Repository: cxf-fediz Updated Branches: refs/heads/master a2eec7eb4 -> 4b209ef57
Remove isAnonymous apart from for the Metadata Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/4b209ef5 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/4b209ef5 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/4b209ef5 Branch: refs/heads/master Commit: 4b209ef577ad742c6f659656e86b89cb13ac9dfc Parents: a2eec7e Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Tue Apr 11 16:01:44 2017 +0100 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Tue Apr 11 16:01:44 2017 +0100 ---------------------------------------------------------------------- .../main/webapp/WEB-INF/config/security-clientcert-config.xml | 2 ++ .../idp/src/main/webapp/WEB-INF/config/security-krb-config.xml | 2 ++ .../idp/src/main/webapp/WEB-INF/config/security-up-config.xml | 4 ++-- services/idp/src/main/webapp/WEB-INF/security-config.xml | 1 + systests/custom/src/test/resources/realma/security-up-config.xml | 4 ++-- .../samlsso/src/test/resources/realmb/security-config.xml | 4 ++-- .../wsfed/src/test/resources/realmb/security-config.xml | 4 ++-- 7 files changed, 13 insertions(+), 8 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4b209ef5/services/idp/src/main/webapp/WEB-INF/config/security-clientcert-config.xml ---------------------------------------------------------------------- diff --git a/services/idp/src/main/webapp/WEB-INF/config/security-clientcert-config.xml b/services/idp/src/main/webapp/WEB-INF/config/security-clientcert-config.xml index d40d0c9..fc436ad 100644 --- a/services/idp/src/main/webapp/WEB-INF/config/security-clientcert-config.xml +++ b/services/idp/src/main/webapp/WEB-INF/config/security-clientcert-config.xml @@ -38,6 +38,7 @@ <!-- SSL Client Cert entry point for WS-Federation --> <security:http pattern="/federation/clientcert" use-expressions="true"> + <security:intercept-url requires-channel="https" pattern="/federation/clientcert/login*" access="isAuthenticated()" /> <security:custom-filter after="CHANNEL_FILTER" ref="stsClientCertPortFilter" /> <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" /> @@ -47,6 +48,7 @@ <!-- SSL Client Cert entry point for SAML SSO --> <security:http pattern="/saml/clientcert" use-expressions="true"> + <security:intercept-url requires-channel="https" pattern="/saml/clientcert/login*" access="isAuthenticated()" /> <security:custom-filter after="CHANNEL_FILTER" ref="stsClientCertPortFilter" /> <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" /> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4b209ef5/services/idp/src/main/webapp/WEB-INF/config/security-krb-config.xml ---------------------------------------------------------------------- diff --git a/services/idp/src/main/webapp/WEB-INF/config/security-krb-config.xml b/services/idp/src/main/webapp/WEB-INF/config/security-krb-config.xml index b66044b..c5dddd8 100644 --- a/services/idp/src/main/webapp/WEB-INF/config/security-krb-config.xml +++ b/services/idp/src/main/webapp/WEB-INF/config/security-krb-config.xml @@ -46,6 +46,7 @@ </bean> <security:http pattern="/federation/krb" use-expressions="true" entry-point-ref="kerberosEntryPoint"> + <security:intercept-url requires-channel="https" pattern="/federation/krb/login*" access="isAuthenticated()" /> <security:custom-filter after="CHANNEL_FILTER" ref="stsKrbPortFilter" /> <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" /> @@ -54,6 +55,7 @@ </security:http> <security:http pattern="/saml/krb" use-expressions="true" entry-point-ref="kerberosEntryPoint"> + <security:intercept-url requires-channel="https" pattern="/saml/krb/login*" access="isAuthenticated()" /> <security:custom-filter after="CHANNEL_FILTER" ref="stsKrbPortFilter" /> <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" /> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4b209ef5/services/idp/src/main/webapp/WEB-INF/config/security-up-config.xml ---------------------------------------------------------------------- diff --git a/services/idp/src/main/webapp/WEB-INF/config/security-up-config.xml b/services/idp/src/main/webapp/WEB-INF/config/security-up-config.xml index 657360d..f53c13d 100644 --- a/services/idp/src/main/webapp/WEB-INF/config/security-up-config.xml +++ b/services/idp/src/main/webapp/WEB-INF/config/security-up-config.xml @@ -40,7 +40,7 @@ <!-- HTTP/BA entry point for WS-Federation --> <security:http pattern="/federation/up/**" use-expressions="true"> - <security:intercept-url requires-channel="https" pattern="/federation/up/login*" access="isAnonymous() or isAuthenticated()" /> + <security:intercept-url requires-channel="https" pattern="/federation/up/login*" access="isAuthenticated()" /> <security:custom-filter after="CHANNEL_FILTER" ref="stsUPPortFilter" /> <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" /> @@ -61,7 +61,7 @@ <!-- HTTP/BA entry point for SAML SSO --> <security:http pattern="/saml/up/**" use-expressions="true"> - <security:intercept-url requires-channel="https" pattern="/saml/up/login*" access="isAnonymous() or isAuthenticated()" /> + <security:intercept-url requires-channel="https" pattern="/saml/up/login*" access="isAuthenticated()" /> <security:custom-filter after="CHANNEL_FILTER" ref="stsUPPortFilter" /> <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" /> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4b209ef5/services/idp/src/main/webapp/WEB-INF/security-config.xml ---------------------------------------------------------------------- diff --git a/services/idp/src/main/webapp/WEB-INF/security-config.xml b/services/idp/src/main/webapp/WEB-INF/security-config.xml index e51f906..0bbafe3 100644 --- a/services/idp/src/main/webapp/WEB-INF/security-config.xml +++ b/services/idp/src/main/webapp/WEB-INF/security-config.xml @@ -56,6 +56,7 @@ <security:http pattern="/federation" use-expressions="true" entry-point-ref="fedizEntryPoint"> <security:custom-filter after="CHANNEL_FILTER" ref="stsUPPortFilter" /> <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" /> + <security:intercept-url pattern="/FederationMetadata/2007-06/FederationMetadata.xml" access="isAnonymous() or isAuthenticated()" /> </security:http> <!-- Main entry point for SAML SSO --> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4b209ef5/systests/custom/src/test/resources/realma/security-up-config.xml ---------------------------------------------------------------------- diff --git a/systests/custom/src/test/resources/realma/security-up-config.xml b/systests/custom/src/test/resources/realma/security-up-config.xml index 5227fd2..6038bdd 100644 --- a/systests/custom/src/test/resources/realma/security-up-config.xml +++ b/systests/custom/src/test/resources/realma/security-up-config.xml @@ -40,7 +40,7 @@ <!-- HTTP/BA entry point for WS-Federation --> <security:http pattern="/federation/up/**" use-expressions="true"> - <security:intercept-url requires-channel="https" pattern="/federation/up/login*" access="isAnonymous() or isAuthenticated()" /> + <security:intercept-url requires-channel="https" pattern="/federation/up/login*" access="isAuthenticated()" /> <security:custom-filter after="CHANNEL_FILTER" ref="stsUPPortFilter" /> <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" /> <security:custom-filter before="BASIC_AUTH_FILTER" ref="requestContextFilter"/> @@ -62,7 +62,7 @@ <!-- HTTP/BA entry point for SAML SSO --> <security:http pattern="/saml/up/**" use-expressions="true"> - <security:intercept-url requires-channel="https" pattern="/saml/up/login*" access="isAnonymous() or isAuthenticated()" /> + <security:intercept-url requires-channel="https" pattern="/saml/up/login*" access="isAuthenticated()" /> <security:custom-filter after="CHANNEL_FILTER" ref="stsUPPortFilter" /> <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" /> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4b209ef5/systests/federation/samlsso/src/test/resources/realmb/security-config.xml ---------------------------------------------------------------------- diff --git a/systests/federation/samlsso/src/test/resources/realmb/security-config.xml b/systests/federation/samlsso/src/test/resources/realmb/security-config.xml index 5c2b429..d206024 100644 --- a/systests/federation/samlsso/src/test/resources/realmb/security-config.xml +++ b/systests/federation/samlsso/src/test/resources/realmb/security-config.xml @@ -81,9 +81,9 @@ <!-- HTTP/BA entry point --> <security:http pattern="/federation/up" use-expressions="true"> + <security:intercept-url requires-channel="https" pattern="/federation/up/login*" access="isAuthenticated()" /> <security:custom-filter after="CHANNEL_FILTER" ref="stsPortFilter" /> <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" /> - <security:intercept-url pattern="/FederationMetadata/2007-06/FederationMetadata.xml" access="isAnonymous() or isAuthenticated()" /> <security:http-basic /> <security:logout delete-cookies="FEDIZ_HOME_REALM" invalidate-session="true" /> @@ -96,7 +96,7 @@ <!-- HTTP/BA entry point --> <security:http pattern="/saml/up/**" use-expressions="true"> - <security:intercept-url requires-channel="https" pattern="/saml/up/login*" access="isAnonymous() or isAuthenticated()" /> + <security:intercept-url requires-channel="https" pattern="/saml/up/login*" access="isAuthenticated()" /> <security:custom-filter after="CHANNEL_FILTER" ref="stsPortFilter" /> <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" /> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4b209ef5/systests/federation/wsfed/src/test/resources/realmb/security-config.xml ---------------------------------------------------------------------- diff --git a/systests/federation/wsfed/src/test/resources/realmb/security-config.xml b/systests/federation/wsfed/src/test/resources/realmb/security-config.xml index 5c2b429..d206024 100644 --- a/systests/federation/wsfed/src/test/resources/realmb/security-config.xml +++ b/systests/federation/wsfed/src/test/resources/realmb/security-config.xml @@ -81,9 +81,9 @@ <!-- HTTP/BA entry point --> <security:http pattern="/federation/up" use-expressions="true"> + <security:intercept-url requires-channel="https" pattern="/federation/up/login*" access="isAuthenticated()" /> <security:custom-filter after="CHANNEL_FILTER" ref="stsPortFilter" /> <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" /> - <security:intercept-url pattern="/FederationMetadata/2007-06/FederationMetadata.xml" access="isAnonymous() or isAuthenticated()" /> <security:http-basic /> <security:logout delete-cookies="FEDIZ_HOME_REALM" invalidate-session="true" /> @@ -96,7 +96,7 @@ <!-- HTTP/BA entry point --> <security:http pattern="/saml/up/**" use-expressions="true"> - <security:intercept-url requires-channel="https" pattern="/saml/up/login*" access="isAnonymous() or isAuthenticated()" /> + <security:intercept-url requires-channel="https" pattern="/saml/up/login*" access="isAuthenticated()" /> <security:custom-filter after="CHANNEL_FILTER" ref="stsPortFilter" /> <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />