cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [1/2] cxf-fediz git commit: Adding spring3 plugin + tests back in
Date Thu, 13 Apr 2017 15:49:20 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master dc0efb889 -> 5f7522979


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5f752297/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/Spring3Test.java
----------------------------------------------------------------------
diff --git a/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/Spring3Test.java
b/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/Spring3Test.java
new file mode 100644
index 0000000..013628e
--- /dev/null
+++ b/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/Spring3Test.java
@@ -0,0 +1,162 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.integrationtests;
+
+
+import java.io.File;
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+
+import org.apache.catalina.LifecycleException;
+import org.apache.catalina.LifecycleState;
+import org.apache.catalina.connector.Connector;
+import org.apache.catalina.startup.Tomcat;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Ignore;
+
+public class Spring3Test extends AbstractTests {
+
+    static String idpHttpsPort;
+    static String rpHttpsPort;
+
+    private static Tomcat idpServer;
+    private static Tomcat rpServer;
+
+    @BeforeClass
+    public static void init() throws Exception {
+        System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
+
+        System.setProperty("org.apache.commons.logging.simplelog.showdatetime", "true");
+
+        System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire", "debug");
+
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient",
"debug");
+
+        idpHttpsPort = System.getProperty("idp.https.port");
+        Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
+        rpHttpsPort = System.getProperty("rp.https.port");
+        Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
+
+        idpServer = startServer(true, idpHttpsPort);
+        rpServer = startServer(false, rpHttpsPort);
+    }
+
+    @AfterClass
+    public static void cleanup() {
+        shutdownServer(idpServer);
+        shutdownServer(rpServer);
+    }
+
+    private static void shutdownServer(Tomcat server) {
+        try {
+            if (server != null && server.getServer() != null
+                && server.getServer().getState() != LifecycleState.DESTROYED) {
+                if (server.getServer().getState() != LifecycleState.STOPPED) {
+                    server.stop();
+                }
+                server.destroy();
+            }
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+
+    private static Tomcat startServer(boolean idp, String port)
+        throws ServletException, LifecycleException, IOException {
+        Tomcat server = new Tomcat();
+        server.setPort(0);
+        String currentDir = new File(".").getCanonicalPath();
+        String baseDir = currentDir + File.separator + "target";
+        server.setBaseDir(baseDir);
+
+        if (idp) {
+            server.getHost().setAppBase("tomcat/idp/webapps");
+        } else {
+            server.getHost().setAppBase("tomcat/rp/webapps");
+        }
+        server.getHost().setAutoDeploy(true);
+        server.getHost().setDeployOnStartup(true);
+
+        Connector httpsConnector = new Connector();
+        httpsConnector.setPort(Integer.parseInt(port));
+        httpsConnector.setSecure(true);
+        httpsConnector.setScheme("https");
+        //httpsConnector.setAttribute("keyAlias", keyAlias);
+        httpsConnector.setAttribute("keystorePass", "tompass");
+        httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
+        httpsConnector.setAttribute("truststorePass", "tompass");
+        httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks");
+        httpsConnector.setAttribute("clientAuth", "want");
+        // httpsConnector.setAttribute("clientAuth", "false");
+        httpsConnector.setAttribute("sslProtocol", "TLS");
+        httpsConnector.setAttribute("SSLEnabled", true);
+
+        server.getService().addConnector(httpsConnector);
+
+        if (idp) {
+            File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(),
"fediz-idp-sts");
+            server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
+
+            File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(),
"fediz-idp");
+            server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
+        } else {
+            File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(),
+                                     "fediz-systests-webapps-spring3");
+            server.addWebapp("/fedizhelloworld_spring3", rpWebapp.getAbsolutePath());
+        }
+
+        server.start();
+
+        return server;
+    }
+
+    @Override
+    public String getIdpHttpsPort() {
+        return idpHttpsPort;
+    }
+
+    @Override
+    public String getRpHttpsPort() {
+        return rpHttpsPort;
+    }
+
+    @Override
+    public String getServletContextName() {
+        return "fedizhelloworld_spring3";
+    }
+
+    @Ignore("This tests is currently failing on Spring")
+    @Override
+    public void testConcurrentRequests() throws Exception {
+        // super.testConcurrentRequests();
+    }
+
+    @Override
+    @org.junit.Test
+    public void testCSRFAttack() throws Exception {
+        String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+            + "/j_spring_fediz_security_check";
+        csrfAttackTest(url);
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5f752297/systests/spring/src/test/resources/fediz_config.xml
----------------------------------------------------------------------
diff --git a/systests/spring/src/test/resources/fediz_config.xml b/systests/spring/src/test/resources/fediz_config.xml
index 6cce85e..8bb4ca6 100644
--- a/systests/spring/src/test/resources/fediz_config.xml
+++ b/systests/spring/src/test/resources/fediz_config.xml
@@ -83,6 +83,45 @@
 			<issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer>
 			<roleDelimiter>,</roleDelimiter>
 			<roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+            <reply>/j_spring_fediz_security_check</reply>
+			<!--<authenticationType type="String">some auth type</authenticationType>-->
+			<!--<homeRealm type="Class">org.apache.fediz.realm.MyHomeRealm</homeRealm>-->
+			<!--<freshness>0</freshness>-->
+			<!--<reply>reply value</reply>-->
+			<!--<request>REQUEST</request>-->
+			<homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-A</homeRealm>
+			<claimTypesRequested>
+				<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" optional="false"
/>
+				<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
optional="true" />
+				<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" optional="true"
/>
+				<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
optional="true" />
+			</claimTypesRequested>
+		</protocol>
+        <logoutURL>/secure/logout</logoutURL>
+        <logoutRedirectTo>/index.html</logoutRedirectTo>
+	</contextConfig>
+	<contextConfig name="/fedizhelloworld_spring3">
+		<audienceUris>
+			<audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
+		</audienceUris>
+		<certificateStores>
+			<trustManager>
+				<keyStore file="clienttrust.jks" password="storepass" type="JKS" />
+			</trustManager>
+		</certificateStores>
+		<trustedIssuers>
+			<issuer certificateValidation="PeerTrust" />
+		</trustedIssuers>
+		<maximumClockSkew>1000</maximumClockSkew>
+		<signingKey keyAlias="mytomidpkey" keyPassword="tompass">
+            <keyStore file="server.jks" password="tompass" type="JKS" />
+        </signingKey>
+		<protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+			xsi:type="federationProtocolType" version="1.0.0">
+			<realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
+			<issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer>
+			<roleDelimiter>,</roleDelimiter>
+			<roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
                         <reply>/j_spring_fediz_security_check</reply>
 			<!--<authenticationType type="String">some auth type</authenticationType>-->
 			<!--<homeRealm type="Class">org.apache.fediz.realm.MyHomeRealm</homeRealm>-->
@@ -99,6 +138,6 @@
 		</protocol>
         <logoutURL>/secure/logout</logoutURL>
         <logoutRedirectTo>/index.html</logoutRedirectTo>
-	</contextConfig>	
+	</contextConfig>
 </FedizConfig>
 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5f752297/systests/webapps/pom.xml
----------------------------------------------------------------------
diff --git a/systests/webapps/pom.xml b/systests/webapps/pom.xml
index 1f79087..812b2ba 100644
--- a/systests/webapps/pom.xml
+++ b/systests/webapps/pom.xml
@@ -35,6 +35,7 @@
       <module>springPreauthWebapp</module>
       <module>springWebapp</module>
       <module>spring2Webapp</module>
+      <module>spring3Webapp</module>
       <module>cxfWebapp</module>
    </modules>
 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5f752297/systests/webapps/spring3Webapp/pom.xml
----------------------------------------------------------------------
diff --git a/systests/webapps/spring3Webapp/pom.xml b/systests/webapps/spring3Webapp/pom.xml
new file mode 100644
index 0000000..c365e2c
--- /dev/null
+++ b/systests/webapps/spring3Webapp/pom.xml
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.apache.cxf.fediz.systests</groupId>
+        <artifactId>fediz-systests-webapps</artifactId>
+        <version>1.4.0-SNAPSHOT</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+    <groupId>org.apache.cxf.fediz.systests.webapps</groupId>
+    <artifactId>fediz-systests-webapps-spring3</artifactId>
+    <name>Apache Fediz Systests Spring3 Webapp</name>
+    <packaging>war</packaging>
+
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>servlet-api</artifactId>
+            <version>${servlet.version}</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-log4j12</artifactId>
+            <version>${slf4j.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.cxf.fediz</groupId>
+            <artifactId>fediz-spring3</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+            <version>${commons.lang.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>log4j</groupId>
+            <artifactId>log4j</artifactId>
+            <version>${log4j.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>javax.mail</groupId>
+                    <artifactId>mail</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>javax.jms</groupId>
+                    <artifactId>jms</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>com.sun.jdmk</groupId>
+                    <artifactId>jmxtools</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>com.sun.jmx</groupId>
+                    <artifactId>jmxri</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin><!--for mvn tomcat:deploy/:undeploy/:redeploy -->
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>tomcat-maven-plugin</artifactId>
+                <version>1.1</version>
+                <configuration>
+                    <server>myTomcat</server>
+                    <url>http://localhost:8080/manager/text</url>
+                    <path>/${project.build.finalName}</path>
+                </configuration>
+            </plugin>
+        </plugins>
+        <!-- Name of the generated WAR file -->
+        <finalName>fedizhelloworld</finalName>
+    </build>
+
+</project>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5f752297/systests/webapps/spring3Webapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
----------------------------------------------------------------------
diff --git a/systests/webapps/spring3Webapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
b/systests/webapps/spring3Webapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
new file mode 100644
index 0000000..c846ca3
--- /dev/null
+++ b/systests/webapps/spring3Webapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
@@ -0,0 +1,108 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.example;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.security.Principal;
+import java.util.Arrays;
+import java.util.List;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.w3c.dom.Element;
+
+import org.apache.cxf.fediz.core.Claim;
+import org.apache.cxf.fediz.core.ClaimCollection;
+import org.apache.cxf.fediz.core.SecurityTokenThreadLocal;
+import org.apache.cxf.fediz.spring.authentication.FederationAuthenticationToken;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
+
+public class FederationServlet extends HttpServlet {
+
+    /**
+     *
+     */
+    private static final long serialVersionUID = -9019993850246851112L;
+
+    public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException,
+        IOException {
+
+        response.setContentType("text/html");
+        PrintWriter out = response.getWriter();
+
+        out.println("<html>");
+        out.println("<head><title>WS Federation Systests Examples</title></head>");
+        out.println("<body>");
+        out.println("<p>Request url: " + request.getRequestURL().toString() + "</p>");
+
+        out.print("<p>userPrincipal=");
+        Principal p = request.getUserPrincipal();
+        if (p != null) {
+            out.print(p.getName());
+        }
+        out.println("</p>");
+
+        // Access Spring security context
+        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+
+        if (auth instanceof FederationAuthenticationToken) {
+            FederationAuthenticationToken fedToken = (FederationAuthenticationToken)auth;
+            List<String> roleListToCheck = Arrays.asList("Admin", "Manager", "User",
"Authenticated");
+
+            for (String item : roleListToCheck) {
+                boolean found = false;
+                for (GrantedAuthority ga : fedToken.getAuthorities()) {
+                    if (ga.getAuthority().toLowerCase().indexOf(item.toLowerCase()) >
-1) {
+                        found = true;
+                        break;
+                    }
+                }
+                out.println("<p>role:" + item + "=" + (found ? "true" : "false") +
"</p>");
+            }
+
+            ClaimCollection claims = fedToken.getClaims();
+            for (Claim c : claims) {
+                out.println("<p>" + c.getClaimType().toString() + "=" + c.getValue()
+ "</p>");
+            }
+
+            Element el = fedToken.getLoginToken();
+            if (el != null) {
+                out.println("loginToken=FOUND{FedizPrincipal}<p>");
+            }
+
+            el = SecurityTokenThreadLocal.getToken();
+            if (el != null) {
+                out.println("loginToken=FOUND{SecurityTokenThreadLocal}<p>");
+            }
+
+        }
+
+        out.println("</body>");
+
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5f752297/systests/webapps/spring3Webapp/src/main/resources/clienttrust.jks
----------------------------------------------------------------------
diff --git a/systests/webapps/spring3Webapp/src/main/resources/clienttrust.jks b/systests/webapps/spring3Webapp/src/main/resources/clienttrust.jks
new file mode 100644
index 0000000..c3ad459
Binary files /dev/null and b/systests/webapps/spring3Webapp/src/main/resources/clienttrust.jks
differ

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5f752297/systests/webapps/spring3Webapp/src/main/resources/log4j.properties
----------------------------------------------------------------------
diff --git a/systests/webapps/spring3Webapp/src/main/resources/log4j.properties b/systests/webapps/spring3Webapp/src/main/resources/log4j.properties
new file mode 100644
index 0000000..32d28b6
--- /dev/null
+++ b/systests/webapps/spring3Webapp/src/main/resources/log4j.properties
@@ -0,0 +1,16 @@
+# Set root category priority to INFO and its only appender to CONSOLE.
+log4j.rootLogger=INFO, CONSOLE
+log4j.logger.org.springframework=INFO, CONSOLE
+log4j.additivity.org.springframework=false
+log4j.logger.org.springframework.security=DEBUG, CONSOLE
+log4j.additivity.org.springframework.security=false
+log4j.logger.org.apache.cxf.fediz=DEBUG, CONSOLE
+log4j.additivity.org.apache.cxf.fediz=false
+
+# CONSOLE is set to be a ConsoleAppender using a PatternLayout.
+log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
+log4j.appender.CONSOLE.Threshold=INFO
+log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
+log4j.appender.CONSOLE.layout.ConversionPattern=%d [%t] %-5p %c %x - %m%n
+
+

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5f752297/systests/webapps/spring3Webapp/src/main/resources/logging.properties
----------------------------------------------------------------------
diff --git a/systests/webapps/spring3Webapp/src/main/resources/logging.properties b/systests/webapps/spring3Webapp/src/main/resources/logging.properties
new file mode 100644
index 0000000..f4974a3
--- /dev/null
+++ b/systests/webapps/spring3Webapp/src/main/resources/logging.properties
@@ -0,0 +1,53 @@
+############################################################
+#  	Default Logging Configuration File
+#
+# You can use a different file by specifying a filename
+# with the java.util.logging.config.file system property.  
+# For example java -Djava.util.logging.config.file=myfile
+############################################################
+
+############################################################
+#  	Global properties
+############################################################
+
+# "handlers" specifies a comma separated list of log Handler 
+# classes.  These handlers will be installed during VM startup.
+# Note that these classes must be on the system classpath.
+# By default we only configure a ConsoleHandler, which will only
+# show messages at the WARNING and above levels.
+handlers= java.util.logging.ConsoleHandler
+#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler
+
+# Default global logging level.
+# This specifies which kinds of events are logged across
+# all loggers.  For any given facility this global level
+# can be overridden by a facility specific level
+# Note that the ConsoleHandler also has a separate level
+# setting to limit messages printed to the console.
+.level= INFO
+
+############################################################
+# Handler specific properties.
+# Describes specific configuration info for Handlers.
+############################################################
+
+# default file output is in user's home directory.
+java.util.logging.FileHandler.pattern = %h/java%u.log
+java.util.logging.FileHandler.limit = 50000
+java.util.logging.FileHandler.count = 1
+java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter
+
+# Limit the message that are printed on the console to WARNING and above.
+java.util.logging.ConsoleHandler.level = WARNING
+java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
+
+
+############################################################
+# Facility specific properties.
+# Provides extra control for each logger.
+############################################################
+
+# For example, set the com.xyz.foo logger to only log SEVERE
+# messages:
+#com.xyz.foo.level = SEVERE
+#org.apache.cxf.fediz.level = FINEST

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5f752297/systests/webapps/spring3Webapp/src/main/webapp/WEB-INF/applicationContext-security.xml
----------------------------------------------------------------------
diff --git a/systests/webapps/spring3Webapp/src/main/webapp/WEB-INF/applicationContext-security.xml
b/systests/webapps/spring3Webapp/src/main/webapp/WEB-INF/applicationContext-security.xml
new file mode 100644
index 0000000..ad31813
--- /dev/null
+++ b/systests/webapps/spring3Webapp/src/main/webapp/WEB-INF/applicationContext-security.xml
@@ -0,0 +1,113 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:sec="http://www.springframework.org/schema/security"
+    xmlns:p="http://www.springframework.org/schema/p"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:context="http://www.springframework.org/schema/context"
+    xmlns:util="http://www.springframework.org/schema/util"
+    xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
+http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
+http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
+
+    <!-- DIABLE in production as it might log confidential information about the user
-->
+    <sec:debug />
+
+    <sec:http entry-point-ref="federationEntryPoint" use-expressions="true">
+        <sec:intercept-url pattern="/" access="permitAll"/>
+        <sec:intercept-url pattern="/fediz" access="permitAll"/>
+        <sec:intercept-url pattern="/index.html" access="permitAll"/>
+        <sec:intercept-url pattern="/FederationMetadata/**" access="isAuthenticated()"/>
+        <sec:intercept-url pattern="/secure/fedservlet" access="isAuthenticated()"/>
+        <sec:intercept-url pattern="/secure/manager/**" access="hasRole('ROLE_MANAGER')"/>
+        <sec:intercept-url pattern="/secure/admin/**" access="hasRole('ROLE_ADMIN')"/>
+        <sec:intercept-url pattern="/secure/user/**" access="hasAnyRole('ROLE_USER','ROLE_ADMIN','ROLE_MANAGER')"/>
+        <sec:custom-filter ref="federationFilter" after="BASIC_AUTH_FILTER" />
+        <sec:custom-filter ref="logoutFilter" position="LOGOUT_FILTER"/>
+        <sec:custom-filter ref="federationSignOutCleanupFilter" position="PRE_AUTH_FILTER"/>
+        <sec:session-management session-authentication-strategy-ref="sas"/>
+    </sec:http>
+
+
+    <sec:authentication-manager alias="authManager">
+        <sec:authentication-provider ref="federationAuthProvider" />
+    </sec:authentication-manager>
+
+    <bean id="fedizConfig" class="org.apache.cxf.fediz.spring.FederationConfigImpl" init-method="init"
+        p:configFile="file:./target/test-classes/fediz_config.xml" />
+
+    <bean id="federationEntryPoint"
+        class="org.apache.cxf.fediz.spring.web.FederationAuthenticationEntryPoint"
+        p:federationConfig-ref="fedizConfig" />
+
+<!-- Works without org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy
as well -->
+<!-- 
+    <bean id="federationFilter"
+        class="org.apache.cxf.fediz.spring.web.FederationAuthenticationFilter"
+        p:authenticationManager-ref="authManager" p:sessionAuthenticationStrategy-ref="sas">
+
+        <property name="authenticationFailureHandler">
+            <bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"
/>
+        </property>
+    </bean>
+ -->
+ 
+    <bean id="federationFilter"
+        class="org.apache.cxf.fediz.spring.web.FederationAuthenticationFilter"
+        p:authenticationManager-ref="authManager"
+        p:federationConfig-ref="fedizConfig">
+
+        <property name="authenticationFailureHandler">
+            <bean class="org.apache.cxf.fediz.spring.web.FederationAuthenticationFailureHandler"
p:federationConfig-ref="fedizConfig" />
+        </property>
+    </bean>
+    
+    <bean id="federationAuthProvider" class="org.apache.cxf.fediz.spring.authentication.FederationAuthenticationProvider"
+        p:federationConfig-ref="fedizConfig">
+        <property name="authenticationUserDetailsService">
+            <bean class="org.apache.cxf.fediz.spring.authentication.GrantedAuthoritiesUserDetailsFederationService"/>
+        </property>
+    </bean>
+
+    <bean id="sas" class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy"
/>
+
+    <bean id="logoutFilter" class="org.apache.cxf.fediz.spring.web.FederationLogoutFilter">
+        <constructor-arg  name="logoutSuccessHandler" ref="federationLogoutSuccessHandler"/>
+        <constructor-arg  name="handlers">
+            <list>
+                <ref bean="securityContextLogoutHandler"/>
+            </list>
+        </constructor-arg>
+        <property name="federationConfig" ref="fedizConfig"/>
+    </bean>
+
+    <bean id="federationLogoutSuccessHandler" class="org.apache.cxf.fediz.spring.web.FederationLogoutSuccessHandler">
+        <property name="federationConfig" ref="fedizConfig"/>
+    </bean>
+
+    <bean id="securityContextLogoutHandler" name="securityContextLogoutHandler"
+          class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler">
+    </bean>
+
+    <bean id="federationSignOutCleanupFilter" class="org.apache.cxf.fediz.spring.web.FederationSignOutCleanupFilter"/>
+</beans>
+
+

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5f752297/systests/webapps/spring3Webapp/src/main/webapp/WEB-INF/web.xml
----------------------------------------------------------------------
diff --git a/systests/webapps/spring3Webapp/src/main/webapp/WEB-INF/web.xml b/systests/webapps/spring3Webapp/src/main/webapp/WEB-INF/web.xml
new file mode 100644
index 0000000..6b7eaac
--- /dev/null
+++ b/systests/webapps/spring3Webapp/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+                      http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+	version="3.0" metadata-complete="true">
+
+	<description>
+    WS Federation Spring Example
+    </description>
+	<display-name>WS Federation Spring Example</display-name>
+	
+
+
+    <!--
+      - Location of the XML file that defines the root application context
+      - Applied by ContextLoaderListener.
+      -->
+    <context-param>
+        <param-name>contextConfigLocation</param-name>
+        <param-value>
+            /WEB-INF/applicationContext-security.xml
+        </param-value>
+    </context-param>
+
+    <filter>
+        <filter-name>springSecurityFilterChain</filter-name>
+        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+    </filter>
+    
+    <!-- Optional: Cache the security token in Thread Local Storage -->
+	<filter>
+		<filter-name>FederationFilter</filter-name>
+		<filter-class>org.apache.cxf.fediz.core.servlet.FederationFilter</filter-class>
+	</filter>
+
+    <filter-mapping>
+      <filter-name>springSecurityFilterChain</filter-name>
+      <url-pattern>/*</url-pattern>
+    </filter-mapping>
+    
+    <filter-mapping>
+		<filter-name>FederationFilter</filter-name>
+		<url-pattern>/secure/*</url-pattern>
+	</filter-mapping>
+
+    <!--
+      - Loads the root application context of this web app at startup.
+      - The application context is then available via
+      - WebApplicationContextUtils.getWebApplicationContext(servletContext).
+    -->
+    <listener>
+        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+    </listener>
+     
+	<servlet>
+		<servlet-name>FederationServlet</servlet-name>
+		<servlet-class>org.apache.cxf.fediz.example.FederationServlet</servlet-class>
+	</servlet>
+
+	<servlet-mapping>
+		<servlet-name>FederationServlet</servlet-name>
+		<url-pattern>/secure/*</url-pattern>
+	</servlet-mapping>
+
+</web-app>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5f752297/systests/webapps/spring3Webapp/src/main/webapp/index.html
----------------------------------------------------------------------
diff --git a/systests/webapps/spring3Webapp/src/main/webapp/index.html b/systests/webapps/spring3Webapp/src/main/webapp/index.html
new file mode 100644
index 0000000..a9dbdaa
--- /dev/null
+++ b/systests/webapps/spring3Webapp/src/main/webapp/index.html
@@ -0,0 +1,25 @@
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<HTML><HEAD><TITLE>WS Federation Tomcat Examples</TITLE>
+<META http-equiv=Content-Type content="text/html">
+</HEAD>
+<BODY>
+<P>
+<H3>Hello World</H3>
+<P></P>
+</BODY></HTML>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5f752297/systests/webapps/spring3Webapp/src/main/webapp/secure/test.html
----------------------------------------------------------------------
diff --git a/systests/webapps/spring3Webapp/src/main/webapp/secure/test.html b/systests/webapps/spring3Webapp/src/main/webapp/secure/test.html
new file mode 100644
index 0000000..9cf7366
--- /dev/null
+++ b/systests/webapps/spring3Webapp/src/main/webapp/secure/test.html
@@ -0,0 +1,25 @@
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<HTML><HEAD><TITLE>WS Federation Tomcat Examples</TITLE>
+<META http-equiv=Content-Type content="text/html">
+</HEAD>
+<BODY>
+<P>
+<H3>Secure Test</H3>
+<P></P>
+</BODY></HTML>


Mime
View raw message