cxf git commit: Removing unused forms from the bigquery demo
Repository: cxf Updated Branches: refs/heads/master 2fe88ec15 - 75115ee15 Removing unused forms from the bigquery demo Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/75115ee1 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/75115ee1 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/75115ee1 Branch: refs/heads/master Commit: 75115ee15740b33c5cc09b1f4b79fc4a54e4611c Parents: 2fe88ec Author: Sergey Beryozkin sberyoz...@talend.com Authored: Thu Jul 16 11:32:27 2015 +0300 Committer: Sergey Beryozkin sberyoz...@talend.com Committed: Thu Jul 16 11:32:27 2015 +0300 -- .../src/main/webapp/googlePlusSignIn.html | 22 .../src/main/webapp/googlePlusSignInFlow.html | 59 2 files changed, 81 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/75115ee1/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/googlePlusSignIn.html -- diff --git a/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/googlePlusSignIn.html b/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/googlePlusSignIn.html deleted file mode 100644 index 59db61a..000 --- a/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/googlePlusSignIn.html +++ /dev/null @@ -1,22 +0,0 @@ -html lang=en - head -meta name=google-signin-scope content=profile email -meta name=google-signin-client_id content=${client_id} -script src=https://apis.google.com/js/platform.js; async defer/script - /head - body -div class=g-signin2 data-onsuccess=onSignIn data-theme=dark/div -script - function onSignIn(googleUser) { -var id_token = googleUser.getAuthResponse().id_token; -var xhr = new XMLHttpRequest(); -xhr.onload = function() { - alert(xhr.response); -} -xhr.open('POST', 'https://localhost:8080/bigquery/service/oidc/rp/signin'); -xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded'); -xhr.send('idtoken=' + id_token); - }; -/script - /body -/html \ No newline at end of file http://git-wip-us.apache.org/repos/asf/cxf/blob/75115ee1/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/googlePlusSignInFlow.html -- diff --git a/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/googlePlusSignInFlow.html b/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/googlePlusSignInFlow.html deleted file mode 100644 index 0f128ff..000 --- a/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/googlePlusSignInFlow.html +++ /dev/null @@ -1,59 +0,0 @@ -html itemscope itemtype=http://schema.org/Article; -head - !-- BEGIN Pre-requisites -- - script src=https://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js; - /script - script src=https://apis.google.com/js/client:platform.js?onload=start; async defer - /script - !-- END Pre-requisites -- -/head -body -div id=signinButton - span class=g-signin -data-scope=https://www.googleapis.com/auth/plus.login; -data-clientid=${client_id} -data-redirecturi=postmessage -data-accesstype=offline -data-cookiepolicy=single_host_origin -data-callback=signInCallback - /span -/div -div id=result/div -script -function signInCallback(authResult) { - if (authResult['code']) { - -// Hide the sign-in button now that the user is authorized, for example: -$('#signinButton').attr('style', 'display: none'); - -// Send the code to the server -$.ajax({ - type: 'POST', - url: 'service/search', - contentType: 'application/octet-stream; charset=utf-8', - success: function(result) { -// Handle or verify the server response if necessary. -// Prints the list of people that the user has allowed the app to know -// to the console. -console.log(result); -//if (result['profile'] result['people']){ -// $('#results').html('Hello ' + result['profile']['displayName'] + '. You successfully made a server side call to people.get and people.list'); -//} else { -// $('#results').html('Failed to make a server-side call. Check your configuration and console.'); -//} - }, - processData: false, - data: authResult['code'] -}); - } else if (authResult['error']) { -// There was an error. -// Possible error codes: -// access_denied - User denied access to your app -// immediate_failed - Could not automatially log in the user -// console.log('There was an error: ' + authResult['error']); - } -} -/script -/body -/html -
cxf git commit: Adding a new PEP interceptor which is opensaml-agnostic
Repository: cxf Updated Branches: refs/heads/master 75115ee15 - 7a5263686 Adding a new PEP interceptor which is opensaml-agnostic Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7a526368 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7a526368 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7a526368 Branch: refs/heads/master Commit: 7a52636862d2d920a2a6d5c5f00821611b7faa37 Parents: 75115ee Author: Colm O hEigeartaigh cohei...@apache.org Authored: Thu Jul 16 14:10:01 2015 +0100 Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Thu Jul 16 14:10:01 2015 +0100 -- .../AbstractXACMLAuthorizingInterceptor.java| 2 +- .../saml/xacml/DefaultXACMLRequestBuilder.java | 3 + .../saml/xacml/XACMLAuthorizingInterceptor.java | 12 +- .../saml/xacml/XACMLRequestBuilder.java | 3 + .../AbstractXACMLAuthorizingInterceptor.java| 112 +++ .../OpenSAMLXACMLAuthorizingInterceptor.java| 158 ++ .../xacml/pep/OpenSAMLXACMLRequestBuilder.java | 209 + .../saml/xacml/pep/XACMLRequestBuilder.java | 44 +++ .../saml/xacml/OldXACMLRequestBuilderTest.java | 308 +++ .../saml/xacml/XACMLRequestBuilderTest.java | 39 +-- .../cxf/systest/ws/saml/SamlTokenTest.java | 48 +++ .../cxf/systest/ws/saml/DoubleItSaml.wsdl | 3 + .../org/apache/cxf/systest/ws/saml/client.xml | 6 + .../org/apache/cxf/systest/ws/saml/server.xml | 13 + .../apache/cxf/systest/ws/saml/stax-server.xml | 15 + 15 files changed, 953 insertions(+), 22 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/7a526368/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/xacml/AbstractXACMLAuthorizingInterceptor.java -- diff --git a/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/xacml/AbstractXACMLAuthorizingInterceptor.java b/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/xacml/AbstractXACMLAuthorizingInterceptor.java index 590b324..3ece64a 100644 --- a/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/xacml/AbstractXACMLAuthorizingInterceptor.java +++ b/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/xacml/AbstractXACMLAuthorizingInterceptor.java @@ -55,7 +55,7 @@ import org.opensaml.xacml.ctx.StatusType; * * This class must be subclassed to actually perform the request to the PDP. * - * @deprecated: Use XACMLAuthorizingInterceptor instead + * @deprecated: Use pep.AbstractXACMLAuthorizingInterceptor instead */ @Deprecated public abstract class AbstractXACMLAuthorizingInterceptor extends AbstractPhaseInterceptorMessage { http://git-wip-us.apache.org/repos/asf/cxf/blob/7a526368/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/xacml/DefaultXACMLRequestBuilder.java -- diff --git a/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/xacml/DefaultXACMLRequestBuilder.java b/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/xacml/DefaultXACMLRequestBuilder.java index 02d115f..ded3025 100644 --- a/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/xacml/DefaultXACMLRequestBuilder.java +++ b/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/xacml/DefaultXACMLRequestBuilder.java @@ -51,7 +51,10 @@ import org.opensaml.xacml.ctx.SubjectType; * For a REST service the request URL is the resource. You can also configure the ability to * send the truncated request URI instead for a SOAP or REST service. The current DateTime is * also sent in an Environment, however this can be disabled via configuration. + * + * @deprecated: Use pep.OpenSAMLXACMLRequestBuilder instead */ +@Deprecated public class DefaultXACMLRequestBuilder implements XACMLRequestBuilder { private boolean sendDateTime = true; http://git-wip-us.apache.org/repos/asf/cxf/blob/7a526368/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/xacml/XACMLAuthorizingInterceptor.java -- diff --git a/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/xacml/XACMLAuthorizingInterceptor.java b/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/xacml/XACMLAuthorizingInterceptor.java index 065c5a9..d198c43 100644 --- a/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/xacml/XACMLAuthorizingInterceptor.java +++ b/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/xacml/XACMLAuthorizingInterceptor.java @@ -19,6 +19,7 @@ package org.apache.cxf.rt.security.saml.xacml; +import javax.xml.XMLConstants; import javax.xml.transform.Source; import
cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 0d3318d2c - c033da8ec Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c033da8e Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c033da8e Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c033da8e Branch: refs/heads/3.0.x-fixes Commit: c033da8ecbd4ea53f80a163f660c08c61a5664b3 Parents: 0d3318d Author: Colm O hEigeartaigh cohei...@apache.org Authored: Thu Jul 16 14:10:59 2015 +0100 Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Thu Jul 16 14:10:59 2015 +0100 -- .gitmergeinfo | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/c033da8e/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index c993b11..b63298a 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -185,6 +185,7 @@ B 7737225402d3a7b2e669ee8ecf54de10af686f20 B 785955e8a26a891296908796abac0b1cf88c94ce B 793f0a7d2a8eade3238deef212dff5f29e0c5b4d B 799c5389f754eb588f023b646b8983b50dde00be +B 7a52636862d2d920a2a6d5c5f00821611b7faa37 B 7cd4cf67ba5b8a0ddc36c8008bf096b469408f48 B 7d1f30f76d95f9eddf0bed995120c71bf1a393b3 B 7e318c4fbfae35680965082a491ca842a23ffd8c
cxf git commit: [CXF-6490] Readme update
Repository: cxf Updated Branches: refs/heads/master 2345b6e4f - 0ff6a3c86 [CXF-6490] Readme update Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/0ff6a3c8 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/0ff6a3c8 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/0ff6a3c8 Branch: refs/heads/master Commit: 0ff6a3c8609507351d29903d04198fd71b650ae5 Parents: 2345b6e Author: Sergey Beryozkin sberyoz...@talend.com Authored: Thu Jul 16 17:51:33 2015 +0300 Committer: Sergey Beryozkin sberyoz...@talend.com Committed: Thu Jul 16 17:51:33 2015 +0300 -- .../main/release/samples/jax_rs/basic_oidc/README.txt | 13 + 1 file changed, 13 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/0ff6a3c8/distribution/src/main/release/samples/jax_rs/basic_oidc/README.txt -- diff --git a/distribution/src/main/release/samples/jax_rs/basic_oidc/README.txt b/distribution/src/main/release/samples/jax_rs/basic_oidc/README.txt index d364206..2315c03 100644 --- a/distribution/src/main/release/samples/jax_rs/basic_oidc/README.txt +++ b/distribution/src/main/release/samples/jax_rs/basic_oidc/README.txt @@ -3,3 +3,16 @@ JAX-RS Basic OpenId Connect Demo This demo demonstrates how to authenticate a user with OpenId Connect. +OAuth2 Implicit Flow is implemented by Google Authentication Script. + +1. Create a new Client In Google Developer Console, + +Ensure a Redirect URI field is empty and set JavaScript Origins to https://localhost:8080. + +Build the demo with mvn install and start it with + +mvn jetty:run-war -Dclient_id=${client_id} + +Then start a browser and go to localhost:8080/user/simpleLogin.jsp + +
cxf git commit: [CXF-6487] Avoiding NPE in the RP service if no redirect is needed
Repository: cxf Updated Branches: refs/heads/master 7a5263686 - af2c42489 [CXF-6487] Avoiding NPE in the RP service if no redirect is needed Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/af2c4248 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/af2c4248 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/af2c4248 Branch: refs/heads/master Commit: af2c42489d67a39e5adb3689e92c4d088422f6c5 Parents: 7a52636 Author: Sergey Beryozkin sberyoz...@talend.com Authored: Thu Jul 16 17:34:45 2015 +0300 Committer: Sergey Beryozkin sberyoz...@talend.com Committed: Thu Jul 16 17:34:45 2015 +0300 -- .../cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/af2c4248/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java -- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java index 0bb5239..7c4e66d 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java @@ -61,7 +61,7 @@ public class OidcRpAuthenticationService { if (location == null defaultLocation != null) { String basePath = (String)mc.get(http.base.path); redirectUri = UriBuilder.fromUri(basePath).path(defaultLocation).build(); -} else { +} else if (location != null) { redirectUri = URI.create(location); } if (redirectUri != null) {
cxf git commit: [CXF-6490] Prototyping basic_oidc demo
Repository: cxf Updated Branches: refs/heads/master 49829a180 - 2345b6e4f [CXF-6490] Prototyping basic_oidc demo Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2345b6e4 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2345b6e4 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2345b6e4 Branch: refs/heads/master Commit: 2345b6e4ff4adf48e9adf5e0b9245da3f7afa011 Parents: 49829a1 Author: Sergey Beryozkin sberyoz...@talend.com Authored: Thu Jul 16 17:42:53 2015 +0300 Committer: Sergey Beryozkin sberyoz...@talend.com Committed: Thu Jul 16 17:42:53 2015 +0300 -- .../samples/jax_rs/basic_oidc/README.txt| 5 + .../release/samples/jax_rs/basic_oidc/pom.xml | 115 ++ .../java/demo/jaxrs/server/IdTokenService.java | 45 +++ .../main/webapp/WEB-INF/applicationContext.xml | 119 +++ .../src/main/webapp/WEB-INF/servicestore.jks| Bin 0 - 3350 bytes .../basic_oidc/src/main/webapp/WEB-INF/web.xml | 33 + .../src/main/webapp/forms/idToken.jsp | 32 + .../src/main/webapp/forms/oidcClientContext.jsp | 14 +++ .../basic_oidc/src/main/webapp/simpleLogin.html | 39 ++ 9 files changed, 402 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/2345b6e4/distribution/src/main/release/samples/jax_rs/basic_oidc/README.txt -- diff --git a/distribution/src/main/release/samples/jax_rs/basic_oidc/README.txt b/distribution/src/main/release/samples/jax_rs/basic_oidc/README.txt new file mode 100644 index 000..d364206 --- /dev/null +++ b/distribution/src/main/release/samples/jax_rs/basic_oidc/README.txt @@ -0,0 +1,5 @@ +JAX-RS Basic OpenId Connect Demo + + +This demo demonstrates how to authenticate a user with OpenId Connect. + http://git-wip-us.apache.org/repos/asf/cxf/blob/2345b6e4/distribution/src/main/release/samples/jax_rs/basic_oidc/pom.xml -- diff --git a/distribution/src/main/release/samples/jax_rs/basic_oidc/pom.xml b/distribution/src/main/release/samples/jax_rs/basic_oidc/pom.xml new file mode 100644 index 000..fa2b1c5 --- /dev/null +++ b/distribution/src/main/release/samples/jax_rs/basic_oidc/pom.xml @@ -0,0 +1,115 @@ +?xml version=1.0? +!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + License); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +-- +project xmlns=http://maven.apache.org/POM/4.0.0; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd; +modelVersion4.0.0/modelVersion +artifactIdjax_rs_basic_oidc/artifactId +nameJAX-RS Basic Oidc Demo/name +descriptionJAX-RS Basic Oidc Demo/description +packagingwar/packaging +parent +groupIdorg.apache.cxf.samples/groupId +artifactIdcxf-samples/artifactId +version3.1.2-SNAPSHOT/version +relativePath../../relativePath +/parent +properties +/properties +dependencies +dependency +groupIdorg.apache.cxf/groupId +artifactIdcxf-rt-transports-http/artifactId +version3.1.2-SNAPSHOT/version +/dependency +dependency +groupIdorg.apache.cxf/groupId +artifactIdcxf-rt-frontend-jaxrs/artifactId +version3.1.2-SNAPSHOT/version +/dependency +dependency +groupIdorg.apache.cxf/groupId +artifactIdcxf-rt-rs-security-jose/artifactId +version3.1.2-SNAPSHOT/version +/dependency +dependency +groupIdorg.apache.cxf/groupId +artifactIdcxf-rt-rs-security-sso-oidc/artifactId +version3.1.2-SNAPSHOT/version +/dependency +dependency +groupIdjavax.ws.rs/groupId +artifactIdjavax.ws.rs-api/artifactId +/dependency +dependency +groupIdorg.springframework/groupId +artifactIdspring-core/artifactId +
cxf git commit: Fix setup.eclipse profile
Repository: cxf Updated Branches: refs/heads/master af2c42489 - 49829a180 Fix setup.eclipse profile Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/49829a18 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/49829a18 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/49829a18 Branch: refs/heads/master Commit: 49829a180d3924f3dfc8ecf41ac904e8da020ba1 Parents: af2c424 Author: Daniel Kulp dk...@apache.org Authored: Thu Jul 16 10:40:05 2015 -0400 Committer: Daniel Kulp dk...@apache.org Committed: Thu Jul 16 10:40:17 2015 -0400 -- rt/management-web/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/49829a18/rt/management-web/pom.xml -- diff --git a/rt/management-web/pom.xml b/rt/management-web/pom.xml index ea962a3..a3f4ca2 100644 --- a/rt/management-web/pom.xml +++ b/rt/management-web/pom.xml @@ -260,7 +260,7 @@ executions execution idadd-source-dir/id -phasegenerate-sources/phase +phaseprocess-classes/phase goals goaladd-source/goal /goals
cxf-fediz git commit: Updating CXF README
Repository: cxf-fediz Updated Branches: refs/heads/master a5f80c992 - 28f17a508 Updating CXF README Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/28f17a50 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/28f17a50 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/28f17a50 Branch: refs/heads/master Commit: 28f17a5082a951125437f58d10d9ea1ee84e5e31 Parents: a5f80c9 Author: Colm O hEigeartaigh cohei...@apache.org Authored: Thu Jul 16 16:08:51 2015 +0100 Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Thu Jul 16 16:08:51 2015 +0100 -- plugins/cxf/README.txt | 8 1 file changed, 8 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/28f17a50/plugins/cxf/README.txt -- diff --git a/plugins/cxf/README.txt b/plugins/cxf/README.txt index a5fd7a7..3d322e3 100644 --- a/plugins/cxf/README.txt +++ b/plugins/cxf/README.txt @@ -1,6 +1,14 @@ Fediz Plugin for CXF +The Fediz plugin for CXF contains two separate pieces of functionality. +The first is a CallbackHandler that allows the SAML Token of the Web +SSO session to be used by the CXF Web Services Stack, i.e. for delegation. +The second is a full SAML SSO RP plugin based solely on Apache CXF, which +is container independent. + += Delegation scenario = + Pre-requisite is that Fediz is either enabled on the container level or by Spring Security. This plugin is an add-on which provides the security context (SAML token) of the Web SSO session to the underyling
[1/2] cxf-fediz git commit: Updating CXF README
Repository: cxf-fediz Updated Branches: refs/heads/1.2.x-fixes bebabdc30 - 4cc318db3 Updating CXF README Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/511cc5bf Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/511cc5bf Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/511cc5bf Branch: refs/heads/1.2.x-fixes Commit: 511cc5bf90b449f521a6e1bcf5eb1c8a3b4eb7e8 Parents: bebabdc Author: Colm O hEigeartaigh cohei...@apache.org Authored: Thu Jul 16 16:08:51 2015 +0100 Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Thu Jul 16 16:33:49 2015 +0100 -- plugins/cxf/README.txt | 8 1 file changed, 8 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/511cc5bf/plugins/cxf/README.txt -- diff --git a/plugins/cxf/README.txt b/plugins/cxf/README.txt index a5fd7a7..3d322e3 100644 --- a/plugins/cxf/README.txt +++ b/plugins/cxf/README.txt @@ -1,6 +1,14 @@ Fediz Plugin for CXF +The Fediz plugin for CXF contains two separate pieces of functionality. +The first is a CallbackHandler that allows the SAML Token of the Web +SSO session to be used by the CXF Web Services Stack, i.e. for delegation. +The second is a full SAML SSO RP plugin based solely on Apache CXF, which +is container independent. + += Delegation scenario = + Pre-requisite is that Fediz is either enabled on the container level or by Spring Security. This plugin is an add-on which provides the security context (SAML token) of the Web SSO session to the underyling
[2/2] cxf-fediz git commit: Fixing README
Fixing README Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/4cc318db Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/4cc318db Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/4cc318db Branch: refs/heads/1.2.x-fixes Commit: 4cc318db34cb69785520d2b5d985614a9bb32991 Parents: 511cc5b Author: Colm O hEigeartaigh cohei...@apache.org Authored: Thu Jul 16 16:20:20 2015 +0100 Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Thu Jul 16 16:33:57 2015 +0100 -- plugins/cxf/README.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4cc318db/plugins/cxf/README.txt -- diff --git a/plugins/cxf/README.txt b/plugins/cxf/README.txt index 3d322e3..0583217 100644 --- a/plugins/cxf/README.txt +++ b/plugins/cxf/README.txt @@ -4,7 +4,7 @@ Fediz Plugin for CXF The Fediz plugin for CXF contains two separate pieces of functionality. The first is a CallbackHandler that allows the SAML Token of the Web SSO session to be used by the CXF Web Services Stack, i.e. for delegation. -The second is a full SAML SSO RP plugin based solely on Apache CXF, which +The second is a full WS-Federation RP plugin based solely on Apache CXF, which is container independent. = Delegation scenario =
svn commit: r958573 - in /websites/production/cxf/content: cache/main.pageCache fediz-cxf.html
Author: buildbot Date: Thu Jul 16 15:47:27 2015 New Revision: 958573 Log: Production update by buildbot for cxf Modified: websites/production/cxf/content/cache/main.pageCache websites/production/cxf/content/fediz-cxf.html Modified: websites/production/cxf/content/cache/main.pageCache == Binary files - no diff available. Modified: websites/production/cxf/content/fediz-cxf.html == --- websites/production/cxf/content/fediz-cxf.html (original) +++ websites/production/cxf/content/fediz-cxf.html Thu Jul 16 15:47:27 2015 @@ -109,37 +109,56 @@ Apache CXF -- Fediz CXF td height=100% !-- Content -- div class=wiki-content -div id=ConfluenceContenth1 id=FedizCXF-CXFPlugin(1.1)CXF Plugin (1.1)/h1 -pThe subproject Fediz purpose is to provide Single Sign On for Web Applications which is independent of an underlying Web Services framework like Apache CXF. The Fediz plugins for Tomcat, Jetty, etc. are independent of Apache CXF, whereas the Fediz IDP leverages the capabilities of the CXF STS to issue SAML tokens with Claims information to build applications which use Claims Based Authorization with all the benefits./p - -pIf the Fediz protected web application integrates with another application using Web Services you need to bundle a Web Services framework like Apache CXF with your web application. If it is required to support impersonation to call the Web Service, the security context of the application server must be delegated to the Web Services stack thus it can make the Web Service call on behalf of the browser user./p - -pIn release 1.1, the Fediz CXF plugin supports delegating the application server security context (SAML token) to the STS client of CXF. CXF is then able to request a security token for the target Web Service from the STS on behalf of the browser user. Prior to release 1.1, this Java code had to be developed by the application developer./p - -pIt is required that one of the other Fediz plugins are deployed to WS-Federation enable the application. After this step, the Fediz CXF plugin can be installed to integrate the Web SSO layer with the Web Services stack of Apache CXF./p - - -h3 id=FedizCXF-InstallationInstallation/h3 -pIt's recommended to use Maven to resolve the dependencies as illustrated in the the example codewsclientWebapp/code./p - -div class=code panel pdl style=border-style: solid;border-width: 1px;div class=codeHeader panelHeader pdl style=border-bottom-width: 1px;border-bottom-style: solid;bpom.xml/b/divdiv class=codeContent panelContent pdl -pre class=brush: xml; gutter: false; theme: Default style=font-size:12px; -lt;dependencygt; +div id=ConfluenceContenth1 id=FedizCXF-CXFPlugin(1.1/1.2)CXF Plugin (1.1/1.2)/h1pThe Fediz plugin for CXF contains two separate pieces of functionality. The first is a CallbackHandler that allows the SAML Token of the Web SSO session to be used by the CXF Web Services Stack, i.e. for delegation (available since 1.1). The second is a full WS-Federation RP plugin based solely on Apache CXF JAX-RS, which is container independent (available since 1.2.0)./ph2 id=FedizCXF-CXFPluginsupportforWS-FederationCXF Plugin support for WS-Federation/h2pThe new CXF plugin for WS-Federation available from Fediz 1.2.0 means that it is now possible to add support for WS-Federation to your JAX-RS CXF service without having to specify a container-specific plugin. Here is an example Spring based configuration:/pdiv class=code panel pdl style=border-width: 1px;div class=codeHeader panelHeader pdl style=border-bottom-width: 1px;bCXF spring configuration/b/divdiv cl ass=codeContent panelContent pdl +pre class=brush: java; gutter: false; theme: Default style=font-size:12px;lt;bean id=serviceBean class=org.apache.cxf.fediz.example.Servicegt; +lt;/beangt; + +lt;bean id=fedizFilter class=org.apache.cxf.fediz.cxf.plugin.FedizRedirectBindingFiltergt; +lt;property name=configFile value=fediz_config.xml/gt; +lt;/beangt; + + +lt;bean id=authorizationInterceptor + class=org.apache.cxf.interceptor.security.SecureAnnotationsInterceptorgt; + lt;property name=securedObject ref=serviceBean /gt; +lt;/beangt; + +lt;jaxrs:server address=/gt; +lt;jaxrs:serviceBeansgt; +lt;ref bean=serviceBean/gt; +lt;/jaxrs:serviceBeansgt; +lt;jaxrs:providersgt; +lt;ref bean=fedizFilter/gt; +lt;ref bean=exceptionMapper/gt; +lt;/jaxrs:providersgt; +lt;jaxrs:inInterceptorsgt; +lt;ref bean=authorizationInterceptor/gt; +lt;/jaxrs:inInterceptorsgt; +lt;/jaxrs:servergt;/pre +/div/divpHere we have a JAX-RS service which is secured via the SecureAnnotationsInterceptor. For example:/pdiv class=code panel pdl style=border-width: 1px;div class=codeHeader panelHeader pdl style=border-bottom-width: 1px;bCXF Service
cxf git commit: Remove duplicate entries from manifest and fix the manifest
Repository: cxf Updated Branches: refs/heads/master 0ff6a3c86 - 3948f2f0b Remove duplicate entries from manifest and fix the manifest Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3948f2f0 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3948f2f0 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3948f2f0 Branch: refs/heads/master Commit: 3948f2f0b08f40bdffc8c829429bf33b52ac26e5 Parents: 0ff6a3c Author: Daniel Kulp dk...@apache.org Authored: Thu Jul 16 12:38:37 2015 -0400 Committer: Daniel Kulp dk...@apache.org Committed: Thu Jul 16 12:38:37 2015 -0400 -- distribution/manifest/pom.xml | 8 1 file changed, 8 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/3948f2f0/distribution/manifest/pom.xml -- diff --git a/distribution/manifest/pom.xml b/distribution/manifest/pom.xml index bf36851..adb967a 100644 --- a/distribution/manifest/pom.xml +++ b/distribution/manifest/pom.xml @@ -378,14 +378,6 @@ manifest addClasspathtrue/addClasspath /manifest -manifestEntries -!-- Add an entry for the renamed bundle jar in the distro -- -!-- Add entries for the stuff that needs to be endorsed on Java6, but not on java5 -- -!-- Stick both versions of jaxb xjc/impl on classpath to make it easier to flip back and forth -- -Class-Path - cxf-${project.version}.jar {cxf.jaxb.version}.jar jaxb-impl-${cxf.jaxb.impl.version}.jar jaxb-core-${cxf.jaxb.core.version}.jar -/Class-Path -/manifestEntries /archive /configuration /plugin
cxf git commit: [CXF-6267]: Introduced interceptor used to retrieve SAML from STS
Repository: cxf Updated Branches: refs/heads/master 3948f2f0b - c933c0be9 [CXF-6267]: Introduced interceptor used to retrieve SAML from STS Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c933c0be Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c933c0be Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c933c0be Branch: refs/heads/master Commit: c933c0be9254f5858102aea69d306908ce8a1f0c Parents: 3948f2f Author: Andrei Shakirin andrei.shaki...@gmail.com Authored: Thu Jul 16 21:20:00 2015 +0200 Committer: Andrei Shakirin andrei.shaki...@gmail.com Committed: Thu Jul 16 21:20:00 2015 +0200 -- .../interceptors/STSTokenOutInterceptor.java| 177 ++ .../stsclient/STSTokenOutInterceptorTest.java | 329 +++ .../sts/stsclient/STSTokenRetrieverTest.java| 6 - 3 files changed, 506 insertions(+), 6 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/c933c0be/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenOutInterceptor.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenOutInterceptor.java new file mode 100644 index 000..a735fd1 --- /dev/null +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenOutInterceptor.java @@ -0,0 +1,177 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * License); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.ws.security.policy.interceptors; + +import java.util.HashMap; +import java.util.Map; +import java.util.logging.Logger; + +import javax.xml.namespace.QName; + +import org.apache.cxf.Bus; +import org.apache.cxf.common.logging.LogUtils; +import org.apache.cxf.interceptor.Fault; +import org.apache.cxf.message.Message; +import org.apache.cxf.phase.AbstractPhaseInterceptor; +import org.apache.cxf.phase.Phase; +import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.tokenstore.SecurityToken; +import org.apache.cxf.ws.security.trust.STSClient; +import org.apache.cxf.ws.security.trust.STSTokenRetriever; +import org.apache.cxf.ws.security.trust.STSTokenRetriever.TokenRequestParams; + +public class STSTokenOutInterceptor extends AbstractPhaseInterceptorMessage { +private static final Logger LOG = LogUtils.getL7dLogger(STSTokenOutInterceptor.class); +private static final String TOKEN_TYPE_SAML_2_0 = + http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0;; +private static final String KEY_TYPE_X509 = http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey;; +private static final String WS_TRUST_NS = http://docs.oasis-open.org/ws-sx/ws-trust/200512/;; +private static final QName STS_SERVICE_NAME = new QName(WS_TRUST_NS, SecurityTokenService); +private static final QName X509_ENDPOINT = new QName(WS_TRUST_NS, X509_Port); +private static final QName TRANSPORT_ENDPOINT = new QName(WS_TRUST_NS, Transport_Port); + +private STSClient stsClient; +private TokenRequestParams tokenParams; + +public STSTokenOutInterceptor(AuthParams authParams, String stsWsdlLocation, Bus bus) { +super(Phase.PREPARE_SEND); +this.stsClient = configureBasicSTSClient(authParams, stsWsdlLocation, bus); +this.tokenParams = new TokenRequestParams(); +} + +public STSTokenOutInterceptor(STSClient stsClient) { +this(Phase.PREPARE_SEND, stsClient, new TokenRequestParams()); +} + +public STSTokenOutInterceptor(STSClient stsClient, TokenRequestParams tokenParams) { +this(Phase.PREPARE_SEND, stsClient, tokenParams); +} + +public STSTokenOutInterceptor(String phase, STSClient stsClient, TokenRequestParams tokenParams) { +super(phase); +this.stsClient = stsClient; +this.tokenParams = tokenParams; +} + +@Override +public void