This is an automated email from the ASF dual-hosted git repository.
buhhunyx pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git
The following commit(s) were added to refs/heads/main by this push:
new cd35f25d CXF 3.6.4; baseline Java 11; update keys
cd35f25d is described below
commit cd35f25d2dc0c39387b06d38a1a6cdcfeb683fa6
Author: Alexey Markevich <[email protected]>
AuthorDate: Thu Oct 31 22:12:06 2024 +0100
CXF 3.6.4; baseline Java 11; update keys
---
.github/workflows/pull-request-build.yml | 12 +-
.../src/main/resources/ststrust.jks | Bin 3005 -> 4502 bytes
.../src/main/resources/ststrust.jks | Bin 3005 -> 4502 bytes
.../src/main/resources/ststrust.jks | Bin 3005 -> 4502 bytes
examples/samplekeys/idp-ssl-key.jks | Bin 2071 -> 2578 bytes
examples/samplekeys/idp-ssl-trust.jks | Bin 783 -> 1094 bytes
examples/samplekeys/rp-ssl-key.jks | Bin 2071 -> 2576 bytes
examples/samplekeys/ststrust.jks | Bin 3005 -> 4502 bytes
examples/samplekeys/wsp-ssl-key.jks | Bin 2073 -> 2578 bytes
.../springWebapp/src/main/resources/ststrust.jks | Bin 3005 -> 4502 bytes
.../webapp/src/main/resources/rp-ssl-key.jks | Bin 2071 -> 2576 bytes
.../webapp/src/main/resources/webappKeystore.jks | Bin 1534 -> 1926 bytes
.../service/src/main/resources/ststrust.jks | Bin 3005 -> 4502 bytes
.../cxf/fediz/core/TokenValidatorResponse.java | 10 +-
.../apache/cxf/fediz/core/config/FedizContext.java | 4 +-
.../apache/cxf/fediz/core/config/KeyManager.java | 3 +-
.../org/apache/cxf/fediz/core/config/Protocol.java | 2 +-
.../core/processor/AbstractFedizProcessor.java | 6 +-
.../core/processor/FederationProcessorImpl.java | 2 +-
.../core/saml/FedizSignatureTrustValidator.java | 4 +-
.../org/apache/cxf/fediz/core/util/DOMUtils.java | 4 +-
plugins/core/src/test/resources/ststrust.jks | Bin 4953 -> 5606 bytes
.../FederationAuthenticationProvider.java | 2 +-
.../FederationAuthenticationToken.java | 4 +-
pom.xml | 170 +++++++--------------
.../service/idp/STSAuthenticationProvider.java | 2 +-
.../KerberosAuthenticationProcessingFilter.java | 17 +--
.../service/idp/kerberos/KerberosEntryPoint.java | 15 --
.../idp/kerberos/KerberosServiceRequestToken.java | 15 --
.../AbstractTrustedIdpOAuth2ProtocolHandler.java | 2 +-
services/idp/src/main/resources/idp-ssl-key.jks | Bin 2071 -> 2578 bytes
services/idp/src/main/resources/idp-ssl-trust.jks | Bin 783 -> 1094 bytes
.../WEB-INF/config/security-clientcert-config.xml | 14 +-
.../webapp/WEB-INF/config/security-krb-config.xml | 18 ++-
.../webapp/WEB-INF/config/security-rs-config.xml | 6 +-
.../webapp/WEB-INF/config/security-up-config.xml | 14 +-
.../src/main/webapp/WEB-INF/security-config.xml | 4 +-
services/idp/src/test/resources/idp-ssl-key.jks | Bin 2071 -> 2578 bytes
services/sts/src/main/resources/ststrust.jks | Bin 3908 -> 4502 bytes
.../test/resources/realma/security-up-config.xml | 72 +++++----
.../samlWebapp/src/main/resources/ststrust.jks | Bin 3005 -> 4502 bytes
systests/tests/README | 7 +
systests/tests/src/test/resources/server.jks | Bin 4466 -> 5186 bytes
43 files changed, 161 insertions(+), 248 deletions(-)
diff --git a/.github/workflows/pull-request-build.yml
b/.github/workflows/pull-request-build.yml
index 8e2630d8..3fd1e53b 100644
--- a/.github/workflows/pull-request-build.yml
+++ b/.github/workflows/pull-request-build.yml
@@ -11,18 +11,18 @@ jobs:
build:
runs-on: ubuntu-latest
permissions:
- contents: read
+ contents: read
pull-requests: read
timeout-minutes: 130
steps:
- - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
- - name: Set up JDK 8
- uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 #
v4.2.1
+ - uses: actions/checkout@v4
+ - name: Set up JDK 11
+ uses: actions/setup-java@v4
with:
- java-version: '8'
+ java-version: '11'
distribution: 'temurin'
cache: maven
- name: Build with Apache Maven
- run: mvn -U clean install -Djava.awt.headless=true -fae -B -Peverything
+ run: mvn -U clean install -Djava.awt.headless=true -fae -B
env:
MAVEN_OPTS: "-Xmx1024M"
diff --git a/examples/jaxrsCxfPluginWebapp/src/main/resources/ststrust.jks
b/examples/jaxrsCxfPluginWebapp/src/main/resources/ststrust.jks
index f3e111c2..b167b9a1 100644
Binary files a/examples/jaxrsCxfPluginWebapp/src/main/resources/ststrust.jks
and b/examples/jaxrsCxfPluginWebapp/src/main/resources/ststrust.jks differ
diff --git a/examples/jaxrsSimpleWebapp/src/main/resources/ststrust.jks
b/examples/jaxrsSimpleWebapp/src/main/resources/ststrust.jks
index f3e111c2..b167b9a1 100644
Binary files a/examples/jaxrsSimpleWebapp/src/main/resources/ststrust.jks and
b/examples/jaxrsSimpleWebapp/src/main/resources/ststrust.jks differ
diff --git a/examples/jaxrsSpringSecurityWebapp/src/main/resources/ststrust.jks
b/examples/jaxrsSpringSecurityWebapp/src/main/resources/ststrust.jks
index f3e111c2..b167b9a1 100644
Binary files
a/examples/jaxrsSpringSecurityWebapp/src/main/resources/ststrust.jks and
b/examples/jaxrsSpringSecurityWebapp/src/main/resources/ststrust.jks differ
diff --git a/examples/samplekeys/idp-ssl-key.jks
b/examples/samplekeys/idp-ssl-key.jks
index 1f96931a..4c7fa208 100644
Binary files a/examples/samplekeys/idp-ssl-key.jks and
b/examples/samplekeys/idp-ssl-key.jks differ
diff --git a/examples/samplekeys/idp-ssl-trust.jks
b/examples/samplekeys/idp-ssl-trust.jks
index 9449482c..78528e65 100644
Binary files a/examples/samplekeys/idp-ssl-trust.jks and
b/examples/samplekeys/idp-ssl-trust.jks differ
diff --git a/examples/samplekeys/rp-ssl-key.jks
b/examples/samplekeys/rp-ssl-key.jks
index 0e91318f..99fb35f1 100644
Binary files a/examples/samplekeys/rp-ssl-key.jks and
b/examples/samplekeys/rp-ssl-key.jks differ
diff --git a/examples/samplekeys/ststrust.jks b/examples/samplekeys/ststrust.jks
index f3e111c2..b167b9a1 100644
Binary files a/examples/samplekeys/ststrust.jks and
b/examples/samplekeys/ststrust.jks differ
diff --git a/examples/samplekeys/wsp-ssl-key.jks
b/examples/samplekeys/wsp-ssl-key.jks
index a1e1458c..d9945efe 100644
Binary files a/examples/samplekeys/wsp-ssl-key.jks and
b/examples/samplekeys/wsp-ssl-key.jks differ
diff --git a/examples/springWebapp/src/main/resources/ststrust.jks
b/examples/springWebapp/src/main/resources/ststrust.jks
index f3e111c2..b167b9a1 100644
Binary files a/examples/springWebapp/src/main/resources/ststrust.jks and
b/examples/springWebapp/src/main/resources/ststrust.jks differ
diff --git a/examples/wsclientWebapp/webapp/src/main/resources/rp-ssl-key.jks
b/examples/wsclientWebapp/webapp/src/main/resources/rp-ssl-key.jks
index 0e91318f..99fb35f1 100644
Binary files a/examples/wsclientWebapp/webapp/src/main/resources/rp-ssl-key.jks
and b/examples/wsclientWebapp/webapp/src/main/resources/rp-ssl-key.jks differ
diff --git
a/examples/wsclientWebapp/webapp/src/main/resources/webappKeystore.jks
b/examples/wsclientWebapp/webapp/src/main/resources/webappKeystore.jks
index f71c372f..8cb041e0 100644
Binary files
a/examples/wsclientWebapp/webapp/src/main/resources/webappKeystore.jks and
b/examples/wsclientWebapp/webapp/src/main/resources/webappKeystore.jks differ
diff --git
a/examples/wsclientWebapp/webservice/service/src/main/resources/ststrust.jks
b/examples/wsclientWebapp/webservice/service/src/main/resources/ststrust.jks
index f3e111c2..b167b9a1 100644
Binary files
a/examples/wsclientWebapp/webservice/service/src/main/resources/ststrust.jks
and
b/examples/wsclientWebapp/webservice/service/src/main/resources/ststrust.jks
differ
diff --git
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidatorResponse.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidatorResponse.java
index 963ea24d..0fefe83f 100644
---
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidatorResponse.java
+++
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidatorResponse.java
@@ -24,13 +24,13 @@ import java.util.List;
public class TokenValidatorResponse {
- private String username;
- private String uniqueTokenId;
+ private final String username;
+ private final String uniqueTokenId;
@Deprecated
private List<String> roles;
- private String issuer;
- private String audience;
- private List<Claim> claims;
+ private final String issuer;
+ private final String audience;
+ private final List<Claim> claims;
private Instant expires;
private Instant created;
diff --git
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
index c01b58af..358a9def 100644
---
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
+++
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
@@ -65,13 +65,13 @@ public class FedizContext implements Closeable {
private static final Logger LOG =
LoggerFactory.getLogger(FedizContext.class);
- private ContextConfig config;
+ private final ContextConfig config;
private boolean detectReplayedTokens = true;
private String relativePath;
private ReplayCache replayCache;
private Protocol protocol;
- private List<TrustManager> certificateStores = new ArrayList<>();
+ private final List<TrustManager> certificateStores = new ArrayList<>();
private KeyManager keyManager;
private KeyManager decryptionKeyManager;
private ClassLoader classloader;
diff --git
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/KeyManager.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/KeyManager.java
index 3a89b9f3..cb785eec 100644
---
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/KeyManager.java
+++
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/KeyManager.java
@@ -24,7 +24,7 @@ import org.apache.wss4j.common.crypto.Crypto;
public class KeyManager {
- private KeyManagersType keyManagerType;
+ private final KeyManagersType keyManagerType;
private Crypto crypto;
private String name;
@@ -63,5 +63,4 @@ public class KeyManager {
return keyManagerType.getKeyPassword();
}
-
}
diff --git
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Protocol.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Protocol.java
index 84431ff0..75fb6da5 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Protocol.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Protocol.java
@@ -41,7 +41,7 @@ public abstract class Protocol {
private ClassLoader classloader;
private Object issuer;
private Object realm;
- private List<TokenValidator> validators = new ArrayList<>();
+ private final List<TokenValidator> validators = new ArrayList<>();
private Object reply;
private Object signInQuery;
diff --git
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/AbstractFedizProcessor.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/AbstractFedizProcessor.java
index 354408c3..a70fab7f 100644
---
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/AbstractFedizProcessor.java
+++
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/AbstractFedizProcessor.java
@@ -126,13 +126,13 @@ public abstract class AbstractFedizProcessor implements
FedizProcessor {
for (Claim c : claims) {
if (roleURI.equals(c.getClaimType())) {
Object oValue = c.getValue();
- if ((oValue instanceof String) && !"".equals(oValue)) {
+ if (oValue instanceof String && !"".equals(oValue)) {
roles = Collections.singletonList((String) oValue);
- } else if ((oValue instanceof List<?>) && !((List<?>)
oValue).isEmpty()) {
+ } else if (oValue instanceof List<?> && !((List<?>)
oValue).isEmpty()) {
@SuppressWarnings("unchecked")
List<String> values = (List<String>) oValue;
roles = Collections.unmodifiableList(values);
- } else if (!((oValue instanceof String) || (oValue instanceof
List<?>))) {
+ } else if (!(oValue instanceof String || oValue instanceof
List<?>)) {
LOG.error("Unsupported value type of Claim value");
throw new IllegalStateException("Unsupported value type of
Claim value");
}
diff --git
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
index 701e9175..76fc49a5 100644
---
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
+++
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
@@ -716,7 +716,7 @@ public class FederationProcessorImpl extends
AbstractFedizProcessor {
}
- private static class NOOpProcessor implements Processor {
+ private static final class NOOpProcessor implements Processor {
@Override
public List<WSSecurityEngineResult> handleToken(Element arg0,
RequestData arg1)
diff --git
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/FedizSignatureTrustValidator.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/FedizSignatureTrustValidator.java
index fbe7132b..c8328437 100644
---
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/FedizSignatureTrustValidator.java
+++
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/FedizSignatureTrustValidator.java
@@ -86,8 +86,8 @@ public class FedizSignatureTrustValidator implements
Validator {
*/
public Credential validate(Credential credential, RequestData data) throws
WSSecurityException {
if (credential == null
- || ((credential.getCertificates() == null ||
credential.getCertificates().length == 0)
- && credential.getPublicKey() == null)) {
+ || (credential.getCertificates() == null ||
credential.getCertificates().length == 0)
+ && credential.getPublicKey() == null) {
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCredential");
}
diff --git
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/DOMUtils.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/DOMUtils.java
index bc5d32bb..45fdf401 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/DOMUtils.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/DOMUtils.java
@@ -487,7 +487,7 @@ public final class DOMUtils {
Node node = atts.item(i);
String name = node.getNodeName();
if (ns.equals(node.getNodeValue())
- && (name != null && (XMLNAMESPACE.equals(name) ||
name.startsWith(XMLNAMESPACE + ":")))) {
+ && name != null && (XMLNAMESPACE.equals(name) ||
name.startsWith(XMLNAMESPACE + ":"))) {
return node.getLocalName();
}
}
@@ -522,7 +522,7 @@ public final class DOMUtils {
Node node = atts.item(i);
String name = node.getNodeName();
if (namespaceUri.equals(node.getNodeValue())
- && (name != null && (XMLNAMESPACE.equals(name) ||
name.startsWith(XMLNAMESPACE + ":")))) {
+ && name != null && (XMLNAMESPACE.equals(name) ||
name.startsWith(XMLNAMESPACE + ":"))) {
prefixes.add(node.getPrefix());
}
}
diff --git a/plugins/core/src/test/resources/ststrust.jks
b/plugins/core/src/test/resources/ststrust.jks
index a6cd8ae7..ad86fe46 100644
Binary files a/plugins/core/src/test/resources/ststrust.jks and
b/plugins/core/src/test/resources/ststrust.jks differ
diff --git
a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationProvider.java
b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationProvider.java
index 74cb3554..6eaafb9d 100644
---
a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationProvider.java
+++
b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationProvider.java
@@ -96,7 +96,7 @@ public class FederationAuthenticationProvider implements
AuthenticationProvider,
}
// Ensure credentials are provided
- if ((authentication.getCredentials() == null) ||
"".equals(authentication.getCredentials())) {
+ if (authentication.getCredentials() == null ||
"".equals(authentication.getCredentials())) {
throw new
BadCredentialsException(messages.getMessage("FederationAuthenticationProvider.noSignInRequest",
"Failed to get SignIn request"));
}
diff --git
a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java
b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java
index 849f5127..e84e2138 100644
---
a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java
+++
b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java
@@ -54,8 +54,8 @@ public class FederationAuthenticationToken extends
AbstractAuthenticationToken
final FedizResponse response) {
super(authorities);
- if ((principal == null) || "".equals(principal) || (credentials ==
null)
- || "".equals(credentials) || (authorities == null) || (userDetails
== null) || (response == null)) {
+ if (principal == null || "".equals(principal) || credentials == null
+ || "".equals(credentials) || authorities == null || userDetails ==
null || response == null) {
throw new IllegalArgumentException("Cannot pass null or empty
values to constructor");
}
diff --git a/pom.xml b/pom.xml
index bdd055a4..b21c7124 100644
--- a/pom.xml
+++ b/pom.xml
@@ -29,7 +29,7 @@
<parent>
<groupId>org.apache</groupId>
<artifactId>apache</artifactId>
- <version>31</version>
+ <version>33</version>
</parent>
<prerequisites>
@@ -40,42 +40,41 @@
<apacheds.version>2.0.0.AM27</apacheds.version>
<bval.version>2.0.6</bval.version>
<commons.dbcp2.version>2.12.0</commons.dbcp2.version>
- <commons.logging.version>1.2</commons.logging.version>
- <commons.text.version>1.11.0</commons.text.version>
- <commons.validator.version>1.8.0</commons.validator.version>
- <cxf.version>3.5.8</cxf.version>
+ <commons.text.version>1.12.0</commons.text.version>
+ <commons.validator.version>1.9.0</commons.validator.version>
+ <cxf.version>3.6.4</cxf.version>
<cxf.build-utils.version>3.4.4</cxf.build-utils.version>
- <easymock.version>5.2.0</easymock.version>
- <ehcache3.version>3.9.11</ehcache3.version>
+ <easymock.version>5.4.0</easymock.version>
+ <ehcache3.version>3.10.8</ehcache3.version>
<jcache.version>1.1.1</jcache.version>
<hsqldb.version>2.5.2</hsqldb.version>
<htmlunit.version>2.70.0</htmlunit.version>
- <jackson.version>2.17.0</jackson.version>
+ <jackson.version>2.17.1</jackson.version>
<jaxb.runtime.version>2.3.9</jaxb.runtime.version>
<jaxb.version>2.3.3</jaxb.version>
- <jetty9.version>9.4.54.v20240208</jetty9.version>
- <junit.version>5.10.2</junit.version>
+ <jetty9.version>9.4.55.v20240627</jetty9.version>
+ <junit.version>5.10.3</junit.version>
<kerby.version>2.0.3</kerby.version>
- <log4j.version>2.23.1</log4j.version>
+ <log4j.version>2.24.1</log4j.version>
<openjpa.version>3.2.2</openjpa.version>
<servlet.version>4.0.1</servlet.version>
<slf4j.version>1.7.36</slf4j.version>
- <spring.version>5.3.33</spring.version>
+ <spring.version>5.3.37</spring.version>
<spring-ldap-core.version>2.4.1</spring-ldap-core.version>
- <spring.security.version>5.6.12</spring.security.version>
+ <spring.security.version>5.8.11</spring.security.version>
<spring-webflow.version>2.5.1.RELEASE</spring-webflow.version>
- <tomcat.version>9.0.87</tomcat.version>
+ <tomcat.version>9.0.90</tomcat.version>
<validation-api.version>2.0.2</validation-api.version>
<wss4j.version>2.4.3</wss4j.version>
<tomcat.url>http://localhost:8080/manager/text</tomcat.url>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
- <jdk.version>1.8</jdk.version>
+ <maven.compiler.release>11</maven.compiler.release>
<compiler.fork>false</compiler.fork>
<fediz.protect-xmlschema-collections>false</fediz.protect-xmlschema-collections>
- <fediz.surefire.fork.mode>once</fediz.surefire.fork.mode>
+ <fediz.surefire.fork.count>1</fediz.surefire.fork.count>
<fediz.surefire.format>brief</fediz.surefire.format>
<fediz.surefire.usefile>false</fediz.surefire.usefile>
<fediz.surefire.parallel.mode />
@@ -275,9 +274,43 @@
<scope>import</scope>
<type>pom</type>
</dependency>
+ <dependency>
+ <groupId>org.ehcache</groupId>
+ <artifactId>ehcache</artifactId>
+ <version>${ehcache3.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.glassfish.jaxb</groupId>
+ <artifactId>jaxb-runtime</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
</dependencies>
</dependencyManagement>
+ <dependencies>
+ <dependency>
+ <groupId>jakarta.xml.bind</groupId>
+ <artifactId>jakarta.xml.bind-api</artifactId>
+ <version>${jaxb.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.glassfish.jaxb</groupId>
+ <artifactId>jaxb-runtime</artifactId>
+ <version>${jaxb.runtime.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>jakarta.annotation</groupId>
+ <artifactId>jakarta.annotation-api</artifactId>
+ <version>1.3.5</version>
+ </dependency>
+ <dependency>
+ <groupId>jakarta.xml.ws</groupId>
+ <artifactId>jakarta.xml.ws-api</artifactId>
+ <version>2.3.3</version>
+ </dependency>
+ </dependencies>
+
<build>
<defaultGoal>install</defaultGoal>
@@ -316,13 +349,15 @@
<version>3.6.3</version>
<configuration>
<attach>true</attach>
- <source>${jdk.version}</source>
<quiet>true</quiet>
<bottom>Apache Fediz</bottom>
<encoding>UTF-8</encoding>
<detectOfflineLinks>false</detectOfflineLinks>
<notimestamp>true</notimestamp>
<!--subpackages>org.apache.cxf</subpackages-->
+ <additionalJOptions>
+
<additionalJOption>-Xdoclint:none</additionalJOption>
+ </additionalJOptions>
</configuration>
</plugin>
<plugin>
@@ -335,8 +370,6 @@
<artifactId>maven-compiler-plugin</artifactId>
<version>3.13.0</version>
<configuration>
- <source>${jdk.version}</source>
- <target>${jdk.version}</target>
<compilerArgs>
<arg>-XDcompilePolicy=simple</arg>
<arg>-Xplugin:ErrorProne</arg>
@@ -373,7 +406,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-report-plugin</artifactId>
- <version>3.2.5</version>
+ <version>3.3.1</version>
</plugin>
<!-- TODO commented out for now
<plugin>
@@ -442,7 +475,7 @@
<dependency>
<groupId>com.puppycrawl.tools</groupId>
<artifactId>checkstyle</artifactId>
- <version>8.41</version>
+ <version>10.17.0</version>
</dependency>
</dependencies>
<configuration>
@@ -485,7 +518,6 @@
<ruleset>${fediz.resources.base.path}cxf-pmd-ruleset.xml</ruleset>
<ruleset>${fediz.resources.base.path}cxf-pmd-custom.xml</ruleset>
</rulesets>
- <targetJdk>${jdk.version}</targetJdk>
<failOnViolation>true</failOnViolation>
<linkXRef>false</linkXRef>
<includeTests>true</includeTests>
@@ -507,7 +539,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
- <version>3.2.5</version>
+ <version>3.3.1</version>
<configuration>
<includes>
<include>**/*Test.java</include>
@@ -523,7 +555,7 @@
<runOrder>alphabetical</runOrder>
<reportFormat>${fediz.surefire.format}</reportFormat>
<useFile>${fediz.surefire.usefile}</useFile>
- <forkMode>${fediz.surefire.fork.mode}</forkMode>
+ <forkCount>${fediz.surefire.fork.count}</forkCount>
<childDelegation>false</childDelegation>
<argLine>${fediz.surefire.fork.vmargs}</argLine>
<enableAssertions>${fediz.surefire.enable.assertions}</enableAssertions>
@@ -641,8 +673,6 @@
<artifactId>maven-compiler-plugin</artifactId>
<version>3.13.0</version>
<configuration>
- <source>${jdk.version}</source>
- <target>${jdk.version}</target>
<maxmem>256M</maxmem>
<fork>${compiler.fork}</fork>
</configuration>
@@ -671,94 +701,6 @@
</plugins>
</build>
</profile>
- <profile>
- <id>jdk18</id>
- <activation>
- <jdk>1.8</jdk>
- </activation>
- <build>
- <pluginManagement>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-javadoc-plugin</artifactId>
- <configuration>
- <additionalJOptions>
-
<additionalJOption>-Xdoclint:none</additionalJOption>
- </additionalJOptions>
- </configuration>
- </plugin>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-compiler-plugin</artifactId>
- <configuration>
- <fork>true</fork>
- <compilerArgs combine.children="append">
-
<arg>-J-Xbootclasspath/p:${settings.localRepository}/com/google/errorprone/javac/9+181-r4173-1/javac-9+181-r4173-1.jar</arg>
- </compilerArgs>
- </configuration>
- </plugin>
- </plugins>
- </pluginManagement>
- </build>
- </profile>
- <profile>
- <id>jdk9-plus</id>
- <activation>
- <jdk>[9,)</jdk>
- </activation>
- <build>
- <pluginManagement>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-javadoc-plugin</artifactId>
- <configuration>
- <additionalJOptions>
-
<additionalJOption>-Xdoclint:none</additionalJOption>
- </additionalJOptions>
- </configuration>
- </plugin>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-compiler-plugin</artifactId>
- <configuration>
- <fork>true</fork>
- </configuration>
- </plugin>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-assembly-plugin</artifactId>
- <configuration>
-
<finalName>${project.artifactId}-${project.version}-java11</finalName>
- </configuration>
- </plugin>
- </plugins>
- </pluginManagement>
- </build>
- <dependencies>
- <dependency>
- <groupId>jakarta.xml.bind</groupId>
- <artifactId>jakarta.xml.bind-api</artifactId>
- <version>${jaxb.version}</version>
- </dependency>
- <dependency>
- <groupId>org.glassfish.jaxb</groupId>
- <artifactId>jaxb-runtime</artifactId>
- <version>${jaxb.runtime.version}</version>
- </dependency>
- <dependency>
- <groupId>jakarta.annotation</groupId>
- <artifactId>jakarta.annotation-api</artifactId>
- <version>1.3.5</version>
- </dependency>
- <dependency>
- <groupId>jakarta.xml.ws</groupId>
- <artifactId>jakarta.xml.ws-api</artifactId>
- <version>2.3.3</version>
- </dependency>
- </dependencies>
- </profile>
<profile>
<id>fastinstall</id>
<properties>
diff --git
a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
index 9310d5c8..f1ff6878 100644
---
a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
+++
b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
@@ -83,7 +83,7 @@ public abstract class STSAuthenticationProvider implements
AuthenticationProvide
for (Claim c : claims) {
if (c.getClaimType() != null &&
roleURI.equals(c.getClaimType().toString())) {
Object oValue = c.getValue();
- if ((oValue instanceof List<?>) &&
!((List<?>)oValue).isEmpty()) {
+ if (oValue instanceof List<?> &&
!((List<?>)oValue).isEmpty()) {
List<?> values = (List<?>)oValue;
for (Object role : values) {
if (role instanceof String) {
diff --git
a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosAuthenticationProcessingFilter.java
b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosAuthenticationProcessingFilter.java
index 820fb006..c3680637 100644
---
a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosAuthenticationProcessingFilter.java
+++
b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosAuthenticationProcessingFilter.java
@@ -16,21 +16,6 @@
* specific language governing permissions and limitations
* under the License.
*/
-/*
- * Copyright 2002-2008 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
package org.apache.cxf.fediz.service.idp.kerberos;
import java.io.IOException;
@@ -95,7 +80,7 @@ public class KerberosAuthenticationProcessingFilter extends
GenericFilterBean {
}
}
String header = request.getHeader("Authorization");
- if ((header != null) && header.startsWith("Negotiate ")) {
+ if (header != null && header.startsWith("Negotiate ")) {
if (logger.isDebugEnabled()) {
logger.debug("Received Negotiate Header for request " +
request.getRequestURL() + ": " + header);
}
diff --git
a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosEntryPoint.java
b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosEntryPoint.java
index 2115cb1f..d3bac7fd 100644
---
a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosEntryPoint.java
+++
b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosEntryPoint.java
@@ -16,21 +16,6 @@
* specific language governing permissions and limitations
* under the License.
*/
-/*
- * Copyright 2009 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
package org.apache.cxf.fediz.service.idp.kerberos;
import java.io.IOException;
diff --git
a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosServiceRequestToken.java
b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosServiceRequestToken.java
index d16320ed..dae1deef 100644
---
a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosServiceRequestToken.java
+++
b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosServiceRequestToken.java
@@ -16,21 +16,6 @@
* specific language governing permissions and limitations
* under the License.
*/
-/*
- * Copyright 2009 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
package org.apache.cxf.fediz.service.idp.kerberos;
import java.util.Arrays;
diff --git
a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/AbstractTrustedIdpOAuth2ProtocolHandler.java
b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/AbstractTrustedIdpOAuth2ProtocolHandler.java
index 57e95727..9c2efa15 100644
---
a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/AbstractTrustedIdpOAuth2ProtocolHandler.java
+++
b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/AbstractTrustedIdpOAuth2ProtocolHandler.java
@@ -161,7 +161,7 @@ public abstract class
AbstractTrustedIdpOAuth2ProtocolHandler extends AbstractTr
return assertion;
}
- private static class SamlCallbackHandler implements CallbackHandler {
+ private static final class SamlCallbackHandler implements CallbackHandler {
private ConditionsBean conditionsBean;
private SubjectBean subjectBean;
private String issuer;
diff --git a/services/idp/src/main/resources/idp-ssl-key.jks
b/services/idp/src/main/resources/idp-ssl-key.jks
index 1f96931a..4c7fa208 100644
Binary files a/services/idp/src/main/resources/idp-ssl-key.jks and
b/services/idp/src/main/resources/idp-ssl-key.jks differ
diff --git a/services/idp/src/main/resources/idp-ssl-trust.jks
b/services/idp/src/main/resources/idp-ssl-trust.jks
index 9449482c..78528e65 100644
Binary files a/services/idp/src/main/resources/idp-ssl-trust.jks and
b/services/idp/src/main/resources/idp-ssl-trust.jks differ
diff --git
a/services/idp/src/main/webapp/WEB-INF/config/security-clientcert-config.xml
b/services/idp/src/main/webapp/WEB-INF/config/security-clientcert-config.xml
index c9b547f3..85f7cbd2 100644
--- a/services/idp/src/main/webapp/WEB-INF/config/security-clientcert-config.xml
+++ b/services/idp/src/main/webapp/WEB-INF/config/security-clientcert-config.xml
@@ -34,7 +34,7 @@
<!-- <security:debug /> -->
<!-- SSL Client Cert entry point for WS-Federation -->
- <security:http pattern="/federation/clientcert" use-expressions="true">
+ <security:http pattern="/federation/clientcert" use-expressions="true"
authentication-manager-ref="clientCertAuthenticationManager">
<security:intercept-url requires-channel="https"
pattern="/federation/clientcert/login*" access="isAuthenticated()" />
<security:custom-filter after="CHANNEL_FILTER"
ref="stsClientCertPortFilter" />
<security:custom-filter after="SERVLET_API_SUPPORT_FILTER"
ref="entitlementsEnricher" />
@@ -50,7 +50,7 @@
</security:http>
<!-- SSL Client Cert entry point for SAML SSO -->
- <security:http pattern="/saml/clientcert" use-expressions="true">
+ <security:http pattern="/saml/clientcert" use-expressions="true"
authentication-manager-ref="clientCertAuthenticationManager">
<security:intercept-url requires-channel="https"
pattern="/saml/clientcert/login*" access="isAuthenticated()" />
<security:custom-filter after="CHANNEL_FILTER"
ref="stsClientCertPortFilter" />
<security:custom-filter after="SERVLET_API_SUPPORT_FILTER"
ref="entitlementsEnricher" />
@@ -68,12 +68,12 @@
<bean id="stsClientCertPortFilter"
class="org.apache.cxf.fediz.service.idp.STSPortFilter">
<property name="authenticationProvider"
ref="stsClientCertAuthProvider" />
</bean>
-
+
<util:map id="securityProperties">
<entry key="ws-security.username" value="idp-user" />
<entry key="ws-security.password" value="idp-pass" />
</util:map>
-
+
<bean id="stsClientCertAuthProvider"
class="org.apache.cxf.fediz.service.idp.STSPreAuthAuthenticationProvider">
<property name="wsdlLocation"
value="https://localhost:0/fediz-idp-sts/${realm.STS_URI}/STSServiceTransportUT?wsdl";
/>
<property name="wsdlEndpoint" value="TransportUT_Port" />
@@ -82,5 +82,9 @@
<property name="tokenType"
value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";
/>
<property name="properties" ref="securityProperties" />
</bean>
-
+
+ <security:authentication-manager id="clientCertAuthenticationManager">
+ <security:authentication-provider ref="stsClientCertAuthProvider" />
+ </security:authentication-manager>
+
</beans>
diff --git
a/services/idp/src/main/webapp/WEB-INF/config/security-krb-config.xml
b/services/idp/src/main/webapp/WEB-INF/config/security-krb-config.xml
index 2a3814c4..dfebce3b 100644
--- a/services/idp/src/main/webapp/WEB-INF/config/security-krb-config.xml
+++ b/services/idp/src/main/webapp/WEB-INF/config/security-krb-config.xml
@@ -33,13 +33,13 @@
<!-- Kerberos entry point -->
<bean id="kerberosEntryPoint"
class="org.apache.cxf.fediz.service.idp.kerberos.KerberosEntryPoint"
/>
-
+
<bean id="kerberosAuthenticationProcessingFilter"
class="org.apache.cxf.fediz.service.idp.kerberos.KerberosAuthenticationProcessingFilter">
- <property name="authenticationManager" ref="authenticationManagers"
/>
+ <property name="authenticationManager"
ref="krbAuthenticationManager" />
</bean>
-
- <security:http pattern="/federation/krb" use-expressions="true"
entry-point-ref="kerberosEntryPoint">
+
+ <security:http pattern="/federation/krb" use-expressions="true"
entry-point-ref="kerberosEntryPoint"
authentication-manager-ref="krbAuthenticationManager">
<security:intercept-url requires-channel="https"
pattern="/federation/krb/login*" access="isAuthenticated()" />
<security:custom-filter after="CHANNEL_FILTER" ref="stsKrbPortFilter"
/>
<security:custom-filter after="SERVLET_API_SUPPORT_FILTER"
ref="entitlementsEnricher" />
@@ -54,7 +54,7 @@
</security:headers>
</security:http>
- <security:http pattern="/saml/krb" use-expressions="true"
entry-point-ref="kerberosEntryPoint">
+ <security:http pattern="/saml/krb" use-expressions="true"
entry-point-ref="kerberosEntryPoint"
authentication-manager-ref="krbAuthenticationManager">
<security:intercept-url requires-channel="https"
pattern="/saml/krb/login*" access="isAuthenticated()" />
<security:custom-filter after="CHANNEL_FILTER" ref="stsKrbPortFilter"
/>
<security:custom-filter after="SERVLET_API_SUPPORT_FILTER"
ref="entitlementsEnricher" />
@@ -77,8 +77,8 @@
<property name="contextName" value="bob" />
<property name="serviceName" value="[email protected]" />
</bean>-->
-
- <!-- Kerberos authentication provider -->
+
+ <!-- Kerberos authentication provider -->
<bean id="stsKrbAuthProvider"
class="org.apache.cxf.fediz.service.idp.STSKrbAuthenticationProvider">
<property name="wsdlLocation"
value="https://localhost:0/fediz-idp-sts/${realm.STS_URI}/STSServiceTransportKerberos?wsdl";
/>
<property name="wsdlEndpoint" value="TransportKerberos_Port" />
@@ -89,4 +89,8 @@
<property name="requireDelegation" value="true" />-->
</bean>
+ <security:authentication-manager id="krbAuthenticationManager">
+ <security:authentication-provider ref="stsKrbAuthProvider" />
+ </security:authentication-manager>
+
</beans>
diff --git a/services/idp/src/main/webapp/WEB-INF/config/security-rs-config.xml
b/services/idp/src/main/webapp/WEB-INF/config/security-rs-config.xml
index e30c182d..57879dea 100644
--- a/services/idp/src/main/webapp/WEB-INF/config/security-rs-config.xml
+++ b/services/idp/src/main/webapp/WEB-INF/config/security-rs-config.xml
@@ -45,9 +45,9 @@
</security:http>
<bean id="bCryptPasswordEncoder"
class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />
-
+
<bean id="defaultPasswordEncoder"
class="org.springframework.security.crypto.password.StandardPasswordEncoder" />
-
+
<security:authentication-manager id="restAuthenticationManager">
<security:authentication-provider>
<!-- <security:password-encoder ref="defaultPasswordEncoder" />-->
@@ -61,5 +61,5 @@
</security:authentication-provider>
<security:authentication-provider ref="stsUPAuthProvider" />
</security:authentication-manager>
-
+
</beans>
diff --git a/services/idp/src/main/webapp/WEB-INF/config/security-up-config.xml
b/services/idp/src/main/webapp/WEB-INF/config/security-up-config.xml
index dd608bb6..fe4468f8 100644
--- a/services/idp/src/main/webapp/WEB-INF/config/security-up-config.xml
+++ b/services/idp/src/main/webapp/WEB-INF/config/security-up-config.xml
@@ -33,7 +33,7 @@
<bean id="basicAuthEntryPoint"
class="org.apache.cxf.fediz.service.idp.BasicAuthEntryPoint" />
<!-- HTTP/BA entry point for WS-Federation -->
- <security:http pattern="/federation/up/**" use-expressions="true">
+ <security:http pattern="/federation/up/**" use-expressions="true"
authentication-manager-ref="upAuthenticationManager">
<security:csrf />
<security:intercept-url requires-channel="https"
pattern="/federation/up/login*" access="isAnonymous() or isAuthenticated()" />
<security:custom-filter after="CHANNEL_FILTER" ref="stsUPPortFilter" />
@@ -61,7 +61,7 @@
</security:http>
<!-- HTTP/BA entry point for SAML SSO -->
- <security:http pattern="/saml/up/**" use-expressions="true">
+ <security:http pattern="/saml/up/**" use-expressions="true"
authentication-manager-ref="upAuthenticationManager">
<security:csrf disabled="true"/>
<security:intercept-url requires-channel="https"
pattern="/saml/up/login*" access="isAuthenticated()" />
<security:custom-filter after="CHANNEL_FILTER" ref="stsUPPortFilter" />
@@ -87,11 +87,11 @@
<security:xss-protection />
</security:headers>
</security:http>
-
+
<bean id="stsUPPortFilter"
class="org.apache.cxf.fediz.service.idp.STSPortFilter">
<property name="authenticationProvider" ref="stsUPAuthProvider" />
</bean>
-
+
<!-- U/P Authentication Provider -->
<bean id="stsUPAuthProvider"
class="org.apache.cxf.fediz.service.idp.STSUPAuthenticationProvider">
<property name="wsdlLocation"
value="https://localhost:0/fediz-idp-sts/${realm.STS_URI}/STSServiceTransportUT?wsdl";
/>
@@ -100,5 +100,9 @@
<property name="appliesTo" value="urn:fediz:idp" />
<property name="tokenType"
value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";
/>
</bean>
-
+
+ <security:authentication-manager id="upAuthenticationManager">
+ <security:authentication-provider ref="stsUPAuthProvider" />
+ </security:authentication-manager>
+
</beans>
diff --git a/services/idp/src/main/webapp/WEB-INF/security-config.xml
b/services/idp/src/main/webapp/WEB-INF/security-config.xml
index 5135d89d..80461927 100644
--- a/services/idp/src/main/webapp/WEB-INF/security-config.xml
+++ b/services/idp/src/main/webapp/WEB-INF/security-config.xml
@@ -85,11 +85,11 @@
</security:headers>
</security:http>
- <security:authentication-manager alias="authenticationManagers"
id="authenticationManagers">
+ <!--<security:authentication-manager alias="authenticationManagers"
id="authenticationManagers">
<security:authentication-provider ref="stsUPAuthProvider" />
<security:authentication-provider ref="stsKrbAuthProvider" />
<security:authentication-provider ref="stsClientCertAuthProvider" />
- </security:authentication-manager>
+ </security:authentication-manager>-->
<bean id="entitlementsEnricher"
class="org.apache.cxf.fediz.service.idp.service.security.GrantedAuthorityEntitlements"
/>
diff --git a/services/idp/src/test/resources/idp-ssl-key.jks
b/services/idp/src/test/resources/idp-ssl-key.jks
index 1f96931a..4c7fa208 100644
Binary files a/services/idp/src/test/resources/idp-ssl-key.jks and
b/services/idp/src/test/resources/idp-ssl-key.jks differ
diff --git a/services/sts/src/main/resources/ststrust.jks
b/services/sts/src/main/resources/ststrust.jks
index a17b7e11..b167b9a1 100644
Binary files a/services/sts/src/main/resources/ststrust.jks and
b/services/sts/src/main/resources/ststrust.jks differ
diff --git a/systests/custom/src/test/resources/realma/security-up-config.xml
b/systests/custom/src/test/resources/realma/security-up-config.xml
index 9a8d9bf6..d5d5e54e 100644
--- a/systests/custom/src/test/resources/realma/security-up-config.xml
+++ b/systests/custom/src/test/resources/realma/security-up-config.xml
@@ -20,17 +20,11 @@
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:security="http://www.springframework.org/schema/security";
- xmlns:context="http://www.springframework.org/schema/context";
- xmlns:util="http://www.springframework.org/schema/util";
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/context
- http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd
- http://www.springframework.org/schema/util
- http://www.springframework.org/schema/util/spring-util.xsd
">
<!-- DISABLE in production as it might log confidential information about
the user -->
@@ -39,52 +33,52 @@
<bean id="requestContextFilter"
class="org.springframework.web.filter.RequestContextFilter"/>
<!-- HTTP/BA entry point for WS-Federation -->
- <security:http pattern="/federation/up/**" use-expressions="true">
- <security:intercept-url requires-channel="https"
pattern="/federation/up/login*" access="isAuthenticated()" />
+ <security:http pattern="/federation/up/**" use-expressions="true"
authentication-manager-ref="upAuthenticationManager">
+ <security:intercept-url requires-channel="https"
pattern="/federation/up/login*" access="isAuthenticated()" />
<security:custom-filter after="CHANNEL_FILTER" ref="stsUPPortFilter" />
<security:custom-filter after="SERVLET_API_SUPPORT_FILTER"
ref="entitlementsEnricher" />
<security:custom-filter before="BASIC_AUTH_FILTER"
ref="requestContextFilter"/>
<security:http-basic />
- <!--security:form-login login-page='/federation/up/login'
- login-processing-url="/federation/up/login.do"
- authentication-failure-url="/federation/up/login?error"
- default-target-url="/"
- username-parameter="username"
- password-parameter="password"
- /-->
- <security:logout logout-url="/federation/up/logout"
- logout-success-url="/federation/up/login?out"
- delete-cookies="FEDIZ_HOME_REALM,JSESSIONID"
- invalidate-session="true"
- />
+ <!--security:form-login login-page='/federation/up/login'
+ login-processing-url="/federation/up/login.do"
+ authentication-failure-url="/federation/up/login?error"
+ default-target-url="/"
+ username-parameter="username"
+ password-parameter="password"
+ /-->
+ <security:logout logout-url="/federation/up/logout"
+ logout-success-url="/federation/up/login?out"
+ delete-cookies="FEDIZ_HOME_REALM,JSESSIONID"
+ invalidate-session="true"
+ />
</security:http>
<!-- HTTP/BA entry point for SAML SSO -->
- <security:http pattern="/saml/up/**" use-expressions="true">
- <security:intercept-url requires-channel="https"
pattern="/saml/up/login*" access="isAuthenticated()" />
+ <security:http pattern="/saml/up/**" use-expressions="true"
authentication-manager-ref="upAuthenticationManager">
+ <security:intercept-url requires-channel="https"
pattern="/saml/up/login*" access="isAuthenticated()" />
<security:custom-filter after="CHANNEL_FILTER" ref="stsUPPortFilter" />
<security:custom-filter after="SERVLET_API_SUPPORT_FILTER"
ref="entitlementsEnricher" />
<security:http-basic />
- <!--security:form-login login-page='/federation/up/login'
- login-processing-url="/federation/up/login.do"
- authentication-failure-url="/federation/up/login?error"
- default-target-url="/"
- username-parameter="username"
- password-parameter="password"
- /-->
- <security:logout logout-url="/saml/up/logout"
- logout-success-url="/saml/up/login?out"
- delete-cookies="FEDIZ_HOME_REALM,JSESSIONID"
- invalidate-session="true"
- />
+ <!--security:form-login login-page='/federation/up/login'
+ login-processing-url="/federation/up/login.do"
+ authentication-failure-url="/federation/up/login?error"
+ default-target-url="/"
+ username-parameter="username"
+ password-parameter="password"
+ /-->
+ <security:logout logout-url="/saml/up/logout"
+ logout-success-url="/saml/up/login?out"
+ delete-cookies="FEDIZ_HOME_REALM,JSESSIONID"
+ invalidate-session="true"
+ />
</security:http>
-
+
<bean id="stsUPPortFilter"
class="org.apache.cxf.fediz.service.idp.STSPortFilter">
<property name="authenticationProvider" ref="stsUPAuthProvider" />
</bean>
-
+
<!-- U/P Authentication Provider -->
<bean id="stsUPAuthProvider"
class="org.apache.cxf.fediz.service.idp.STSUPAuthenticationProvider">
<property name="wsdlLocation"
value="https://localhost:0/fediz-idp-sts/${realm.STS_URI}/STSServiceTransportUT?wsdl";
/>
@@ -94,5 +88,9 @@
<property name="tokenType"
value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";
/>
<property name="customSTSParameter" value="auth_realm" />
</bean>
-
+
+ <security:authentication-manager id="upAuthenticationManager">
+ <security:authentication-provider ref="stsUPAuthProvider" />
+ </security:authentication-manager>
+
</beans>
diff --git a/systests/federation/samlWebapp/src/main/resources/ststrust.jks
b/systests/federation/samlWebapp/src/main/resources/ststrust.jks
index f3e111c2..b167b9a1 100644
Binary files a/systests/federation/samlWebapp/src/main/resources/ststrust.jks
and b/systests/federation/samlWebapp/src/main/resources/ststrust.jks differ
diff --git a/systests/tests/README b/systests/tests/README
new file mode 100644
index 00000000..a019891b
--- /dev/null
+++ b/systests/tests/README
@@ -0,0 +1,7 @@
+# Update 'server.jks'
+
+cp idp-ssl-key.jks server.jks
+
+keytool -import -trustcacerts -keystore server.jks -storepass tompass -alias
mytomidpcert -file MyTCIDP.cer -noprompt
+keytool -import -trustcacerts -keystore server.jks -storepass tompass -alias
realma -file realma.cert -noprompt
+keytool -import -trustcacerts -keystore server.jks -storepass tompass -alias
alice -file alice.cer -noprompt
diff --git a/systests/tests/src/test/resources/server.jks
b/systests/tests/src/test/resources/server.jks
index 87f05072..fff93d1b 100644
Binary files a/systests/tests/src/test/resources/server.jks and
b/systests/tests/src/test/resources/server.jks differ
