Glen Mazza created CXF-4344:
-------------------------------
Summary: Provide simplifications and shortcuts in CXF STS
configuration
Key: CXF-4344
URL: https://issues.apache.org/jira/browse/CXF-4344
Project: CXF
Issue Type: Improvement
Affects Versions: 2.6
Reporter: Glen Mazza
Priority: Minor
Fix For: 2.6.1
Presently STS configuration in the cxf-servlet.xml file is a bit verbose[1],
especially if one is planning on configuring multiple STS endpoints within the
same file. I would like to see configuration simplified a bit for those
wishing to remain with default/common settings. In particular:
1.) In any SecurityTokenServiceProvider instantiation, default the values of
issueOperation and validateOperation to
org.apache.cxf.sts.operation.TokenIssueOperation and
org.apache.cxf.sts.operation.TokenValidateOperation if not explicitly specified
(same for the other operations). If concerned about hardwiring constant classes
in such a manner, create a DefaultSecurityTokenServiceProvider with these
defaults that people can use instead.
2.) Provide properties "stsProperties" and "services" for the
SecurityTokenServiceProvider (perhaps other properties defined
in AbstractOperation) that will be the default for AbstractOperation subclasses
like TokenIssueOperation and TokenValidateOperation unless explicitly defined
as done presently.
3.) For TokenIssueOperation and TokenValidateOperation, default the values of
tokenProviders and tokenValidators to SAMLTokenProvider and SAMLTokenValidator
unless explicitly defined as done presently.
Such shortcuts will allow configuration to simplified from this:
<bean id="x509STSProviderBean"
class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider">
<property name="issueOperation" ref="x509IssueDelegate" />
<property name="validateOperation" ref="x509ValidateDelegate" />
</bean>
<bean id="x509IssueDelegate"
class="org.apache.cxf.sts.operation.TokenIssueOperation">
<property name="tokenProviders" ref="x509SamlTokenProvider" />
<property name="services" ref="x509Service" />
<property name="stsProperties" ref="x509STSProperties" />
</bean>
<bean id="x509ValidateDelegate"
class="org.apache.cxf.sts.operation.TokenValidateOperation">
<property name="tokenValidators" ref="x509SamlTokenValidator" />
<property name="stsProperties" ref="x509STSProperties" />
</bean>
<bean id="x509SamlTokenProvider"
class="org.apache.cxf.sts.token.provider.SAMLTokenProvider"/>
<bean id="x509SamlTokenValidator"
class="org.apache.cxf.sts.token.validator.SAMLTokenValidator"/>
to this:
<bean id="x509STSProviderBean"
class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider">
<property name="services" ref="x509Service" />
<property name="stsProperties" ref="x509STSProperties" />
</bean>
These changes can probably all be done in a backwards-compatible manner so it
wouldn't be necessary to wait for CXF 2.7 before implementing.
[1]
http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/sts/src/demo/wssec/sts/wssec-sts.xml?revision=1190520&view=markup
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
