http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/ebb06de7/systests/federation/temp/src/test/resources/realmb/idp-servlet.xml ---------------------------------------------------------------------- diff --git a/systests/federation/temp/src/test/resources/realmb/idp-servlet.xml b/systests/federation/temp/src/test/resources/realmb/idp-servlet.xml new file mode 100644 index 0000000..0a68517 --- /dev/null +++ b/systests/federation/temp/src/test/resources/realmb/idp-servlet.xml @@ -0,0 +1,116 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xmlns:webflow="http://www.springframework.org/schema/webflow-config"; + xmlns:p="http://www.springframework.org/schema/p"; + xmlns:context="http://www.springframework.org/schema/context"; + xsi:schemaLocation="http://www.springframework.org/schema/beans + http://www.springframework.org/schema/beans/spring-beans-3.1.xsd + http://www.springframework.org/schema/context + http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/webflow-config + http://www.springframework.org/schema/webflow-config/spring-webflow-config-2.0.xsd";> + + <context:property-placeholder location="classpath:realm.properties" /> + + <context:component-scan base-package="org.apache.cxf.fediz.service.idp.beans" /> + + <bean class="org.springframework.webflow.mvc.servlet.FlowHandlerMapping" + p:flowRegistry-ref="flowRegistry" p:order="2"> + </bean> + + <bean class="org.springframework.webflow.mvc.servlet.FlowHandlerAdapter" + p:flowExecutor-ref="flowExecutor" /> + + <webflow:flow-executor id="flowExecutor" + flow-registry="flowRegistry"> + <webflow:flow-execution-attributes> + <webflow:always-redirect-on-pause + value="false" /> + </webflow:flow-execution-attributes> + + <webflow:flow-execution-listeners> + <webflow:listener ref="securityFlowExecutionListener" /> + </webflow:flow-execution-listeners> + </webflow:flow-executor> + + <bean id="securityFlowExecutionListener" + class="org.springframework.webflow.security.SecurityFlowExecutionListener"> + <property name="accessDecisionManager" ref="accessDecisionManager" /> + </bean> + + <bean id="accessDecisionManager" + class="org.springframework.security.access.vote.AffirmativeBased"> + <property name="decisionVoters"> + <list> + <bean + class="org.springframework.security.access.vote.RoleVoter"> + <property name="rolePrefix" value="ROLE_" /> + </bean> + <bean + class="org.springframework.security.access.vote.AuthenticatedVoter" /> + </list> + </property> + </bean> + + <webflow:flow-registry id="flowRegistry" + flow-builder-services="builder"> + <webflow:flow-location + path="/WEB-INF/flows/federation-validate-request.xml" id="federation" /> + <webflow:flow-location + path="/WEB-INF/flows/federation-validate-request.xml" id="federation/up" /> + <webflow:flow-location path="/WEB-INF/flows/federation-signin-request.xml" + id="signinRequest" /> + <webflow:flow-location path="/WEB-INF/flows/federation-signin-response.xml" + id="signinResponse" /> + </webflow:flow-registry> + + <webflow:flow-builder-services id="builder" + view-factory-creator="viewFactoryCreator" expression-parser="expressionParser" /> + + <bean id="expressionParser" + class="org.springframework.webflow.expression.WebFlowOgnlExpressionParser" /> + + <bean id="viewFactoryCreator" + class="org.springframework.webflow.mvc.builder.MvcViewFactoryCreator"> + <property name="viewResolvers"> + <list> + <ref local="viewResolver" /> + </list> + </property> + </bean> + + <bean id="viewResolver" + class="org.springframework.web.servlet.view.InternalResourceViewResolver"> + <property name="prefix" value="/WEB-INF/views/" /> + <property name="suffix" value=".jsp" /> + </bean> + + <bean id="stsClientForRpAction" + class="org.apache.cxf.fediz.service.idp.beans.STSClientAction"> + <property name="wsdlLocation" + value="https://localhost:0/fediz-idp-sts-realmb/${realm.STS_URI}/STSServiceTransport?wsdl"; /> + <property name="wsdlEndpoint" value="Transport_Port" /> + <property name="tokenType" + value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"; /> + </bean> + +</beans>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/ebb06de7/systests/federation/temp/src/test/resources/realmb/persistence.properties ---------------------------------------------------------------------- diff --git a/systests/federation/temp/src/test/resources/realmb/persistence.properties b/systests/federation/temp/src/test/resources/realmb/persistence.properties new file mode 100644 index 0000000..2628714 --- /dev/null +++ b/systests/federation/temp/src/test/resources/realmb/persistence.properties @@ -0,0 +1,15 @@ +#jpa.driverClassName=org.apache.derby.jdbc.ClientDriver +#jpa.url=jdbc:derby://localhost:1527/Fediz +#jpa.username=admin +#jpa.password=admin +#jpa.defaultData=true +#jpa.platform=DerbyDictionary + + +jpa.driverClassName=org.hsqldb.jdbcDriver +#jpa.url=jdbc:hsqldb:target/fediz/db/myDB;shutdown=true +jpa.url=jdbc:hsqldb:target/db/realmb/myDB;shutdown=true +jpa.username=sa +jpa.password= +jpa.defaultData=true +jpa.platform=HSQLDictionary \ No newline at end of file http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/ebb06de7/systests/federation/temp/src/test/resources/realmb/realm.properties ---------------------------------------------------------------------- diff --git a/systests/federation/temp/src/test/resources/realmb/realm.properties b/systests/federation/temp/src/test/resources/realmb/realm.properties new file mode 100644 index 0000000..41d04cd --- /dev/null +++ b/systests/federation/temp/src/test/resources/realmb/realm.properties @@ -0,0 +1,6 @@ +realm.STS_URI=REALMB +realmA.port=${idp.https.port} +realmB.port=${idp.realmb.https.port} +idp-config=idp-config-realmb.xml +db-load-config=entities-realmb.xml +realm-uri=urn:org:apache:cxf:fediz:idp:realm-B http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/ebb06de7/systests/federation/temp/src/test/resources/realmb/security-config.xml ---------------------------------------------------------------------- diff --git a/systests/federation/temp/src/test/resources/realmb/security-config.xml b/systests/federation/temp/src/test/resources/realmb/security-config.xml new file mode 100644 index 0000000..e59ace7 --- /dev/null +++ b/systests/federation/temp/src/test/resources/realmb/security-config.xml @@ -0,0 +1,108 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xmlns:security="http://www.springframework.org/schema/security"; + xmlns:context="http://www.springframework.org/schema/context"; + xsi:schemaLocation=" + http://www.springframework.org/schema/beans + http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context + http://www.springframework.org/schema/context/spring-context.xsd + http://www.springframework.org/schema/security + http://www.springframework.org/schema/security/spring-security-3.1.xsd + "> + + <context:property-placeholder location="classpath:realm.properties"/> + + <!-- DISABLE in production as it might log confidential information about the user --> + <!-- <security:debug /> --> + + <!-- Configure Spring Security --> + + <!-- If enabled, you can't access the Service layer within the Spring Webflow --> + <!-- The user has no role during the login phase of WS-Federation --> + <security:global-method-security pre-post-annotations="enabled"/> + + <security:http pattern="/services/rs/**" use-expressions="true" authentication-manager-ref="restAuthenticationManager"> + <security:custom-filter after="CHANNEL_FILTER" ref="stsPortFilter" /> + <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" /> + <security:intercept-url pattern="/services/rs/**" access="isAuthenticated()"/> + <security:http-basic /> + </security:http> + + <bean id="bCryptPasswordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" /> + + <bean id="defaultPasswordEncoder" class="org.springframework.security.crypto.password.StandardPasswordEncoder" /> + + <security:authentication-manager id="restAuthenticationManager"> + <security:authentication-provider> + <!-- <security:password-encoder ref="defaultPasswordEncoder"/>--> + <!-- <security:password-encoder hash="sha-256" base64="true" />--> + <!-- + <security:password-encoder hash="sha-256" base64="true"> + <security:salt-source user-property="username"/> + </security:password-encoder> + --> + <security:user-service properties="classpath:/users.properties" /> + </security:authentication-provider> + <security:authentication-provider ref="stsAuthProvider" /> + </security:authentication-manager> + + <!-- Redirects to a dedicated http config --> + <bean id="fedizEntryPoint" class="org.apache.cxf.fediz.service.idp.FedizEntryPoint"> + <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-B" /> + <property name="configService" ref="config" /> + </bean> + + <!-- Main entry point --> + <security:http pattern="/federation" use-expressions="true" entry-point-ref="fedizEntryPoint"> + <security:custom-filter after="CHANNEL_FILTER" ref="stsPortFilter" /> + <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" /> + <security:intercept-url pattern="/FederationMetadata/2007-06/FederationMetadata.xml" access="isAnonymous() or isAuthenticated()" /> + </security:http> + + <!-- HTTP/BA entry point --> + <security:http pattern="/federation/up" use-expressions="true"> + <security:custom-filter after="CHANNEL_FILTER" ref="stsPortFilter" /> + <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" /> + <security:intercept-url pattern="/FederationMetadata/2007-06/FederationMetadata.xml" access="isAnonymous() or isAuthenticated()" /> + + <security:http-basic /> + <security:logout delete-cookies="FEDIZ_HOME_REALM" invalidate-session="true" /> + </security:http> + + <security:authentication-manager> + <security:authentication-provider ref="stsAuthProvider" /> + </security:authentication-manager> + + <bean id="stsPortFilter" class="org.apache.cxf.fediz.service.idp.STSPortFilter" /> + + <bean id="entitlementsEnricher" class="org.apache.cxf.fediz.service.idp.service.security.GrantedAuthorityEntitlements" /> + + <bean id="stsAuthProvider" class="org.apache.cxf.fediz.service.idp.STSUPAuthenticationProvider"> + <property name="wsdlLocation" value="https://localhost:0/fediz-idp-sts-realmb/${realm.STS_URI}/STSServiceTransportUT?wsdl"/> + <property name="wsdlEndpoint" value="TransportUT_Port"/> + <property name="wsdlService" value="SecurityTokenService"/> + <property name="appliesTo" value="urn:fediz:idp"/> + <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"/> + </bean> + +</beans> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/ebb06de7/systests/federation/temp/src/test/resources/server.jks ---------------------------------------------------------------------- diff --git a/systests/federation/temp/src/test/resources/server.jks b/systests/federation/temp/src/test/resources/server.jks new file mode 100644 index 0000000..c9c2ce2 Binary files /dev/null and b/systests/federation/temp/src/test/resources/server.jks differ http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/ebb06de7/systests/federation/temp/src/test/resources/stsKeystoreA.properties ---------------------------------------------------------------------- diff --git a/systests/federation/temp/src/test/resources/stsKeystoreA.properties b/systests/federation/temp/src/test/resources/stsKeystoreA.properties new file mode 100644 index 0000000..bd9fb1b --- /dev/null +++ b/systests/federation/temp/src/test/resources/stsKeystoreA.properties @@ -0,0 +1,6 @@ +org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin +org.apache.ws.security.crypto.merlin.keystore.type=jks +org.apache.ws.security.crypto.merlin.keystore.password=storepass +org.apache.ws.security.crypto.merlin.keystore.alias=realma +org.apache.ws.security.crypto.merlin.keystore.file=stsrealm_a.jks + http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/ebb06de7/systests/federation/temp/src/test/resources/stsrealm_a.jks ---------------------------------------------------------------------- diff --git a/systests/federation/temp/src/test/resources/stsrealm_a.jks b/systests/federation/temp/src/test/resources/stsrealm_a.jks new file mode 100644 index 0000000..fde2928 Binary files /dev/null and b/systests/federation/temp/src/test/resources/stsrealm_a.jks differ
