Google Git
Sign in
apache / cxf-fediz / 0369638908697779c4fe493efc6af1fba76b1fbf / . / examples / springWebapp / README.txt
blob: 5c58f8e3ed78dd5c901e1b96258bff719f1ff137 [file] [log] [blame]
Simple Spring Web Application Demo
==================================
This demo shows how to build and deploy an SSO protected web application
using Apache CXF Fediz. The web application uses spring security for
authentication and authorization natively which provides a richer security
API and configuration than the Java Servlet API.
If you still want to enforce security on the container level but want to use
spring security's features the demo 'springPreAuthWebapp' illustrates that.
Running this sample consists of four steps:
- Configure the Tomcat-IDP and Servlet Container for RP instances
- Building the demo using Maven
- Deploying the demo to the RP instance
- Testing the demo
Please review the README in the samples main directory before continuing.
Configure the Tomcat-IDP and Servlet Container for RP instances
---------------------------------------------------------------
First, make sure the separate Tomcat instance hosting the Fediz IDP and IDP
STS has been configured and is running as described here:
http://cxf.apache.org/fediz-idp.html. Confirm the STS is active by
checking that the WSDL is viewable from the browser using the URL given
on that page--don't proceed further unless it is.
The benefit of using Spring Security which is packaged with the demo application
there are no plugin deployments required for the RP Servlet Container.
See this wiki page for instructions:
http://cxf.apache.org/fediz-spring.html -- the "HTTPS Configuration" sections
are the only parts that need configuration for this sample.
Demo Web Application
--------------------
The main code lives in the class FederationServlet. This Servlet is protected
and can be accessed only if the browser user is authenticated. The purpose of
the FederationServlet is to illustrate the usage of the Spring Security API and
Configuration to get the authenticated user and to check the roles he has. Further,
the FederationServlet shows how to access claims data (user data) which were
stored in the SAML token by using the Fediz interface FedizPrincipal.
Beyond that, the FederationServlet illustrates how to access the SAML token
if required. The classes SecurityTokenThreadLocal.java and FederationFilter.java
can be used to achieve that. You could get this information directly from the
HTTP session.
Building the demo using Maven
-----------------------------
From the base directory of this sample (i.e., where this README file is
located), the pom.xml file is used to build and run the demo. From a
command prompt, enter:
mvn clean install (builds the demo and creates a WAR file for Servlet deployment)
Deploying the demo to Tomcat
----------------------------
Either manually copy this sample's generated WAR file to the Tomcat-RP's
webapps folder, or use the Tomcat Maven Plugin as described in the README file
in the example folder root.
It's recommended to not deploy this WAR into Servlet Container where Fediz is
integrated into the Security Layer of the Container itself.
Test the demo
-------------
Enter the following URL into the browser (TCP port depends on your HTTP settings):
https://localhost:10443/fedizhelloworld/secure/fedservlet
The browser is redirected to the IDP and prompts for username and password. As described
in the IDP installation, the following users are already set up:
User: alice Password: ecila
User: bob Password: bob
User: ted Password: det