First commit

pom.xml

@@ -0,0 +1,170 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
+        http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>com.redhat.jboss</groupId>
+    <artifactId>cxf-ws-rhsso</artifactId>
+    <version>1.0.0-SNAPSHOT</version>
+    <packaging>war</packaging>
+    <name>cxf-ws-rhsso</name>
+
+    <dependencies>
+        <dependency>
+            <groupId>javax</groupId>
+            <artifactId>javaee-web-api</artifactId>
+            <version>7.0</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-core</artifactId>
+            <version>2.5.5.Final</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.cxf</groupId>
+            <artifactId>cxf-core</artifactId>
+            <version>3.1.8</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.jboss.ws</groupId>
+            <artifactId>jbossws-spi</artifactId>
+            <version>3.1.0.Final</version>
+            <scope>provided</scope>
+        </dependency>
+       <dependency>
+           <groupId>org.apache.cxf</groupId>
+           <artifactId>cxf-rt-ws-security</artifactId>
+           <version>3.1.4</version>
+           <scope>provided</scope>
+       </dependency>
+        <dependency>
+            <groupId>org.jboss.ejb3</groupId>
+            <artifactId>jboss-ejb3-ext-api</artifactId>
+            <version>2.2.0.Final</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.jboss.resteasy</groupId>
+            <artifactId>resteasy-client</artifactId>
+            <version>3.0.16.Final</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+          <groupId>org.jboss.resteasy</groupId>
+          <artifactId>resteasy-jackson2-provider</artifactId>
+          <version>3.0.16.Final</version>
+          <scope>test</scope>
+       </dependency>
+       <dependency>
+           <groupId>com.fasterxml.jackson.core</groupId>
+           <artifactId>jackson-core</artifactId>
+           <version>2.6.3</version>
+           <scope>test</scope>
+       </dependency>
+       <dependency>
+           <groupId>org.apache.cxf</groupId>
+           <artifactId>cxf-rt-frontend-simple</artifactId>
+           <version>3.1.4</version>
+           <scope>test</scope>
+       </dependency>
+       <dependency>
+           <groupId>org.apache.cxf</groupId>
+           <artifactId>cxf-rt-ws-policy</artifactId>
+           <version>3.1.4</version>
+           <scope>test</scope>
+       </dependency>
+       <dependency>
+           <groupId>org.apache.cxf</groupId>
+           <artifactId>cxf-rt-frontend-jaxws</artifactId>
+           <version>3.1.8</version>
+           <scope>test</scope>
+       </dependency>
+       <dependency>
+           <groupId>org.apache.cxf</groupId>
+           <artifactId>cxf-rt-transports-http</artifactId>
+           <version>3.1.8</version>
+           <scope>test</scope>
+       </dependency>
+       <dependency>
+           <groupId>org.slf4j</groupId>
+           <artifactId>slf4j-simple</artifactId>
+           <version>1.7.21</version>
+           <scope>compile</scope>
+       </dependency>
+    </dependencies>
+
+    <build>
+        <finalName>cxf-ws-rhsso</finalName>
+        <plugins>
+            <plugin>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>3.6.0</version>
+                <configuration>
+                    <source>1.8</source>
+                    <target>1.8</target>
+                </configuration>
+            </plugin>
+            <plugin>
+                <artifactId>maven-war-plugin</artifactId>
+                <version>3.0.0</version>
+               	<configuration>
+                    <archive>
+                        <manifestEntries>
+                            <Dependencies>org.apache.cxf.impl,org.apache.cxf,org.jboss.ws.spi,org.jboss.ws.cxf.jbossws-cxf-server</Dependencies>
+                        </manifestEntries>
+                    </archive>
+				</configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>exec-maven-plugin</artifactId>
+                <version>1.6.0</version>
+                <executions>
+                  <execution>
+                      <goals>
+                          <goal>java</goal>
+                      </goals>
+                  </execution>
+                </executions>
+                <configuration>
+                  <mainClass>com.sample.redhat.test.Client</mainClass>
+                  <classpathScope>test</classpathScope>
+                  <arguments>
+                      <argument>something....</argument>
+                  </arguments>
+                  <systemProperties>
+                      <systemProperty>
+                        <key>org.slf4j.simpleLogger.defaultLogLevel</key>
+                        <value>warn</value>
+                      </systemProperty>
+                  </systemProperties>
+                </configuration>
+            </plugin>
+            <!--<plugin>
+                <groupId>org.apache.cxf</groupId>
+                <artifactId>cxf-codegen-plugin</artifactId>
+                <version>3.1.8</version>
+                <executions>
+                    <execution>
+                        <id>generate-sources</id>
+                        <phase>generate-sources</phase>
+                        <configuration>
+                            <sourceRoot>${project.build.directory}/generated/cxf</sourceRoot>
+                            <wsdlOptions>
+                                <wsdlOption>
+                                    <wsdl>${basedir}/src/main/webapp/WEB-INF/wsdl/echo-security.wsdl</wsdl>
+                                </wsdlOption>
+                            </wsdlOptions>
+                        </configuration>
+                        <goals>
+                            <goal>wsdl2java</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>-->
+        </plugins>
+    </build>
+</project>

src/main/java/com/sample/redhat/Echo.java

@@ -0,0 +1,57 @@
+/*
+ * To change this license header, choose License Headers in Project Properties.
+ * To change this template file, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package com.sample.redhat;
+
+import javax.annotation.Resource;
+import javax.annotation.security.DeclareRoles;
+import javax.annotation.security.PermitAll;
+import org.jboss.ejb3.annotation.SecurityDomain;
+import javax.annotation.security.RolesAllowed;
+import javax.ejb.SessionContext;
+import javax.ejb.Stateless;
+import javax.jws.WebMethod;
+import javax.jws.WebService;
+import javax.jws.soap.SOAPBinding;
+import org.apache.cxf.interceptor.InInterceptors;
+import org.jboss.ws.api.annotation.EndpointConfig;
+
+/**
+ * 
+ * Simple stateless EJB web service.
+ * http://www.superglobals.net/java-ee-soap-example/
+ * 
+ * WS-Security:
+ * https://github.com/rareddy/ws-security-examples/tree/master/jaxws-usernametoken
+ * https://docs.jboss.org/author/display/WFLY10/WS-Security
+ * 
+ * @author rmartinc
+ */
+@Stateless
+@WebService(name = "echo", 
+        targetNamespace = "http://com.sample.redhat/ws", 
+        serviceName = "echo-service",
+        wsdlLocation = "WEB-INF/wsdl/echo-security.wsdl")
+@SOAPBinding(style = SOAPBinding.Style.RPC)
+@SecurityDomain("JBossWS")
+@DeclareRoles("static")
+@EndpointConfig(configFile = "WEB-INF/jaxws-endpoint-config.xml", configName = "Custom WS-Security Endpoint")
+@InInterceptors(interceptors = {
+    "org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingPolicyInterceptor"
+})
+public class Echo {
+
+    @Resource SessionContext ctx;
+
+    @WebMethod
+    @RolesAllowed("static") // restrict access to static group
+    //@PermitAll // permit the WS to everybody
+    public String echo(String input) {
+        System.err.println("RICKY: principal: " + ctx.getCallerPrincipal());
+        System.err.println("RICKY: principal: " + ctx.getCallerPrincipal().getClass());
+        System.err.println("RICKY: isCallerInRole: " + ctx.isCallerInRole("static"));
+        return ctx.getCallerPrincipal() + " -> " +  input;
+    }
+}

src/main/java/com/sample/redhat/EchoServlet.java

@@ -0,0 +1,94 @@
+/*
+ * To change this license header, choose License Headers in Project Properties.
+ * To change this template file, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package com.sample.redhat;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.net.URL;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.ws.BindingProvider;
+import org.apache.cxf.rt.security.SecurityConstants;
+import org.keycloak.KeycloakSecurityContext;
+import redhat.sample.com.ws.Echo;
+import redhat.sample.com.ws.EchoService;
+
+/**
+ * Common use of the keycloak behind an application. The access token is got 
+ * from the keycloak session and the call to the WS is done using the access
+ * token. The servlet is calling the WS inside this same machine (request info
+ * is used).
+ * 
+ * @author rmartinc
+ */
+@WebServlet(name = "EchoServlet", urlPatterns = {"/EchoServlet"})
+public class EchoServlet extends HttpServlet {
+
+    protected void processRequest(HttpServletRequest request, HttpServletResponse response)
+            throws ServletException, IOException {
+        response.setContentType("text/plain;charset=UTF-8");
+        try (PrintWriter out = response.getWriter()) {
+            // recover the keycloak session
+            KeycloakSecurityContext keycloakSession = (KeycloakSecurityContext)
+                    request.getAttribute(KeycloakSecurityContext.class.getName());
+            // the echo service is recovered using the "jax-ws-catalog.xml"
+            // this way the request to the WSDL is avoided (the WSDL is also protected)
+            URL url = new URL(request.getScheme() + "://" + request.getServerName() + ":" + request.getServerPort() + 
+                    request.getServletContext().getContextPath() + "/echo-service/echo?wsdl");
+            EchoService service = new EchoService(url);
+            Echo echo = service.getEchoPort();
+            // use WSS security to add a token to the SOAP message
+            BindingProvider bp = (BindingProvider) echo;
+            System.err.println(((BindingProvider) echo).getBinding().getClass());
+            ((BindingProvider) echo).getRequestContext().put(SecurityConstants.USERNAME, keycloakSession.getToken().getId());
+            ((BindingProvider) echo).getRequestContext().put(SecurityConstants.PASSWORD, keycloakSession.getTokenString());
+            // call the WS eith the header
+            out.println(echo.echo(request.getParameter("input") == null? "nothing...":request.getParameter("input")));
+        }
+    }
+
+    /**
+     * Handles the HTTP <code>GET</code> method.
+     *
+     * @param request servlet request
+     * @param response servlet response
+     * @throws ServletException if a servlet-specific error occurs
+     * @throws IOException if an I/O error occurs
+     */
+    @Override
+    protected void doGet(HttpServletRequest request, HttpServletResponse response)
+            throws ServletException, IOException {
+        processRequest(request, response);
+    }
+
+    /**
+     * Handles the HTTP <code>POST</code> method.
+     *
+     * @param request servlet request
+     * @param response servlet response
+     * @throws ServletException if a servlet-specific error occurs
+     * @throws IOException if an I/O error occurs
+     */
+    @Override
+    protected void doPost(HttpServletRequest request, HttpServletResponse response)
+            throws ServletException, IOException {
+        processRequest(request, response);
+    }
+
+    /**
+     * Returns a short description of the servlet.
+     *
+     * @return a String containing servlet description
+     */
+    @Override
+    public String getServletInfo() {
+        return "Echo Servlet";
+    }
+
+}

src/main/java/redhat/sample/com/ws/Echo.java

@@ -0,0 +1,25 @@
+package redhat.sample.com.ws;
+
+import javax.jws.WebMethod;
+import javax.jws.WebParam;
+import javax.jws.WebResult;
+import javax.jws.WebService;
+import javax.jws.soap.SOAPBinding;
+
+/**
+ * This class was generated by Apache CXF 3.1.8
+ * 2017-07-13T20:05:17.520+02:00
+ * Generated source version: 3.1.8
+ * 
+ */
+@WebService(targetNamespace = "http://com.sample.redhat/ws", name = "echo")
+@SOAPBinding(style = SOAPBinding.Style.RPC)
+public interface Echo {
+
+    @WebMethod
+    @WebResult(name = "return", targetNamespace = "http://com.sample.redhat/ws", partName = "return")
+    public java.lang.String echo(
+        @WebParam(partName = "arg0", name = "arg0")
+        java.lang.String arg0
+    );
+}