Repository: cxf-fediz Updated Branches: refs/heads/master 518aab741 -> 2477283fe
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2477283f/systests/federation/wsfed/src/test/resources/realmb/security-config.xml ---------------------------------------------------------------------- diff --git a/systests/federation/wsfed/src/test/resources/realmb/security-config.xml b/systests/federation/wsfed/src/test/resources/realmb/security-config.xml new file mode 100644 index 0000000..7b5b522 --- /dev/null +++ b/systests/federation/wsfed/src/test/resources/realmb/security-config.xml @@ -0,0 +1,96 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xmlns:security="http://www.springframework.org/schema/security"; + xmlns:context="http://www.springframework.org/schema/context"; + xsi:schemaLocation=" + http://www.springframework.org/schema/beans + http://www.springframework.org/schema/beans/spring-beans-3.1.xsd + http://www.springframework.org/schema/context + http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/security + http://www.springframework.org/schema/security/spring-security-3.1.xsd + "> + + <context:property-placeholder location="classpath:realm.properties"/> + + <!-- DISABLE in production as it might log confidential information about the user --> + <!-- <security:debug /> --> + + <!-- Configure Spring Security --> + + <!-- If enabled, you can't access the Service layer within the Spring Webflow --> + <!-- The user has no role during the login phase of WS-Federation --> + <security:global-method-security pre-post-annotations="enabled"/> + + <security:http pattern="/services/rs/**" use-expressions="true" authentication-manager-ref="restAuthenticationManager"> + <security:custom-filter after="CHANNEL_FILTER" ref="stsPortFilter" /> + <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" /> + <security:intercept-url pattern="/services/rs/**" access="isAuthenticated()"/> + <security:http-basic /> + </security:http> + + <bean id="bCryptPasswordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" /> + + <bean id="defaultPasswordEncoder" class="org.springframework.security.crypto.password.StandardPasswordEncoder" /> + + <security:authentication-manager id="restAuthenticationManager"> + <security:authentication-provider> + <!-- <security:password-encoder ref="defaultPasswordEncoder"/>--> + <!-- <security:password-encoder hash="sha-256" base64="true" />--> + <!-- + <security:password-encoder hash="sha-256" base64="true"> + <security:salt-source user-property="username"/> + </security:password-encoder> + --> + <security:user-service properties="classpath:/users.properties" /> + </security:authentication-provider> + <security:authentication-provider ref="stsAuthProvider" /> + </security:authentication-manager> + + <security:http use-expressions="true"> + <security:custom-filter after="CHANNEL_FILTER" ref="stsPortFilter" /> + <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" /> + <security:intercept-url pattern="/FederationMetadata/2007-06/FederationMetadata.xml" access="isAnonymous() or isAuthenticated()" /> + + <!-- MUST be http-basic thus systests run fine --> + <!--<security:form-login />--> + <security:http-basic /> + <security:logout delete-cookies="FEDIZ_HOME_REALM" invalidate-session="true" /> + </security:http> + + <security:authentication-manager> + <security:authentication-provider ref="stsAuthProvider" /> + </security:authentication-manager> + + <bean id="stsPortFilter" class="org.apache.cxf.fediz.service.idp.STSPortFilter" /> + + <bean id="entitlementsEnricher" class="org.apache.cxf.fediz.service.idp.service.security.GrantedAuthorityEntitlements" /> + + <bean id="stsAuthProvider" class="org.apache.cxf.fediz.service.idp.STSAuthenticationProvider"> + <property name="wsdlLocation" value="https://localhost:0/fediz-idp-sts-realmb/${realm.STS_URI}/STSServiceTransportUT?wsdl"/> + <property name="wsdlEndpoint" value="TransportUT_Port"/> + <property name="wsdlService" value="SecurityTokenService"/> + <property name="appliesTo" value="urn:fediz:idp"/> + <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"/> + </bean> + +</beans> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2477283f/systests/federation/wsfed/src/test/resources/server.jks ---------------------------------------------------------------------- diff --git a/systests/federation/wsfed/src/test/resources/server.jks b/systests/federation/wsfed/src/test/resources/server.jks new file mode 100644 index 0000000..2f0fdf3 Binary files /dev/null and b/systests/federation/wsfed/src/test/resources/server.jks differ http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2477283f/systests/federation/wsfed/src/test/resources/ststrust.jks ---------------------------------------------------------------------- diff --git a/systests/federation/wsfed/src/test/resources/ststrust.jks b/systests/federation/wsfed/src/test/resources/ststrust.jks new file mode 100644 index 0000000..911945c Binary files /dev/null and b/systests/federation/wsfed/src/test/resources/ststrust.jks differ http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2477283f/systests/federation/wsfed/src/test/resources/web.xml ---------------------------------------------------------------------- diff --git a/systests/federation/wsfed/src/test/resources/web.xml b/systests/federation/wsfed/src/test/resources/web.xml new file mode 100644 index 0000000..0719288 --- /dev/null +++ b/systests/federation/wsfed/src/test/resources/web.xml @@ -0,0 +1,102 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. + +--> +<web-app xmlns="http://java.sun.com/xml/ns/javaee"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"; + version="3.0" metadata-complete="true"> + + <description>Fediz IDP</description> + <display-name>Fediz IDP</display-name> + + <context-param> + <param-name>contextConfigLocation</param-name> + <param-value>/WEB-INF/applicationContext.xml</param-value> + </context-param> + + <context-param> + <param-name>spring.profiles.active</param-name> + <param-value>jpa</param-value> + </context-param> + + <filter> + <filter-name>springSecurityFilterChain</filter-name> + <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> + </filter> + + <filter-mapping> + <filter-name>springSecurityFilterChain</filter-name> + <url-pattern>/*</url-pattern> + </filter-mapping> + + <servlet> + <servlet-name>idp</servlet-name> + <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> + <init-param> + <param-name>publishContext</param-name> + <param-value>false</param-value> + </init-param> + <load-on-startup>1</load-on-startup> + </servlet> + + <servlet> + <servlet-name>metadata</servlet-name> + <servlet-class>org.apache.cxf.fediz.service.idp.MetadataServlet</servlet-class> + <init-param> + <param-name>realm</param-name> + <param-value>urn:org:apache:cxf:fediz:idp:realm-B</param-value> + </init-param> + </servlet> + + <servlet> + <servlet-name>CXFServlet</servlet-name> + <servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class> + <load-on-startup>1</load-on-startup> + </servlet> + + <servlet-mapping> + <servlet-name>CXFServlet</servlet-name> + <url-pattern>/services/*</url-pattern> + </servlet-mapping> + + <servlet-mapping> + <servlet-name>idp</servlet-name> + <url-pattern>/federation</url-pattern> + </servlet-mapping> + + <servlet-mapping> + <servlet-name>metadata</servlet-name> + <url-pattern>/FederationMetadata/2007-06/FederationMetadata.xml</url-pattern> + </servlet-mapping> + + <listener> + <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> + </listener> + + <!-- Uncomment this when using JNDI DataSource --> + <!-- The property jpa.platform must be updated in persistence.properties even you use JNDI Datasource --> + <!-- + <resource-ref> + <res-ref-name>jdbc/fedizDataSource</res-ref-name> + <res-type>javax.sql.DataSource</res-type> + <res-auth>Container</res-auth> + </resource-ref> + --> + +</web-app>
