Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-4344

Provide simplifications and shortcuts in CXF STS configuration

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 2.6
    • 2.6.2
    • None
    • None
    • Unknown

    Description

      Presently STS configuration in the cxf-servlet.xml file is a bit verbose[1], especially if one is planning on configuring multiple STS endpoints within the same file. I would like to see configuration simplified a bit for those wishing to remain with default/common settings. In particular:

      1.) In any SecurityTokenServiceProvider instantiation, default the values of issueOperation and validateOperation to org.apache.cxf.sts.operation.TokenIssueOperation and
      org.apache.cxf.sts.operation.TokenValidateOperation if not explicitly specified (same for the other operations). If concerned about hardwiring constant classes in such a manner, create a DefaultSecurityTokenServiceProvider with these defaults that people can use instead.

      2.) Provide properties "stsProperties" and "services" for the SecurityTokenServiceProvider (perhaps other properties defined
      in AbstractOperation) that will be the default for AbstractOperation subclasses like TokenIssueOperation and TokenValidateOperation unless explicitly defined as done presently.

      3.) For TokenIssueOperation and TokenValidateOperation, default the values of tokenProviders and tokenValidators to SAMLTokenProvider and SAMLTokenValidator unless explicitly defined as done presently.

      Such shortcuts will allow configuration to simplified from this:

      <bean id="x509STSProviderBean"
      class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider">
      <property name="issueOperation" ref="x509IssueDelegate" />
      <property name="validateOperation" ref="x509ValidateDelegate" />
      </bean>

      <bean id="x509IssueDelegate" class="org.apache.cxf.sts.operation.TokenIssueOperation">
      <property name="tokenProviders" ref="x509SamlTokenProvider" />
      <property name="services" ref="x509Service" />
      <property name="stsProperties" ref="x509STSProperties" />
      </bean>

      <bean id="x509ValidateDelegate" class="org.apache.cxf.sts.operation.TokenValidateOperation">
      <property name="tokenValidators" ref="x509SamlTokenValidator" />
      <property name="stsProperties" ref="x509STSProperties" />
      </bean>

      <bean id="x509SamlTokenProvider" class="org.apache.cxf.sts.token.provider.SAMLTokenProvider"/>

      <bean id="x509SamlTokenValidator"
      class="org.apache.cxf.sts.token.validator.SAMLTokenValidator"/>

      to this:

      <bean id="x509STSProviderBean"
      class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider">
      <property name="services" ref="x509Service" />
      <property name="stsProperties" ref="x509STSProperties" />
      </bean>

      These changes can probably all be done in a backwards-compatible manner so it wouldn't be necessary to wait for CXF 2.7 before implementing.

      [1] http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/sts/src/demo/wssec/sts/wssec-sts.xml?revision=1190520&view=markup

      Attachments

        Activity

          People

            coheigea Colm O hEigeartaigh
            gmazza Glen Mazza
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: