[jboss-cvs] Repository SVN: r1196 - in jboss-portal/modules/identity/1.0.0-SNAPSHOT: lib and 1 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Sep 4 06:10:09 EDT 2007
Author: bdaw
Date: 2007-09-04 06:10:08 -0400 (Tue, 04 Sep 2007)
New Revision: 1196
Added:
jboss-portal/modules/identity/1.0.0-SNAPSHOT/lib/portal-identity-sso-lib.jar
jboss-portal/modules/identity/1.0.0-SNAPSHOT/resources/cas_context.xml
jboss-portal/modules/identity/1.0.0-SNAPSHOT/resources/cas_deployerConfigContext.xml
jboss-portal/modules/identity/1.0.0-SNAPSHOT/resources/josso_context.xml
jboss-portal/modules/identity/1.0.0-SNAPSHOT/resources/josso_error.jsp
jboss-portal/modules/identity/1.0.0-SNAPSHOT/resources/josso_josso-agent-config.xml
jboss-portal/modules/identity/1.0.0-SNAPSHOT/resources/josso_josso-config.xml
jboss-portal/modules/identity/1.0.0-SNAPSHOT/resources/josso_josso-gateway-config.xml
jboss-portal/modules/identity/1.0.0-SNAPSHOT/resources/josso_login-config.xml
jboss-portal/modules/identity/1.0.0-SNAPSHOT/resources/josso_login.jsp
jboss-portal/modules/identity/1.0.0-SNAPSHOT/resources/josso_server.xml
Modified:
jboss-portal/modules/identity/1.0.0-SNAPSHOT/component-info.xml
jboss-portal/modules/identity/1.0.0-SNAPSHOT/lib/portal-identity-lib.jar
Log:
identity libs update
Modified: jboss-portal/modules/identity/1.0.0-SNAPSHOT/component-info.xml
===================================================================
--- jboss-portal/modules/identity/1.0.0-SNAPSHOT/component-info.xml 2007-09-04 05:35:59 UTC (rev 1195)
+++ jboss-portal/modules/identity/1.0.0-SNAPSHOT/component-info.xml 2007-09-04 10:10:08 UTC (rev 1196)
@@ -1,15 +1,31 @@
<project name="jboss-portal-identity-component-info">
- <!-- build from SVN revision 8053 -->
+ <!-- build from SVN revision 8140 -->
<component id="jboss-portal/modules/identity"
licenseType="lgpl"
version="1.0.0-SNAPSHOT"
projectHome="http://labs.jboss.com/jbossportal"
description="JBoss Portal identity module libraries">
+ <!--jars-->
<artifact id="portal-identity-lib.jar"/>
+ <artifact id="portal-identity-sso-lib.jar"/>
+ <!--resources-->
<artifact id="domain.hbm.xml"/>
<artifact id="domain-identity.hbm.xml"/>
+ <!--dtd-->
<artifact id="identity-config_2_6.dtd"/>
<artifact id="profile-config_2_6.dtd"/>
+ <!--SSO - CAS config-->
+ <artifact id="cas_context.xml"/>
+ <artifact id="cas_deployerConfigContext.xml"/>
+ <!--SSO - JOSSO config-->
+ <artifact id="josso_context.xml"/>
+ <artifact id="josso_error.jsp"/>
+ <artifact id="josso_josso-agent-config.xml"/>
+ <artifact id="josso_josso-config.xml"/>
+ <artifact id="josso_josso-gateway-config.xml"/>
+ <artifact id="josso_login-config.xml"/>
+ <artifact id="josso_login.jsp"/>
+ <artifact id="josso_server.xml"/>
<export>
<include input="portal-identity-lib.jar"/>
</export>
Modified: jboss-portal/modules/identity/1.0.0-SNAPSHOT/lib/portal-identity-lib.jar
===================================================================
(Binary files differ)
Added: jboss-portal/modules/identity/1.0.0-SNAPSHOT/lib/portal-identity-sso-lib.jar
===================================================================
(Binary files differ)
Property changes on: jboss-portal/modules/identity/1.0.0-SNAPSHOT/lib/portal-identity-sso-lib.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: jboss-portal/modules/identity/1.0.0-SNAPSHOT/resources/cas_context.xml
===================================================================
--- jboss-portal/modules/identity/1.0.0-SNAPSHOT/resources/cas_context.xml (rev 0)
+++ jboss-portal/modules/identity/1.0.0-SNAPSHOT/resources/cas_context.xml 2007-09-04 10:10:08 UTC (rev 1196)
@@ -0,0 +1,9 @@
+<?xml version="1.0"?>
+<Context>
+ <Valve className="org.jboss.portal.identity.auth.CASAuthenticationValve"
+ casLogin="https://localhost:8080/cas/login"
+ casValidate="https://localhost:8080/cas/serviceValidate"
+ casServerName="localhost"
+ authType="FORM"
+ />
+</Context>
Added: jboss-portal/modules/identity/1.0.0-SNAPSHOT/resources/cas_deployerConfigContext.xml
===================================================================
--- jboss-portal/modules/identity/1.0.0-SNAPSHOT/resources/cas_deployerConfigContext.xml (rev 0)
+++ jboss-portal/modules/identity/1.0.0-SNAPSHOT/resources/cas_deployerConfigContext.xml 2007-09-04 10:10:08 UTC (rev 1196)
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+<!--
+ | deployerConfigContext.xml centralizes into one file some of the declarative configuration that
+ | all CAS deployers will need to modify.
+ |
+ | This file declares some of the Spring-managed JavaBeans that make up a CAS deployment.
+ | The beans declared in this file are instantiated at context initialization time by the Spring
+ | ContextLoaderListener declared in web.xml. It finds this file because this
+ | file is among those declared in the context parameter "contextConfigLocation".
+ |
+ | By far the most common change you will need to make in this file is to change the last bean
+ | declaration to replace the default SimpleTestUsernamePasswordAuthenticationHandler with
+ | one implementing your approach for authenticating usernames and passwords.
+ +-->
+<beans>
+ <!--
+ | This bean declares our AuthenticationManager. The CentralAuthenticationService service bean
+ | declared in applicationContext.xml picks up this AuthenticationManager by reference to its id,
+ | "authenticationManager". Most deployers will be able to use the default AuthenticationManager
+ | implementation and so do not need to change the class of this bean. We include the whole
+ | AuthenticationManager here in the userConfigContext.xml so that you can see the things you will
+ | need to change in context.
+ +-->
+ <bean id="authenticationManager"
+ class="org.jasig.cas.authentication.AuthenticationManagerImpl">
+ <!--
+ | This is the List of CredentialToPrincipalResolvers that identify what Principal is trying to authenticate.
+ | The AuthenticationManagerImpl considers them in order, finding a CredentialToPrincipalResolver which
+ | supports the presented credentials.
+ |
+ | AuthenticationManagerImpl uses these resolvers for two purposes. First, it uses them to identify the Principal
+ | attempting to authenticate to CAS /login . In the default configuration, it is the DefaultCredentialsToPrincipalResolver
+ | that fills this role. If you are using some other kind of credentials than UsernamePasswordCredentials, you will need to replace
+ | DefaultCredentialsToPrincipalResolver with a CredentialsToPrincipalResolver that supports the credentials you are
+ | using.
+ |
+ | Second, AuthenticationManagerImpl uses these resolvers to identify a service requesting a proxy granting ticket.
+ | In the default configuration, it is the HttpBasedServiceCredentialsToPrincipalResolver that serves this purpose.
+ | You will need to change this list if you are identifying services by something more or other than their callback URL.
+ +-->
+ <property name="credentialsToPrincipalResolvers">
+ <list>
+ <!--
+ | UsernamePasswordCredentialsToPrincipalResolver supports the UsernamePasswordCredentials that we use for /login
+ | by default and produces SimplePrincipal instances conveying the username from the credentials.
+ |
+ | If you've changed your LoginFormAction to use credentials other than UsernamePasswordCredentials then you will also
+ | need to change this bean declaration (or add additional declarations) to declare a CredentialsToPrincipalResolver that supports the
+ | Credentials you are using.
+ +-->
+ <bean
+ class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />
+ <!--
+ | HttpBasedServiceCredentialsToPrincipalResolver supports HttpBasedCredentials. It supports the CAS 2.0 approach of
+ | authenticating services by SSL callback, extracting the callback URL from the Credentials and representing it as a
+ | SimpleService identified by that callback URL.
+ |
+ | If you are representing services by something more or other than an HTTPS URL whereat they are able to
+ | receive a proxy callback, you will need to change this bean declaration (or add additional declarations).
+ +-->
+ <bean
+ class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />
+ </list>
+ </property>
+
+ <!--
+ | Whereas CredentialsToPrincipalResolvers identify who it is some Credentials might authenticate,
+ | AuthenticationHandlers actually authenticate credentials. Here we declare the AuthenticationHandlers that
+ | authenticate the Principals that the CredentialsToPrincipalResolvers identified. CAS will try these handlers in turn
+ | until it finds one that both supports the Credentials presented and succeeds in authenticating.
+ +-->
+ <property name="authenticationHandlers">
+ <list>
+ <!--
+ | This is the authentication handler that authenticates services by means of callback via SSL, thereby validating
+ | a server side SSL certificate.
+ +-->
+ <bean
+ class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler">
+ <property
+ name="httpClient"
+ ref="httpClient" />
+ </bean>
+
+ <!--
+ | This is the authentication handler declaration that every CAS deployer will need to change before deploying CAS
+ | into production. The default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials
+ | where the username equals the password. You will need to replace this with an AuthenticationHandler that implements your
+ | local authentication strategy. You might accomplish this by coding a new such handler and declaring
+ | edu.someschool.its.cas.MySpecialHandler here, or you might use one of the handlers provided in the adaptors modules.
+ +-->
+ <bean
+ class="org.jboss.portal.identity.auth.CASAuthenticationHandler" />
+ </list>
+ </property>
+ </bean>
+</beans>
Added: jboss-portal/modules/identity/1.0.0-SNAPSHOT/resources/josso_context.xml
===================================================================
--- jboss-portal/modules/identity/1.0.0-SNAPSHOT/resources/josso_context.xml (rev 0)
+++ jboss-portal/modules/identity/1.0.0-SNAPSHOT/resources/josso_context.xml 2007-09-04 10:10:08 UTC (rev 1196)
@@ -0,0 +1,4 @@
+<?xml version="1.0"?>
+<Context>
+ <Valve className="org.jboss.portal.identity.auth.JOSSOLogoutValve"/>
+</Context>
Added: jboss-portal/modules/identity/1.0.0-SNAPSHOT/resources/josso_error.jsp
===================================================================
--- jboss-portal/modules/identity/1.0.0-SNAPSHOT/resources/josso_error.jsp (rev 0)
+++ jboss-portal/modules/identity/1.0.0-SNAPSHOT/resources/josso_error.jsp 2007-09-04 10:10:08 UTC (rev 1196)
@@ -0,0 +1,41 @@
+<%--
+ ~ Copyright (c) 2004-2006, Novascope S.A. and the JOSSO team
+ ~ All rights reserved.
+ ~ Redistribution and use in source and binary forms, with or
+ ~ without modification, are permitted provided that the following
+ ~ conditions are met:
+ ~
+ ~ * Redistributions of source code must retain the above copyright
+ ~ notice, this list of conditions and the following disclaimer.
+ ~
+ ~ * Redistributions in binary form must reproduce the above copyright
+ ~ notice, this list of conditions and the following disclaimer in
+ ~ the documentation and/or other materials provided with the
+ ~ distribution.
+ ~
+ ~ * Neither the name of the JOSSO team nor the names of its
+ ~ contributors may be used to endorse or promote products derived
+ ~ from this software without specific prior written permission.
+ ~
+ ~ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ ~ CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ ~ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ ~ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ ~ DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+ ~ BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ ~ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ ~ TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ ~ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ ~ ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ ~ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ ~ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ ~ POSSIBILITY OF SUCH DAMAGE.
+ --%>
+
+<%@page contentType="text/html; charset=iso-8859-1" language="java" session="true" %>
+<!--
+Redirects the user to the propper login page. Configured as the login url the web.xml for this application.
+-->
+<%
+ response.sendRedirect(request.getContextPath() + "/josso_login/");
+%>
Added: jboss-portal/modules/identity/1.0.0-SNAPSHOT/resources/josso_josso-agent-config.xml
===================================================================
--- jboss-portal/modules/identity/1.0.0-SNAPSHOT/resources/josso_josso-agent-config.xml (rev 0)
+++ jboss-portal/modules/identity/1.0.0-SNAPSHOT/resources/josso_josso-agent-config.xml 2007-09-04 10:10:08 UTC (rev 1196)
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="ISO-8859-1" ?>
+<agent>
+ <class>org.josso.jb4.agent.JBossCatalinaSSOAgent</class>
+ <gatewayLoginUrl>http://localhost:8080/josso/signon/login.do</gatewayLoginUrl>
+ <gatewayLogoutUrl>http://localhost:8080/josso/signon/logout.do</gatewayLogoutUrl>
+ <service-locator>
+ <class>org.josso.gateway.WebserviceGatewayServiceLocator</class>
+ <endpoint>localhost:8080</endpoint>
+ </service-locator>
+ <partner-apps>
+ <partner-app>
+ <context>/portal</context>
+ </partner-app>
+ <!-- used for testing purposes -->
+ <partner-app>
+ <context>/portal2</context>
+ </partner-app>
+ </partner-apps>
+</agent>
Added: jboss-portal/modules/identity/1.0.0-SNAPSHOT/resources/josso_josso-config.xml
===================================================================
--- jboss-portal/modules/identity/1.0.0-SNAPSHOT/resources/josso_josso-config.xml (rev 0)
+++ jboss-portal/modules/identity/1.0.0-SNAPSHOT/resources/josso_josso-config.xml 2007-09-04 10:10:08 UTC (rev 1196)
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="ISO-8859-1" ?>
+<configuration>
+ <hierarchicalXml fileName="josso-agent-config.xml"/>
+</configuration>
Added: jboss-portal/modules/identity/1.0.0-SNAPSHOT/resources/josso_josso-gateway-config.xml
===================================================================
--- jboss-portal/modules/identity/1.0.0-SNAPSHOT/resources/josso_josso-gateway-config.xml (rev 0)
+++ jboss-portal/modules/identity/1.0.0-SNAPSHOT/resources/josso_josso-gateway-config.xml 2007-09-04 10:10:08 UTC (rev 1196)
@@ -0,0 +1,569 @@
+<?xml version="1.0" encoding="ISO-8859-1" ?>
+<!--
+ ~ Copyright (c) 2004-2006, Novascope S.A. and the JOSSO team
+ ~ All rights reserved.
+ ~ Redistribution and use in source and binary forms, with or
+ ~ without modification, are permitted provided that the following
+ ~ conditions are met:
+ ~
+ ~ * Redistributions of source code must retain the above copyright
+ ~ notice, this list of conditions and the following disclaimer.
+ ~
+ ~ * Redistributions in binary form must reproduce the above copyright
+ ~ notice, this list of conditions and the following disclaimer in
+ ~ the documentation and/or other materials provided with the
+ ~ distribution.
+ ~
+ ~ * Neither the name of the JOSSO team nor the names of its
+ ~ contributors may be used to endorse or promote products derived
+ ~ from this software without specific prior written permission.
+ ~
+ ~ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ ~ CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ ~ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ ~ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ ~ DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+ ~ BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ ~ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ ~ TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ ~ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ ~ ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ ~ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ ~ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ ~ POSSIBILITY OF SUCH DAMAGE.
+ -->
+
+<domain>
+ <name>JOSSO</name>
+ <type>web</type>
+
+ <!--sso-web-config-->
+
+ <!-- Optional : The URL where the user will be redirected after a successfull login only if josso_back_to request parameter
+ is not present when accessing the login url
+ <loginBackToURL>http://localhost:8080/partnerapp/protected/</loginBackToURL>
+ -->
+
+ <!-- Optional : The URL where the user will be redirected after a logout only if josso_back_to is not present
+ when accessing the logout url
+ <logoutBackToURL>http://localhost:8080/partnerapp/protected/</logoutBackToURL>
+ -->
+
+ <!-- Session token properties -->
+ <!--session-token-->
+
+ <!-- Optional : Use a secure session token, a secure channel like SSL must be available for this to work
+ <secure>false</secure>
+ -->
+
+
+ <!--/session-token-->
+
+ <!--/sso-web-config-->
+
+ <authenticator>
+ <class>org.josso.auth.AuthenticatorImpl</class>
+ <authentication-schemes>
+ <!-- Basic Authentication Scheme -->
+ <authentication-scheme>
+ <name>basic-authentication</name>
+ <class>org.josso.auth.scheme.BindUsernamePasswordAuthScheme</class>
+
+ <!--
+ The message digest algorithm to be used when hashing passwords.
+ This must be an algorithm supported by the java.security.MessageDigest class
+ on your platform.
+
+ In J2SE 1.4.2 you can check :
+ Java Cryptography Architecture API Specification & Reference - Apendix B : Algorithms
+ Values are : MD2, MD5, SHA-1, SHA-256, SHA-384, SHA-512,etc.
+
+ To provide LDAP support, also CRYPT is available.
+ -->
+ <!--
+ <hashAlgorithm>MD5</hashAlgorithm>
+ -->
+
+ <!-- Supported values are HEX, BASE64. Mandatory if hashAlgorithm was specified -->
+ <!--
+ <hashEncoding>HEX</hashEncoding>
+ -->
+
+ <!-- Some hash algorithms, like CRYPT, use this property. The default value is 2.
+ <saltLength>2</saltLength>
+ -->
+
+ <!--
+ <ignorePasswordCase>false</ignorePasswordCase>
+ <ignoreUserCase>false</ignoreUserCase>
+ -->
+ <!-- ========================================================= -->
+ <!-- JDBC Credential Store -->
+ <!-- -->
+ <!-- Always scape comma chars [,] in queries because -->
+ <!-- jakarta commons-configuration uses them to define arrays. -->
+ <!-- ========================================================= -->
+ <!--
+ <credential-store>
+ <class>org.josso.gateway.identity.service.store.db.JDBCIdentityStore</class>
+
+ <credentialsQueryString>
+
+ SELECT login AS username , password AS password FROM josso_user WHERE login = ?
+
+ </credentialsQueryString>
+ <connectionName>josso</connectionName>
+ <connectionPassword>josso</connectionPassword>
+ <connectionURL>jdbc:oracle:thin:@localhost:1521:josso_db</connectionURL>
+ <driverName>oracle.jdbc.driver.OracleDriver</driverName>
+ </credential-store>
+ <credential-store>
+ <class>org.josso.gateway.identity.service.store.db.DataSourceIdentityStore</class>
+
+ <credentialsQueryString>SELECT login AS username , password AS password FROM josso_user WHERE login = ?</credentialsQueryString>
+ <dsJndiName>java:jdbc/JossoSamplesDB</dsJndiName>
+ </credential-store>
+ -->
+
+ <!-- =============================================================== -->
+ <!-- LDAP Credential Store -->
+ <!-- -->
+ <!-- Chcek javadoc for configuration details : -->
+ <!-- org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore -->
+ <!-- =============================================================== -->
+ <!--
+ <credential-store>
+ <class>org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore</class>
+ <initialContextFactory>com.sun.jndi.ldap.LdapCtxFactory</initialContextFactory>
+ <providerUrl>ldap://ldaphost</providerUrl>
+ <securityPrincipal>cn=Manager,dc=my-domain,dc=com</securityPrincipal>
+ <securityCredential>secret</securityCredential>
+ <securityAuthentication>simple</securityAuthentication>
+ <ldapSearchScope>SUBTREE</ldapSearchScope>
+ <usersCtxDN>ou=People,dc=my-domain,dc=com</usersCtxDN>
+ <principalUidAttributeID>uid</principalUidAttributeID>
+ <rolesCtxDN>ou=Roles,dc=my-domain,dc=com</rolesCtxDN>
+ <uidAttributeID>uniquemember</uidAttributeID>
+ <roleAttributeID>cn</roleAttributeID>
+ <credentialQueryString>uid=username,userPassword=password</credentialQueryString>
+ <userPropertiesQueryString>mail=mail,cn=description</userPropertiesQueryString>
+ </credential-store>
+ -->
+
+ <!-- ================================================= -->
+ <!-- Memory Credential Store -->
+ <!-- ================================================= -->
+ <!--
+ <credential-store>
+ <class>org.josso.gateway.identity.service.store.MemoryIdentityStore</class>
+ <credentialsFileName>josso-credentials.xml</credentialsFileName>
+ </credential-store>
+ -->
+
+ <!-- ================================================= -->
+ <!-- JBoss Portal Credential Store -->
+ <!-- ================================================= -->
+ <credential-store>
+ <class>org.jboss.portal.identity.auth.JOSSOIdentityStore</class>
+ </credential-store>
+
+
+
+ <!-- ================================================= -->
+ <!-- Credential Store Key adapter -->
+ <!-- ================================================= -->
+ <credential-store-key-adapter>
+ <class>org.josso.gateway.identity.service.store.SimpleIdentityStoreKeyAdapter</class>
+ </credential-store-key-adapter>
+
+ </authentication-scheme>
+
+ <!-- Strong Authentication Scheme -->
+ <authentication-scheme>
+ <name>strong-authentication</name>
+ <class>org.josso.auth.scheme.X509CertificateAuthScheme</class>
+
+ <!-- ========================================================= -->
+ <!-- JDBC Credential Store -->
+ <!-- -->
+ <!-- Always scape comma chars [,] in queries because -->
+ <!-- jakarta commons-configuration uses them to define arrays. -->
+ <!-- ========================================================= -->
+ <!--
+ <credential-store>
+ <class>org.josso.gateway.identity.service.store.db.JDBCIdentityStore</class>
+
+ <credentialsQueryString>
+
+ SELECT login AS username , password AS password FROM josso_user WHERE login = ?
+
+ </credentialsQueryString>
+ <connectionName>josso</connectionName>
+ <connectionPassword>josso</connectionPassword>
+ <connectionURL>jdbc:oracle:thin:@localhost:1521:josso_db</connectionURL>
+ <driverName>oracle.jdbc.driver.OracleDriver</driverName>
+ </credential-store>
+ -->
+
+ <!-- =============================================================== -->
+ <!-- LDAP Credential Store -->
+ <!-- -->
+ <!-- Chcek javadoc for configuration details : -->
+ <!-- org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore -->
+ <!-- =============================================================== -->
+ <!--
+ <credential-store>
+ <class>org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore</class>
+ <initialContextFactory>com.sun.jndi.ldap.LdapCtxFactory</initialContextFactory>
+ <providerUrl>ldap://ldaphost</providerUrl>
+ <securityPrincipal>cn=Manager,dc=my-domain,dc=com</securityPrincipal>
+ <securityCredential>secret</securityCredential>
+ <securityAuthentication>simple</securityAuthentication>
+ <ldapSearchScope>SUBTREE</ldapSearchScope>
+ <usersCtxDN>ou=People,dc=my-domain,dc=com</usersCtxDN>
+ <principalUidAttributeID>uid</principalUidAttributeID>
+ <rolesCtxDN>ou=Roles,dc=my-domain,dc=com</rolesCtxDN>
+ <uidAttributeID>uniquemember</uidAttributeID>
+ <roleAttributeID>cn</roleAttributeID>
+ <credentialQueryString>uid=username,userCertificate;binary=userCertificate</credentialQueryString>
+ <userPropertiesQueryString>mail=mail,cn=description</userPropertiesQueryString>
+ </credential-store>
+ -->
+
+ <!-- ================================================= -->
+ <!-- Memory Credential Store -->
+ <!-- ================================================= -->
+ <credential-store>
+ <class>org.josso.gateway.identity.service.store.MemoryIdentityStore</class>
+ <credentialsFileName>josso-credentials.xml</credentialsFileName>
+ </credential-store>
+
+ <!-- ================================================= -->
+ <!-- Credential Store Key adapter -->
+ <!-- ================================================= -->
+ <credential-store-key-adapter>
+ <class>org.josso.gateway.identity.service.store.SimpleIdentityStoreKeyAdapter</class>
+ </credential-store-key-adapter>
+
+ </authentication-scheme>
+ </authentication-schemes>
+ </authenticator>
+
+ <sso-identity-manager>
+
+ <class>org.josso.gateway.identity.service.SSOIdentityManagerImpl</class>
+
+ <!-- ========================================================= -->
+ <!-- DataSource Identity Store -->
+ <!-- -->
+ <!-- Always scape comma chars [,] in queries because -->
+ <!-- jakarta commons-configuration uses them to define arrays. -->
+ <!-- ========================================================= -->
+ <!--
+ <sso-identity-store>
+ <class>org.josso.gateway.identity.service.store.db.DataSourceIdentityStore</class>
+
+ <userQueryString>
+ SELECT login FROM josso_user WHERE login = ?
+ </userQueryString>
+
+ <userPropertiesQueryString>
+ SELECT 'user.description' AS name , description AS value FROM josso_user WHERE login = ?
+ UNION
+ SELECT name AS name , value AS value FROM josso_user_property WHERE login = ?
+ </userPropertiesQueryString>
+
+ <rolesQueryString>
+ SELECT josso_role.name FROM josso_role , josso_user_role , josso_user WHERE josso_user.login = ? AND josso_user.login = josso_user_role.login AND josso_role.name = josso_user_role.name
+ </rolesQueryString>
+
+ <dsJndiName>java:jdbc/JossoSamplesDB</dsJndiName>
+ </sso-identity-store>
+ -->
+ <!-- ========================================================= -->
+ <!-- JDBC Identity Store -->
+ <!-- -->
+ <!-- Always scape comma chars [,] in queries because -->
+ <!-- jakarta commons-configuration uses them to define arrays. -->
+ <!-- ========================================================= -->
+
+ <!--sso-identity-store>
+ <class>org.josso.gateway.identity.service.store.db.JDBCIdentityStore</class>
+
+ <userQueryString>
+ SELECT login FROM josso_user WHERE login = ?
+ </userQueryString>
+
+ You could use a UNION to select properties from different tables/columns :
+ SELECT 'user.lastName' AS name , lastName AS value FROM josso_user WHERE login = ?
+ UNION
+ SELECT 'user.name' AS name , name AS value FROM josso_user WHERE login = ?
+ UNION
+ SELECT name AS name , value AS value FROM josso_user_properties WHERE login = ?
+
+ <userPropertiesQueryString>
+ SELECT 'user.description' AS name , description AS value FROM josso_user WHERE login = ?
+ UNION
+ SELECT name AS name , value AS value FROM josso_user_property WHERE login = ?
+ </userPropertiesQueryString>
+ <rolesQueryString>
+ SELECT josso_role.name FROM josso_role , josso_user_role , josso_user WHERE josso_user.login = ? AND josso_user.login = josso_user_role.login AND josso_role.name = josso_user_role.name
+ </rolesQueryString>
+ <connectionName>josso</connectionName>
+ <connectionPassword>josso</connectionPassword>
+ <connectionURL>jdbc:oracle:thin:@localhost:1521:josso_db</connectionURL>
+ <driverName>oracle.jdbc.driver.OracleDriver</driverName>
+ </sso-identity-store-->
+
+ <!-- =============================================================== -->
+ <!-- LDAP Identity Store -->
+ <!-- -->
+ <!-- Chcek javadoc for configuration details : -->
+ <!-- org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore -->
+ <!-- ================================================= -->
+ <!--
+ <sso-identity-store>
+ <class>org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore</class>
+ <initialContextFactory>com.sun.jndi.ldap.LdapCtxFactory</initialContextFactory>
+ <providerUrl>ldap://ldaphost</providerUrl>
+ <securityPrincipal>cn=Manager,dc=my-domain,dc=com</securityPrincipal>
+ <securityCredential>secret</securityCredential>
+ <securityAuthentication>simple</securityAuthentication>
+ <ldapSearchScope>SUBTREE</ldapSearchScope>
+ <usersCtxDN>ou=People,dc=my-domain,dc=com</usersCtxDN>
+ <principalUidAttributeID>uid</principalUidAttributeID>
+ <rolesCtxDN>ou=Roles,dc=my-domain,dc=com</rolesCtxDN>
+ <uidAttributeID>uniquemember</uidAttributeID>
+ <roleAttributeID>cn</roleAttributeID>
+ <credentialQueryString>uid=username,userPassword=password</credentialQueryString>
+ <userPropertiesQueryString>mail=mail,cn=description</userPropertiesQueryString>
+ </sso-identity-store>
+ -->
+
+ <!-- ================================================= -->
+ <!-- Memory Identity Store -->
+ <!-- ================================================= -->
+ <!--
+ <sso-identity-store>
+ <class>org.josso.gateway.identity.service.store.MemoryIdentityStore</class>
+ <usersFileName>josso-users.xml</usersFileName>
+ </sso-identity-store>
+ -->
+
+ <!-- ================================================= -->
+ <!-- JBoss Portal Credential Store -->
+ <!-- ================================================= -->
+ <sso-identity-store>
+ <class>org.jboss.portal.identity.auth.JOSSOIdentityStore</class>
+ </sso-identity-store>
+
+ <!-- ================================================= -->
+ <!-- Identity Store Key adapter -->
+ <!-- ================================================= -->
+ <sso-identity-store-key-adapter>
+ <class>org.josso.gateway.identity.service.store.SimpleIdentityStoreKeyAdapter</class>
+ </sso-identity-store-key-adapter>
+
+ </sso-identity-manager>
+
+ <sso-session-manager>
+
+ <class>org.josso.gateway.session.service.SSOSessionManagerImpl</class>
+
+ <!--
+ Set the maximum time interval, in minutes, between client requests before the SSO Service will invalidate
+ the session. A negative time indicates that the session should never time out.
+ -->
+ <maxInactiveInterval>30</maxInactiveInterval>
+
+ <!-- Max number of sessions per user, default 1
+ A negative value indicates that an unlimited number of sessions per user is allowed.
+ -->
+ <maxSessionsPerUser>-1</maxSessionsPerUser>
+ <!--
+ If true, when the max number of sessions per user is exceeded,
+ an already existing session will be invalidated to create a new one.
+ If false, when the max number of sessions per user is exceeded,
+ an exception is thrown and the new session is not created.
+ -->
+ <invalidateExceedingSessions>false</invalidateExceedingSessions>
+
+
+ <!--
+ Time interval, in milliseconds, between exired sessions cleanup.
+ -->
+ <sessionMonitorInterval>10000</sessionMonitorInterval>
+
+ <!-- =================================================================== -->
+ <!-- Serialized Session Store -->
+ <!-- -->
+ <!-- Session Store implementation which uses Java Serialization to -->
+ <!-- persist Single Sign-On user sessions. -->
+ <!-- It allows to reconstruct the session state after a system shutdown. -->
+ <!-- =================================================================== -->
+ <!--
+ <sso-session-store>
+ <class>org.josso.gateway.session.service.store.SerializedSessionStore</class>
+ file where serialized sessions will be stored (optional)
+ <serializedFile>/tmp/josso_sessions.ser</serializedFile>
+ </sso-session-store>
+ -->
+
+
+ <!-- =============================================================== -->
+ <!-- DataSource Session Store -->
+ <!-- -->
+ <!-- This store persists SSO sessions in a RDBMS, it's usefull for -->
+ <!-- example when multiple SSO servers must share session information-->
+ <!-- like in a cluster. -->
+ <!-- -->
+ <!-- NOTE :Remember to escape spetial chars like < with < , etc -->
+ <!-- -->
+ <!-- -->
+ <!-- Chcek javadoc for configuration details : -->
+ <!-- org.josso.gateway.session.service.store.db.DataSourceSessionStore -->
+ <!-- =============================================================== -->
+ <!--
+ <sso-session-store>
+
+ <class>org.josso.gateway.session.service.store.db.DataSourceSessionStore</class>
+
+ <dsJndiName>java:jdbc/JossoSamplesDB</dsJndiName>
+
+ <sizeQuery>SELECT COUNT(*) FROM JOSSO_SESSION</sizeQuery>
+ <keysQuery>SELECT session_id FROM JOSSO_SESSION</keysQuery>
+ <loadAllQuery>SELECT session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION</loadAllQuery>
+ <loadQuery>SELECT session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE session_id = ?</loadQuery>
+ <loadByUserNameQuery>SELECT session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE username = ?</loadByUserNameQuery>
+
+ <loadByLastAccessTimeQuery>SELECT session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE last_access_time < ?</loadByLastAccessTimeQuery>
+ <loadByValidQuery>SELECT session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE valid = ?</loadByValidQuery>
+ <deleteDml>DELETE FROM JOSSO_SESSION WHERE session_id = ?</deleteDml>
+ <deleteAllDml>DELETE FROM JOSSO_SESSION</deleteAllDml>
+ <insertDml>INSERT INTO JOSSO_SESSION (session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid) VALUES (?, ?, ?, ?, ?, ?, ?) </insertDml>
+
+ <dsJndiName>java:jdbc/JossoSamplesDB</dsJndiName>
+
+ </sso-session-store>
+ -->
+
+ <!-- =============================================================== -->
+ <!-- Jdbc Session Store -->
+ <!-- -->
+ <!-- This store persists SSO sessions in a RDBMS, it's usefull for -->
+ <!-- example when multiple SSO servers must share session information-->
+ <!-- like in a cluster. -->
+ <!-- -->
+ <!-- NOTE :Remember to escape spetial chars like < with < , etc -->
+ <!-- -->
+ <!-- Chcek javadoc for configuration details : -->
+ <!-- org.josso.gateway.session.service.store.db.JdbcSessionStore -->
+ <!-- =============================================================== -->
+ <!--
+ <sso-session-store>
+
+ <class>org.josso.gateway.session.service.store.db.JdbcSessionStore</class>
+
+ <connectionName>josso</connectionName>
+ <connectionPassword>josso</connectionPassword>
+ <connectionURL>jdbc:oracle:thin:@localhost:1521:josso_db</connectionURL>
+ <driverName>oracle.jdbc.driver.OracleDriver</driverName>
+
+ <sizeQuery>SELECT COUNT(*) FROM JOSSO_SESSION</sizeQuery>
+ <keysQuery>SELECT session_id FROM JOSSO_SESSION</keysQuery>
+ <loadAllQuery>SELECT session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION</loadAllQuery>
+ <loadQuery>SELECT session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE session_id = ?</loadQuery>
+ <loadByUserNameQuery>SELECT session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE username = ?</loadByUserNameQuery>
+
+ <loadByLastAccessTimeQuery>SELECT session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE last_access_time < ?</loadByLastAccessTimeQuery>
+ <loadByValidQuery>SELECT session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE valid = ?</loadByValidQuery>
+ <deleteDml>DELETE FROM JOSSO_SESSION WHERE session_id = ?</deleteDml>
+ <deleteAllDml>DELETE FROM JOSSO_SESSION</deleteAllDml>
+ <insertDml>INSERT INTO JOSSO_SESSION (session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid) VALUES (?, ?, ?, ?, ?, ?, ?) </insertDml>
+
+ </sso-session-store>
+ -->
+
+
+ <!-- =============================================================== -->
+ <!-- Memory Session Store -->
+ <!-- =============================================================== -->
+ <sso-session-store>
+ <class>org.josso.gateway.session.service.store.MemorySessionStore</class>
+ </sso-session-store>
+
+ <sso-session-id-generator>
+
+ <class>org.josso.gateway.session.service.SessionIdGeneratorImpl</class>
+ <!--
+ The message digest algorithm to be used when generating session
+ identifiers. This must be an algorithm supported by the
+ java.security.MessageDigest class on your platform.
+
+ In J2SE 1.4.2 you can check :
+ Java Cryptography Architecture API Specification & Reference - Apendix A : Standard Names
+ Values are : MD2, MD5, SHA-1, SHA-256, SHA-384, SHA-512
+ -->
+ <algorithm>MD5</algorithm>
+
+ </sso-session-id-generator>
+
+ </sso-session-manager>
+
+ <!-- SSO Audit Manager compoment -->
+ <sso-audit-manager>
+ <class>org.josso.gateway.audit.service.SSOAuditManagerImpl</class>
+
+ <!--
+ List of handlers that will process this request
+ Every handler must have its own unique name.
+ -->
+ <handlers>
+
+ <!-- This handler logs all audit trails using Log4J, under the given category -->
+ <handler>
+ <class>org.josso.gateway.audit.service.handler.LoggerAuditTrailHandler</class>
+ <name>LoggerAuditTrailHandler</name>
+ <category>org.josso.gateway.audit.SSO_AUDIT</category>
+ </handler>
+
+ <!--
+ <handler>
+ <class>MyOtherHandler</class>
+ <name>MyOhterHandlerName</name>
+ <myProperty>value</myProperty>
+ </handler>
+ -->
+
+ </handlers>
+ </sso-audit-manager>
+
+ <!-- SSO Event Manager component -->
+ <sso-event-manager>
+ <class>org.josso.gateway.event.security.JMXSSOEventManagerImpl</class>
+ <!--
+ JMX Name of the EventManager MBean that will send SSO Events as JMX Notifications
+ The MBean will be registered by the MBeanComponentKeeper.
+ -->
+ <oname>josso:type=SSOEventManager</oname>
+ <!-- You can add your own listeners here : -->
+ <!-- Every listener should have a unique name -->
+
+ <!--
+ <listeners>
+ <listener>
+ <class>com.myCompany.MyEventListener</class>
+ <name>MyEventListener</name>
+ <property1>MyListenerProperty1Value</property1>
+ </listener>
+ <listener>
+ <class>com.myCompany.MyOtherEventListener</class>
+ <name>MyOtherEventListener</name>
+ <propertyA>MyOtherListenerPropertyAValue</propertyA>
+ </listener>
+ </listeners>
+ -->
+
+ </sso-event-manager>
+
+</domain>
Added: jboss-portal/modules/identity/1.0.0-SNAPSHOT/resources/josso_login-config.xml
===================================================================
--- jboss-portal/modules/identity/1.0.0-SNAPSHOT/resources/josso_login-config.xml (rev 0)
+++ jboss-portal/modules/identity/1.0.0-SNAPSHOT/resources/josso_login-config.xml 2007-09-04 10:10:08 UTC (rev 1196)
@@ -0,0 +1,165 @@
+<?xml version='1.0'?>
+<!DOCTYPE policy PUBLIC
+ "-//JBoss//DTD JBOSS Security Config 3.0//EN"
+ "http://www.jboss.org/j2ee/dtd/security_config.dtd">
+
+<!-- The XML based JAAS login configuration read by the
+org.jboss.security.auth.login.XMLLoginConfig mbean. Add
+an application-policy element for each security domain.
+
+The outline of the application-policy is:
+<application-policy name="security-domain-name">
+ <authentication>
+ <login-module code="login.module1.class.name" flag="control_flag">
+ <module-option name = "option1-name">option1-value</module-option>
+ <module-option name = "option2-name">option2-value</module-option>
+ ...
+ </login-module>
+
+ <login-module code="login.module2.class.name" flag="control_flag">
+ ...
+ </login-module>
+ ...
+ </authentication>
+</application-policy>
+
+-->
+
+<policy>
+ <!-- Used by clients within the application server VM such as
+ mbeans and servlets that access EJBs.
+ -->
+ <application-policy name = "client-login">
+ <authentication>
+ <login-module code = "org.jboss.security.ClientLoginModule"
+ flag = "required">
+ <!-- Any existing security context will be restored on logout -->
+ <module-option name="restore-login-identity">true</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- Security domain for JBossMQ -->
+ <application-policy name = "jbossmq">
+ <authentication>
+ <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
+ flag = "required">
+ <module-option name = "unauthenticatedIdentity">guest</module-option>
+ <module-option name = "dsJndiName">java:/DefaultDS</module-option>
+ <module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option>
+ <module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- Security domain for JBossMQ when using file-state-service.xml
+ <application-policy name = "jbossmq">
+ <authentication>
+ <login-module code = "org.jboss.mq.sm.file.DynamicLoginModule"
+ flag = "required">
+ <module-option name = "unauthenticatedIdentity">guest</module-option>
+ <module-option name = "sm.objectname">jboss.mq:service=StateManager</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+ -->
+
+ <!-- Security domains for testing new jca framework -->
+ <application-policy name = "HsqlDbRealm">
+ <authentication>
+ <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
+ flag = "required">
+ <module-option name = "principal">sa</module-option>
+ <module-option name = "userName">sa</module-option>
+ <module-option name = "password"></module-option>
+ <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <application-policy name = "JmsXARealm">
+ <authentication>
+ <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
+ flag = "required">
+ <module-option name = "principal">guest</module-option>
+ <module-option name = "userName">guest</module-option>
+ <module-option name = "password">guest</module-option>
+ <module-option name = "managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- A template configuration for the jmx-console web application. This
+ defaults to the UsersRolesLoginModule the same as other and should be
+ changed to a stronger authentication mechanism as required.
+ -->
+ <application-policy name = "jmx-console">
+ <authentication>
+ <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
+ flag = "required">
+ <module-option name="usersProperties">props/jmx-console-users.properties</module-option>
+ <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- A template configuration for the web-console web application. This
+ defaults to the UsersRolesLoginModule the same as other and should be
+ changed to a stronger authentication mechanism as required.
+ -->
+ <application-policy name = "$webConsoleDomain">
+ <authentication>
+ <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
+ flag = "required">
+ <module-option name="usersProperties">web-console-users.properties</module-option>
+ <module-option name="rolesProperties">web-console-roles.properties</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- A template configuration for the JBossWS web application (and transport layer!).
+ This defaults to the UsersRolesLoginModule the same as other and should be
+ changed to a stronger authentication mechanism as required.
+ -->
+ <application-policy name="JBossWS">
+ <authentication>
+ <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
+ flag="required">
+ <module-option name="usersProperties">props/jbossws-users.properties</module-option>
+ <module-option name="rolesProperties">props/jbossws-roles.properties</module-option>
+ <module-option name="unauthenticatedIdentity">anonymous</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- The default login configuration used by any security domain that
+ does not have a application-policy entry with a matching name
+ -->
+ <application-policy name = "other">
+ <!-- A simple server login module, which can be used when the number
+ of users is relatively small. It uses two properties files:
+ users.properties, which holds users (key) and their password (value).
+ roles.properties, which holds users (key) and a comma-separated list of
+ their roles (value).
+ The unauthenticatedIdentity property defines the name of the principal
+ that will be used when a null username and password are presented as is
+ the case for an unuathenticated web client or MDB. If you want to
+ allow such users to be authenticated add the property, e.g.,
+ unauthenticatedIdentity="nobody"
+ -->
+ <authentication>
+ <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
+ flag = "required" />
+ </authentication>
+ </application-policy>
+
+ <!-- JOSSO JAAS Module configuration -->
+ <application-policy name = "josso">
+ <authentication>
+ <login-module code = "org.jboss.portal.identity.auth.JOSSOLoginModule"
+ flag = "required">
+ <module-option name="debug">true</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+</policy>
Added: jboss-portal/modules/identity/1.0.0-SNAPSHOT/resources/josso_login.jsp
===================================================================
--- jboss-portal/modules/identity/1.0.0-SNAPSHOT/resources/josso_login.jsp (rev 0)
+++ jboss-portal/modules/identity/1.0.0-SNAPSHOT/resources/josso_login.jsp 2007-09-04 10:10:08 UTC (rev 1196)
@@ -0,0 +1,41 @@
+<%--
+ ~ Copyright (c) 2004-2006, Novascope S.A. and the JOSSO team
+ ~ All rights reserved.
+ ~ Redistribution and use in source and binary forms, with or
+ ~ without modification, are permitted provided that the following
+ ~ conditions are met:
+ ~
+ ~ * Redistributions of source code must retain the above copyright
+ ~ notice, this list of conditions and the following disclaimer.
+ ~
+ ~ * Redistributions in binary form must reproduce the above copyright
+ ~ notice, this list of conditions and the following disclaimer in
+ ~ the documentation and/or other materials provided with the
+ ~ distribution.
+ ~
+ ~ * Neither the name of the JOSSO team nor the names of its
+ ~ contributors may be used to endorse or promote products derived
+ ~ from this software without specific prior written permission.
+ ~
+ ~ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ ~ CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ ~ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ ~ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ ~ DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+ ~ BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ ~ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ ~ TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ ~ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ ~ ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ ~ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ ~ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ ~ POSSIBILITY OF SUCH DAMAGE.
+ --%>
+
+<%@page contentType="text/html; charset=iso-8859-1" language="java" session="true" %>
+<!--
+Redirects the user to the propper login page. Configured as the login url the web.xml for this application.
+-->
+<%
+ response.sendRedirect(request.getContextPath() + "/josso_login/");
+%>
Added: jboss-portal/modules/identity/1.0.0-SNAPSHOT/resources/josso_server.xml
===================================================================
--- jboss-portal/modules/identity/1.0.0-SNAPSHOT/resources/josso_server.xml (rev 0)
+++ jboss-portal/modules/identity/1.0.0-SNAPSHOT/resources/josso_server.xml 2007-09-04 10:10:08 UTC (rev 1196)
@@ -0,0 +1,178 @@
+<Server>
+
+ <!-- Use a custom version of StandardService that allows the
+ connectors to be started independent of the normal lifecycle
+ start to allow web apps to be deployed before starting the
+ connectors.
+ -->
+ <Service name="jboss.web"
+ className="org.jboss.web.tomcat.tc5.StandardService">
+
+ <!-- A HTTP/1.1 Connector on port 8080 -->
+ <Connector port="8080" address="${jboss.bind.address}"
+ maxThreads="250" strategy="ms" maxHttpHeaderSize="8192"
+ emptySessionPath="true"
+ enableLookups="false" redirectPort="8443" acceptCount="100"
+ connectionTimeout="20000" disableUploadTimeout="true"/>
+
+ <!-- Add this option to the connector to avoid problems with
+ .NET clients that don't implement HTTP/1.1 correctly
+ restrictedUserAgents="^.*MS Web Services Client Protocol 1.1.4322.*$"
+ -->
+
+ <!-- A AJP 1.3 Connector on port 8009 -->
+ <Connector port="8009" address="${jboss.bind.address}"
+ emptySessionPath="true" enableLookups="false" redirectPort="8443"
+ protocol="AJP/1.3"/>
+
+ <!-- SSL/TLS Connector configuration using the admin devl guide keystore
+ <Connector port="8443" address="${jboss.bind.address}"
+ maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
+ emptySessionPath="true"
+ scheme="https" secure="true" clientAuth="false"
+ keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore"
+ keystorePass="rmi+ssl" sslProtocol = "TLS" />
+ -->
+
+ <Engine name="jboss.web" defaultHost="localhost">
+
+ <!-- The JAAS based authentication and authorization realm implementation
+ that is compatible with the jboss 3.2.x realm implementation.
+ - certificatePrincipal : the class name of the
+ org.jboss.security.auth.certs.CertificatePrincipal impl
+ used for mapping X509[] cert chains to a Princpal.
+ - allRolesMode : how to handle an auth-constraint with a role-name=*,
+ one of strict, authOnly, strictAuthOnly
+ + strict = Use the strict servlet spec interpretation which requires
+ that the user have one of the web-app/security-role/role-name
+ + authOnly = Allow any authenticated user
+ + strictAuthOnly = Allow any authenticated user only if there are no
+ web-app/security-roles
+ -->
+ <!--
+ <Realm className="org.jboss.web.tomcat.security.JBossSecurityMgrRealm"
+ certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
+ allRolesMode="authOnly"
+ />
+ -->
+
+ <!-- A subclass of JBossSecurityMgrRealm that uses the authentication
+ behavior of JBossSecurityMgrRealm, but overrides the authorization
+ checks to use JACC permissions with the current java.security.Policy
+ to determine authorized access.
+ - allRolesMode : how to handle an auth-constraint with a role-name=*,
+ one of strict, authOnly, strictAuthOnly
+ + strict = Use the strict servlet spec interpretation which requires
+ that the user have one of the web-app/security-role/role-name
+ + authOnly = Allow any authenticated user
+ + strictAuthOnly = Allow any authenticated user only if there are no
+ web-app/security-roles
+ <Realm className="org.jboss.web.tomcat.security.JaccAuthorizationRealm"
+ certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
+ allRolesMode="authOnly"
+ />
+ -->
+
+ <!-- Integrating the JOSSO realm -->
+ <Realm className="org.josso.jb4.agent.JBossCatalinaRealm"
+ appName="josso"
+ userClassNames="org.josso.gateway.identity.service.BaseUserImpl"
+ roleClassNames="org.josso.gateway.identity.service.BaseRoleImpl"
+ debug="1" />
+
+ <Host name="localhost"
+ autoDeploy="false" deployOnStartup="false" deployXML="false">
+
+ <!-- UNCOMMENT TO ENABLE CUSTOMIZATION OF TOMCAT AUTHENTICATORS
+ <Host name="localhost"
+ autoDeploy="false" deployOnStartup="false" deployXML="false"
+ configClass="org.jboss.web.tomcat.security.config.JBossContextConfig">
+ -->
+
+
+ <!-- Uncomment to enable request dumper. This Valve "logs interesting
+ contents from the specified Request (before processing) and the
+ corresponding Response (after processing). It is especially useful
+ in debugging problems related to headers and cookies."
+ -->
+ <!--
+ <Valve className="org.apache.catalina.valves.RequestDumperValve" />
+ -->
+
+ <!-- Access logger -->
+ <!--
+ <Valve className="org.apache.catalina.valves.FastCommonAccessLogValve"
+ prefix="localhost_access_log." suffix=".log"
+ pattern="common" directory="${jboss.server.home.dir}/log"
+ resolveHosts="false" />
+ -->
+
+ <!-- Uncomment to enable single sign-on across web apps
+ deployed to this host. Does not provide SSO across a cluster.
+
+ If this valve is used, do not use the JBoss ClusteredSingleSignOn
+ valve shown below.
+
+ A new configuration attribute is available beginning with
+ release 4.0.4:
+
+ cookieDomain configures the domain to which the SSO cookie
+ will be scoped (i.e. the set of hosts to
+ which the cookie will be presented). By default
+ the cookie is scoped to "/", meaning the host
+ that presented it. Set cookieDomain to a
+ wider domain (e.g. "xyz.com") to allow an SSO
+ to span more than one hostname.
+ -->
+ <!--
+ <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
+ -->
+
+ <!-- Uncomment to enable single sign-on across web apps
+ deployed to this host AND to all other hosts in the cluster.
+
+ If this valve is used, do not use the standard Tomcat SingleSignOn
+ valve shown above.
+
+ Valve uses a JBossCache instance to support SSO credential
+ caching and replication across the cluster. The JBossCache
+ instance must be configured separately. By default, the valve
+ shares a JBossCache with the service that supports HttpSession
+ replication. See the "tc5-cluster-service.xml" file in the
+ server/all/deploy directory for cache configuration details.
+
+ Besides the attributes supported by the standard Tomcat
+ SingleSignOn valve (see the Tomcat docs), this version also
+ supports the following attributes:
+
+ cookieDomain see above
+
+ treeCacheName JMX ObjectName of the JBossCache MBean used to
+ support credential caching and replication across
+ the cluster. If not set, the default value is
+ "jboss.cache:service=TomcatClusteringCache", the
+ standard ObjectName of the JBossCache MBean used
+ to support session replication.
+ -->
+ <!--
+ <Valve className="org.jboss.web.tomcat.tc5.sso.ClusteredSingleSignOn" />
+ -->
+
+
+ <!-- Uncomment to check for unclosed connections and transaction terminated checks
+ in servlets/jsps.
+ Important: You need to uncomment the dependency on the CachedConnectionManager
+ in META-INF/jboss-service.xml
+ <Valve className="org.jboss.web.tomcat.tc5.jca.CachedConnectionValve"
+ cachedConnectionManagerObjectName="jboss.jca:service=CachedConnectionManager"
+ transactionManagerObjectName="jboss:service=TransactionManager" />
+ -->
+
+ <!-- JOSSO Agent Valve -->
+ <Valve className="org.josso.tc55.agent.SSOAgentValve" debug="1"/>
+ </Host>
+ </Engine>
+
+ </Service>
+
+</Server>
More information about the jboss-cvs-commits
mailing list