Merging the 1.x delta on top of the equinox based modules

git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@718858 13f79535-47bb-0310-9956-ffa450edef68

16 files changed, 554 insertions, 59 deletions

diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/SecurityUtil.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/SecurityUtil.java
new file mode 100644
index 0000000000..81bc3271c6
--- /dev/null
+++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/SecurityUtil.java
@@ -0,0 +1,76 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.    
+ */
+package org.apache.tuscany.sca.policy;
+
+import java.security.Principal;
+
+import javax.security.auth.Subject;
+
+import org.apache.tuscany.sca.invocation.Message;
+
+
+/**
+ *
+ * @version $Rev$ $Date$
+ */
+public class SecurityUtil {
+    
+    public static Subject getSubject(Message msg){
+        
+        Subject subject = null;
+        
+        for (Object header : msg.getHeaders()){
+            if (header instanceof Subject){
+                subject  = (Subject)header;
+                break;
+            }
+        }
+        
+        if (subject == null){
+            subject = new Subject(); 
+            msg.getHeaders().add(subject); 
+        }
+        
+        return subject;
+    }
+    
+    public static <T> T getPrincipal(Subject subject, Class<T> clazz){
+        for (Principal msgPrincipal : subject.getPrincipals() ){
+            if (clazz.isInstance(msgPrincipal)){
+                return clazz.cast(msgPrincipal);
+            }
+        }
+        
+        return null;
+    }
+    
+    public static Principal getPrincipal(Message msg){
+        
+        Principal principal = null;
+        
+        for (Object header : msg.getHeaders()){
+            if (header instanceof Principal){
+                principal  = (Principal)header;
+                break;
+            }
+        }
+        
+        return principal;
+    }    
+}
diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicy.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicy.java
index eb0da76acf..152a8de6cc 100644
--- a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicy.java
+++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicy.java
@@ -32,7 +32,7 @@ public class BasicAuthenticationPolicy implements Policy {
     private static final String SCA10_TUSCANY_NS = "http://tuscany.apache.org/xmlns/sca/1.0";
 
     public static final QName BASIC_AUTHENTICATION_POLICY_QNAME = new QName(SCA10_TUSCANY_NS, "basicAuthentication");
-    public static final String BASIC_AUTHENTICATION_USERNAME = "username";
+    public static final String BASIC_AUTHENTICATION_USERNAME = "userName";
     public static final String BASIC_AUTHENTICATION_PASSWORD = "password";
 
     private String userName;
diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicyProcessor.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicyProcessor.java
index 0b3dfd5539..43db3ec9be 100644
--- a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicyProcessor.java
+++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPolicyProcessor.java
@@ -41,10 +41,6 @@ import org.apache.tuscany.sca.monitor.Monitor;
 public class BasicAuthenticationPolicyProcessor implements StAXArtifactProcessor<BasicAuthenticationPolicy> {
     private static final String SCA10_TUSCANY_NS = "http://tuscany.apache.org/xmlns/sca/1.0";
 
-    private static final String USER_NAME = "userName";
-    private static final String PASSWORD = "password";
-
-    
     public QName getArtifactType() {
         return BasicAuthenticationPolicy.BASIC_AUTHENTICATION_POLICY_QNAME;
     }
@@ -65,9 +61,9 @@ public class BasicAuthenticationPolicyProcessor implements StAXArtifactProcessor
                     name = reader.getName();
                     if ( name.equals(getArtifactType()) ) {
                         // no attributes at the moment
-                    } else if ( USER_NAME.equals(name.getLocalPart()) ) {
+                    } else if ( BasicAuthenticationPolicy.BASIC_AUTHENTICATION_USERNAME.equals(name.getLocalPart()) ) {
                         policy.setUserName(reader.getElementText());
-                    } else if ( PASSWORD.equals(name.getLocalPart()) ) {
+                    } else if ( BasicAuthenticationPolicy.BASIC_AUTHENTICATION_PASSWORD.equals(name.getLocalPart()) ) {
                         policy.setPassword(reader.getElementText());
                     }
                     break;
@@ -99,7 +95,7 @@ public class BasicAuthenticationPolicyProcessor implements StAXArtifactProcessor
 
         if ( policy.getUserName() != null ) {
             writer.writeStartElement(prefix, 
-                                     USER_NAME,
+                                     BasicAuthenticationPolicy.BASIC_AUTHENTICATION_USERNAME,
                                      getArtifactType().getNamespaceURI());
             writer.writeCharacters(policy.getUserName());
             writer.writeEndElement();
@@ -107,7 +103,7 @@ public class BasicAuthenticationPolicyProcessor implements StAXArtifactProcessor
         
         if ( policy.getPassword() != null ) {
             writer.writeStartElement(prefix, 
-                                     PASSWORD,
+                                     BasicAuthenticationPolicy.BASIC_AUTHENTICATION_PASSWORD,
                                      getArtifactType().getNamespaceURI());
             writer.writeCharacters(policy.getPassword());
             writer.writeEndElement();
diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPrincipal.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPrincipal.java
new file mode 100644
index 0000000000..3ab9cb656d
--- /dev/null
+++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationPrincipal.java
@@ -0,0 +1,80 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.    
+ */
+package org.apache.tuscany.sca.policy.authentication.basic;
+
+import java.security.Principal;
+
+
+/**
+ *
+ * @version $Rev$ $Date$
+ */
+public class BasicAuthenticationPrincipal implements Principal {
+
+    private String name;
+    private String password;
+
+    public BasicAuthenticationPrincipal(String name, String password){
+        if (name == null) {
+            throw new IllegalArgumentException("name cannot be null");
+        }
+        
+        this.name = name;
+        this.password = password;
+    }
+    
+    public String getName() {
+        return name;
+    }  
+    
+    public String getPassword() {
+        return password;
+    }
+    
+    @Override
+    public int hashCode() {
+        return name.hashCode();
+    }
+    
+    @Override
+    public String toString() {
+        return name;
+    }
+    
+    
+    @Override
+    public boolean equals(Object principal) {
+        if (principal == null)
+            return false;
+        if (this == principal)
+            return true;
+        if (getClass() != principal.getClass())
+            return false;
+        final BasicAuthenticationPrincipal other = (BasicAuthenticationPrincipal)principal;
+        if (name == null) {
+            if (other.name != null)
+                return false;
+        } else if (!name.equals(other.name)){
+            return false;
+        }
+            
+        return true;
+    }
+   
+}
diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationReferencePolicyInterceptor.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationReferencePolicyInterceptor.java
index c0ed282276..4120fdb405 100644
--- a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationReferencePolicyInterceptor.java
+++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationReferencePolicyInterceptor.java
@@ -18,17 +18,16 @@
  */
 package org.apache.tuscany.sca.policy.authentication.basic;
 
-import javax.xml.namespace.QName;
+import javax.security.auth.Subject;
 
 import org.apache.tuscany.sca.interfacedef.Operation;
 import org.apache.tuscany.sca.invocation.Interceptor;
 import org.apache.tuscany.sca.invocation.Invoker;
 import org.apache.tuscany.sca.invocation.Message;
 import org.apache.tuscany.sca.policy.PolicySet;
+import org.apache.tuscany.sca.policy.SecurityUtil;
 
 /**
- * Policy handler to handle PolicySet related to Logging with the QName
- * {http://tuscany.apache.org/xmlns/sca/1.0/impl/java}LoggingPolicy
  *
  * @version $Rev$ $Date$
  */
@@ -62,11 +61,26 @@ public class BasicAuthenticationReferencePolicyInterceptor implements Intercepto
     }
 
     public Message invoke(Message msg) {
-        // could call out here to some 3rd part system to get credentials
-        msg.getQoSContext().put(BasicAuthenticationPolicy.BASIC_AUTHENTICATION_USERNAME,
-                                policy.getUserName());
-        msg.getQoSContext().put(BasicAuthenticationPolicy.BASIC_AUTHENTICATION_PASSWORD,
-                                policy.getPassword());
+        
+        // get the security context
+        Subject subject = SecurityUtil.getSubject(msg);
+        BasicAuthenticationPrincipal principal = SecurityUtil.getPrincipal(subject, 
+                                                                           BasicAuthenticationPrincipal.class);
+
+        // if no credentials propogated from the reference then use 
+        // the ones from the policy
+        if (principal == null && 
+            policy.getUserName() != null && 
+            !policy.getUserName().equals("")) {
+            principal = new BasicAuthenticationPrincipal(policy.getUserName(),
+                                                         policy.getPassword());
+            subject.getPrincipals().add(principal);
+        }
+
+        if (principal == null){
+            // alternatively we could call out here to some 3rd party system to get credentials
+            // or convert from some other security principal
+        }
         
         return getNext().invoke(msg);
     }
diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationReferencePolicyProvider.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationReferencePolicyProvider.java
index f6453e2b65..5aa36ecc89 100644
--- a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationReferencePolicyProvider.java
+++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationReferencePolicyProvider.java
@@ -27,7 +27,6 @@ import org.apache.tuscany.sca.invocation.Interceptor;
 import org.apache.tuscany.sca.invocation.Phase;
 import org.apache.tuscany.sca.policy.PolicySet;
 import org.apache.tuscany.sca.policy.PolicySetAttachPoint;
-import org.apache.tuscany.sca.policy.util.PolicyHandler;
 import org.apache.tuscany.sca.provider.PolicyProvider;
 import org.apache.tuscany.sca.runtime.RuntimeComponent;
 import org.apache.tuscany.sca.runtime.RuntimeComponentReference;
diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyInterceptor.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyInterceptor.java
index 6c0f7d48d0..88a790c9e9 100644
--- a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyInterceptor.java
+++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyInterceptor.java
@@ -19,13 +19,15 @@
 package org.apache.tuscany.sca.policy.authentication.basic;
 
 
-import javax.xml.namespace.QName;
+import javax.security.auth.Subject;
 
 import org.apache.tuscany.sca.interfacedef.Operation;
 import org.apache.tuscany.sca.invocation.Interceptor;
 import org.apache.tuscany.sca.invocation.Invoker;
 import org.apache.tuscany.sca.invocation.Message;
 import org.apache.tuscany.sca.policy.PolicySet;
+import org.apache.tuscany.sca.policy.SecurityUtil;
+
 
 /**
  * Policy handler to handle PolicySet related to Logging with the QName
@@ -64,16 +66,20 @@ public class BasicAuthenticationServicePolicyInterceptor implements Interceptor
 
     public Message invoke(Message msg) {
         
-        String username = (String)msg.getQoSContext().get(BasicAuthenticationPolicy.BASIC_AUTHENTICATION_USERNAME);
-        String password = (String)msg.getQoSContext().get(BasicAuthenticationPolicy.BASIC_AUTHENTICATION_PASSWORD);
-        
-        if (username != null) {
+        Subject subject = SecurityUtil.getSubject(msg);
+        BasicAuthenticationPrincipal principal =  SecurityUtil.getPrincipal(subject, 
+                                                                            BasicAuthenticationPrincipal.class);
+
+        if (principal != null){
             
-            System.out.println("Username: " + username + " Password: " + password);
-            // could call out here to some 3rd part system to do whatever you 
-            // need to turn credentials into a principal            
+            System.out.println("Username: " + 
+                               principal.getName() + 
+                               " Password: " + 
+                               principal.getPassword());
             
-            msg.getQoSContext().put(Message.QOS_CTX_SECURITY_PRINCIPAL, username);             
+            // could call out here to some 3rd party system to do whatever you 
+            // need to do do with username and password
+           
         }
     
         return getNext().invoke(msg);
diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyProvider.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyProvider.java
index 9bbb0e2d33..aae0386589 100644
--- a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyProvider.java
+++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/basic/BasicAuthenticationServicePolicyProvider.java
@@ -27,7 +27,6 @@ import org.apache.tuscany.sca.invocation.Interceptor;
 import org.apache.tuscany.sca.invocation.Phase;
 import org.apache.tuscany.sca.policy.PolicySet;
 import org.apache.tuscany.sca.policy.PolicySetAttachPoint;
-import org.apache.tuscany.sca.policy.util.PolicyHandler;
 import org.apache.tuscany.sca.provider.PolicyProvider;
 import org.apache.tuscany.sca.runtime.RuntimeComponent;
 import org.apache.tuscany.sca.runtime.RuntimeComponentService;
diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/token/TokenPrincipal.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/token/TokenPrincipal.java
new file mode 100644
index 0000000000..147b863c01
--- /dev/null
+++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/authentication/token/TokenPrincipal.java
@@ -0,0 +1,74 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.    
+ */
+package org.apache.tuscany.sca.policy.authentication.token;
+
+import java.security.Principal;
+
+
+/**
+ *
+ * @version $Rev$ $Date$
+ */
+public class TokenPrincipal implements Principal {
+
+    private String name;
+
+    public TokenPrincipal(String name){
+        if (name == null) {
+            throw new IllegalArgumentException("name cannot be null");
+        }
+        
+        this.name = name;
+    }
+    
+    public String getName() {
+        return name;
+    }    
+    
+    @Override
+    public int hashCode() {
+        return name.hashCode();
+    }
+    
+    @Override
+    public String toString() {
+        return name;
+    }
+    
+    
+    @Override
+    public boolean equals(Object principal) {
+        if (principal == null)
+            return false;
+        if (this == principal)
+            return true;
+        if (getClass() != principal.getClass())
+            return false;
+        final TokenPrincipal other = (TokenPrincipal)principal;
+        if (name == null) {
+            if (other.name != null)
+                return false;
+        } else if (!name.equals(other.name)){
+            return false;
+        }
+            
+        return true;
+    }
+   
+}
diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyInterceptor.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyInterceptor.java
new file mode 100644
index 0000000000..1559e22cb9
--- /dev/null
+++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyInterceptor.java
@@ -0,0 +1,80 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.    
+ */
+
+package org.apache.tuscany.sca.policy.identity;
+
+import java.security.Principal;
+import java.util.List;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginContext;
+
+import org.apache.tuscany.sca.invocation.Interceptor;
+import org.apache.tuscany.sca.invocation.Invoker;
+import org.apache.tuscany.sca.invocation.Message;
+import org.apache.tuscany.sca.policy.SecurityUtil;
+import org.osoa.sca.ServiceRuntimeException;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class SecurityIdentityImplementationPolicyInterceptor implements Interceptor {
+    private List<SecurityIdentityPolicy> securityIdentityPolicies;
+    private Invoker next;
+
+    public SecurityIdentityImplementationPolicyInterceptor(List<SecurityIdentityPolicy> securityIdentityPolicies) {
+        super();
+        this.securityIdentityPolicies = securityIdentityPolicies;
+    }
+
+    /**
+     * @see org.apache.tuscany.sca.invocation.Interceptor#getNext()
+     */
+    public Invoker getNext() {
+        return next;
+    }
+
+    /**
+     * @see org.apache.tuscany.sca.invocation.Interceptor#setNext(org.apache.tuscany.sca.invocation.Invoker)
+     */
+    public void setNext(Invoker next) {
+        this.next = next;
+    }
+
+    /**
+     * @see org.apache.tuscany.sca.invocation.Invoker#invoke(org.apache.tuscany.sca.invocation.Message)
+     */
+    public Message invoke(Message msg) {
+        try {
+            
+            Subject subject = SecurityUtil.getSubject(msg);
+                
+            // May do some selection here based on runAs settings.
+            // by default though there is nothing to do as the implementation
+            // assumes the callers user credentials
+            
+
+        } catch (Exception e) {
+            throw new ServiceRuntimeException(e);
+        }
+        return getNext().invoke(msg);
+    }
+
+}
diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyProvider.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyProvider.java
new file mode 100644
index 0000000000..aa52e0bc41
--- /dev/null
+++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityImplementationPolicyProvider.java
@@ -0,0 +1,88 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.    
+ */
+package org.apache.tuscany.sca.policy.identity;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.tuscany.sca.assembly.ConfiguredOperation;
+import org.apache.tuscany.sca.assembly.Implementation;
+import org.apache.tuscany.sca.assembly.OperationsConfigurator;
+import org.apache.tuscany.sca.interfacedef.Operation;
+import org.apache.tuscany.sca.invocation.Interceptor;
+import org.apache.tuscany.sca.invocation.Phase;
+import org.apache.tuscany.sca.policy.PolicySet;
+import org.apache.tuscany.sca.provider.PolicyProvider;
+import org.apache.tuscany.sca.runtime.RuntimeComponent;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class SecurityIdentityImplementationPolicyProvider implements PolicyProvider {
+    private RuntimeComponent component;
+    private Implementation implementation;
+
+    public SecurityIdentityImplementationPolicyProvider(RuntimeComponent component, Implementation implementation) {
+        super();
+        this.component = component;
+        this.implementation = implementation;
+    }
+
+    private List<SecurityIdentityPolicy> findPolicies(Operation op) {
+        List<SecurityIdentityPolicy> polices = new ArrayList<SecurityIdentityPolicy>();
+        // FIXME: How do we get a list of effective policySets for a given operation?
+        if (implementation instanceof OperationsConfigurator) {
+            OperationsConfigurator operationsConfigurator = (OperationsConfigurator)implementation;
+            for (ConfiguredOperation cop : operationsConfigurator.getConfiguredOperations()) {
+                if (cop.getName().equals(op.getName())) {
+                    for (PolicySet ps : cop.getPolicySets()) {
+                        for (Object p : ps.getPolicies()) {
+                            if (SecurityIdentityPolicy.class.isInstance(p)) {
+                                polices.add((SecurityIdentityPolicy)p);
+                            }
+                        }
+                    }
+                }
+            }
+        }
+        
+        List<PolicySet> policySets = component.getPolicySets();
+        for (PolicySet ps : policySets) {
+            for (Object p : ps.getPolicies()) {
+                if (SecurityIdentityPolicy.class.isInstance(p)) {
+                    polices.add((SecurityIdentityPolicy)p);
+                }
+            }
+        }
+        return polices;
+    }
+
+    public Interceptor createInterceptor(Operation operation) {
+        List<SecurityIdentityPolicy> policies = findPolicies(operation);
+        if (policies == null || policies.isEmpty()) {
+            return null;
+        } else {
+            return new SecurityIdentityImplementationPolicyInterceptor(findPolicies(operation));
+        }
+    }
+
+    public String getPhase() {
+        return Phase.IMPLEMENTATION_POLICY;
+    }
+}
diff --git a/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityPolicyProviderFactory.java b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityPolicyProviderFactory.java
new file mode 100644
index 0000000000..a20f314a2a
--- /dev/null
+++ b/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/identity/SecurityIdentityPolicyProviderFactory.java
@@ -0,0 +1,75 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.    
+ */
+
+package org.apache.tuscany.sca.policy.identity;
+
+import org.apache.tuscany.sca.assembly.Binding;
+import org.apache.tuscany.sca.assembly.Implementation;
+import org.apache.tuscany.sca.core.ExtensionPointRegistry;
+import org.apache.tuscany.sca.provider.PolicyProvider;
+import org.apache.tuscany.sca.provider.PolicyProviderFactory;
+import org.apache.tuscany.sca.runtime.RuntimeComponent;
+import org.apache.tuscany.sca.runtime.RuntimeComponentReference;
+import org.apache.tuscany.sca.runtime.RuntimeComponentService;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class SecurityIdentityPolicyProviderFactory implements PolicyProviderFactory<SecurityIdentityPolicy> {
+    private ExtensionPointRegistry registry;
+    
+    public SecurityIdentityPolicyProviderFactory(ExtensionPointRegistry registry) {
+        super();
+        this.registry = registry;
+    }
+
+    /**
+     * @see org.apache.tuscany.sca.provider.PolicyProviderFactory#createImplementationPolicyProvider(org.apache.tuscany.sca.runtime.RuntimeComponent, org.apache.tuscany.sca.assembly.Implementation)
+     */
+    public PolicyProvider createImplementationPolicyProvider(RuntimeComponent component, Implementation implementation) {
+        return new SecurityIdentityImplementationPolicyProvider(component, implementation);
+    }
+
+    /**
+     * @see org.apache.tuscany.sca.provider.PolicyProviderFactory#createReferencePolicyProvider(org.apache.tuscany.sca.runtime.RuntimeComponent, org.apache.tuscany.sca.runtime.RuntimeComponentReference, org.apache.tuscany.sca.assembly.Binding)
+     */
+    public PolicyProvider createReferencePolicyProvider(RuntimeComponent component,
+                                                        RuntimeComponentReference reference,
+                                                        Binding binding) {
+        return null; 
+    }
+
+    /**
+     * @see org.apache.tuscany.sca.provider.PolicyProviderFactory#createServicePolicyProvider(org.apache.tuscany.sca.runtime.RuntimeComponent, org.apache.tuscany.sca.runtime.RuntimeComponentService, org.apache.tuscany.sca.assembly.Binding)
+     */
+    public PolicyProvider createServicePolicyProvider(RuntimeComponent component,
+                                                      RuntimeComponentService service,
+                                                      Binding binding) {
+        return null; 
+    }
+
+    /**
+     * @see org.apache.tuscany.sca.provider.ProviderFactory#getModelType()
+     */
+    public Class getModelType() {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+}
diff --git a/java/sca/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor b/java/sca/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor
index 3a514e6088..bf8e4d11b4 100644
--- a/java/sca/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor
+++ b/java/sca/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor
@@ -1,26 +1,27 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-# 
-#   http://www.apache.org/licenses/LICENSE-2.0
-# 
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License. 
-
-# Implementation class for the artifact processor extension
-org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#authorization,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy
-org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#allow,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy
-org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#permitAll,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy
-org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#denyAll,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy
-org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#securityIdentity,model=org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy
-org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#runAs,model=org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy
-org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.0#jaasAuthentication,model=org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationPolicy
-org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.0#basicAuthentication,model=org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicy
+# Licensed to the Apache Software Foundation (ASF) under one

+# or more contributor license agreements.  See the NOTICE file

+# distributed with this work for additional information

+# regarding copyright ownership.  The ASF licenses this file

+# to you under the Apache License, Version 2.0 (the

+# "License"); you may not use this file except in compliance

+# with the License.  You may obtain a copy of the License at

+# 

+#   http://www.apache.org/licenses/LICENSE-2.0

+# 

+# Unless required by applicable law or agreed to in writing,

+# software distributed under the License is distributed on an

+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

+# KIND, either express or implied.  See the License for the

+# specific language governing permissions and limitations

+# under the License. 

+

+# Implementation class for the artifact processor extension

+org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#authorization,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy

+org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#allow,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy

+org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#permitAll,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy

+org.apache.tuscany.sca.policy.authorization.AuthorizationPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#denyAll,model=org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy

+org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#runAs,model=org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy

+org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicyProcessor;qname=http://www.osoa.org/xmlns/sca/1.0#securityIdentity,model=org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy

+org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.0#securityIdentity,model=org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy

+org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.0#jaasAuthentication,model=org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationPolicy

+org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicyProcessor;qname=http://tuscany.apache.org/xmlns/sca/1.0#basicAuthentication,model=org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicy

diff --git a/java/sca/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.provider.PolicyProviderFactory b/java/sca/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.provider.PolicyProviderFactory
index 95263b8836..0363fbd981 100644
--- a/java/sca/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.provider.PolicyProviderFactory
+++ b/java/sca/modules/policy-security/src/main/resources/META-INF/services/org.apache.tuscany.sca.provider.PolicyProviderFactory
@@ -18,3 +18,4 @@
 # Implementation class for the policy extension

 org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationPolicyProviderFactory;model=org.apache.tuscany.sca.policy.security.jaas.JaasAuthenticationPolicy

 org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicyProviderFactory;model=org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPolicy

+org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicyProviderFactory;model=org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy

diff --git a/java/sca/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/definitions.xml b/java/sca/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/definitions.xml
index e1be4ab03c..f8f0634a9a 100644
--- a/java/sca/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/definitions.xml
+++ b/java/sca/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/definitions.xml
@@ -31,7 +31,7 @@
     
 	<!-- Policy Intents Defined by the SCA Runtime -->
 	<intent name="authentication" 
-	 		constrains="sca:binding">
+	 		constrains="sca:binding tuscany:binding">
 		<description>
 			Specifying this intent on references requires necessary authentication information
 			to be sent along with outgoing messages. Specifying this intent on service requires
@@ -40,16 +40,16 @@
 	</intent>
 	
 	<intent name="confidentiality" 
-	 		constrains="sca:binding">
+	 		constrains="sca:binding tuscany:binding">
 		<description>
 			Specifying this intent requires message exchanged to be encrypted
 		</description>
 	</intent>
 	
 	<intent name="integrity" 
-	 		constrains="sca:binding">
+	 		constrains="sca:binding tuscany:binding">
 		<description>
 			Specifying this intent requires message exchanged to be signed
 		</description>
 	</intent>
-</definitions>
\ No newline at end of file
+</definitions>
diff --git a/java/sca/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/tuscany_definitions.xml b/java/sca/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/tuscany_definitions.xml
index f5b79af7ee..91383eaf6a 100644
--- a/java/sca/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/tuscany_definitions.xml
+++ b/java/sca/modules/policy-security/src/main/resources/org/apache/tuscany/sca/policy/security/tuscany_definitions.xml
@@ -20,7 +20,13 @@
 <definitions xmlns="http://www.osoa.org/xmlns/sca/1.0" targetNamespace="http://tuscany.apache.org/xmlns/sca/1.0"
     xmlns:sca="http://www.osoa.org/xmlns/sca/1.0" xmlns:tuscany="http://tuscany.apache.org/xmlns/sca/1.0">
 
-    <intent name="jaasAuthentication" constrains="sca:implementation.java">
+    <intent name="identity" constrains="sca:implementation.java 
+                                        sca:implementation.spring">
+        <description>All invocations are must have an identity set</description>
+    </intent>
+
+    <intent name="jaasAuthentication" constrains="sca:implementation.java 
+                                                  sca:implementation.spring">
         <description>All invocations to be authenticated</description>
     </intent>
 </definitions>
\ No newline at end of file