property name="certificatePassword" value="realma" />
+        <property name="stsUrl"
+            value="https://localhost:0/fediz-idp-sts/REALMA" />
+        <property name="idpUrl"
+            value="https://localhost:${realmA.port}/fediz-idp/federation" />
+        <property name="supportedProtocols">
+            <util:list>
+                <value>http://docs.oasis-open.org/wsfed/federation/200706
+                </value>
+                <value>http://docs.oasis-open.org/ws-sx/ws-trust/200512
+                </value>
+            </util:list>
+        </property>
+        <property name="services">
+            <util:map>
+                <entry key="urn:org:apache:cxf:fediz:fedizhelloworld"
+                    value-ref="srv-fedizhelloworld" />
+            </util:map>
+        </property>
+        <property name="authenticationURIs">
+            <util:map>
+                <entry key="default" value="/login/default" />
+            </util:map>
+        </property>
+        <property name="trustedIdps">
+            <util:map>
+                <entry key="urn:org:apache:cxf:fediz:idp:realm-B"
+                    value-ref="trusted-idp-realmB" />
+            </util:map>
+        </property>
+        <property name="serviceDisplayName" value="REALM A" />
+        <property name="serviceDescription" value="IDP of Realm A" />
+    </bean>
+
+    <bean id="trusted-idp-realmB"
+        class="org.apache.cxf.fediz.service.idp.model.TrustedIDPConfig">
+        <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-B" />
+        <property name="cacheTokens" value="true" />
+        <property name="url"
+            value="https://localhost:${realmB.port}/fediz-idp-remote/federation" />
+        <property name="certificate" value="realmb.cert" />
+        <property name="trustType" value="PEER_TRUST" />  <!-- Required for Fediz Core, Process SignInResponse -->
+        <property name="protocol"
+            value="http://docs.oasis-open.org/wsfed/federation/200706" />
+        <property name="federationType" value="FEDERATE_IDENTITY" /> <!-- Required for STS Relationship -->
+        <property name="name" value="REALM B" />
+        <property name="description" value="IDP of Realm B" />
+        <!--<property name="logo" value="true" /> -->
+    </bean>
+
+    <bean id="srv-fedizhelloworld" class="org.apache.cxf.fediz.service.idp.model.ServiceConfig">
+        <property name="realm"
+            value="urn:org:apache:cxf:fediz:fedizhelloworld" />
+        <property name="protocol"
+            value="http://docs.oasis-open.org/wsfed/federation/200706" />
+        <property name="serviceDisplayName" value="Fedizhelloworld" />
+        <property name="serviceDescription"
+            value="Web Application to illustrate WS-Federation" />
+        <property name="role" value="ApplicationServiceType" />
+        <property name="tokenType"
+            value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
+        <property name="lifeTime" value="3600" />
+        <!-- <property name="encryptionCertificate" value="" /> -->
+        <property name="requestedClaims">
+            <util:list>
+                <bean
+                    class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
+                    <property name="claimType"
+                        value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" />
+                    <property name="optional" value="false" />
+                </bean>
+                <bean
+                    class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
+                    <property name="claimType"
+                        value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" />
+                    <property name="optional" value="false" />
+                </bean>
+                <bean
+                    class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
+                    <property name="claimType"
+                        value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" />
+                    <property name="optional" value="false" />
+                </bean>
+                <bean
+                    class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
+                    <property name="claimType"
+                        value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" />
+                    <property name="optional" value="true" />
+                </bean>
+            </util:list>
+        </property>
+    </bean>
+
+</beans>
+

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/test/resources/persistence.properties
----------------------------------------------------------------------
diff --git a/services/idp-core/src/test/resources/persistence.properties b/services/idp-core/src/test/resources/persistence.properties
new file mode 100644
index 0000000..b4e0320
--- /dev/null
+++ b/services/idp-core/src/test/resources/persistence.properties
@@ -0,0 +1,14 @@
+#jpa.driverClassName=org.apache.derby.jdbc.ClientDriver
+#jpa.url=jdbc:derby://localhost:1527/Fediz
+#jpa.username=admin
+#jpa.password=admin
+#jpa.defaultData=true
+#jpa.platform=DerbyDictionary
+
+
+jpa.driverClassName=org.hsqldb.jdbcDriver
+jpa.url=jdbc:hsqldb:target/db/unit/myDB;shutdown=true
+jpa.username=sa
+jpa.password=
+jpa.defaultData=true
+jpa.platform=HSQLDictionary

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/test/resources/persistenceContext.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/test/resources/persistenceContext.xml b/services/idp-core/src/test/resources/persistenceContext.xml
new file mode 100644
index 0000000..f0b3586
--- /dev/null
+++ b/services/idp-core/src/test/resources/persistenceContext.xml
@@ -0,0 +1,107 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<beans profile="jpa" xmlns="http://www.springframework.org/schema/beans"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xmlns:tx="http://www.springframework.org/schema/tx"
+       xmlns:jdbc="http://www.springframework.org/schema/jdbc"
+       xmlns:context="http://www.springframework.org/schema/context"
+       xsi:schemaLocation="http://www.springframework.org/schema/beans
+    http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
+    http://www.springframework.org/schema/context
+    http://www.springframework.org/schema/context/spring-context-4.3.xsd
+    http://www.springframework.org/schema/tx
+    http://www.springframework.org/schema/tx/spring-tx.xsd
+    http://www.springframework.org/schema/jdbc
+    http://www.springframework.org/schema/jdbc/spring-jdbc-3.0.xsd"
+       default-autowire="byName">
+    
+    <context:component-scan base-package="org.apache.cxf.fediz.service.idp.service" />
+    <context:component-scan base-package="org.apache.cxf.fediz.service.idp.rest" />
+
+    <bean id="entityManagerFactory"
+        class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
+        <property name="persistenceXmlLocation"
+            value="classpath*:META-INF/spring-persistence.xml" />
+        <property name="persistenceUnitName" value="fedizPersistenceUnit" />
+        <property name="dataSource" ref="dataSource" />
+        <property name="jpaVendorAdapter">
+            <bean
+                class="org.springframework.orm.jpa.vendor.OpenJpaVendorAdapter">
+                <property name="showSql" value="false" />
+                <property name="generateDdl" value="true" />
+                <property name="databasePlatform" value="org.apache.openjpa.jdbc.sql.${jpa.platform}" />
+            </bean>
+        </property>
+        <property name="jpaPropertyMap">
+            <map>
+                <entry key="javax.persistence.validation.factory" value-ref="validator" />
+            </map>
+        </property>
+    </bean>
+
+    <bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean">
+        <property name="jndiName" value="java:comp/env/jdbc/fedizDataSource" />
+        <property name="defaultObject" ref="localDataSource" />
+    </bean>
+
+    <bean id="localDataSource" class="org.apache.commons.dbcp2.BasicDataSource"
+        destroy-method="close">
+        <property name="driverClassName" value="${jpa.driverClassName}" />
+        <property name="url" value="${jpa.url}" />
+        <property name="username" value="${jpa.username}" />
+        <property name="password" value="${jpa.password}" />
+    </bean>
+
+    <bean id="entityManager"
+        class="org.springframework.orm.jpa.support.SharedEntityManagerBean">
+        <property name="entityManagerFactory" ref="entityManagerFactory" />
+    </bean>
+
+    <bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager">
+        <property name="entityManagerFactory" ref="entityManagerFactory" />
+    </bean>
+
+    <!-- Support annotation Transactional http://docs.spring.io/spring/docs/3.1.4.RELEASE/spring-framework-reference/htmlsingle/#tx-decl-explained -->
+    <tx:annotation-driven />
+
+    <!-- Support annotation PersistenceContext http://docs.spring.io/spring/docs/3.1.4.RELEASE/spring-framework-reference/htmlsingle/#orm-jpa-straight -->
+    <bean
+        class="org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostProcessor" />
+
+    <!-- Requires updates to unit testing as no JPA exceptions are returned -->
+    <bean
+        class="org.springframework.dao.annotation.PersistenceExceptionTranslationPostProcessor" />
+
+    <bean id="config"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.ConfigServiceJPA">
+        <property name="idpService" ref="idpServiceImpl" />
+    </bean>
+
+    <bean id="dbLoader"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.DBLoaderSpring">
+        <property name="resource" value="${db-load-config}" />
+    </bean>
+
+    <bean id="dbListener"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.DBInitApplicationListener" />
+        
+    <bean id="validator" class="org.springframework.validation.beanvalidation.LocalValidatorFactoryBean" />
+
+</beans>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/test/resources/realm.properties
----------------------------------------------------------------------
diff --git a/services/idp-core/src/test/resources/realm.properties b/services/idp-core/src/test/resources/realm.properties
new file mode 100644
index 0000000..9414fc0
--- /dev/null
+++ b/services/idp-core/src/test/resources/realm.properties
@@ -0,0 +1,4 @@
+realm.STS_URI=REALMA
+realmA.port=8443
+realmB.port=12443
+db-load-config=entities-realma.xml


Mime
View raw message