Author: gmazza
Date: Thu Jul 12 20:28:30 2012
New Revision: 1360912
URL: http://svn.apache.org/viewvc?rev=1360912&view=rev
Log:
Switched keys README to a more readable HTML format.
Added:
cxf/fediz/trunk/examples/samplekeys/HowToGenerateKeysREADME.html
Removed:
cxf/fediz/trunk/examples/samplekeys/HowToGenerateKeysREADME.txt
Modified:
cxf/fediz/trunk/BUILDING.txt
cxf/fediz/trunk/README.txt
cxf/fediz/trunk/release_notes.txt
Modified: cxf/fediz/trunk/BUILDING.txt
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/BUILDING.txt?rev=1360912&r1=1360911&r2=1360912&view=diff
==============================================================================
--- cxf/fediz/trunk/BUILDING.txt (original)
+++ cxf/fediz/trunk/BUILDING.txt Thu Jul 12 20:28:30 2012
@@ -4,12 +4,12 @@ Building Apache CXF Fediz
Initial Setup
-------------
-1) Install J2SE 6.0 SDK, which can be downloaded from
-
http://www.oracle.com/technetwork/java/javasebusiness/downloads/java-archive-downloads-javase6-419409.html
+1) Install J2SE 6 or 7 SDK, which can be downloaded from
+ http://www.oracle.com/technetwork/java/javase/downloads/index.html
2) Make sure that your JAVA_HOME environment variable is set to the newly
installed
- JDK location, and that your PATH includes %JAVA_HOME%\bin (windows) or
- $JAVA_HOME$/bin (unix).
+ JDK location, and that your PATH includes %JAVA_HOME%\bin (Windows) or
+ $JAVA_HOME$/bin (*nix).
3) Install Maven 2.2.1 or newer, which can be downloaded from
http://maven.apache.org/download.html. Make sure that your PATH includes
@@ -21,33 +21,32 @@ Building
1) Change to the top level directory of Apache CXF Fediz source distribution.
2) Run
- $> mvn.
+ $> mvn clean install
This will compile Apache CXF Fediz and run all of the tests in the Apache
CXF Fediz source
distribution. Alternatively, you can run
$> mvn -Pfastinstall.
This will compile Apache CXF Fediz without running the tests and takes less
time to build.
Depending on the load of remote Maven repositories, you may have
- to run "mvn" several times utill the required dependencies are
- all located in your local maven repository. It usually takes some time for
- maven to download required dependencies in the first build.
+ to run "mvn" multiple times until the required dependencies are
+ all located in your local Maven repository. It usually takes some time for
+ Maven to download required dependencies in the first build.
Source Directory structure
--------------------------
- + plugins contains the sources of the federation plugin
+ + plugins contains the sources of the Federation plugin
+ core the core module contains the majority of
functionality which is Servlet container agnostic
- + tomcat the tomcat module is the bridge of the core to the
tomcat specific security engine
+ + tomcat the Tomcat module is the bridge of the core to the
Tomcat specific security engine
+ services contains the sources of the Identity Provider
- + sts the sts module contains the configured CXF STS which
supports the usecases for Federation
- + idp the idp module is the bridge of the STS to a
WS-Trust/SOAP unaware browser
+ + sts the STS module contains the configured CXF STS which
supports the Federation use cases
+ + idp the IDP module is the bridge of the STS to a
WS-Trust/SOAP unaware browser
+ examples
- + simpleWebapp this example shows how to protect a simple web
application using the fediz plugin
+ + simpleWebapp this example shows how to protect a simple web
application using the Fediz plugin
+ wsclientWebapp this example shows how a protected web application
calls a web service protected by the STS
+ webapp contains the web application
+ webservice contains the web services implementation
-
Modified: cxf/fediz/trunk/README.txt
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/README.txt?rev=1360912&r1=1360911&r2=1360912&view=diff
==============================================================================
--- cxf/fediz/trunk/README.txt (original)
+++ cxf/fediz/trunk/README.txt Thu Jul 12 20:28:30 2012
@@ -1,6 +1,6 @@
Welcome to Apache CXF Fediz!
============================
-Fediz helps you to secure your web applications and delegates security
enforcement
+Fediz helps you secure your web applications by delegating security enforcement
to the underlying application server. With Fediz, authentication is
externalized
from your web application to an identity provider installed as a dedicated
server component.
The supported standard is WS-Federation 1.2 Passive Requestor Profile.
@@ -48,14 +48,14 @@ software:
Getting Started
===============
-For an Apache CXF Fediz source distribution, please read BUILDING.txt for
-instructions on building Apache CXF Fediz.
+For an Apache CXF Fediz source distribution, please read BUILDING.txt
+in this folder for instructions on building Apache CXF Fediz.
For an Apache CXF Fediz binary distribution, please read release_notes.txt
for installation instructions and list of supported and unsupported
features.
-Alternatively, you can also find out how to get started here:
+Check the Fediz website for the latest news:
http://cxf.apache.org/fediz.html
If you need more help try talking to us on our mailing lists:
@@ -73,4 +73,3 @@ Thank you for using CXF Fediz!
The Apache CXF Team
http://cxf.apache.org/
-
Added: cxf/fediz/trunk/examples/samplekeys/HowToGenerateKeysREADME.html
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/samplekeys/HowToGenerateKeysREADME.html?rev=1360912&view=auto
==============================================================================
--- cxf/fediz/trunk/examples/samplekeys/HowToGenerateKeysREADME.html (added)
+++ cxf/fediz/trunk/examples/samplekeys/HowToGenerateKeysREADME.html Thu Jul 12
20:28:30 2012
@@ -0,0 +1,44 @@
+<html>
+<head/>
+<body>
+<p>The below lists the sample sample (<strong>non-production use!</strong>)
self-signed keystores used in running the FEDIZ samples.
+Don't use the provided keystores in production--everyone has them! At a
minimum, regenerate new keys using the scripts (with different
+passwords) below. These will be just self-signed keys however, for real
production use having third-party signed CA keys
+is recommended.</p>
+
+<table border="1" bgcolor="#FFFFCC" align="center">
+<tr bgcolor="#FFCCCC">
+<th>Keystore (Password)</th><th>Alias
(Password)</th><th>Location</th><th>Creation Script Used</th><th>Needs to
trust</th><th>Is trusted by</th></tr>
+<tr><td colspan="6"><strong><em>Tomcat Keystores: The Tomcat keys can be
simply placed in the root folder of each Tomcat installation. They are used to
configure SSL for the Tomcat instances as described here: <a
href="http://cxf.apache.org/fediz-tomcat.html";>http://cxf.apache.org/fediz-tomcat.html</a>.
For Tomcat keys only, the keystore password and the private key password
needs to be the same.</em></strong></tr>
+<tr><td>tomcat-idp.jks (tompass)</td><td>mytomidpkey (tompass)</td><td>base
folder of Tomcat instance holding the IDP and IDP STS</td>
+ <td><code>keytool -genkeypair -validity 730 -alias mytomidpkey -keystore
tomcat-idp.jks -dname "cn=localhost" -keypass tompass -storepass
tompass</code><br/><br/><code>keytool -keystore tomcat-idp.jks -storepass
tompass -export -alias mytomidpkey -file MyTCIDP.cer</code></td>
+ <td>Nobody</td><td>IDP app</td></tr>
+<tr><td>tomcat-rp.jks (tompass)</td><td>mytomrpkey (tompass)</td><td>base
folder of Tomcat instance holding the relying party applications for both
samples (simpleWebapp and wsclientWebapp)</td>
+ <td><code>keytool -genkeypair -validity 730 -alias mytomrpkey -keystore
tomcat-rp.jks -dname "cn=localhost" -keypass tompass -storepass
tompass</code></td>
+ <td>Nobody</td><td>Nobody</td></tr>
+<tr><td>tomcat-wsp.jks (tompass)</td><td>mytomwspkey (tompass)</td><td>base
folder of Tomcat instance holding the web service provider in the second
(wsClientWebapp) sample</td>
+ <td><code>keytool -genkeypair -validity 730 -alias mytomwspkey -keystore
tomcat-wsp.jks -dname "cn=localhost" -keypass tompass -storepass
tompass</code><br/><br/><code>keytool -keystore tomcat-wsp.jks -storepass
tompass -export -alias mytomwspkey -file MyTCWSP.cer</code></td>
+ <td>Nobody</td><td>wsclientWebapp's webapp module</td></tr>
+<tr><td colspan="6"><strong><em>Service Keystores: These Fediz services form
the core of the product and can be used with both the sample webapps provided
and of course your own web applications.</em></strong></tr>
+<tr><td>idpstore.jks (ispass)</td><td>myidpkey
(ikpass)</td><td>services/idp/src/main/resources/idpstore.jks</td>
+ <td><code>keytool -genkey -keyalg RSA -sigalg SHA1withRSA -validity 730
-alias myidpkey -keypass ikpass -storepass ispass -keystore
idpstore.jks</code><br/><br/><code>keytool -import -trustcacerts -keystore
idpstore.jks -storepass ispass -alias mytomidpkey -file MyTCIDP.cer
-noprompt</code><br/><br/><code>keytool -export -rfc -keystore idpstore.jks
-storepass ispass -alias myidpkey -file MyIDP.cer</code></td>
+ <td>mytomidpkey (because of SSL call to IDP STS)</td><td>IDP STS</td></tr>
+<tr><td>stsstore.jks (stsspass)</td><td>mystskey
(stskpass)</td><td>services/sts/src/main/resources/stsstore.jks</td>
+ <td><code>
+keytool -genkey -keyalg RSA -sigalg SHA1withRSA -validity 730 -alias mystskey
-keypass stskpass -storepass stsspass -keystore stsstore.jks<br/><br/>
+keytool -import -trustcacerts -keystore stsstore.jks -storepass stsspass
-alias myidpkey -file MyIDP.cer -noprompt<br/><br/>
+keytool -export -rfc -keystore stsstore.jks -storepass stsspass -alias
mystskey -file MySTS.cer
+</code>
+</td>
+ <td>myidpkey (because of X.509 auth between IDP and IDP
STS)</td><td>wsclientWebapp's webservice</td></tr>
+<tr><td colspan="6"><strong><em>Sample Keystores: No production value, just
used for running the "wsclientWebapp" sample provided with Fediz.
(simpleWebapp has/uses no keys).</em></strong></tr>
+<tr><td>webappKeystore.jks (waspass)</td><td>mywakey
(wakpass)</td><td>examples/wsclientWebapp/webapp/src/main/resources/webappKeystore.jks</td>
+ <td><code>keytool -genkey -keyalg RSA -sigalg SHA1withRSA -validity 730
-alias mywakey -keypass wakpass -storepass waspass -keystore
webappKeystore.jks<br/><br/>
+keytool -import -trustcacerts -keystore webappKeystore.jks -storepass waspass
-alias mytomidpkey -file MyTCIDP.cer -noprompt<br/><br/>
+keytool -import -trustcacerts -keystore webappKeystore.jks -storepass waspass
-alias mytomwspkey -file MyTCWSP.cer -noprompt<br/><br/>
+</code></td>
+ <td>mytomidpkey (to access IDP STS via HTTPS, mytomwspkey (to access web
service via HTTPS)</td><td>Nobody</td></tr>
+<tr><td>webserviceKeystore.jks (wsspass)</td><td>N/A (no key, just a
truststore)</td><td>examples/wsclientWebapp/webservice/service/src/main/resources/webserviceKeystore.jks</td>
+ <td><code>keytool -import -trustcacerts -keystore webserviceKeystore.jks
-storepass wsspass -alias mystskey -file MySTS.cer -noprompt</code></td>
+ <td>IDP STS (signature verification)</td><td>Nobody</td></tr>
+</table>
Modified: cxf/fediz/trunk/release_notes.txt
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/release_notes.txt?rev=1360912&r1=1360911&r2=1360912&view=diff
==============================================================================
--- cxf/fediz/trunk/release_notes.txt (original)
+++ cxf/fediz/trunk/release_notes.txt Thu Jul 12 20:28:30 2012
@@ -18,18 +18,23 @@ provides the following features:
Before installing Apache CXF Fediz, make sure the following products,
with the specified versions, are installed on your system:
- * Java 6 Development Kit
+ * Java 6 or 7 Development Kit
* Apache Maven 2.2.1 or 3.x to build the samples
-
3. Building the Samples
Building the samples included in the binary distribution is easy. Change to
the examples directory and follow the build instructions in the README.txt
file
included with each sample.
+4. Replacing provided keystores
+
+The sample keystores provided are fine for development and prototyping use
+but make sure to replace them for any production use, see
+see examples/samplekeys/HowToGenerateKeysREADME.html for key generation
+information.
-4. Reporting Problems
+5. Reporting Problems
If you have any problems or want to send feedback of any kind, please e-mail
the
CXF user list, [email protected]. You can also file issues in JIRA at:
@@ -37,12 +42,12 @@ CXF user list, [email protected]. Yo
http://issues.apache.org/jira/browse/FEDIZ
-5. Migration notes:
+6. Migration notes:
N.A.
-6. Specific issues, features, and improvements fixed in this version
+7. Specific issues, features, and improvements fixed in this version
** Bug
@@ -55,4 +60,3 @@ N.A.
** Test
-
