Author: bdaw
Date: 2007-09-04 13:27:52 -0400 (Tue, 04 Sep 2007)
New Revision: 8151
Added:
modules/identity/trunk/sso/src/etc/cas/context.xml
modules/identity/trunk/sso/src/etc/cas/deployerConfigContext.xml
modules/identity/trunk/sso/src/etc/josso/context.xml
modules/identity/trunk/sso/src/etc/josso/error.jsp
modules/identity/trunk/sso/src/etc/josso/josso-agent-config.xml
modules/identity/trunk/sso/src/etc/josso/josso-config.xml
modules/identity/trunk/sso/src/etc/josso/josso-gateway-config.xml
modules/identity/trunk/sso/src/etc/josso/login-config.xml
modules/identity/trunk/sso/src/etc/josso/server.xml
Removed:
modules/identity/trunk/sso/src/etc/cas/cas_context.xml
modules/identity/trunk/sso/src/etc/cas/cas_deployerConfigContext.xml
modules/identity/trunk/sso/src/etc/josso/josso_context.xml
modules/identity/trunk/sso/src/etc/josso/josso_error.jsp
modules/identity/trunk/sso/src/etc/josso/josso_josso-agent-config.xml
modules/identity/trunk/sso/src/etc/josso/josso_josso-config.xml
modules/identity/trunk/sso/src/etc/josso/josso_josso-gateway-config.xml
modules/identity/trunk/sso/src/etc/josso/josso_login-config.xml
modules/identity/trunk/sso/src/etc/josso/josso_server.xml
Log:
change names
Deleted: modules/identity/trunk/sso/src/etc/cas/cas_context.xml
===================================================================
--- modules/identity/trunk/sso/src/etc/cas/cas_context.xml 2007-09-04 17:21:09 UTC (rev
8150)
+++ modules/identity/trunk/sso/src/etc/cas/cas_context.xml 2007-09-04 17:27:52 UTC (rev
8151)
@@ -1,9 +0,0 @@
-<?xml version="1.0"?>
-<Context>
- <Valve className="org.jboss.portal.identity.auth.CASAuthenticationValve"
- casLogin="https://localhost:8080/cas/login"
- casValidate="https://localhost:8080/cas/serviceValidate"
- casServerName="localhost"
- authType="FORM"
- />
-</Context>
Deleted: modules/identity/trunk/sso/src/etc/cas/cas_deployerConfigContext.xml
===================================================================
--- modules/identity/trunk/sso/src/etc/cas/cas_deployerConfigContext.xml 2007-09-04
17:21:09 UTC (rev 8150)
+++ modules/identity/trunk/sso/src/etc/cas/cas_deployerConfigContext.xml 2007-09-04
17:27:52 UTC (rev 8151)
@@ -1,98 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
"http://www.springframework.org/dtd/spring-beans.dtd">
-<!--
- | deployerConfigContext.xml centralizes into one file some of the declarative
configuration that
- | all CAS deployers will need to modify.
- |
- | This file declares some of the Spring-managed JavaBeans that make up a CAS deployment.
- | The beans declared in this file are instantiated at context initialization time by the
Spring
- | ContextLoaderListener declared in web.xml. It finds this file because this
- | file is among those declared in the context parameter
"contextConfigLocation".
- |
- | By far the most common change you will need to make in this file is to change the last
bean
- | declaration to replace the default SimpleTestUsernamePasswordAuthenticationHandler
with
- | one implementing your approach for authenticating usernames and passwords.
- +-->
-<beans>
- <!--
- | This bean declares our AuthenticationManager. The CentralAuthenticationService
service bean
- | declared in applicationContext.xml picks up this AuthenticationManager by reference
to its id,
- | "authenticationManager". Most deployers will be able to use the default
AuthenticationManager
- | implementation and so do not need to change the class of this bean. We include the
whole
- | AuthenticationManager here in the userConfigContext.xml so that you can see the
things you will
- | need to change in context.
- +-->
- <bean id="authenticationManager"
- class="org.jasig.cas.authentication.AuthenticationManagerImpl">
- <!--
- | This is the List of CredentialToPrincipalResolvers that identify what Principal is
trying to authenticate.
- | The AuthenticationManagerImpl considers them in order, finding a
CredentialToPrincipalResolver which
- | supports the presented credentials.
- |
- | AuthenticationManagerImpl uses these resolvers for two purposes. First, it uses
them to identify the Principal
- | attempting to authenticate to CAS /login . In the default configuration, it is the
DefaultCredentialsToPrincipalResolver
- | that fills this role. If you are using some other kind of credentials than
UsernamePasswordCredentials, you will need to replace
- | DefaultCredentialsToPrincipalResolver with a CredentialsToPrincipalResolver that
supports the credentials you are
- | using.
- |
- | Second, AuthenticationManagerImpl uses these resolvers to identify a service
requesting a proxy granting ticket.
- | In the default configuration, it is the
HttpBasedServiceCredentialsToPrincipalResolver that serves this purpose.
- | You will need to change this list if you are identifying services by something more
or other than their callback URL.
- +-->
- <property name="credentialsToPrincipalResolvers">
- <list>
- <!--
- | UsernamePasswordCredentialsToPrincipalResolver supports the
UsernamePasswordCredentials that we use for /login
- | by default and produces SimplePrincipal instances conveying the username from the
credentials.
- |
- | If you've changed your LoginFormAction to use credentials other than
UsernamePasswordCredentials then you will also
- | need to change this bean declaration (or add additional declarations) to declare a
CredentialsToPrincipalResolver that supports the
- | Credentials you are using.
- +-->
- <bean
- class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
/>
- <!--
- | HttpBasedServiceCredentialsToPrincipalResolver supports HttpBasedCredentials. It
supports the CAS 2.0 approach of
- | authenticating services by SSL callback, extracting the callback URL from the
Credentials and representing it as a
- | SimpleService identified by that callback URL.
- |
- | If you are representing services by something more or other than an HTTPS URL
whereat they are able to
- | receive a proxy callback, you will need to change this bean declaration (or add
additional declarations).
- +-->
- <bean
- class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"
/>
- </list>
- </property>
-
- <!--
- | Whereas CredentialsToPrincipalResolvers identify who it is some Credentials might
authenticate,
- | AuthenticationHandlers actually authenticate credentials. Here we declare the
AuthenticationHandlers that
- | authenticate the Principals that the CredentialsToPrincipalResolvers identified.
CAS will try these handlers in turn
- | until it finds one that both supports the Credentials presented and succeeds in
authenticating.
- +-->
- <property name="authenticationHandlers">
- <list>
- <!--
- | This is the authentication handler that authenticates services by means of
callback via SSL, thereby validating
- | a server side SSL certificate.
- +-->
- <bean
- class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler">
- <property
- name="httpClient"
- ref="httpClient" />
- </bean>
-
- <!--
- | This is the authentication handler declaration that every CAS deployer will need
to change before deploying CAS
- | into production. The default SimpleTestUsernamePasswordAuthenticationHandler
authenticates UsernamePasswordCredentials
- | where the username equals the password. You will need to replace this with an
AuthenticationHandler that implements your
- | local authentication strategy. You might accomplish this by coding a new such
handler and declaring
- | edu.someschool.its.cas.MySpecialHandler here, or you might use one of the handlers
provided in the adaptors modules.
- +-->
- <bean
- class="org.jboss.portal.identity.auth.CASAuthenticationHandler" />
- </list>
- </property>
- </bean>
-</beans>
Copied: modules/identity/trunk/sso/src/etc/cas/context.xml (from rev 8140,
modules/identity/trunk/sso/src/etc/cas/cas_context.xml)
===================================================================
--- modules/identity/trunk/sso/src/etc/cas/context.xml (rev 0)
+++ modules/identity/trunk/sso/src/etc/cas/context.xml 2007-09-04 17:27:52 UTC (rev 8151)
@@ -0,0 +1,9 @@
+<?xml version="1.0"?>
+<Context>
+ <Valve
className="org.jboss.portal.identity.sso.cas.CASAuthenticationValve"
+ casLogin="https://localhost/cas/login"
+ casValidate="https://localhost/cas/serviceValidate"
+ casServerName="localhost"
+ authType="FORM"
+ />
+</Context>
Copied: modules/identity/trunk/sso/src/etc/cas/deployerConfigContext.xml (from rev 8140,
modules/identity/trunk/sso/src/etc/cas/cas_deployerConfigContext.xml)
===================================================================
--- modules/identity/trunk/sso/src/etc/cas/deployerConfigContext.xml
(rev 0)
+++ modules/identity/trunk/sso/src/etc/cas/deployerConfigContext.xml 2007-09-04 17:27:52
UTC (rev 8151)
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
"http://www.springframework.org/dtd/spring-beans.dtd">
+<!--
+ | deployerConfigContext.xml centralizes into one file some of the declarative
configuration that
+ | all CAS deployers will need to modify.
+ |
+ | This file declares some of the Spring-managed JavaBeans that make up a CAS deployment.
+ | The beans declared in this file are instantiated at context initialization time by the
Spring
+ | ContextLoaderListener declared in web.xml. It finds this file because this
+ | file is among those declared in the context parameter
"contextConfigLocation".
+ |
+ | By far the most common change you will need to make in this file is to change the last
bean
+ | declaration to replace the default SimpleTestUsernamePasswordAuthenticationHandler
with
+ | one implementing your approach for authenticating usernames and passwords.
+ +-->
+<beans>
+ <!--
+ | This bean declares our AuthenticationManager. The CentralAuthenticationService
service bean
+ | declared in applicationContext.xml picks up this AuthenticationManager by reference
to its id,
+ | "authenticationManager". Most deployers will be able to use the default
AuthenticationManager
+ | implementation and so do not need to change the class of this bean. We include the
whole
+ | AuthenticationManager here in the userConfigContext.xml so that you can see the
things you will
+ | need to change in context.
+ +-->
+ <bean id="authenticationManager"
+ class="org.jasig.cas.authentication.AuthenticationManagerImpl">
+ <!--
+ | This is the List of CredentialToPrincipalResolvers that identify what Principal is
trying to authenticate.
+ | The AuthenticationManagerImpl considers them in order, finding a
CredentialToPrincipalResolver which
+ | supports the presented credentials.
+ |
+ | AuthenticationManagerImpl uses these resolvers for two purposes. First, it uses
them to identify the Principal
+ | attempting to authenticate to CAS /login . In the default configuration, it is the
DefaultCredentialsToPrincipalResolver
+ | that fills this role. If you are using some other kind of credentials than
UsernamePasswordCredentials, you will need to replace
+ | DefaultCredentialsToPrincipalResolver with a CredentialsToPrincipalResolver that
supports the credentials you are
+ | using.
+ |
+ | Second, AuthenticationManagerImpl uses these resolvers to identify a service
requesting a proxy granting ticket.
+ | In the default configuration, it is the
HttpBasedServiceCredentialsToPrincipalResolver that serves this purpose.
+ | You will need to change this list if you are identifying services by something more
or other than their callback URL.
+ +-->
+ <property name="credentialsToPrincipalResolvers">
+ <list>
+ <!--
+ | UsernamePasswordCredentialsToPrincipalResolver supports the
UsernamePasswordCredentials that we use for /login
+ | by default and produces SimplePrincipal instances conveying the username from the
credentials.
+ |
+ | If you've changed your LoginFormAction to use credentials other than
UsernamePasswordCredentials then you will also
+ | need to change this bean declaration (or add additional declarations) to declare a
CredentialsToPrincipalResolver that supports the
+ | Credentials you are using.
+ +-->
+ <bean
+ class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
/>
+ <!--
+ | HttpBasedServiceCredentialsToPrincipalResolver supports HttpBasedCredentials. It
supports the CAS 2.0 approach of
+ | authenticating services by SSL callback, extracting the callback URL from the
Credentials and representing it as a
+ | SimpleService identified by that callback URL.
+ |
+ | If you are representing services by something more or other than an HTTPS URL
whereat they are able to
+ | receive a proxy callback, you will need to change this bean declaration (or add
additional declarations).
+ +-->
+ <bean
+ class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"
/>
+ </list>
+ </property>
+
+ <!--
+ | Whereas CredentialsToPrincipalResolvers identify who it is some Credentials might
authenticate,
+ | AuthenticationHandlers actually authenticate credentials. Here we declare the
AuthenticationHandlers that
+ | authenticate the Principals that the CredentialsToPrincipalResolvers identified.
CAS will try these handlers in turn
+ | until it finds one that both supports the Credentials presented and succeeds in
authenticating.
+ +-->
+ <property name="authenticationHandlers">
+ <list>
+ <!--
+ | This is the authentication handler that authenticates services by means of
callback via SSL, thereby validating
+ | a server side SSL certificate.
+ +-->
+ <bean
+ class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler">
+ <property
+ name="httpClient"
+ ref="httpClient" />
+ </bean>
+
+ <!--
+ | This is the authentication handler declaration that every CAS deployer will need
to change before deploying CAS
+ | into production. The default SimpleTestUsernamePasswordAuthenticationHandler
authenticates UsernamePasswordCredentials
+ | where the username equals the password. You will need to replace this with an
AuthenticationHandler that implements your
+ | local authentication strategy. You might accomplish this by coding a new such
handler and declaring
+ | edu.someschool.its.cas.MySpecialHandler here, or you might use one of the handlers
provided in the adaptors modules.
+ +-->
+ <bean
+ class="org.jboss.portal.identity.sso.cas.CASAuthenticationHandler" />
+ </list>
+ </property>
+ </bean>
+</beans>
Copied: modules/identity/trunk/sso/src/etc/josso/context.xml (from rev 8140,
modules/identity/trunk/sso/src/etc/josso/josso_context.xml)
===================================================================
--- modules/identity/trunk/sso/src/etc/josso/context.xml (rev 0)
+++ modules/identity/trunk/sso/src/etc/josso/context.xml 2007-09-04 17:27:52 UTC (rev
8151)
@@ -0,0 +1,4 @@
+<?xml version="1.0"?>
+<Context>
+ <Valve className="org.jboss.portal.identity.sso.cas.JOSSOLogoutValve"/>
+</Context>
Copied: modules/identity/trunk/sso/src/etc/josso/error.jsp (from rev 8140,
modules/identity/trunk/sso/src/etc/josso/josso_error.jsp)
===================================================================
--- modules/identity/trunk/sso/src/etc/josso/error.jsp (rev 0)
+++ modules/identity/trunk/sso/src/etc/josso/error.jsp 2007-09-04 17:27:52 UTC (rev 8151)
@@ -0,0 +1,41 @@
+<%--
+ ~ Copyright (c) 2004-2006, Novascope S.A. and the JOSSO team
+ ~ All rights reserved.
+ ~ Redistribution and use in source and binary forms, with or
+ ~ without modification, are permitted provided that the following
+ ~ conditions are met:
+ ~
+ ~ * Redistributions of source code must retain the above copyright
+ ~ notice, this list of conditions and the following disclaimer.
+ ~
+ ~ * Redistributions in binary form must reproduce the above copyright
+ ~ notice, this list of conditions and the following disclaimer in
+ ~ the documentation and/or other materials provided with the
+ ~ distribution.
+ ~
+ ~ * Neither the name of the JOSSO team nor the names of its
+ ~ contributors may be used to endorse or promote products derived
+ ~ from this software without specific prior written permission.
+ ~
+ ~ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ ~ CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ ~ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ ~ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ ~ DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+ ~ BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ ~ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ ~ TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ ~ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ ~ ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ ~ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ ~ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ ~ POSSIBILITY OF SUCH DAMAGE.
+ --%>
+
+<%@page contentType="text/html; charset=iso-8859-1"
language="java" session="true" %>
+<!--
+Redirects the user to the propper login page. Configured as the login url the web.xml
for this application.
+-->
+<%
+ response.sendRedirect(request.getContextPath() + "/josso_login/");
+%>
Copied: modules/identity/trunk/sso/src/etc/josso/josso-agent-config.xml (from rev 8140,
modules/identity/trunk/sso/src/etc/josso/josso_josso-agent-config.xml)
===================================================================
--- modules/identity/trunk/sso/src/etc/josso/josso-agent-config.xml
(rev 0)
+++ modules/identity/trunk/sso/src/etc/josso/josso-agent-config.xml 2007-09-04 17:27:52
UTC (rev 8151)
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="ISO-8859-1" ?>
+<agent>
+ <class>org.josso.jb4.agent.JBossCatalinaSSOAgent</class>
+
<gatewayLoginUrl>http://localhost:8080/josso/signon/login.do</gatewayLoginUrl>
+
<gatewayLogoutUrl>http://localhost:8080/josso/signon/logout.do</gatewayLogoutUrl>
+ <service-locator>
+ <class>org.josso.gateway.WebserviceGatewayServiceLocator</class>
+ <endpoint>localhost:8080</endpoint>
+ </service-locator>
+ <partner-apps>
+ <partner-app>
+ <context>/portal</context>
+ </partner-app>
+ <!-- used for testing purposes -->
+ <partner-app>
+ <context>/portal2</context>
+ </partner-app>
+ </partner-apps>
+</agent>
Copied: modules/identity/trunk/sso/src/etc/josso/josso-config.xml (from rev 8140,
modules/identity/trunk/sso/src/etc/josso/josso_josso-config.xml)
===================================================================
--- modules/identity/trunk/sso/src/etc/josso/josso-config.xml (rev
0)
+++ modules/identity/trunk/sso/src/etc/josso/josso-config.xml 2007-09-04 17:27:52 UTC (rev
8151)
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="ISO-8859-1" ?>
+<configuration>
+ <hierarchicalXml fileName="josso-agent-config.xml"/>
+</configuration>
Copied: modules/identity/trunk/sso/src/etc/josso/josso-gateway-config.xml (from rev 8140,
modules/identity/trunk/sso/src/etc/josso/josso_josso-gateway-config.xml)
===================================================================
--- modules/identity/trunk/sso/src/etc/josso/josso-gateway-config.xml
(rev 0)
+++ modules/identity/trunk/sso/src/etc/josso/josso-gateway-config.xml 2007-09-04 17:27:52
UTC (rev 8151)
@@ -0,0 +1,569 @@
+<?xml version="1.0" encoding="ISO-8859-1" ?>
+<!--
+ ~ Copyright (c) 2004-2006, Novascope S.A. and the JOSSO team
+ ~ All rights reserved.
+ ~ Redistribution and use in source and binary forms, with or
+ ~ without modification, are permitted provided that the following
+ ~ conditions are met:
+ ~
+ ~ * Redistributions of source code must retain the above copyright
+ ~ notice, this list of conditions and the following disclaimer.
+ ~
+ ~ * Redistributions in binary form must reproduce the above copyright
+ ~ notice, this list of conditions and the following disclaimer in
+ ~ the documentation and/or other materials provided with the
+ ~ distribution.
+ ~
+ ~ * Neither the name of the JOSSO team nor the names of its
+ ~ contributors may be used to endorse or promote products derived
+ ~ from this software without specific prior written permission.
+ ~
+ ~ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ ~ CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ ~ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ ~ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ ~ DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+ ~ BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ ~ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ ~ TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ ~ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ ~ ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ ~ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ ~ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ ~ POSSIBILITY OF SUCH DAMAGE.
+ -->
+
+<domain>
+ <name>JOSSO</name>
+ <type>web</type>
+
+ <!--sso-web-config-->
+
+ <!-- Optional : The URL where the user will be redirected after a successfull
login only if josso_back_to request parameter
+ is not present when accessing the login url
+
<loginBackToURL>http://localhost:8080/partnerapp/protected/</loginBackToURL>
+ -->
+
+ <!-- Optional : The URL where the user will be redirected after a logout only
if josso_back_to is not present
+ when accessing the logout url
+
<logoutBackToURL>http://localhost:8080/partnerapp/protected/</logoutBackToURL>
+ -->
+
+ <!-- Session token properties -->
+ <!--session-token-->
+
+ <!-- Optional : Use a secure session token, a secure channel like SSL must
be available for this to work
+ <secure>false</secure>
+ -->
+
+
+ <!--/session-token-->
+
+ <!--/sso-web-config-->
+
+ <authenticator>
+ <class>org.josso.auth.AuthenticatorImpl</class>
+ <authentication-schemes>
+ <!-- Basic Authentication Scheme -->
+ <authentication-scheme>
+ <name>basic-authentication</name>
+
<class>org.josso.auth.scheme.BindUsernamePasswordAuthScheme</class>
+
+ <!--
+ The message digest algorithm to be used when hashing passwords.
+ This must be an algorithm supported by the java.security.MessageDigest
class
+ on your platform.
+
+ In J2SE 1.4.2 you can check :
+ Java Cryptography Architecture API Specification & Reference -
Apendix B : Algorithms
+ Values are : MD2, MD5, SHA-1, SHA-256, SHA-384, SHA-512,etc.
+
+ To provide LDAP support, also CRYPT is available.
+ -->
+ <!--
+ <hashAlgorithm>MD5</hashAlgorithm>
+ -->
+
+ <!-- Supported values are HEX, BASE64. Mandatory if hashAlgorithm was
specified -->
+ <!--
+ <hashEncoding>HEX</hashEncoding>
+ -->
+
+ <!-- Some hash algorithms, like CRYPT, use this property. The default
value is 2.
+ <saltLength>2</saltLength>
+ -->
+
+ <!--
+ <ignorePasswordCase>false</ignorePasswordCase>
+ <ignoreUserCase>false</ignoreUserCase>
+ -->
+ <!-- ========================================================= -->
+ <!-- JDBC Credential Store -->
+ <!-- -->
+ <!-- Always scape comma chars [,] in queries because -->
+ <!-- jakarta commons-configuration uses them to define arrays. -->
+ <!-- ========================================================= -->
+ <!--
+ <credential-store>
+
<class>org.josso.gateway.identity.service.store.db.JDBCIdentityStore</class>
+
+ <credentialsQueryString>
+
+ SELECT login AS username , password AS password FROM josso_user
WHERE login = ?
+
+ </credentialsQueryString>
+ <connectionName>josso</connectionName>
+ <connectionPassword>josso</connectionPassword>
+
<connectionURL>jdbc:oracle:thin:@localhost:1521:josso_db</connectionURL>
+ <driverName>oracle.jdbc.driver.OracleDriver</driverName>
+ </credential-store>
+ <credential-store>
+
<class>org.josso.gateway.identity.service.store.db.DataSourceIdentityStore</class>
+
+ <credentialsQueryString>SELECT login AS username , password AS
password FROM josso_user WHERE login = ?</credentialsQueryString>
+ <dsJndiName>java:jdbc/JossoSamplesDB</dsJndiName>
+ </credential-store>
+ -->
+
+ <!-- ===============================================================
-->
+ <!-- LDAP Credential Store
-->
+ <!--
-->
+ <!-- Chcek javadoc for configuration details :
-->
+ <!-- org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore
-->
+ <!-- ===============================================================
-->
+ <!--
+ <credential-store>
+
<class>org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore</class>
+
<initialContextFactory>com.sun.jndi.ldap.LdapCtxFactory</initialContextFactory>
+ <providerUrl>ldap://ldaphost</providerUrl>
+
<securityPrincipal>cn=Manager,dc=my-domain,dc=com</securityPrincipal>
+ <securityCredential>secret</securityCredential>
+ <securityAuthentication>simple</securityAuthentication>
+ <ldapSearchScope>SUBTREE</ldapSearchScope>
+ <usersCtxDN>ou=People,dc=my-domain,dc=com</usersCtxDN>
+ <principalUidAttributeID>uid</principalUidAttributeID>
+ <rolesCtxDN>ou=Roles,dc=my-domain,dc=com</rolesCtxDN>
+ <uidAttributeID>uniquemember</uidAttributeID>
+ <roleAttributeID>cn</roleAttributeID>
+
<credentialQueryString>uid=username,userPassword=password</credentialQueryString>
+
<userPropertiesQueryString>mail=mail,cn=description</userPropertiesQueryString>
+ </credential-store>
+ -->
+
+ <!-- ================================================= -->
+ <!-- Memory Credential Store -->
+ <!-- ================================================= -->
+ <!--
+ <credential-store>
+
<class>org.josso.gateway.identity.service.store.MemoryIdentityStore</class>
+
<credentialsFileName>josso-credentials.xml</credentialsFileName>
+ </credential-store>
+ -->
+
+ <!-- ================================================= -->
+ <!-- JBoss Portal Credential Store -->
+ <!-- ================================================= -->
+ <credential-store>
+
<class>org.jboss.portal.identity.sso.josso.JOSSOIdentityStore</class>
+ </credential-store>
+
+
+
+ <!-- ================================================= -->
+ <!-- Credential Store Key adapter -->
+ <!-- ================================================= -->
+ <credential-store-key-adapter>
+
<class>org.josso.gateway.identity.service.store.SimpleIdentityStoreKeyAdapter</class>
+ </credential-store-key-adapter>
+
+ </authentication-scheme>
+
+ <!-- Strong Authentication Scheme -->
+ <authentication-scheme>
+ <name>strong-authentication</name>
+
<class>org.josso.auth.scheme.X509CertificateAuthScheme</class>
+
+ <!-- ========================================================= -->
+ <!-- JDBC Credential Store -->
+ <!-- -->
+ <!-- Always scape comma chars [,] in queries because -->
+ <!-- jakarta commons-configuration uses them to define arrays. -->
+ <!-- ========================================================= -->
+ <!--
+ <credential-store>
+
<class>org.josso.gateway.identity.service.store.db.JDBCIdentityStore</class>
+
+ <credentialsQueryString>
+
+ SELECT login AS username , password AS password FROM josso_user
WHERE login = ?
+
+ </credentialsQueryString>
+ <connectionName>josso</connectionName>
+ <connectionPassword>josso</connectionPassword>
+
<connectionURL>jdbc:oracle:thin:@localhost:1521:josso_db</connectionURL>
+ <driverName>oracle.jdbc.driver.OracleDriver</driverName>
+ </credential-store>
+ -->
+
+ <!-- ===============================================================
-->
+ <!-- LDAP Credential Store
-->
+ <!--
-->
+ <!-- Chcek javadoc for configuration details :
-->
+ <!-- org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore
-->
+ <!-- ===============================================================
-->
+ <!--
+ <credential-store>
+
<class>org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore</class>
+
<initialContextFactory>com.sun.jndi.ldap.LdapCtxFactory</initialContextFactory>
+ <providerUrl>ldap://ldaphost</providerUrl>
+
<securityPrincipal>cn=Manager,dc=my-domain,dc=com</securityPrincipal>
+ <securityCredential>secret</securityCredential>
+ <securityAuthentication>simple</securityAuthentication>
+ <ldapSearchScope>SUBTREE</ldapSearchScope>
+ <usersCtxDN>ou=People,dc=my-domain,dc=com</usersCtxDN>
+ <principalUidAttributeID>uid</principalUidAttributeID>
+ <rolesCtxDN>ou=Roles,dc=my-domain,dc=com</rolesCtxDN>
+ <uidAttributeID>uniquemember</uidAttributeID>
+ <roleAttributeID>cn</roleAttributeID>
+
<credentialQueryString>uid=username,userCertificate;binary=userCertificate</credentialQueryString>
+
<userPropertiesQueryString>mail=mail,cn=description</userPropertiesQueryString>
+ </credential-store>
+ -->
+
+ <!-- ================================================= -->
+ <!-- Memory Credential Store -->
+ <!-- ================================================= -->
+ <credential-store>
+
<class>org.josso.gateway.identity.service.store.MemoryIdentityStore</class>
+
<credentialsFileName>josso-credentials.xml</credentialsFileName>
+ </credential-store>
+
+ <!-- ================================================= -->
+ <!-- Credential Store Key adapter -->
+ <!-- ================================================= -->
+ <credential-store-key-adapter>
+
<class>org.josso.gateway.identity.service.store.SimpleIdentityStoreKeyAdapter</class>
+ </credential-store-key-adapter>
+
+ </authentication-scheme>
+ </authentication-schemes>
+ </authenticator>
+
+ <sso-identity-manager>
+
+
<class>org.josso.gateway.identity.service.SSOIdentityManagerImpl</class>
+
+ <!-- ========================================================= -->
+ <!-- DataSource Identity Store -->
+ <!-- -->
+ <!-- Always scape comma chars [,] in queries because -->
+ <!-- jakarta commons-configuration uses them to define arrays. -->
+ <!-- ========================================================= -->
+ <!--
+ <sso-identity-store>
+
<class>org.josso.gateway.identity.service.store.db.DataSourceIdentityStore</class>
+
+ <userQueryString>
+ SELECT login FROM josso_user WHERE login = ?
+ </userQueryString>
+
+ <userPropertiesQueryString>
+ SELECT 'user.description' AS name , description AS value FROM
josso_user WHERE login = ?
+ UNION
+ SELECT name AS name , value AS value FROM josso_user_property WHERE
login = ?
+ </userPropertiesQueryString>
+
+ <rolesQueryString>
+ SELECT josso_role.name FROM josso_role , josso_user_role , josso_user
WHERE josso_user.login = ? AND josso_user.login = josso_user_role.login AND
josso_role.name = josso_user_role.name
+ </rolesQueryString>
+
+ <dsJndiName>java:jdbc/JossoSamplesDB</dsJndiName>
+ </sso-identity-store>
+ -->
+ <!-- ========================================================= -->
+ <!-- JDBC Identity Store -->
+ <!-- -->
+ <!-- Always scape comma chars [,] in queries because -->
+ <!-- jakarta commons-configuration uses them to define arrays. -->
+ <!-- ========================================================= -->
+
+ <!--sso-identity-store>
+
<class>org.josso.gateway.identity.service.store.db.JDBCIdentityStore</class>
+
+ <userQueryString>
+ SELECT login FROM josso_user WHERE login = ?
+ </userQueryString>
+
+ You could use a UNION to select properties from different tables/columns :
+ SELECT 'user.lastName' AS name , lastName AS value FROM josso_user
WHERE login = ?
+ UNION
+ SELECT 'user.name' AS name , name AS value FROM josso_user WHERE
login = ?
+ UNION
+ SELECT name AS name , value AS value FROM josso_user_properties WHERE login
= ?
+
+ <userPropertiesQueryString>
+ SELECT 'user.description' AS name , description AS value FROM
josso_user WHERE login = ?
+ UNION
+ SELECT name AS name , value AS value FROM josso_user_property WHERE
login = ?
+ </userPropertiesQueryString>
+ <rolesQueryString>
+ SELECT josso_role.name FROM josso_role , josso_user_role , josso_user
WHERE josso_user.login = ? AND josso_user.login = josso_user_role.login AND
josso_role.name = josso_user_role.name
+ </rolesQueryString>
+ <connectionName>josso</connectionName>
+ <connectionPassword>josso</connectionPassword>
+
<connectionURL>jdbc:oracle:thin:@localhost:1521:josso_db</connectionURL>
+ <driverName>oracle.jdbc.driver.OracleDriver</driverName>
+ </sso-identity-store-->
+
+ <!-- =============================================================== -->
+ <!-- LDAP Identity Store -->
+ <!-- -->
+ <!-- Chcek javadoc for configuration details : -->
+ <!-- org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore -->
+ <!-- ================================================= -->
+ <!--
+ <sso-identity-store>
+
<class>org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore</class>
+
<initialContextFactory>com.sun.jndi.ldap.LdapCtxFactory</initialContextFactory>
+ <providerUrl>ldap://ldaphost</providerUrl>
+
<securityPrincipal>cn=Manager,dc=my-domain,dc=com</securityPrincipal>
+ <securityCredential>secret</securityCredential>
+ <securityAuthentication>simple</securityAuthentication>
+ <ldapSearchScope>SUBTREE</ldapSearchScope>
+ <usersCtxDN>ou=People,dc=my-domain,dc=com</usersCtxDN>
+ <principalUidAttributeID>uid</principalUidAttributeID>
+ <rolesCtxDN>ou=Roles,dc=my-domain,dc=com</rolesCtxDN>
+ <uidAttributeID>uniquemember</uidAttributeID>
+ <roleAttributeID>cn</roleAttributeID>
+
<credentialQueryString>uid=username,userPassword=password</credentialQueryString>
+
<userPropertiesQueryString>mail=mail,cn=description</userPropertiesQueryString>
+ </sso-identity-store>
+ -->
+
+ <!-- ================================================= -->
+ <!-- Memory Identity Store -->
+ <!-- ================================================= -->
+ <!--
+ <sso-identity-store>
+
<class>org.josso.gateway.identity.service.store.MemoryIdentityStore</class>
+ <usersFileName>josso-users.xml</usersFileName>
+ </sso-identity-store>
+ -->
+
+ <!-- ================================================= -->
+ <!-- JBoss Portal Credential Store -->
+ <!-- ================================================= -->
+ <sso-identity-store>
+
<class>org.jboss.portal.identity.sso.josso.JOSSOIdentityStore</class>
+ </sso-identity-store>
+
+ <!-- ================================================= -->
+ <!-- Identity Store Key adapter -->
+ <!-- ================================================= -->
+ <sso-identity-store-key-adapter>
+
<class>org.josso.gateway.identity.service.store.SimpleIdentityStoreKeyAdapter</class>
+ </sso-identity-store-key-adapter>
+
+ </sso-identity-manager>
+
+ <sso-session-manager>
+
+
<class>org.josso.gateway.session.service.SSOSessionManagerImpl</class>
+
+ <!--
+ Set the maximum time interval, in minutes, between client requests before the SSO
Service will invalidate
+ the session. A negative time indicates that the session should never time out.
+ -->
+ <maxInactiveInterval>30</maxInactiveInterval>
+
+ <!-- Max number of sessions per user, default 1
+ A negative value indicates that an unlimited number of sessions per user is
allowed.
+ -->
+ <maxSessionsPerUser>-1</maxSessionsPerUser>
+ <!--
+ If true, when the max number of sessions per user is exceeded,
+ an already existing session will be invalidated to create a new one.
+ If false, when the max number of sessions per user is exceeded,
+ an exception is thrown and the new session is not created.
+ -->
+ <invalidateExceedingSessions>false</invalidateExceedingSessions>
+
+
+ <!--
+ Time interval, in milliseconds, between exired sessions cleanup.
+ -->
+ <sessionMonitorInterval>10000</sessionMonitorInterval>
+
+ <!-- ===================================================================
-->
+ <!-- Serialized Session Store
-->
+ <!--
-->
+ <!-- Session Store implementation which uses Java Serialization to
-->
+ <!-- persist Single Sign-On user sessions.
-->
+ <!-- It allows to reconstruct the session state after a system shutdown.
-->
+ <!-- ===================================================================
-->
+ <!--
+ <sso-session-store>
+
<class>org.josso.gateway.session.service.store.SerializedSessionStore</class>
+ file where serialized sessions will be stored (optional)
+ <serializedFile>/tmp/josso_sessions.ser</serializedFile>
+ </sso-session-store>
+ -->
+
+
+ <!-- =============================================================== -->
+ <!-- DataSource Session Store -->
+ <!-- -->
+ <!-- This store persists SSO sessions in a RDBMS, it's usefull for
-->
+ <!-- example when multiple SSO servers must share session information-->
+ <!-- like in a cluster. -->
+ <!-- -->
+ <!-- NOTE :Remember to escape spetial chars like < with < , etc
-->
+ <!-- -->
+ <!-- -->
+ <!-- Chcek javadoc for configuration details : -->
+ <!-- org.josso.gateway.session.service.store.db.DataSourceSessionStore -->
+ <!-- =============================================================== -->
+ <!--
+ <sso-session-store>
+
+
<class>org.josso.gateway.session.service.store.db.DataSourceSessionStore</class>
+
+ <dsJndiName>java:jdbc/JossoSamplesDB</dsJndiName>
+
+ <sizeQuery>SELECT COUNT(*) FROM JOSSO_SESSION</sizeQuery>
+ <keysQuery>SELECT session_id FROM JOSSO_SESSION</keysQuery>
+ <loadAllQuery>SELECT session_id, userName, creation_time,
last_access_time, access_count, max_inactive_interval, valid FROM
JOSSO_SESSION</loadAllQuery>
+ <loadQuery>SELECT session_id, userName, creation_time,
last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE
session_id = ?</loadQuery>
+ <loadByUserNameQuery>SELECT session_id, userName, creation_time,
last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE
username = ?</loadByUserNameQuery>
+
+ <loadByLastAccessTimeQuery>SELECT session_id, userName, creation_time,
last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE
last_access_time < ?</loadByLastAccessTimeQuery>
+ <loadByValidQuery>SELECT session_id, userName, creation_time,
last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE
valid = ?</loadByValidQuery>
+ <deleteDml>DELETE FROM JOSSO_SESSION WHERE session_id =
?</deleteDml>
+ <deleteAllDml>DELETE FROM JOSSO_SESSION</deleteAllDml>
+ <insertDml>INSERT INTO JOSSO_SESSION (session_id, userName,
creation_time, last_access_time, access_count, max_inactive_interval, valid) VALUES (?, ?,
?, ?, ?, ?, ?) </insertDml>
+
+ <dsJndiName>java:jdbc/JossoSamplesDB</dsJndiName>
+
+ </sso-session-store>
+ -->
+
+ <!-- =============================================================== -->
+ <!-- Jdbc Session Store -->
+ <!-- -->
+ <!-- This store persists SSO sessions in a RDBMS, it's usefull for
-->
+ <!-- example when multiple SSO servers must share session information-->
+ <!-- like in a cluster. -->
+ <!-- -->
+ <!-- NOTE :Remember to escape spetial chars like < with < , etc
-->
+ <!-- -->
+ <!-- Chcek javadoc for configuration details : -->
+ <!-- org.josso.gateway.session.service.store.db.JdbcSessionStore -->
+ <!-- =============================================================== -->
+ <!--
+ <sso-session-store>
+
+
<class>org.josso.gateway.session.service.store.db.JdbcSessionStore</class>
+
+ <connectionName>josso</connectionName>
+ <connectionPassword>josso</connectionPassword>
+
<connectionURL>jdbc:oracle:thin:@localhost:1521:josso_db</connectionURL>
+ <driverName>oracle.jdbc.driver.OracleDriver</driverName>
+
+ <sizeQuery>SELECT COUNT(*) FROM JOSSO_SESSION</sizeQuery>
+ <keysQuery>SELECT session_id FROM JOSSO_SESSION</keysQuery>
+ <loadAllQuery>SELECT session_id, userName, creation_time,
last_access_time, access_count, max_inactive_interval, valid FROM
JOSSO_SESSION</loadAllQuery>
+ <loadQuery>SELECT session_id, userName, creation_time,
last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE
session_id = ?</loadQuery>
+ <loadByUserNameQuery>SELECT session_id, userName, creation_time,
last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE
username = ?</loadByUserNameQuery>
+
+ <loadByLastAccessTimeQuery>SELECT session_id, userName, creation_time,
last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE
last_access_time < ?</loadByLastAccessTimeQuery>
+ <loadByValidQuery>SELECT session_id, userName, creation_time,
last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE
valid = ?</loadByValidQuery>
+ <deleteDml>DELETE FROM JOSSO_SESSION WHERE session_id =
?</deleteDml>
+ <deleteAllDml>DELETE FROM JOSSO_SESSION</deleteAllDml>
+ <insertDml>INSERT INTO JOSSO_SESSION (session_id, userName,
creation_time, last_access_time, access_count, max_inactive_interval, valid) VALUES (?, ?,
?, ?, ?, ?, ?) </insertDml>
+
+ </sso-session-store>
+ -->
+
+
+ <!-- =============================================================== -->
+ <!-- Memory Session Store -->
+ <!-- =============================================================== -->
+ <sso-session-store>
+
<class>org.josso.gateway.session.service.store.MemorySessionStore</class>
+ </sso-session-store>
+
+ <sso-session-id-generator>
+
+
<class>org.josso.gateway.session.service.SessionIdGeneratorImpl</class>
+ <!--
+ The message digest algorithm to be used when generating session
+ identifiers. This must be an algorithm supported by the
+ java.security.MessageDigest class on your platform.
+
+ In J2SE 1.4.2 you can check :
+ Java Cryptography Architecture API Specification & Reference - Apendix
A : Standard Names
+ Values are : MD2, MD5, SHA-1, SHA-256, SHA-384, SHA-512
+ -->
+ <algorithm>MD5</algorithm>
+
+ </sso-session-id-generator>
+
+ </sso-session-manager>
+
+ <!-- SSO Audit Manager compoment -->
+ <sso-audit-manager>
+ <class>org.josso.gateway.audit.service.SSOAuditManagerImpl</class>
+
+ <!--
+ List of handlers that will process this request
+ Every handler must have its own unique name.
+ -->
+ <handlers>
+
+ <!-- This handler logs all audit trails using Log4J, under the given
category -->
+ <handler>
+
<class>org.josso.gateway.audit.service.handler.LoggerAuditTrailHandler</class>
+ <name>LoggerAuditTrailHandler</name>
+ <category>org.josso.gateway.audit.SSO_AUDIT</category>
+ </handler>
+
+ <!--
+ <handler>
+ <class>MyOtherHandler</class>
+ <name>MyOhterHandlerName</name>
+ <myProperty>value</myProperty>
+ </handler>
+ -->
+
+ </handlers>
+ </sso-audit-manager>
+
+ <!-- SSO Event Manager component -->
+ <sso-event-manager>
+
<class>org.josso.gateway.event.security.JMXSSOEventManagerImpl</class>
+ <!--
+ JMX Name of the EventManager MBean that will send SSO Events as JMX
Notifications
+ The MBean will be registered by the MBeanComponentKeeper.
+ -->
+ <oname>josso:type=SSOEventManager</oname>
+ <!-- You can add your own listeners here : -->
+ <!-- Every listener should have a unique name -->
+
+ <!--
+ <listeners>
+ <listener>
+ <class>com.myCompany.MyEventListener</class>
+ <name>MyEventListener</name>
+ <property1>MyListenerProperty1Value</property1>
+ </listener>
+ <listener>
+ <class>com.myCompany.MyOtherEventListener</class>
+ <name>MyOtherEventListener</name>
+ <propertyA>MyOtherListenerPropertyAValue</propertyA>
+ </listener>
+ </listeners>
+ -->
+
+ </sso-event-manager>
+
+</domain>
Deleted: modules/identity/trunk/sso/src/etc/josso/josso_context.xml
===================================================================
--- modules/identity/trunk/sso/src/etc/josso/josso_context.xml 2007-09-04 17:21:09 UTC
(rev 8150)
+++ modules/identity/trunk/sso/src/etc/josso/josso_context.xml 2007-09-04 17:27:52 UTC
(rev 8151)
@@ -1,4 +0,0 @@
-<?xml version="1.0"?>
-<Context>
- <Valve className="org.jboss.portal.identity.auth.JOSSOLogoutValve"/>
-</Context>
Deleted: modules/identity/trunk/sso/src/etc/josso/josso_error.jsp
===================================================================
--- modules/identity/trunk/sso/src/etc/josso/josso_error.jsp 2007-09-04 17:21:09 UTC (rev
8150)
+++ modules/identity/trunk/sso/src/etc/josso/josso_error.jsp 2007-09-04 17:27:52 UTC (rev
8151)
@@ -1,41 +0,0 @@
-<%--
- ~ Copyright (c) 2004-2006, Novascope S.A. and the JOSSO team
- ~ All rights reserved.
- ~ Redistribution and use in source and binary forms, with or
- ~ without modification, are permitted provided that the following
- ~ conditions are met:
- ~
- ~ * Redistributions of source code must retain the above copyright
- ~ notice, this list of conditions and the following disclaimer.
- ~
- ~ * Redistributions in binary form must reproduce the above copyright
- ~ notice, this list of conditions and the following disclaimer in
- ~ the documentation and/or other materials provided with the
- ~ distribution.
- ~
- ~ * Neither the name of the JOSSO team nor the names of its
- ~ contributors may be used to endorse or promote products derived
- ~ from this software without specific prior written permission.
- ~
- ~ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
- ~ CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
- ~ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- ~ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- ~ DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
- ~ BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- ~ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- ~ TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- ~ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- ~ ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- ~ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- ~ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- ~ POSSIBILITY OF SUCH DAMAGE.
- --%>
-
-<%@page contentType="text/html; charset=iso-8859-1"
language="java" session="true" %>
-<!--
-Redirects the user to the propper login page. Configured as the login url the web.xml
for this application.
--->
-<%
- response.sendRedirect(request.getContextPath() + "/josso_login/");
-%>
Deleted: modules/identity/trunk/sso/src/etc/josso/josso_josso-agent-config.xml
===================================================================
--- modules/identity/trunk/sso/src/etc/josso/josso_josso-agent-config.xml 2007-09-04
17:21:09 UTC (rev 8150)
+++ modules/identity/trunk/sso/src/etc/josso/josso_josso-agent-config.xml 2007-09-04
17:27:52 UTC (rev 8151)
@@ -1,19 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1" ?>
-<agent>
- <class>org.josso.jb4.agent.JBossCatalinaSSOAgent</class>
-
<gatewayLoginUrl>http://localhost:8080/josso/signon/login.do</gatewayLoginUrl>
-
<gatewayLogoutUrl>http://localhost:8080/josso/signon/logout.do</gatewayLogoutUrl>
- <service-locator>
- <class>org.josso.gateway.WebserviceGatewayServiceLocator</class>
- <endpoint>localhost:8080</endpoint>
- </service-locator>
- <partner-apps>
- <partner-app>
- <context>/portal</context>
- </partner-app>
- <!-- used for testing purposes -->
- <partner-app>
- <context>/portal2</context>
- </partner-app>
- </partner-apps>
-</agent>
Deleted: modules/identity/trunk/sso/src/etc/josso/josso_josso-config.xml
===================================================================
--- modules/identity/trunk/sso/src/etc/josso/josso_josso-config.xml 2007-09-04 17:21:09
UTC (rev 8150)
+++ modules/identity/trunk/sso/src/etc/josso/josso_josso-config.xml 2007-09-04 17:27:52
UTC (rev 8151)
@@ -1,4 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1" ?>
-<configuration>
- <hierarchicalXml fileName="josso-agent-config.xml"/>
-</configuration>
Deleted: modules/identity/trunk/sso/src/etc/josso/josso_josso-gateway-config.xml
===================================================================
--- modules/identity/trunk/sso/src/etc/josso/josso_josso-gateway-config.xml 2007-09-04
17:21:09 UTC (rev 8150)
+++ modules/identity/trunk/sso/src/etc/josso/josso_josso-gateway-config.xml 2007-09-04
17:27:52 UTC (rev 8151)
@@ -1,569 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1" ?>
-<!--
- ~ Copyright (c) 2004-2006, Novascope S.A. and the JOSSO team
- ~ All rights reserved.
- ~ Redistribution and use in source and binary forms, with or
- ~ without modification, are permitted provided that the following
- ~ conditions are met:
- ~
- ~ * Redistributions of source code must retain the above copyright
- ~ notice, this list of conditions and the following disclaimer.
- ~
- ~ * Redistributions in binary form must reproduce the above copyright
- ~ notice, this list of conditions and the following disclaimer in
- ~ the documentation and/or other materials provided with the
- ~ distribution.
- ~
- ~ * Neither the name of the JOSSO team nor the names of its
- ~ contributors may be used to endorse or promote products derived
- ~ from this software without specific prior written permission.
- ~
- ~ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
- ~ CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
- ~ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- ~ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- ~ DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
- ~ BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- ~ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- ~ TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- ~ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- ~ ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- ~ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- ~ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- ~ POSSIBILITY OF SUCH DAMAGE.
- -->
-
-<domain>
- <name>JOSSO</name>
- <type>web</type>
-
- <!--sso-web-config-->
-
- <!-- Optional : The URL where the user will be redirected after a successfull
login only if josso_back_to request parameter
- is not present when accessing the login url
-
<loginBackToURL>http://localhost:8080/partnerapp/protected/</loginBackToURL>
- -->
-
- <!-- Optional : The URL where the user will be redirected after a logout only
if josso_back_to is not present
- when accessing the logout url
-
<logoutBackToURL>http://localhost:8080/partnerapp/protected/</logoutBackToURL>
- -->
-
- <!-- Session token properties -->
- <!--session-token-->
-
- <!-- Optional : Use a secure session token, a secure channel like SSL must
be available for this to work
- <secure>false</secure>
- -->
-
-
- <!--/session-token-->
-
- <!--/sso-web-config-->
-
- <authenticator>
- <class>org.josso.auth.AuthenticatorImpl</class>
- <authentication-schemes>
- <!-- Basic Authentication Scheme -->
- <authentication-scheme>
- <name>basic-authentication</name>
-
<class>org.josso.auth.scheme.BindUsernamePasswordAuthScheme</class>
-
- <!--
- The message digest algorithm to be used when hashing passwords.
- This must be an algorithm supported by the java.security.MessageDigest
class
- on your platform.
-
- In J2SE 1.4.2 you can check :
- Java Cryptography Architecture API Specification & Reference -
Apendix B : Algorithms
- Values are : MD2, MD5, SHA-1, SHA-256, SHA-384, SHA-512,etc.
-
- To provide LDAP support, also CRYPT is available.
- -->
- <!--
- <hashAlgorithm>MD5</hashAlgorithm>
- -->
-
- <!-- Supported values are HEX, BASE64. Mandatory if hashAlgorithm was
specified -->
- <!--
- <hashEncoding>HEX</hashEncoding>
- -->
-
- <!-- Some hash algorithms, like CRYPT, use this property. The default
value is 2.
- <saltLength>2</saltLength>
- -->
-
- <!--
- <ignorePasswordCase>false</ignorePasswordCase>
- <ignoreUserCase>false</ignoreUserCase>
- -->
- <!-- ========================================================= -->
- <!-- JDBC Credential Store -->
- <!-- -->
- <!-- Always scape comma chars [,] in queries because -->
- <!-- jakarta commons-configuration uses them to define arrays. -->
- <!-- ========================================================= -->
- <!--
- <credential-store>
-
<class>org.josso.gateway.identity.service.store.db.JDBCIdentityStore</class>
-
- <credentialsQueryString>
-
- SELECT login AS username , password AS password FROM josso_user
WHERE login = ?
-
- </credentialsQueryString>
- <connectionName>josso</connectionName>
- <connectionPassword>josso</connectionPassword>
-
<connectionURL>jdbc:oracle:thin:@localhost:1521:josso_db</connectionURL>
- <driverName>oracle.jdbc.driver.OracleDriver</driverName>
- </credential-store>
- <credential-store>
-
<class>org.josso.gateway.identity.service.store.db.DataSourceIdentityStore</class>
-
- <credentialsQueryString>SELECT login AS username , password AS
password FROM josso_user WHERE login = ?</credentialsQueryString>
- <dsJndiName>java:jdbc/JossoSamplesDB</dsJndiName>
- </credential-store>
- -->
-
- <!-- ===============================================================
-->
- <!-- LDAP Credential Store
-->
- <!--
-->
- <!-- Chcek javadoc for configuration details :
-->
- <!-- org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore
-->
- <!-- ===============================================================
-->
- <!--
- <credential-store>
-
<class>org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore</class>
-
<initialContextFactory>com.sun.jndi.ldap.LdapCtxFactory</initialContextFactory>
- <providerUrl>ldap://ldaphost</providerUrl>
-
<securityPrincipal>cn=Manager,dc=my-domain,dc=com</securityPrincipal>
- <securityCredential>secret</securityCredential>
- <securityAuthentication>simple</securityAuthentication>
- <ldapSearchScope>SUBTREE</ldapSearchScope>
- <usersCtxDN>ou=People,dc=my-domain,dc=com</usersCtxDN>
- <principalUidAttributeID>uid</principalUidAttributeID>
- <rolesCtxDN>ou=Roles,dc=my-domain,dc=com</rolesCtxDN>
- <uidAttributeID>uniquemember</uidAttributeID>
- <roleAttributeID>cn</roleAttributeID>
-
<credentialQueryString>uid=username,userPassword=password</credentialQueryString>
-
<userPropertiesQueryString>mail=mail,cn=description</userPropertiesQueryString>
- </credential-store>
- -->
-
- <!-- ================================================= -->
- <!-- Memory Credential Store -->
- <!-- ================================================= -->
- <!--
- <credential-store>
-
<class>org.josso.gateway.identity.service.store.MemoryIdentityStore</class>
-
<credentialsFileName>josso-credentials.xml</credentialsFileName>
- </credential-store>
- -->
-
- <!-- ================================================= -->
- <!-- JBoss Portal Credential Store -->
- <!-- ================================================= -->
- <credential-store>
-
<class>org.jboss.portal.identity.auth.JOSSOIdentityStore</class>
- </credential-store>
-
-
-
- <!-- ================================================= -->
- <!-- Credential Store Key adapter -->
- <!-- ================================================= -->
- <credential-store-key-adapter>
-
<class>org.josso.gateway.identity.service.store.SimpleIdentityStoreKeyAdapter</class>
- </credential-store-key-adapter>
-
- </authentication-scheme>
-
- <!-- Strong Authentication Scheme -->
- <authentication-scheme>
- <name>strong-authentication</name>
-
<class>org.josso.auth.scheme.X509CertificateAuthScheme</class>
-
- <!-- ========================================================= -->
- <!-- JDBC Credential Store -->
- <!-- -->
- <!-- Always scape comma chars [,] in queries because -->
- <!-- jakarta commons-configuration uses them to define arrays. -->
- <!-- ========================================================= -->
- <!--
- <credential-store>
-
<class>org.josso.gateway.identity.service.store.db.JDBCIdentityStore</class>
-
- <credentialsQueryString>
-
- SELECT login AS username , password AS password FROM josso_user
WHERE login = ?
-
- </credentialsQueryString>
- <connectionName>josso</connectionName>
- <connectionPassword>josso</connectionPassword>
-
<connectionURL>jdbc:oracle:thin:@localhost:1521:josso_db</connectionURL>
- <driverName>oracle.jdbc.driver.OracleDriver</driverName>
- </credential-store>
- -->
-
- <!-- ===============================================================
-->
- <!-- LDAP Credential Store
-->
- <!--
-->
- <!-- Chcek javadoc for configuration details :
-->
- <!-- org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore
-->
- <!-- ===============================================================
-->
- <!--
- <credential-store>
-
<class>org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore</class>
-
<initialContextFactory>com.sun.jndi.ldap.LdapCtxFactory</initialContextFactory>
- <providerUrl>ldap://ldaphost</providerUrl>
-
<securityPrincipal>cn=Manager,dc=my-domain,dc=com</securityPrincipal>
- <securityCredential>secret</securityCredential>
- <securityAuthentication>simple</securityAuthentication>
- <ldapSearchScope>SUBTREE</ldapSearchScope>
- <usersCtxDN>ou=People,dc=my-domain,dc=com</usersCtxDN>
- <principalUidAttributeID>uid</principalUidAttributeID>
- <rolesCtxDN>ou=Roles,dc=my-domain,dc=com</rolesCtxDN>
- <uidAttributeID>uniquemember</uidAttributeID>
- <roleAttributeID>cn</roleAttributeID>
-
<credentialQueryString>uid=username,userCertificate;binary=userCertificate</credentialQueryString>
-
<userPropertiesQueryString>mail=mail,cn=description</userPropertiesQueryString>
- </credential-store>
- -->
-
- <!-- ================================================= -->
- <!-- Memory Credential Store -->
- <!-- ================================================= -->
- <credential-store>
-
<class>org.josso.gateway.identity.service.store.MemoryIdentityStore</class>
-
<credentialsFileName>josso-credentials.xml</credentialsFileName>
- </credential-store>
-
- <!-- ================================================= -->
- <!-- Credential Store Key adapter -->
- <!-- ================================================= -->
- <credential-store-key-adapter>
-
<class>org.josso.gateway.identity.service.store.SimpleIdentityStoreKeyAdapter</class>
- </credential-store-key-adapter>
-
- </authentication-scheme>
- </authentication-schemes>
- </authenticator>
-
- <sso-identity-manager>
-
-
<class>org.josso.gateway.identity.service.SSOIdentityManagerImpl</class>
-
- <!-- ========================================================= -->
- <!-- DataSource Identity Store -->
- <!-- -->
- <!-- Always scape comma chars [,] in queries because -->
- <!-- jakarta commons-configuration uses them to define arrays. -->
- <!-- ========================================================= -->
- <!--
- <sso-identity-store>
-
<class>org.josso.gateway.identity.service.store.db.DataSourceIdentityStore</class>
-
- <userQueryString>
- SELECT login FROM josso_user WHERE login = ?
- </userQueryString>
-
- <userPropertiesQueryString>
- SELECT 'user.description' AS name , description AS value FROM
josso_user WHERE login = ?
- UNION
- SELECT name AS name , value AS value FROM josso_user_property WHERE
login = ?
- </userPropertiesQueryString>
-
- <rolesQueryString>
- SELECT josso_role.name FROM josso_role , josso_user_role , josso_user
WHERE josso_user.login = ? AND josso_user.login = josso_user_role.login AND
josso_role.name = josso_user_role.name
- </rolesQueryString>
-
- <dsJndiName>java:jdbc/JossoSamplesDB</dsJndiName>
- </sso-identity-store>
- -->
- <!-- ========================================================= -->
- <!-- JDBC Identity Store -->
- <!-- -->
- <!-- Always scape comma chars [,] in queries because -->
- <!-- jakarta commons-configuration uses them to define arrays. -->
- <!-- ========================================================= -->
-
- <!--sso-identity-store>
-
<class>org.josso.gateway.identity.service.store.db.JDBCIdentityStore</class>
-
- <userQueryString>
- SELECT login FROM josso_user WHERE login = ?
- </userQueryString>
-
- You could use a UNION to select properties from different tables/columns :
- SELECT 'user.lastName' AS name , lastName AS value FROM josso_user
WHERE login = ?
- UNION
- SELECT 'user.name' AS name , name AS value FROM josso_user WHERE
login = ?
- UNION
- SELECT name AS name , value AS value FROM josso_user_properties WHERE login
= ?
-
- <userPropertiesQueryString>
- SELECT 'user.description' AS name , description AS value FROM
josso_user WHERE login = ?
- UNION
- SELECT name AS name , value AS value FROM josso_user_property WHERE
login = ?
- </userPropertiesQueryString>
- <rolesQueryString>
- SELECT josso_role.name FROM josso_role , josso_user_role , josso_user
WHERE josso_user.login = ? AND josso_user.login = josso_user_role.login AND
josso_role.name = josso_user_role.name
- </rolesQueryString>
- <connectionName>josso</connectionName>
- <connectionPassword>josso</connectionPassword>
-
<connectionURL>jdbc:oracle:thin:@localhost:1521:josso_db</connectionURL>
- <driverName>oracle.jdbc.driver.OracleDriver</driverName>
- </sso-identity-store-->
-
- <!-- =============================================================== -->
- <!-- LDAP Identity Store -->
- <!-- -->
- <!-- Chcek javadoc for configuration details : -->
- <!-- org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore -->
- <!-- ================================================= -->
- <!--
- <sso-identity-store>
-
<class>org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore</class>
-
<initialContextFactory>com.sun.jndi.ldap.LdapCtxFactory</initialContextFactory>
- <providerUrl>ldap://ldaphost</providerUrl>
-
<securityPrincipal>cn=Manager,dc=my-domain,dc=com</securityPrincipal>
- <securityCredential>secret</securityCredential>
- <securityAuthentication>simple</securityAuthentication>
- <ldapSearchScope>SUBTREE</ldapSearchScope>
- <usersCtxDN>ou=People,dc=my-domain,dc=com</usersCtxDN>
- <principalUidAttributeID>uid</principalUidAttributeID>
- <rolesCtxDN>ou=Roles,dc=my-domain,dc=com</rolesCtxDN>
- <uidAttributeID>uniquemember</uidAttributeID>
- <roleAttributeID>cn</roleAttributeID>
-
<credentialQueryString>uid=username,userPassword=password</credentialQueryString>
-
<userPropertiesQueryString>mail=mail,cn=description</userPropertiesQueryString>
- </sso-identity-store>
- -->
-
- <!-- ================================================= -->
- <!-- Memory Identity Store -->
- <!-- ================================================= -->
- <!--
- <sso-identity-store>
-
<class>org.josso.gateway.identity.service.store.MemoryIdentityStore</class>
- <usersFileName>josso-users.xml</usersFileName>
- </sso-identity-store>
- -->
-
- <!-- ================================================= -->
- <!-- JBoss Portal Credential Store -->
- <!-- ================================================= -->
- <sso-identity-store>
- <class>org.jboss.portal.identity.auth.JOSSOIdentityStore</class>
- </sso-identity-store>
-
- <!-- ================================================= -->
- <!-- Identity Store Key adapter -->
- <!-- ================================================= -->
- <sso-identity-store-key-adapter>
-
<class>org.josso.gateway.identity.service.store.SimpleIdentityStoreKeyAdapter</class>
- </sso-identity-store-key-adapter>
-
- </sso-identity-manager>
-
- <sso-session-manager>
-
-
<class>org.josso.gateway.session.service.SSOSessionManagerImpl</class>
-
- <!--
- Set the maximum time interval, in minutes, between client requests before the SSO
Service will invalidate
- the session. A negative time indicates that the session should never time out.
- -->
- <maxInactiveInterval>30</maxInactiveInterval>
-
- <!-- Max number of sessions per user, default 1
- A negative value indicates that an unlimited number of sessions per user is
allowed.
- -->
- <maxSessionsPerUser>-1</maxSessionsPerUser>
- <!--
- If true, when the max number of sessions per user is exceeded,
- an already existing session will be invalidated to create a new one.
- If false, when the max number of sessions per user is exceeded,
- an exception is thrown and the new session is not created.
- -->
- <invalidateExceedingSessions>false</invalidateExceedingSessions>
-
-
- <!--
- Time interval, in milliseconds, between exired sessions cleanup.
- -->
- <sessionMonitorInterval>10000</sessionMonitorInterval>
-
- <!-- ===================================================================
-->
- <!-- Serialized Session Store
-->
- <!--
-->
- <!-- Session Store implementation which uses Java Serialization to
-->
- <!-- persist Single Sign-On user sessions.
-->
- <!-- It allows to reconstruct the session state after a system shutdown.
-->
- <!-- ===================================================================
-->
- <!--
- <sso-session-store>
-
<class>org.josso.gateway.session.service.store.SerializedSessionStore</class>
- file where serialized sessions will be stored (optional)
- <serializedFile>/tmp/josso_sessions.ser</serializedFile>
- </sso-session-store>
- -->
-
-
- <!-- =============================================================== -->
- <!-- DataSource Session Store -->
- <!-- -->
- <!-- This store persists SSO sessions in a RDBMS, it's usefull for
-->
- <!-- example when multiple SSO servers must share session information-->
- <!-- like in a cluster. -->
- <!-- -->
- <!-- NOTE :Remember to escape spetial chars like < with < , etc
-->
- <!-- -->
- <!-- -->
- <!-- Chcek javadoc for configuration details : -->
- <!-- org.josso.gateway.session.service.store.db.DataSourceSessionStore -->
- <!-- =============================================================== -->
- <!--
- <sso-session-store>
-
-
<class>org.josso.gateway.session.service.store.db.DataSourceSessionStore</class>
-
- <dsJndiName>java:jdbc/JossoSamplesDB</dsJndiName>
-
- <sizeQuery>SELECT COUNT(*) FROM JOSSO_SESSION</sizeQuery>
- <keysQuery>SELECT session_id FROM JOSSO_SESSION</keysQuery>
- <loadAllQuery>SELECT session_id, userName, creation_time,
last_access_time, access_count, max_inactive_interval, valid FROM
JOSSO_SESSION</loadAllQuery>
- <loadQuery>SELECT session_id, userName, creation_time,
last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE
session_id = ?</loadQuery>
- <loadByUserNameQuery>SELECT session_id, userName, creation_time,
last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE
username = ?</loadByUserNameQuery>
-
- <loadByLastAccessTimeQuery>SELECT session_id, userName, creation_time,
last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE
last_access_time < ?</loadByLastAccessTimeQuery>
- <loadByValidQuery>SELECT session_id, userName, creation_time,
last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE
valid = ?</loadByValidQuery>
- <deleteDml>DELETE FROM JOSSO_SESSION WHERE session_id =
?</deleteDml>
- <deleteAllDml>DELETE FROM JOSSO_SESSION</deleteAllDml>
- <insertDml>INSERT INTO JOSSO_SESSION (session_id, userName,
creation_time, last_access_time, access_count, max_inactive_interval, valid) VALUES (?, ?,
?, ?, ?, ?, ?) </insertDml>
-
- <dsJndiName>java:jdbc/JossoSamplesDB</dsJndiName>
-
- </sso-session-store>
- -->
-
- <!-- =============================================================== -->
- <!-- Jdbc Session Store -->
- <!-- -->
- <!-- This store persists SSO sessions in a RDBMS, it's usefull for
-->
- <!-- example when multiple SSO servers must share session information-->
- <!-- like in a cluster. -->
- <!-- -->
- <!-- NOTE :Remember to escape spetial chars like < with < , etc
-->
- <!-- -->
- <!-- Chcek javadoc for configuration details : -->
- <!-- org.josso.gateway.session.service.store.db.JdbcSessionStore -->
- <!-- =============================================================== -->
- <!--
- <sso-session-store>
-
-
<class>org.josso.gateway.session.service.store.db.JdbcSessionStore</class>
-
- <connectionName>josso</connectionName>
- <connectionPassword>josso</connectionPassword>
-
<connectionURL>jdbc:oracle:thin:@localhost:1521:josso_db</connectionURL>
- <driverName>oracle.jdbc.driver.OracleDriver</driverName>
-
- <sizeQuery>SELECT COUNT(*) FROM JOSSO_SESSION</sizeQuery>
- <keysQuery>SELECT session_id FROM JOSSO_SESSION</keysQuery>
- <loadAllQuery>SELECT session_id, userName, creation_time,
last_access_time, access_count, max_inactive_interval, valid FROM
JOSSO_SESSION</loadAllQuery>
- <loadQuery>SELECT session_id, userName, creation_time,
last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE
session_id = ?</loadQuery>
- <loadByUserNameQuery>SELECT session_id, userName, creation_time,
last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE
username = ?</loadByUserNameQuery>
-
- <loadByLastAccessTimeQuery>SELECT session_id, userName, creation_time,
last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE
last_access_time < ?</loadByLastAccessTimeQuery>
- <loadByValidQuery>SELECT session_id, userName, creation_time,
last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE
valid = ?</loadByValidQuery>
- <deleteDml>DELETE FROM JOSSO_SESSION WHERE session_id =
?</deleteDml>
- <deleteAllDml>DELETE FROM JOSSO_SESSION</deleteAllDml>
- <insertDml>INSERT INTO JOSSO_SESSION (session_id, userName,
creation_time, last_access_time, access_count, max_inactive_interval, valid) VALUES (?, ?,
?, ?, ?, ?, ?) </insertDml>
-
- </sso-session-store>
- -->
-
-
- <!-- =============================================================== -->
- <!-- Memory Session Store -->
- <!-- =============================================================== -->
- <sso-session-store>
-
<class>org.josso.gateway.session.service.store.MemorySessionStore</class>
- </sso-session-store>
-
- <sso-session-id-generator>
-
-
<class>org.josso.gateway.session.service.SessionIdGeneratorImpl</class>
- <!--
- The message digest algorithm to be used when generating session
- identifiers. This must be an algorithm supported by the
- java.security.MessageDigest class on your platform.
-
- In J2SE 1.4.2 you can check :
- Java Cryptography Architecture API Specification & Reference - Apendix
A : Standard Names
- Values are : MD2, MD5, SHA-1, SHA-256, SHA-384, SHA-512
- -->
- <algorithm>MD5</algorithm>
-
- </sso-session-id-generator>
-
- </sso-session-manager>
-
- <!-- SSO Audit Manager compoment -->
- <sso-audit-manager>
- <class>org.josso.gateway.audit.service.SSOAuditManagerImpl</class>
-
- <!--
- List of handlers that will process this request
- Every handler must have its own unique name.
- -->
- <handlers>
-
- <!-- This handler logs all audit trails using Log4J, under the given
category -->
- <handler>
-
<class>org.josso.gateway.audit.service.handler.LoggerAuditTrailHandler</class>
- <name>LoggerAuditTrailHandler</name>
- <category>org.josso.gateway.audit.SSO_AUDIT</category>
- </handler>
-
- <!--
- <handler>
- <class>MyOtherHandler</class>
- <name>MyOhterHandlerName</name>
- <myProperty>value</myProperty>
- </handler>
- -->
-
- </handlers>
- </sso-audit-manager>
-
- <!-- SSO Event Manager component -->
- <sso-event-manager>
-
<class>org.josso.gateway.event.security.JMXSSOEventManagerImpl</class>
- <!--
- JMX Name of the EventManager MBean that will send SSO Events as JMX
Notifications
- The MBean will be registered by the MBeanComponentKeeper.
- -->
- <oname>josso:type=SSOEventManager</oname>
- <!-- You can add your own listeners here : -->
- <!-- Every listener should have a unique name -->
-
- <!--
- <listeners>
- <listener>
- <class>com.myCompany.MyEventListener</class>
- <name>MyEventListener</name>
- <property1>MyListenerProperty1Value</property1>
- </listener>
- <listener>
- <class>com.myCompany.MyOtherEventListener</class>
- <name>MyOtherEventListener</name>
- <propertyA>MyOtherListenerPropertyAValue</propertyA>
- </listener>
- </listeners>
- -->
-
- </sso-event-manager>
-
-</domain>
Deleted: modules/identity/trunk/sso/src/etc/josso/josso_login-config.xml
===================================================================
--- modules/identity/trunk/sso/src/etc/josso/josso_login-config.xml 2007-09-04 17:21:09
UTC (rev 8150)
+++ modules/identity/trunk/sso/src/etc/josso/josso_login-config.xml 2007-09-04 17:27:52
UTC (rev 8151)
@@ -1,165 +0,0 @@
-<?xml version='1.0'?>
-<!DOCTYPE policy PUBLIC
- "-//JBoss//DTD JBOSS Security Config 3.0//EN"
- "http://www.jboss.org/j2ee/dtd/security_config.dtd">
-
-<!-- The XML based JAAS login configuration read by the
-org.jboss.security.auth.login.XMLLoginConfig mbean. Add
-an application-policy element for each security domain.
-
-The outline of the application-policy is:
-<application-policy name="security-domain-name">
- <authentication>
- <login-module code="login.module1.class.name"
flag="control_flag">
- <module-option name =
"option1-name">option1-value</module-option>
- <module-option name =
"option2-name">option2-value</module-option>
- ...
- </login-module>
-
- <login-module code="login.module2.class.name"
flag="control_flag">
- ...
- </login-module>
- ...
- </authentication>
-</application-policy>
-
--->
-
-<policy>
- <!-- Used by clients within the application server VM such as
- mbeans and servlets that access EJBs.
- -->
- <application-policy name = "client-login">
- <authentication>
- <login-module code = "org.jboss.security.ClientLoginModule"
- flag = "required">
- <!-- Any existing security context will be restored on logout -->
- <module-option
name="restore-login-identity">true</module-option>
- </login-module>
- </authentication>
- </application-policy>
-
- <!-- Security domain for JBossMQ -->
- <application-policy name = "jbossmq">
- <authentication>
- <login-module code =
"org.jboss.security.auth.spi.DatabaseServerLoginModule"
- flag = "required">
- <module-option name =
"unauthenticatedIdentity">guest</module-option>
- <module-option name =
"dsJndiName">java:/DefaultDS</module-option>
- <module-option name = "principalsQuery">SELECT PASSWD FROM
JMS_USERS WHERE USERID=?</module-option>
- <module-option name = "rolesQuery">SELECT ROLEID,
'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
- </login-module>
- </authentication>
- </application-policy>
-
- <!-- Security domain for JBossMQ when using file-state-service.xml
- <application-policy name = "jbossmq">
- <authentication>
- <login-module code = "org.jboss.mq.sm.file.DynamicLoginModule"
- flag = "required">
- <module-option name =
"unauthenticatedIdentity">guest</module-option>
- <module-option name =
"sm.objectname">jboss.mq:service=StateManager</module-option>
- </login-module>
- </authentication>
- </application-policy>
- -->
-
- <!-- Security domains for testing new jca framework -->
- <application-policy name = "HsqlDbRealm">
- <authentication>
- <login-module code =
"org.jboss.resource.security.ConfiguredIdentityLoginModule"
- flag = "required">
- <module-option name = "principal">sa</module-option>
- <module-option name = "userName">sa</module-option>
- <module-option name = "password"></module-option>
- <module-option name =
"managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
- </login-module>
- </authentication>
- </application-policy>
-
- <application-policy name = "JmsXARealm">
- <authentication>
- <login-module code =
"org.jboss.resource.security.ConfiguredIdentityLoginModule"
- flag = "required">
- <module-option name =
"principal">guest</module-option>
- <module-option name =
"userName">guest</module-option>
- <module-option name =
"password">guest</module-option>
- <module-option name =
"managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option>
- </login-module>
- </authentication>
- </application-policy>
-
- <!-- A template configuration for the jmx-console web application. This
- defaults to the UsersRolesLoginModule the same as other and should be
- changed to a stronger authentication mechanism as required.
- -->
- <application-policy name = "jmx-console">
- <authentication>
- <login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
- flag = "required">
- <module-option
name="usersProperties">props/jmx-console-users.properties</module-option>
- <module-option
name="rolesProperties">props/jmx-console-roles.properties</module-option>
- </login-module>
- </authentication>
- </application-policy>
-
- <!-- A template configuration for the web-console web application. This
- defaults to the UsersRolesLoginModule the same as other and should be
- changed to a stronger authentication mechanism as required.
- -->
- <application-policy name = "$webConsoleDomain">
- <authentication>
- <login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
- flag = "required">
- <module-option
name="usersProperties">web-console-users.properties</module-option>
- <module-option
name="rolesProperties">web-console-roles.properties</module-option>
- </login-module>
- </authentication>
- </application-policy>
-
- <!-- A template configuration for the JBossWS web application (and transport
layer!).
- This defaults to the UsersRolesLoginModule the same as other and should be
- changed to a stronger authentication mechanism as required.
- -->
- <application-policy name="JBossWS">
- <authentication>
- <login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
- flag="required">
- <module-option
name="usersProperties">props/jbossws-users.properties</module-option>
- <module-option
name="rolesProperties">props/jbossws-roles.properties</module-option>
- <module-option
name="unauthenticatedIdentity">anonymous</module-option>
- </login-module>
- </authentication>
- </application-policy>
-
- <!-- The default login configuration used by any security domain that
- does not have a application-policy entry with a matching name
- -->
- <application-policy name = "other">
- <!-- A simple server login module, which can be used when the number
- of users is relatively small. It uses two properties files:
- users.properties, which holds users (key) and their password (value).
- roles.properties, which holds users (key) and a comma-separated list of
- their roles (value).
- The unauthenticatedIdentity property defines the name of the principal
- that will be used when a null username and password are presented as is
- the case for an unuathenticated web client or MDB. If you want to
- allow such users to be authenticated add the property, e.g.,
- unauthenticatedIdentity="nobody"
- -->
- <authentication>
- <login-module code =
"org.jboss.security.auth.spi.UsersRolesLoginModule"
- flag = "required" />
- </authentication>
- </application-policy>
-
- <!-- JOSSO JAAS Module configuration -->
- <application-policy name = "josso">
- <authentication>
- <login-module code =
"org.jboss.portal.identity.auth.JOSSOLoginModule"
- flag = "required">
- <module-option name="debug">true</module-option>
- </login-module>
- </authentication>
- </application-policy>
-</policy>
Deleted: modules/identity/trunk/sso/src/etc/josso/josso_server.xml
===================================================================
--- modules/identity/trunk/sso/src/etc/josso/josso_server.xml 2007-09-04 17:21:09 UTC (rev
8150)
+++ modules/identity/trunk/sso/src/etc/josso/josso_server.xml 2007-09-04 17:27:52 UTC (rev
8151)
@@ -1,178 +0,0 @@
-<Server>
-
- <!-- Use a custom version of StandardService that allows the
- connectors to be started independent of the normal lifecycle
- start to allow web apps to be deployed before starting the
- connectors.
- -->
- <Service name="jboss.web"
- className="org.jboss.web.tomcat.tc5.StandardService">
-
- <!-- A HTTP/1.1 Connector on port 8080 -->
- <Connector port="8080" address="${jboss.bind.address}"
- maxThreads="250" strategy="ms"
maxHttpHeaderSize="8192"
- emptySessionPath="true"
- enableLookups="false" redirectPort="8443"
acceptCount="100"
- connectionTimeout="20000" disableUploadTimeout="true"/>
-
- <!-- Add this option to the connector to avoid problems with
- .NET clients that don't implement HTTP/1.1 correctly
- restrictedUserAgents="^.*MS Web Services Client Protocol 1.1.4322.*$"
- -->
-
- <!-- A AJP 1.3 Connector on port 8009 -->
- <Connector port="8009" address="${jboss.bind.address}"
- emptySessionPath="true" enableLookups="false"
redirectPort="8443"
- protocol="AJP/1.3"/>
-
- <!-- SSL/TLS Connector configuration using the admin devl guide keystore
- <Connector port="8443" address="${jboss.bind.address}"
- maxThreads="100" strategy="ms"
maxHttpHeaderSize="8192"
- emptySessionPath="true"
- scheme="https" secure="true" clientAuth="false"
- keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore"
- keystorePass="rmi+ssl" sslProtocol = "TLS" />
- -->
-
- <Engine name="jboss.web" defaultHost="localhost">
-
- <!-- The JAAS based authentication and authorization realm implementation
- that is compatible with the jboss 3.2.x realm implementation.
- - certificatePrincipal : the class name of the
- org.jboss.security.auth.certs.CertificatePrincipal impl
- used for mapping X509[] cert chains to a Princpal.
- - allRolesMode : how to handle an auth-constraint with a role-name=*,
- one of strict, authOnly, strictAuthOnly
- + strict = Use the strict servlet spec interpretation which requires
- that the user have one of the web-app/security-role/role-name
- + authOnly = Allow any authenticated user
- + strictAuthOnly = Allow any authenticated user only if there are no
- web-app/security-roles
- -->
- <!--
- <Realm
className="org.jboss.web.tomcat.security.JBossSecurityMgrRealm"
-
certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
- allRolesMode="authOnly"
- />
- -->
-
- <!-- A subclass of JBossSecurityMgrRealm that uses the authentication
- behavior of JBossSecurityMgrRealm, but overrides the authorization
- checks to use JACC permissions with the current java.security.Policy
- to determine authorized access.
- - allRolesMode : how to handle an auth-constraint with a role-name=*,
- one of strict, authOnly, strictAuthOnly
- + strict = Use the strict servlet spec interpretation which requires
- that the user have one of the web-app/security-role/role-name
- + authOnly = Allow any authenticated user
- + strictAuthOnly = Allow any authenticated user only if there are no
- web-app/security-roles
- <Realm
className="org.jboss.web.tomcat.security.JaccAuthorizationRealm"
-
certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
- allRolesMode="authOnly"
- />
- -->
-
- <!-- Integrating the JOSSO realm -->
- <Realm className="org.josso.jb4.agent.JBossCatalinaRealm"
- appName="josso"
- userClassNames="org.josso.gateway.identity.service.BaseUserImpl"
- roleClassNames="org.josso.gateway.identity.service.BaseRoleImpl"
- debug="1" />
-
- <Host name="localhost"
- autoDeploy="false" deployOnStartup="false"
deployXML="false">
-
- <!-- UNCOMMENT TO ENABLE CUSTOMIZATION OF TOMCAT AUTHENTICATORS
- <Host name="localhost"
- autoDeploy="false" deployOnStartup="false"
deployXML="false"
- configClass="org.jboss.web.tomcat.security.config.JBossContextConfig">
- -->
-
-
- <!-- Uncomment to enable request dumper. This Valve "logs interesting
- contents from the specified Request (before processing) and the
- corresponding Response (after processing). It is especially useful
- in debugging problems related to headers and cookies."
- -->
- <!--
- <Valve className="org.apache.catalina.valves.RequestDumperValve"
/>
- -->
-
- <!-- Access logger -->
- <!--
- <Valve
className="org.apache.catalina.valves.FastCommonAccessLogValve"
- prefix="localhost_access_log." suffix=".log"
- pattern="common"
directory="${jboss.server.home.dir}/log"
- resolveHosts="false" />
- -->
-
- <!-- Uncomment to enable single sign-on across web apps
- deployed to this host. Does not provide SSO across a cluster.
-
- If this valve is used, do not use the JBoss ClusteredSingleSignOn
- valve shown below.
-
- A new configuration attribute is available beginning with
- release 4.0.4:
-
- cookieDomain configures the domain to which the SSO cookie
- will be scoped (i.e. the set of hosts to
- which the cookie will be presented). By default
- the cookie is scoped to "/", meaning the host
- that presented it. Set cookieDomain to a
- wider domain (e.g. "xyz.com") to allow an SSO
- to span more than one hostname.
- -->
- <!--
- <Valve
className="org.apache.catalina.authenticator.SingleSignOn" />
- -->
-
- <!-- Uncomment to enable single sign-on across web apps
- deployed to this host AND to all other hosts in the cluster.
-
- If this valve is used, do not use the standard Tomcat SingleSignOn
- valve shown above.
-
- Valve uses a JBossCache instance to support SSO credential
- caching and replication across the cluster. The JBossCache
- instance must be configured separately. By default, the valve
- shares a JBossCache with the service that supports HttpSession
- replication. See the "tc5-cluster-service.xml" file in the
- server/all/deploy directory for cache configuration details.
-
- Besides the attributes supported by the standard Tomcat
- SingleSignOn valve (see the Tomcat docs), this version also
- supports the following attributes:
-
- cookieDomain see above
-
- treeCacheName JMX ObjectName of the JBossCache MBean used to
- support credential caching and replication across
- the cluster. If not set, the default value is
- "jboss.cache:service=TomcatClusteringCache", the
- standard ObjectName of the JBossCache MBean used
- to support session replication.
- -->
- <!--
- <Valve
className="org.jboss.web.tomcat.tc5.sso.ClusteredSingleSignOn" />
- -->
-
-
- <!-- Uncomment to check for unclosed connections and transaction
terminated checks
- in servlets/jsps.
- Important: You need to uncomment the dependency on the
CachedConnectionManager
- in META-INF/jboss-service.xml
- <Valve
className="org.jboss.web.tomcat.tc5.jca.CachedConnectionValve"
-
cachedConnectionManagerObjectName="jboss.jca:service=CachedConnectionManager"
- transactionManagerObjectName="jboss:service=TransactionManager"
/>
- -->
-
- <!-- JOSSO Agent Valve -->
- <Valve className="org.josso.tc55.agent.SSOAgentValve"
debug="1"/>
- </Host>
- </Engine>
-
- </Service>
-
-</Server>
Copied: modules/identity/trunk/sso/src/etc/josso/login-config.xml (from rev 8140,
modules/identity/trunk/sso/src/etc/josso/josso_login-config.xml)
===================================================================
--- modules/identity/trunk/sso/src/etc/josso/login-config.xml (rev
0)
+++ modules/identity/trunk/sso/src/etc/josso/login-config.xml 2007-09-04 17:27:52 UTC (rev
8151)
@@ -0,0 +1,165 @@
+<?xml version='1.0'?>
+<!DOCTYPE policy PUBLIC
+ "-//JBoss//DTD JBOSS Security Config 3.0//EN"
+ "http://www.jboss.org/j2ee/dtd/security_config.dtd">
+
+<!-- The XML based JAAS login configuration read by the
+org.jboss.security.auth.login.XMLLoginConfig mbean. Add
+an application-policy element for each security domain.
+
+The outline of the application-policy is:
+<application-policy name="security-domain-name">
+ <authentication>
+ <login-module code="login.module1.class.name"
flag="control_flag">
+ <module-option name =
"option1-name">option1-value</module-option>
+ <module-option name =
"option2-name">option2-value</module-option>
+ ...
+ </login-module>
+
+ <login-module code="login.module2.class.name"
flag="control_flag">
+ ...
+ </login-module>
+ ...
+ </authentication>
+</application-policy>
+
+-->
+
+<policy>
+ <!-- Used by clients within the application server VM such as
+ mbeans and servlets that access EJBs.
+ -->
+ <application-policy name = "client-login">
+ <authentication>
+ <login-module code = "org.jboss.security.ClientLoginModule"
+ flag = "required">
+ <!-- Any existing security context will be restored on logout -->
+ <module-option
name="restore-login-identity">true</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- Security domain for JBossMQ -->
+ <application-policy name = "jbossmq">
+ <authentication>
+ <login-module code =
"org.jboss.security.auth.spi.DatabaseServerLoginModule"
+ flag = "required">
+ <module-option name =
"unauthenticatedIdentity">guest</module-option>
+ <module-option name =
"dsJndiName">java:/DefaultDS</module-option>
+ <module-option name = "principalsQuery">SELECT PASSWD FROM
JMS_USERS WHERE USERID=?</module-option>
+ <module-option name = "rolesQuery">SELECT ROLEID,
'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- Security domain for JBossMQ when using file-state-service.xml
+ <application-policy name = "jbossmq">
+ <authentication>
+ <login-module code = "org.jboss.mq.sm.file.DynamicLoginModule"
+ flag = "required">
+ <module-option name =
"unauthenticatedIdentity">guest</module-option>
+ <module-option name =
"sm.objectname">jboss.mq:service=StateManager</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+ -->
+
+ <!-- Security domains for testing new jca framework -->
+ <application-policy name = "HsqlDbRealm">
+ <authentication>
+ <login-module code =
"org.jboss.resource.security.ConfiguredIdentityLoginModule"
+ flag = "required">
+ <module-option name = "principal">sa</module-option>
+ <module-option name = "userName">sa</module-option>
+ <module-option name = "password"></module-option>
+ <module-option name =
"managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <application-policy name = "JmsXARealm">
+ <authentication>
+ <login-module code =
"org.jboss.resource.security.ConfiguredIdentityLoginModule"
+ flag = "required">
+ <module-option name =
"principal">guest</module-option>
+ <module-option name =
"userName">guest</module-option>
+ <module-option name =
"password">guest</module-option>
+ <module-option name =
"managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- A template configuration for the jmx-console web application. This
+ defaults to the UsersRolesLoginModule the same as other and should be
+ changed to a stronger authentication mechanism as required.
+ -->
+ <application-policy name = "jmx-console">
+ <authentication>
+ <login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
+ flag = "required">
+ <module-option
name="usersProperties">props/jmx-console-users.properties</module-option>
+ <module-option
name="rolesProperties">props/jmx-console-roles.properties</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- A template configuration for the web-console web application. This
+ defaults to the UsersRolesLoginModule the same as other and should be
+ changed to a stronger authentication mechanism as required.
+ -->
+ <application-policy name = "$webConsoleDomain">
+ <authentication>
+ <login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
+ flag = "required">
+ <module-option
name="usersProperties">web-console-users.properties</module-option>
+ <module-option
name="rolesProperties">web-console-roles.properties</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- A template configuration for the JBossWS web application (and transport
layer!).
+ This defaults to the UsersRolesLoginModule the same as other and should be
+ changed to a stronger authentication mechanism as required.
+ -->
+ <application-policy name="JBossWS">
+ <authentication>
+ <login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
+ flag="required">
+ <module-option
name="usersProperties">props/jbossws-users.properties</module-option>
+ <module-option
name="rolesProperties">props/jbossws-roles.properties</module-option>
+ <module-option
name="unauthenticatedIdentity">anonymous</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- The default login configuration used by any security domain that
+ does not have a application-policy entry with a matching name
+ -->
+ <application-policy name = "other">
+ <!-- A simple server login module, which can be used when the number
+ of users is relatively small. It uses two properties files:
+ users.properties, which holds users (key) and their password (value).
+ roles.properties, which holds users (key) and a comma-separated list of
+ their roles (value).
+ The unauthenticatedIdentity property defines the name of the principal
+ that will be used when a null username and password are presented as is
+ the case for an unuathenticated web client or MDB. If you want to
+ allow such users to be authenticated add the property, e.g.,
+ unauthenticatedIdentity="nobody"
+ -->
+ <authentication>
+ <login-module code =
"org.jboss.security.auth.spi.UsersRolesLoginModule"
+ flag = "required" />
+ </authentication>
+ </application-policy>
+
+ <!-- JOSSO JAAS Module configuration -->
+ <application-policy name = "josso">
+ <authentication>
+ <login-module code =
"org.jboss.portal.identity.auth.JOSSOLoginModule"
+ flag = "required">
+ <module-option name="debug">true</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+</policy>
Copied: modules/identity/trunk/sso/src/etc/josso/server.xml (from rev 8140,
modules/identity/trunk/sso/src/etc/josso/josso_server.xml)
===================================================================
--- modules/identity/trunk/sso/src/etc/josso/server.xml (rev 0)
+++ modules/identity/trunk/sso/src/etc/josso/server.xml 2007-09-04 17:27:52 UTC (rev
8151)
@@ -0,0 +1,178 @@
+<Server>
+
+ <!-- Use a custom version of StandardService that allows the
+ connectors to be started independent of the normal lifecycle
+ start to allow web apps to be deployed before starting the
+ connectors.
+ -->
+ <Service name="jboss.web"
+ className="org.jboss.web.tomcat.tc5.StandardService">
+
+ <!-- A HTTP/1.1 Connector on port 8080 -->
+ <Connector port="8080" address="${jboss.bind.address}"
+ maxThreads="250" strategy="ms"
maxHttpHeaderSize="8192"
+ emptySessionPath="true"
+ enableLookups="false" redirectPort="8443"
acceptCount="100"
+ connectionTimeout="20000" disableUploadTimeout="true"/>
+
+ <!-- Add this option to the connector to avoid problems with
+ .NET clients that don't implement HTTP/1.1 correctly
+ restrictedUserAgents="^.*MS Web Services Client Protocol 1.1.4322.*$"
+ -->
+
+ <!-- A AJP 1.3 Connector on port 8009 -->
+ <Connector port="8009" address="${jboss.bind.address}"
+ emptySessionPath="true" enableLookups="false"
redirectPort="8443"
+ protocol="AJP/1.3"/>
+
+ <!-- SSL/TLS Connector configuration using the admin devl guide keystore
+ <Connector port="8443" address="${jboss.bind.address}"
+ maxThreads="100" strategy="ms"
maxHttpHeaderSize="8192"
+ emptySessionPath="true"
+ scheme="https" secure="true" clientAuth="false"
+ keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore"
+ keystorePass="rmi+ssl" sslProtocol = "TLS" />
+ -->
+
+ <Engine name="jboss.web" defaultHost="localhost">
+
+ <!-- The JAAS based authentication and authorization realm implementation
+ that is compatible with the jboss 3.2.x realm implementation.
+ - certificatePrincipal : the class name of the
+ org.jboss.security.auth.certs.CertificatePrincipal impl
+ used for mapping X509[] cert chains to a Princpal.
+ - allRolesMode : how to handle an auth-constraint with a role-name=*,
+ one of strict, authOnly, strictAuthOnly
+ + strict = Use the strict servlet spec interpretation which requires
+ that the user have one of the web-app/security-role/role-name
+ + authOnly = Allow any authenticated user
+ + strictAuthOnly = Allow any authenticated user only if there are no
+ web-app/security-roles
+ -->
+ <!--
+ <Realm
className="org.jboss.web.tomcat.security.JBossSecurityMgrRealm"
+
certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
+ allRolesMode="authOnly"
+ />
+ -->
+
+ <!-- A subclass of JBossSecurityMgrRealm that uses the authentication
+ behavior of JBossSecurityMgrRealm, but overrides the authorization
+ checks to use JACC permissions with the current java.security.Policy
+ to determine authorized access.
+ - allRolesMode : how to handle an auth-constraint with a role-name=*,
+ one of strict, authOnly, strictAuthOnly
+ + strict = Use the strict servlet spec interpretation which requires
+ that the user have one of the web-app/security-role/role-name
+ + authOnly = Allow any authenticated user
+ + strictAuthOnly = Allow any authenticated user only if there are no
+ web-app/security-roles
+ <Realm
className="org.jboss.web.tomcat.security.JaccAuthorizationRealm"
+
certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
+ allRolesMode="authOnly"
+ />
+ -->
+
+ <!-- Integrating the JOSSO realm -->
+ <Realm className="org.josso.jb4.agent.JBossCatalinaRealm"
+ appName="josso"
+ userClassNames="org.josso.gateway.identity.service.BaseUserImpl"
+ roleClassNames="org.josso.gateway.identity.service.BaseRoleImpl"
+ debug="1" />
+
+ <Host name="localhost"
+ autoDeploy="false" deployOnStartup="false"
deployXML="false">
+
+ <!-- UNCOMMENT TO ENABLE CUSTOMIZATION OF TOMCAT AUTHENTICATORS
+ <Host name="localhost"
+ autoDeploy="false" deployOnStartup="false"
deployXML="false"
+ configClass="org.jboss.web.tomcat.security.config.JBossContextConfig">
+ -->
+
+
+ <!-- Uncomment to enable request dumper. This Valve "logs interesting
+ contents from the specified Request (before processing) and the
+ corresponding Response (after processing). It is especially useful
+ in debugging problems related to headers and cookies."
+ -->
+ <!--
+ <Valve className="org.apache.catalina.valves.RequestDumperValve"
/>
+ -->
+
+ <!-- Access logger -->
+ <!--
+ <Valve
className="org.apache.catalina.valves.FastCommonAccessLogValve"
+ prefix="localhost_access_log." suffix=".log"
+ pattern="common"
directory="${jboss.server.home.dir}/log"
+ resolveHosts="false" />
+ -->
+
+ <!-- Uncomment to enable single sign-on across web apps
+ deployed to this host. Does not provide SSO across a cluster.
+
+ If this valve is used, do not use the JBoss ClusteredSingleSignOn
+ valve shown below.
+
+ A new configuration attribute is available beginning with
+ release 4.0.4:
+
+ cookieDomain configures the domain to which the SSO cookie
+ will be scoped (i.e. the set of hosts to
+ which the cookie will be presented). By default
+ the cookie is scoped to "/", meaning the host
+ that presented it. Set cookieDomain to a
+ wider domain (e.g. "xyz.com") to allow an SSO
+ to span more than one hostname.
+ -->
+ <!--
+ <Valve
className="org.apache.catalina.authenticator.SingleSignOn" />
+ -->
+
+ <!-- Uncomment to enable single sign-on across web apps
+ deployed to this host AND to all other hosts in the cluster.
+
+ If this valve is used, do not use the standard Tomcat SingleSignOn
+ valve shown above.
+
+ Valve uses a JBossCache instance to support SSO credential
+ caching and replication across the cluster. The JBossCache
+ instance must be configured separately. By default, the valve
+ shares a JBossCache with the service that supports HttpSession
+ replication. See the "tc5-cluster-service.xml" file in the
+ server/all/deploy directory for cache configuration details.
+
+ Besides the attributes supported by the standard Tomcat
+ SingleSignOn valve (see the Tomcat docs), this version also
+ supports the following attributes:
+
+ cookieDomain see above
+
+ treeCacheName JMX ObjectName of the JBossCache MBean used to
+ support credential caching and replication across
+ the cluster. If not set, the default value is
+ "jboss.cache:service=TomcatClusteringCache", the
+ standard ObjectName of the JBossCache MBean used
+ to support session replication.
+ -->
+ <!--
+ <Valve
className="org.jboss.web.tomcat.tc5.sso.ClusteredSingleSignOn" />
+ -->
+
+
+ <!-- Uncomment to check for unclosed connections and transaction
terminated checks
+ in servlets/jsps.
+ Important: You need to uncomment the dependency on the
CachedConnectionManager
+ in META-INF/jboss-service.xml
+ <Valve
className="org.jboss.web.tomcat.tc5.jca.CachedConnectionValve"
+
cachedConnectionManagerObjectName="jboss.jca:service=CachedConnectionManager"
+ transactionManagerObjectName="jboss:service=TransactionManager"
/>
+ -->
+
+ <!-- JOSSO Agent Valve -->
+ <Valve className="org.josso.tc55.agent.SSOAgentValve"
debug="1"/>
+ </Host>
+ </Engine>
+
+ </Service>
+
+</Server>