Skip to content
Permalink
Browse files
readme updated
git-svn-id: https://svn.apache.org/repos/asf/cxf/fediz/trunk@1519224 13f79535-47bb-0310-9956-ffa450edef68
  • Loading branch information
owulff committed Aug 31, 2013
1 parent 01955c0 commit a4ffb2d01df70c09a0b56a5531e5b6b27d2e943b
Showing 7 changed files with 65 additions and 25 deletions.
@@ -38,15 +38,35 @@ Source Directory structure

+ plugins contains the sources of the Federation plugin
+ core the core module contains the majority of functionality which is Servlet container agnostic
+ tomcat the Tomcat module is the bridge of the core to the Tomcat specific security engine
+ tomcat the Tomcat module is the bridge of the core to the
Tomcat specific security engine (container managed)
+ jetty the Jetty module is the bridge of the core to the
Jetty specific security engine (container managed)
+ spring the Spring module is the brige of the core to the
Spring Security 3 specific security engine (application managed)
+ spring2 the Spring2 module is the bridge of the core to the
Spring Security 2 specific security engine (application managed)
+ websphere the IBM Websphere module is the bridge of the core to the
IBM Websphere specific security engine (container managed)

+ services contains the sources of the Identity Provider
+ sts the STS module contains the configured CXF STS which supports the Federation use cases
+ idp the IDP module is the bridge of the STS to a WS-Trust/SOAP unaware browser

+ examples
+ simpleWebapp this example shows how to protect a simple web application using the Fediz plugin
+ wsclientWebapp this example shows how a protected web application calls a web service protected by the STS
+ webapp contains the web application
+ webservice contains the web services implementation
+ simpleWebapp this example shows how to protect a simple web application using
the Fediz plugin which is configured on the container level
+ springPreAuthWebapp this example shows how to protect a simple web application using
the Fediz plugin which is configured at the container level
and creates the spring security context to use spring security features
for authorization like annotations, spring security configuration, etc.
+ springWebapp this example shows how to protect a simple web application using
the Fediz plugin which is configured within the application in
the Spring Security 3 configuration
+ spring2Webapp this example shows how to protect a simple web application using
the Fediz plugin which is configured within the application in
the Spring Security 2 configuration
+ wsclientWebapp this example shows how a protected web application calls a web service protected by the STS
+ webapp contains the web application
+ webservice contains the web services implementation

@@ -19,10 +19,7 @@ each sample, follow the READMEs located in each sample's folder.
examples. Either the WAR can be manually copied to your servlet
container's war deployment directory (webapps by default with Tomcat)
or the Tomcat Maven Plugin (http://tomcat.apache.org/maven-plugin.html)
can be used to auto-install the WAR onto Tomcat. Note if you're using
this plugin with Tomcat 6 instead of Tomcat 7, change the
tomcat-maven-plugin URLs in the service/pom.xml files to
"http://localhost:{port}/manager" (instead of ".../manager/text").
can be used to auto-install the WAR onto Tomcat.

To be able to run the Maven "mvn" command from any folder, be
sure to add the MAVEN_HOME/bin directory to your system PATH
@@ -1,8 +1,13 @@
Simple Spring Web Application Demo
==================================

This demo shows how to build and deploy an SSO protected using Apache CXF Fediz
for a spring security based web application.
This demo shows how to build and deploy an SSO protected web application
using Apache CXF Fediz. The web application uses spring security 2 for
authentication and authorization natively which provides a richer security
API and configuration than the Java Servlet API.

If you still want to enforce security on the container level but want to use
spring security's features the demo 'springPreAuthWebapp' illustrates that.

Running this sample consists of four steps:

@@ -21,18 +26,18 @@ http://cxf.apache.org/fediz-idp.html. Confirm the STS is active by
checking that the WSDL is viewable from the browser using the URL given
on that page--don't proceed further unless it is.

The benefit of using Spring Security which is packaged with the demo application
The benefit of using Spring Security 2 which is packaged with the demo application
there are no plugin deployments required for the RP Servlet Container.
See this wiki page for instructions:
http://cxf.apache.org/fediz-spring.html -- the "HTTPS Configuration" sections
http://cxf.apache.org/fediz-spring-2.html -- the "HTTPS Configuration" sections
are the only parts that need configuration for this sample.


Demo Web Application
--------------------
The main code lives in the class FederationServlet. This Servlet is protected
and can be accessed only if the browser user is authenticated. The purpose of
the FederationServlet is to illustrate the usage of the Spring Security API and
the FederationServlet is to illustrate the usage of the Spring Security 2 API and
Configuration to get the authenticated user and to check the roles he has. Further,
the FederationServlet shows how to access claims data (user data) which were
stored in the SAML token by using the Fediz interface FederationPrincipal.
@@ -1,8 +1,13 @@
Simple Spring Web Application Demo
==================================

This demo shows how to build and deploy an SSO protected using Apache CXF Fediz
for a spring security based web application.
This demo shows how to build and deploy an SSO protected web application
using Apache CXF Fediz. The web application uses spring security for
authentication and authorization natively which provides a richer security
API and configuration than the Java Servlet API.

If you still want to enforce security on the container level but want to use
spring security's features the demo 'springPreAuthWebapp' illustrates that.

Running this sample consists of four steps:

@@ -7,7 +7,14 @@ It's recommended to use HTTPS to avoid sending tokens/cookies in clear text on t
Please check your Servlet Container documentation how to set it up.

Please check the Spring Security example to get more information how to deploy a web application
using Spring Security.
using Spring Security 3.

The following wiki page explains how to configure the Fediz Spring plugin in your application:
http://cxf.apache.org/fediz-spring.html

The following wiki page explains the fediz configuration which is Container independent:
http://cxf.apache.org/fediz-configuration.html

Note: The Fediz Spring plugin is packaged with your application.
Thus it's recommended to package it with the application
using Apache Maven.
@@ -1,13 +1,20 @@
Fediz configuration for Spring Security
---------------------------------------
Fediz configuration for Spring Security 2.0
-------------------------------------------

The Servlet Container installation doesn't have to be updated before a Web Application can be deployed.

It's recommended to use HTTPS to avoid sending tokens/cookies in clear text on the network.
Please check your Servlet Container documentation how to set it up.

Please check the Spring Security example to get more information how to deploy a web application
Please check the Spring Security 2 example to get more information how to deploy a web application
using Spring Security.

The following wiki page explains how to configure the Fediz Spring plugin in your application:
http://cxf.apache.org/fediz-spring-2.html

The following wiki page explains the fediz configuration which is Container independent:
http://cxf.apache.org/fediz-configuration.html

Note: The Fediz Spring plugin is packaged with your application.
Thus it's recommended to package it with the application
using Apache Maven.
@@ -1,6 +1,5 @@
Build the STS
----------------------------

Building and Installating the STS
=================================

STS with LDAP backend
---------------------
@@ -17,11 +16,11 @@ mvn clean install -Prealms

Proceed with the following steps to update the signing certificates:

keytool -genkeypair -validity 3600 -alias realma -keystore stsrealm_a.jks -dname "cn=REALMA" -keypass realma -storepass storepass
keytool -genkeypair -keyalg RSA -validity 3600 -alias realma -keystore stsrealm_a.jks -dname "cn=REALMA" -keypass realma -storepass storepass
keytool -keystore stsrealm_a.jks -storepass storepass -export -alias realma -file realma.cert


keytool -genkeypair -validity 3600 -alias realmb -keystore stsrealm_b.jks -dname "cn=REALMB" -keypass realmb -storepass storepass
keytool -genkeypair -keyalg RSA -validity 3600 -alias realmb -keystore stsrealm_b.jks -dname "cn=REALMB" -keypass realmb -storepass storepass
keytool -keystore stsrealm_b.jks -storepass storepass -export -alias realmb -file realmb.cert

keytool -import -trustcacerts -keystore ststrust.jks -storepass storepass -alias realma -file realma.cert -noprompt

0 comments on commit a4ffb2d

Please sign in to comment.