| Simple Spring Web Application Demo |
| ================================== |
| |
| This demo shows how to build and deploy an SSO protected web application |
| using Apache CXF Fediz. The web application uses spring security 2 for |
| authentication and authorization natively which provides a richer security |
| API and configuration than the Java Servlet API. |
| |
| If you still want to enforce security on the container level but want to use |
| spring security's features the demo 'springPreAuthWebapp' illustrates that. |
| |
| Running this sample consists of four steps: |
| |
| - Configure the Tomcat-IDP and Servlet Container for RP instances |
| - Building the demo using Maven |
| - Deploying the demo to the RP instance |
| - Testing the demo |
| |
| Please review the README in the samples main directory before continuing. |
| |
| Configure the Tomcat-IDP and Servlet Container for RP instances |
| --------------------------------------------------------------- |
| First, make sure the separate Tomcat instance hosting the Fediz IDP and IDP |
| STS has been configured and is running as described here: |
| http://cxf.apache.org/fediz-idp.html. Confirm the STS is active by |
| checking that the WSDL is viewable from the browser using the URL given |
| on that page--don't proceed further unless it is. |
| |
| The benefit of using Spring Security 2 which is packaged with the demo application |
| there are no plugin deployments required for the RP Servlet Container. |
| See this wiki page for instructions: |
| http://cxf.apache.org/fediz-spring-2.html -- the "HTTPS Configuration" sections |
| are the only parts that need configuration for this sample. |
| |
| |
| Demo Web Application |
| -------------------- |
| The main code lives in the class FederationServlet. This Servlet is protected |
| and can be accessed only if the browser user is authenticated. The purpose of |
| the FederationServlet is to illustrate the usage of the Spring Security 2 API and |
| Configuration to get the authenticated user and to check the roles he has. Further, |
| the FederationServlet shows how to access claims data (user data) which were |
| stored in the SAML token by using the Fediz interface FederationPrincipal. |
| Beyond that, the FederationServlet illustrates how to access the SAML token |
| if required. The classes SecurityTokenThreadLocal.java and FederationFilter.java |
| can be used to achieve that. You could get this information directly from the |
| HTTP session. |
| |
| |
| Building the demo using Maven |
| ----------------------------- |
| From the base directory of this sample (i.e., where this README file is |
| located), the pom.xml file is used to build and run the demo. From a |
| command prompt, enter: |
| |
| mvn clean install (builds the demo and creates a WAR file for Servlet deployment) |
| |
| |
| Deploying the demo to Tomcat |
| ---------------------------- |
| Either manually copy this sample's generated WAR file to the Tomcat-RP's |
| webapps folder, or use the Tomcat Maven Plugin as described in the README file |
| in the example folder root. |
| It's recommended to not deploy this WAR into Servlet Container where Fediz is |
| integrated into the Security Layer of the Container itself. |
| |
| |
| Test the demo |
| ------------- |
| Enter the following URL into the browser (TCP port depends on your HTTP settings): |
| |
| https://localhost:10443/fedizhelloworld/secure/fedservlet |
| |
| The browser is redirected to the IDP and prompts for username and password. As described |
| in the IDP installation, the following users are already set up: |
| |
| User: alice Password: ecila |
| User: bob Password: bob |
| User: ted Password: det |
| |
| |