Repository: cxf-fediz
Updated Branches:
refs/heads/master dc0efb889 -> 5f7522979
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5f752297/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/Spring3Test.java
----------------------------------------------------------------------
diff --git a/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/Spring3Test.java
b/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/Spring3Test.java
new file mode 100644
index 0000000..013628e
--- /dev/null
+++ b/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/Spring3Test.java
@@ -0,0 +1,162 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.integrationtests;
+
+
+import java.io.File;
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+
+import org.apache.catalina.LifecycleException;
+import org.apache.catalina.LifecycleState;
+import org.apache.catalina.connector.Connector;
+import org.apache.catalina.startup.Tomcat;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Ignore;
+
+public class Spring3Test extends AbstractTests {
+
+ static String idpHttpsPort;
+ static String rpHttpsPort;
+
+ private static Tomcat idpServer;
+ private static Tomcat rpServer;
+
+ @BeforeClass
+ public static void init() throws Exception {
+ System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
+
+ System.setProperty("org.apache.commons.logging.simplelog.showdatetime", "true");
+
+ System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire", "debug");
+
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient",
"debug");
+
+ idpHttpsPort = System.getProperty("idp.https.port");
+ Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
+ rpHttpsPort = System.getProperty("rp.https.port");
+ Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
+
+ idpServer = startServer(true, idpHttpsPort);
+ rpServer = startServer(false, rpHttpsPort);
+ }
+
+ @AfterClass
+ public static void cleanup() {
+ shutdownServer(idpServer);
+ shutdownServer(rpServer);
+ }
+
+ private static void shutdownServer(Tomcat server) {
+ try {
+ if (server != null && server.getServer() != null
+ && server.getServer().getState() != LifecycleState.DESTROYED) {
+ if (server.getServer().getState() != LifecycleState.STOPPED) {
+ server.stop();
+ }
+ server.destroy();
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ private static Tomcat startServer(boolean idp, String port)
+ throws ServletException, LifecycleException, IOException {
+ Tomcat server = new Tomcat();
+ server.setPort(0);
+ String currentDir = new File(".").getCanonicalPath();
+ String baseDir = currentDir + File.separator + "target";
+ server.setBaseDir(baseDir);
+
+ if (idp) {
+ server.getHost().setAppBase("tomcat/idp/webapps");
+ } else {
+ server.getHost().setAppBase("tomcat/rp/webapps");
+ }
+ server.getHost().setAutoDeploy(true);
+ server.getHost().setDeployOnStartup(true);
+
+ Connector httpsConnector = new Connector();
+ httpsConnector.setPort(Integer.parseInt(port));
+ httpsConnector.setSecure(true);
+ httpsConnector.setScheme("https");
+ //httpsConnector.setAttribute("keyAlias", keyAlias);
+ httpsConnector.setAttribute("keystorePass", "tompass");
+ httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
+ httpsConnector.setAttribute("truststorePass", "tompass");
+ httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks");
+ httpsConnector.setAttribute("clientAuth", "want");
+ // httpsConnector.setAttribute("clientAuth", "false");
+ httpsConnector.setAttribute("sslProtocol", "TLS");
+ httpsConnector.setAttribute("SSLEnabled", true);
+
+ server.getService().addConnector(httpsConnector);
+
+ if (idp) {
+ File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(),
"fediz-idp-sts");
+ server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
+
+ File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(),
"fediz-idp");
+ server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
+ } else {
+ File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(),
+ "fediz-systests-webapps-spring3");
+ server.addWebapp("/fedizhelloworld_spring3", rpWebapp.getAbsolutePath());
+ }
+
+ server.start();
+
+ return server;
+ }
+
+ @Override
+ public String getIdpHttpsPort() {
+ return idpHttpsPort;
+ }
+
+ @Override
+ public String getRpHttpsPort() {
+ return rpHttpsPort;
+ }
+
+ @Override
+ public String getServletContextName() {
+ return "fedizhelloworld_spring3";
+ }
+
+ @Ignore("This tests is currently failing on Spring")
+ @Override
+ public void testConcurrentRequests() throws Exception {
+ // super.testConcurrentRequests();
+ }
+
+ @Override
+ @org.junit.Test
+ public void testCSRFAttack() throws Exception {
+ String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ + "/j_spring_fediz_security_check";
+ csrfAttackTest(url);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5f752297/systests/spring/src/test/resources/fediz_config.xml
----------------------------------------------------------------------
diff --git a/systests/spring/src/test/resources/fediz_config.xml b/systests/spring/src/test/resources/fediz_config.xml
index 6cce85e..8bb4ca6 100644
--- a/systests/spring/src/test/resources/fediz_config.xml
+++ b/systests/spring/src/test/resources/fediz_config.xml
@@ -83,6 +83,45 @@
<issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer>
<roleDelimiter>,</roleDelimiter>
<roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+ <reply>/j_spring_fediz_security_check</reply>
+ <!--<authenticationType type="String">some auth type</authenticationType>-->
+ <!--<homeRealm type="Class">org.apache.fediz.realm.MyHomeRealm</homeRealm>-->
+ <!--<freshness>0</freshness>-->
+ <!--<reply>reply value</reply>-->
+ <!--<request>REQUEST</request>-->
+ <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-A</homeRealm>
+ <claimTypesRequested>
+ <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" optional="false"
/>
+ <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
optional="true" />
+ <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" optional="true"
/>
+ <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
optional="true" />
+ </claimTypesRequested>
+ </protocol>
+ <logoutURL>/secure/logout</logoutURL>
+ <logoutRedirectTo>/index.html</logoutRedirectTo>
+ </contextConfig>
+ <contextConfig name="/fedizhelloworld_spring3">
+ <audienceUris>
+ <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
+ </audienceUris>
+ <certificateStores>
+ <trustManager>
+ <keyStore file="clienttrust.jks" password="storepass" type="JKS" />
+ </trustManager>
+ </certificateStores>
+ <trustedIssuers>
+ <issuer certificateValidation="PeerTrust" />
+ </trustedIssuers>
+ <maximumClockSkew>1000</maximumClockSkew>
+ <signingKey keyAlias="mytomidpkey" keyPassword="tompass">
+ <keyStore file="server.jks" password="tompass" type="JKS" />
+ </signingKey>
+ <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:type="federationProtocolType" version="1.0.0">
+ <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
+ <issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer>
+ <roleDelimiter>,</roleDelimiter>
+ <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
<reply>/j_spring_fediz_security_check</reply>
<!--<authenticationType type="String">some auth type</authenticationType>-->
<!--<homeRealm type="Class">org.apache.fediz.realm.MyHomeRealm</homeRealm>-->
@@ -99,6 +138,6 @@
</protocol>
<logoutURL>/secure/logout</logoutURL>
<logoutRedirectTo>/index.html</logoutRedirectTo>
- </contextConfig>
+ </contextConfig>
</FedizConfig>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5f752297/systests/webapps/pom.xml
----------------------------------------------------------------------
diff --git a/systests/webapps/pom.xml b/systests/webapps/pom.xml
index 1f79087..812b2ba 100644
--- a/systests/webapps/pom.xml
+++ b/systests/webapps/pom.xml
@@ -35,6 +35,7 @@
<module>springPreauthWebapp</module>
<module>springWebapp</module>
<module>spring2Webapp</module>
+ <module>spring3Webapp</module>
<module>cxfWebapp</module>
</modules>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5f752297/systests/webapps/spring3Webapp/pom.xml
----------------------------------------------------------------------
diff --git a/systests/webapps/spring3Webapp/pom.xml b/systests/webapps/spring3Webapp/pom.xml
new file mode 100644
index 0000000..c365e2c
--- /dev/null
+++ b/systests/webapps/spring3Webapp/pom.xml
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache.cxf.fediz.systests</groupId>
+ <artifactId>fediz-systests-webapps</artifactId>
+ <version>1.4.0-SNAPSHOT</version>
+ <relativePath>../pom.xml</relativePath>
+ </parent>
+ <groupId>org.apache.cxf.fediz.systests.webapps</groupId>
+ <artifactId>fediz-systests-webapps-spring3</artifactId>
+ <name>Apache Fediz Systests Spring3 Webapp</name>
+ <packaging>war</packaging>
+
+ <properties>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ </properties>
+
+ <dependencies>
+ <dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>servlet-api</artifactId>
+ <version>${servlet.version}</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ <version>${slf4j.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf.fediz</groupId>
+ <artifactId>fediz-spring3</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-lang3</artifactId>
+ <version>${commons.lang.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ <version>${log4j.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>javax.mail</groupId>
+ <artifactId>mail</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>javax.jms</groupId>
+ <artifactId>jms</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>com.sun.jdmk</groupId>
+ <artifactId>jmxtools</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>com.sun.jmx</groupId>
+ <artifactId>jmxri</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <plugins>
+ <plugin><!--for mvn tomcat:deploy/:undeploy/:redeploy -->
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>tomcat-maven-plugin</artifactId>
+ <version>1.1</version>
+ <configuration>
+ <server>myTomcat</server>
+ <url>http://localhost:8080/manager/text</url>
+ <path>/${project.build.finalName}</path>
+ </configuration>
+ </plugin>
+ </plugins>
+ <!-- Name of the generated WAR file -->
+ <finalName>fedizhelloworld</finalName>
+ </build>
+
+</project>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5f752297/systests/webapps/spring3Webapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
----------------------------------------------------------------------
diff --git a/systests/webapps/spring3Webapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
b/systests/webapps/spring3Webapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
new file mode 100644
index 0000000..c846ca3
--- /dev/null
+++ b/systests/webapps/spring3Webapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
@@ -0,0 +1,108 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.example;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.security.Principal;
+import java.util.Arrays;
+import java.util.List;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.w3c.dom.Element;
+
+import org.apache.cxf.fediz.core.Claim;
+import org.apache.cxf.fediz.core.ClaimCollection;
+import org.apache.cxf.fediz.core.SecurityTokenThreadLocal;
+import org.apache.cxf.fediz.spring.authentication.FederationAuthenticationToken;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
+
+public class FederationServlet extends HttpServlet {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -9019993850246851112L;
+
+ public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException,
+ IOException {
+
+ response.setContentType("text/html");
+ PrintWriter out = response.getWriter();
+
+ out.println("<html>");
+ out.println("<head><title>WS Federation Systests Examples</title></head>");
+ out.println("<body>");
+ out.println("<p>Request url: " + request.getRequestURL().toString() + "</p>");
+
+ out.print("<p>userPrincipal=");
+ Principal p = request.getUserPrincipal();
+ if (p != null) {
+ out.print(p.getName());
+ }
+ out.println("</p>");
+
+ // Access Spring security context
+ Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+
+ if (auth instanceof FederationAuthenticationToken) {
+ FederationAuthenticationToken fedToken = (FederationAuthenticationToken)auth;
+ List<String> roleListToCheck = Arrays.asList("Admin", "Manager", "User",
"Authenticated");
+
+ for (String item : roleListToCheck) {
+ boolean found = false;
+ for (GrantedAuthority ga : fedToken.getAuthorities()) {
+ if (ga.getAuthority().toLowerCase().indexOf(item.toLowerCase()) >
-1) {
+ found = true;
+ break;
+ }
+ }
+ out.println("<p>role:" + item + "=" + (found ? "true" : "false") +
"</p>");
+ }
+
+ ClaimCollection claims = fedToken.getClaims();
+ for (Claim c : claims) {
+ out.println("<p>" + c.getClaimType().toString() + "=" + c.getValue()
+ "</p>");
+ }
+
+ Element el = fedToken.getLoginToken();
+ if (el != null) {
+ out.println("loginToken=FOUND{FedizPrincipal}<p>");
+ }
+
+ el = SecurityTokenThreadLocal.getToken();
+ if (el != null) {
+ out.println("loginToken=FOUND{SecurityTokenThreadLocal}<p>");
+ }
+
+ }
+
+ out.println("</body>");
+
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5f752297/systests/webapps/spring3Webapp/src/main/resources/clienttrust.jks
----------------------------------------------------------------------
diff --git a/systests/webapps/spring3Webapp/src/main/resources/clienttrust.jks b/systests/webapps/spring3Webapp/src/main/resources/clienttrust.jks
new file mode 100644
index 0000000..c3ad459
Binary files /dev/null and b/systests/webapps/spring3Webapp/src/main/resources/clienttrust.jks
differ
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5f752297/systests/webapps/spring3Webapp/src/main/resources/log4j.properties
----------------------------------------------------------------------
diff --git a/systests/webapps/spring3Webapp/src/main/resources/log4j.properties b/systests/webapps/spring3Webapp/src/main/resources/log4j.properties
new file mode 100644
index 0000000..32d28b6
--- /dev/null
+++ b/systests/webapps/spring3Webapp/src/main/resources/log4j.properties
@@ -0,0 +1,16 @@
+# Set root category priority to INFO and its only appender to CONSOLE.
+log4j.rootLogger=INFO, CONSOLE
+log4j.logger.org.springframework=INFO, CONSOLE
+log4j.additivity.org.springframework=false
+log4j.logger.org.springframework.security=DEBUG, CONSOLE
+log4j.additivity.org.springframework.security=false
+log4j.logger.org.apache.cxf.fediz=DEBUG, CONSOLE
+log4j.additivity.org.apache.cxf.fediz=false
+
+# CONSOLE is set to be a ConsoleAppender using a PatternLayout.
+log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
+log4j.appender.CONSOLE.Threshold=INFO
+log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
+log4j.appender.CONSOLE.layout.ConversionPattern=%d [%t] %-5p %c %x - %m%n
+
+
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5f752297/systests/webapps/spring3Webapp/src/main/resources/logging.properties
----------------------------------------------------------------------
diff --git a/systests/webapps/spring3Webapp/src/main/resources/logging.properties b/systests/webapps/spring3Webapp/src/main/resources/logging.properties
new file mode 100644
index 0000000..f4974a3
--- /dev/null
+++ b/systests/webapps/spring3Webapp/src/main/resources/logging.properties
@@ -0,0 +1,53 @@
+############################################################
+# Default Logging Configuration File
+#
+# You can use a different file by specifying a filename
+# with the java.util.logging.config.file system property.
+# For example java -Djava.util.logging.config.file=myfile
+############################################################
+
+############################################################
+# Global properties
+############################################################
+
+# "handlers" specifies a comma separated list of log Handler
+# classes. These handlers will be installed during VM startup.
+# Note that these classes must be on the system classpath.
+# By default we only configure a ConsoleHandler, which will only
+# show messages at the WARNING and above levels.
+handlers= java.util.logging.ConsoleHandler
+#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler
+
+# Default global logging level.
+# This specifies which kinds of events are logged across
+# all loggers. For any given facility this global level
+# can be overridden by a facility specific level
+# Note that the ConsoleHandler also has a separate level
+# setting to limit messages printed to the console.
+.level= INFO
+
+############################################################
+# Handler specific properties.
+# Describes specific configuration info for Handlers.
+############################################################
+
+# default file output is in user's home directory.
+java.util.logging.FileHandler.pattern = %h/java%u.log
+java.util.logging.FileHandler.limit = 50000
+java.util.logging.FileHandler.count = 1
+java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter
+
+# Limit the message that are printed on the console to WARNING and above.
+java.util.logging.ConsoleHandler.level = WARNING
+java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
+
+
+############################################################
+# Facility specific properties.
+# Provides extra control for each logger.
+############################################################
+
+# For example, set the com.xyz.foo logger to only log SEVERE
+# messages:
+#com.xyz.foo.level = SEVERE
+#org.apache.cxf.fediz.level = FINEST
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5f752297/systests/webapps/spring3Webapp/src/main/webapp/WEB-INF/applicationContext-security.xml
----------------------------------------------------------------------
diff --git a/systests/webapps/spring3Webapp/src/main/webapp/WEB-INF/applicationContext-security.xml
b/systests/webapps/spring3Webapp/src/main/webapp/WEB-INF/applicationContext-security.xml
new file mode 100644
index 0000000..ad31813
--- /dev/null
+++ b/systests/webapps/spring3Webapp/src/main/webapp/WEB-INF/applicationContext-security.xml
@@ -0,0 +1,113 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:sec="http://www.springframework.org/schema/security"
+ xmlns:p="http://www.springframework.org/schema/p"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
+http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
+http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
+
+ <!-- DIABLE in production as it might log confidential information about the user
-->
+ <sec:debug />
+
+ <sec:http entry-point-ref="federationEntryPoint" use-expressions="true">
+ <sec:intercept-url pattern="/" access="permitAll"/>
+ <sec:intercept-url pattern="/fediz" access="permitAll"/>
+ <sec:intercept-url pattern="/index.html" access="permitAll"/>
+ <sec:intercept-url pattern="/FederationMetadata/**" access="isAuthenticated()"/>
+ <sec:intercept-url pattern="/secure/fedservlet" access="isAuthenticated()"/>
+ <sec:intercept-url pattern="/secure/manager/**" access="hasRole('ROLE_MANAGER')"/>
+ <sec:intercept-url pattern="/secure/admin/**" access="hasRole('ROLE_ADMIN')"/>
+ <sec:intercept-url pattern="/secure/user/**" access="hasAnyRole('ROLE_USER','ROLE_ADMIN','ROLE_MANAGER')"/>
+ <sec:custom-filter ref="federationFilter" after="BASIC_AUTH_FILTER" />
+ <sec:custom-filter ref="logoutFilter" position="LOGOUT_FILTER"/>
+ <sec:custom-filter ref="federationSignOutCleanupFilter" position="PRE_AUTH_FILTER"/>
+ <sec:session-management session-authentication-strategy-ref="sas"/>
+ </sec:http>
+
+
+ <sec:authentication-manager alias="authManager">
+ <sec:authentication-provider ref="federationAuthProvider" />
+ </sec:authentication-manager>
+
+ <bean id="fedizConfig" class="org.apache.cxf.fediz.spring.FederationConfigImpl" init-method="init"
+ p:configFile="file:./target/test-classes/fediz_config.xml" />
+
+ <bean id="federationEntryPoint"
+ class="org.apache.cxf.fediz.spring.web.FederationAuthenticationEntryPoint"
+ p:federationConfig-ref="fedizConfig" />
+
+<!-- Works without org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy
as well -->
+<!--
+ <bean id="federationFilter"
+ class="org.apache.cxf.fediz.spring.web.FederationAuthenticationFilter"
+ p:authenticationManager-ref="authManager" p:sessionAuthenticationStrategy-ref="sas">
+
+ <property name="authenticationFailureHandler">
+ <bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"
/>
+ </property>
+ </bean>
+ -->
+
+ <bean id="federationFilter"
+ class="org.apache.cxf.fediz.spring.web.FederationAuthenticationFilter"
+ p:authenticationManager-ref="authManager"
+ p:federationConfig-ref="fedizConfig">
+
+ <property name="authenticationFailureHandler">
+ <bean class="org.apache.cxf.fediz.spring.web.FederationAuthenticationFailureHandler"
p:federationConfig-ref="fedizConfig" />
+ </property>
+ </bean>
+
+ <bean id="federationAuthProvider" class="org.apache.cxf.fediz.spring.authentication.FederationAuthenticationProvider"
+ p:federationConfig-ref="fedizConfig">
+ <property name="authenticationUserDetailsService">
+ <bean class="org.apache.cxf.fediz.spring.authentication.GrantedAuthoritiesUserDetailsFederationService"/>
+ </property>
+ </bean>
+
+ <bean id="sas" class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy"
/>
+
+ <bean id="logoutFilter" class="org.apache.cxf.fediz.spring.web.FederationLogoutFilter">
+ <constructor-arg name="logoutSuccessHandler" ref="federationLogoutSuccessHandler"/>
+ <constructor-arg name="handlers">
+ <list>
+ <ref bean="securityContextLogoutHandler"/>
+ </list>
+ </constructor-arg>
+ <property name="federationConfig" ref="fedizConfig"/>
+ </bean>
+
+ <bean id="federationLogoutSuccessHandler" class="org.apache.cxf.fediz.spring.web.FederationLogoutSuccessHandler">
+ <property name="federationConfig" ref="fedizConfig"/>
+ </bean>
+
+ <bean id="securityContextLogoutHandler" name="securityContextLogoutHandler"
+ class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler">
+ </bean>
+
+ <bean id="federationSignOutCleanupFilter" class="org.apache.cxf.fediz.spring.web.FederationSignOutCleanupFilter"/>
+</beans>
+
+
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5f752297/systests/webapps/spring3Webapp/src/main/webapp/WEB-INF/web.xml
----------------------------------------------------------------------
diff --git a/systests/webapps/spring3Webapp/src/main/webapp/WEB-INF/web.xml b/systests/webapps/spring3Webapp/src/main/webapp/WEB-INF/web.xml
new file mode 100644
index 0000000..6b7eaac
--- /dev/null
+++ b/systests/webapps/spring3Webapp/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0" metadata-complete="true">
+
+ <description>
+ WS Federation Spring Example
+ </description>
+ <display-name>WS Federation Spring Example</display-name>
+
+
+
+ <!--
+ - Location of the XML file that defines the root application context
+ - Applied by ContextLoaderListener.
+ -->
+ <context-param>
+ <param-name>contextConfigLocation</param-name>
+ <param-value>
+ /WEB-INF/applicationContext-security.xml
+ </param-value>
+ </context-param>
+
+ <filter>
+ <filter-name>springSecurityFilterChain</filter-name>
+ <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+ </filter>
+
+ <!-- Optional: Cache the security token in Thread Local Storage -->
+ <filter>
+ <filter-name>FederationFilter</filter-name>
+ <filter-class>org.apache.cxf.fediz.core.servlet.FederationFilter</filter-class>
+ </filter>
+
+ <filter-mapping>
+ <filter-name>springSecurityFilterChain</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
+
+ <filter-mapping>
+ <filter-name>FederationFilter</filter-name>
+ <url-pattern>/secure/*</url-pattern>
+ </filter-mapping>
+
+ <!--
+ - Loads the root application context of this web app at startup.
+ - The application context is then available via
+ - WebApplicationContextUtils.getWebApplicationContext(servletContext).
+ -->
+ <listener>
+ <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+ </listener>
+
+ <servlet>
+ <servlet-name>FederationServlet</servlet-name>
+ <servlet-class>org.apache.cxf.fediz.example.FederationServlet</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>FederationServlet</servlet-name>
+ <url-pattern>/secure/*</url-pattern>
+ </servlet-mapping>
+
+</web-app>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5f752297/systests/webapps/spring3Webapp/src/main/webapp/index.html
----------------------------------------------------------------------
diff --git a/systests/webapps/spring3Webapp/src/main/webapp/index.html b/systests/webapps/spring3Webapp/src/main/webapp/index.html
new file mode 100644
index 0000000..a9dbdaa
--- /dev/null
+++ b/systests/webapps/spring3Webapp/src/main/webapp/index.html
@@ -0,0 +1,25 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<HTML><HEAD><TITLE>WS Federation Tomcat Examples</TITLE>
+<META http-equiv=Content-Type content="text/html">
+</HEAD>
+<BODY>
+<P>
+<H3>Hello World</H3>
+<P></P>
+</BODY></HTML>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5f752297/systests/webapps/spring3Webapp/src/main/webapp/secure/test.html
----------------------------------------------------------------------
diff --git a/systests/webapps/spring3Webapp/src/main/webapp/secure/test.html b/systests/webapps/spring3Webapp/src/main/webapp/secure/test.html
new file mode 100644
index 0000000..9cf7366
--- /dev/null
+++ b/systests/webapps/spring3Webapp/src/main/webapp/secure/test.html
@@ -0,0 +1,25 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<HTML><HEAD><TITLE>WS Federation Tomcat Examples</TITLE>
+<META http-equiv=Content-Type content="text/html">
+</HEAD>
+<BODY>
+<P>
+<H3>Secure Test</H3>
+<P></P>
+</BODY></HTML>
|