Folded SAML SSO federation tests in with WS-Federation
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/6fef44bb Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/6fef44bb Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/6fef44bb Branch: refs/heads/master Commit: 6fef44bb12531ca8de279275ed2d33fdbe50e3a2 Parents: ce2cc78 Author: Colm O hEigeartaigh <[email protected]> Authored: Thu Nov 3 17:29:40 2016 +0000 Committer: Colm O hEigeartaigh <[email protected]> Committed: Thu Nov 3 17:29:40 2016 +0000 ---------------------------------------------------------------------- systests/federation/pom.xml | 1 - systests/federation/samlsso/pom.xml | 330 ------------ .../cxf/fediz/integrationtests/SAMLSSOTest.java | 382 -------------- .../src/test/resources/entities-realma.xml | 518 ------------------- .../test/resources/fediz_config_saml_sso.xml | 116 ----- .../test/resources/realmb/entities-realmb.xml | 423 --------------- .../src/test/resources/realmb/idp-servlet.xml | 120 ----- .../resources/realmb/persistence.properties | 15 - .../src/test/resources/realmb/realm.properties | 6 - .../test/resources/realmb/security-config.xml | 135 ----- systests/federation/wsfed/pom.xml | 10 + .../cxf/fediz/integrationtests/WSFedTest.java | 225 +++++++- .../src/test/resources/fediz_config_wsfed.xml | 92 +++- .../test/resources/realma/entities-realma.xml | 61 ++- .../test/resources/realmb/entities-realmb.xml | 8 +- .../src/test/resources/realmb/idp-servlet.xml | 4 + .../test/resources/realmb/security-config.xml | 26 + 17 files changed, 409 insertions(+), 2063 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6fef44bb/systests/federation/pom.xml ---------------------------------------------------------------------- diff --git a/systests/federation/pom.xml b/systests/federation/pom.xml index 26a0549..b158064 100644 --- a/systests/federation/pom.xml +++ b/systests/federation/pom.xml @@ -33,7 +33,6 @@ <modules> <module>samlIdpWebapp</module> <module>oidcIdpWebapp</module> - <module>samlsso</module> <module>oidc</module> <module>wsfed</module> </modules> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6fef44bb/systests/federation/samlsso/pom.xml ---------------------------------------------------------------------- diff --git a/systests/federation/samlsso/pom.xml b/systests/federation/samlsso/pom.xml deleted file mode 100644 index da610a7..0000000 --- a/systests/federation/samlsso/pom.xml +++ /dev/null @@ -1,330 +0,0 @@ -<?xml version="1.0"?> -<!-- - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. ---> -<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd";> - <modelVersion>4.0.0</modelVersion> - <parent> - <groupId>org.apache.cxf.fediz.systests</groupId> - <artifactId>fediz-systests-federation</artifactId> - <version>1.3.2-SNAPSHOT</version> - <relativePath>../pom.xml</relativePath> - </parent> - <groupId>org.apache.cxf.fediz.systests.federation</groupId> - <artifactId>fediz-systests-federation-samlsso</artifactId> - <name>Apache Fediz Federation Systests Tomcat 7 SAML SSO</name> - <packaging>jar</packaging> - <properties> - <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> - <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding> - </properties> - <dependencies> - <dependency> - <groupId>org.apache.tomcat.embed</groupId> - <artifactId>tomcat-embed-core</artifactId> - <version>${tomcat7.version}</version> - <scope>test</scope> - </dependency> - <dependency> - <groupId>org.apache.tomcat.embed</groupId> - <artifactId>tomcat-embed-logging-juli</artifactId> - <version>${tomcat7.version}</version> - <scope>test</scope> - </dependency> - <dependency> - <groupId>org.eclipse.jdt.core.compiler</groupId> - <artifactId>ecj</artifactId> - <version>${ecj.version}</version> - <scope>test</scope> - </dependency> - <dependency> - <groupId>org.apache.tomcat.embed</groupId> - <artifactId>tomcat-embed-jasper</artifactId> - <version>${tomcat7.version}</version> - <scope>test</scope> - </dependency> - <dependency> - <groupId>junit</groupId> - <artifactId>junit</artifactId> - <version>${junit.version}</version> - <scope>test</scope> - </dependency> - <dependency> - <groupId>org.apache.cxf.fediz</groupId> - <artifactId>fediz-tomcat7</artifactId> - <version>${project.version}</version> - <scope>test</scope> - </dependency> - <dependency> - <groupId>org.apache.cxf.fediz.systests</groupId> - <artifactId>fediz-systests-tests</artifactId> - <version>${project.version}</version> - <type>test-jar</type> - <scope>test</scope> - </dependency> - <dependency> - <groupId>org.slf4j</groupId> - <artifactId>slf4j-api</artifactId> - <version>${slf4j.version}</version> - <scope>test</scope> - </dependency> - <dependency> - <groupId>org.slf4j</groupId> - <artifactId>slf4j-jdk14</artifactId> - <version>${slf4j.version}</version> - <scope>test</scope> - </dependency> - <dependency> - <groupId>org.hsqldb</groupId> - <artifactId>hsqldb</artifactId> - <version>${hsqldb.version}</version> - <scope>test</scope> - </dependency> - </dependencies> - <build> - <testResources> - <testResource> - <directory>src/test/resources</directory> - <filtering>true</filtering> - <includes> - <include>**/fediz_config*.xml</include> - </includes> - </testResource> - <testResource> - <directory>src/test/resources</directory> - <filtering>false</filtering> - <excludes> - <exclude>**/fediz_config*.xml</exclude> - </excludes> - </testResource> - </testResources> - <plugins> - <plugin> - <groupId>org.codehaus.mojo</groupId> - <artifactId>build-helper-maven-plugin</artifactId> - <executions> - <execution> - <id>reserve-network-port</id> - <goals> - <goal>reserve-network-port</goal> - </goals> - <phase>initialize</phase> - <configuration> - <portNames> - <portName>idp.https.port</portName> - <portName>idp.samlsso.https.port</portName> - <portName>idp.realmb.https.port</portName> - <portName>rp.https.port</portName> - </portNames> - </configuration> - </execution> - </executions> - </plugin> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-dependency-plugin</artifactId> - <executions> - <execution> - <id>copy-idp-sts</id> - <phase>generate-resources</phase> - <goals> - <goal>unpack</goal> - </goals> - <configuration> - <artifactItems> - <artifactItem> - <groupId>org.apache.cxf.fediz</groupId> - <artifactId>fediz-idp</artifactId> - <version>${project.version}</version> - <type>war</type> - <overWrite>true</overWrite> - <outputDirectory>target/tomcat/idp/webapps/fediz-idp</outputDirectory> - </artifactItem> - <artifactItem> - <groupId>org.apache.cxf.fediz</groupId> - <artifactId>fediz-idp-sts</artifactId> - <version>${project.version}</version> - <type>war</type> - <overWrite>true</overWrite> - <outputDirectory>target/tomcat/idp/webapps/fediz-idp-sts</outputDirectory> - </artifactItem> - <artifactItem> - <groupId>org.apache.cxf.fediz.systests.federation</groupId> - <artifactId>fediz-systests-federation-samlIdpWebapp</artifactId> - <version>${project.version}</version> - <type>war</type> - <overWrite>true</overWrite> - <outputDirectory>target/tomcat/idpsamlsso/webapps/idpsaml</outputDirectory> - </artifactItem> - <artifactItem> - <groupId>org.apache.cxf.fediz.systests.webapps</groupId> - <artifactId>fediz-systests-webapps-simple</artifactId> - <version>${project.version}</version> - <type>war</type> - <overWrite>true</overWrite> - <outputDirectory>target/tomcat/rp/webapps/simpleWebapp</outputDirectory> - </artifactItem> - <artifactItem> - <groupId>org.apache.cxf.fediz</groupId> - <artifactId>fediz-idp</artifactId> - <version>${project.version}</version> - <type>war</type> - <overWrite>true</overWrite> - <outputDirectory>target/tomcat/idprealmb/webapps/fediz-idp-realmb</outputDirectory> - </artifactItem> - <artifactItem> - <groupId>org.apache.cxf.fediz</groupId> - <artifactId>fediz-idp-sts</artifactId> - <version>${project.version}</version> - <type>war</type> - <overWrite>true</overWrite> - <outputDirectory>target/tomcat/idprealmb/webapps/fediz-idp-sts-realmb</outputDirectory> - </artifactItem> - <artifactItem> - <groupId>org.apache.cxf.fediz.systests</groupId> - <artifactId>fediz-systests-tests</artifactId> - <version>${project.version}</version> - <classifier>tests</classifier> - <type>jar</type> - <overWrite>true</overWrite> - <outputDirectory>target/test-classes</outputDirectory> - <includes>**/*.jks</includes> - </artifactItem> - </artifactItems> - <outputAbsoluteArtifactFilename>true</outputAbsoluteArtifactFilename> - <overWriteSnapshots>true</overWriteSnapshots> - <overWriteIfNewer>true</overWriteIfNewer> - <stripVersion>true</stripVersion> - </configuration> - </execution> - </executions> - </plugin> - <plugin> - <artifactId>maven-resources-plugin</artifactId> - <version>2.7</version> - <executions> - <execution> - <id>copy-entities-to-idp</id> - <phase>generate-test-sources</phase> - <goals> - <goal>copy-resources</goal> - </goals> - <configuration> - <outputDirectory>${basedir}/target/tomcat/idp/webapps/fediz-idp/WEB-INF/classes</outputDirectory> - <resources> - <resource> - <directory>${basedir}/src/test/resources</directory> - <includes> - <include>entities-realma.xml</include> - </includes> - <filtering>true</filtering> - </resource> - </resources> - </configuration> - </execution> - <execution> - <id>copy-entities-to-remote-idp</id> - <phase>generate-test-sources</phase> - <goals> - <goal>copy-resources</goal> - </goals> - <configuration> - <outputDirectory>${basedir}/target/tomcat/idprealmb/webapps/fediz-idp-realmb/WEB-INF/classes</outputDirectory> - <resources> - <resource> - <directory>${basedir}/src/test/resources/realmb</directory> - <includes> - <include>entities-realmb.xml</include> - <include>realm.properties</include> - <include>persistence.properties</include> - </includes> - <filtering>true</filtering> - </resource> - </resources> - </configuration> - </execution> - <execution> - <id>copy-entities-to-remote-idp2</id> - <phase>generate-test-sources</phase> - <goals> - <goal>copy-resources</goal> - </goals> - <configuration> - <outputDirectory>${basedir}/target/tomcat/idprealmb/webapps/fediz-idp-realmb/WEB-INF</outputDirectory> - <resources> - <resource> - <directory>${basedir}/src/test/resources/realmb</directory> - <includes> - <include>idp-servlet.xml</include> - <include>security-config.xml</include> - </includes> - <filtering>true</filtering> - </resource> - </resources> - </configuration> - </execution> - </executions> - </plugin> - <plugin> - <artifactId>maven-failsafe-plugin</artifactId> - <inherited>true</inherited> - <executions> - <execution> - <id>integration-test</id> - <phase>integration-test</phase> - <goals> - <goal>integration-test</goal> - </goals> - <configuration> - <skip>${skipTests}</skip> - <systemPropertyVariables> - <wt.headless>true</wt.headless> - <idp.https.port>${idp.https.port}</idp.https.port> - <idp.samlsso.https.port>${idp.samlsso.https.port}</idp.samlsso.https.port> - <idp.realmb.https.port>${idp.realmb.https.port}</idp.realmb.https.port> - <rp.https.port>${rp.https.port}</rp.https.port> - </systemPropertyVariables> - <includes> - <include>**/integrationtests/**</include> - </includes> - <argLine>-Xms512m -Xmx1024m - -XX:MaxPermSize=256m</argLine> - </configuration> - </execution> - <execution> - <id>verify</id> - <phase>verify</phase> - <goals> - <goal>verify</goal> - </goals> - </execution> - </executions> - </plugin> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-surefire-plugin</artifactId> - <inherited>true</inherited> - <configuration> - <excludes> - <exclude>**/integrationtests/**</exclude> - </excludes> - </configuration> - </plugin> - </plugins> - </build> -</project> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6fef44bb/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java ---------------------------------------------------------------------- diff --git a/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java b/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java deleted file mode 100644 index 0f67fc7..0000000 --- a/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java +++ /dev/null @@ -1,382 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.cxf.fediz.integrationtests; - - -import java.io.File; -import java.io.IOException; - -import javax.servlet.ServletException; - -import org.w3c.dom.Document; -import org.w3c.dom.Element; -import org.w3c.dom.Node; - -import com.gargoylesoftware.htmlunit.CookieManager; -import com.gargoylesoftware.htmlunit.WebClient; -import com.gargoylesoftware.htmlunit.html.HtmlForm; -import com.gargoylesoftware.htmlunit.html.HtmlPage; -import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput; -import com.gargoylesoftware.htmlunit.xml.XmlPage; - -import org.apache.catalina.Context; -import org.apache.catalina.LifecycleException; -import org.apache.catalina.LifecycleState; -import org.apache.catalina.connector.Connector; -import org.apache.catalina.startup.Tomcat; -import org.apache.cxf.fediz.core.ClaimTypes; -import org.apache.cxf.fediz.core.util.DOMUtils; -import org.apache.cxf.fediz.tomcat7.FederationAuthenticator; -import org.apache.http.auth.AuthScope; -import org.apache.http.auth.UsernamePasswordCredentials; -import org.apache.xml.security.keys.KeyInfo; -import org.apache.xml.security.signature.XMLSignature; -import org.junit.AfterClass; -import org.junit.Assert; -import org.junit.BeforeClass; -import org.junit.Test; - -/** - * This is a test for federation using SAML SSO in the IdP. The RP application is configured to use a home realm - * which is different to that of the IdP ("realm a"). The IdP for realm "a" then redirects the client to the - * relevant IdP, which is a SAML SSO IdP. Two different third party IdPs are used - a mock SAML SSO IdP, which - * supports both the redirect and POST bindings, as well as the Fediz IdP itself. - */ -public class SAMLSSOTest { - - static String idpHttpsPort; - static String idpSamlSSOHttpsPort; - static String rpHttpsPort; - static String idpRealmbHttpsPort; - - private static Tomcat idpServer; - private static Tomcat idpSamlSSOServer; - private static Tomcat idpRealmbServer; - private static Tomcat rpServer; - - @BeforeClass - public static void init() throws Exception { - System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog"); - System.setProperty("org.apache.commons.logging.simplelog.showdatetime", "true"); - System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire", "info"); - System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient", "info"); - System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info"); - System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info"); - System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info"); - System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info"); - - idpHttpsPort = System.getProperty("idp.https.port"); - Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort); - idpSamlSSOHttpsPort = System.getProperty("idp.samlsso.https.port"); - Assert.assertNotNull("Property 'idp.samlsso.https.port' null", idpSamlSSOHttpsPort); - idpRealmbHttpsPort = System.getProperty("idp.realmb.https.port"); - Assert.assertNotNull("Property 'idp.realmb.https.port' null", idpRealmbHttpsPort); - rpHttpsPort = System.getProperty("rp.https.port"); - Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort); - - idpServer = startServer(true, false, false, idpHttpsPort); - idpSamlSSOServer = startServer(false, true, false, idpSamlSSOHttpsPort); - idpRealmbServer = startServer(false, false, true, idpRealmbHttpsPort); - rpServer = startServer(false, false, false, rpHttpsPort); - } - - private static Tomcat startServer(boolean idp, boolean samlSSOIdP, boolean realmb, String port) - throws ServletException, LifecycleException, IOException { - Tomcat server = new Tomcat(); - server.setPort(0); - String currentDir = new File(".").getCanonicalPath(); - String baseDir = currentDir + File.separator + "target"; - server.setBaseDir(baseDir); - - if (idp) { - server.getHost().setAppBase("tomcat/idp/webapps"); - } else if (samlSSOIdP) { - server.getHost().setAppBase("tomcat/idpsamlsso/webapps"); - } else if (realmb) { - server.getHost().setAppBase("tomcat/idprealmb/webapps"); - } else { - server.getHost().setAppBase("tomcat/rp/webapps"); - } - server.getHost().setAutoDeploy(true); - server.getHost().setDeployOnStartup(true); - - Connector httpsConnector = new Connector(); - httpsConnector.setPort(Integer.parseInt(port)); - httpsConnector.setSecure(true); - httpsConnector.setScheme("https"); - //httpsConnector.setAttribute("keyAlias", keyAlias); - httpsConnector.setAttribute("keystorePass", "tompass"); - httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks"); - httpsConnector.setAttribute("truststorePass", "tompass"); - httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks"); - httpsConnector.setAttribute("clientAuth", "want"); - // httpsConnector.setAttribute("clientAuth", "false"); - httpsConnector.setAttribute("sslProtocol", "TLS"); - httpsConnector.setAttribute("SSLEnabled", true); - - server.getService().addConnector(httpsConnector); - - if (idp) { - File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts"); - server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath()); - - File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp"); - server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath()); - } else if (samlSSOIdP) { - File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "idpsaml"); - server.addWebapp("/idp", idpWebapp.getAbsolutePath()); - } else if (realmb) { - File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts-realmb"); - server.addWebapp("/fediz-idp-sts-realmb", stsWebapp.getAbsolutePath()); - - File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-realmb"); - server.addWebapp("/fediz-idp-realmb", idpWebapp.getAbsolutePath()); - } else { - File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp"); - Context cxt = server.addWebapp("/fedizhelloworld", rpWebapp.getAbsolutePath()); - - FederationAuthenticator fa = new FederationAuthenticator(); - fa.setConfigFile(currentDir + File.separator + "target" + File.separator - + "test-classes" + File.separator + "fediz_config_saml_sso.xml"); - cxt.getPipeline().addValve(fa); - - File rpWebapp2 = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp"); - cxt = server.addWebapp("/fedizhelloworld-post-binding", rpWebapp2.getAbsolutePath()); - cxt.getPipeline().addValve(fa); - - File rpWebapp3 = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp"); - cxt = server.addWebapp("/fedizhelloworld3", rpWebapp3.getAbsolutePath()); - cxt.getPipeline().addValve(fa); - } - - server.start(); - - return server; - } - - - @AfterClass - public static void cleanup() { - shutdownServer(idpServer); - shutdownServer(idpSamlSSOServer); - shutdownServer(idpRealmbServer); - shutdownServer(rpServer); - } - - private static void shutdownServer(Tomcat server) { - try { - if (server != null && server.getServer() != null - && server.getServer().getState() != LifecycleState.DESTROYED) { - if (server.getServer().getState() != LifecycleState.STOPPED) { - server.stop(); - } - server.destroy(); - } - } catch (Exception e) { - e.printStackTrace(); - } - } - - public String getIdpHttpsPort() { - return idpHttpsPort; - } - - public String getRpHttpsPort() { - return rpHttpsPort; - } - - public String getServletContextName() { - return "fedizhelloworld"; - } - - public String getIdpRealmbHttpsPort() { - return idpRealmbHttpsPort; - } - - @org.junit.Test - public void testSAMLSSO() throws Exception { - String url = "https://localhost:"; + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet"; - // System.out.println("URL: " + url); - // Thread.sleep(60 * 2 * 1000); - String user = "ALICE"; // realm b credentials - String password = "ECILA"; - - final String bodyTextContent = - login(url, user, password, idpSamlSSOHttpsPort, idpHttpsPort, false); - - Assert.assertTrue("Principal not alice", - bodyTextContent.contains("userPrincipal=alice")); - Assert.assertTrue("User " + user + " does not have role Admin", - bodyTextContent.contains("role:Admin=false")); - Assert.assertTrue("User " + user + " does not have role Manager", - bodyTextContent.contains("role:Manager=false")); - Assert.assertTrue("User " + user + " must have role User", - bodyTextContent.contains("role:User=true")); - - String claim = ClaimTypes.FIRSTNAME.toString(); - Assert.assertTrue("User " + user + " claim " + claim + " is not 'Alice'", - bodyTextContent.contains(claim + "=Alice")); - claim = ClaimTypes.LASTNAME.toString(); - Assert.assertTrue("User " + user + " claim " + claim + " is not 'Smith'", - bodyTextContent.contains(claim + "=Smith")); - claim = ClaimTypes.EMAILADDRESS.toString(); - Assert.assertTrue("User " + user + " claim " + claim + " is not '[email protected]'", - bodyTextContent.contains(claim + "[email protected]")); - } - - @org.junit.Test - public void testSAMLSSOPostBinding() throws Exception { - String url = "https://localhost:"; + getRpHttpsPort() + "/fedizhelloworld-post-binding/secure/fedservlet"; - // System.out.println("URL: " + url); - // Thread.sleep(60 * 2 * 1000); - String user = "ALICE"; // realm b credentials - String password = "ECILA"; - - final String bodyTextContent = - login(url, user, password, idpSamlSSOHttpsPort, idpHttpsPort, true); - - Assert.assertTrue("Principal not alice", - bodyTextContent.contains("userPrincipal=alice")); - Assert.assertTrue("User " + user + " does not have role Admin", - bodyTextContent.contains("role:Admin=false")); - Assert.assertTrue("User " + user + " does not have role Manager", - bodyTextContent.contains("role:Manager=false")); - Assert.assertTrue("User " + user + " must have role User", - bodyTextContent.contains("role:User=true")); - - String claim = ClaimTypes.FIRSTNAME.toString(); - Assert.assertTrue("User " + user + " claim " + claim + " is not 'Alice'", - bodyTextContent.contains(claim + "=Alice")); - claim = ClaimTypes.LASTNAME.toString(); - Assert.assertTrue("User " + user + " claim " + claim + " is not 'Smith'", - bodyTextContent.contains(claim + "=Smith")); - claim = ClaimTypes.EMAILADDRESS.toString(); - Assert.assertTrue("User " + user + " claim " + claim + " is not '[email protected]'", - bodyTextContent.contains(claim + "[email protected]")); - } - - @Test - public void testIdPServiceMetadata() throws Exception { - String url = "https://localhost:"; + getIdpHttpsPort() - + "/fediz-idp/metadata/urn:org:apache:cxf:fediz:idp:realm-B"; - - final WebClient webClient = new WebClient(); - webClient.getOptions().setUseInsecureSSL(true); - webClient.getOptions().setSSLClientCertificate( - this.getClass().getClassLoader().getResource("client.jks"), "storepass", "jks"); - - final XmlPage rpPage = webClient.getPage(url); - final String xmlContent = rpPage.asXml(); - Assert.assertTrue(xmlContent.startsWith("<md:EntityDescriptor")); - - // Now validate the Signature - Document doc = rpPage.getXmlDocument(); - - doc.getDocumentElement().setIdAttributeNS(null, "ID", true); - - Node signatureNode = - DOMUtils.getChild(doc.getDocumentElement(), "Signature"); - Assert.assertNotNull(signatureNode); - - XMLSignature signature = new XMLSignature((Element)signatureNode, ""); - KeyInfo ki = signature.getKeyInfo(); - Assert.assertNotNull(ki); - Assert.assertNotNull(ki.getX509Certificate()); - - Assert.assertTrue(signature.checkSignatureValue(ki.getX509Certificate())); - - webClient.close(); - } - - @org.junit.Test - public void testSAMLSSOFedizIdP() throws Exception { - String url = "https://localhost:"; + getRpHttpsPort() + "/fedizhelloworld3/secure/fedservlet"; - // System.out.println(url); - // Thread.sleep(60 * 2 * 1000); - String user = "ALICE"; // realm b credentials - String password = "ECILA"; - - final String bodyTextContent = - login(url, user, password, getIdpRealmbHttpsPort(), getIdpHttpsPort(), true); - - Assert.assertTrue("Principal not alice", - bodyTextContent.contains("userPrincipal=alice")); - Assert.assertTrue("User " + user + " does not have role Admin", - bodyTextContent.contains("role:Admin=false")); - Assert.assertTrue("User " + user + " does not have role Manager", - bodyTextContent.contains("role:Manager=false")); - Assert.assertTrue("User " + user + " must have role User", - bodyTextContent.contains("role:User=true")); - - String claim = ClaimTypes.FIRSTNAME.toString(); - Assert.assertTrue("User " + user + " claim " + claim + " is not 'Alice'", - bodyTextContent.contains(claim + "=Alice")); - claim = ClaimTypes.LASTNAME.toString(); - Assert.assertTrue("User " + user + " claim " + claim + " is not 'Smith'", - bodyTextContent.contains(claim + "=Smith")); - claim = ClaimTypes.EMAILADDRESS.toString(); - Assert.assertTrue("User " + user + " claim " + claim + " is not '[email protected]'", - bodyTextContent.contains(claim + "[email protected]")); - } - - private static String login(String url, String user, String password, - String idpPort, String rpIdpPort, boolean postBinding) throws IOException { - // - // Access the RP + get redirected to the IdP for "realm a". Then get redirected to the IdP for - // "realm b". - // - final WebClient webClient = new WebClient(); - CookieManager cookieManager = new CookieManager(); - webClient.setCookieManager(cookieManager); - webClient.getOptions().setUseInsecureSSL(true); - webClient.getCredentialsProvider().setCredentials( - new AuthScope("localhost", Integer.parseInt(idpPort)), - new UsernamePasswordCredentials(user, password)); - - webClient.getOptions().setJavaScriptEnabled(false); - HtmlPage idpPage = webClient.getPage(url); - - if (postBinding) { - Assert.assertTrue("SAML IDP Response Form".equals(idpPage.getTitleText()) - || "IDP SignIn Response Form".equals(idpPage.getTitleText())); - for (HtmlForm form : idpPage.getForms()) { - String name = form.getAttributeNS(null, "name"); - if ("signinresponseform".equals(name) || "samlsigninresponseform".equals(name)) { - final HtmlSubmitInput button = form.getInputByName("_eventId_submit"); - idpPage = button.click(); - } - } - } - - Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText()); - - // Now redirect back to the RP - final HtmlForm form = idpPage.getFormByName("signinresponseform"); - - final HtmlSubmitInput button = form.getInputByName("_eventId_submit"); - - final HtmlPage rpPage = button.click(); - Assert.assertEquals("WS Federation Systests Examples", rpPage.getTitleText()); - - webClient.close(); - return rpPage.getBody().getTextContent(); - } - -} http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6fef44bb/systests/federation/samlsso/src/test/resources/entities-realma.xml ---------------------------------------------------------------------- diff --git a/systests/federation/samlsso/src/test/resources/entities-realma.xml b/systests/federation/samlsso/src/test/resources/entities-realma.xml deleted file mode 100644 index d6965d0..0000000 --- a/systests/federation/samlsso/src/test/resources/entities-realma.xml +++ /dev/null @@ -1,518 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. ---> -<beans xmlns="http://www.springframework.org/schema/beans"; - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; - xmlns:util="http://www.springframework.org/schema/util"; - xsi:schemaLocation=" - http://www.springframework.org/schema/beans - http://www.springframework.org/schema/beans/spring-beans-3.1.xsd - http://www.springframework.org/schema/util - http://www.springframework.org/schema/util/spring-util-2.0.xsd";> - - <bean id="idp-realmA" class="org.apache.cxf.fediz.service.idp.service.jpa.IdpEntity"> - <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-A" /> - <property name="uri" value="realma" /> - <property name="provideIdpList" value="true" /> - <property name="useCurrentIdp" value="true" /> - <property name="certificate" value="stsKeystoreA.properties" /> - <property name="certificatePassword" value="realma" /> - <property name="stsUrl" value="https://localhost:${idp.https.port}/fediz-idp-sts/REALMA"; /> - <property name="idpUrl" value="https://localhost:${idp.https.port}/fediz-idp/federation"; /> - <property name="rpSingleSignOutConfirmation" value="true"/> - <property name="supportedProtocols"> - <util:list> - <value>http://docs.oasis-open.org/wsfed/federation/200706 - </value> - <value>http://docs.oasis-open.org/ws-sx/ws-trust/200512 - </value> - </util:list> - </property> - <property name="tokenTypesOffered"> - <util:list> - <value>urn:oasis:names:tc:SAML:1.0:assertion</value> - <value>urn:oasis:names:tc:SAML:2.0:assertion</value> - </util:list> - </property> - <property name="authenticationURIs"> - <util:map> - <entry key="default" value="federation/up" /> - <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/SslAndKey"; - value="federation/krb" /> - <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/default"; - value="federation/up" /> - <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/Ssl"; - value="federation/clientcert" /> - </util:map> - </property> - <property name="serviceDisplayName" value="REALM A" /> - <property name="serviceDescription" value="IDP of Realm A" /> - <property name="applications"> - <util:list> - <ref bean="srv-fedizhelloworld" /> - </util:list> - </property> - <property name="trustedIdps"> - <util:list> - <ref bean="trusted-idp-realmB" /> - <ref bean="trusted-idp-realmC" /> - <ref bean="trusted-idp-realmD" /> - </util:list> - </property> - <property name="claimTypesOffered"> - <util:list> - <ref bean="claim_role" /> - <ref bean="claim_surname" /> - <ref bean="claim_givenname" /> - <ref bean="claim_email" /> - </util:list> - </property> - </bean> - - <bean id="trusted-idp-realmB" - class="org.apache.cxf.fediz.service.idp.service.jpa.TrustedIdpEntity"> - <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-B" /> - <property name="cacheTokens" value="true" /> - <property name="url" value="https://localhost:${idp.samlsso.https.port}/idp/samlsso?binding=REDIRECT"; /> - <property name="certificate" value="realmb.cert" /> - <property name="trustType" value="PEER_TRUST" /> - <property name="protocol" value="urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser" /> - <property name="federationType" value="FEDERATE_IDENTITY" /> - <property name="name" value="Realm B" /> - <property name="description" value="Realm B description" /> - <property name="parameters"> - <util:map> - <entry key="sign.request" value="true" /> - <entry key="support.deflate.encoding" value="true" /> - </util:map> - </property> - </bean> - - <bean id="trusted-idp-realmC" - class="org.apache.cxf.fediz.service.idp.service.jpa.TrustedIdpEntity"> - <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-C" /> - <property name="cacheTokens" value="true" /> - <property name="url" value="https://localhost:${idp.samlsso.https.port}/idp/samlsso"; /> - <property name="certificate" value="realmb.cert" /> - <property name="trustType" value="PEER_TRUST" /> - <property name="protocol" value="urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser" /> - <property name="federationType" value="FEDERATE_IDENTITY" /> - <property name="name" value="Realm C" /> - <property name="description" value="SAML Web Profile - Response POST Binding" /> - <property name="parameters"> - <util:map> - <entry key="sign.request" value="true" /> - </util:map> - </property> - </bean> - - <bean id="trusted-idp-realmD" - class="org.apache.cxf.fediz.service.idp.service.jpa.TrustedIdpEntity"> - <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-D" /> - <property name="issuer" value="urn:org:apache:cxf:fediz:idp:realm-B" /> - <property name="cacheTokens" value="true" /> - <property name="url" value="https://localhost:${idp.realmb.https.port}/fediz-idp-realmb/saml/up"; /> - <property name="certificate" value="realmb.cert" /> - <property name="trustType" value="PEER_TRUST" /> - <property name="protocol" value="urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser" /> - <property name="federationType" value="FEDERATE_IDENTITY" /> - <property name="name" value="Realm B" /> - <property name="description" value="Realm B description" /> - <property name="parameters"> - <util:map> - <entry key="sign.request" value="true" /> - </util:map> - </property> - </bean> - - <bean id="srv-fedizhelloworld" class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationEntity"> - <property name="realm" value="urn:org:apache:cxf:fediz:fedizhelloworld" /> - <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706"; /> - <property name="serviceDisplayName" value="Fedizhelloworld" /> - <property name="serviceDescription" value="Web Application to illustrate WS-Federation" /> - <property name="role" value="ApplicationServiceType" /> - <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"; /> - <property name="lifeTime" value="3600" /> - <property name="passiveRequestorEndpointConstraint" - value="https://localhost:(\d)*/(\w)*helloworld.*/secure/.*" /> - </bean> - - <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity"> - <property name="application" ref="srv-fedizhelloworld" /> - <property name="claim" ref="claim_role" /> - <property name="optional" value="false" /> - </bean> - <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity"> - <property name="application" ref="srv-fedizhelloworld" /> - <property name="claim" ref="claim_givenname" /> - <property name="optional" value="false" /> - </bean> - <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity"> - <property name="application" ref="srv-fedizhelloworld" /> - <property name="claim" ref="claim_surname" /> - <property name="optional" value="false" /> - </bean> - <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity"> - <property name="application" ref="srv-fedizhelloworld" /> - <property name="claim" ref="claim_email" /> - <property name="optional" value="false" /> - </bean> - - <bean id="claim_role" - class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity"> - <property name="claimType" - value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; /> - <property name="displayName" - value="role" /> - <property name="description" - value="Description for role" /> - </bean> - <bean id="claim_givenname" - class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity"> - <property name="claimType" - value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; /> - <property name="displayName" - value="firstname" /> - <property name="description" - value="Description for firstname" /> - </bean> - <bean id="claim_surname" - class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity"> - <property name="claimType" - value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"; /> - <property name="displayName" - value="lastname" /> - <property name="description" - value="Description for lastname" /> - </bean> - <bean id="claim_email" - class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity"> - <property name="claimType" - value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; /> - <property name="displayName" - value="email" /> - <property name="description" - value="Description for email" /> - </bean> - - - <bean id="entitlement_claim_list" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="CLAIM_LIST" /> - <property name="description" - value="Description for CLAIM_LIST" /> - </bean> - <bean id="entitlement_claim_create" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="CLAIM_CREATE" /> - <property name="description" - value="Description for CLAIM_CREATE" /> - </bean> - <bean id="entitlement_claim_read" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="CLAIM_READ" /> - <property name="description" - value="Description for CLAIM_READ" /> - </bean> - <bean id="entitlement_claim_update" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="CLAIM_UPDATE" /> - <property name="description" - value="Description for CLAIM_UPDATE" /> - </bean> - <bean id="entitlement_claim_delete" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="CLAIM_DELETE" /> - <property name="description" - value="Description for CLAIM_DELETE" /> - </bean> - - <bean id="entitlement_application_list" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="APPLICATION_LIST" /> - <property name="description" - value="Description for APPLICATION_LIST" /> - </bean> - <bean id="entitlement_application_create" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="APPLICATION_CREATE" /> - <property name="description" - value="Description for APPLICATION_CREATE" /> - </bean> - <bean id="entitlement_application_read" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="APPLICATION_READ" /> - <property name="description" - value="Description for APPLICATION_READ" /> - </bean> - <bean id="entitlement_application_update" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="APPLICATION_UPDATE" /> - <property name="description" - value="Description for APPLICATION_UPDATE" /> - </bean> - <bean id="entitlement_application_delete" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="APPLICATION_DELETE" /> - <property name="description" - value="Description for APPLICATION_DELETE" /> - </bean> - - <bean id="entitlement_trustedidp_list" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="TRUSTEDIDP_LIST" /> - <property name="description" - value="Description for TRUSTEDIDP_LIST" /> - </bean> - <bean id="entitlement_trustedidp_create" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="TRUSTEDIDP_CREATE" /> - <property name="description" - value="Description for TRUSTEDIDP_CREATE" /> - </bean> - <bean id="entitlement_trustedidp_read" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="TRUSTEDIDP_READ" /> - <property name="description" - value="Description for TRUSTEDIDP_READ" /> - </bean> - <bean id="entitlement_trustedidp_update" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="TRUSTEDIDP_UPDATE" /> - <property name="description" - value="Description for TRUSTEDIDP_UPDATE" /> - </bean> - <bean id="entitlement_trustedidp_delete" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="TRUSTEDIDP_DELETE" /> - <property name="description" - value="Description for TRUSTEDIDP_DELETE" /> - </bean> - - <bean id="entitlement_idp_list" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="IDP_LIST" /> - <property name="description" - value="Description for IDP_LIST" /> - </bean> - <bean id="entitlement_idp_create" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="IDP_CREATE" /> - <property name="description" - value="Description for IDP_CREATE" /> - </bean> - <bean id="entitlement_idp_read" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="IDP_READ" /> - <property name="description" - value="Description for IDP_READ" /> - </bean> - <bean id="entitlement_idp_update" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="IDP_UPDATE" /> - <property name="description" - value="Description for IDP_UPDATE" /> - </bean> - <bean id="entitlement_idp_delete" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="IDP_DELETE" /> - <property name="description" - value="Description for IDP_DELETE" /> - </bean> - - <bean id="entitlement_role_list" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="ROLE_LIST" /> - <property name="description" - value="Description for ROLE_LIST" /> - </bean> - <bean id="entitlement_role_create" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="ROLE_CREATE" /> - <property name="description" - value="Description for ROLE_CREATE" /> - </bean> - <bean id="entitlement_role_read" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="ROLE_READ" /> - <property name="description" - value="Description for ROLE_READ" /> - </bean> - <bean id="entitlement_role_update" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="ROLE_UPDATE" /> - <property name="description" - value="Description for ROLE_UPDATE" /> - </bean> - <bean id="entitlement_role_delete" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="ROLE_DELETE" /> - <property name="description" - value="Description for ROLE_DELETE" /> - </bean> - - <bean id="entitlement_entitlement_list" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="ENTITLEMENT_LIST" /> - <property name="description" - value="Description for ENTITLEMENT_LIST" /> - </bean> - <bean id="entitlement_entitlement_create" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="ENTITLEMENT_CREATE" /> - <property name="description" - value="Description for ENTITLEMENT_CREATE" /> - </bean> - <bean id="entitlement_entitlement_read" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="ENTITLEMENT_READ" /> - <property name="description" - value="Description for ENTITLEMENT_READ" /> - </bean> - <bean id="entitlement_entitlement_update" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="ENTITLEMENT_UPDATE" /> - <property name="description" - value="Description for ENTITLEMENT_UPDATE" /> - </bean> - <bean id="entitlement_entitlement_delete" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="ENTITLEMENT_DELETE" /> - <property name="description" - value="Description for ENTITLEMENT_DELETE" /> - </bean> - - <bean id="role_admin" - class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity"> - <property name="name" - value="ADMIN" /> - <property name="description" - value="This is the administrator role with full access" /> - <property name="entitlements"> - <util:list> - <ref bean="entitlement_claim_list" /> - <ref bean="entitlement_claim_create" /> - <ref bean="entitlement_claim_read" /> - <ref bean="entitlement_claim_update" /> - <ref bean="entitlement_claim_delete" /> - <ref bean="entitlement_idp_list" /> - <ref bean="entitlement_idp_create" /> - <ref bean="entitlement_idp_read" /> - <ref bean="entitlement_idp_update" /> - <ref bean="entitlement_idp_delete" /> - <ref bean="entitlement_trustedidp_list" /> - <ref bean="entitlement_trustedidp_create" /> - <ref bean="entitlement_trustedidp_read" /> - <ref bean="entitlement_trustedidp_update" /> - <ref bean="entitlement_trustedidp_delete" /> - <ref bean="entitlement_application_list" /> - <ref bean="entitlement_application_create" /> - <ref bean="entitlement_application_read" /> - <ref bean="entitlement_application_update" /> - <ref bean="entitlement_application_delete" /> - <ref bean="entitlement_role_list" /> - <ref bean="entitlement_role_create" /> - <ref bean="entitlement_role_read" /> - <ref bean="entitlement_role_update" /> - <ref bean="entitlement_role_delete" /> - <ref bean="entitlement_entitlement_list" /> - <ref bean="entitlement_entitlement_create" /> - <ref bean="entitlement_entitlement_read" /> - <ref bean="entitlement_entitlement_update" /> - <ref bean="entitlement_entitlement_delete" /> - </util:list> - </property> - </bean> - <bean id="role_user" - class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity"> - <property name="name" - value="USER" /> - <property name="description" - value="This is the user role with read access" /> - <property name="entitlements"> - <util:list> - <ref bean="entitlement_claim_list" /> - <ref bean="entitlement_claim_read" /> - <ref bean="entitlement_idp_list" /> - <ref bean="entitlement_idp_read" /> - <ref bean="entitlement_trustedidp_list" /> - <ref bean="entitlement_trustedidp_read" /> - <ref bean="entitlement_application_list" /> - <ref bean="entitlement_application_read" /> - <ref bean="entitlement_role_list" /> - <ref bean="entitlement_role_read" /> - <ref bean="entitlement_entitlement_list" /> - <ref bean="entitlement_entitlement_read" /> - </util:list> - </property> - </bean> - <bean id="role_idp_login" - class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity"> - <property name="name" - value="IDP_LOGIN" /> - <property name="description" - value="This is the IDP login role which is applied to Users during the IDP SSO" /> - <property name="entitlements"> - <util:list> - <ref bean="entitlement_claim_list" /> - <ref bean="entitlement_claim_read" /> - <ref bean="entitlement_idp_list" /> - <ref bean="entitlement_idp_read" /> - <ref bean="entitlement_trustedidp_list" /> - <ref bean="entitlement_trustedidp_read" /> - <ref bean="entitlement_application_list" /> - <ref bean="entitlement_application_read" /> - </util:list> - </property> - </bean> - - - -</beans> - http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6fef44bb/systests/federation/samlsso/src/test/resources/fediz_config_saml_sso.xml ---------------------------------------------------------------------- diff --git a/systests/federation/samlsso/src/test/resources/fediz_config_saml_sso.xml b/systests/federation/samlsso/src/test/resources/fediz_config_saml_sso.xml deleted file mode 100644 index 5109172..0000000 --- a/systests/federation/samlsso/src/test/resources/fediz_config_saml_sso.xml +++ /dev/null @@ -1,116 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. ---> -<!-- Place in Tomcat conf folder or other location as designated in this sample's webapp/META-INF/context.xml file. - Keystore referenced below must have IDP STS' public cert included in it. This example re-uses the Tomcat SSL - keystore (tomcat-rp.jks) for this task; alternatively you may wish to use a Fediz-specific keystore instead. ---> -<FedizConfig> - <contextConfig name="/fedizhelloworld"> - <audienceUris> - <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem> - </audienceUris> - <certificateStores> - <trustManager> - <keyStore file="test-classes/clienttrust.jks" - password="storepass" type="JKS" /> - </trustManager> - </certificateStores> - <trustedIssuers> - <issuer certificateValidation="PeerTrust" /> - </trustedIssuers> - <maximumClockSkew>1000</maximumClockSkew> - <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; - xsi:type="federationProtocolType" version="1.0.0"> - <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm> - <issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer> - <roleDelimiter>,</roleDelimiter> - <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI> - <freshness>10</freshness> - <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-B</homeRealm> - <claimTypesRequested> - <claimType type="a particular claim type" - optional="true" /> - </claimTypesRequested> - </protocol> - <logoutURL>/secure/logout</logoutURL> - <logoutRedirectTo>/index.html</logoutRedirectTo> - </contextConfig> - <contextConfig name="/fedizhelloworld-post-binding"> - <audienceUris> - <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem> - </audienceUris> - <certificateStores> - <trustManager> - <keyStore file="test-classes/clienttrust.jks" - password="storepass" type="JKS" /> - </trustManager> - </certificateStores> - <trustedIssuers> - <issuer certificateValidation="PeerTrust" /> - </trustedIssuers> - <maximumClockSkew>1000</maximumClockSkew> - <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; - xsi:type="federationProtocolType" version="1.0.0"> - <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm> - <issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer> - <roleDelimiter>,</roleDelimiter> - <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI> - <freshness>10</freshness> - <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-C</homeRealm> - <claimTypesRequested> - <claimType type="a particular claim type" - optional="true" /> - </claimTypesRequested> - </protocol> - <logoutURL>/secure/logout</logoutURL> - <logoutRedirectTo>/index.html</logoutRedirectTo> - </contextConfig> - <contextConfig name="/fedizhelloworld3"> - <audienceUris> - <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem> - </audienceUris> - <certificateStores> - <trustManager> - <keyStore file="test-classes/clienttrust.jks" - password="storepass" type="JKS" /> - </trustManager> - </certificateStores> - <trustedIssuers> - <issuer certificateValidation="PeerTrust" /> - </trustedIssuers> - <maximumClockSkew>1000</maximumClockSkew> - <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; - xsi:type="federationProtocolType" version="1.0.0"> - <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm> - <issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer> - <roleDelimiter>,</roleDelimiter> - <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI> - <freshness>10</freshness> - <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-D</homeRealm> - <claimTypesRequested> - <claimType type="a particular claim type" - optional="true" /> - </claimTypesRequested> - </protocol> - <logoutURL>/secure/logout</logoutURL> - <logoutRedirectTo>/index.html</logoutRedirectTo> - </contextConfig> -</FedizConfig> - http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6fef44bb/systests/federation/samlsso/src/test/resources/realmb/entities-realmb.xml ---------------------------------------------------------------------- diff --git a/systests/federation/samlsso/src/test/resources/realmb/entities-realmb.xml b/systests/federation/samlsso/src/test/resources/realmb/entities-realmb.xml deleted file mode 100644 index 9984af1..0000000 --- a/systests/federation/samlsso/src/test/resources/realmb/entities-realmb.xml +++ /dev/null @@ -1,423 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. ---> -<beans xmlns="http://www.springframework.org/schema/beans"; - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; - xmlns:util="http://www.springframework.org/schema/util"; - xsi:schemaLocation=" - http://www.springframework.org/schema/beans - http://www.springframework.org/schema/beans/spring-beans-3.1.xsd - http://www.springframework.org/schema/util - http://www.springframework.org/schema/util/spring-util-2.0.xsd";> - - <bean id="idp-realmB" class="org.apache.cxf.fediz.service.idp.service.jpa.IdpEntity"> - <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-B" /> - <property name="uri" value="realmb" /> - <property name="provideIdpList" value="false" /> - <property name="useCurrentIdp" value="true" /> - <property name="certificate" value="stsKeystoreB.properties" /> - <property name="certificatePassword" value="realmb" /> - <property name="stsUrl" value="https://localhost:${idp.realmb.https.port}/fediz-idp-sts-realmb/REALMB"; /> - <property name="idpUrl" value="https://localhost:${idp.realmb.https.port}/fediz-idp-realmb/saml"; /> - <property name="supportedProtocols"> - <util:list> - <value>urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser - </value> - <value>http://docs.oasis-open.org/ws-sx/ws-trust/200512 - </value> - </util:list> - </property> - <property name="tokenTypesOffered"> - <util:list> - <value>urn:oasis:names:tc:SAML:1.0:assertion</value> - <value>urn:oasis:names:tc:SAML:2.0:assertion</value> - </util:list> - </property> - <property name="authenticationURIs"> - <util:map> - <entry key="default" value="saml/up" /> - </util:map> - </property> - <property name="serviceDisplayName" value="REALM B" /> - <property name="serviceDescription" value="IDP of Realm B" /> - <property name="applications"> - <util:list> - <ref bean="idp-realmA" /> - </util:list> - </property> - <property name="claimTypesOffered"> - <util:list> - <ref bean="claim_role" /> - <ref bean="claim_surname" /> - <ref bean="claim_givenname" /> - <ref bean="claim_email" /> - </util:list> - </property> - </bean> - - <bean id="idp-realmA" class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationEntity"> - <property name="realm" value="urn:org:apache:cxf:fediz:idp:realm-A" /> - <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706"; /> - <property name="serviceDisplayName" value="Resource IDP Realm A" /> - <property name="serviceDescription" value="Resource IDP Realm A" /> - <property name="role" value="SecurityTokenServiceType" /> - <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"; /> - <property name="lifeTime" value="3600" /> - <property name="validatingCertificate" value="realma.cert" /> - </bean> - - <bean id="claim_role" - class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity"> - <property name="claimType" - value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; /> - <property name="displayName" - value="role" /> - <property name="description" - value="Description for role" /> - </bean> - <bean id="claim_givenname" - class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity"> - <property name="claimType" - value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; /> - <property name="displayName" - value="firstname" /> - <property name="description" - value="Description for firstname" /> - </bean> - <bean id="claim_surname" - class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity"> - <property name="claimType" - value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"; /> - <property name="displayName" - value="lastname" /> - <property name="description" - value="Description for lastname" /> - </bean> - <bean id="claim_email" - class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity"> - <property name="claimType" - value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; /> - <property name="displayName" - value="email" /> - <property name="description" - value="Description for email" /> - </bean> - - <bean id="entitlement_claim_list" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="CLAIM_LIST" /> - <property name="description" - value="Description for CLAIM_LIST" /> - </bean> - <bean id="entitlement_claim_create" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="CLAIM_CREATE" /> - <property name="description" - value="Description for CLAIM_CREATE" /> - </bean> - <bean id="entitlement_claim_read" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="CLAIM_READ" /> - <property name="description" - value="Description for CLAIM_READ" /> - </bean> - <bean id="entitlement_claim_update" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="CLAIM_UPDATE" /> - <property name="description" - value="Description for CLAIM_UPDATE" /> - </bean> - <bean id="entitlement_claim_delete" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="CLAIM_DELETE" /> - <property name="description" - value="Description for CLAIM_DELETE" /> - </bean> - - <bean id="entitlement_application_list" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="APPLICATION_LIST" /> - <property name="description" - value="Description for APPLICATION_LIST" /> - </bean> - <bean id="entitlement_application_create" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="APPLICATION_CREATE" /> - <property name="description" - value="Description for APPLICATION_CREATE" /> - </bean> - <bean id="entitlement_application_read" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="APPLICATION_READ" /> - <property name="description" - value="Description for APPLICATION_READ" /> - </bean> - <bean id="entitlement_application_update" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="APPLICATION_UPDATE" /> - <property name="description" - value="Description for APPLICATION_UPDATE" /> - </bean> - <bean id="entitlement_application_delete" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="APPLICATION_DELETE" /> - <property name="description" - value="Description for APPLICATION_DELETE" /> - </bean> - - <bean id="entitlement_trustedidp_list" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="TRUSTEDIDP_LIST" /> - <property name="description" - value="Description for TRUSTEDIDP_LIST" /> - </bean> - <bean id="entitlement_trustedidp_create" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="TRUSTEDIDP_CREATE" /> - <property name="description" - value="Description for TRUSTEDIDP_CREATE" /> - </bean> - <bean id="entitlement_trustedidp_read" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="TRUSTEDIDP_READ" /> - <property name="description" - value="Description for TRUSTEDIDP_READ" /> - </bean> - <bean id="entitlement_trustedidp_update" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="TRUSTEDIDP_UPDATE" /> - <property name="description" - value="Description for TRUSTEDIDP_UPDATE" /> - </bean> - <bean id="entitlement_trustedidp_delete" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="TRUSTEDIDP_DELETE" /> - <property name="description" - value="Description for TRUSTEDIDP_DELETE" /> - </bean> - - <bean id="entitlement_idp_list" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="IDP_LIST" /> - <property name="description" - value="Description for IDP_LIST" /> - </bean> - <bean id="entitlement_idp_create" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="IDP_CREATE" /> - <property name="description" - value="Description for IDP_CREATE" /> - </bean> - <bean id="entitlement_idp_read" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="IDP_READ" /> - <property name="description" - value="Description for IDP_READ" /> - </bean> - <bean id="entitlement_idp_update" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="IDP_UPDATE" /> - <property name="description" - value="Description for IDP_UPDATE" /> - </bean> - <bean id="entitlement_idp_delete" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="IDP_DELETE" /> - <property name="description" - value="Description for IDP_DELETE" /> - </bean> - - <bean id="entitlement_role_list" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="ROLE_LIST" /> - <property name="description" - value="Description for ROLE_LIST" /> - </bean> - <bean id="entitlement_role_create" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="ROLE_CREATE" /> - <property name="description" - value="Description for ROLE_CREATE" /> - </bean> - <bean id="entitlement_role_read" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="ROLE_READ" /> - <property name="description" - value="Description for ROLE_READ" /> - </bean> - <bean id="entitlement_role_update" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="ROLE_UPDATE" /> - <property name="description" - value="Description for ROLE_UPDATE" /> - </bean> - <bean id="entitlement_role_delete" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="ROLE_DELETE" /> - <property name="description" - value="Description for ROLE_DELETE" /> - </bean> - - <bean id="entitlement_entitlement_list" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="ENTITLEMENT_LIST" /> - <property name="description" - value="Description for ENTITLEMENT_LIST" /> - </bean> - <bean id="entitlement_entitlement_create" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="ENTITLEMENT_CREATE" /> - <property name="description" - value="Description for ENTITLEMENT_CREATE" /> - </bean> - <bean id="entitlement_entitlement_read" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="ENTITLEMENT_READ" /> - <property name="description" - value="Description for ENTITLEMENT_READ" /> - </bean> - <bean id="entitlement_entitlement_update" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="ENTITLEMENT_UPDATE" /> - <property name="description" - value="Description for ENTITLEMENT_UPDATE" /> - </bean> - <bean id="entitlement_entitlement_delete" - class="org.apache.cxf.fediz.service.idp.service.jpa.EntitlementEntity"> - <property name="name" - value="ENTITLEMENT_DELETE" /> - <property name="description" - value="Description for ENTITLEMENT_DELETE" /> - </bean> - - <bean id="role_admin" - class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity"> - <property name="name" - value="ADMIN" /> - <property name="description" - value="This is the administrator role with full access" /> - <property name="entitlements"> - <util:list> - <ref bean="entitlement_claim_list" /> - <ref bean="entitlement_claim_create" /> - <ref bean="entitlement_claim_read" /> - <ref bean="entitlement_claim_update" /> - <ref bean="entitlement_claim_delete" /> - <ref bean="entitlement_idp_list" /> - <ref bean="entitlement_idp_create" /> - <ref bean="entitlement_idp_read" /> - <ref bean="entitlement_idp_update" /> - <ref bean="entitlement_idp_delete" /> - <ref bean="entitlement_trustedidp_list" /> - <ref bean="entitlement_trustedidp_create" /> - <ref bean="entitlement_trustedidp_read" /> - <ref bean="entitlement_trustedidp_update" /> - <ref bean="entitlement_trustedidp_delete" /> - <ref bean="entitlement_application_list" /> - <ref bean="entitlement_application_create" /> - <ref bean="entitlement_application_read" /> - <ref bean="entitlement_application_update" /> - <ref bean="entitlement_application_delete" /> - <ref bean="entitlement_role_list" /> - <ref bean="entitlement_role_create" /> - <ref bean="entitlement_role_read" /> - <ref bean="entitlement_role_update" /> - <ref bean="entitlement_role_delete" /> - <ref bean="entitlement_entitlement_list" /> - <ref bean="entitlement_entitlement_create" /> - <ref bean="entitlement_entitlement_read" /> - <ref bean="entitlement_entitlement_update" /> - <ref bean="entitlement_entitlement_delete" /> - </util:list> - </property> - </bean> - <bean id="role_user" - class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity"> - <property name="name" - value="USER" /> - <property name="description" - value="This is the user role with read access" /> - <property name="entitlements"> - <util:list> - <ref bean="entitlement_claim_list" /> - <ref bean="entitlement_claim_read" /> - <ref bean="entitlement_idp_list" /> - <ref bean="entitlement_idp_read" /> - <ref bean="entitlement_trustedidp_list" /> - <ref bean="entitlement_trustedidp_read" /> - <ref bean="entitlement_application_list" /> - <ref bean="entitlement_application_read" /> - <ref bean="entitlement_role_list" /> - <ref bean="entitlement_role_read" /> - <ref bean="entitlement_entitlement_list" /> - <ref bean="entitlement_entitlement_read" /> - </util:list> - </property> - </bean> - <bean id="role_idp_login" - class="org.apache.cxf.fediz.service.idp.service.jpa.RoleEntity"> - <property name="name" - value="IDP_LOGIN" /> - <property name="description" - value="This is the IDP login role which is applied to Users during the IDP SSO" /> - <property name="entitlements"> - <util:list> - <ref bean="entitlement_claim_list" /> - <ref bean="entitlement_claim_read" /> - <ref bean="entitlement_idp_list" /> - <ref bean="entitlement_idp_read" /> - <ref bean="entitlement_trustedidp_list" /> - <ref bean="entitlement_trustedidp_read" /> - <ref bean="entitlement_application_list" /> - <ref bean="entitlement_application_read" /> - </util:list> - </property> - </bean> - -</beans> -
