Repository: cxf-fediz
Updated Branches:
  refs/heads/master 32107856e -> af2ac3667


More STS Refactoring


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/af2ac366
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/af2ac366
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/af2ac366

Branch: refs/heads/master
Commit: af2ac36675f7db49f5fd6925896eed5ef5340bae
Parents: 3210785
Author: Colm O hEigeartaigh <cohei...@apache.org>
Authored: Wed Oct 12 14:32:28 2016 +0100
Committer: Colm O hEigeartaigh <cohei...@apache.org>
Committed: Wed Oct 12 14:32:36 2016 +0100

----------------------------------------------------------------------
 .../service/sts/realms/UriRealmParser.java      |  14 --
 .../src/main/webapp/WEB-INF/cxf-transport.xml   | 121 +---------------
 .../sts/src/main/webapp/WEB-INF/data/realms.xml |   3 +
 .../src/main/webapp/WEB-INF/endpoints/file.xml  |  65 +++++++++
 .../main/webapp/WEB-INF/endpoints/kerberos.xml  |  49 +++++++
 .../src/main/webapp/WEB-INF/endpoints/ldap.xml  | 117 ++++++++++++++++
 .../sts/src/main/webapp/WEB-INF/fediz-sts.xml   | 140 +++++++++++++++++++
 services/sts/src/main/webapp/WEB-INF/file.xml   |  65 ---------
 .../sts/src/main/webapp/WEB-INF/kerberos.xml    |  49 -------
 services/sts/src/main/webapp/WEB-INF/ldap.xml   | 117 ----------------
 .../src/test/resources/sts/cxf-transport.xml    |   1 -
 11 files changed, 378 insertions(+), 363 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/af2ac366/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/UriRealmParser.java
----------------------------------------------------------------------
diff --git 
a/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/UriRealmParser.java
 
b/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/UriRealmParser.java
index c39dcd8..169cc54 100644
--- 
a/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/UriRealmParser.java
+++ 
b/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/UriRealmParser.java
@@ -31,8 +31,6 @@ public class UriRealmParser implements RealmParser {
 
     private static final Logger LOG = 
LoggerFactory.getLogger(UriRealmParser.class);
 
-    private Map<String, Object> realmMap;
-
     @Override
     public String parseRealm(Map<String, Object> messageContext) throws 
STSException {
         String url = (String)messageContext.get("org.apache.cxf.request.url");
@@ -51,21 +49,9 @@ public class UriRealmParser implements RealmParser {
             realm = st.nextToken();
         }
         realm = realm.toUpperCase();
-        if (realmMap == null || !realmMap.containsKey(realm)) {
-            LOG.warn("Unknown realm: " + realm);
-            throw new STSException("Unknown realm: " + realm);
-        }
         
         LOG.debug("URI realm parsed: " + realm);
         return realm;
     }
 
-    public Map<String, Object> getRealmMap() {
-        return realmMap;
-    }
-
-    public void setRealmMap(Map<String, Object> realms) {
-        this.realmMap = realms;
-    }
-
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/af2ac366/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml 
b/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml
index b8d7b68..a51a582 100644
--- a/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml
+++ b/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml
@@ -39,132 +39,19 @@
         http://cxf.apache.org/configuration/security
         http://cxf.apache.org/schemas/configuration/security.xsd";>
 
-    <bean 
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
-        <property name="location" value="classpath:./sts.properties"/>
-    </bean>
-    
     <import resource="classpath:META-INF/cxf/cxf.xml" />
 
     <import resource="data/realms.xml" />
+    <import resource="fediz-sts.xml" />
     
     <!-- Per default the resource <file.xml> is imported.
          If built with Maven Profile 'ldap', the resource <ldap.xml> is 
imported -->
-    <import resource="./${adapter.resource}.xml" />
-    
-    <bean id="loggerListener" class="org.apache.cxf.sts.event.map.EventMapper">
-        <constructor-arg>
-            <bean class="org.apache.cxf.sts.event.map.MapEventLogger" />
-        </constructor-arg>
-    </bean>
-
-    <util:list id="delegationHandlers">
-        <bean id="samlDelegationHandler"
-            
class="org.apache.cxf.fediz.service.sts.FedizSAMLDelegationHandler" />
-        <bean id="x509DelegationHandler"
-            
class="org.apache.cxf.fediz.service.sts.FedizX509DelegationHandler" />
-    </util:list>
-
-    <bean id="transportSTSProviderBean"
-        
class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider">
-        <property name="issueOperation" ref="transportIssueDelegate" />
-        <property name="validateOperation" ref="transportValidateDelegate" />
-    </bean>
-
-    <bean id="transportIssueDelegate" 
class="org.apache.cxf.sts.operation.TokenIssueOperation">
-        <property name="tokenProviders" ref="transportTokenProviders" />
-        <property name="services" ref="transportServices" />
-        <property name="stsProperties" ref="transportSTSProperties" />
-        <property name="claimsManager" ref="claimsManager" />
-        <property name="tokenValidators" ref="transportTokenValidators" />
-        <property name="eventListener" ref="loggerListener" />
-        <property name="delegationHandlers" ref="delegationHandlers" />
-    </bean>
-
-    <bean id="transportValidateDelegate" 
class="org.apache.cxf.sts.operation.TokenValidateOperation">
-        <property name="tokenValidators" ref="transportTokenValidators" />
-        <property name="stsProperties" ref="transportSTSProperties" />
-        <property name="eventListener" ref="loggerListener" />
-    </bean>
-
-    <util:list id="transportTokenProviders">
-        <ref bean="transportSamlTokenProvider" />
-    </util:list>
-
-    <util:list id="transportTokenValidators">
-        <ref bean="transportSamlTokenValidator" />
-        <bean class="org.apache.cxf.sts.token.validator.X509TokenValidator" />
-    </util:list>
-
-    <bean id="transportSamlTokenProvider" 
class="org.apache.cxf.sts.token.provider.SAMLTokenProvider">
-        <property name="attributeStatementProviders" 
ref="attributeStatementProvidersList" />
-        <property name="realmMap" ref="realms" />
-        <property name="conditionsProvider" ref="conditionsProvider" />
-        <property name="subjectProvider" ref="subjectProvider" />
-    </bean>
-
-    <bean id="conditionsProvider"
-        class="org.apache.cxf.sts.token.provider.DefaultConditionsProvider">
-        <property name="lifetime" value="1200" />
-        <property name="acceptClientLifetime" value="true" />
-    </bean>
+    <import resource="./endpoints/${adapter.resource}.xml" />
     
-    <bean id="subjectProvider"
-        class="org.apache.cxf.sts.token.provider.DefaultSubjectProvider">
-        <property name="subjectNameIDFormat" 
-                  
value="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />
-    </bean>
-
-    <util:list id="attributeStatementProvidersList">
-        <ref bean="claimAttributeProvider" />
-    </util:list>
-
-    <bean id="claimAttributeProvider"
-        class="org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider">
-    </bean>
-
-    <bean id="claimsManager" class="org.apache.cxf.sts.claims.ClaimsManager">
-        <property name="claimHandlers" ref="claimHandlerList" />
-    </bean>
-
-    <bean id="identityMapper"
-        class="org.apache.cxf.fediz.service.sts.realms.IdentityMapperImpl" />
-
-    <bean id="samlRealmCodec"
-        class="org.apache.cxf.fediz.service.sts.realms.SamlRealmCodec" />
-
-    <bean id="customRealmParser" 
class="org.apache.cxf.fediz.service.sts.realms.UriRealmParser">
-               <property name="realmMap" ref="realms" />
-       </bean>
-
-    <bean id="transportSamlTokenValidator"
-        class="org.apache.cxf.sts.token.validator.SAMLTokenValidator">
-        <property name="samlRealmCodec" ref="samlRealmCodec" />
-    </bean>
-
-    <bean id="transportUsernameTokenValidator"
-        class="org.apache.cxf.sts.token.validator.UsernameTokenValidator">
-    </bean>
-    
-    <util:list id="transportServices">
-        <ref bean="transportService" />
-    </util:list>
-
-    <bean id="transportService" 
class="org.apache.cxf.sts.service.StaticService">
-        <property name="endpoints">
-            <util:list>
-                <value>.*</value>
-            </util:list>
-        </property>
+    <bean 
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
+        <property name="location" value="classpath:./sts.properties"/>
     </bean>
     
-    <bean id="transportSTSProperties" 
class="org.apache.cxf.sts.StaticSTSProperties">
-        <property name="callbackHandlerClass" value="${callback.handler}" />
-        <property name="issuer" value="${issuer}" />
-        <property name="realmParser" ref="customRealmParser" />
-        <property name="signatureCryptoProperties" 
value="${signature.properties}" />
-        <property name="relationships" ref="relationships" />
-    </bean>
-
     <jaxws:endpoint id="transportSTSRealmA" 
implementor="#transportSTSProviderBean"
         address="/REALMA/STSServiceTransport" 
wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
         xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/";

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/af2ac366/services/sts/src/main/webapp/WEB-INF/data/realms.xml
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/data/realms.xml 
b/services/sts/src/main/webapp/WEB-INF/data/realms.xml
index 2de07d7..c0b01a7 100644
--- a/services/sts/src/main/webapp/WEB-INF/data/realms.xml
+++ b/services/sts/src/main/webapp/WEB-INF/data/realms.xml
@@ -39,6 +39,9 @@
         http://cxf.apache.org/configuration/security
         http://cxf.apache.org/schemas/configuration/security.xsd";>
 
+    <bean id="identityMapper"
+        class="org.apache.cxf.fediz.service.sts.realms.IdentityMapperImpl" />
+        
     <util:list id="relationships">
         <bean class="org.apache.cxf.sts.token.realm.Relationship">
             <property name="sourceRealm" value="REALMA" />

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/af2ac366/services/sts/src/main/webapp/WEB-INF/endpoints/file.xml
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/endpoints/file.xml 
b/services/sts/src/main/webapp/WEB-INF/endpoints/file.xml
new file mode 100644
index 0000000..34334e5
--- /dev/null
+++ b/services/sts/src/main/webapp/WEB-INF/endpoints/file.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans";
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+    xmlns:util="http://www.springframework.org/schema/util";
+    xmlns:jaxws="http://cxf.apache.org/jaxws";
+    xsi:schemaLocation="
+        http://www.springframework.org/schema/beans
+        http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+        http://www.springframework.org/schema/util
+        http://www.springframework.org/schema/util/spring-util-2.0.xsd
+        http://cxf.apache.org/jaxws
+        http://cxf.apache.org/schemas/jaxws.xsd";>
+
+    <import resource="../data/userClaims.xml" />
+    <import resource="../data/passwords.xml" />
+
+    <bean id="upCallBackHandlerRealmA"
+        
class="org.apache.cxf.fediz.service.sts.UsernamePasswordCallbackHandler">
+        <property name="passwords" ref="REALMA" />
+    </bean>
+
+    <bean id="upCallBackHandlerRealmB"
+        
class="org.apache.cxf.fediz.service.sts.UsernamePasswordCallbackHandler">
+        <property name="passwords" ref="REALMB" />
+    </bean>
+
+    <jaxws:endpoint id="transportSTSRealmAUT"
+        implementor="#transportSTSProviderBean" 
address="/REALMA/STSServiceTransportUT"
+        wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
+        xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/";
+        serviceName="ns1:SecurityTokenService" 
endpointName="ns1:TransportUT_Port">
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler" 
value-ref="upCallBackHandlerRealmA" />
+        </jaxws:properties>
+    </jaxws:endpoint>
+
+    <jaxws:endpoint id="transportSTSRealmBUT"
+        implementor="#transportSTSProviderBean" 
address="/REALMB/STSServiceTransportUT"
+        wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
+        xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/";
+        serviceName="ns1:SecurityTokenService" 
endpointName="ns1:TransportUT_Port">
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler" 
value-ref="upCallBackHandlerRealmB" />
+        </jaxws:properties>
+    </jaxws:endpoint>
+
+</beans>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/af2ac366/services/sts/src/main/webapp/WEB-INF/endpoints/kerberos.xml
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/endpoints/kerberos.xml 
b/services/sts/src/main/webapp/WEB-INF/endpoints/kerberos.xml
new file mode 100644
index 0000000..c780c5c
--- /dev/null
+++ b/services/sts/src/main/webapp/WEB-INF/endpoints/kerberos.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans";
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+    xmlns:util="http://www.springframework.org/schema/util";
+    xmlns:jaxws="http://cxf.apache.org/jaxws";
+    xsi:schemaLocation="
+        http://www.springframework.org/schema/beans
+        http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+        http://www.springframework.org/schema/util
+        http://www.springframework.org/schema/util/spring-util-2.0.xsd
+        http://cxf.apache.org/jaxws
+        http://cxf.apache.org/schemas/jaxws.xsd";>
+
+    <import resource="../data/userClaims.xml" />
+
+    <bean id="kerberosValidator" 
class="org.apache.wss4j.dom.validate.KerberosTokenValidator">
+        <property name="contextName" value="bob"/>
+        <property name="serviceName" value="b...@service.ws.apache.org"/>
+    </bean>
+
+    <jaxws:endpoint id="transportSTSRealmAKerberos"
+        implementor="#transportSTSProviderBean" 
address="/REALMA/STSServiceTransportKerberos"
+        wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
+        xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/";
+        serviceName="ns1:SecurityTokenService" 
endpointName="ns1:TransportKerberos_Port">
+        <jaxws:properties>
+            <entry key="ws-security.bst.validator" 
value-ref="kerberosValidator"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
+
+</beans>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/af2ac366/services/sts/src/main/webapp/WEB-INF/endpoints/ldap.xml
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/endpoints/ldap.xml 
b/services/sts/src/main/webapp/WEB-INF/endpoints/ldap.xml
new file mode 100644
index 0000000..dbd3265
--- /dev/null
+++ b/services/sts/src/main/webapp/WEB-INF/endpoints/ldap.xml
@@ -0,0 +1,117 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans";
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+    xmlns:util="http://www.springframework.org/schema/util";
+    xmlns:jaxws="http://cxf.apache.org/jaxws";
+    xsi:schemaLocation="
+        http://www.springframework.org/schema/beans
+        http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+        http://www.springframework.org/schema/util
+        http://www.springframework.org/schema/util/spring-util-2.0.xsd
+        http://cxf.apache.org/jaxws
+        http://cxf.apache.org/schemas/jaxws.xsd";>
+
+    <util:list id="claimHandlerList">
+        <ref bean="userClaimsHandler" />
+        <ref bean="groupClaimsHandler" />
+    </util:list>
+
+    <bean id="contextSource"
+        class="org.springframework.ldap.core.support.LdapContextSource">
+        <property name="url" value="ldap://localhost:389/"; />
+        <property name="userDn" value="uid=admin,ou=system" />
+        <property name="password" value="secret" />
+    </bean>
+
+    <bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
+        <constructor-arg ref="contextSource" />
+    </bean>
+
+    <util:map id="claimsToLdapAttributeMapping">
+        <entry
+            
key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname";
+            value="givenName" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname";
+            value="sn" />
+        <entry
+            
key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress";
+            value="mail" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country";
+            value="c" />
+        <entry
+            
key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcode";
+            value="postalCode" />
+        <entry
+            
key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress";
+            value="postalAddress" />
+        <entry
+            
key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality";
+            value="town" />
+        <entry
+            
key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince";
+            value="st" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/gender";
+            value="gender" />
+        <entry
+            
key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth";
+            value="dateofbirth" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role";
+            value="member" />
+    </util:map>
+
+    <bean id="userClaimsHandler" 
class="org.apache.cxf.sts.claims.LdapClaimsHandler">
+        <property name="ldapTemplate" ref="ldapTemplate" />
+        <property name="claimsLdapAttributeMapping" 
ref="claimsToLdapAttributeMapping" />
+        <property name="userBaseDN" value="ou=users,dc=fediz,dc=org" />
+        <property name="userNameAttribute" value="uid" />
+    </bean>
+
+    <util:map id="appliesToScopeMapping">
+        <entry key="urn:org:apache:cxf:fediz:fedizhelloworld"
+            value="Example" />
+    </util:map>
+
+    <bean id="groupClaimsHandler" 
class="org.apache.cxf.sts.claims.LdapGroupClaimsHandler">
+        <property name="ldapTemplate" ref="ldapTemplate" />
+        <property name="userBaseDN" value="ou=users,dc=fediz,dc=org" />
+        <property name="groupBaseDN" value="ou=groups,dc=fediz,dc=org" />
+        <property name="appliesToScopeMapping" ref="appliesToScopeMapping" />
+        <property name="userNameAttribute" value="uid" />
+    </bean>
+
+    <jaxws:endpoint id="transportSTS1" implementor="#transportSTSProviderBean"
+        address="/STSService" 
wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
+        xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/";
+        serviceName="ns1:SecurityTokenService" 
endpointName="ns1:TransportUT_Port">
+        <jaxws:properties>
+            <entry key="ws-security.ut.validator">
+                <bean 
class="org.apache.ws.security.validate.JAASUsernameTokenValidator">
+                    <property name="contextName" value="LDAP" />
+                </bean>
+            </entry>
+        </jaxws:properties>
+    </jaxws:endpoint>
+       
+</beans>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/af2ac366/services/sts/src/main/webapp/WEB-INF/fediz-sts.xml
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/fediz-sts.xml 
b/services/sts/src/main/webapp/WEB-INF/fediz-sts.xml
new file mode 100644
index 0000000..21919c7
--- /dev/null
+++ b/services/sts/src/main/webapp/WEB-INF/fediz-sts.xml
@@ -0,0 +1,140 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans";
+    xmlns:cxf="http://cxf.apache.org/core";
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+    xmlns:util="http://www.springframework.org/schema/util";
+    xsi:schemaLocation="
+        http://cxf.apache.org/core
+        http://cxf.apache.org/schemas/core.xsd
+        http://www.springframework.org/schema/beans
+        http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+        http://www.springframework.org/schema/util
+        http://www.springframework.org/schema/util/spring-util-2.0.xsd";>
+
+    <import resource="classpath:META-INF/cxf/cxf.xml" />
+    
+    <bean id="loggerListener" class="org.apache.cxf.sts.event.map.EventMapper">
+        <constructor-arg>
+            <bean class="org.apache.cxf.sts.event.map.MapEventLogger" />
+        </constructor-arg>
+    </bean>
+
+    <util:list id="delegationHandlers">
+        <bean id="samlDelegationHandler"
+            
class="org.apache.cxf.fediz.service.sts.FedizSAMLDelegationHandler" />
+        <bean id="x509DelegationHandler"
+            
class="org.apache.cxf.fediz.service.sts.FedizX509DelegationHandler" />
+    </util:list>
+
+    <bean id="transportSTSProviderBean"
+        
class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider">
+        <property name="issueOperation" ref="transportIssueDelegate" />
+        <property name="validateOperation" ref="transportValidateDelegate" />
+    </bean>
+
+    <bean id="transportIssueDelegate" 
class="org.apache.cxf.sts.operation.TokenIssueOperation">
+        <property name="tokenProviders" ref="transportTokenProviders" />
+        <property name="services" ref="transportServices" />
+        <property name="stsProperties" ref="transportSTSProperties" />
+        <property name="claimsManager" ref="claimsManager" />
+        <property name="tokenValidators" ref="transportTokenValidators" />
+        <property name="eventListener" ref="loggerListener" />
+        <property name="delegationHandlers" ref="delegationHandlers" />
+    </bean>
+
+    <bean id="transportValidateDelegate" 
class="org.apache.cxf.sts.operation.TokenValidateOperation">
+        <property name="tokenValidators" ref="transportTokenValidators" />
+        <property name="stsProperties" ref="transportSTSProperties" />
+        <property name="eventListener" ref="loggerListener" />
+    </bean>
+
+    <util:list id="transportTokenProviders">
+        <ref bean="transportSamlTokenProvider" />
+    </util:list>
+
+    <util:list id="transportTokenValidators">
+        <ref bean="transportSamlTokenValidator" />
+        <bean class="org.apache.cxf.sts.token.validator.X509TokenValidator" />
+    </util:list>
+
+    <bean id="transportSamlTokenProvider" 
class="org.apache.cxf.sts.token.provider.SAMLTokenProvider">
+        <property name="attributeStatementProviders" 
ref="attributeStatementProvidersList" />
+        <property name="realmMap" ref="realms" />
+        <property name="conditionsProvider" ref="conditionsProvider" />
+        <property name="subjectProvider" ref="subjectProvider" />
+    </bean>
+
+    <bean id="conditionsProvider"
+        class="org.apache.cxf.sts.token.provider.DefaultConditionsProvider">
+        <property name="lifetime" value="1200" />
+        <property name="acceptClientLifetime" value="true" />
+    </bean>
+    
+    <bean id="subjectProvider"
+        class="org.apache.cxf.sts.token.provider.DefaultSubjectProvider">
+        <property name="subjectNameIDFormat" 
+                  
value="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />
+    </bean>
+
+    <util:list id="attributeStatementProvidersList">
+        <ref bean="claimAttributeProvider" />
+    </util:list>
+
+    <bean id="claimAttributeProvider"
+        class="org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider">
+    </bean>
+
+    <bean id="claimsManager" class="org.apache.cxf.sts.claims.ClaimsManager">
+        <property name="claimHandlers" ref="claimHandlerList" />
+    </bean>
+
+    <bean id="samlRealmCodec"
+        class="org.apache.cxf.fediz.service.sts.realms.SamlRealmCodec" />
+
+    <bean id="customRealmParser" 
class="org.apache.cxf.fediz.service.sts.realms.UriRealmParser" />
+
+    <bean id="transportSamlTokenValidator"
+        class="org.apache.cxf.sts.token.validator.SAMLTokenValidator">
+        <property name="samlRealmCodec" ref="samlRealmCodec" />
+    </bean>
+
+    <util:list id="transportServices">
+        <ref bean="transportService" />
+    </util:list>
+
+    <bean id="transportService" 
class="org.apache.cxf.sts.service.StaticService">
+        <property name="endpoints">
+            <util:list>
+                <value>.*</value>
+            </util:list>
+        </property>
+    </bean>
+    
+    <bean id="transportSTSProperties" 
class="org.apache.cxf.sts.StaticSTSProperties">
+        <property name="callbackHandlerClass" value="${callback.handler}" />
+        <property name="issuer" value="${issuer}" />
+        <property name="realmParser" ref="customRealmParser" />
+        <property name="signatureCryptoProperties" 
value="${signature.properties}" />
+        <property name="relationships" ref="relationships" />
+    </bean>
+
+</beans>
+

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/af2ac366/services/sts/src/main/webapp/WEB-INF/file.xml
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/file.xml 
b/services/sts/src/main/webapp/WEB-INF/file.xml
deleted file mode 100644
index 3c4ed06..0000000
--- a/services/sts/src/main/webapp/WEB-INF/file.xml
+++ /dev/null
@@ -1,65 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
- 
-  http://www.apache.org/licenses/LICENSE-2.0
- 
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans";
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
-    xmlns:util="http://www.springframework.org/schema/util";
-    xmlns:jaxws="http://cxf.apache.org/jaxws";
-    xsi:schemaLocation="
-        http://www.springframework.org/schema/beans
-        http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
-        http://www.springframework.org/schema/util
-        http://www.springframework.org/schema/util/spring-util-2.0.xsd
-        http://cxf.apache.org/jaxws
-        http://cxf.apache.org/schemas/jaxws.xsd";>
-
-    <import resource="data/userClaims.xml" />
-    <import resource="data/passwords.xml" />
-
-    <bean id="upCallBackHandlerRealmA"
-        
class="org.apache.cxf.fediz.service.sts.UsernamePasswordCallbackHandler">
-        <property name="passwords" ref="REALMA" />
-    </bean>
-
-    <bean id="upCallBackHandlerRealmB"
-        
class="org.apache.cxf.fediz.service.sts.UsernamePasswordCallbackHandler">
-        <property name="passwords" ref="REALMB" />
-    </bean>
-
-    <jaxws:endpoint id="transportSTSRealmAUT"
-        implementor="#transportSTSProviderBean" 
address="/REALMA/STSServiceTransportUT"
-        wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
-        xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/";
-        serviceName="ns1:SecurityTokenService" 
endpointName="ns1:TransportUT_Port">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" 
value-ref="upCallBackHandlerRealmA" />
-        </jaxws:properties>
-    </jaxws:endpoint>
-
-    <jaxws:endpoint id="transportSTSRealmBUT"
-        implementor="#transportSTSProviderBean" 
address="/REALMB/STSServiceTransportUT"
-        wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
-        xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/";
-        serviceName="ns1:SecurityTokenService" 
endpointName="ns1:TransportUT_Port">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" 
value-ref="upCallBackHandlerRealmB" />
-        </jaxws:properties>
-    </jaxws:endpoint>
-
-</beans>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/af2ac366/services/sts/src/main/webapp/WEB-INF/kerberos.xml
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/kerberos.xml 
b/services/sts/src/main/webapp/WEB-INF/kerberos.xml
deleted file mode 100644
index aaab490..0000000
--- a/services/sts/src/main/webapp/WEB-INF/kerberos.xml
+++ /dev/null
@@ -1,49 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
- 
-  http://www.apache.org/licenses/LICENSE-2.0
- 
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans";
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
-    xmlns:util="http://www.springframework.org/schema/util";
-    xmlns:jaxws="http://cxf.apache.org/jaxws";
-    xsi:schemaLocation="
-        http://www.springframework.org/schema/beans
-        http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
-        http://www.springframework.org/schema/util
-        http://www.springframework.org/schema/util/spring-util-2.0.xsd
-        http://cxf.apache.org/jaxws
-        http://cxf.apache.org/schemas/jaxws.xsd";>
-
-    <import resource="data/userClaims.xml" />
-
-    <bean id="kerberosValidator" 
class="org.apache.wss4j.dom.validate.KerberosTokenValidator">
-        <property name="contextName" value="bob"/>
-        <property name="serviceName" value="b...@service.ws.apache.org"/>
-    </bean>
-
-    <jaxws:endpoint id="transportSTSRealmAKerberos"
-        implementor="#transportSTSProviderBean" 
address="/REALMA/STSServiceTransportKerberos"
-        wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
-        xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/";
-        serviceName="ns1:SecurityTokenService" 
endpointName="ns1:TransportKerberos_Port">
-        <jaxws:properties>
-            <entry key="ws-security.bst.validator" 
value-ref="kerberosValidator"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-
-</beans>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/af2ac366/services/sts/src/main/webapp/WEB-INF/ldap.xml
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/ldap.xml 
b/services/sts/src/main/webapp/WEB-INF/ldap.xml
deleted file mode 100644
index dbd3265..0000000
--- a/services/sts/src/main/webapp/WEB-INF/ldap.xml
+++ /dev/null
@@ -1,117 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
- 
-  http://www.apache.org/licenses/LICENSE-2.0
- 
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans";
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
-    xmlns:util="http://www.springframework.org/schema/util";
-    xmlns:jaxws="http://cxf.apache.org/jaxws";
-    xsi:schemaLocation="
-        http://www.springframework.org/schema/beans
-        http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
-        http://www.springframework.org/schema/util
-        http://www.springframework.org/schema/util/spring-util-2.0.xsd
-        http://cxf.apache.org/jaxws
-        http://cxf.apache.org/schemas/jaxws.xsd";>
-
-    <util:list id="claimHandlerList">
-        <ref bean="userClaimsHandler" />
-        <ref bean="groupClaimsHandler" />
-    </util:list>
-
-    <bean id="contextSource"
-        class="org.springframework.ldap.core.support.LdapContextSource">
-        <property name="url" value="ldap://localhost:389/"; />
-        <property name="userDn" value="uid=admin,ou=system" />
-        <property name="password" value="secret" />
-    </bean>
-
-    <bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
-        <constructor-arg ref="contextSource" />
-    </bean>
-
-    <util:map id="claimsToLdapAttributeMapping">
-        <entry
-            
key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname";
-            value="givenName" />
-        <entry
-            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname";
-            value="sn" />
-        <entry
-            
key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress";
-            value="mail" />
-        <entry
-            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country";
-            value="c" />
-        <entry
-            
key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcode";
-            value="postalCode" />
-        <entry
-            
key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress";
-            value="postalAddress" />
-        <entry
-            
key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality";
-            value="town" />
-        <entry
-            
key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince";
-            value="st" />
-        <entry
-            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/gender";
-            value="gender" />
-        <entry
-            
key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth";
-            value="dateofbirth" />
-        <entry
-            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role";
-            value="member" />
-    </util:map>
-
-    <bean id="userClaimsHandler" 
class="org.apache.cxf.sts.claims.LdapClaimsHandler">
-        <property name="ldapTemplate" ref="ldapTemplate" />
-        <property name="claimsLdapAttributeMapping" 
ref="claimsToLdapAttributeMapping" />
-        <property name="userBaseDN" value="ou=users,dc=fediz,dc=org" />
-        <property name="userNameAttribute" value="uid" />
-    </bean>
-
-    <util:map id="appliesToScopeMapping">
-        <entry key="urn:org:apache:cxf:fediz:fedizhelloworld"
-            value="Example" />
-    </util:map>
-
-    <bean id="groupClaimsHandler" 
class="org.apache.cxf.sts.claims.LdapGroupClaimsHandler">
-        <property name="ldapTemplate" ref="ldapTemplate" />
-        <property name="userBaseDN" value="ou=users,dc=fediz,dc=org" />
-        <property name="groupBaseDN" value="ou=groups,dc=fediz,dc=org" />
-        <property name="appliesToScopeMapping" ref="appliesToScopeMapping" />
-        <property name="userNameAttribute" value="uid" />
-    </bean>
-
-    <jaxws:endpoint id="transportSTS1" implementor="#transportSTSProviderBean"
-        address="/STSService" 
wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
-        xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/";
-        serviceName="ns1:SecurityTokenService" 
endpointName="ns1:TransportUT_Port">
-        <jaxws:properties>
-            <entry key="ws-security.ut.validator">
-                <bean 
class="org.apache.ws.security.validate.JAASUsernameTokenValidator">
-                    <property name="contextName" value="LDAP" />
-                </bean>
-            </entry>
-        </jaxws:properties>
-    </jaxws:endpoint>
-       
-</beans>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/af2ac366/systests/kerberos/src/test/resources/sts/cxf-transport.xml
----------------------------------------------------------------------
diff --git a/systests/kerberos/src/test/resources/sts/cxf-transport.xml 
b/systests/kerberos/src/test/resources/sts/cxf-transport.xml
index be3fe02..6506b04 100644
--- a/systests/kerberos/src/test/resources/sts/cxf-transport.xml
+++ b/systests/kerberos/src/test/resources/sts/cxf-transport.xml
@@ -160,7 +160,6 @@
         class="org.apache.cxf.fediz.service.sts.realms.SamlRealmCodec" />
 
     <bean id="customRealmParser" 
class="org.apache.cxf.fediz.service.sts.realms.UriRealmParser">
-        <property name="realmMap" ref="realms" />
     </bean>
 
     <bean id="transportSamlTokenValidator"

Reply via email to