cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [08/19] cxf-fediz git commit: FEDIZ-155 - Move .java components out of idp webapp and into a separate JAR
Date Fri, 27 Jan 2017 11:22:51 GMT
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/test/resources/realma.cert
----------------------------------------------------------------------
diff --git a/services/idp-core/src/test/resources/realma.cert b/services/idp-core/src/test/resources/realma.cert
new file mode 100644
index 0000000..ff97f79
--- /dev/null
+++ b/services/idp-core/src/test/resources/realma.cert
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICwTCCAamgAwIBAgIEINqJ9TANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZSRUFMTUEwHhcN
+MTUwNjEwMTU0NDE3WhcNMjUwNDE4MTU0NDE3WjARMQ8wDQYDVQQDEwZSRUFMTUEwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCJDSXn2lDR+JM+AsJarFG3/XGH7K+9AfAbQIz2IgB9MCpO
+KVWTUPCvuo1I+Fp5nEGreuHYLEwgIiam3o+C9tvpLgtDDaDkmXjDzkWpk8z6+im72HZ/ODF93Rqw
+jIiY5ZCzgDumFyPzdKiGwChThamidy+rd6oheSoi6qRVSMMcnwiEUmvkfFvV3izXRqeT5nGQwsin
+y9mCEiGx8jkfxP++H0RQjVjhOwzfQ7epsR7dTQNf2ZhkBR3o6wKV9QnF2IBWHZpA9EK58rWU9H6j
+G7b631rYvwsbOUF9HcZ8DI2BFh+4p18jDN/fnjNGSLr9rYOExpsIiF1cHBK7Tr7WwCmDAgMBAAGj
+ITAfMB0GA1UdDgQWBBRHy0qYoLm9jx/1L6r61NznHKun2jANBgkqhkiG9w0BAQsFAAOCAQEAR9rU
+5Sp1FsOErdvKNFqeaKl0oq6Fuz7BWcGm2kK6+1ZbWE8IOv6Vh+BlLuOe5hF7aLUbm8UIjhKsmg0M
+Ey5MBwkBZktT1qhQteMuiKgYR7CxayCxO0f125RYvvwntJa5rI7bUrzOqX29VQD1qQ/Tb+08fULT
+L7oURP+g88Ff99dn3IpO4VZxZdsbl4+KZRtqQvPAdXNYjOajJtPzS489+/DtfWJ6wPm/7YZ4did4
+1fYcrdwyEZ15L0/5i931z7sztNickm5WhO40qEVDKN6KrlV2Eyea0+933v2Pwe4resTlko9G2T5h
+dEaSbvht2Q/JOMMmT91daeto2oS8HTKhTA==
+-----END CERTIFICATE-----

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/test/resources/stsKeystoreA.properties
----------------------------------------------------------------------
diff --git a/services/idp-core/src/test/resources/stsKeystoreA.properties b/services/idp-core/src/test/resources/stsKeystoreA.properties
new file mode 100644
index 0000000..bd9fb1b
--- /dev/null
+++ b/services/idp-core/src/test/resources/stsKeystoreA.properties
@@ -0,0 +1,6 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=storepass
+org.apache.ws.security.crypto.merlin.keystore.alias=realma
+org.apache.ws.security.crypto.merlin.keystore.file=stsrealm_a.jks
+

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/test/resources/stsrealm_a.jks
----------------------------------------------------------------------
diff --git a/services/idp-core/src/test/resources/stsrealm_a.jks b/services/idp-core/src/test/resources/stsrealm_a.jks
new file mode 100644
index 0000000..fde2928
Binary files /dev/null and b/services/idp-core/src/test/resources/stsrealm_a.jks differ

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp-core/src/test/resources/testContext.xml
----------------------------------------------------------------------
diff --git a/services/idp-core/src/test/resources/testContext.xml b/services/idp-core/src/test/resources/testContext.xml
new file mode 100644
index 0000000..bd015f0
--- /dev/null
+++ b/services/idp-core/src/test/resources/testContext.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:util="http://www.springframework.org/schema/util"
+    xmlns:context="http://www.springframework.org/schema/context"
+    xsi:schemaLocation="
+        http://www.springframework.org/schema/beans
+        http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
+        http://www.springframework.org/schema/util
+        http://www.springframework.org/schema/util/spring-util-4.3.xsd
+        http://www.springframework.org/schema/context
+        http://www.springframework.org/schema/context/spring-context-4.3.xsd">
+
+    <context:component-scan base-package="org.apache.cxf.fediz.service.idp.service" />
+    <context:component-scan base-package="org.apache.cxf.fediz.service.idp.protocols" />
+
+    <import resource="classpath:persistenceContext.xml" />
+
+    <!-- Use http://www.baeldung.com/2012/02/06/properties-with-spring/ instead -->
+    <bean
+        class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
+        <property name="locations">
+            <list>
+                <value>classpath:persistence.properties</value>
+                <value>classpath:realm.properties</value>
+            </list>
+        </property>
+        <property name="ignoreResourceNotFound" value="true" />
+        <property name="ignoreUnresolvablePlaceholders" value="true" />
+    </bean>
+
+    <bean id="dbLoadertest"
+        class="org.apache.cxf.fediz.service.idp.service.jpa.TestDBLoader" />
+
+</beans>
+

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp/pom.xml
----------------------------------------------------------------------
diff --git a/services/idp/pom.xml b/services/idp/pom.xml
index ff92478..bfd4fa5 100644
--- a/services/idp/pom.xml
+++ b/services/idp/pom.xml
@@ -29,29 +29,6 @@
     <name>Apache Fediz IDP</name>
     <packaging>war</packaging>
     
-    <properties>
-        <swagger-ui.version>2.2.6</swagger-ui.version>
-    </properties>
-    
-    <dependencyManagement>
-        <dependencies>
-            <dependency>
-                <groupId>org.springframework</groupId>
-                <artifactId>spring-jdbc</artifactId>
-                <version>${spring.version}</version>
-            </dependency>
-            <dependency>
-                <groupId>org.springframework</groupId>
-                <artifactId>spring-tx</artifactId>
-                <version>${spring.version}</version>
-            </dependency>
-            <dependency>
-                <groupId>org.springframework</groupId>
-                <artifactId>spring-aop</artifactId>
-                <version>${spring.version}</version>
-            </dependency>
-        </dependencies>
-    </dependencyManagement>
     <dependencies>
         <dependency>
             <groupId>junit</groupId>
@@ -60,199 +37,10 @@
             <scope>test</scope>
         </dependency>
         <dependency>
-            <groupId>javax.servlet</groupId>
-            <artifactId>servlet-api</artifactId>
-            <version>${servlet.version}</version>
-            <scope>provided</scope>
-        </dependency>
-        <dependency>
             <groupId>org.apache.cxf.fediz</groupId>
-            <artifactId>fediz-core</artifactId>
+            <artifactId>fediz-idp-core</artifactId>
             <version>${project.version}</version>
         </dependency>
-        <dependency>
-            <groupId>org.springframework</groupId>
-            <artifactId>spring-webmvc</artifactId>
-            <version>${spring.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.springframework</groupId>
-            <artifactId>spring-tx</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.springframework</groupId>
-            <artifactId>spring-orm</artifactId>
-            <version>${spring.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.springframework</groupId>
-            <artifactId>spring-web</artifactId>
-            <version>${spring.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.springframework</groupId>
-            <artifactId>spring-test</artifactId>
-            <version>${spring.version}</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.springframework.webflow</groupId>
-            <artifactId>spring-webflow</artifactId>
-            <version>2.4.4.RELEASE</version>
-        </dependency>
-        <dependency>
-            <groupId>org.springframework.security</groupId>
-            <artifactId>spring-security-web</artifactId>
-            <version>${spring.security.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.springframework.security</groupId>
-            <artifactId>spring-security-config</artifactId>
-            <version>${spring.security.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.javassist</groupId>
-            <artifactId>javassist</artifactId>
-            <version>${javassist.version}</version>
-            <scope>runtime</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.slf4j</groupId>
-            <artifactId>slf4j-log4j12</artifactId>
-            <version>${slf4j.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-ws-security</artifactId>
-            <version>${cxf.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-rs-security-sso-saml</artifactId>
-            <version>${cxf.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-rs-security-sso-oidc</artifactId>
-            <version>${cxf.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-transports-http</artifactId>
-            <version>${cxf.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-ws-policy</artifactId>
-            <version>${cxf.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-ws-addr</artifactId>
-            <version>${cxf.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-rs-service-description-swagger</artifactId>
-            <version>${cxf.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.commons</groupId>
-            <artifactId>commons-lang3</artifactId>
-            <version>${commons.lang.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-frontend-jaxrs</artifactId>
-            <version>${cxf.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-rs-service-description</artifactId>
-            <version>${cxf.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-rs-extension-providers</artifactId>
-            <version>${cxf.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>com.fasterxml.jackson.jaxrs</groupId>
-            <artifactId>jackson-jaxrs-json-provider</artifactId>
-            <version>2.8.6</version>
-        </dependency>
-        <dependency>
-            <groupId>org.hsqldb</groupId>
-            <artifactId>hsqldb</artifactId>
-            <version>${hsqldb.version}</version>
-            <scope>provided</scope>
-        </dependency>
-        <dependency>
-            <groupId>cglib</groupId>
-            <artifactId>cglib-nodep</artifactId>
-            <version>3.2.4</version>
-        </dependency>
-        <!-- 
-        <dependency>
-            <groupId>org.apache.openjpa</groupId>
-            <artifactId>openjpa-all</artifactId>
-            <version>${openjpa.version}</version>
-        </dependency>
-        -->
-        <dependency>
-            <groupId>org.apache.commons</groupId> 
-            <artifactId>commons-dbcp2</artifactId>
-            <version>${dbcp.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.openjpa</groupId>
-            <artifactId>openjpa-jdbc</artifactId>
-            <version>${openjpa.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.openjpa</groupId>
-            <artifactId>openjpa-persistence-jdbc</artifactId>
-            <version>${openjpa.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-rs-client</artifactId>
-            <version>${cxf.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>javax.validation</groupId>
-            <artifactId>validation-api</artifactId>
-            <version>${javax.validation.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>jstl</groupId>
-            <artifactId>jstl</artifactId>
-            <version>1.2</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.bval</groupId>
-            <artifactId>bval-jsr</artifactId>
-            <version>${bval.version}</version>
-            <exclusions>
-                <exclusion>
-                    <groupId>com.sun.xml.bind</groupId>
-                    <artifactId>jaxb-impl</artifactId>
-                </exclusion>
-                <!-- 
-                dependency to newer version (commons-beanutils)
-                imported from commons-validator
-                -->
-                <exclusion>
-                    <groupId>commons-beanutils</groupId>
-                    <artifactId>commons-beanutils-core</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>commons-validator</groupId>
-            <artifactId>commons-validator</artifactId>
-            <version>${commons.validator.version}</version>
-        </dependency>
     </dependencies>
     <build>
         <resources>
@@ -279,32 +67,6 @@
         </resources>
         <plugins>
             <plugin>
-                <groupId>org.apache.openjpa</groupId>
-                <artifactId>openjpa-maven-plugin</artifactId>
-                <version>${openjpa.version}</version>
-                <inherited>true</inherited>
-                <configuration>
-                    <persistenceXmlFile>${project.basedir}/src/main/resources/META-INF/spring-persistence.xml</persistenceXmlFile>
-                    <includes>org/apache/cxf/fediz/service/idp/service/jpa/**/*.class</includes>
-                </configuration>
-                <executions>
-                    <execution>
-                        <id>enhancer</id>
-                        <phase>process-classes</phase>
-                        <goals>
-                            <goal>enhance</goal>
-                        </goals>
-                    </execution>
-                </executions>
-                <dependencies>
-                    <dependency>
-                        <groupId>xerces</groupId>
-                        <artifactId>xercesImpl</artifactId>
-                        <version>2.11.0</version>
-                    </dependency>
-                </dependencies>
-            </plugin>
-            <plugin>
                 <!--for mvn tomcat:deploy/:undeploy/:redeploy -->
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>tomcat-maven-plugin</artifactId>
@@ -342,74 +104,6 @@
                 </configuration>
             </plugin>
             <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-dependency-plugin</artifactId>
-                <executions>
-                    <execution>
-                        <phase>generate-resources</phase>
-                        <goals>
-                            <goal>unpack</goal>
-                        </goals>
-                        <configuration>
-                            <artifactItems>
-                                <artifactItem>
-                                    <groupId>org.webjars</groupId>
-                                    <artifactId>swagger-ui</artifactId>
-                                    <version>${swagger-ui.version}</version>
-                                    <overWrite>true</overWrite>
-                                    <outputDirectory>${project.build.directory}/swagger-ui</outputDirectory>
-                                    <excludes>**/*.gz</excludes>
-                                </artifactItem>
-                            </artifactItems>
-                        </configuration>
-                    </execution>
-                </executions>
-            </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-resources-plugin</artifactId>
-                <executions>
-                    <execution>
-                        <id>copy-swagger-resources-in-place</id>
-                        <phase>process-resources</phase>
-                        <goals>
-                            <goal>copy-resources</goal>
-                        </goals>
-                        <configuration>
-                            <outputDirectory>${project.build.directory}/${project.build.finalName}/resources/swagger</outputDirectory>
-                            <resources>
-                                <resource>
-                                    <directory>${project.build.directory}/swagger-ui/META-INF/resources/webjars/swagger-ui/${swagger-ui.version}</directory>
-                                    <excludes>
-                                        <exclude>index.html</exclude>
-                                        <exclude>swagger-ui.min.js</exclude>
-                                    </excludes>
-                                </resource>
-                            </resources>
-                        </configuration>
-                    </execution>
-                </executions>
-            </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-antrun-plugin</artifactId>
-                <inherited>true</inherited>
-                <executions>
-                    <execution>
-                        <id>addMatrixParamSupport</id>
-                        <phase>process-resources</phase>
-                        <goals>
-                            <goal>run</goal>
-                        </goals>
-                        <configuration>
-                            <target>
-                                <replace file="${project.build.directory}/swagger-ui/META-INF/resources/webjars/swagger-ui/${swagger-ui.version}/swagger-ui.js" token="return url + requestUrl + querystring;" value="&#xA;var matrixstring = '';&#xA; for (var i = 0; i &lt; this.parameters.length; i++) {&#xA; var param = this.parameters[i];&#xA; &#xA; if (param.in === 'matrix') {&#xA; matrixstring += ';' + this.encodeQueryParam(param.name) + '=' + this.encodeQueryParam(args[param.name]);&#xA;     }&#xA;   }&#xA; &#xA;   var url = this.scheme + '://' + this.host;&#xA; &#xA;   if (this.basePath !== '/') {&#xA;     url += this.basePath;&#xA;   }&#xA;   return url + requestUrl + matrixstring + querystring;" />
-                            </target>
-                        </configuration>
-                    </execution>
-                </executions>
-            </plugin>
-            <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>build-helper-maven-plugin</artifactId>
                 <executions>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/FedizEntryPoint.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/FedizEntryPoint.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/FedizEntryPoint.java
deleted file mode 100644
index dd121fb..0000000
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/FedizEntryPoint.java
+++ /dev/null
@@ -1,172 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.fediz.service.idp;
-
-import java.io.IOException;
-import java.net.MalformedURLException;
-import java.net.URL;
-import java.net.URLEncoder;
-import java.util.Enumeration;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.cxf.fediz.core.FederationConstants;
-import org.apache.cxf.fediz.service.idp.domain.Idp;
-import org.apache.cxf.fediz.service.idp.service.ConfigService;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import org.springframework.beans.BeansException;
-import org.springframework.beans.factory.InitializingBean;
-import org.springframework.context.ApplicationContext;
-import org.springframework.context.ApplicationContextAware;
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.web.AuthenticationEntryPoint;
-import org.springframework.util.Assert;
-
-
-/**
- * Used by the <code>ExceptionTranslationFilter</code> to commence authentication
- * <p>
- * The user's browser will be redirected to the IDP.
- *
- */
-public class FedizEntryPoint implements AuthenticationEntryPoint,
-    InitializingBean, ApplicationContextAware {
-
-    private static final Logger LOG = LoggerFactory.getLogger(FedizEntryPoint.class);
-
-    private ApplicationContext appContext;
-    private ConfigService configService;
-    private String realm;
-    private Idp idpConfig;
-
-    public ConfigService getConfigService() {
-        return configService;
-    }
-
-    public void setConfigService(ConfigService configService) {
-        this.configService = configService;
-    }
-
-    public String getRealm() {
-        return realm;
-    }
-
-    public void setRealm(String realm) {
-        this.realm = realm;
-    }
-
-    public void afterPropertiesSet() throws Exception {
-        Assert.notNull(this.appContext, "ApplicationContext cannot be null.");
-        Assert.notNull(this.configService, "ConfigService cannot be null.");
-        Assert.notNull(this.realm, "realm cannot be null.");
-    }
-
-    public final void commence(final HttpServletRequest servletRequest, final HttpServletResponse response,
-            final AuthenticationException authenticationException) throws IOException, ServletException {
-
-        idpConfig = configService.getIDP(realm);
-        Assert.notNull(this.idpConfig, "idpConfig cannot be null. Check realm and config service implementation");
-
-        String wauth = servletRequest.getParameter(FederationConstants.PARAM_AUTH_TYPE);
-        if (wauth == null) {
-            wauth = "default";
-        }
-        String loginUri = idpConfig.getAuthenticationURIs().get(wauth);
-        if (loginUri == null) {
-            LOG.warn("wauth value '" + wauth + "' not supported");
-            response.sendError(
-                    HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "The wauth value that was supplied is not supported");
-            return;
-        }
-
-        StringBuilder builder = new StringBuilder(extractFullContextPath(servletRequest))
-            .append(loginUri).append("?");
-
-        // Add the query parameters - URL encoding them for safety
-        @SuppressWarnings("unchecked")
-        Enumeration<String> names = servletRequest.getParameterNames();
-        while (names.hasMoreElements()) {
-            String name = names.nextElement();
-            String[] values = servletRequest.getParameterValues(name);
-            if (values != null && values.length > 0) {
-                builder.append(name).append("=");
-                builder.append(URLEncoder.encode(values[0], "UTF-8"));
-                builder.append("&");
-            }
-        }
-        // Remove trailing ampersand
-        if (builder.charAt(builder.length() - 1) == '&') {
-            builder.deleteCharAt(builder.length() - 1);
-        }
-
-        String redirectUrl = builder.toString();
-        preCommence(servletRequest, response);
-        if (LOG.isInfoEnabled()) {
-            LOG.info("Redirect to " + redirectUrl);
-        }
-        response.sendRedirect(redirectUrl);
-    }
-
-
-    /**
-     * Template method for you to do your own pre-processing before the redirect occurs.
-     *
-     * @param request the HttpServletRequest
-     * @param response the HttpServletResponse
-     */
-    protected void preCommence(final HttpServletRequest request, final HttpServletResponse response) {
-
-    }
-
-    @Override
-    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
-        this.appContext = applicationContext;
-    }
-
-    protected String extractFullContextPath(HttpServletRequest request) throws MalformedURLException {
-        String result = null;
-        String contextPath = request.getContextPath();
-        String requestUrl = request.getRequestURL().toString();
-
-        String requestPath = new URL(requestUrl).getPath();
-        // Cut request path of request url and add context path if not ROOT
-        if (requestPath != null && requestPath.length() > 0) {
-            int lastIndex = requestUrl.lastIndexOf(requestPath);
-            result = requestUrl.substring(0, lastIndex);
-        } else {
-            result = requestUrl;
-        }
-        if (contextPath != null && contextPath.length() > 0) {
-            // contextPath contains starting slash
-            result = result + contextPath;
-        }
-        if (result.charAt(result.length() - 1) != '/') {
-            result = result + "/";
-        }
-        return result;
-    }
-
-
-
-}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpConstants.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpConstants.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpConstants.java
deleted file mode 100644
index 1e2969b..0000000
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpConstants.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.fediz.service.idp;
-
-public final class IdpConstants {
-
-    public static final String IDP_CONFIG = "idpConfig";
-
-    /**
-     * A key used to store context/state when communicating with a trusted third party IdP.
-     */
-    public static final String TRUSTED_IDP_CONTEXT = "trusted_idp_context";
-
-    /**
-     * A key used to store the application realm for the given request.
-     */
-    public static final String REALM = "realm";
-
-    /**
-     * A key used to store the home realm for the given request.
-     */
-    public static final String HOME_REALM = "home_realm";
-
-    /**
-     * The SAML Authn Request
-     */
-    public static final String SAML_AUTHN_REQUEST = "saml_authn_request";
-
-    /**
-     * A Context variable associated with the request (independent of protocol)
-     */
-    public static final String CONTEXT = "request_context";
-
-    /**
-     * A key used to store the return address for the given request
-     */
-    public static final String RETURN_ADDRESS = "return_address";
-
-
-    private IdpConstants() {
-        // complete
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpSTSClient.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpSTSClient.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpSTSClient.java
deleted file mode 100644
index b8450b4..0000000
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpSTSClient.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.fediz.service.idp;
-
-import org.w3c.dom.Element;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.ws.security.tokenstore.SecurityToken;
-import org.apache.cxf.ws.security.trust.STSClient;
-
-public class IdpSTSClient extends STSClient {
-
-    public IdpSTSClient(Bus b) {
-        super(b);
-    }
-
-    public Element requestSecurityTokenResponse() throws Exception {
-        return requestSecurityTokenResponse(null);
-    }
-
-    public Element requestSecurityTokenResponse(String appliesTo) throws Exception {
-        String action = null;
-        if (isSecureConv) {
-            action = namespace + "/RST/SCT";
-        }
-        return requestSecurityTokenResponse(appliesTo, action, "/Issue", null);
-    }
-
-    public Element requestSecurityTokenResponse(String appliesTo, String action,
-            String requestType, SecurityToken target) throws Exception {
-        STSResponse response = issue(appliesTo, null, "/Issue", null);
-
-        return getDocumentElement(response.getResponse());
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
deleted file mode 100644
index 0aab857..0000000
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
+++ /dev/null
@@ -1,111 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.fediz.service.idp;
-
-import java.io.IOException;
-import java.io.PrintWriter;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.w3c.dom.Document;
-import org.apache.cxf.fediz.service.idp.domain.Idp;
-import org.apache.cxf.fediz.service.idp.domain.TrustedIdp;
-import org.apache.cxf.fediz.service.idp.metadata.IdpMetadataWriter;
-import org.apache.cxf.fediz.service.idp.metadata.ServiceMetadataWriter;
-import org.apache.cxf.fediz.service.idp.service.ConfigService;
-import org.apache.wss4j.common.util.DOM2Writer;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.context.ApplicationContext;
-import org.springframework.web.context.support.WebApplicationContextUtils;
-
-
-public class MetadataServlet extends HttpServlet {
-
-    public static final String PARAM_REALM = "realm";
-    
-    private static final Logger LOG = LoggerFactory
-        .getLogger(MetadataServlet.class);
-    private static final long serialVersionUID = 1L;
-    
-    private ApplicationContext applicationContext;
-    private String realm;
-    
-    
-    @Override
-    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException,
-        IOException {
-        response.setContentType("text/xml; charset=utf-8");
-        PrintWriter out = response.getWriter();
-        
-        ConfigService cs = (ConfigService)getApplicationContext().getBean("config");
-        Idp idpConfig = cs.getIDP(realm);
-        try {
-            if (request.getServletPath() != null && request.getServletPath().startsWith("/metadata")) {
-                String serviceRealm = 
-                    request.getRequestURI().substring(request.getRequestURI().indexOf("/metadata")
-                                                      + "/metadata".length());
-                if (serviceRealm != null && serviceRealm.charAt(0) == '/') {
-                    serviceRealm = serviceRealm.substring(1);
-                }
-                TrustedIdp trustedIdp = idpConfig.findTrustedIdp(serviceRealm);
-                if (trustedIdp == null) {
-                    LOG.error("No TrustedIdp found for desired realm: " + serviceRealm);
-                    response.sendError(HttpServletResponse.SC_BAD_REQUEST);
-                    return;
-                }
-                ServiceMetadataWriter mw = new ServiceMetadataWriter();
-                Document metadata = mw.getMetaData(idpConfig, trustedIdp);
-                out.write(DOM2Writer.nodeToString(metadata));
-            } else {
-                // Otherwise return the Metadata for the Idp
-                LOG.debug(idpConfig.toString());
-                IdpMetadataWriter mw = new IdpMetadataWriter();
-                Document metadata = mw.getMetaData(idpConfig);
-                out.write(DOM2Writer.nodeToString(metadata));
-            }
-        } catch (Exception ex) {
-            LOG.error("Failed to get metadata document: ", ex);
-            response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
-        }
-    }
-
-    @Override
-    public void init(ServletConfig config) throws ServletException {
-        super.init(config);
-        realm = config.getInitParameter(PARAM_REALM);
-        if (realm == null || realm.length() == 0) {
-            throw new ServletException("Servlet parameter '" + PARAM_REALM + "' not defined");
-        }
-    }
-
-    public ApplicationContext getApplicationContext() {
-        if (applicationContext == null) {
-            LOG.debug(this.getServletContext().toString());
-            applicationContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
-        }
-        return applicationContext;
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
deleted file mode 100644
index 4e8ed11..0000000
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
+++ /dev/null
@@ -1,307 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.fediz.service.idp;
-
-import java.net.URI;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import org.w3c.dom.Element;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.BusFactory;
-//import org.apache.cxf.endpoint.Client;
-import org.apache.cxf.fediz.core.Claim;
-import org.apache.cxf.fediz.core.ClaimTypes;
-import org.apache.cxf.ws.security.tokenstore.SecurityToken;
-import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.common.saml.SamlAssertionWrapper;
-import org.opensaml.core.xml.XMLObject;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.security.authentication.AuthenticationProvider;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
-//import org.apache.cxf.transport.http.HTTPConduit;
-//import org.apache.cxf.transports.http.configuration.HTTPClientPolicy;
-
-/**
- * A base class for authenticating credentials to the STS
- */
-public abstract class STSAuthenticationProvider implements AuthenticationProvider {
-
-    public static final String HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_BEARER = 
-        "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer";
-    
-    public static final String HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512 = 
-        "http://docs.oasis-open.org/ws-sx/ws-trust/200512/";
-    
-    public static final String HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_02_TRUST =
-        "http://schemas.xmlsoap.org/ws/2005/02/trust";
-    
-    private static final Logger LOG = LoggerFactory.getLogger(STSAuthenticationProvider.class);
-
-    protected String wsdlLocation;
-    
-    protected String namespace = HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512;
-    
-    protected String wsdlService;
-
-    protected String wsdlEndpoint;
-
-    protected String appliesTo;
-    
-    protected boolean use200502Namespace;
-    
-    protected String tokenType;
-    
-    protected Bus bus;
-    
-    protected Integer lifetime;
-    
-    //Required to get IDP roles to use the IDP application, used in future release
-    protected String roleURI;
-    
-    protected Map<String, Object> properties = new HashMap<>();
-    
-    private String customSTSParameter;
-    
-    protected List<GrantedAuthority> createAuthorities(SecurityToken token) throws WSSecurityException {
-        List<GrantedAuthority> authorities = new ArrayList<>();
-        //authorities.add(new SimpleGrantedAuthority("ROLE_AUTHENTICATED"));
-        //Not needed because AuthenticatedVoter has been added for SecurityFlowExecutionListener
-        if (roleURI != null) {
-            SamlAssertionWrapper assertion = new SamlAssertionWrapper(token.getToken());
-            
-            List<Claim> claims = parseClaimsInAssertion(assertion.getSaml2());
-            for (Claim c : claims) {
-                if (c.getClaimType() != null && roleURI.equals(c.getClaimType().toString())) {
-                    Object oValue = c.getValue();
-                    if ((oValue instanceof List<?>) && !((List<?>)oValue).isEmpty()) {
-                        List<?> values = (List<?>)oValue;
-                        for (Object role: values) {
-                            if (role instanceof String) {
-                                authorities.add(new SimpleGrantedAuthority((String)role));
-                            }
-                        }
-                    } else {
-                        LOG.error("Unsupported value type of Claim value");
-                        throw new IllegalStateException("Unsupported value type of Claim value");
-                    }
-                    claims.remove(c);
-                    break;
-                }
-            }
-        }
-        
-        //Add IDP_LOGIN role to be able to access resource Idp, TrustedIdp, etc.
-        authorities.add(new SimpleGrantedAuthority("ROLE_IDP_LOGIN"));
-        
-        return authorities;
-    }
-    
-    public String getWsdlLocation() {
-        return wsdlLocation;
-    }
-
-    public void setWsdlLocation(String wsdlLocation) {
-        this.wsdlLocation = wsdlLocation;
-    }
-
-    public String getWsdlService() {
-        return wsdlService;
-    }
-
-    public void setWsdlService(String wsdlService) {
-        this.wsdlService = wsdlService;
-    }
-
-    public String getWsdlEndpoint() {
-        return wsdlEndpoint;
-    }
-
-    public void setWsdlEndpoint(String wsdlEndpoint) {
-        this.wsdlEndpoint = wsdlEndpoint;
-    }
-    
-    public String getNamespace() {
-        return namespace;
-    }
-
-    public void setNamespace(String namespace) {
-        this.namespace = namespace;
-    }
-
-    public String getAppliesTo() {
-        return appliesTo;
-    }
-
-    public void setAppliesTo(String appliesTo) {
-        this.appliesTo = appliesTo;
-    }
-    
-    public void setBus(Bus bus) {
-        this.bus = bus;
-    }
-
-    public Bus getBus() {
-        // do not store a referance to the default bus
-        return (bus != null) ? bus : BusFactory.getDefaultBus();
-    }
-
-    public String getTokenType() {
-        return tokenType;
-    }
-
-    public void setTokenType(String tokenType) {
-        this.tokenType = tokenType;
-    }
-    
-    public Integer getLifetime() {
-        return lifetime;
-    }
-
-    public void setLifetime(Integer lifetime) {
-        this.lifetime = lifetime;
-    }
-
-    protected List<Claim> parseClaimsInAssertion(org.opensaml.saml.saml2.core.Assertion assertion) {
-        List<org.opensaml.saml.saml2.core.AttributeStatement> attributeStatements = assertion
-        .getAttributeStatements();
-        if (attributeStatements == null || attributeStatements.isEmpty()) {
-            LOG.debug("No attribute statements found");
-            return Collections.emptyList();
-        }
-
-        List<Claim> collection = new ArrayList<>();
-        Map<String, Claim> claimsMap = new HashMap<>();
-
-        for (org.opensaml.saml.saml2.core.AttributeStatement statement : attributeStatements) {
-            LOG.debug("parsing statement: {}", statement.getElementQName());
-            List<org.opensaml.saml.saml2.core.Attribute> attributes = statement
-            .getAttributes();
-            for (org.opensaml.saml.saml2.core.Attribute attribute : attributes) {
-                LOG.debug("parsing attribute: {}", attribute.getName());
-                Claim c = new Claim();
-                // Workaround for CXF-4484 
-                // Value of Attribute Name not fully qualified
-                // if NameFormat is http://schemas.xmlsoap.org/ws/2005/05/identity/claims
-                // but ClaimType value must be fully qualified as Namespace attribute goes away
-                URI attrName = URI.create(attribute.getName());
-                if (ClaimTypes.URI_BASE.toString().equals(attribute.getNameFormat())
-                    && !attrName.isAbsolute()) {
-                    c.setClaimType(URI.create(ClaimTypes.URI_BASE + "/" + attribute.getName()));
-                } else {
-                    c.setClaimType(URI.create(attribute.getName()));
-                }
-                c.setIssuer(assertion.getIssuer().getNameQualifier());
-
-                List<String> valueList = new ArrayList<>();
-                for (XMLObject attributeValue : attribute.getAttributeValues()) {
-                    Element attributeValueElement = attributeValue.getDOM();
-                    String value = attributeValueElement.getTextContent();
-                    LOG.debug(" [{}]", value);
-                    valueList.add(value);
-                }
-                mergeClaimToMap(claimsMap, c, valueList);
-            }
-        }
-        collection.addAll(claimsMap.values());
-        return collection;
-
-    }
-    
-    protected void mergeClaimToMap(Map<String, Claim> claimsMap, Claim c,
-                                   List<String> valueList) {
-        Claim t = claimsMap.get(c.getClaimType().toString());
-        if (t != null) {
-            //same SAML attribute already processed. Thus Claim object already created.
-            Object oValue = t.getValue();
-            if (oValue instanceof String) {
-                //one child element AttributeValue only
-                List<String> values = new ArrayList<>();
-                values.add((String)oValue); //add existing value
-                values.addAll(valueList);
-                t.setValue(values);
-            } else if (oValue instanceof List<?>) {
-                //more than one child element AttributeValue
-                @SuppressWarnings("unchecked")
-                List<String> values = (List<String>)oValue;
-                values.addAll(valueList);
-                t.setValue(values);
-            } else {
-                LOG.error("Unsupported value type of Claim value");
-                throw new IllegalStateException("Unsupported value type of Claim value");
-            }
-        } else {
-            if (valueList.size() == 1) {
-                c.setValue(valueList.get(0));
-            } else {
-                c.setValue(valueList);
-            }
-            // Add claim to map
-            claimsMap.put(c.getClaimType().toString(), c);
-        }
-    }
-
-    public String getRoleURI() {
-        return roleURI;
-    }
-
-    public void setRoleURI(String roleURI) {
-        this.roleURI = roleURI;
-    }
-    
-    public void setProperties(Map<String, Object> p) {
-        properties.putAll(p);
-    }
-
-    public Map<String, Object> getProperties() {
-        return properties;
-    }
-
-    public boolean isUse200502Namespace() {
-        return use200502Namespace;
-    }
-
-    public void setUse200502Namespace(boolean use200502Namespace) {
-        this.use200502Namespace = use200502Namespace;
-    }
-
-    public String getCustomSTSParameter() {
-        return customSTSParameter;
-    }
-
-    public void setCustomSTSParameter(String customSTSParameter) {
-        this.customSTSParameter = customSTSParameter;
-    }
-
-//May be uncommented for debugging    
-//    private void setTimeout(Client client, Long timeout) {
-//        HTTPConduit conduit = (HTTPConduit) client.getConduit();
-//        HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
-//        httpClientPolicy.setConnectionTimeout(timeout);
-//        httpClientPolicy.setReceiveTimeout(timeout);
-//        conduit.setClient(httpClientPolicy);
-//    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSKrbAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSKrbAuthenticationProvider.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSKrbAuthenticationProvider.java
deleted file mode 100644
index 62f4817..0000000
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSKrbAuthenticationProvider.java
+++ /dev/null
@@ -1,259 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.fediz.service.idp;
-
-import java.security.Principal;
-import java.security.PrivilegedActionException;
-import java.util.List;
-
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.LoginException;
-import javax.xml.namespace.QName;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.fediz.service.idp.kerberos.KerberosServiceRequestToken;
-import org.apache.cxf.fediz.service.idp.kerberos.KerberosTokenValidator;
-import org.apache.cxf.fediz.service.idp.kerberos.PassThroughKerberosClient;
-import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.tokenstore.SecurityToken;
-import org.apache.wss4j.common.kerberos.KerberosServiceContext;
-import org.apache.wss4j.common.principal.SAMLTokenPrincipalImpl;
-import org.apache.wss4j.common.saml.SamlAssertionWrapper;
-import org.apache.wss4j.dom.WSConstants;
-import org.ietf.jgss.GSSContext;
-import org.ietf.jgss.GSSCredential;
-import org.ietf.jgss.GSSException;
-import org.ietf.jgss.GSSManager;
-import org.ietf.jgss.GSSName;
-import org.ietf.jgss.Oid;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.core.GrantedAuthority;
-
-/**
- * An authentication provider to authenticate a Kerberos token to the STS
- */
-public class STSKrbAuthenticationProvider extends STSAuthenticationProvider {
-
-    private static final Logger LOG = LoggerFactory.getLogger(STSKrbAuthenticationProvider.class);
-
-    private KerberosTokenValidator kerberosTokenValidator;
-    
-    private CallbackHandler kerberosCallbackHandler;
-    
-    private boolean kerberosUsernameServiceNameForm;
-    
-    private boolean requireDelegation;
-    
-    
-    @Override
-    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
-        // We only handle KerberosServiceRequestTokens
-        if (!(authentication instanceof KerberosServiceRequestToken)) {
-            return null;
-        }
-        
-        Bus cxfBus = getBus();
-        IdpSTSClient sts = new IdpSTSClient(cxfBus);
-        sts.setAddressingNamespace("http://www.w3.org/2005/08/addressing");
-        if (tokenType != null && tokenType.length() > 0) {
-            sts.setTokenType(tokenType);
-        } else {
-            sts.setTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
-        }
-        sts.setKeyType(HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_BEARER);
-        sts.setWsdlLocation(wsdlLocation);
-        sts.setServiceQName(new QName(namespace, wsdlService));
-        sts.setEndpointQName(new QName(namespace, wsdlEndpoint));
-        
-        sts.getProperties().putAll(properties);
-        if (use200502Namespace) {
-            sts.setNamespace(HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_02_TRUST);
-        }
-        
-        if (lifetime != null) {
-            sts.setEnableLifetime(true);
-            sts.setTtl(lifetime.intValue());
-        }
-        
-        return handleKerberos((KerberosServiceRequestToken)authentication, sts);
-    }
-    
-    private Authentication handleKerberos(
-        KerberosServiceRequestToken kerberosRequestToken,
-        IdpSTSClient sts
-    ) {
-        Principal kerberosPrincipal = null;
-        // 
-        // If delegation is required then validate the received token + store the
-        // Delegated Credential so that we can retrieve a new kerberos token for the
-        // STS with it. If delegation is not required, then we just get the received
-        // token + pass it to the STS
-        //
-        if (requireDelegation) {
-            kerberosPrincipal = validateKerberosToken(kerberosRequestToken, sts);
-            if (kerberosPrincipal == null) {
-                return null;
-            }
-        } else {
-            PassThroughKerberosClient kerberosClient = new PassThroughKerberosClient();
-            kerberosClient.setToken(kerberosRequestToken.getToken());
-            sts.getProperties().put(SecurityConstants.KERBEROS_CLIENT, kerberosClient);
-        }
-        
-        try {
-            // Line below may be uncommented for debugging    
-            // setTimeout(sts.getClient(), 3600000L);
-
-            SecurityToken token = sts.requestSecurityToken(this.appliesTo);
-            
-            if (kerberosPrincipal == null && token.getToken() != null
-                && "Assertion".equals(token.getToken().getLocalName())) {
-                // For the pass-through Kerberos case, we don't know the Principal name...
-                kerberosPrincipal = 
-                    new SAMLTokenPrincipalImpl(new SamlAssertionWrapper(token.getToken()));
-            }
-            
-            if (kerberosPrincipal == null) {
-                LOG.info("Failed to authenticate user '" + kerberosRequestToken.getName());
-                return null;
-            }
-            
-            List<GrantedAuthority> authorities = createAuthorities(token);
-            
-            KerberosServiceRequestToken ksrt = 
-                new KerberosServiceRequestToken(kerberosPrincipal, authorities, kerberosRequestToken.getToken());
-            
-            STSUserDetails details = new STSUserDetails(kerberosPrincipal.getName(),
-                                                        "",
-                                                        authorities,
-                                                        token);
-            ksrt.setDetails(details);
-            
-            LOG.debug("[IDP_TOKEN={}] provided for user '{}'", token.getId(), kerberosPrincipal.getName());
-            return ksrt;
-        } catch (Exception ex) {
-            LOG.info("Failed to authenticate user '" + kerberosRequestToken.getName() + "'", ex);
-            return null;
-        }
-    }
-    
-    private Principal validateKerberosToken(
-        KerberosServiceRequestToken token,
-        IdpSTSClient sts
-    ) {
-        if (kerberosTokenValidator == null) {
-            LOG.error("KerberosTokenValidator must be configured to support kerberos "
-                + "credential delegation");
-            return null;
-        }
-        KerberosServiceContext kerberosContext;
-        Principal kerberosPrincipal = null;
-        try {
-            kerberosContext = kerberosTokenValidator.validate(token);
-            if (kerberosContext == null || kerberosContext.getDelegationCredential() == null) {
-                LOG.info("Kerberos Validation failure");
-                return null;
-            }
-            GSSCredential delegatedCredential = kerberosContext.getDelegationCredential();
-            sts.getProperties().put(SecurityConstants.DELEGATED_CREDENTIAL, 
-                                    delegatedCredential);
-            sts.getProperties().put(SecurityConstants.KERBEROS_USE_CREDENTIAL_DELEGATION, "true");
-            kerberosPrincipal = kerberosContext.getPrincipal();
-        } catch (LoginException ex) {
-            LOG.info("Failed to authenticate user", ex);
-            return null;
-        } catch (PrivilegedActionException ex) {
-            LOG.info("Failed to authenticate user", ex);
-            return null;
-        }
-
-        if (kerberosTokenValidator.getContextName() != null) {
-            sts.getProperties().put(SecurityConstants.KERBEROS_JAAS_CONTEXT_NAME, 
-                                    kerberosTokenValidator.getContextName());
-        }
-        if (kerberosTokenValidator.getServiceName() != null) {
-            sts.getProperties().put(SecurityConstants.KERBEROS_SPN,
-                                    kerberosTokenValidator.getServiceName());
-        }
-        if (kerberosCallbackHandler != null) {
-            sts.getProperties().put(SecurityConstants.CALLBACK_HANDLER, 
-                                    kerberosCallbackHandler);
-        }
-        if (kerberosUsernameServiceNameForm) {
-            sts.getProperties().put(SecurityConstants.KERBEROS_IS_USERNAME_IN_SERVICENAME_FORM, 
-                                    "true");
-        }
-        
-        return kerberosPrincipal;
-    }
-    
-    protected GSSContext createGSSContext() throws GSSException {
-        Oid oid = new Oid("1.2.840.113554.1.2.2");
-
-        GSSManager gssManager = GSSManager.getInstance();
-
-        String spn = "bob@service.ws.apache.org";
-        GSSName gssService = gssManager.createName(spn, null);
-
-        return gssManager.createContext(gssService.canonicalize(oid),
-                                        oid, null, GSSContext.DEFAULT_LIFETIME);
-
-    }
-
-    @Override
-    public boolean supports(Class<?> authentication) {
-        return authentication.equals(KerberosServiceRequestToken.class);
-    }
-    
-    public KerberosTokenValidator getKerberosTokenValidator() {
-        return kerberosTokenValidator;
-    }
-
-    public void setKerberosTokenValidator(KerberosTokenValidator kerberosTokenValidator) {
-        this.kerberosTokenValidator = kerberosTokenValidator;
-    }
-
-    public CallbackHandler getKerberosCallbackHandler() {
-        return kerberosCallbackHandler;
-    }
-
-    public void setKerberosCallbackHandler(CallbackHandler kerberosCallbackHandler) {
-        this.kerberosCallbackHandler = kerberosCallbackHandler;
-    }
-
-    public boolean isKerberosUsernameServiceNameForm() {
-        return kerberosUsernameServiceNameForm;
-    }
-
-    public void setKerberosUsernameServiceNameForm(boolean kerberosUsernameServiceNameForm) {
-        this.kerberosUsernameServiceNameForm = kerberosUsernameServiceNameForm;
-    }
-
-    public boolean isRequireDelegation() {
-        return requireDelegation;
-    }
-
-    public void setRequireDelegation(boolean requireDelegation) {
-        this.requireDelegation = requireDelegation;
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSPortFilter.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSPortFilter.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSPortFilter.java
deleted file mode 100644
index 889dadd..0000000
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSPortFilter.java
+++ /dev/null
@@ -1,95 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.fediz.service.idp;
-
-import java.io.IOException;
-import java.net.MalformedURLException;
-import java.net.URL;
-
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.BeansException;
-import org.springframework.context.ApplicationContext;
-import org.springframework.context.ApplicationContextAware;
-import org.springframework.util.Assert;
-import org.springframework.web.filter.GenericFilterBean;
-
-public class STSPortFilter extends GenericFilterBean implements ApplicationContextAware {
-
-    private static final Logger LOG = LoggerFactory.getLogger(STSPortFilter.class);
-    
-    private ApplicationContext applicationContext;
-    private STSAuthenticationProvider authenticationProvider;
-    
-    private boolean isPortSet;
-    
-    @Override
-    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
-        throws IOException, ServletException {
-        
-        Assert.isTrue(applicationContext != null, "Application context must not be null");
-        STSAuthenticationProvider authProvider = authenticationProvider;
-        if (authProvider == null) {
-            authProvider = applicationContext.getBean(STSAuthenticationProvider.class);
-        }
-        Assert.isTrue(authProvider != null, "STSAuthenticationProvider must be configured");
-        
-        //Only update the port if HTTPS is used, otherwise ignored (like retrieving the WADL over HTTP)
-        if (!isPortSet && request.isSecure()) {
-            try {
-                URL url = new URL(authProvider.getWsdlLocation());
-                if (url.getPort() == 0) {
-                    URL updatedUrl = new URL(url.getProtocol(), url.getHost(), request.getLocalPort(), url.getFile());
-                    setSTSWsdlUrl(authProvider, updatedUrl.toString());
-                    LOG.info("STSAuthenticationProvider.wsdlLocation set to " + updatedUrl.toString());
-                } else {
-                    setSTSWsdlUrl(authProvider, url.toString());
-                }
-            } catch (MalformedURLException e) {
-                LOG.error("Invalid Url '" + authProvider.getWsdlLocation() + "': "  + e.getMessage());
-            }
-        }
-        
-        chain.doFilter(request, response);
-    }
-
-    private synchronized void setSTSWsdlUrl(STSAuthenticationProvider authProvider, String wsdlUrl) {
-        authProvider.setWsdlLocation(wsdlUrl);
-        this.isPortSet = true;
-    }
-    
-    @Override
-    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
-        this.applicationContext = applicationContext;
-    }
-
-    public STSAuthenticationProvider getAuthenticationProvider() {
-        return authenticationProvider;
-    }
-
-    public void setAuthenticationProvider(STSAuthenticationProvider authenticationProvider) {
-        this.authenticationProvider = authenticationProvider;
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSPreAuthAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSPreAuthAuthenticationProvider.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSPreAuthAuthenticationProvider.java
deleted file mode 100644
index 45ec0a3..0000000
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSPreAuthAuthenticationProvider.java
+++ /dev/null
@@ -1,130 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.fediz.service.idp;
-
-import java.security.cert.X509Certificate;
-import java.util.List;
-
-import javax.xml.namespace.QName;
-
-import org.w3c.dom.Document;
-import org.apache.cxf.Bus;
-import org.apache.cxf.fediz.core.util.DOMUtils;
-import org.apache.cxf.ws.security.tokenstore.SecurityToken;
-import org.apache.wss4j.dom.WSConstants;
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.keys.content.X509Data;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
-
-/**
- * An authentication provider to authenticate a preauthenticated token to the STS
- */
-public class STSPreAuthAuthenticationProvider extends STSAuthenticationProvider {
-
-    private static final Logger LOG = LoggerFactory
-            .getLogger(STSPreAuthAuthenticationProvider.class);
-
-    @Override
-    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
-        // We only handle PreAuthenticatedAuthenticationTokens
-        if (!(authentication instanceof PreAuthenticatedAuthenticationToken)) {
-            return null;
-        }
-        
-        Bus cxfBus = getBus();
-        IdpSTSClient sts = new IdpSTSClient(cxfBus);
-        sts.setAddressingNamespace("http://www.w3.org/2005/08/addressing");
-        if (tokenType != null && tokenType.length() > 0) {
-            sts.setTokenType(tokenType);
-        } else {
-            sts.setTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
-        }
-        sts.setKeyType(HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_BEARER);
-        sts.setWsdlLocation(wsdlLocation);
-        sts.setServiceQName(new QName(namespace, wsdlService));
-        sts.setEndpointQName(new QName(namespace, wsdlEndpoint));
-        
-        sts.getProperties().putAll(properties);
-        if (use200502Namespace) {
-            sts.setNamespace(HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_02_TRUST);
-        }
-        
-        if (lifetime != null) {
-            sts.setEnableLifetime(true);
-            sts.setTtl(lifetime.intValue());
-        }
-        
-        return handlePreAuthenticated((PreAuthenticatedAuthenticationToken)authentication, sts);
-    }
-    
-    private Authentication handlePreAuthenticated(
-        PreAuthenticatedAuthenticationToken preauthenticatedToken,
-        IdpSTSClient sts
-    ) {
-        X509Certificate cert = (X509Certificate)preauthenticatedToken.getCredentials();
-        if (cert == null) {
-            return null;
-        }
-        
-        // Convert the received certificate to a DOM Element to write it out "OnBehalfOf"
-        Document doc = DOMUtils.createDocument();
-        X509Data certElem = new X509Data(doc);
-        try {
-            certElem.addCertificate(cert);
-            sts.setOnBehalfOf(certElem.getElement());
-        } catch (XMLSecurityException e) {
-            LOG.debug("Error parsing a client certificate", e);
-            return null;
-        }
-        
-        try {
-            // Line below may be uncommented for debugging    
-            // setTimeout(sts.getClient(), 3600000L);
-
-            SecurityToken token = sts.requestSecurityToken(this.appliesTo);
-            
-            List<GrantedAuthority> authorities = createAuthorities(token);
-            
-            STSUserDetails details = new STSUserDetails(preauthenticatedToken.getName(),
-                                                        "",
-                                                        authorities,
-                                                        token);
-            
-            preauthenticatedToken.setDetails(details);
-            
-            LOG.debug("[IDP_TOKEN={}] provided for user '{}'", token.getId(), preauthenticatedToken.getName());
-            return preauthenticatedToken;
-            
-        } catch (Exception ex) {
-            LOG.info("Failed to authenticate user '" + preauthenticatedToken.getName() + "'", ex);
-            return null;
-        }
-    }
-
-    @Override
-    public boolean supports(Class<?> authentication) {
-        return authentication.equals(PreAuthenticatedAuthenticationToken.class);
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java
deleted file mode 100644
index 6e9130c..0000000
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java
+++ /dev/null
@@ -1,131 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.fediz.service.idp;
-
-import java.util.List;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.xml.namespace.QName;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.tokenstore.SecurityToken;
-import org.apache.wss4j.dom.WSConstants;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.web.context.request.RequestContextHolder;
-import org.springframework.web.context.request.ServletRequestAttributes;
-
-/**
- * An authentication provider to authenticate a Username/Password to the STS
- */
-public class STSUPAuthenticationProvider extends STSAuthenticationProvider {
-
-    private static final Logger LOG = LoggerFactory.getLogger(STSUPAuthenticationProvider.class);
-    
-    @Override
-    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
-        // We only handle UsernamePasswordAuthenticationTokens
-        if (!(authentication instanceof UsernamePasswordAuthenticationToken)) {
-            return null;
-        }
-        
-        Bus cxfBus = getBus();
-        IdpSTSClient sts = new IdpSTSClient(cxfBus);
-        sts.setAddressingNamespace("http://www.w3.org/2005/08/addressing");
-        if (tokenType != null && tokenType.length() > 0) {
-            sts.setTokenType(tokenType);
-        } else {
-            sts.setTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
-        }
-        sts.setKeyType(HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_BEARER);
-        sts.setWsdlLocation(wsdlLocation);
-        sts.setServiceQName(new QName(namespace, wsdlService));
-        sts.setEndpointQName(new QName(namespace, wsdlEndpoint));
-        
-        sts.getProperties().putAll(properties);
-        if (use200502Namespace) {
-            sts.setNamespace(HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_02_TRUST);
-        }
-        
-        if (lifetime != null) {
-            sts.setEnableLifetime(true);
-            sts.setTtl(lifetime.intValue());
-        }
-        
-        return handleUsernamePassword((UsernamePasswordAuthenticationToken)authentication, sts);
-    }
-    
-    private Authentication handleUsernamePassword(
-        UsernamePasswordAuthenticationToken usernamePasswordToken,
-        IdpSTSClient sts
-    ) {
-        sts.getProperties().put(SecurityConstants.USERNAME, usernamePasswordToken.getName());
-        sts.getProperties().put(SecurityConstants.PASSWORD, (String)usernamePasswordToken.getCredentials());
-        
-        try {
-            
-            if (getCustomSTSParameter() != null) {
-                HttpServletRequest request = 
-                    ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getRequest();
-                String authRealmParameter = request.getParameter(getCustomSTSParameter());
-                LOG.debug("Found {} custom STS parameter {}", getCustomSTSParameter(), authRealmParameter);
-                if (authRealmParameter != null) {
-                    sts.setCustomContent(authRealmParameter);
-                }
-            }
-
-            // Line below may be uncommented for debugging    
-            // setTimeout(sts.getClient(), 3600000L);
-
-            SecurityToken token = sts.requestSecurityToken(this.appliesTo);
-            
-            List<GrantedAuthority> authorities = createAuthorities(token);
-            
-            UsernamePasswordAuthenticationToken upat = 
-                new UsernamePasswordAuthenticationToken(usernamePasswordToken.getName(), 
-                                                        usernamePasswordToken.getCredentials(), 
-                                                        authorities);
-
-            STSUserDetails details = new STSUserDetails(usernamePasswordToken.getName(),
-                                                        (String)usernamePasswordToken.getCredentials(),
-                                                        authorities,
-                                                        token);
-            upat.setDetails(details);
-
-            LOG.debug("[IDP_TOKEN={}] provided for user '{}'", token.getId(), usernamePasswordToken.getName());
-            return upat;
-                                                                                           
-        } catch (Exception ex) {
-            LOG.info("Failed to authenticate user '" + usernamePasswordToken.getName() + "'", ex);
-            return null;
-        }
-        
-    }
-    
-    @Override
-    public boolean supports(Class<?> authentication) {
-        return authentication.equals(UsernamePasswordAuthenticationToken.class);
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSUserDetails.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSUserDetails.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSUserDetails.java
deleted file mode 100644
index 080bcb4..0000000
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSUserDetails.java
+++ /dev/null
@@ -1,73 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.fediz.service.idp;
-
-import java.util.Collection;
-
-import org.apache.cxf.ws.security.tokenstore.SecurityToken;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.userdetails.User;
-
-public class STSUserDetails extends User {
-    
-    private static final long serialVersionUID = 1975259365978165675L;
-    
-    private SecurityToken token;
-    
-    public STSUserDetails(String username, String password, boolean enabled, boolean accountNonExpired,
-                          boolean credentialsNonExpired, boolean accountNonLocked,
-                          Collection<? extends GrantedAuthority> authorities) {
-        super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
-    }
-    
-    public STSUserDetails(String username, String password, 
-                          Collection<? extends GrantedAuthority> authorities, SecurityToken token) {
-        super(username, password, true, true, true, true, authorities);
-        this.token = token;
-    }
-
-    public SecurityToken getSecurityToken() {
-        return this.token;
-    }
-
-    @Override
-    public boolean equals(Object object) {
-        if (!(object instanceof STSUserDetails)) {
-            return false;
-        }
-        
-        if (token != null && !token.equals(((STSUserDetails)object).token)) {
-            return false;
-        } else  if (token == null && ((STSUserDetails)object).token != null) {
-            return false;
-        }
-        
-        return super.equals(object);
-    }
-    
-    @Override
-    public int hashCode() {
-        int hashCode = 17;
-        if (token != null) {
-            hashCode *= 31 * token.hashCode();
-        }
-        
-        return hashCode * super.hashCode();
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/CacheSecurityToken.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/CacheSecurityToken.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/CacheSecurityToken.java
deleted file mode 100644
index e219741..0000000
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/CacheSecurityToken.java
+++ /dev/null
@@ -1,56 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.fediz.service.idp.beans;
-
-import org.apache.cxf.fediz.service.idp.STSUserDetails;
-import org.apache.cxf.fediz.service.idp.domain.Idp;
-import org.apache.cxf.fediz.service.idp.util.WebUtils;
-import org.apache.cxf.ws.security.tokenstore.SecurityToken;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.stereotype.Component;
-import org.springframework.util.Assert;
-import org.springframework.webflow.execution.RequestContext;
-
-/**
- * This class is responsible to cache the IDP token.
- */
-@Component
-public class CacheSecurityToken {
-
-    private static final String IDP_CONFIG = "idpConfig";
-    private static final Logger LOG = LoggerFactory.getLogger(CacheSecurityToken.class);
-
-    public void submit(RequestContext context) {
-
-        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
-        Assert.isInstanceOf(STSUserDetails.class, auth.getDetails());
-        final STSUserDetails stsUserDetails = (STSUserDetails) auth.getDetails();
-        SecurityToken securityToken = stsUserDetails.getSecurityToken();
-
-        Idp idpConfig = (Idp)WebUtils.getAttributeFromFlowScope(context, IDP_CONFIG);
-
-        WebUtils.putAttributeInExternalContext(context, idpConfig.getRealm(), securityToken);
-        LOG.info("Token [IDP_TOKEN=" + securityToken.getId()
-                + "] for realm ["
-                + idpConfig.getRealm() + "] successfully cached.");
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/CommonsURLValidator.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/CommonsURLValidator.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/CommonsURLValidator.java
deleted file mode 100644
index 25780d2..0000000
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/CommonsURLValidator.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.fediz.service.idp.beans;
-
-import org.apache.commons.validator.routines.UrlValidator;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Component;
-import org.springframework.webflow.execution.RequestContext;
-
-/**
- * Validate a URL using Commons Validator
- */
-@Component
-public class CommonsURLValidator {
-
-    private static final Logger LOG = LoggerFactory.getLogger(CommonsURLValidator.class);
-
-    public boolean isValid(RequestContext context, String endpointAddress)
-        throws Exception {
-        if (endpointAddress == null) {
-            return true;
-        }
-        
-        // The endpointAddress address must be a valid URL + start with http(s)
-        // Validate it first using commons-validator
-        UrlValidator urlValidator = new UrlValidator(new String[] {"http", "https"}, UrlValidator.ALLOW_LOCAL_URLS);
-        if (!urlValidator.isValid(endpointAddress)) {
-            LOG.warn("The given endpointAddress parameter {} is not a valid URL", endpointAddress);
-            return false;
-        }
-        
-        return true;
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf309400/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/HomeRealmReminder.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/HomeRealmReminder.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/HomeRealmReminder.java
deleted file mode 100644
index c755ebf..0000000
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/HomeRealmReminder.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.fediz.service.idp.beans;
-
-import javax.servlet.http.Cookie;
-
-import org.apache.cxf.fediz.service.idp.util.WebUtils;
-import org.springframework.stereotype.Component;
-import org.springframework.webflow.execution.RequestContext;
-
-@Component
-public class HomeRealmReminder {
-
-    public static final String FEDIZ_HOME_REALM = "FEDIZ_HOME_REALM";
-
-    public Cookie readCookie(RequestContext requestContext) {
-        return WebUtils.readCookie(requestContext, FEDIZ_HOME_REALM);
-    }
-
-    public void addCookie(RequestContext requestContext, String cookieValue) {
-        WebUtils.addCookie(requestContext, FEDIZ_HOME_REALM, cookieValue);
-    }
-
-    public void removeCookie(RequestContext requestContext) {
-        WebUtils.removeCookie(requestContext, FEDIZ_HOME_REALM);
-    }
-}


Mime
View raw message