#
# Copyright (c) 2010, 2018 Oracle and/or its affiliates. All rights reserved.
#
# This program and the accompanying materials are made available under the
# terms of the Eclipse Distribution License v. 1.0, which is available at
# http://www.eclipse.org/org/documents/edl-v10.php.
#
# SPDX-License-Identifier: BSD-3-Clause
#

To Install WSIT and run the sample:

1. Follow the steps in [1] to download, build and install WSIT in Glassfish or Tomcat.

2. Copy the directory /wsit/wsit/samples/ws-trust/certs/xws-security to 
<GLASSFISH_HOME> or <TOMCAT_HOME>.

3. Set up WSIT_HOME system property:

    For Glassfish: 

    # Open the file <GLASSFISH_HOME>/domains/domain1/config/domain.xml in a text editor.
    # Add the following JVM option.
      <jvm-options>-DWSIT_HOME=${com.sun.aas.installRoot}</jvm-options>

    For Tomcat, set CATALINA_OPTS=-DWSIT_HOME=<TOMCAT_HOME>.

4. Edit /wsit/wsit/samples/ws-trust/interop/src/build.properties to set java.home and 
   tomcat.home/glassfish.home.

5. Start tomcat or glassfish.

6. To run the sample, go to 
   /wsit/wsit/samples/ws-trust/src/fs, and run "ant run-sample".

7. You will be prompted to enter the username/password. Two pairs alice/alice, bob/bob
   are preconfigured to use with this sample.

------------------------------------------------------------------------------
This works with Sun Java System Access Manager 7.1 Beta which is available as part of 
java_app_platform_sdk-5_01 release. 

To set up and run the sample with AccessManager:

1. Download and install Java Application Platform SDK at [2] . 
   Get amclientsdk.jar and amserver.war from SDK\addons\accessmanager.

2. Deploy amserver.war into your choice of container. 

3. Open http://localhost:8080/amserver/configurator.jsp in a browser.

4. Post request parameters required. Click Configure button.

5. Login in with the User Name = amAdmin and the password set in the previous step.

6. Create a test user:
    6.1 Click the entry in the realm list
    6.2 Click 'Subjects'
    6.3 Click 'New'
    6.4 ID: Alice
    6.5 First Name: Alice
    6.6 Last Name: Test
    6.7 Full Name: Alice Test
    6.8 Password: alice
    6.9 Click 'OK'

7. Repeat step 6 to create another test user with ID = Bob.

8. Create a policy:
   8.1 Click 'Policies'
   8.2 Click 'New Policy'
   8.3 Name: Access Simple Service
   8.4 Under 'Rules', click 'New'
   8.5 Leave the default URL Policy Agent selected, click 'Next'
   8.6 Name: Simple Service
       Resource Name: http://localhost:8080/jaxws-fs/simple (this MUST match
       exactly what the client asks for. You can use wildcards if you like, though, so
       it could be http://*:*/jaxws-fs/simple)
   8.7 Select 'POST', click 'Finish'
   8.8 Under 'Subjects', click 'New'
   8.9 Select 'Access Manager Identity Subject' and click Next.
   8.10 Filter: User, click 'Search'
   8.11 Select alice, click 'Add', put Name: alice, click 'Finish'
   8.12 Click 'OK'.

9. Stop the container and Install WSIT to it according to the above steps 1 to 4
   for "To Install WSIT and Run the Sample".

10. Copy the amclientsdk.jar into the /wsit/wsit/samples/ws-trust/am directory.

11. Edit /wsit/wsit/samples/ws-trust/am/AMConfig.properties. Set the following properties to suit your
    deployment:

    com.iplanet.am.naming.url
    com.iplanet.am.server.host
    com.iplanet.am.server.port
    com.iplanet.services.debug.directory
    com.iplanet.services.configpath
    common.org

    where 
    com.iplanet.services.configpath points to the Configuration Directory set up in step 4
    common.org points to the Realm Name (sample).
    

From this point on, all paths arerelative to the /wsit/wsit/samples/ws-trust directory.

12. Edit etc/targets.xml. Add the following lines after the initial list of
    properties:

    <property name="build.lib.home" value="${build.home}/lib"/>
    <target name="copy-am-files">   
        <echo message="Copying AM Files"/>
        <copy file="${basedir}/../../am/AMConfig.properties"
                tofile="${build.classes.home}/AMConfig.properties" />
        <mkdir dir="${build.lib.home}"/>
        <copy file="${basedir}/../../am/amclientsdk.jar"
            tofile="${build.lib.home}/amclientsdk.jar" />
        <copy file="${basedir}/../../am/jaas.jar"
            tofile="${build.lib.home}/jaas.jar" />
        <copy file="${basedir}/../../am/jdk_logging.jar"
            tofile="${build.lib.home}/jdk_logging.jar" />
    </target>

    and replace the existing create-sts-war target element with:

    <target name="create-sts-war">
        <antcall target="copy-am-files" />
        <war warfile="${build.war.home}/jaxws-sts.war"
                webxml="../../etc/sts/web.xml">
                <webinf dir="../../etc/sts" includes="sun-jaxws.xml"/>
                <zipfileset
                           dir="etc/sts"
                           includes="sts.wsdl, *.xsd"
                           prefix="WEB-INF/wsdl"/>
                <zipfileset
                           dir="../../etc/sts"
                           includes="wsit-server.xml"
                           prefix="WEB-INF/classes"/>
                <zipfileset
                            dir="../../etc/sts/services"
                            includes="com.sun.*"
                            prefix="WEB-INF/classes/META-INF/services"/>
                <classes dir="${build.classes.home}" includes="**/sts/**,
                        **/com/**, **/common/**, AMConfig.properties"/>
                <lib dir="${build.lib.home}" />
        </war>
   </target>

    This new target element places the additional jars and configuration files into
    the jaxws-sts war.

13. Replace the following in etc/targets.xml:

    <target name="compile-callbacks" depends="setup-tc, setup-glassfish" >
        <javac
            fork="true"
            debug="${debug}"
            srcdir="${basedir}/.."
            destdir="${build.classes.home}" 
            includes="common/SampleUsernamePasswordCallbackHandler.java, common/SampleUsernamePasswordValidator.java">
            <classpath refid="jaxws.classpath"/>
        </javac>
    </target>

    by

    <target name="compile-callbacks" depends="setup-tc, setup-glassfish" >
        <javac
            fork="true"
            debug="${debug}"
            srcdir="${basedir}/.."
            destdir="${build.classes.home}" 
            includes="common/SampleUsernamePasswordCallbackHandler.java, common/SampleAMSTSAuthorizationProvider.java, common/SampleAMUsernamePasswordValidator.java">
            <classpath refid="jaxws.classpath"/>
        </javac>
    </target>

14.  Edit /wsit/wsit/samples/ws-trust/src/fs/etc/sts/sts.wsdl:
     replace 
       <sc:Validator name="usernameValidator"  classname="common.SampleUsernamePasswordValidator"/>  
     with
       <sc:Validator name="usernameValidator"  classname="common.SampleAMUsernamePasswordValidator"/>

15. Start the container.

16. Now build and run the sample with "ant run-sample" in src/fs directory. You will be prompted to enter 
    the username/password. 
    Enter Alice/Alice, you should get the balance back from the service.
    Enter Bob/Bob, you should be authenticated in the STS and denied to be issued a SAML token. 
    For the other username/password pairs, you should not be authenticated.

Note: The AM username/password validator and contract put their debug files in the specified 
      directory. 
 --------------------------------------------------------------------------------------------

[1] https://wsit.dev.java.net/source/browse/*checkout*/wsit/wsit/docs/howto/WSIT_Download_Build_Install.html
[2] http://java.sun.com/javaee/downloads/index.jsp

