Author: coheigea
Date: Wed May 23 12:06:06 2012
New Revision: 1341842
URL: http://svn.apache.org/viewvc?rev=1341842&view=rev
Log:
[FEDIZ-13] - Add a new (default) TokenReplayCache implementation based on
EhCache
Added:
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/EHCacheTokenReplayCache.java
cxf/fediz/trunk/plugins/core/src/main/resources/fediz-ehcache.xml
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/common/
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/common/SecurityTestUtil.java
cxf/fediz/trunk/plugins/core/src/test/resources/RSTR_replay.xml
Modified:
cxf/fediz/trunk/plugins/core/pom.xml
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenReplayCache.java
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenReplayCacheInMemory.java
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java
cxf/fediz/trunk/pom.xml
Modified: cxf/fediz/trunk/plugins/core/pom.xml
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/pom.xml?rev=1341842&r1=1341841&r2=1341842&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/pom.xml (original)
+++ cxf/fediz/trunk/plugins/core/pom.xml Wed May 23 12:06:06 2012
@@ -47,6 +47,12 @@
<version>${wss4j.version}</version>
<scope>compile</scope>
</dependency>
+ <dependency>
+ <groupId>net.sf.ehcache</groupId>
+ <artifactId>ehcache-core</artifactId>
+ <version>${ehcache.version}</version>
+ <scope>compile</scope>
+ </dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-jdk14</artifactId>
Added:
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/EHCacheTokenReplayCache.java
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/EHCacheTokenReplayCache.java?rev=1341842&view=auto
==============================================================================
---
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/EHCacheTokenReplayCache.java
(added)
+++
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/EHCacheTokenReplayCache.java
Wed May 23 12:06:06 2012
@@ -0,0 +1,126 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.core;
+
+import java.io.Closeable;
+import java.io.IOException;
+import java.net.URL;
+
+import net.sf.ehcache.Cache;
+import net.sf.ehcache.CacheManager;
+import net.sf.ehcache.Ehcache;
+import net.sf.ehcache.Element;
+
+import org.apache.ws.security.util.Loader;
+
+/**
+ * An in-memory EHCache implementation of the TokenReplayCache interface.
+ * The default TTL is 60 minutes.
+ */
+public class EHCacheTokenReplayCache implements TokenReplayCache<String>,
Closeable {
+
+ public static final long DEFAULT_TTL = 3600L;
+ private static final String CACHE_KEY = "fediz-replay-cache";
+ private Ehcache cache;
+ private CacheManager cacheManager;
+ private long ttl = DEFAULT_TTL;
+
+ public EHCacheTokenReplayCache() {
+ String defaultConfigFile = "fediz-ehcache.xml";
+ URL configFileURL = Loader.getResource(defaultConfigFile);
+ createCache(configFileURL);
+ }
+
+ public EHCacheTokenReplayCache(URL configFileURL) {
+ createCache(configFileURL);
+ }
+
+ private void createCache(URL configFileURL) {
+ if (configFileURL == null) {
+ cacheManager = CacheManager.create();
+ } else {
+ cacheManager = CacheManager.create(configFileURL);
+ }
+
+ Ehcache newCache = new Cache(CACHE_KEY, 50000, true, false,
DEFAULT_TTL, DEFAULT_TTL);
+ cache = cacheManager.addCacheIfAbsent(newCache);
+ }
+
+ /**
+ * Set a new (default) TTL value in seconds
+ * @param newTtl a new (default) TTL value in seconds
+ */
+ public void setTTL(long newTtl) {
+ ttl = newTtl;
+ }
+
+ /**
+ * Get the (default) TTL value in seconds
+ * @return the (default) TTL value in seconds
+ */
+ public long getTTL() {
+ return ttl;
+ }
+
+ /**
+ * Add the given identifier to the cache. It will be cached for a default
amount of time.
+ * @param id The identifier to be added
+ */
+ @Override
+ public void putId(String id) {
+ if (id == null || "".equals(id)) {
+ return;
+ }
+
+ int parsedTTL = (int)ttl;
+ if (ttl != (long)parsedTTL) {
+ // Fall back to 60 minutes if the default TTL is set incorrectly
+ parsedTTL = 3600;
+ }
+
+ cache.put(new Element(id, id, false, parsedTTL, parsedTTL));
+ }
+
+
+ /**
+ * Return the given identifier if it is contained in the cache, otherwise
null.
+ * @param id The identifier to check
+ */
+ public String getId(String id) {
+ Element element = cache.get(id);
+ if (element != null) {
+ if (cache.isExpired(element)) {
+ cache.remove(id);
+ return null;
+ }
+ return (String)element.getObjectValue();
+ }
+ return null;
+ }
+
+ public void close() throws IOException {
+ if (cacheManager != null) {
+ cacheManager.shutdown();
+ cacheManager = null;
+ cache = null;
+ }
+ }
+
+}
Modified:
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java?rev=1341842&r1=1341841&r2=1341842&view=diff
==============================================================================
---
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java
(original)
+++
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java
Wed May 23 12:06:06 2012
@@ -56,7 +56,7 @@ public class FederationProcessorImpl imp
*/
public FederationProcessorImpl() {
super();
- replayCache = TokenReplayCacheInMemory.getInstance();
+ replayCache = new EHCacheTokenReplayCache();
}
/**
Modified:
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenReplayCache.java
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenReplayCache.java?rev=1341842&r1=1341841&r2=1341842&view=diff
==============================================================================
---
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenReplayCache.java
(original)
+++
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenReplayCache.java
Wed May 23 12:06:06 2012
@@ -21,7 +21,7 @@ package org.apache.cxf.fediz.core;
public interface TokenReplayCache<T> {
- T getId(String id);
+ T getId(T id);
void putId(T id);
Modified:
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenReplayCacheInMemory.java
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenReplayCacheInMemory.java?rev=1341842&r1=1341841&r2=1341842&view=diff
==============================================================================
---
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenReplayCacheInMemory.java
(original)
+++
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenReplayCacheInMemory.java
Wed May 23 12:06:06 2012
@@ -48,7 +48,7 @@ public final class TokenReplayCacheInMem
}
@Override
- public T getId(String id) {
+ public T getId(T id) {
int index = cache.indexOf(id);
if (index == -1) {
return null;
Added: cxf/fediz/trunk/plugins/core/src/main/resources/fediz-ehcache.xml
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/resources/fediz-ehcache.xml?rev=1341842&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/resources/fediz-ehcache.xml (added)
+++ cxf/fediz/trunk/plugins/core/src/main/resources/fediz-ehcache.xml Wed May
23 12:06:06 2012
@@ -0,0 +1,16 @@
+<ehcache xsi:noNamespaceSchemaLocation="ehcache.xsd" updateCheck="false"
monitoring="autodetect" dynamicConfig="true">
+
+ <diskStore path="java.io.tmpdir"/>
+
+ <defaultCache
+ maxElementsInMemory="50000"
+ eternal="false"
+ timeToIdleSeconds="3600"
+ timeToLiveSeconds="3600"
+ overflowToDisk="true"
+ maxElementsOnDisk="10000000"
+ diskPersistent="false"
+ diskExpiryThreadIntervalSeconds="120"
+ memoryStoreEvictionPolicy="LRU"
+ />
+</ehcache>
Added:
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/common/SecurityTestUtil.java
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/common/SecurityTestUtil.java?rev=1341842&view=auto
==============================================================================
---
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/common/SecurityTestUtil.java
(added)
+++
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/common/SecurityTestUtil.java
Wed May 23 12:06:06 2012
@@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.common;
+
+import java.io.File;
+
+/**
+ * A utility class for security tests
+ */
+public final class SecurityTestUtil {
+
+ private SecurityTestUtil() {
+ // complete
+ }
+
+ public static void cleanup() {
+ String tmpDir = System.getProperty("java.io.tmpdir");
+ if (tmpDir != null) {
+ File replayCacheFile =
+ new File(tmpDir + File.separator + "fediz-replay-cache.data");
+ if (replayCacheFile.exists()) {
+ replayCacheFile.delete();
+ }
+ }
+ }
+
+}
Modified:
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java?rev=1341842&r1=1341841&r2=1341842&view=diff
==============================================================================
---
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java
(original)
+++
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java
Wed May 23 12:06:06 2012
@@ -29,10 +29,14 @@ import java.net.URL;
import junit.framework.Assert;
+import org.apache.cxf.fediz.common.SecurityTestUtil;
import org.apache.cxf.fediz.core.config.FederationConfigurator;
import org.apache.cxf.fediz.core.config.FederationContext;
+import org.junit.AfterClass;
import org.junit.BeforeClass;
+import static org.junit.Assert.fail;
+
public class FederationProcessorTest {
private static final String TEST_USER = "alice";
private static final String TEST_RSTR_ISSUER = "DoubleItSTSIssuer";
@@ -41,13 +45,30 @@ public class FederationProcessorTest {
private static final String CONFIG_FILE_WRONG_ISSUER =
"fediz_test_config2.xml";
private static String sRSTR;
+ private static String sRSTRREPLAY;
@BeforeClass
public static void readWResult() {
+ try {
+ sRSTR = loadResource("RSTR.xml");
+ sRSTRREPLAY = loadResource("RSTR_replay.xml");
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ Assert.assertNotNull("RSTR resource null", sRSTR);
+ Assert.assertNotNull(loadRootConfig());
+
+ }
+
+ @AfterClass
+ public static void cleanup() {
+ SecurityTestUtil.cleanup();
+ }
+
+ private static String loadResource(String filename) throws IOException {
InputStream is = null;
try {
- is = FederationProcessorTest.class
- .getResourceAsStream("/RSTR.xml");
+ is = FederationProcessorTest.class.getResourceAsStream("/" +
filename);
if (is == null) {
throw new FileNotFoundException("Failed to get RSTR.xml");
}
@@ -59,9 +80,7 @@ public class FederationProcessorTest {
stringBuilder.append(line + "\n");
}
bufferedReader.close();
- sRSTR = stringBuilder.toString();
- } catch (Exception e) {
- e.printStackTrace();
+ return stringBuilder.toString();
} finally {
if (is != null) {
try {
@@ -71,9 +90,6 @@ public class FederationProcessorTest {
}
}
}
- Assert.assertNotNull("RSTR resource null", sRSTR);
- Assert.assertNotNull(loadRootConfig());
-
}
private static FederationContext loadRootConfig() {
@@ -157,5 +173,29 @@ public class FederationProcessorTest {
Assert.assertEquals("One role must be found", 1, wfRes.getRoles()
.size());
}
+
+ @org.junit.Test
+ public void testReplayAttack() {
+
+ FederationRequest wfReq = new FederationRequest();
+ wfReq.setWa(FederationConstants.ACTION_SIGNIN);
+ wfReq.setWresult(sRSTRREPLAY);
+ FederationContext config = loadRootConfig();
+
+ FederationProcessor wfProc = new FederationProcessorImpl();
+ FederationResponse wfRes = wfProc.processRequest(wfReq, config);
+ Assert.assertEquals("Principal name wrong", TEST_USER,
+ wfRes.getUsername());
+ Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER,
wfRes.getIssuer());
+
+ wfProc = new FederationProcessorImpl();
+ try {
+ wfProc.processRequest(wfReq, config);
+ fail("Failure expected on a replay attack");
+ } catch (Exception ex) {
+ // expected
+ }
+ }
+
}
Modified:
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java?rev=1341842&r1=1341841&r2=1341842&view=diff
==============================================================================
---
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java
(original)
+++
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java
Wed May 23 12:06:06 2012
@@ -28,6 +28,7 @@ import java.math.BigInteger;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
+import org.apache.cxf.fediz.common.SecurityTestUtil;
import org.apache.cxf.fediz.core.config.jaxb.ArgumentType;
import org.apache.cxf.fediz.core.config.jaxb.AudienceUris;
import org.apache.cxf.fediz.core.config.jaxb.AuthenticationType;
@@ -43,6 +44,7 @@ import org.apache.cxf.fediz.core.config.
import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuerType;
import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuers;
import org.apache.cxf.fediz.core.config.jaxb.ValidationType;
+import org.junit.AfterClass;
import org.junit.Assert;
public class FedizConfigurationTest {
@@ -80,6 +82,11 @@ public class FedizConfigurationTest {
private static final String CONFIG_FILE = "./target/fedizconfig.xml";
+
+ @AfterClass
+ public static void cleanup() {
+ SecurityTestUtil.cleanup();
+ }
//CHECKSTYLE:OFF
private FedizConfig createConfiguration() throws JAXBException {
Modified:
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java?rev=1341842&r1=1341841&r2=1341842&view=diff
==============================================================================
---
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java
(original)
+++
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java
Wed May 23 12:06:06 2012
@@ -29,6 +29,7 @@ import java.util.List;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
+import org.apache.cxf.fediz.common.SecurityTestUtil;
import org.apache.cxf.fediz.core.config.jaxb.ArgumentType;
import org.apache.cxf.fediz.core.config.jaxb.AudienceUris;
import org.apache.cxf.fediz.core.config.jaxb.AuthenticationType;
@@ -44,6 +45,7 @@ import org.apache.cxf.fediz.core.config.
import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuerType;
import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuers;
import org.apache.cxf.fediz.core.config.jaxb.ValidationType;
+import org.junit.AfterClass;
import org.junit.Assert;
public class FedizConfigurationWriterTest {
@@ -74,6 +76,11 @@ public class FedizConfigurationWriterTes
private static final String CLAIM_TYPE_1 = "a particular claim type";
private static final String CONFIG_FILE = "./target/fediz_test_config.xml";
+
+ @AfterClass
+ public static void cleanup() {
+ SecurityTestUtil.cleanup();
+ }
//CHECKSTYLE:OFF
private FedizConfig createConfiguration() throws JAXBException {
Added: cxf/fediz/trunk/plugins/core/src/test/resources/RSTR_replay.xml
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/resources/RSTR_replay.xml?rev=1341842&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/test/resources/RSTR_replay.xml (added)
+++ cxf/fediz/trunk/plugins/core/src/test/resources/RSTR_replay.xml Wed May 23
12:06:06 2012
@@ -0,0 +1,3 @@
+<!-- DO NOT REFORMAT THIS XML DOCUMENT AS IT BREAKS THE SAML SIGNTATURE
VALIDATION -->
+
+<RequestSecurityTokenResponseCollection
xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512";
xmlns:ns2="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:ns3="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:ns4="http://www.w3.org/2005/08/addressing";
xmlns:ns5="http://docs.oasis-open.org/ws-sx/ws-trust/200802";><RequestSecurityTokenResponse><TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</TokenType><RequestedSecurityToken><saml2:Assertion
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:xs="http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
ID="_93FDCC53AC1D5AE3EB131849544559910" IssueInstant="2011-10-13T08:44:05.599Z"
Version="2.0"
xsi:type="saml2:AssertionType"><saml2:Issuer>DoubleItSTSIssuer</saml2:Issuer><ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><ds:SignedInfo><ds:CanonicalizationMethod
Algo
rithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference
URI="#_93FDCC53AC1D5AE3EB131849544559910"><ds:Transforms><ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";><ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#";
PrefixList="xs"/></ds:Transform></ds:Transforms><ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>3BwoTotMyMTFt40DCmi0ayEdnko=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>bXSIwaG+e2hDdpdDkciR3pjLbbpCLD/XwS+CezMygN/w2g1trgyaIlfkUvyAXVyk5ULJH9s+fFuecPgRm2n2JePm8Up2oZ0+vAJ6fvwQxbhhpuGz8j+OkVr11rGMjpVo1tFSVQNlq183blHVjjDQhGBl7TvoKAZsSGnhzoHclEY=</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIID5jCCA0+gAwIBAgIJAPahVdM2UPibMA0GCSqGSIb3DQEBBQUAMIGpMQswCQYDVQQGEwJVUzERMA8GA1UECBMITWFyeWxhbmQxEjAQBg
NVBAcTCUJhbHRpbW9yZTEpMCcGA1UEChMgU2FtcGxlIFNUUyAtLSBOT1QgRk9SIFBST0RVQ1RJT04xFjAUBgNVBAsTDUlUIERlcGFydG1lbnQxFDASBgNVBAMTC3d3dy5zdHMuY29tMRowGAYJKoZIhvcNAQkBFgtzdHNAc3RzLmNvbTAeFw0xMTAyMDkxODM4MTNaFw0yMTAyMDYxODM4MTNaMIGpMQswCQYDVQQGEwJVUzERMA8GA1UECBMITWFyeWxhbmQxEjAQBgNVBAcTCUJhbHRpbW9yZTEpMCcGA1UEChMgU2FtcGxlIFNUUyAtLSBOT1QgRk9SIFBST0RVQ1RJT04xFjAUBgNVBAsTDUlUIERlcGFydG1lbnQxFDASBgNVBAMTC3d3dy5zdHMuY29tMRowGAYJKoZIhvcNAQkBFgtzdHNAc3RzLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo+f8gs4WcteLdSPWPm8+ciyEz7zVmA7kcCGFQQvlO0smxRViWJ1x+yniT5Uu86UrAQjxRJyANBomQrirfE7KPrnCm6iVOsGDEntuIZAf7DFPnrv5p++jAZQuR3vm4ZHXFOFTXmI+/FD5AqLfNi17xiTxZCDYyDdD39CNFTrB2PkCAwEAAaOCARIwggEOMB0GA1UdDgQWBBRa0A38holQIbJMFW7m5ZSw+iVDHDCB3gYDVR0jBIHWMIHTgBRa0A38holQIbJMFW7m5ZSw+iVDHKGBr6SBrDCBqTELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE1hcnlsYW5kMRIwEAYDVQQHEwlCYWx0aW1vcmUxKTAnBgNVBAoTIFNhbXBsZSBTVFMgLS0gTk9UIEZPUiBQUk9EVUNUSU9OMRYwFAYDVQQLEw1JVCBEZXBhcnRtZW50MRQwEgYDVQQDEwt3d3cuc3RzLmNvbTEaMBgGCSqGSIb3DQEJARYLc3R
zQHN0cy5jb22CCQD2oVXTNlD4mzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBACp9yK1I9r++pyFT0yrcaV1m1Sub6urJH+GxQLBaTnTsaPLuzq2gIsJHpwk5XggB+IDe69iKKeb74Vt8aOe5usIWVASgi9ckqCwdfTqYu6KG9BlezqHZdExnIG2v/cD/3NkKr7O/a7DjlbE6FZ4G1nrOfVJkjmeAa6txtYm1Dm/f</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2:Subject><saml2:NameID
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
NameQualifier="http://cxf.apache.org/sts";>alice</saml2:NameID><saml2:SubjectConfirmation
Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/></saml2:Subject><saml2:Conditions
NotBefore="2011-10-13T08:44:05.600Z"
NotOnOrAfter="2011-10-13T08:49:05.600Z"><saml2:AudienceRestriction><saml2:Audience>http://localhost:8080/wsfedhelloworld/</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions><saml2:AttributeStatement><saml2:Attribute
Name="givenname"
NameFormat="http://schemas.xmlsoap.org/ws/2005/05/identity/claims";><saml2:AttributeValue
xsi:type="xs:string">Alice</saml2:AttributeValue></
saml2:Attribute><saml2:Attribute Name="surname"
NameFormat="http://schemas.xmlsoap.org/ws/2005/05/identity/claims";><saml2:AttributeValue
xsi:type="xs:string">Smith</saml2:AttributeValue></saml2:Attribute><saml2:Attribute
Name="emailaddress"
NameFormat="http://schemas.xmlsoap.org/ws/2005/05/identity/claims";><saml2:AttributeValue
xsi:type="xs:string">[email protected]</saml2:AttributeValue></saml2:Attribute><saml2:Attribute
Name="role"
NameFormat="http://schemas.xmlsoap.org/ws/2005/05/identity/claims";><saml2:AttributeValue
xsi:type="xs:string">User</saml2:AttributeValue></saml2:Attribute></saml2:AttributeStatement></saml2:Assertion></RequestedSecurityToken><RequestedAttachedReference><ns3:SecurityTokenReference
xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";
wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";><ns3:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#
SAMLID">#_93FDCC53AC1D5AE3EB131849544559910</ns3:KeyIdentifier></ns3:SecurityTokenReference></RequestedAttachedReference><RequestedUnattachedReference><ns3:SecurityTokenReference
xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";
wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";><ns3:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID";>_93FDCC53AC1D5AE3EB131849544559910</ns3:KeyIdentifier></ns3:SecurityTokenReference></RequestedUnattachedReference><wsp:AppliesTo
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";><wsa:EndpointReference
xmlns:wsa="http://www.w3.org/2005/08/addressing";><wsa:Address>http://localhost:8080/wsfedhelloworld/</wsa:Address></wsa:EndpointReference></wsp:AppliesTo><Lifetime><ns2:Created>2011-10-13T08:44:05.608Z</ns2:Created><ns2:Expires>2011-10-13T08:49:05.608Z</ns2:Expires></Lifetime></RequestSecurityTokenResponse></RequestSecurity
TokenResponseCollection>
\ No newline at end of file
Modified: cxf/fediz/trunk/pom.xml
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/pom.xml?rev=1341842&r1=1341841&r2=1341842&view=diff
==============================================================================
--- cxf/fediz/trunk/pom.xml (original)
+++ cxf/fediz/trunk/pom.xml Wed May 23 12:06:06 2012
@@ -34,6 +34,7 @@
</parent>
<properties>
+ <ehcache.version>2.5.1</ehcache.version>
<slf4j.version>1.6.1</slf4j.version>
<spring.version>3.0.7.RELEASE</spring.version>
<tomcat.version>7.0.27</tomcat.version>
