| <?xml version="1.0" encoding="UTF-8"?> |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| --> |
| <beans xmlns="http://www.springframework.org/schema/beans" |
| xmlns:cxf="http://cxf.apache.org/core" |
| xmlns:jaxws="http://cxf.apache.org/jaxws" |
| xmlns:test="http://apache.org/hello_world_soap_http" |
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
| xmlns:util="http://www.springframework.org/schema/util" |
| xmlns:http="http://cxf.apache.org/transports/http/configuration" |
| xmlns:sec="http://cxf.apache.org/configuration/security" |
| xsi:schemaLocation=" |
| http://cxf.apache.org/core |
| http://cxf.apache.org/schemas/core.xsd |
| http://www.springframework.org/schema/beans |
| http://www.springframework.org/schema/beans/spring-beans-2.0.xsd |
| http://cxf.apache.org/jaxws |
| http://cxf.apache.org/schemas/jaxws.xsd |
| http://www.springframework.org/schema/util |
| http://www.springframework.org/schema/util/spring-util-2.0.xsd |
| http://cxf.apache.org/transports/http/configuration |
| http://cxf.apache.org/schemas/configuration/http-conf.xsd |
| http://cxf.apache.org/configuration/security |
| http://cxf.apache.org/schemas/configuration/security.xsd"> |
| |
| <import resource="classpath:META-INF/cxf/cxf.xml" /> |
| |
| <bean id="loggerListener" class="org.apache.cxf.sts.event.map.EventMapper"> |
| <constructor-arg> |
| <bean class="org.apache.cxf.sts.event.map.MapEventLogger" /> |
| </constructor-arg> |
| </bean> |
| |
| <!-- Per default the resource <file.xml> is imported. |
| If built with Maven Profile 'ldap', the resource <ldap.xml> is imported --> |
| <import resource="${adapter.resource}.xml" /> |
| |
| <util:list id="delegationHandlers"> |
| <bean id="samlDelegationHandler" |
| class="org.apache.cxf.fediz.service.sts.FedizSAMLDelegationHandler" /> |
| <bean id="x509DelegationHandler" |
| class="org.apache.cxf.fediz.service.sts.FedizX509DelegationHandler" /> |
| </util:list> |
| |
| <bean id="transportSTSProviderBean" |
| class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider"> |
| <property name="issueOperation" ref="transportIssueDelegate" /> |
| <property name="validateOperation" ref="transportValidateDelegate" /> |
| </bean> |
| |
| <bean id="transportIssueDelegate" class="org.apache.cxf.sts.operation.TokenIssueOperation"> |
| <property name="tokenProviders" ref="transportTokenProviders" /> |
| <property name="services" ref="transportServices" /> |
| <property name="stsProperties" ref="transportSTSProperties" /> |
| <property name="claimsManager" ref="claimsManager" /> |
| <property name="tokenValidators" ref="transportTokenValidators" /> |
| <property name="eventListener" ref="loggerListener" /> |
| <property name="delegationHandlers" ref="delegationHandlers" /> |
| <property name="encryptIssuedToken" value="true"/> |
| </bean> |
| |
| <bean id="transportValidateDelegate" class="org.apache.cxf.sts.operation.TokenValidateOperation"> |
| <property name="tokenValidators" ref="transportTokenValidators" /> |
| <property name="stsProperties" ref="transportSTSProperties" /> |
| <property name="eventListener" ref="loggerListener" /> |
| </bean> |
| |
| <util:list id="relationships"> |
| <bean class="org.apache.cxf.sts.token.realm.Relationship"> |
| <property name="sourceRealm" value="REALMA" /> |
| <property name="targetRealm" value="REALMB" /> |
| <property name="identityMapper" ref="identityMapper" /> |
| <property name="type" value="FederatedIdentity" /> |
| </bean> |
| <bean class="org.apache.cxf.sts.token.realm.Relationship"> |
| <property name="sourceRealm" value="REALMB" /> |
| <property name="targetRealm" value="REALMA" /> |
| <property name="identityMapper" ref="identityMapper" /> |
| <property name="type" value="FederatedIdentity" /> |
| </bean> |
| </util:list> |
| |
| <util:list id="transportTokenProviders"> |
| <ref bean="transportSamlTokenProvider" /> |
| </util:list> |
| |
| <util:list id="transportTokenValidators"> |
| <ref bean="transportSamlTokenValidator" /> |
| <bean class="org.apache.cxf.sts.token.validator.X509TokenValidator" /> |
| </util:list> |
| |
| <bean id="realmA" class="org.apache.cxf.sts.token.realm.SAMLRealm"> |
| <property name="issuer" value="STS Realm A" /> |
| <property name="signaturePropertiesFile" value="stsKeystoreA.properties" /> |
| <property name="callbackHandlerClass" |
| value="org.apache.cxf.fediz.service.sts.PasswordCallbackHandler" /> |
| </bean> |
| |
| <bean id="realmB" class="org.apache.cxf.sts.token.realm.SAMLRealm"> |
| <property name="issuer" value="STS Realm B" /> |
| <property name="signaturePropertiesFile" value="stsKeystoreB.properties" /> |
| <property name="callbackHandlerClass" |
| value="org.apache.cxf.fediz.service.sts.PasswordCallbackHandler" /> |
| </bean> |
| |
| <util:map id="realms"> |
| <entry key="REALMA" value-ref="realmA" /> |
| <entry key="REALMB" value-ref="realmB" /> |
| </util:map> |
| |
| <bean id="transportSamlTokenProvider" class="org.apache.cxf.sts.token.provider.SAMLTokenProvider"> |
| <property name="attributeStatementProviders" ref="attributeStatementProvidersList" /> |
| <property name="realmMap" ref="realms" /> |
| <property name="conditionsProvider" ref="conditionsProvider" /> |
| <property name="subjectProvider" ref="subjectProvider" /> |
| </bean> |
| |
| <bean id="conditionsProvider" |
| class="org.apache.cxf.sts.token.provider.DefaultConditionsProvider"> |
| <property name="lifetime" value="1200" /> |
| <property name="acceptClientLifetime" value="true" /> |
| </bean> |
| |
| <bean id="subjectProvider" |
| class="org.apache.cxf.sts.token.provider.DefaultSubjectProvider"> |
| <property name="subjectNameIDFormat" |
| value="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" /> |
| </bean> |
| |
| <util:list id="attributeStatementProvidersList"> |
| <ref bean="claimAttributeProvider" /> |
| </util:list> |
| |
| <bean id="claimAttributeProvider" |
| class="org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider"> |
| </bean> |
| |
| <bean id="claimsManager" class="org.apache.cxf.sts.claims.ClaimsManager"> |
| <property name="claimHandlers" ref="claimHandlerList" /> |
| </bean> |
| |
| <bean id="identityMapper" |
| class="org.apache.cxf.fediz.service.sts.realms.IdentityMapperImpl" /> |
| |
| <bean id="samlRealmCodec" |
| class="org.apache.cxf.fediz.service.sts.realms.SamlRealmCodec" /> |
| |
| <bean id="customRealmParser" class="org.apache.cxf.fediz.service.sts.realms.UriRealmParser"> |
| <property name="realmMap" ref="realms" /> |
| </bean> |
| |
| <bean id="transportSamlTokenValidator" |
| class="org.apache.cxf.sts.token.validator.SAMLTokenValidator"> |
| <property name="samlRealmCodec" ref="samlRealmCodec" /> |
| </bean> |
| |
| <bean id="transportUsernameTokenValidator" |
| class="org.apache.cxf.sts.token.validator.UsernameTokenValidator"> |
| </bean> |
| |
| <util:list id="transportServices"> |
| <ref bean="myEncryptionService" /> |
| <ref bean="transportService" /> |
| </util:list> |
| |
| <bean id="transportService" class="org.apache.cxf.sts.service.StaticService"> |
| <property name="endpoints"> |
| <util:list> |
| <value>.*</value> |
| </util:list> |
| </property> |
| </bean> |
| |
| <bean id="myEncryptionService" class="org.apache.cxf.sts.service.StaticService"> |
| <property name="endpoints"> |
| <util:list> |
| <value>myServiceB.*</value> |
| </util:list> |
| </property> |
| <property name="encryptionProperties"> |
| <bean class="org.apache.cxf.sts.service.EncryptionProperties"> |
| <property name="encryptionName" value="serviceB"/> |
| <property name="encryptionAlgorithm" value="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> |
| </bean> |
| </property> |
| </bean> |
| |
| <bean id="transportSTSProperties" class="org.apache.cxf.sts.StaticSTSProperties"> |
| <property name="callbackHandlerClass" |
| value="org.apache.cxf.fediz.service.sts.PasswordCallbackHandler" /> |
| <property name="issuer" value="Fediz STS" /> |
| <property name="realmParser" ref="customRealmParser" /> |
| <property name="signatureCryptoProperties" value="stsTruststore.properties" /> |
| <property name="encryptionCryptoProperties" value="stsEncryption.properties"/> |
| <property name="relationships" ref="relationships" /> |
| </bean> |
| |
| <jaxws:endpoint id="transportSTSRealmA" implementor="#transportSTSProviderBean" |
| address="/REALMA/STSServiceTransport" wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl" |
| xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/" |
| serviceName="ns1:SecurityTokenService" endpointName="ns1:Transport_Port"> |
| <jaxws:properties> |
| </jaxws:properties> |
| </jaxws:endpoint> |
| |
| <jaxws:endpoint id="transportSTSRealmB" implementor="#transportSTSProviderBean" |
| address="/REALMB/STSServiceTransport" wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl" |
| xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/" |
| serviceName="ns1:SecurityTokenService" endpointName="ns1:Transport_Port"> |
| <jaxws:properties> |
| </jaxws:properties> |
| </jaxws:endpoint> |
| |
| </beans> |
| |