Repository: cxf-fediz Updated Branches: refs/heads/master b4ac2875d -> 60fd1e8d0
Refactoring STS configuration to make it easier to change Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/60fd1e8d Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/60fd1e8d Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/60fd1e8d Branch: refs/heads/master Commit: 60fd1e8d04fdef407fd6389a724ef0eef93b2304 Parents: b4ac287 Author: Colm O hEigeartaigh <[email protected]> Authored: Mon Sep 12 17:05:50 2016 +0100 Committer: Colm O hEigeartaigh <[email protected]> Committed: Mon Sep 12 17:05:50 2016 +0100 ---------------------------------------------------------------------- .../src/main/webapp/WEB-INF/cxf-transport.xml | 170 +-------------- .../src/main/webapp/WEB-INF/data/cxf-sts.xml | 209 +++++++++++++++++++ .../src/main/webapp/WEB-INF/data/passwords.xml | 42 ++++ .../src/main/webapp/WEB-INF/data/userClaims.xml | 161 ++++++++++++++ services/sts/src/main/webapp/WEB-INF/file.xml | 23 +- .../sts/src/main/webapp/WEB-INF/kerberos.xml | 21 +- .../sts/src/main/webapp/WEB-INF/passwords.xml | 42 ---- .../sts/src/main/webapp/WEB-INF/userClaims.xml | 139 ------------ .../main/webapp/WEB-INF/userClaimsKerberos.xml | 138 ------------ 9 files changed, 418 insertions(+), 527 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60fd1e8d/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml ---------------------------------------------------------------------- diff --git a/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml b/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml index fb1376c..fedc7e0 100644 --- a/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml +++ b/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml @@ -41,175 +41,11 @@ <import resource="classpath:META-INF/cxf/cxf.xml" /> - <bean id="loggerListener" class="org.apache.cxf.sts.event.map.EventMapper"> - <constructor-arg> - <bean class="org.apache.cxf.sts.event.map.MapEventLogger" /> - </constructor-arg> - </bean> - + <import resource="data/cxf-sts.xml" /> + <!-- Per default the resource <file.xml> is imported. If built with Maven Profile 'ldap', the resource <ldap.xml> is imported --> - <import resource="${adapter.resource}.xml" /> - - <util:list id="delegationHandlers"> - <bean id="samlDelegationHandler" - class="org.apache.cxf.fediz.service.sts.FedizSAMLDelegationHandler" /> - <bean id="x509DelegationHandler" - class="org.apache.cxf.fediz.service.sts.FedizX509DelegationHandler" /> - </util:list> - - <bean id="transportSTSProviderBean" - class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider"> - <property name="issueOperation" ref="transportIssueDelegate" /> - <property name="validateOperation" ref="transportValidateDelegate" /> - </bean> - - <bean id="transportIssueDelegate" class="org.apache.cxf.sts.operation.TokenIssueOperation"> - <property name="tokenProviders" ref="transportTokenProviders" /> - <property name="services" ref="transportServices" /> - <property name="stsProperties" ref="transportSTSProperties" /> - <property name="claimsManager" ref="claimsManager" /> - <property name="tokenValidators" ref="transportTokenValidators" /> - <property name="eventListener" ref="loggerListener" /> - <property name="delegationHandlers" ref="delegationHandlers" /> - <property name="encryptIssuedToken" value="true"/> - </bean> - - <bean id="transportValidateDelegate" class="org.apache.cxf.sts.operation.TokenValidateOperation"> - <property name="tokenValidators" ref="transportTokenValidators" /> - <property name="stsProperties" ref="transportSTSProperties" /> - <property name="eventListener" ref="loggerListener" /> - </bean> - - <util:list id="relationships"> - <bean class="org.apache.cxf.sts.token.realm.Relationship"> - <property name="sourceRealm" value="REALMA" /> - <property name="targetRealm" value="REALMB" /> - <property name="identityMapper" ref="identityMapper" /> - <property name="type" value="FederatedIdentity" /> - </bean> - <bean class="org.apache.cxf.sts.token.realm.Relationship"> - <property name="sourceRealm" value="REALMB" /> - <property name="targetRealm" value="REALMA" /> - <property name="identityMapper" ref="identityMapper" /> - <property name="type" value="FederatedIdentity" /> - </bean> - </util:list> - - <util:list id="transportTokenProviders"> - <ref bean="transportSamlTokenProvider" /> - </util:list> - - <util:list id="transportTokenValidators"> - <ref bean="transportSamlTokenValidator" /> - <bean class="org.apache.cxf.sts.token.validator.X509TokenValidator" /> - </util:list> - - <bean id="realmA" class="org.apache.cxf.sts.token.realm.SAMLRealm"> - <property name="issuer" value="STS Realm A" /> - <property name="signaturePropertiesFile" value="stsKeystoreA.properties" /> - <property name="callbackHandlerClass" - value="org.apache.cxf.fediz.service.sts.PasswordCallbackHandler" /> - </bean> - - <bean id="realmB" class="org.apache.cxf.sts.token.realm.SAMLRealm"> - <property name="issuer" value="STS Realm B" /> - <property name="signaturePropertiesFile" value="stsKeystoreB.properties" /> - <property name="callbackHandlerClass" - value="org.apache.cxf.fediz.service.sts.PasswordCallbackHandler" /> - </bean> - - <util:map id="realms"> - <entry key="REALMA" value-ref="realmA" /> - <entry key="REALMB" value-ref="realmB" /> - </util:map> - - <bean id="transportSamlTokenProvider" class="org.apache.cxf.sts.token.provider.SAMLTokenProvider"> - <property name="attributeStatementProviders" ref="attributeStatementProvidersList" /> - <property name="realmMap" ref="realms" /> - <property name="conditionsProvider" ref="conditionsProvider" /> - <property name="subjectProvider" ref="subjectProvider" /> - </bean> - - <bean id="conditionsProvider" - class="org.apache.cxf.sts.token.provider.DefaultConditionsProvider"> - <property name="lifetime" value="1200" /> - <property name="acceptClientLifetime" value="true" /> - </bean> - - <bean id="subjectProvider" - class="org.apache.cxf.sts.token.provider.DefaultSubjectProvider"> - <property name="subjectNameIDFormat" - value="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" /> - </bean> - - <util:list id="attributeStatementProvidersList"> - <ref bean="claimAttributeProvider" /> - </util:list> - - <bean id="claimAttributeProvider" - class="org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider"> - </bean> - - <bean id="claimsManager" class="org.apache.cxf.sts.claims.ClaimsManager"> - <property name="claimHandlers" ref="claimHandlerList" /> - </bean> - - <bean id="identityMapper" - class="org.apache.cxf.fediz.service.sts.realms.IdentityMapperImpl" /> - - <bean id="samlRealmCodec" - class="org.apache.cxf.fediz.service.sts.realms.SamlRealmCodec" /> - - <bean id="customRealmParser" class="org.apache.cxf.fediz.service.sts.realms.UriRealmParser"> - <property name="realmMap" ref="realms" /> - </bean> - - <bean id="transportSamlTokenValidator" - class="org.apache.cxf.sts.token.validator.SAMLTokenValidator"> - <property name="samlRealmCodec" ref="samlRealmCodec" /> - </bean> - - <bean id="transportUsernameTokenValidator" - class="org.apache.cxf.sts.token.validator.UsernameTokenValidator"> - </bean> - - <util:list id="transportServices"> - <ref bean="myEncryptionService" /> - <ref bean="transportService" /> - </util:list> - - <bean id="transportService" class="org.apache.cxf.sts.service.StaticService"> - <property name="endpoints"> - <util:list> - <value>.*</value> - </util:list> - </property> - </bean> - - <bean id="myEncryptionService" class="org.apache.cxf.sts.service.StaticService"> - <property name="endpoints"> - <util:list> - <value>myServiceB.*</value> - </util:list> - </property> - <property name="encryptionProperties"> - <bean class="org.apache.cxf.sts.service.EncryptionProperties"> - <property name="encryptionName" value="serviceB"/> - <property name="encryptionAlgorithm" value="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> - </bean> - </property> - </bean> - - <bean id="transportSTSProperties" class="org.apache.cxf.sts.StaticSTSProperties"> - <property name="callbackHandlerClass" - value="org.apache.cxf.fediz.service.sts.PasswordCallbackHandler" /> - <property name="issuer" value="Fediz STS" /> - <property name="realmParser" ref="customRealmParser" /> - <property name="signatureCryptoProperties" value="stsTruststore.properties" /> - <property name="encryptionCryptoProperties" value="stsEncryption.properties"/> - <property name="relationships" ref="relationships" /> - </bean> + <import resource="./${adapter.resource}.xml" /> <jaxws:endpoint id="transportSTSRealmA" implementor="#transportSTSProviderBean" address="/REALMA/STSServiceTransport" wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl" http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60fd1e8d/services/sts/src/main/webapp/WEB-INF/data/cxf-sts.xml ---------------------------------------------------------------------- diff --git a/services/sts/src/main/webapp/WEB-INF/data/cxf-sts.xml b/services/sts/src/main/webapp/WEB-INF/data/cxf-sts.xml new file mode 100644 index 0000000..b2d43d7 --- /dev/null +++ b/services/sts/src/main/webapp/WEB-INF/data/cxf-sts.xml @@ -0,0 +1,209 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans"; + xmlns:cxf="http://cxf.apache.org/core"; + xmlns:jaxws="http://cxf.apache.org/jaxws"; + xmlns:test="http://apache.org/hello_world_soap_http"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xmlns:util="http://www.springframework.org/schema/util"; + xmlns:http="http://cxf.apache.org/transports/http/configuration"; + xmlns:sec="http://cxf.apache.org/configuration/security"; + xsi:schemaLocation=" + http://cxf.apache.org/core + http://cxf.apache.org/schemas/core.xsd + http://www.springframework.org/schema/beans + http://www.springframework.org/schema/beans/spring-beans-2.0.xsd + http://cxf.apache.org/jaxws + http://cxf.apache.org/schemas/jaxws.xsd + http://www.springframework.org/schema/util + http://www.springframework.org/schema/util/spring-util-2.0.xsd + http://cxf.apache.org/transports/http/configuration + http://cxf.apache.org/schemas/configuration/http-conf.xsd + http://cxf.apache.org/configuration/security + http://cxf.apache.org/schemas/configuration/security.xsd";> + + <bean id="loggerListener" class="org.apache.cxf.sts.event.map.EventMapper"> + <constructor-arg> + <bean class="org.apache.cxf.sts.event.map.MapEventLogger" /> + </constructor-arg> + </bean> + + <util:list id="delegationHandlers"> + <bean id="samlDelegationHandler" + class="org.apache.cxf.fediz.service.sts.FedizSAMLDelegationHandler" /> + <bean id="x509DelegationHandler" + class="org.apache.cxf.fediz.service.sts.FedizX509DelegationHandler" /> + </util:list> + + <bean id="transportSTSProviderBean" + class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider"> + <property name="issueOperation" ref="transportIssueDelegate" /> + <property name="validateOperation" ref="transportValidateDelegate" /> + </bean> + + <bean id="transportIssueDelegate" class="org.apache.cxf.sts.operation.TokenIssueOperation"> + <property name="tokenProviders" ref="transportTokenProviders" /> + <property name="services" ref="transportServices" /> + <property name="stsProperties" ref="transportSTSProperties" /> + <property name="claimsManager" ref="claimsManager" /> + <property name="tokenValidators" ref="transportTokenValidators" /> + <property name="eventListener" ref="loggerListener" /> + <property name="delegationHandlers" ref="delegationHandlers" /> + <property name="encryptIssuedToken" value="true"/> + </bean> + + <bean id="transportValidateDelegate" class="org.apache.cxf.sts.operation.TokenValidateOperation"> + <property name="tokenValidators" ref="transportTokenValidators" /> + <property name="stsProperties" ref="transportSTSProperties" /> + <property name="eventListener" ref="loggerListener" /> + </bean> + + <util:list id="relationships"> + <bean class="org.apache.cxf.sts.token.realm.Relationship"> + <property name="sourceRealm" value="REALMA" /> + <property name="targetRealm" value="REALMB" /> + <property name="identityMapper" ref="identityMapper" /> + <property name="type" value="FederatedIdentity" /> + </bean> + <bean class="org.apache.cxf.sts.token.realm.Relationship"> + <property name="sourceRealm" value="REALMB" /> + <property name="targetRealm" value="REALMA" /> + <property name="identityMapper" ref="identityMapper" /> + <property name="type" value="FederatedIdentity" /> + </bean> + </util:list> + + <util:list id="transportTokenProviders"> + <ref bean="transportSamlTokenProvider" /> + </util:list> + + <util:list id="transportTokenValidators"> + <ref bean="transportSamlTokenValidator" /> + <bean class="org.apache.cxf.sts.token.validator.X509TokenValidator" /> + </util:list> + + <bean id="realmA" class="org.apache.cxf.sts.token.realm.SAMLRealm"> + <property name="issuer" value="STS Realm A" /> + <property name="signaturePropertiesFile" value="stsKeystoreA.properties" /> + <property name="callbackHandlerClass" + value="org.apache.cxf.fediz.service.sts.PasswordCallbackHandler" /> + </bean> + + <bean id="realmB" class="org.apache.cxf.sts.token.realm.SAMLRealm"> + <property name="issuer" value="STS Realm B" /> + <property name="signaturePropertiesFile" value="stsKeystoreB.properties" /> + <property name="callbackHandlerClass" + value="org.apache.cxf.fediz.service.sts.PasswordCallbackHandler" /> + </bean> + + <util:map id="realms"> + <entry key="REALMA" value-ref="realmA" /> + <entry key="REALMB" value-ref="realmB" /> + </util:map> + + <bean id="transportSamlTokenProvider" class="org.apache.cxf.sts.token.provider.SAMLTokenProvider"> + <property name="attributeStatementProviders" ref="attributeStatementProvidersList" /> + <property name="realmMap" ref="realms" /> + <property name="conditionsProvider" ref="conditionsProvider" /> + <property name="subjectProvider" ref="subjectProvider" /> + </bean> + + <bean id="conditionsProvider" + class="org.apache.cxf.sts.token.provider.DefaultConditionsProvider"> + <property name="lifetime" value="1200" /> + <property name="acceptClientLifetime" value="true" /> + </bean> + + <bean id="subjectProvider" + class="org.apache.cxf.sts.token.provider.DefaultSubjectProvider"> + <property name="subjectNameIDFormat" + value="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" /> + </bean> + + <util:list id="attributeStatementProvidersList"> + <ref bean="claimAttributeProvider" /> + </util:list> + + <bean id="claimAttributeProvider" + class="org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider"> + </bean> + + <bean id="claimsManager" class="org.apache.cxf.sts.claims.ClaimsManager"> + <property name="claimHandlers" ref="claimHandlerList" /> + </bean> + + <bean id="identityMapper" + class="org.apache.cxf.fediz.service.sts.realms.IdentityMapperImpl" /> + + <bean id="samlRealmCodec" + class="org.apache.cxf.fediz.service.sts.realms.SamlRealmCodec" /> + + <bean id="customRealmParser" class="org.apache.cxf.fediz.service.sts.realms.UriRealmParser"> + <property name="realmMap" ref="realms" /> + </bean> + + <bean id="transportSamlTokenValidator" + class="org.apache.cxf.sts.token.validator.SAMLTokenValidator"> + <property name="samlRealmCodec" ref="samlRealmCodec" /> + </bean> + + <bean id="transportUsernameTokenValidator" + class="org.apache.cxf.sts.token.validator.UsernameTokenValidator"> + </bean> + + <util:list id="transportServices"> + <ref bean="myEncryptionService" /> + <ref bean="transportService" /> + </util:list> + + <bean id="transportService" class="org.apache.cxf.sts.service.StaticService"> + <property name="endpoints"> + <util:list> + <value>.*</value> + </util:list> + </property> + </bean> + + <bean id="myEncryptionService" class="org.apache.cxf.sts.service.StaticService"> + <property name="endpoints"> + <util:list> + <value>myServiceB.*</value> + </util:list> + </property> + <property name="encryptionProperties"> + <bean class="org.apache.cxf.sts.service.EncryptionProperties"> + <property name="encryptionName" value="serviceB"/> + <property name="encryptionAlgorithm" value="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> + </bean> + </property> + </bean> + + <bean id="transportSTSProperties" class="org.apache.cxf.sts.StaticSTSProperties"> + <property name="callbackHandlerClass" + value="org.apache.cxf.fediz.service.sts.PasswordCallbackHandler" /> + <property name="issuer" value="Fediz STS" /> + <property name="realmParser" ref="customRealmParser" /> + <property name="signatureCryptoProperties" value="stsTruststore.properties" /> + <property name="encryptionCryptoProperties" value="stsEncryption.properties"/> + <property name="relationships" ref="relationships" /> + </bean> + +</beans> + http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60fd1e8d/services/sts/src/main/webapp/WEB-INF/data/passwords.xml ---------------------------------------------------------------------- diff --git a/services/sts/src/main/webapp/WEB-INF/data/passwords.xml b/services/sts/src/main/webapp/WEB-INF/data/passwords.xml new file mode 100644 index 0000000..3ad9e7c --- /dev/null +++ b/services/sts/src/main/webapp/WEB-INF/data/passwords.xml @@ -0,0 +1,42 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xmlns:util="http://www.springframework.org/schema/util"; + xsi:schemaLocation=" + http://www.springframework.org/schema/beans + http://www.springframework.org/schema/beans/spring-beans-2.0.xsd + http://www.springframework.org/schema/util + http://www.springframework.org/schema/util/spring-util-2.0.xsd";> + + <util:map id="REALMA"> + <entry key="alice" value="ecila" /> + <entry key="bob" value="bob" /> + <entry key="ted" value="det" /> + <entry key="idp-user" value="idp-pass" /> + </util:map> + + <util:map id="REALMB"> + <entry key="ALICE" value="ECILA" /> + <entry key="BOB" value="BOB" /> + <entry key="TED" value="DET" /> + </util:map> + +</beans> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60fd1e8d/services/sts/src/main/webapp/WEB-INF/data/userClaims.xml ---------------------------------------------------------------------- diff --git a/services/sts/src/main/webapp/WEB-INF/data/userClaims.xml b/services/sts/src/main/webapp/WEB-INF/data/userClaims.xml new file mode 100644 index 0000000..bb3ae49 --- /dev/null +++ b/services/sts/src/main/webapp/WEB-INF/data/userClaims.xml @@ -0,0 +1,161 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xmlns:util="http://www.springframework.org/schema/util"; + xsi:schemaLocation=" + http://www.springframework.org/schema/beans + http://www.springframework.org/schema/beans/spring-beans-2.0.xsd + http://www.springframework.org/schema/util + http://www.springframework.org/schema/util/spring-util-2.0.xsd";> + + <util:list id="claimHandlerList"> + <ref bean="claimsHandlerA" /> + <ref bean="claimsHandlerB" /> + </util:list> + + <bean id="claimsHandlerA" + class="org.apache.cxf.fediz.service.sts.realms.RealmFileClaimsHandler"> + <property name="userClaims" ref="userClaimsREALMA" /> + <property name="supportedClaims" ref="supportedClaims" /> + <property name="realm" value="REALMA" /> + </bean> + + <bean id="claimsHandlerB" + class="org.apache.cxf.fediz.service.sts.realms.RealmFileClaimsHandler"> + <property name="userClaims" ref="userClaimsREALMB" /> + <property name="supportedClaims" ref="supportedClaims" /> + <property name="realm" value="REALMB" /> + </bean> + + <util:map id="userClaimsREALMA"> + <entry key="alice" value-ref="REALMA_aliceClaims" /> + <entry key="CN=alice,OU=Unknown,O=Apache,L=Dublin,ST=Unknown,C=IE" value-ref="REALMA_aliceClaims" /> + <entry key="[email protected]" value-ref="REALMA_aliceClaims" /> + <entry key="bob" value-ref="REALMA_bobClaims" /> + <entry key="bob/[email protected]" value-ref="REALMA_bobClaims" /> + <entry key="ted" value-ref="REALMA_tedClaims" /> + <entry key="[email protected]" value-ref="REALMA_tedClaims" /> + </util:map> + + <util:map id="REALMA_aliceClaims"> + <entry + key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; + value="Alice" /> + <entry + key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"; + value="Smith" /> + <entry + key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; + value="[email protected]" /> + <entry + key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; + value="User" /> + </util:map> + + <util:map id="REALMA_bobClaims"> + <entry + key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; + value="Bob" /> + <entry + key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"; + value="Windsor" /> + <entry + key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; + value="[email protected]" /> + <entry + key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; + value="User,Manager,Admin" /> + </util:map> + + <util:map id="REALMA_tedClaims"> + <entry + key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; + value="Ted" /> + <entry + key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"; + value="Cooper" /> + <entry + key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; + value="[email protected]" /> + <entry + key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; + value="Secretary" /> + </util:map> + + <util:map id="userClaimsREALMB"> + <entry key="ALICE" value-ref="REALMB_aliceClaims" /> + <entry key="BOB" value-ref="REALMB_bobClaims" /> + <entry key="TED" value-ref="REALMB_tedClaims" /> + </util:map> + + <util:map id="REALMB_aliceClaims"> + <entry + key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; + value="Alice" /> + <entry + key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"; + value="Smith" /> + <entry + key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; + value="[email protected]" /> + <entry + key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; + value="USER" /> + </util:map> + + <util:map id="REALMB_bobClaims"> + <entry + key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; + value="Bob" /> + <entry + key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"; + value="Windsor" /> + <entry + key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; + value="[email protected]" /> + <entry + key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; + value="USER,MANAGER,ADMIN" /> + </util:map> + + <util:map id="REALMB_tedClaims"> + <entry + key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; + value="Ted" /> + <entry + key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"; + value="Cooper" /> + <entry + key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; + value="[email protected]" /> + <entry + key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; + value="Secretary" /> + </util:map> + + <util:list id="supportedClaims"> + <value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname</value> + <value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname</value> + <value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress</value> + <value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</value> + </util:list> + +</beans> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60fd1e8d/services/sts/src/main/webapp/WEB-INF/file.xml ---------------------------------------------------------------------- diff --git a/services/sts/src/main/webapp/WEB-INF/file.xml b/services/sts/src/main/webapp/WEB-INF/file.xml index a3ac642..3c4ed06 100644 --- a/services/sts/src/main/webapp/WEB-INF/file.xml +++ b/services/sts/src/main/webapp/WEB-INF/file.xml @@ -29,27 +29,8 @@ http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd";> - <import resource="userClaims.xml" /> - <import resource="passwords.xml" /> - - <util:list id="claimHandlerList"> - <ref bean="claimsHandlerA" /> - <ref bean="claimsHandlerB" /> - </util:list> - - <bean id="claimsHandlerA" - class="org.apache.cxf.fediz.service.sts.realms.RealmFileClaimsHandler"> - <property name="userClaims" ref="userClaimsREALMA" /> - <property name="supportedClaims" ref="supportedClaims" /> - <property name="realm" value="REALMA" /> - </bean> - - <bean id="claimsHandlerB" - class="org.apache.cxf.fediz.service.sts.realms.RealmFileClaimsHandler"> - <property name="userClaims" ref="userClaimsREALMB" /> - <property name="supportedClaims" ref="supportedClaims" /> - <property name="realm" value="REALMB" /> - </bean> + <import resource="data/userClaims.xml" /> + <import resource="data/passwords.xml" /> <bean id="upCallBackHandlerRealmA" class="org.apache.cxf.fediz.service.sts.UsernamePasswordCallbackHandler"> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60fd1e8d/services/sts/src/main/webapp/WEB-INF/kerberos.xml ---------------------------------------------------------------------- diff --git a/services/sts/src/main/webapp/WEB-INF/kerberos.xml b/services/sts/src/main/webapp/WEB-INF/kerberos.xml index 06ef44e..86765e0 100644 --- a/services/sts/src/main/webapp/WEB-INF/kerberos.xml +++ b/services/sts/src/main/webapp/WEB-INF/kerberos.xml @@ -29,27 +29,8 @@ http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd";> - <import resource="userClaimsKerberos.xml" /> + <import resource="data/userClaims.xml" /> - <util:list id="claimHandlerList"> - <ref bean="claimsHandlerA" /> - <ref bean="claimsHandlerB" /> - </util:list> - - <bean id="claimsHandlerA" - class="org.apache.cxf.fediz.service.sts.realms.RealmFileClaimsHandler"> - <property name="userClaims" ref="userClaimsREALMA" /> - <property name="supportedClaims" ref="supportedClaims" /> - <property name="realm" value="REALMA" /> - </bean> - - <bean id="claimsHandlerB" - class="org.apache.cxf.fediz.service.sts.realms.RealmFileClaimsHandler"> - <property name="userClaims" ref="userClaimsREALMB" /> - <property name="supportedClaims" ref="supportedClaims" /> - <property name="realm" value="REALMB" /> - </bean> - <bean id="kerberosValidator" class="org.apache.wss4j.dom.validate.KerberosTokenValidator"> <property name="contextName" value="bob"/> <property name="serviceName" value="[email protected]"/> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60fd1e8d/services/sts/src/main/webapp/WEB-INF/passwords.xml ---------------------------------------------------------------------- diff --git a/services/sts/src/main/webapp/WEB-INF/passwords.xml b/services/sts/src/main/webapp/WEB-INF/passwords.xml deleted file mode 100644 index 3ad9e7c..0000000 --- a/services/sts/src/main/webapp/WEB-INF/passwords.xml +++ /dev/null @@ -1,42 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. ---> -<beans xmlns="http://www.springframework.org/schema/beans"; - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; - xmlns:util="http://www.springframework.org/schema/util"; - xsi:schemaLocation=" - http://www.springframework.org/schema/beans - http://www.springframework.org/schema/beans/spring-beans-2.0.xsd - http://www.springframework.org/schema/util - http://www.springframework.org/schema/util/spring-util-2.0.xsd";> - - <util:map id="REALMA"> - <entry key="alice" value="ecila" /> - <entry key="bob" value="bob" /> - <entry key="ted" value="det" /> - <entry key="idp-user" value="idp-pass" /> - </util:map> - - <util:map id="REALMB"> - <entry key="ALICE" value="ECILA" /> - <entry key="BOB" value="BOB" /> - <entry key="TED" value="DET" /> - </util:map> - -</beans> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60fd1e8d/services/sts/src/main/webapp/WEB-INF/userClaims.xml ---------------------------------------------------------------------- diff --git a/services/sts/src/main/webapp/WEB-INF/userClaims.xml b/services/sts/src/main/webapp/WEB-INF/userClaims.xml deleted file mode 100644 index 13bd37f..0000000 --- a/services/sts/src/main/webapp/WEB-INF/userClaims.xml +++ /dev/null @@ -1,139 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. ---> -<beans xmlns="http://www.springframework.org/schema/beans"; - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; - xmlns:util="http://www.springframework.org/schema/util"; - xsi:schemaLocation=" - http://www.springframework.org/schema/beans - http://www.springframework.org/schema/beans/spring-beans-2.0.xsd - http://www.springframework.org/schema/util - http://www.springframework.org/schema/util/spring-util-2.0.xsd";> - - <util:map id="userClaimsREALMA"> - <entry key="alice" value-ref="REALMA_aliceClaims" /> - <entry key="CN=alice,OU=Unknown,O=Apache,L=Dublin,ST=Unknown,C=IE" value-ref="REALMA_aliceClaims" /> - <entry key="bob" value-ref="REALMA_bobClaims" /> - <entry key="ted" value-ref="REALMA_tedClaims" /> - </util:map> - - <util:map id="REALMA_aliceClaims"> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; - value="Alice" /> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"; - value="Smith" /> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; - value="[email protected]" /> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; - value="User" /> - </util:map> - - <util:map id="REALMA_bobClaims"> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; - value="Bob" /> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"; - value="Windsor" /> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; - value="[email protected]" /> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; - value="User,Manager,Admin" /> - </util:map> - - <util:map id="REALMA_tedClaims"> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; - value="Ted" /> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"; - value="Cooper" /> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; - value="[email protected]" /> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; - value="Secretary" /> - </util:map> - - <util:map id="userClaimsREALMB"> - <entry key="ALICE" value-ref="REALMB_aliceClaims" /> - <entry key="BOB" value-ref="REALMB_bobClaims" /> - <entry key="TED" value-ref="REALMB_tedClaims" /> - </util:map> - - <util:map id="REALMB_aliceClaims"> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; - value="Alice" /> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"; - value="Smith" /> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; - value="[email protected]" /> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; - value="USER" /> - </util:map> - - <util:map id="REALMB_bobClaims"> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; - value="Bob" /> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"; - value="Windsor" /> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; - value="[email protected]" /> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; - value="USER,MANAGER,ADMIN" /> - </util:map> - - <util:map id="REALMB_tedClaims"> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; - value="Ted" /> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"; - value="Cooper" /> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; - value="[email protected]" /> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; - value="Secretary" /> - </util:map> - - <util:list id="supportedClaims"> - <value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname</value> - <value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname</value> - <value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress</value> - <value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</value> - </util:list> - -</beans> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60fd1e8d/services/sts/src/main/webapp/WEB-INF/userClaimsKerberos.xml ---------------------------------------------------------------------- diff --git a/services/sts/src/main/webapp/WEB-INF/userClaimsKerberos.xml b/services/sts/src/main/webapp/WEB-INF/userClaimsKerberos.xml deleted file mode 100644 index aa5faff..0000000 --- a/services/sts/src/main/webapp/WEB-INF/userClaimsKerberos.xml +++ /dev/null @@ -1,138 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. ---> -<beans xmlns="http://www.springframework.org/schema/beans"; - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; - xmlns:util="http://www.springframework.org/schema/util"; - xsi:schemaLocation=" - http://www.springframework.org/schema/beans - http://www.springframework.org/schema/beans/spring-beans-2.0.xsd - http://www.springframework.org/schema/util - http://www.springframework.org/schema/util/spring-util-2.0.xsd";> - - <util:map id="userClaimsREALMA"> - <entry key="[email protected]" value-ref="REALMA_aliceClaims" /> - <entry key="bob/[email protected]" value-ref="REALMA_bobClaims" /> - <entry key="[email protected]" value-ref="REALMA_tedClaims" /> - </util:map> - - <util:map id="REALMA_aliceClaims"> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; - value="Alice" /> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"; - value="Smith" /> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; - value="[email protected]" /> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; - value="User" /> - </util:map> - - <util:map id="REALMA_bobClaims"> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; - value="Bob" /> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"; - value="Windsor" /> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; - value="[email protected]" /> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; - value="User,Manager,Admin" /> - </util:map> - - <util:map id="REALMA_tedClaims"> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; - value="Ted" /> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"; - value="Cooper" /> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; - value="[email protected]" /> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; - value="Secretary" /> - </util:map> - - <util:map id="userClaimsREALMB"> - <entry key="ALICE" value-ref="REALMB_aliceClaims" /> - <entry key="BOB" value-ref="REALMB_bobClaims" /> - <entry key="TED" value-ref="REALMB_tedClaims" /> - </util:map> - - <util:map id="REALMB_aliceClaims"> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; - value="Alice" /> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"; - value="Smith" /> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; - value="[email protected]" /> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; - value="USER" /> - </util:map> - - <util:map id="REALMB_bobClaims"> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; - value="Bob" /> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"; - value="Windsor" /> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; - value="[email protected]" /> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; - value="USER,MANAGER,ADMIN" /> - </util:map> - - <util:map id="REALMB_tedClaims"> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; - value="Ted" /> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"; - value="Cooper" /> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; - value="[email protected]" /> - <entry - key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; - value="Secretary" /> - </util:map> - - <util:list id="supportedClaims"> - <value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname</value> - <value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname</value> - <value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress</value> - <value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</value> - </util:list> - -</beans>
