I hereby claim:
- I am coheigea on github.
- I am coheigea (https://keybase.io/coheigea) on keybase.
- I have a public key whose fingerprint is DB45 ECD1 9B97 514F 7271 05AE 67BF 80B1 0AD5 3983
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
@Override | |
public boolean authorize(Session arg0, Operation arg1, Resource arg2) { | |
if (arg0.principal() == null) { | |
return false; | |
} | |
String principal = arg0.principal().getName(); | |
if (principal.startsWith("CN=Client") | |
&& ("Read".equals(arg1.name()) || "Describe".equals(arg1.name())) | |
&& arg2.name().startsWith("test")) { | |
return true; |
<bean id="sigProps" class="org.apache.cxf.sts.SignatureProperties"> | |
<property name="signatureAlgorithm" | |
value="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" /> | |
<property name="digestAlgorithm" | |
value="http://www.w3.org/2001/04/xmlenc#sha512" /> | |
</bean> |
<bean id="policyLoader" class="org.apache.cxf.systest.ws.x509.SHA512PolicyLoader" > | |
<constructor-arg ref="cxf"/> | |
</bean> |
<beans | |
xmlns="http://www.springframework.org/schema/beans" | |
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
xsi:schemaLocation=" | |
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd"> | |
<bean id="activemq" | |
class="org.apache.activemq.camel.component.ActiveMQComponent"> | |
<property name="brokerURL" value="tcp://localhost:61616"/> | |
</bean> |
<?xml version="1.0"?> | |
<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> | |
<configuration> | |
<property> | |
<name>sentry.service.security.mode</name> | |
<value>none</value> | |
</property> | |
<property> | |
<name>sentry.kafka.provider</name> |
[groups] | |
admin = admin_role | |
producer = describe_role, read_role, write_role | |
consumer = describe_role, read_role, describe_consumer_group_role, read_consumer_group_role | |
[roles] | |
admin_role = Host=*->Cluster=kafka-cluster->action=ALL | |
describe_role = Host=*->Topic=test->action=describe | |
read_role = Host=*->Topic=test->action=read | |
write_role = Host=*->Topic=test->action=write |
<bean id="refreshTokenHandler" | |
class="org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrantHandler"> | |
<property name="dataProvider" ref="oauthProvider"/> | |
</bean> | |
<bean id="clientCredsHandler" | |
class="org.apache.cxf.rs.security.oauth2.grants.clientcred.ClientCredentialsGrantHandler"> | |
<property name="dataProvider" ref="oauthProvider"/> | |
</bean> | |
<bean id="oauthProvider" | |
class="org.apache.cxf.fediz.service.oidc.OAuthDataProviderImpl" | |
init-method="init" destroy-method="close"> | |
<!-- List of accepted scopes --> | |
<property name="supportedScopes" ref="supportedScopes"/> | |
<!-- | |
List of scopes that the consent/authorization form should make | |
selected by default. For example, asking a user to do an extra click | |
to approve an "oidc" scope is a redundant operation because this scope | |
is required anyway. |
sts { | |
org.apache.cxf.ws.security.trust.STSLoginModule required | |
require.roles="true" | |
disable.on.behalf.of="true" | |
wsdl.location="https://localhost:${idp.https.port}/fediz-idp-sts/REALMA/STSServiceTransportUT?wsdl" | |
service.name="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService" | |
endpoint.name="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}TransportUT_Port"; | |
}; |