Repository: cxf-fediz Updated Branches: refs/heads/master ee4556c78 -> c875b8adf
[FEDIZ-131] Adding first 2 demos - they can be run with any JAX-RS impl with the minimum amount of updates Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/c875b8ad Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/c875b8ad Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/c875b8ad Branch: refs/heads/master Commit: c875b8adf8c306d615436a7cb62816df903b75e8 Parents: ee4556c Author: Sergey Beryozkin <sberyoz...@gmail.com> Authored: Thu Oct 15 11:20:28 2015 +0100 Committer: Sergey Beryozkin <sberyoz...@gmail.com> Committed: Thu Oct 15 11:20:28 2015 +0100 ---------------------------------------------------------------------- examples/jaxrsSimpleWebapp/README.txt | 81 ++++++++++ examples/jaxrsSimpleWebapp/pom.xml | 98 ++++++++++++ .../fediz/example/FederationApplication.java | 30 ++++ .../cxf/fediz/example/FederationService.java | 118 +++++++++++++++ .../src/main/resources/log4j.properties | 22 +++ .../src/main/resources/ststrust.jks | Bin 0 -> 3908 bytes .../src/main/webapp/META-INF/context.xml | 22 +++ .../src/main/webapp/WEB-INF/web.xml | 135 +++++++++++++++++ .../src/main/webapp/index.html | 25 +++ .../src/main/webapp/secure/test.html | 25 +++ examples/jaxrsSpringSecurityWebapp/README.txt | 74 +++++++++ examples/jaxrsSpringSecurityWebapp/pom.xml | 151 +++++++++++++++++++ .../cxf/fediz/example/FederationService.java | 125 +++++++++++++++ .../src/main/resources/log4j.properties | 22 +++ .../src/main/resources/ststrust.jks | Bin 0 -> 3908 bytes .../WEB-INF/applicationContext-security.xml | 101 +++++++++++++ .../src/main/webapp/WEB-INF/fediz_config.xml | 56 +++++++ .../src/main/webapp/WEB-INF/web.xml | 87 +++++++++++ .../src/main/webapp/index.html | 25 +++ .../src/main/webapp/secure/test.html | 25 +++ examples/pom.xml | 2 + 21 files changed, 1224 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c875b8ad/examples/jaxrsSimpleWebapp/README.txt ---------------------------------------------------------------------- diff --git a/examples/jaxrsSimpleWebapp/README.txt b/examples/jaxrsSimpleWebapp/README.txt new file mode 100644 index 0000000..900de36 --- /dev/null +++ b/examples/jaxrsSimpleWebapp/README.txt @@ -0,0 +1,81 @@ +JAX-RS Simple Web Application Demo +================================== + +This demo shows how to build and deploy an SSO protected JAX-RS web application +using Apache CXF Fediz. + +The demo uses Apache CXF CXFServlet. +If you work with Jersey or RESTEasy - please replace CXF specific declarations with your +preferred JAX-RS implementation's Servlet declaration. The application code +is a portable JAX-RS code. + +Running this sample consists of four steps: + +- Configure the Tomcat-IDP and Servlet Container for RP instances +- Building the demo using Maven +- Deploying the demo to the RP instance +- Testing the demo + +Please review the README in the samples main directory before continuing. + +Configure the Tomcat-IDP and Servlet Container for RP instances +--------------------------------------------------------------- +First, make sure the separate Tomcat instance hosting the Fediz IDP and IDP +STS has been configured and is running as described here: +http://cxf.apache.org/fediz-idp.html. Confirm the STS is active by +checking that the WSDL is viewable from the browser using the URL given +on that page--don't proceed further unless it is. + +The benefit of using Spring Security which is packaged with the demo application +there are no plugin deployments required for the RP Servlet Container. +See this wiki page for instructions: +http://cxf.apache.org/fediz-spring.html -- the "HTTPS Configuration" sections +are the only parts that need configuration for this sample. + + +Demo Web Application +-------------------- +The main code lives in the class FederationService. This JAX-RS Service is protected +and can be accessed only if the browser user is authenticated. The purpose of +the FederationServlet is to illustrate the usage of the Spring Security API and +Configuration to get the authenticated user and to check the roles he has. Further, +the FederationServlet shows how to access claims data (user data) which were +stored in the SAML token by using the Fediz interface FedizPrincipal. +Beyond that, the FederationService illustrates how to access the SAML token +if required. The classes SecurityTokenThreadLocal.java and FederationFilter.java +can be used to achieve that. You could get this information directly from the +HTTP session. + + +Building the demo using Maven +----------------------------- +From the base directory of this sample (i.e., where this README file is +located), the pom.xml file is used to build and run the demo. From a +command prompt, enter: + + mvn clean install (builds the demo and creates a WAR file for Servlet deployment) + + +Deploying the demo to Tomcat +---------------------------- +Either manually copy this sample's generated WAR file to the Tomcat-RP's +webapps folder, or use the Tomcat Maven Plugin as described in the README file +in the example folder root. +It's recommended to not deploy this WAR into Servlet Container where Fediz is +integrated into the Security Layer of the Container itself. + + +Test the demo +------------- +Enter the following URL into the browser (TCP port depends on your HTTP settings): + +https://localhost:10443/fedizhelloworld/secure/fedservlet + +The browser is redirected to the IDP and prompts for username and password. As described +in the IDP installation, the following users are already set up: + +User: alice Password: ecila +User: bob Password: bob +User: ted Password: det + + http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c875b8ad/examples/jaxrsSimpleWebapp/pom.xml ---------------------------------------------------------------------- diff --git a/examples/jaxrsSimpleWebapp/pom.xml b/examples/jaxrsSimpleWebapp/pom.xml new file mode 100644 index 0000000..3950a9e --- /dev/null +++ b/examples/jaxrsSimpleWebapp/pom.xml @@ -0,0 +1,98 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>org.apache.cxf.fediz</groupId> + <artifactId>examples</artifactId> + <version>1.3.0-SNAPSHOT</version> + </parent> + <groupId>org.apache.cxf.fediz.examples</groupId> + <artifactId>jaxrsSimpleWebapp</artifactId> + <name>Fediz Example: JAX-RS Simple Webapp</name> + <packaging>war</packaging> + <properties> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> + </properties> + <dependencies> + <dependency> + <groupId>org.apache.cxf.fediz</groupId> + <artifactId>fediz-core</artifactId> + <version>${project.version}</version> + <scope>provided</scope> + </dependency> + <!-- Use an alternative JAX-RS implementation dependencies if you do not work with CXF JAX-RS --> + <dependency> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-rt-frontend-jaxrs</artifactId> + <version>${cxf.version}</version> + </dependency> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-log4j12</artifactId> + <version>${slf4j.version}</version> + </dependency> + <dependency> + <groupId>org.apache.commons</groupId> + <artifactId>commons-lang3</artifactId> + <version>${commons.lang.version}</version> + </dependency> + <dependency> + <groupId>log4j</groupId> + <artifactId>log4j</artifactId> + <version>${log4j.version}</version> + <exclusions> + <exclusion> + <groupId>javax.mail</groupId> + <artifactId>mail</artifactId> + </exclusion> + <exclusion> + <groupId>javax.jms</groupId> + <artifactId>jms</artifactId> + </exclusion> + <exclusion> + <groupId>com.sun.jdmk</groupId> + <artifactId>jmxtools</artifactId> + </exclusion> + <exclusion> + <groupId>com.sun.jmx</groupId> + <artifactId>jmxri</artifactId> + </exclusion> + </exclusions> + </dependency> + </dependencies> + <build> + <plugins> + <plugin> + <!--for mvn tomcat:deploy/:undeploy/:redeploy --> + <groupId>org.codehaus.mojo</groupId> + <artifactId>tomcat-maven-plugin</artifactId> + <version>1.1</version> + <configuration> + <server>myTomcat</server> + <url>http://localhost:10080/manager/text</url> + <path>/${project.build.finalName}</path> + </configuration> + </plugin> + </plugins> + <!-- Name of the generated WAR file --> + <finalName>fedizhelloworld</finalName> + </build> +</project> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c875b8ad/examples/jaxrsSimpleWebapp/src/main/java/org/apache/cxf/fediz/example/FederationApplication.java ---------------------------------------------------------------------- diff --git a/examples/jaxrsSimpleWebapp/src/main/java/org/apache/cxf/fediz/example/FederationApplication.java b/examples/jaxrsSimpleWebapp/src/main/java/org/apache/cxf/fediz/example/FederationApplication.java new file mode 100644 index 0000000..8e86ff3 --- /dev/null +++ b/examples/jaxrsSimpleWebapp/src/main/java/org/apache/cxf/fediz/example/FederationApplication.java @@ -0,0 +1,30 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.fediz.example; + +import java.util.Collections; +import java.util.Set; + +import javax.ws.rs.core.Application; + +public class FederationApplication extends Application { + public Set<Object> getSingletons() { + return Collections.<Object>singleton(new FederationService()); + } +} http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c875b8ad/examples/jaxrsSimpleWebapp/src/main/java/org/apache/cxf/fediz/example/FederationService.java ---------------------------------------------------------------------- diff --git a/examples/jaxrsSimpleWebapp/src/main/java/org/apache/cxf/fediz/example/FederationService.java b/examples/jaxrsSimpleWebapp/src/main/java/org/apache/cxf/fediz/example/FederationService.java new file mode 100644 index 0000000..fa31a87 --- /dev/null +++ b/examples/jaxrsSimpleWebapp/src/main/java/org/apache/cxf/fediz/example/FederationService.java @@ -0,0 +1,118 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.fediz.example; + +import java.io.StringWriter; +import java.security.Principal; +import java.util.Arrays; +import java.util.List; + +import javax.ws.rs.GET; +import javax.ws.rs.Path; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.Response; +import javax.ws.rs.core.Response.ResponseBuilder; +import javax.ws.rs.core.SecurityContext; +import javax.ws.rs.core.UriInfo; +import javax.xml.transform.OutputKeys; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.dom.DOMSource; +import javax.xml.transform.stream.StreamResult; + +import org.w3c.dom.Element; + +import org.apache.commons.lang3.StringEscapeUtils; +import org.apache.cxf.fediz.core.Claim; +import org.apache.cxf.fediz.core.ClaimCollection; +import org.apache.cxf.fediz.core.FedizPrincipal; +import org.apache.cxf.fediz.core.SecurityTokenThreadLocal; + + + +@Path("/") +public class FederationService { + + @GET + public Response get(@Context UriInfo uriInfo, + @Context SecurityContext securityContext) { + + ResponseBuilder rb = Response.ok().type("text/html"); + + StringBuilder out = new StringBuilder(); + out.append("<html>"); + out.append("<head><title>WS Federation Spring Security Example</title></head>"); + out.append("<body>"); + out.append("<h1>Hello World</h1>"); + out.append("Hello world<br>"); + out.append("Request url: " + uriInfo.getAbsolutePath().toString() + "<p>"); + + out.append("<br><b>User</b><p>"); + Principal p = securityContext.getUserPrincipal(); + if (p != null) { + out.append("Principal: " + p.getName() + "<p>"); + } + + out.append("<br><b>Roles</b><p>"); + List<String> roleListToCheck = Arrays.asList("Admin", "Manager", "User", "Authenticated"); + for (String item: roleListToCheck) { + out.append("Has role '" + item + "': " + + ((securityContext.isUserInRole(item)) ? "<b>yes</b>" : "no") + "<p>"); + } + + if (p instanceof FedizPrincipal) { + FedizPrincipal fp = (FedizPrincipal)p; + + out.append("<br><b>Claims</b><p>"); + ClaimCollection claims = fp.getClaims(); + for (Claim c: claims) { + out.append(c.getClaimType().toString() + ": " + c.getValue() + "<p>"); + } + } else { + out.append("Principal is not instance of FedizPrincipal"); + } + + Element el = SecurityTokenThreadLocal.getToken(); + if (el != null) { + out.append("<p>Bootstrap token..."); + String token = null; + try { + TransformerFactory transFactory = TransformerFactory.newInstance(); + Transformer transformer = transFactory.newTransformer(); + StringWriter buffer = new StringWriter(); + transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes"); + transformer.transform(new DOMSource(el), new StreamResult(buffer)); + token = buffer.toString(); + @SuppressWarnings("deprecation") + String escapedXml = StringEscapeUtils.escapeXml(token); + out.append("<p>" + escapedXml); + } catch (Exception ex) { + out.append("<p>Failed to transform cached element to string: " + ex.toString()); + } + } else { + out.append("<p>Bootstrap token not cached in thread local storage"); + } + + out.append("</body>"); + + return rb.entity(out.toString()).build(); + } + +} http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c875b8ad/examples/jaxrsSimpleWebapp/src/main/resources/log4j.properties ---------------------------------------------------------------------- diff --git a/examples/jaxrsSimpleWebapp/src/main/resources/log4j.properties b/examples/jaxrsSimpleWebapp/src/main/resources/log4j.properties new file mode 100644 index 0000000..e16244a --- /dev/null +++ b/examples/jaxrsSimpleWebapp/src/main/resources/log4j.properties @@ -0,0 +1,22 @@ +# Set root category priority to INFO and its only appender to CONSOLE. +log4j.rootLogger=INFO, CONSOLE +log4j.logger.org.springframework=INFO, CONSOLE +log4j.additivity.org.springframework=false +log4j.logger.org.springframework.security=DEBUG, CONSOLE +log4j.additivity.org.springframework.security=false +log4j.logger.org.apache.cxf.fediz=DEBUG, CONSOLE +log4j.additivity.org.apache.cxf.fediz=false + +# CONSOLE is set to be a ConsoleAppender using a PatternLayout. +log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender +log4j.appender.CONSOLE.Threshold=DEBUG +log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout +log4j.appender.CONSOLE.layout.ConversionPattern=%d [%t] %-5p %c %x - %m%n + +# LOGFILE is set to be a File appender using a PatternLayout. +log4j.appender.LOGFILE=org.apache.log4j.FileAppender +log4j.appender.LOGFILE.File=fedizhelloworld.log +log4j.appender.LOGFILE.Append=false +log4j.appender.LOGFILE.Threshold=DEBUG +log4j.appender.LOGFILE.layout=org.apache.log4j.PatternLayout +log4j.appender.LOGFILE.layout.ConversionPattern=%d [%t] %-5p %c %x - %m%n http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c875b8ad/examples/jaxrsSimpleWebapp/src/main/resources/ststrust.jks ---------------------------------------------------------------------- diff --git a/examples/jaxrsSimpleWebapp/src/main/resources/ststrust.jks b/examples/jaxrsSimpleWebapp/src/main/resources/ststrust.jks new file mode 100644 index 0000000..ef5a844 Binary files /dev/null and b/examples/jaxrsSimpleWebapp/src/main/resources/ststrust.jks differ http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c875b8ad/examples/jaxrsSimpleWebapp/src/main/webapp/META-INF/context.xml ---------------------------------------------------------------------- diff --git a/examples/jaxrsSimpleWebapp/src/main/webapp/META-INF/context.xml b/examples/jaxrsSimpleWebapp/src/main/webapp/META-INF/context.xml new file mode 100644 index 0000000..a789b58 --- /dev/null +++ b/examples/jaxrsSimpleWebapp/src/main/webapp/META-INF/context.xml @@ -0,0 +1,22 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<Context> + <Valve className="org.apache.cxf.fediz.tomcat7.FederationAuthenticator" configFile="conf/fediz_config.xml" /> +</Context> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c875b8ad/examples/jaxrsSimpleWebapp/src/main/webapp/WEB-INF/web.xml ---------------------------------------------------------------------- diff --git a/examples/jaxrsSimpleWebapp/src/main/webapp/WEB-INF/web.xml b/examples/jaxrsSimpleWebapp/src/main/webapp/WEB-INF/web.xml new file mode 100644 index 0000000..895f62e --- /dev/null +++ b/examples/jaxrsSimpleWebapp/src/main/webapp/WEB-INF/web.xml @@ -0,0 +1,135 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" + version="3.0" metadata-complete="true"> + + <description>WS Federation Simple Web Application Example</description> + <display-name>WS Federation Simple Web Application Example</display-name> + + <!-- Optional: Cache the security token in Thread Local Storage --> + <filter> + <filter-name>FederationFilter</filter-name> + <filter-class>org.apache.cxf.fediz.core.servlet.FederationFilter</filter-class> + </filter> + + <filter-mapping> + <filter-name>FederationFilter</filter-name> + <url-pattern>/secure/*</url-pattern> + </filter-mapping> + + <!-- + This is a CXF Servlet + If you do not work with CXF JAX-RS: + Use Jersey or RestEasy specific Servlet + --> + <servlet> + <servlet-name>FederationServlet</servlet-name> + <servlet-class>org.apache.cxf.jaxrs.servlet.CXFNonSpringJaxrsServlet</servlet-class> + <!-- + All JAX-RS 2.0 implementation servlets will accept 'javax.ws.rs.Application' init parameters + --> + <init-param> + <param-name>javax.ws.rs.Application</param-name> + <param-value>org.apache.cxf.fediz.example.FederationApplication</param-value> + </init-param> + </servlet> + + <servlet-mapping> + <servlet-name>FederationServlet</servlet-name> + <url-pattern>/secure/fedservlet</url-pattern> + </servlet-mapping> + + <servlet-mapping> + <servlet-name>FederationServlet</servlet-name> + <url-pattern>/secure/admin/fedservlet</url-pattern> + </servlet-mapping> + + <servlet-mapping> + <servlet-name>FederationServlet</servlet-name> + <url-pattern>/secure/user/fedservlet</url-pattern> + </servlet-mapping> + + <servlet-mapping> + <servlet-name>FederationServlet</servlet-name> + <url-pattern>/secure/manager/fedservlet</url-pattern> + </servlet-mapping> + + <security-role> + <role-name>Manager</role-name> + </security-role> + <security-role> + <role-name>User</role-name> + </security-role> + <security-role> + <role-name>Admin</role-name> + </security-role> + <security-role> + <role-name>Authenticated</role-name> + </security-role> + + <security-constraint> + <web-resource-collection> + <web-resource-name>Protected Area</web-resource-name> + <url-pattern>/secure/*</url-pattern> + </web-resource-collection> + <auth-constraint> + <role-name>*</role-name> + </auth-constraint> + </security-constraint> + + <security-constraint> + <web-resource-collection> + <web-resource-name>Protected Admin Area</web-resource-name> + <url-pattern>/secure/admin/*</url-pattern> + </web-resource-collection> + <auth-constraint> + <role-name>Admin</role-name> + </auth-constraint> + </security-constraint> + + <security-constraint> + <web-resource-collection> + <web-resource-name>Protected Manager Area</web-resource-name> + <url-pattern>/secure/manager/*</url-pattern> + </web-resource-collection> + <auth-constraint> + <role-name>Manager</role-name> + </auth-constraint> + </security-constraint> + + <security-constraint> + <web-resource-collection> + <web-resource-name>Protected User Area</web-resource-name> + <url-pattern>/secure/user/*</url-pattern> + </web-resource-collection> + <auth-constraint> + <role-name>User</role-name> + <role-name>Admin</role-name> + <role-name>Manager</role-name> + </auth-constraint> + </security-constraint> + + <login-config> + <auth-method>WSFED</auth-method> + <realm-name>WSFED</realm-name> + </login-config> + +</web-app> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c875b8ad/examples/jaxrsSimpleWebapp/src/main/webapp/index.html ---------------------------------------------------------------------- diff --git a/examples/jaxrsSimpleWebapp/src/main/webapp/index.html b/examples/jaxrsSimpleWebapp/src/main/webapp/index.html new file mode 100644 index 0000000..1a1ef1d --- /dev/null +++ b/examples/jaxrsSimpleWebapp/src/main/webapp/index.html @@ -0,0 +1,25 @@ +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> +<HTML><HEAD><TITLE>WS Federation Tomcat Examples</TITLE> +<META http-equiv=Content-Type content="text/html"> +</HEAD> +<BODY> +<P> +<H3>Hello World</H3> +<P></P> +</BODY></HTML> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c875b8ad/examples/jaxrsSimpleWebapp/src/main/webapp/secure/test.html ---------------------------------------------------------------------- diff --git a/examples/jaxrsSimpleWebapp/src/main/webapp/secure/test.html b/examples/jaxrsSimpleWebapp/src/main/webapp/secure/test.html new file mode 100644 index 0000000..042ed67 --- /dev/null +++ b/examples/jaxrsSimpleWebapp/src/main/webapp/secure/test.html @@ -0,0 +1,25 @@ +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> +<HTML><HEAD><TITLE>WS Federation Tomcat Examples</TITLE> +<META http-equiv=Content-Type content="text/html"> +</HEAD> +<BODY> +<P> +<H3>Secure Test</H3> +<P></P> +</BODY></HTML> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c875b8ad/examples/jaxrsSpringSecurityWebapp/README.txt ---------------------------------------------------------------------- diff --git a/examples/jaxrsSpringSecurityWebapp/README.txt b/examples/jaxrsSpringSecurityWebapp/README.txt new file mode 100644 index 0000000..8850742 --- /dev/null +++ b/examples/jaxrsSpringSecurityWebapp/README.txt @@ -0,0 +1,74 @@ +JAX-RS Spring Security Web Application Demo +================================== + +This demo shows how to build and deploy an SSO protected JAX-RS web application +using Apache CXF Fediz and Spring Security. + +The demo uses Apache CXF CXFServlet and CXF JAX-RS Endpoint Spring declarations. +If you work with Jersey or RESTEasy - please replace CXF specific Servlet and Spring declarations with your preferred JAX-RS implementation's Servlet and Spring declarations. The application code +is a portable JAX-RS code. + +Running this sample consists of four steps: + +- Configure the Tomcat-IDP and Servlet Container for RP instances +- Building the demo using Maven +- Deploying the demo to the RP instance +- Testing the demo + +Please review the README in the samples main directory before continuing. + +Configure the Tomcat-IDP and Servlet Container for RP instances +--------------------------------------------------------------- +First, make sure the separate Tomcat instance hosting the Fediz IDP and IDP +STS has been configured and is running as described here: +http://cxf.apache.org/fediz-idp.html. Confirm the STS is active by +checking that the WSDL is viewable from the browser using the URL given +on that page--don't proceed further unless it is. + + +Demo Web Application +-------------------- +The main code lives in the class FederationService. This JAX-RS Service is protected +and can be accessed only if the browser user is authenticated. The purpose of +the FederationService is to illustrate the usage of the Java Servlet Security +API to get the authenticated user and to check the roles he has. Further, +the FederationService shows how to access claims data (user data) which were +stored in the SAML token by using the Fediz interface FedizPrincipal. +Beyond that, the FederationService illustrates how to access the SAML token +if required. The classes SecurityTokenThreadLocal.java and FederationFilter.java +can be used to achieve that. You could get this information directly from the +HTTP session. + + +Building the demo using Maven +----------------------------- +From the base directory of this sample (i.e., where this README file is +located), the pom.xml file is used to build and run the demo. From a +command prompt, enter: + + mvn clean install (builds the demo and creates a WAR file for Servlet deployment) + + +Deploying the demo to Tomcat +---------------------------- +Either manually copy this sample's generated WAR file to the Tomcat-RP's +webapps folder, or use the Tomcat Maven Plugin as described in the README file +in the example folder root. +It's recommended to not deploy this WAR into Servlet Container where Fediz is +integrated into the Security Layer of the Container itself. + + +Test the demo +------------- +Enter the following URL into the browser (TCP port depends on your HTTP settings): + +https://localhost:10443/fedizhelloworld/secure/fedservlet + +The browser is redirected to the IDP and prompts for username and password. As described +in the IDP installation, the following users are already set up: + +User: alice Password: ecila +User: bob Password: bob +User: ted Password: det + + http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c875b8ad/examples/jaxrsSpringSecurityWebapp/pom.xml ---------------------------------------------------------------------- diff --git a/examples/jaxrsSpringSecurityWebapp/pom.xml b/examples/jaxrsSpringSecurityWebapp/pom.xml new file mode 100644 index 0000000..7d467d4 --- /dev/null +++ b/examples/jaxrsSpringSecurityWebapp/pom.xml @@ -0,0 +1,151 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>org.apache.cxf.fediz</groupId> + <artifactId>examples</artifactId> + <version>1.3.0-SNAPSHOT</version> + </parent> + <groupId>org.apache.cxf.fediz.examples</groupId> + <artifactId>jaxrsSpringSecurityWebapp</artifactId> + <name>Fediz Example: SpringWebapp</name> + <packaging>war</packaging> + <properties> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> + </properties> + <dependencies> + <!-- Use an alternative JAX-RS implementation dependencies if you do not work with CXF JAX-RS --> + <dependency> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-rt-frontend-jaxrs</artifactId> + <version>${cxf.version}</version> + </dependency> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-log4j12</artifactId> + <version>${slf4j.version}</version> + </dependency> + <dependency> + <groupId>org.apache.cxf.fediz</groupId> + <artifactId>fediz-spring</artifactId> + <version>${project.version}</version> + <exclusions> + <exclusion> + <groupId>org.springframework</groupId> + <artifactId>spring-core</artifactId> + </exclusion> + <exclusion> + <groupId>org.springframework</groupId> + <artifactId>spring-context</artifactId> + </exclusion> + <exclusion> + <groupId>org.springframework</groupId> + <artifactId>spring-beans</artifactId> + </exclusion> + <exclusion> + <groupId>org.springframework</groupId> + <artifactId>spring-web</artifactId> + </exclusion> + <exclusion> + <groupId>org.springframework</groupId> + <artifactId>spring-aop</artifactId> + </exclusion> + <exclusion> + <groupId>org.springframework</groupId> + <artifactId>spring-asm</artifactId> + </exclusion> + <exclusion> + <groupId>org.springframework</groupId> + <artifactId>spring-jdbc</artifactId> + </exclusion> + <exclusion> + <groupId>org.springframework</groupId> + <artifactId>spring-tx</artifactId> + </exclusion> + <exclusion> + <groupId>org.springframework</groupId> + <artifactId>spring-expression</artifactId> + </exclusion> + </exclusions> + + </dependency> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-web</artifactId> + <version>${spring.version}</version> + </dependency> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-aop</artifactId> + <version>${spring.version}</version> + </dependency> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-expression</artifactId> + <version>${spring.version}</version> + </dependency> + <dependency> + <groupId>org.apache.commons</groupId> + <artifactId>commons-lang3</artifactId> + <version>${commons.lang.version}</version> + </dependency> + <dependency> + <groupId>log4j</groupId> + <artifactId>log4j</artifactId> + <version>${log4j.version}</version> + <exclusions> + <exclusion> + <groupId>javax.mail</groupId> + <artifactId>mail</artifactId> + </exclusion> + <exclusion> + <groupId>javax.jms</groupId> + <artifactId>jms</artifactId> + </exclusion> + <exclusion> + <groupId>com.sun.jdmk</groupId> + <artifactId>jmxtools</artifactId> + </exclusion> + <exclusion> + <groupId>com.sun.jmx</groupId> + <artifactId>jmxri</artifactId> + </exclusion> + </exclusions> + </dependency> + </dependencies> + <build> + <plugins> + <plugin> + <!--for mvn tomcat:deploy/:undeploy/:redeploy --> + <groupId>org.codehaus.mojo</groupId> + <artifactId>tomcat-maven-plugin</artifactId> + <version>1.1</version> + <configuration> + <server>myTomcat</server> + <url>http://localhost:10080/manager/text</url> + <path>/${project.build.finalName}</path> + </configuration> + </plugin> + </plugins> + <!-- Name of the generated WAR file --> + <finalName>fedizhelloworld</finalName> + </build> +</project> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c875b8ad/examples/jaxrsSpringSecurityWebapp/src/main/java/org/apache/cxf/fediz/example/FederationService.java ---------------------------------------------------------------------- diff --git a/examples/jaxrsSpringSecurityWebapp/src/main/java/org/apache/cxf/fediz/example/FederationService.java b/examples/jaxrsSpringSecurityWebapp/src/main/java/org/apache/cxf/fediz/example/FederationService.java new file mode 100644 index 0000000..401fb01 --- /dev/null +++ b/examples/jaxrsSpringSecurityWebapp/src/main/java/org/apache/cxf/fediz/example/FederationService.java @@ -0,0 +1,125 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.fediz.example; + +import java.io.StringWriter; +import java.security.Principal; + +import javax.ws.rs.GET; +import javax.ws.rs.Path; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.Response; +import javax.ws.rs.core.Response.ResponseBuilder; +import javax.ws.rs.core.SecurityContext; +import javax.ws.rs.core.UriInfo; +import javax.xml.transform.OutputKeys; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.dom.DOMSource; +import javax.xml.transform.stream.StreamResult; + +import org.w3c.dom.Element; + +import org.apache.commons.lang3.StringEscapeUtils; +import org.apache.cxf.fediz.core.Claim; +import org.apache.cxf.fediz.core.ClaimCollection; +import org.apache.cxf.fediz.core.SecurityTokenThreadLocal; +import org.apache.cxf.fediz.spring.FederationUser; +import org.apache.cxf.fediz.spring.authentication.FederationAuthenticationToken; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.context.SecurityContextHolder; + + + +@Path("/") +public class FederationService { + + @GET + public Response get(@Context UriInfo uriInfo, + @Context SecurityContext securityContext) { + + ResponseBuilder rb = Response.ok().type("text/html"); + + StringBuilder out = new StringBuilder(); + out.append("<html>"); + out.append("<head><title>WS Federation Spring Security Example</title></head>"); + out.append("<body>"); + out.append("<h1>Hello World</h1>"); + out.append("Hello world<br>"); + out.append("Request url: " + uriInfo.getAbsolutePath().toString() + "<p>"); + + out.append("<br><b>User</b><p>"); + Principal p = securityContext.getUserPrincipal(); + if (p != null) { + out.append("Principal: " + p.getName() + "<p>"); + } + + // Access Spring security context + Authentication auth = SecurityContextHolder.getContext().getAuthentication(); + if (auth instanceof FederationAuthenticationToken) { + out.append("Roles of user:<p><ul>"); + FederationAuthenticationToken fedAuthToken = (FederationAuthenticationToken) auth; + for (GrantedAuthority item : fedAuthToken.getAuthorities()) { + out.append("<li>" + item.getAuthority() + "</li>"); + } + out.append("</ul>"); + + if (fedAuthToken.getUserDetails() instanceof FederationUser) { + out.append("<br><b>Claims</b><p>"); + ClaimCollection claims = ((FederationUser) fedAuthToken.getUserDetails()).getClaims(); + for (Claim c : claims) { + out.append(c.getClaimType().toString() + ": " + c.getValue() + "<p>"); + } + } else { + out.append("FederationAuthenticationToken found but not FederationUser"); + } + + } else { + out.append("No FederationAuthenticationToken found in Spring Security Context."); + } + + Element el = SecurityTokenThreadLocal.getToken(); + if (el != null) { + out.append("<p>Bootstrap token..."); + String token = null; + try { + TransformerFactory transFactory = TransformerFactory.newInstance(); + Transformer transformer = transFactory.newTransformer(); + StringWriter buffer = new StringWriter(); + transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes"); + transformer.transform(new DOMSource(el), new StreamResult(buffer)); + token = buffer.toString(); + @SuppressWarnings("deprecation") + String escapedXml = StringEscapeUtils.escapeXml(token); + out.append("<p>" + escapedXml); + } catch (Exception ex) { + out.append("<p>Failed to transform cached element to string: " + ex.toString()); + } + } else { + out.append("<p>Bootstrap token not cached in thread local storage"); + } + + out.append("</body>"); + + return rb.entity(out.toString()).build(); + } + +} http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c875b8ad/examples/jaxrsSpringSecurityWebapp/src/main/resources/log4j.properties ---------------------------------------------------------------------- diff --git a/examples/jaxrsSpringSecurityWebapp/src/main/resources/log4j.properties b/examples/jaxrsSpringSecurityWebapp/src/main/resources/log4j.properties new file mode 100644 index 0000000..e16244a --- /dev/null +++ b/examples/jaxrsSpringSecurityWebapp/src/main/resources/log4j.properties @@ -0,0 +1,22 @@ +# Set root category priority to INFO and its only appender to CONSOLE. +log4j.rootLogger=INFO, CONSOLE +log4j.logger.org.springframework=INFO, CONSOLE +log4j.additivity.org.springframework=false +log4j.logger.org.springframework.security=DEBUG, CONSOLE +log4j.additivity.org.springframework.security=false +log4j.logger.org.apache.cxf.fediz=DEBUG, CONSOLE +log4j.additivity.org.apache.cxf.fediz=false + +# CONSOLE is set to be a ConsoleAppender using a PatternLayout. +log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender +log4j.appender.CONSOLE.Threshold=DEBUG +log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout +log4j.appender.CONSOLE.layout.ConversionPattern=%d [%t] %-5p %c %x - %m%n + +# LOGFILE is set to be a File appender using a PatternLayout. +log4j.appender.LOGFILE=org.apache.log4j.FileAppender +log4j.appender.LOGFILE.File=fedizhelloworld.log +log4j.appender.LOGFILE.Append=false +log4j.appender.LOGFILE.Threshold=DEBUG +log4j.appender.LOGFILE.layout=org.apache.log4j.PatternLayout +log4j.appender.LOGFILE.layout.ConversionPattern=%d [%t] %-5p %c %x - %m%n http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c875b8ad/examples/jaxrsSpringSecurityWebapp/src/main/resources/ststrust.jks ---------------------------------------------------------------------- diff --git a/examples/jaxrsSpringSecurityWebapp/src/main/resources/ststrust.jks b/examples/jaxrsSpringSecurityWebapp/src/main/resources/ststrust.jks new file mode 100644 index 0000000..ef5a844 Binary files /dev/null and b/examples/jaxrsSpringSecurityWebapp/src/main/resources/ststrust.jks differ http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c875b8ad/examples/jaxrsSpringSecurityWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml ---------------------------------------------------------------------- diff --git a/examples/jaxrsSpringSecurityWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml b/examples/jaxrsSpringSecurityWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml new file mode 100644 index 0000000..fd3d4b5 --- /dev/null +++ b/examples/jaxrsSpringSecurityWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml @@ -0,0 +1,101 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:sec="http://www.springframework.org/schema/security" + xmlns:p="http://www.springframework.org/schema/p" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:util="http://www.springframework.org/schema/util" + xmlns:jaxrs="http://cxf.apache.org/jaxrs" + xsi:schemaLocation=" + http://www.springframework.org/schema/security + http://www.springframework.org/schema/security/spring-security-3.1.xsd + http://www.springframework.org/schema/beans + http://www.springframework.org/schema/beans/spring-beans-3.0.xsd + http://www.springframework.org/schema/util + http://www.springframework.org/schema/util/spring-util-3.0.xsd + http://www.springframework.org/schema/context + http://www.springframework.org/schema/context/spring-context-3.0.xsd + http://cxf.apache.org/jaxrs + http://cxf.apache.org/schemas/jaxrs.xsd"> + + <!-- + This is a CXF JAX-RS Spring endpoint + If you do not work with CXF JAX-RS: + Use Jersey or RestEasy specific Spring integration mechanism to activate a JAX-RS endpoint + --> + <jaxrs:server address="/"> + <jaxrs:serviceBeans> + <bean class="org.apache.cxf.fediz.example.FederationService"/> + </jaxrs:serviceBeans> + </jaxrs:server> + + <!-- DISABLE in production as it might log confidential information about + the user --> + <sec:debug /> + + <sec:http entry-point-ref="federationEntryPoint" + use-expressions="true"> + <sec:intercept-url pattern="/" access="permitAll" /> + <sec:intercept-url pattern="/fediz" access="permitAll" /> + <sec:intercept-url pattern="/index.html" access="permitAll" /> + <sec:intercept-url pattern="/secure/fedservlet" access="isAuthenticated()" /> + <sec:intercept-url pattern="/secure/manager/**" access="hasRole('ROLE_MANAGER')" /> + <sec:intercept-url pattern="/secure/admin/**" access="hasRole('ROLE_ADMIN')" /> + <sec:intercept-url pattern="/secure/user/**" access="hasAnyRole('ROLE_USER','ROLE_ADMIN','ROLE_MANAGER')" /> + <sec:custom-filter ref="federationFilter" after="BASIC_AUTH_FILTER" /> + <sec:session-management session-authentication-strategy-ref="sas" /> + </sec:http> + + + <sec:authentication-manager alias="authManager"> + <sec:authentication-provider ref="federationAuthProvider" /> + </sec:authentication-manager> + + <bean id="fedizConfig" class="org.apache.cxf.fediz.spring.FederationConfigImpl" + init-method="init" p:configFile="WEB-INF/fediz_config.xml" /> + + <bean id="federationEntryPoint" + class="org.apache.cxf.fediz.spring.web.FederationAuthenticationEntryPoint" + p:federationConfig-ref="fedizConfig" /> + + <bean id="federationFilter" + class="org.apache.cxf.fediz.spring.web.FederationAuthenticationFilter" + p:authenticationManager-ref="authManager"> + + <property name="authenticationFailureHandler"> + <bean + class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler" /> + </property> + </bean> + + <bean id="federationAuthProvider" + class="org.apache.cxf.fediz.spring.authentication.FederationAuthenticationProvider" + p:federationConfig-ref="fedizConfig"> + <property name="authenticationUserDetailsService"> + <bean + class="org.apache.cxf.fediz.spring.authentication.GrantedAuthoritiesUserDetailsFederationService" /> + </property> + </bean> + + <bean id="sas" + class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy" /> +</beans> + http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c875b8ad/examples/jaxrsSpringSecurityWebapp/src/main/webapp/WEB-INF/fediz_config.xml ---------------------------------------------------------------------- diff --git a/examples/jaxrsSpringSecurityWebapp/src/main/webapp/WEB-INF/fediz_config.xml b/examples/jaxrsSpringSecurityWebapp/src/main/webapp/WEB-INF/fediz_config.xml new file mode 100644 index 0000000..529b645 --- /dev/null +++ b/examples/jaxrsSpringSecurityWebapp/src/main/webapp/WEB-INF/fediz_config.xml @@ -0,0 +1,56 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<!-- Place in Tomcat conf folder or other location as designated in this sample's file. + Keystore referenced below must have IDP STS' public cert included in it. This example uses the + ststrust Truststore (ststrust.jks) for this task. + In Fediz 1.0, one keystore was used for SSL and the STS public certificate. +--> +<FedizConfig> + <contextConfig name="/fedizhelloworld"> + <audienceUris> + <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem> + </audienceUris> + <certificateStores> + <trustManager> + <keyStore file="ststrust.jks" password="storepass" + type="JKS" /> + </trustManager> + </certificateStores> + <trustedIssuers> + <issuer certificateValidation="PeerTrust" /> + </trustedIssuers> + <maximumClockSkew>1000</maximumClockSkew> + <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:type="federationProtocolType" version="1.0.0"> + <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm> + <issuer>https://localhost:8443/fediz-idp/federation</issuer> + <roleDelimiter>,</roleDelimiter> + <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI> + <reply>/j_spring_fediz_security_check</reply> + <claimTypesRequested> + <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" optional="false" /> + <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" optional="true" /> + <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" optional="true" /> + <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" optional="true" /> + </claimTypesRequested> + </protocol> + </contextConfig> +</FedizConfig> + http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c875b8ad/examples/jaxrsSpringSecurityWebapp/src/main/webapp/WEB-INF/web.xml ---------------------------------------------------------------------- diff --git a/examples/jaxrsSpringSecurityWebapp/src/main/webapp/WEB-INF/web.xml b/examples/jaxrsSpringSecurityWebapp/src/main/webapp/WEB-INF/web.xml new file mode 100644 index 0000000..e147017 --- /dev/null +++ b/examples/jaxrsSpringSecurityWebapp/src/main/webapp/WEB-INF/web.xml @@ -0,0 +1,87 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" + version="3.0" metadata-complete="true"> + + <description>WS Federation Spring Example</description> + <display-name>WS Federation Spring Example</display-name> + + <filter> + <filter-name>springSecurityFilterChain</filter-name> + <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> + </filter> + + <!-- Optional: Cache the security token in Thread Local Storage --> + <filter> + <filter-name>FederationFilter</filter-name> + <filter-class>org.apache.cxf.fediz.core.servlet.FederationFilter</filter-class> + </filter> + + <filter-mapping> + <filter-name>springSecurityFilterChain</filter-name> + <url-pattern>/*</url-pattern> + </filter-mapping> + + <filter-mapping> + <filter-name>FederationFilter</filter-name> + <url-pattern>/secure/*</url-pattern> + </filter-mapping> + + <context-param> + <param-name>contextConfigLocation</param-name> + <param-value>/WEB-INF/applicationContext-security.xml</param-value> + </context-param> + + <listener> + <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> + </listener> + + <!-- + This is a CXF Servlet + If you do not work with CXF JAX-RS: + Use Jersey or RestEasy specific Servlet + --> + <servlet> + <servlet-name>FederationServlet</servlet-name> + <servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class> + </servlet> + + <servlet-mapping> + <servlet-name>FederationServlet</servlet-name> + <url-pattern>/secure/fedservlet</url-pattern> + </servlet-mapping> + + <servlet-mapping> + <servlet-name>FederationServlet</servlet-name> + <url-pattern>/secure/admin/fedservlet</url-pattern> + </servlet-mapping> + + <servlet-mapping> + <servlet-name>FederationServlet</servlet-name> + <url-pattern>/secure/user/fedservlet</url-pattern> + </servlet-mapping> + + <servlet-mapping> + <servlet-name>FederationServlet</servlet-name> + <url-pattern>/secure/manager/fedservlet</url-pattern> + </servlet-mapping> + +</web-app> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c875b8ad/examples/jaxrsSpringSecurityWebapp/src/main/webapp/index.html ---------------------------------------------------------------------- diff --git a/examples/jaxrsSpringSecurityWebapp/src/main/webapp/index.html b/examples/jaxrsSpringSecurityWebapp/src/main/webapp/index.html new file mode 100644 index 0000000..1a1ef1d --- /dev/null +++ b/examples/jaxrsSpringSecurityWebapp/src/main/webapp/index.html @@ -0,0 +1,25 @@ +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> +<HTML><HEAD><TITLE>WS Federation Tomcat Examples</TITLE> +<META http-equiv=Content-Type content="text/html"> +</HEAD> +<BODY> +<P> +<H3>Hello World</H3> +<P></P> +</BODY></HTML> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c875b8ad/examples/jaxrsSpringSecurityWebapp/src/main/webapp/secure/test.html ---------------------------------------------------------------------- diff --git a/examples/jaxrsSpringSecurityWebapp/src/main/webapp/secure/test.html b/examples/jaxrsSpringSecurityWebapp/src/main/webapp/secure/test.html new file mode 100644 index 0000000..042ed67 --- /dev/null +++ b/examples/jaxrsSpringSecurityWebapp/src/main/webapp/secure/test.html @@ -0,0 +1,25 @@ +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> +<HTML><HEAD><TITLE>WS Federation Tomcat Examples</TITLE> +<META http-equiv=Content-Type content="text/html"> +</HEAD> +<BODY> +<P> +<H3>Secure Test</H3> +<P></P> +</BODY></HTML> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c875b8ad/examples/pom.xml ---------------------------------------------------------------------- diff --git a/examples/pom.xml b/examples/pom.xml index 6c6b939..e6c6490 100644 --- a/examples/pom.xml +++ b/examples/pom.xml @@ -37,6 +37,8 @@ <module>springWebapp</module> <module>spring2Webapp</module> <module>springPreauthWebapp</module> + <module>jaxrsSimpleWebapp</module> + <module>jaxrsSpringSecurityWebapp</module> </modules> <profiles>