coheigea

Keybase proof

I hereby claim:

• I am coheigea on github.
• I am coheigea (https://keybase.io/coheigea) on keybase.
• I have a public key whose fingerprint is DB45 ECD1 9B97 514F 7271 05AE 67BF 80B1 0AD5 3983

To claim this, I am signing this object:

coheigea

@Override
public boolean authorize(Session arg0, Operation arg1, Resource arg2) {
    if (arg0.principal() == null) {
        return false;
    }
    String principal = arg0.principal().getName();
    if (principal.startsWith("CN=Client")
        && ("Read".equals(arg1.name()) || "Describe".equals(arg1.name()))
        && arg2.name().startsWith("test")) {
        return true;

coheigea

<bean id="sigProps" class="org.apache.cxf.sts.SignatureProperties">
  <property name="signatureAlgorithm" 
            value="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" />
  <property name="digestAlgorithm" 
            value="http://www.w3.org/2001/04/xmlenc#sha512" />
</bean>

coheigea

<bean id="policyLoader" class="org.apache.cxf.systest.ws.x509.SHA512PolicyLoader" >
  <constructor-arg ref="cxf"/>
</bean>

coheigea

<beans
  xmlns="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="
  http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">

  <bean id="activemq" 
    class="org.apache.activemq.camel.component.ActiveMQComponent">
    <property name="brokerURL" value="tcp://localhost:61616"/>
  </bean>

coheigea

<?xml version="1.0"?>
<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>

<configuration>
  <property>
    <name>sentry.service.security.mode</name>
    <value>none</value>
  </property>
  <property>
    <name>sentry.kafka.provider</name>

coheigea

[groups]
admin = admin_role
producer = describe_role, read_role, write_role
consumer = describe_role, read_role, describe_consumer_group_role, read_consumer_group_role

[roles]
admin_role = Host=*->Cluster=kafka-cluster->action=ALL 
describe_role = Host=*->Topic=test->action=describe
read_role = Host=*->Topic=test->action=read
write_role = Host=*->Topic=test->action=write

coheigea

<bean id="refreshTokenHandler" 
    class="org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrantHandler">
    <property name="dataProvider" ref="oauthProvider"/>
</bean>
    
<bean id="clientCredsHandler" 
    class="org.apache.cxf.rs.security.oauth2.grants.clientcred.ClientCredentialsGrantHandler">
    <property name="dataProvider" ref="oauthProvider"/>
</bean>
        

coheigea

<bean id="oauthProvider" 
    class="org.apache.cxf.fediz.service.oidc.OAuthDataProviderImpl"
    init-method="init" destroy-method="close">
    <!-- List of accepted scopes -->  
    <property name="supportedScopes" ref="supportedScopes"/>
    <!-- 
         List of scopes that the consent/authorization form should make 
         selected by default. For example, asking a user to do an extra click
         to approve an "oidc" scope is a redundant operation because this scope
         is required anyway.

coheigea

sts {
    org.apache.cxf.ws.security.trust.STSLoginModule required 
    require.roles="true"
    disable.on.behalf.of="true"
    wsdl.location="https://localhost:${idp.https.port}/fediz-idp-sts/REALMA/STSServiceTransportUT?wsdl"
    service.name="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"
    endpoint.name="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}TransportUT_Port";
};