This is an automated email from the ASF dual-hosted git repository. buhhunyx pushed a commit to branch spring-security-4 in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git
commit 767e4f04865d1143fb2d24829c214133ace35a19 Author: amarkevich <[email protected]> AuthorDate: Tue Apr 30 10:56:05 2019 +0300 fediz-idp: adopt to Spring Security 4.x --- pom.xml | 10 +++++----- services/idp-core/pom.xml | 4 ---- .../src/test/resources/persistenceContext.xml | 5 +---- services/idp/pom.xml | 16 +++++++-------- services/idp/src/main/resources/cxf-tls.xml | 3 --- .../idp/src/main/resources/persistenceContext.xml | 5 +---- .../webapp/WEB-INF/config/idp-core-servlet.xml | 8 +++----- .../WEB-INF/config/security-clientcert-config.xml | 2 +- .../webapp/WEB-INF/config/security-krb-config.xml | 2 +- .../webapp/WEB-INF/config/security-rs-config.xml | 8 +++----- .../webapp/WEB-INF/config/security-up-config.xml | 23 +++++++++++----------- .../src/main/webapp/WEB-INF/security-config.xml | 15 ++++++++++---- services/idp/src/test/resources/rest-client.xml | 12 ++++++++++- .../src/main/webapp/WEB-INF/applicationContext.xml | 18 +++++------------ .../sts/src/main/webapp/WEB-INF/cxf-transport.xml | 13 +----------- .../sts/src/main/webapp/WEB-INF/data/realms.xml | 18 ++--------------- services/sts/src/main/webapp/WEB-INF/web.xml | 6 +++--- .../test/resources/realma/security-up-config.xml | 2 +- .../src/test/resources/realmb/security-config.xml | 7 ++++++- .../src/test/resources/realmb/security-config.xml | 2 +- .../src/test/resources/realmb/security-config.xml | 7 ++++++- systests/idp/pom.xml | 10 +++++----- systests/samlsso/src/test/resources/rp-server.xml | 1 - 23 files changed, 87 insertions(+), 110 deletions(-) diff --git a/pom.xml b/pom.xml index b8dec80..ab45fed 100644 --- a/pom.xml +++ b/pom.xml @@ -59,13 +59,13 @@ <junit.version>4.12</junit.version> <kerby.version>1.1.1</kerby.version> <log4j.version>1.2.17</log4j.version> - <openjpa.version>2.4.3</openjpa.version> + <openjpa.version>3.1.0</openjpa.version> <servlet.version>2.5</servlet.version> <slf4j.version>1.7.26</slf4j.version> - <spring.version>4.3.22.RELEASE</spring.version> + <spring.version>4.3.23.RELEASE</spring.version> <spring-ldap-core.version>2.3.2.RELEASE</spring-ldap-core.version> - <spring.security.version>4.2.11.RELEASE</spring.security.version> - <spring-webflow.version>2.4.8.RELEASE</spring-webflow.version> + <spring.security.version>4.2.12.RELEASE</spring.security.version> + <spring-webflow.version>2.5.1.RELEASE</spring-webflow.version> <tomcat.version>9.0.19</tomcat.version> <wss4j.version>2.2.2</wss4j.version> @@ -633,7 +633,7 @@ <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-war-plugin</artifactId> - <version>3.2.1</version> + <version>3.2.2</version> </plugin> </plugins> </pluginManagement> diff --git a/services/idp-core/pom.xml b/services/idp-core/pom.xml index da5bb0b..65fc03c 100644 --- a/services/idp-core/pom.xml +++ b/services/idp-core/pom.xml @@ -29,10 +29,6 @@ <name>Apache Fediz IDP Core</name> <packaging>jar</packaging> - <properties> - <spring.security.version>3.2.10.RELEASE</spring.security.version> - </properties> - <dependencyManagement> <dependencies> <dependency> diff --git a/services/idp-core/src/test/resources/persistenceContext.xml b/services/idp-core/src/test/resources/persistenceContext.xml index f0b3586..72b43fa 100644 --- a/services/idp-core/src/test/resources/persistenceContext.xml +++ b/services/idp-core/src/test/resources/persistenceContext.xml @@ -20,16 +20,13 @@ <beans profile="jpa" xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:tx="http://www.springframework.org/schema/tx"; - xmlns:jdbc="http://www.springframework.org/schema/jdbc"; xmlns:context="http://www.springframework.org/schema/context"; xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd http://www.springframework.org/schema/tx - http://www.springframework.org/schema/tx/spring-tx.xsd - http://www.springframework.org/schema/jdbc - http://www.springframework.org/schema/jdbc/spring-jdbc-3.0.xsd"; + http://www.springframework.org/schema/tx/spring-tx.xsd"; default-autowire="byName"> <context:component-scan base-package="org.apache.cxf.fediz.service.idp.service" /> diff --git a/services/idp/pom.xml b/services/idp/pom.xml index 32423b1..547d8ca 100644 --- a/services/idp/pom.xml +++ b/services/idp/pom.xml @@ -228,7 +228,7 @@ <properties> <property> <name>catalina.base</name> - <value>target</value> + <value>${project.build.directory}</value> </property> </properties> </configuration> @@ -248,12 +248,12 @@ ${project.build.directory}/test-classes/jetty-ssl.xml,${project.build.directory}/test-classes/jetty-https.xml</jettyXml> <contextHandlers> <contextHandler implementation="org.eclipse.jetty.maven.plugin.JettyWebAppContext"> - <war>${basedir}/target/fediz-idp-sts.war</war> + <war>${project.build.directory}/fediz-idp-sts.war</war> <contextPath>/fediz-idp-sts</contextPath> <throwUnavailableOnStartupException>false</throwUnavailableOnStartupException> </contextHandler> <contextHandler implementation="org.eclipse.jetty.maven.plugin.JettyWebAppContext"> - <war>${basedir}/target/fediz-idp.war</war> + <war>${project.build.directory}/fediz-idp.war</war> <contextPath>/fediz-idp</contextPath> </contextHandler> </contextHandlers> @@ -301,7 +301,7 @@ <systemPropertyVariables> <idp.https.port>${idp.https.port}</idp.https.port> <realm>${realm}</realm> - <catalina.base>target</catalina.base> + <catalina.base>${project.build.directory}</catalina.base> </systemPropertyVariables> <includes> <include>**/integrationtests/**</include> @@ -366,7 +366,7 @@ <configuration> <contextHandlers> <contextHandler implementation="org.eclipse.jetty.maven.plugin.JettyWebAppContext"> - <war>${basedir}/target/fediz-idp.war</war> + <war>${project.build.directory}/fediz-idp.war</war> <contextPath>/fediz-idp</contextPath> </contextHandler> </contextHandlers> @@ -393,7 +393,7 @@ <configuration> <contextHandlers> <contextHandler implementation="org.eclipse.jetty.maven.plugin.JettyWebAppContext"> - <war>${basedir}/target/fediz-idp-remote.war</war> + <war>${project.build.directory}/fediz-idp-remote.war</war> <contextPath>/fediz-idp-remote</contextPath> </contextHandler> </contextHandlers> @@ -435,7 +435,7 @@ <version>${project.version}</version> <type>war</type> <overWrite>true</overWrite> - <outputDirectory>target/</outputDirectory> + <outputDirectory>${project.build.directory}</outputDirectory> </artifactItem> </artifactItems> <outputAbsoluteArtifactFilename>true</outputAbsoluteArtifactFilename> @@ -452,7 +452,7 @@ <configuration> <contextHandlers combine.children="append"> <contextHandler implementation="org.eclipse.jetty.maven.plugin.JettyWebAppContext"> - <war>${basedir}/target/fediz-idp-sts.war</war> + <war>${project.build.directory}/fediz-idp-sts.war</war> <contextPath>/fediz-idp-sts</contextPath> </contextHandler> </contextHandlers> diff --git a/services/idp/src/main/resources/cxf-tls.xml b/services/idp/src/main/resources/cxf-tls.xml index c2f21a2..c11c04b 100644 --- a/services/idp/src/main/resources/cxf-tls.xml +++ b/services/idp/src/main/resources/cxf-tls.xml @@ -22,15 +22,12 @@ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:http="http://cxf.apache.org/transports/http/configuration"; xmlns:sec="http://cxf.apache.org/configuration/security"; - xmlns:context="http://www.springframework.org/schema/context"; xsi:schemaLocation="http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd - http://www.springframework.org/schema/context - http://www.springframework.org/schema/context/spring-context-4.3.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd";> diff --git a/services/idp/src/main/resources/persistenceContext.xml b/services/idp/src/main/resources/persistenceContext.xml index f0b3586..72b43fa 100644 --- a/services/idp/src/main/resources/persistenceContext.xml +++ b/services/idp/src/main/resources/persistenceContext.xml @@ -20,16 +20,13 @@ <beans profile="jpa" xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:tx="http://www.springframework.org/schema/tx"; - xmlns:jdbc="http://www.springframework.org/schema/jdbc"; xmlns:context="http://www.springframework.org/schema/context"; xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd http://www.springframework.org/schema/tx - http://www.springframework.org/schema/tx/spring-tx.xsd - http://www.springframework.org/schema/jdbc - http://www.springframework.org/schema/jdbc/spring-jdbc-3.0.xsd"; + http://www.springframework.org/schema/tx/spring-tx.xsd"; default-autowire="byName"> <context:component-scan base-package="org.apache.cxf.fediz.service.idp.service" /> diff --git a/services/idp/src/main/webapp/WEB-INF/config/idp-core-servlet.xml b/services/idp/src/main/webapp/WEB-INF/config/idp-core-servlet.xml index 3d62ad9..e810912 100644 --- a/services/idp/src/main/webapp/WEB-INF/config/idp-core-servlet.xml +++ b/services/idp/src/main/webapp/WEB-INF/config/idp-core-servlet.xml @@ -92,14 +92,12 @@ </bean> <bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased"> - <property name="decisionVoters"> + <constructor-arg> <list> - <bean class="org.springframework.security.access.vote.RoleVoter"> - <property name="rolePrefix" value="ROLE_" /> - </bean> + <bean class="org.springframework.security.access.vote.RoleVoter" /> <bean class="org.springframework.security.access.vote.AuthenticatedVoter" /> </list> - </property> + </constructor-arg> </bean> </beans> diff --git a/services/idp/src/main/webapp/WEB-INF/config/security-clientcert-config.xml b/services/idp/src/main/webapp/WEB-INF/config/security-clientcert-config.xml index 53fc270..ff22a5e 100644 --- a/services/idp/src/main/webapp/WEB-INF/config/security-clientcert-config.xml +++ b/services/idp/src/main/webapp/WEB-INF/config/security-clientcert-config.xml @@ -28,7 +28,7 @@ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd http://www.springframework.org/schema/security - http://www.springframework.org/schema/security/spring-security-3.2.xsd + http://www.springframework.org/schema/security/spring-security.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.3.xsd "> diff --git a/services/idp/src/main/webapp/WEB-INF/config/security-krb-config.xml b/services/idp/src/main/webapp/WEB-INF/config/security-krb-config.xml index 826c032..3f8a663 100644 --- a/services/idp/src/main/webapp/WEB-INF/config/security-krb-config.xml +++ b/services/idp/src/main/webapp/WEB-INF/config/security-krb-config.xml @@ -28,7 +28,7 @@ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd http://www.springframework.org/schema/security - http://www.springframework.org/schema/security/spring-security-3.2.xsd + http://www.springframework.org/schema/security/spring-security.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.3.xsd "> diff --git a/services/idp/src/main/webapp/WEB-INF/config/security-rs-config.xml b/services/idp/src/main/webapp/WEB-INF/config/security-rs-config.xml index c739a00..76df962 100644 --- a/services/idp/src/main/webapp/WEB-INF/config/security-rs-config.xml +++ b/services/idp/src/main/webapp/WEB-INF/config/security-rs-config.xml @@ -21,22 +21,20 @@ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:security="http://www.springframework.org/schema/security"; xmlns:context="http://www.springframework.org/schema/context"; - xmlns:util="http://www.springframework.org/schema/util"; xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd http://www.springframework.org/schema/security - http://www.springframework.org/schema/security/spring-security-3.2.xsd - http://www.springframework.org/schema/util - http://www.springframework.org/schema/util/spring-util-4.3.xsd + http://www.springframework.org/schema/security/spring-security.xsd "> <!-- DISABLE in production as it might log confidential information about the user --> <!-- <security:debug /> --> <security:http pattern="/services/rs/**" use-expressions="true" authentication-manager-ref="restAuthenticationManager"> + <security:csrf disabled="true"/> <security:custom-filter after="CHANNEL_FILTER" ref="stsUPPortFilter" /> <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" /> <security:intercept-url pattern="/services/rs/**" access="isAuthenticated()" /> @@ -62,7 +60,7 @@ <security:salt-source user-property="username" /> </security:password-encoder> --> - <security:user-service properties="classpath:/users.properties" /> + <security:user-service properties="classpath:/users.properties" /> </security:authentication-provider> <security:authentication-provider ref="stsUPAuthProvider" /> </security:authentication-manager> diff --git a/services/idp/src/main/webapp/WEB-INF/config/security-up-config.xml b/services/idp/src/main/webapp/WEB-INF/config/security-up-config.xml index 284504d..a97ccba 100644 --- a/services/idp/src/main/webapp/WEB-INF/config/security-up-config.xml +++ b/services/idp/src/main/webapp/WEB-INF/config/security-up-config.xml @@ -28,7 +28,7 @@ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd http://www.springframework.org/schema/security - http://www.springframework.org/schema/security/spring-security-3.2.xsd + http://www.springframework.org/schema/security/spring-security.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.3.xsd "> @@ -53,11 +53,11 @@ username-parameter="username" password-parameter="password" /--> - <security:logout logout-url="/federation/up/logout" - logout-success-url="/federation/up/login?out" - delete-cookies="FEDIZ_HOME_REALM,JSESSIONID" - invalidate-session="true" - /> + <security:logout logout-url="/federation/up/logout" + logout-success-url="/federation/up/login?out" + delete-cookies="FEDIZ_HOME_REALM,JSESSIONID" + invalidate-session="true" + /> <security:headers> <security:content-type-options /> @@ -68,6 +68,7 @@ <!-- HTTP/BA entry point for SAML SSO --> <security:http pattern="/saml/up/**" use-expressions="true"> + <security:csrf disabled="true"/> <security:intercept-url requires-channel="https" pattern="/saml/up/login*" access="isAuthenticated()" /> <security:custom-filter after="CHANNEL_FILTER" ref="stsUPPortFilter" /> <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" /> @@ -80,11 +81,11 @@ username-parameter="username" password-parameter="password" /--> - <security:logout logout-url="/saml/up/logout" - logout-success-url="/saml/up/login?out" - delete-cookies="FEDIZ_HOME_REALM,JSESSIONID" - invalidate-session="true" - /> + <security:logout logout-url="/saml/up/logout" + logout-success-url="/saml/up/login?out" + delete-cookies="FEDIZ_HOME_REALM,JSESSIONID" + invalidate-session="true" + /> <security:headers> <security:content-type-options /> diff --git a/services/idp/src/main/webapp/WEB-INF/security-config.xml b/services/idp/src/main/webapp/WEB-INF/security-config.xml index a270050..fb66646 100644 --- a/services/idp/src/main/webapp/WEB-INF/security-config.xml +++ b/services/idp/src/main/webapp/WEB-INF/security-config.xml @@ -27,7 +27,7 @@ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd http://www.springframework.org/schema/security - http://www.springframework.org/schema/security/spring-security-3.2.xsd + http://www.springframework.org/schema/security/spring-security.xsd "> <context:property-placeholder location="classpath:realm.properties" /> @@ -46,6 +46,11 @@ <!-- The user has no role during the login phase of WS-Federation --> <security:global-method-security pre-post-annotations="enabled" /> + <!-- Remove the ROLE_ prefix --> + <bean id="grantedAuthorityDefaults" class="org.springframework.security.config.core.GrantedAuthorityDefaults"> + <constructor-arg value="" /> + </bean> + <!-- Redirects to a dedicated http config --> <bean id="fedizEntryPoint" class="org.apache.cxf.fediz.service.idp.FedizEntryPoint"> <property name="realm" value="${realm-uri}" /> @@ -54,6 +59,7 @@ <!-- Main entry point for WS-Federation --> <security:http pattern="/federation" use-expressions="true" entry-point-ref="fedizEntryPoint"> + <security:csrf disabled="true"/> <security:custom-filter after="CHANNEL_FILTER" ref="stsUPPortFilter" /> <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" /> <security:intercept-url pattern="/FederationMetadata/2007-06/FederationMetadata.xml" access="isAnonymous() or isAuthenticated()" /> @@ -68,6 +74,7 @@ <!-- Main entry point for SAML SSO --> <security:http pattern="/saml" use-expressions="true" entry-point-ref="fedizEntryPoint"> + <security:csrf disabled="true"/> <security:custom-filter after="CHANNEL_FILTER" ref="stsUPPortFilter" /> <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" /> @@ -77,13 +84,13 @@ <security:xss-protection /> </security:headers> </security:http> - - <security:authentication-manager alias="authenticationManagers"> + + <security:authentication-manager alias="authenticationManagers" id="authenticationManagers"> <security:authentication-provider ref="stsUPAuthProvider" /> <security:authentication-provider ref="stsKrbAuthProvider" /> <security:authentication-provider ref="stsClientCertAuthProvider" /> </security:authentication-manager> - + <bean id="entitlementsEnricher" class="org.apache.cxf.fediz.service.idp.service.security.GrantedAuthorityEntitlements" /> diff --git a/services/idp/src/test/resources/rest-client.xml b/services/idp/src/test/resources/rest-client.xml index a52f114..4e2dd72 100644 --- a/services/idp/src/test/resources/rest-client.xml +++ b/services/idp/src/test/resources/rest-client.xml @@ -17,7 +17,17 @@ specific language governing permissions and limitations under the License. --> -<beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:http="http://cxf.apache.org/transports/http/configuration"; xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"; xmlns:sec="http://cxf.apache.org/configuration/security"; xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd http://cxf.apache.org/t [...] +<beans xmlns="http://www.springframework.org/schema/beans"; + xmlns:http="http://cxf.apache.org/transports/http/configuration"; + xmlns:sec="http://cxf.apache.org/configuration/security"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation=" + http://www.springframework.org/schema/beans + http://www.springframework.org/schema/beans/spring-beans-4.3.xsd + http://cxf.apache.org/transports/http/configuration + http://cxf.apache.org/schemas/configuration/http-conf.xsd + http://cxf.apache.org/configuration/security + http://cxf.apache.org/schemas/configuration/security.xsd";> <!-- --> <!-- HTTP/S configuration for web clients --> <!-- --> diff --git a/services/sts/src/main/webapp/WEB-INF/applicationContext.xml b/services/sts/src/main/webapp/WEB-INF/applicationContext.xml index c1f2997..27f27bb 100644 --- a/services/sts/src/main/webapp/WEB-INF/applicationContext.xml +++ b/services/sts/src/main/webapp/WEB-INF/applicationContext.xml @@ -20,23 +20,16 @@ <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:cxf="http://cxf.apache.org/core"; - xmlns:jaxws="http://cxf.apache.org/jaxws"; - xmlns:test="http://apache.org/hello_world_soap_http"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; - xmlns:util="http://www.springframework.org/schema/util"; xsi:schemaLocation=" http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://www.springframework.org/schema/beans - http://www.springframework.org/schema/beans/spring-beans-4.3.xsd - http://cxf.apache.org/jaxws - http://cxf.apache.org/schemas/jaxws.xsd - http://www.springframework.org/schema/util - http://www.springframework.org/schema/util/spring-util-4.3.xsd";> - - <import resource="classpath:META-INF/cxf/cxf.xml"/> - <import resource="cxf-transport.xml"/> - + http://www.springframework.org/schema/beans/spring-beans-4.3.xsd";> + + <import resource="classpath:META-INF/cxf/cxf.xml"/> + <import resource="cxf-transport.xml"/> + <!--cxf:bus> <cxf:features> <cxf:logging/> @@ -44,4 +37,3 @@ </cxf:bus--> </beans> - diff --git a/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml b/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml index 4781f2a..877fb5f 100644 --- a/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml +++ b/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml @@ -20,24 +20,14 @@ <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:cxf="http://cxf.apache.org/core"; xmlns:jaxws="http://cxf.apache.org/jaxws"; - xmlns:test="http://apache.org/hello_world_soap_http"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; - xmlns:util="http://www.springframework.org/schema/util"; - xmlns:http="http://cxf.apache.org/transports/http/configuration"; - xmlns:sec="http://cxf.apache.org/configuration/security"; xsi:schemaLocation=" http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd http://cxf.apache.org/jaxws - http://cxf.apache.org/schemas/jaxws.xsd - http://www.springframework.org/schema/util - http://www.springframework.org/schema/util/spring-util-4.3.xsd - http://cxf.apache.org/transports/http/configuration - http://cxf.apache.org/schemas/configuration/http-conf.xsd - http://cxf.apache.org/configuration/security - http://cxf.apache.org/schemas/configuration/security.xsd";> + http://cxf.apache.org/schemas/jaxws.xsd";> <import resource="classpath:META-INF/cxf/cxf.xml" /> @@ -85,4 +75,3 @@ </jaxws:endpoint> </beans> - diff --git a/services/sts/src/main/webapp/WEB-INF/data/realms.xml b/services/sts/src/main/webapp/WEB-INF/data/realms.xml index 54e49c1..53c0c92 100644 --- a/services/sts/src/main/webapp/WEB-INF/data/realms.xml +++ b/services/sts/src/main/webapp/WEB-INF/data/realms.xml @@ -18,26 +18,13 @@ under the License. --> <beans xmlns="http://www.springframework.org/schema/beans"; - xmlns:cxf="http://cxf.apache.org/core"; - xmlns:jaxws="http://cxf.apache.org/jaxws"; - xmlns:test="http://apache.org/hello_world_soap_http"; - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:util="http://www.springframework.org/schema/util"; - xmlns:http="http://cxf.apache.org/transports/http/configuration"; - xmlns:sec="http://cxf.apache.org/configuration/security"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation=" - http://cxf.apache.org/core - http://cxf.apache.org/schemas/core.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd - http://cxf.apache.org/jaxws - http://cxf.apache.org/schemas/jaxws.xsd http://www.springframework.org/schema/util - http://www.springframework.org/schema/util/spring-util-4.3.xsd - http://cxf.apache.org/transports/http/configuration - http://cxf.apache.org/schemas/configuration/http-conf.xsd - http://cxf.apache.org/configuration/security - http://cxf.apache.org/schemas/configuration/security.xsd";> + http://www.springframework.org/schema/util/spring-util-4.3.xsd";> <bean id="identityMapper" class="org.apache.cxf.fediz.service.sts.realms.IdentityMapperImpl" /> @@ -77,4 +64,3 @@ </util:map> </beans> - diff --git a/services/sts/src/main/webapp/WEB-INF/web.xml b/services/sts/src/main/webapp/WEB-INF/web.xml index a81c163..af4b1ac 100644 --- a/services/sts/src/main/webapp/WEB-INF/web.xml +++ b/services/sts/src/main/webapp/WEB-INF/web.xml @@ -17,9 +17,9 @@ specific language governing permissions and limitations under the License. --> -<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"; - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; - xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd";> +<web-app xmlns="http://java.sun.com/xml/ns/javaee"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"; + version="3.0" metadata-complete="true"> <display-name>CXF STS</display-name> <context-param> diff --git a/systests/custom/src/test/resources/realma/security-up-config.xml b/systests/custom/src/test/resources/realma/security-up-config.xml index 6038bdd..dd381bf 100644 --- a/systests/custom/src/test/resources/realma/security-up-config.xml +++ b/systests/custom/src/test/resources/realma/security-up-config.xml @@ -28,7 +28,7 @@ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd http://www.springframework.org/schema/security - http://www.springframework.org/schema/security/spring-security-3.2.xsd + http://www.springframework.org/schema/security/spring-security.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.3.xsd "> diff --git a/systests/federation/samlsso/src/test/resources/realmb/security-config.xml b/systests/federation/samlsso/src/test/resources/realmb/security-config.xml index 866d2e9..c549ef6 100644 --- a/systests/federation/samlsso/src/test/resources/realmb/security-config.xml +++ b/systests/federation/samlsso/src/test/resources/realmb/security-config.xml @@ -27,7 +27,7 @@ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd http://www.springframework.org/schema/security - http://www.springframework.org/schema/security/spring-security-3.2.xsd + http://www.springframework.org/schema/security/spring-security.xsd "> <context:property-placeholder location="classpath:realm.properties"/> @@ -41,6 +41,11 @@ <!-- The user has no role during the login phase of WS-Federation --> <security:global-method-security pre-post-annotations="enabled"/> + <!-- Remove the ROLE_ prefix --> + <bean id="grantedAuthorityDefaults" class="org.springframework.security.config.core.GrantedAuthorityDefaults"> + <constructor-arg value="" /> + </bean> + <security:http pattern="/services/rs/**" use-expressions="true" authentication-manager-ref="restAuthenticationManager"> <security:custom-filter after="CHANNEL_FILTER" ref="stsPortFilter" /> <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" /> diff --git a/systests/federation/unknown-subject/src/test/resources/realmb/security-config.xml b/systests/federation/unknown-subject/src/test/resources/realmb/security-config.xml index 866d2e9..84f3838 100644 --- a/systests/federation/unknown-subject/src/test/resources/realmb/security-config.xml +++ b/systests/federation/unknown-subject/src/test/resources/realmb/security-config.xml @@ -27,7 +27,7 @@ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd http://www.springframework.org/schema/security - http://www.springframework.org/schema/security/spring-security-3.2.xsd + http://www.springframework.org/schema/security/spring-security.xsd "> <context:property-placeholder location="classpath:realm.properties"/> diff --git a/systests/federation/wsfed/src/test/resources/realmb/security-config.xml b/systests/federation/wsfed/src/test/resources/realmb/security-config.xml index 866d2e9..c549ef6 100644 --- a/systests/federation/wsfed/src/test/resources/realmb/security-config.xml +++ b/systests/federation/wsfed/src/test/resources/realmb/security-config.xml @@ -27,7 +27,7 @@ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd http://www.springframework.org/schema/security - http://www.springframework.org/schema/security/spring-security-3.2.xsd + http://www.springframework.org/schema/security/spring-security.xsd "> <context:property-placeholder location="classpath:realm.properties"/> @@ -41,6 +41,11 @@ <!-- The user has no role during the login phase of WS-Federation --> <security:global-method-security pre-post-annotations="enabled"/> + <!-- Remove the ROLE_ prefix --> + <bean id="grantedAuthorityDefaults" class="org.springframework.security.config.core.GrantedAuthorityDefaults"> + <constructor-arg value="" /> + </bean> + <security:http pattern="/services/rs/**" use-expressions="true" authentication-manager-ref="restAuthenticationManager"> <security:custom-filter after="CHANNEL_FILTER" ref="stsPortFilter" /> <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" /> diff --git a/systests/idp/pom.xml b/systests/idp/pom.xml index 9ec766f..45c9807 100644 --- a/systests/idp/pom.xml +++ b/systests/idp/pom.xml @@ -130,7 +130,7 @@ <version>${project.version}</version> <type>war</type> <overWrite>true</overWrite> - <outputDirectory>target/tomcat/idp/webapps/fediz-idp</outputDirectory> + <outputDirectory>${project.build.directory}/tomcat/idp/webapps/fediz-idp</outputDirectory> </artifactItem> <artifactItem> <groupId>org.apache.cxf.fediz</groupId> @@ -138,7 +138,7 @@ <version>${project.version}</version> <type>war</type> <overWrite>true</overWrite> - <outputDirectory>target/tomcat/idp/webapps/fediz-idp-sts</outputDirectory> + <outputDirectory>${project.build.directory}/tomcat/idp/webapps/fediz-idp-sts</outputDirectory> </artifactItem> <artifactItem> <groupId>org.apache.cxf.fediz.systests</groupId> @@ -147,7 +147,7 @@ <classifier>tests</classifier> <type>jar</type> <overWrite>true</overWrite> - <outputDirectory>target/test-classes</outputDirectory> + <outputDirectory>${project.build.testOutputDirectory}</outputDirectory> <includes>**/*.jks</includes> </artifactItem> </artifactItems> @@ -169,7 +169,7 @@ <goal>copy-resources</goal> </goals> <configuration> - <outputDirectory>${basedir}/target/tomcat/idp/webapps/fediz-idp/WEB-INF/classes</outputDirectory> + <outputDirectory>${project.build.directory}/tomcat/idp/webapps/fediz-idp/WEB-INF/classes</outputDirectory> <resources> <resource> <directory>${basedir}/src/test/resources/realma</directory> @@ -199,7 +199,7 @@ <wt.headless>true</wt.headless> <idp.https.port>${idp.https.port}</idp.https.port> <rp.https.port>${rp.https.port}</rp.https.port> - <java.util.logging.config.file>${basedir}/target/test-classes/logging.properties</java.util.logging.config.file> + <java.util.logging.config.file>${project.build.testOutputDirectory}/logging.properties</java.util.logging.config.file> </systemPropertyVariables> <includes> <include>**/systests/**</include> diff --git a/systests/samlsso/src/test/resources/rp-server.xml b/systests/samlsso/src/test/resources/rp-server.xml index 31ff812..4a382bf 100644 --- a/systests/samlsso/src/test/resources/rp-server.xml +++ b/systests/samlsso/src/test/resources/rp-server.xml @@ -94,7 +94,6 @@ </Get> </New> </Item> -d </Array> </Set> </New>
