[Work in progress] Sample store secure using LDAP Realm Authentication in a Geronimo environment

git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@755860 13f79535-47bb-0310-9956-ffa450edef68

15 files changed, 811 insertions, 0 deletions

diff --git a/sandbox/lresende/sca/samples/store-secure-webapp/build-dojo.xml b/sandbox/lresende/sca/samples/store-secure-webapp/build-dojo.xml
new file mode 100644
index 0000000000..040e6d6a89
--- /dev/null
+++ b/sandbox/lresende/sca/samples/store-secure-webapp/build-dojo.xml
@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+-->
+<project name="DojoZipInstaller">
+	
+
+    <property name="dojo.version" value="1.3.0b3"/>
+    <property name="unpack.location" value="${basedir}/src/main/webapp/dojo"/>
+	
+
+    <target name="check-dojo-installed">
+        <condition property="already.installed" >
+            <available file="${localRepository}/dojo/dojo/${dojo.version}/dojo-${dojo.version}.zip"/>
+        </condition>
+        <condition property="maven.suffix" value="">
+            <os family="unix"/>
+        </condition>
+        <condition property="maven.suffix" value=".bat">
+            <os family="windows"/>
+        </condition>
+    </target>
+	
+
+    <target name="check-dojo-unpacked">
+        <condition property="already.unpacked" >
+            <available file="${unpack.location}"/>
+        </condition>
+    </target>
+
+    <target name="install-dojo" depends="check-dojo-installed" unless="already.installed">
+        <mkdir dir="${basedir}/target/dojo-download/"/>
+        <get src="http://download.dojotoolkit.org/release-${dojo.version}/dojo-release-${dojo.version}.zip"
+            dest="${basedir}/target/dojo-download/dojo-release-${dojo.version}.zip"
+            verbose="true"
+            usetimestamp="true"/>
+        <exec executable="mvn${maven.suffix}" dir="${basedir}" failonerror="false">
+            <arg line="install:install-file -DgroupId=dojo  -DartifactId=dojo -Dversion=${dojo.version} -Dpackaging=zip -DgeneratePom=true -Dfile=${basedir}/target/dojo-download/dojo-release-${dojo.version}.zip"/>
+        </exec>
+    </target>
+
+    <target name="install-dojo-nomaven" depends="check-dojo-installed" unless="already.installed">
+        <mkdir dir="${basedir}/target/dojo-download/"/>
+        <get src="http://download.dojotoolkit.org/release-${dojo.version}/dojo-release-${dojo.version}.zip"
+            dest="${basedir}/target/dojo-download/dojo-release-${dojo.version}.zip"
+            verbose="true"
+            usetimestamp="true"/>
+        <copy file="${basedir}/target/dojo-download/dojo-release-${dojo.version}.zip" 
+              tofile="${localRepository}/dojo/dojo/${dojo.version}/dojo-${dojo.version}.zip"/>
+    </target>
+	
+
+    <target name="unpack-dojo-files" depends="check-dojo-installed, check-dojo-unpacked" unless="already.unpacked">
+        <fail message="dojo zip file not installed in local repository: ${localRepository}" unless="already.installed"/>
+        <mkdir dir="${basedir}/target/dojo-unpack-temp/"/>
+        <unzip src="${localRepository}/dojo/dojo/${dojo.version}/dojo-${dojo.version}.zip"
+               dest="${basedir}/target/dojo-unpack-temp/"
+               overwrite="false">
+            <patternset>
+                <include name="dojo-release-${dojo.version}/dojo/**"/>
+                <exclude name="dojo-release-${dojo.version}/dojo/tests/**"/>
+                <include name="dojo-release-${dojo.version}/dijit/**"/>
+                <exclude name="dojo-release-${dojo.version}/dojox/**"/>
+                <exclude name="dojo-release-${dojo.version}/util/**"/>
+            </patternset>
+        </unzip>
+        <move file="${basedir}/target/dojo-unpack-temp/dojo-release-${dojo.version}"
+              tofile="${unpack.location}"
+              verbose="true"/>
+        <delete dir="${basedir}/target/dojo-unpack-temp/"/>
+    </target>
+	
+
+    <target name="clean-dojo-files">
+        <delete dir="${unpack.location}"/>
+    </target>
+</project>
diff --git a/sandbox/lresende/sca/samples/store-secure-webapp/build.xml b/sandbox/lresende/sca/samples/store-secure-webapp/build.xml
new file mode 100644
index 0000000000..b2e9e577a5
--- /dev/null
+++ b/sandbox/lresende/sca/samples/store-secure-webapp/build.xml
@@ -0,0 +1,120 @@
+<!--
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+-->
+
+<project name="sample-store-secure-webapp" default="compile">
+
+    <target name="compile">
+        <mkdir dir="target/classes"/>
+        <javac destdir="target/classes" debug="on" source="1.5" target="1.5">
+            <src path="src/main/java"/>
+            <classpath>
+                <fileset refid="tuscany.jars"/>
+                <fileset refid="3rdparty.jars"/>
+            </classpath>
+        </javac>
+        <copy todir="target/classes">
+            <fileset dir="src/main/resources"/>
+            <fileset dir="src/main/resources"/>
+        </copy>
+        <war destfile="target/sample-store-secure-webapp.war" webxml="src/main/webapp/WEB-INF/web.xml">
+            <fileset dir="src/main/webapp"/>
+            <lib refid="tuscany.jars"/>
+            <lib refid="3rdparty.jars"/>
+            <classes dir="target/classes"/>
+        </war>
+    </target>
+
+    <target name="package" depends="compile"/>
+
+    <target name="clean">
+        <delete includeemptydirs="true">
+            <fileset dir="target"/>
+        </delete>
+    </target>
+
+    <fileset id="tuscany.jars" dir="../../modules">
+        <include name="tuscany-assembly-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-assembly-xml-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-assembly-xsd-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-binding-jsonrpc-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-binding-jsonrpc-runtime-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-binding-sca-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-binding-sca-xml-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-contribution-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-contribution-impl-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-contribution-java-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-contribution-namespace-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-contribution-xml-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-core-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-core-databinding-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-core-spi-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-databinding-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-databinding-jaxb-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-databinding-json-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-definitions-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-definitions-xml-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-endpoint-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-extensibility-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-host-embedded-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-host-http-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-host-webapp-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-implementation-java-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-implementation-java-runtime-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-implementation-java-xml-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-implementation-node-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-interface-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-interface-java-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-interface-java-jaxws-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-interface-java-xml-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-monitor-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-node-api-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-node-impl-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-policy-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-policy-security-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-policy-security-http-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-policy-xml-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-sca-api-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-sca-api-extension-1.5-SNAPSHOT.jar"/>
+        <include name="tuscany-xsd-1.5-SNAPSHOT.jar"/>
+    </fileset>
+    <fileset id="3rdparty.jars" dir="../../lib">
+        <include name="XmlSchema-1.4.2.jar"/>
+        <include name="activation-1.1.jar"/>
+        <include name="asm-all-3.1.jar"/>
+        <include name="axiom-api-1.2.7.jar"/>
+        <include name="axiom-impl-1.2.7.jar"/>
+        <include name="cglib-nodep-2.2.jar"/>
+        <include name="commons-codec-1.3.jar"/>
+        <include name="commons-logging-1.1.1.jar"/>
+        <include name="geronimo-activation_1.1_spec-1.0.1.jar"/>
+        <include name="geronimo-javamail_1.4_spec-1.2.jar"/>
+        <include name="geronimo-stax-api_1.0_spec-1.0.1.jar"/>
+        <include name="jaxb-api-2.1.jar"/>
+        <include name="jaxb-impl-2.1.7.jar"/>
+        <include name="jaxen-1.1.1.jar"/>
+        <include name="jaxws-api-2.1.jar"/>
+        <include name="jettison-1.0.1.jar"/>
+        <include name="json-rpc-1.0.jar"/>
+        <include name="jsr181-api-1.0-MR1.jar"/>
+        <include name="jsr250-api-1.0.jar"/>
+        <include name="stax-api-1.0-2.jar"/>
+        <include name="wstx-asl-3.2.4.jar"/>
+    </fileset>
+
+</project>
diff --git a/sandbox/lresende/sca/samples/store-secure-webapp/pom.xml b/sandbox/lresende/sca/samples/store-secure-webapp/pom.xml
new file mode 100644
index 0000000000..2d3c007da5
--- /dev/null
+++ b/sandbox/lresende/sca/samples/store-secure-webapp/pom.xml
@@ -0,0 +1,179 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+    * Licensed to the Apache Software Foundation (ASF) under one
+    * or more contributor license agreements.  See the NOTICE file
+    * distributed with this work for additional information
+    * regarding copyright ownership.  The ASF licenses this file
+    * to you under the Apache License, Version 2.0 (the
+    * "License"); you may not use this file except in compliance
+    * with the License.  You may obtain a copy of the License at
+    * 
+    *   http://www.apache.org/licenses/LICENSE-2.0
+    * 
+    * Unless required by applicable law or agreed to in writing,
+    * software distributed under the License is distributed on an
+    * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    * KIND, either express or implied.  See the License for the
+    * specific language governing permissions and limitations
+    * under the License.    
+-->
+<project>
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.apache.tuscany.sca</groupId>
+        <artifactId>tuscany-sca</artifactId>
+        <version>1.5-SNAPSHOT</version>
+        <relativePath>../../pom.xml</relativePath>
+    </parent>
+    <artifactId>sample-store-secure-webapp</artifactId>
+    <packaging>war</packaging>
+    <name>Apache Tuscany SCA Sample Store in a WebApp</name>
+
+    <repositories>
+       <repository>
+          <id>apache.incubator</id>
+          <url>http://people.apache.org/repo/m2-incubating-repository</url>
+       </repository>
+    </repositories>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.apache.tuscany.sca</groupId>
+            <artifactId>tuscany-host-webapp</artifactId>
+            <version>1.5-SNAPSHOT</version>
+        </dependency>
+        
+        <dependency>
+            <groupId>org.apache.tuscany.sca</groupId>
+            <artifactId>tuscany-implementation-java-runtime</artifactId>
+            <version>1.5-SNAPSHOT</version>
+            <scope>runtime</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.tuscany.sca</groupId>
+            <artifactId>tuscany-binding-jsonrpc-runtime</artifactId>
+            <version>1.5-SNAPSHOT</version>
+            <scope>runtime</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.tuscany.sca</groupId>
+            <artifactId>tuscany-policy-security</artifactId>
+            <version>1.5-SNAPSHOT</version>
+        </dependency>
+        
+        <dependency>
+            <groupId>org.apache.tuscany.sca</groupId>
+            <artifactId>tuscany-policy-security-http</artifactId>
+            <version>1.5-SNAPSHOT</version>
+        </dependency>
+
+        <!-- dependency>
+            <groupId>org.apache.tuscany.sca</groupId>
+            <artifactId>tuscany-host-tomcat</artifactId>
+            <version>1.5-SNAPSHOT</version>
+            <scope>runtime</scope>
+        </dependency-->
+
+        <!-- exclude stax 1.0.1 as we're also pulling in javax\xml\stream\stax-api\1.0-2 -->
+        <dependency>
+            <groupId>stax</groupId>
+            <artifactId>stax-api</artifactId>
+            <version>1.0.1</version>
+            <scope>provided</scope>
+        </dependency>
+
+        <!-- marking dependency as provided to exclude from war file -->
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>servlet-api</artifactId>
+            <version>2.3</version>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <version>4.5</version>
+            <scope>test</scope>
+        </dependency>        
+
+    </dependencies>
+
+    <build>
+       <finalName>${artifactId}</finalName>
+       <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-antrun-plugin</artifactId>
+                <!-- version>1.1</version --> 
+			    <dependencies>
+			        <dependency>
+			    	    <groupId>ant</groupId>
+			    	    <artifactId>ant-trax</artifactId>
+			    	    <version>1.6.5</version>
+			        </dependency>
+			    </dependencies>                    
+                <executions>
+                    <execution> 
+                        <id>install-dojo</id>                       
+                        <phase>validate</phase>
+                        <goals>
+                            <goal>run</goal>
+                        </goals>
+                        <configuration>
+                            <tasks>
+                                <ant antfile="./build-dojo.xml" target="install-dojo">
+                                    <property name="localRepository" value="${settings.localRepository}"/>
+                                </ant>
+                            </tasks>
+                        </configuration>
+                    </execution>
+                    <execution> 
+                        <id>copy-dojo-files</id>                       
+                        <phase>generate-resources</phase>
+                        <goals>
+                            <goal>run</goal>
+                        </goals>
+                        <configuration>
+                            <tasks>
+                                <ant antfile="./build-dojo.xml" target="unpack-dojo-files">
+                                    <property name="localRepository" value="${settings.localRepository}"/>
+                                    <property name="artifactId" value="${artifactId}"/>
+                                </ant>
+                            </tasks>
+                        </configuration>
+                    </execution>
+                    <execution> 
+                        <id>clean-dojo-files</id>                       
+                        <phase>clean</phase>
+                        <goals>
+                            <goal>run</goal>
+                        </goals>
+                        <configuration>
+                            <tasks>
+                                <ant antfile="./build-dojo.xml" target="clean-dojo-files">
+                                    <property name="localRepository" value="${settings.localRepository}"/>
+                                    <property name="artifactId" value="${artifactId}"/>
+                                </ant>
+                            </tasks>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>       
+            <plugin>
+                <groupId>org.apache.tuscany.sca</groupId>
+                <artifactId>tuscany-maven-ant-generator</artifactId>
+                <version>1.5-SNAPSHOT</version>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>generate</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+       </plugins>
+    </build>
+</project>
diff --git a/sandbox/lresende/sca/samples/store-secure-webapp/src/main/java/services/Catalog.java b/sandbox/lresende/sca/samples/store-secure-webapp/src/main/java/services/Catalog.java
new file mode 100644
index 0000000000..0d8d3d561a
--- /dev/null
+++ b/sandbox/lresende/sca/samples/store-secure-webapp/src/main/java/services/Catalog.java
@@ -0,0 +1,8 @@
+package services;
+
+import org.osoa.sca.annotations.Remotable;
+
+@Remotable
+public interface Catalog {
+	Item[] get();
+}
diff --git a/sandbox/lresende/sca/samples/store-secure-webapp/src/main/java/services/CurrencyConverter.java b/sandbox/lresende/sca/samples/store-secure-webapp/src/main/java/services/CurrencyConverter.java
new file mode 100644
index 0000000000..15b2c6e3a6
--- /dev/null
+++ b/sandbox/lresende/sca/samples/store-secure-webapp/src/main/java/services/CurrencyConverter.java
@@ -0,0 +1,12 @@
+package services;
+
+import org.osoa.sca.annotations.Remotable;
+
+@Remotable
+public interface CurrencyConverter {
+    public double getConversion(String fromCurrenycCode, 
+    							String toCurrencyCode, 
+    							double amount);
+
+    public String getCurrencySymbol(String currencyCode);
+}
diff --git a/sandbox/lresende/sca/samples/store-secure-webapp/src/main/java/services/CurrencyConverterImpl.java b/sandbox/lresende/sca/samples/store-secure-webapp/src/main/java/services/CurrencyConverterImpl.java
new file mode 100644
index 0000000000..2bf9d8d42b
--- /dev/null
+++ b/sandbox/lresende/sca/samples/store-secure-webapp/src/main/java/services/CurrencyConverterImpl.java
@@ -0,0 +1,21 @@
+package services;
+
+public class CurrencyConverterImpl implements CurrencyConverter {
+    public double getConversion(String fromCurrencyCode, 
+    							String toCurrencyCode, 
+    							double amount) {
+        if (toCurrencyCode.equals("USD"))
+            return amount;
+        else if (toCurrencyCode.equals("EUR"))
+            return ((double)Math.round(amount * 0.7256 * 100)) /100;
+        return 0;
+    }
+
+    public String getCurrencySymbol(String currencyCode) {
+        if (currencyCode.equals("USD"))
+            return "$";
+        else if (currencyCode.equals("EUR"))
+            return "E"; //"€";
+        return "?";
+    }
+}
diff --git a/sandbox/lresende/sca/samples/store-secure-webapp/src/main/java/services/FruitsCatalogImpl.java b/sandbox/lresende/sca/samples/store-secure-webapp/src/main/java/services/FruitsCatalogImpl.java
new file mode 100644
index 0000000000..4cac4ac21d
--- /dev/null
+++ b/sandbox/lresende/sca/samples/store-secure-webapp/src/main/java/services/FruitsCatalogImpl.java
@@ -0,0 +1,35 @@
+package services;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.osoa.sca.annotations.Init;
+import org.osoa.sca.annotations.Property;
+import org.osoa.sca.annotations.Reference;
+
+public class FruitsCatalogImpl implements Catalog {
+	@Property
+	public String currencyCode = "USD";
+	@Reference
+	public CurrencyConverter currencyConverter;
+
+	private List<Item> catalog = new ArrayList<Item>();
+
+	@Init
+	public void init() {
+		String currencySymbol = currencyConverter
+				.getCurrencySymbol(currencyCode);
+		catalog.add(new Item("Apple", currencySymbol
+				+ currencyConverter.getConversion("USD", currencyCode, 2.99)));
+		catalog.add(new Item("Orange", currencySymbol
+				+ currencyConverter.getConversion("USD", currencyCode, 3.55)));
+		catalog.add(new Item("Pear", currencySymbol
+				+ currencyConverter.getConversion("USD", currencyCode, 1.55)));
+	}
+
+	public Item[] get() {
+		Item[] catalogArray = new Item[catalog.size()];
+		catalog.toArray(catalogArray);
+		return catalogArray;
+	}
+}
diff --git a/sandbox/lresende/sca/samples/store-secure-webapp/src/main/java/services/Item.java b/sandbox/lresende/sca/samples/store-secure-webapp/src/main/java/services/Item.java
new file mode 100644
index 0000000000..e8bcfabfb1
--- /dev/null
+++ b/sandbox/lresende/sca/samples/store-secure-webapp/src/main/java/services/Item.java
@@ -0,0 +1,30 @@
+package services;
+
+public class Item {
+	private String name;
+	private String price;
+
+	public Item() {
+	}
+
+	public Item(String name, String price) {
+		this.name = name;
+		this.price = price;
+	}
+
+	public String getName() {
+		return name;
+	}
+
+	public void setName(String name) {
+		this.name = name;
+	}
+
+	public String getPrice() {
+		return price;
+	}
+
+	public void setPrice(String price) {
+		this.price = price;
+	}
+}
diff --git a/sandbox/lresende/sca/samples/store-secure-webapp/src/main/java/store/security/StoreCallbackHandler.java b/sandbox/lresende/sca/samples/store-secure-webapp/src/main/java/store/security/StoreCallbackHandler.java
new file mode 100644
index 0000000000..88e3a778a0
--- /dev/null
+++ b/sandbox/lresende/sca/samples/store-secure-webapp/src/main/java/store/security/StoreCallbackHandler.java
@@ -0,0 +1,50 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.    
+ */
+
+package store.security;
+
+import java.io.IOException;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class StoreCallbackHandler implements CallbackHandler {
+
+    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+        for (int i = 0; i < callbacks.length; i++) {
+            if (callbacks[i] instanceof NameCallback) {
+                NameCallback nc = (NameCallback)callbacks[i];
+                nc.setName("PWEST");
+            } else if (callbacks[i] instanceof PasswordCallback) {
+                PasswordCallback pc = (PasswordCallback)callbacks[i];
+                pc.setPassword("xxx".toCharArray());
+            } else {
+                throw new UnsupportedCallbackException
+                 (callbacks[i], "Unsupported Callback!");
+            }
+          }
+    }
+
+}
diff --git a/sandbox/lresende/sca/samples/store-secure-webapp/src/main/resources/definitions.xml b/sandbox/lresende/sca/samples/store-secure-webapp/src/main/resources/definitions.xml
new file mode 100644
index 0000000000..0a039338bc
--- /dev/null
+++ b/sandbox/lresende/sca/samples/store-secure-webapp/src/main/resources/definitions.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="ASCII"?>
+<!--
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.    
+-->
+<sca:definitions xmlns="http://www.osoa.org/xmlns/sca/1.0"
+ 			targetNamespace="http://www.osoa.org/xmlns/sca/1.0"
+ 			xmlns:sca="http://www.osoa.org/xmlns/sca/1.0"
+ 			xmlns:tuscany="http://tuscany.apache.org/xmlns/sca/1.0"
+ 			xmlns:store="http://store">
+
+    <!-- PolicySets -->
+    <!-- sca:policySet xmlns="http://www.osoa.org/xmlns/sca/1.0"
+               name="jsonRPCsecurityPolicy" 
+			   provides="sca:authentication"
+ 	           appliesTo="tuscany:binding.jsonrpc">
+ 		<tuscany:authenticationConfiguration realm="ldap-realm"/>
+  </sca:policySet-->
+  
+  
+    <!-- PolicySets -->
+    <!-- policySet xmlns="http://www.osoa.org/xmlns/sca/1.0"
+               name="JaasPolicy" 
+               provides="tuscany:jaasAuthentication" 
+               appliesTo="sca:implementation.java">
+               
+        <tuscany:jaasAuthentication>
+            <tuscany:configurationName>ldap-realm</tuscany:configurationName>
+            <tuscany:callbackHandler>store.security.StoreCallbackHandler</tuscany:callbackHandler>
+        </tuscany:jaasAuthentication>
+    </policySet-->
+
+    <!-- PolicySets -->
+    <policySet xmlns="http://www.osoa.org/xmlns/sca/1.0"
+               name="RealmBaseAuthenticationPolicy" 
+               provides="sca:authentication" 
+               appliesTo="sca:implementation.java">
+               
+        <tuscany:ldapRealmAuthentication>
+            <tuscany:realm>ldap-realm</tuscany:realm>
+            <tuscany:realmConfigurationName>ldap-realm</tuscany:realmConfigurationName>
+        </tuscany:ldapRealmAuthentication>
+    </policySet>
+  
+ </sca:definitions>
\ No newline at end of file
diff --git a/sandbox/lresende/sca/samples/store-secure-webapp/src/main/resources/store.composite b/sandbox/lresende/sca/samples/store-secure-webapp/src/main/resources/store.composite
new file mode 100644
index 0000000000..d2a90946db
--- /dev/null
+++ b/sandbox/lresende/sca/samples/store-secure-webapp/src/main/resources/store.composite
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<composite xmlns="http://www.osoa.org/xmlns/sca/1.0"
+	xmlns:tuscany="http://tuscany.apache.org/xmlns/sca/1.0"
+	xmlns:s="http://store" 
+	targetNamespace="http://store" 
+	name="store">
+		
+	<component name="Catalog">
+		<implementation.java class="services.FruitsCatalogImpl"/>
+		<property name="currencyCode">USD</property>
+		<service name="Catalog">
+            <operation name="get" requires="authentication"/>
+			<tuscany:binding.jsonrpc/>
+		</service>
+		<reference name="currencyConverter" target="CurrencyConverter" />
+	</component>
+
+	<component name="CurrencyConverter">
+		<implementation.java class="services.CurrencyConverterImpl" />
+	</component>
+</composite>
diff --git a/sandbox/lresende/sca/samples/store-secure-webapp/src/main/webapp/META-INF/sca-contribution.xml b/sandbox/lresende/sca/samples/store-secure-webapp/src/main/webapp/META-INF/sca-contribution.xml
new file mode 100644
index 0000000000..41c84c9a44
--- /dev/null
+++ b/sandbox/lresende/sca/samples/store-secure-webapp/src/main/webapp/META-INF/sca-contribution.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+    * Licensed to the Apache Software Foundation (ASF) under one
+    * or more contributor license agreements.  See the NOTICE file
+    * distributed with this work for additional information
+    * regarding copyright ownership.  The ASF licenses this file
+    * to you under the Apache License, Version 2.0 (the
+    * "License"); you may not use this file except in compliance
+    * with the License.  You may obtain a copy of the License at
+    * 
+    *   http://www.apache.org/licenses/LICENSE-2.0
+    * 
+    * Unless required by applicable law or agreed to in writing,
+    * software distributed under the License is distributed on an
+    * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    * KIND, either express or implied.  See the License for the
+    * specific language governing permissions and limitations
+    * under the License.    
+-->
+<contribution xmlns="http://www.osoa.org/xmlns/sca/1.0"
+              xmlns:store="http://store">
+   <deployable composite="store:store"/>
+</contribution>
\ No newline at end of file
diff --git a/sandbox/lresende/sca/samples/store-secure-webapp/src/main/webapp/WEB-INF/geronimo-web.xml b/sandbox/lresende/sca/samples/store-secure-webapp/src/main/webapp/WEB-INF/geronimo-web.xml
new file mode 100644
index 0000000000..2e2f9dd7b5
--- /dev/null
+++ b/sandbox/lresende/sca/samples/store-secure-webapp/src/main/webapp/WEB-INF/geronimo-web.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<web:web-app
+	xmlns:app="http://geronimo.apache.org/xml/ns/j2ee/application-2.0"
+	xmlns:client="http://geronimo.apache.org/xml/ns/j2ee/application-client-2.0"
+	xmlns:conn="http://geronimo.apache.org/xml/ns/j2ee/connector-1.2"
+	xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2"
+	xmlns:lc="http://geronimo.apache.org/xml/ns/loginconfig-2.0"
+	xmlns:ejb="http://openejb.apache.org/xml/ns/openejb-jar-2.2"
+	xmlns:name="http://geronimo.apache.org/xml/ns/naming-1.2"
+	xmlns:pers="http://java.sun.com/xml/ns/persistence"
+	xmlns:pkgen="http://openejb.apache.org/xml/ns/pkgen-2.1"
+	xmlns:sec="http://geronimo.apache.org/xml/ns/security-2.0"
+	xmlns:web="http://geronimo.apache.org/xml/ns/j2ee/web-2.0.1">
+	<dep:environment>
+		<dep:moduleId>
+			<dep:groupId>org.apache.tuscany</dep:groupId>
+			<dep:artifactId>sample-store-secure-webapp</dep:artifactId>
+			<dep:version>1.0</dep:version>
+			<dep:type>car</dep:type>
+		</dep:moduleId>
+		<!-- TUSCANY-2622 -->
+		<dep:hidden-classes>
+			<dep:filter>org.apache.axiom</dep:filter>
+			<dep:filter>org.apache.axis2</dep:filter>
+			<dep:filter>org.apache.commons</dep:filter>
+			<dep:filter>org.jdom</dep:filter>
+		</dep:hidden-classes>		
+	</dep:environment>
+	<web:context-root>/sample-store-secure-webapp</web:context-root>
+	
+	<web:security-realm-name>ldap-realm</web:security-realm-name>
+    <sec:security>
+        <sec:role-mappings>
+            <sec:role role-name="manager">
+                <sec:principal name="PWEST" class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" />
+            </sec:role>
+            <sec:role role-name="user">
+                <sec:principal name="PHAGE" class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" />
+            </sec:role>
+        </sec:role-mappings>
+    </sec:security>
+    
+    <dep:gbean name="ldap-realm" class="org.apache.geronimo.security.realm.GenericSecurityRealm">
+        <dep:attribute name="realmName">ldap-realm</dep:attribute>
+        <dep:xml-reference name="LoginModuleConfiguration">
+            <lc:login-config>
+                <lc:login-module control-flag="REQUIRED" wrap-principals="false">
+                    <lc:login-domain-name>ldap-realm</lc:login-domain-name>
+                    <lc:login-module-class>org.apache.geronimo.security.realm.providers.LDAPLoginModule</lc:login-module-class>
+                    <!-- lc:option name="users">foo,bar</lc:option-->
+                    <lc:option name="initialContextFactory">com.sun.jndi.ldap.LdapCtxFactory</lc:option>
+                    <lc:option name="connectionURL">ldap://dpev007.innovate.ibm.com:389</lc:option>
+                    <lc:option name="connectionUsername">cn=ldaproot,dc=tnc,dc=org</lc:option>
+                    <lc:option name="connectionPassword">ldappass</lc:option>
+                    <lc:option name="authentication">simple</lc:option>
+                    <lc:option name="userBase">ou=people,dc=tnc,dc=org</lc:option>
+                    <lc:option name="userSearchMatching">uid={0}</lc:option>
+                    <lc:option name="userSearchSubtree">false</lc:option>
+                    <lc:option name="roleBase">ou=people,dc=tnc,dc=org</lc:option>
+                    <lc:option name="roleName">cn</lc:option>
+                    <lc:option name="roleSearchMatching">(objectClass={0})</lc:option>
+                    <lc:option name="roleSearchSubtree">false</lc:option>                    
+                </lc:login-module>
+            </lc:login-config>
+        </dep:xml-reference>
+    </dep:gbean>
+</web:web-app>
diff --git a/sandbox/lresende/sca/samples/store-secure-webapp/src/main/webapp/WEB-INF/web.xml b/sandbox/lresende/sca/samples/store-secure-webapp/src/main/webapp/WEB-INF/web.xml
new file mode 100644
index 0000000000..59f030c470
--- /dev/null
+++ b/sandbox/lresende/sca/samples/store-secure-webapp/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
+  <display-name>sample-store-secure-webapp</display-name>
+
+  <filter>
+    <filter-name>tuscany</filter-name> 
+    <filter-class>org.apache.tuscany.sca.host.webapp.TuscanyServletFilter</filter-class> 
+  </filter>
+
+  <filter-mapping>
+    <filter-name>tuscany</filter-name> 
+    <url-pattern>/*</url-pattern> 
+  </filter-mapping>
+
+  <welcome-file-list id="WelcomeFileList">
+    <welcome-file>store.html</welcome-file>
+  </welcome-file-list>
+  
+  <login-config>
+  	<auth-method>BASIC</auth-method>
+  	<realm-name>ldap-realm</realm-name>
+  </login-config>
+  
+  
+  <security-role>
+  	<description>Application managers</description>
+  	<role-name>manager</role-name>
+  </security-role>
+
+  <security-role>
+  	<description>Application users</description>
+  	<role-name>user</role-name>
+  </security-role>
+  
+  <security-constraint>
+  	<web-resource-collection>
+  		<web-resource-name>Areas with authentication required</web-resource-name>
+  		<url-pattern>/protected/*</url-pattern>
+  		<http-method>GET</http-method>
+  		<http-method>POST</http-method>
+  	</web-resource-collection>
+  	<auth-constraint>
+  		<role-name>manager</role-name>
+  	</auth-constraint>
+  </security-constraint>
+</web-app>
\ No newline at end of file
diff --git a/sandbox/lresende/sca/samples/store-secure-webapp/src/main/webapp/store.html b/sandbox/lresende/sca/samples/store-secure-webapp/src/main/webapp/store.html
new file mode 100644
index 0000000000..e4cd0ba12d
--- /dev/null
+++ b/sandbox/lresende/sca/samples/store-secure-webapp/src/main/webapp/store.html
@@ -0,0 +1,48 @@
+<html>
+<head>
+<title>Store</title>
+
+<script type="text/javascript" src="dojo/dojo/dojo.js"></script>
+
+<script type="text/javascript">
+    	dojo.require("dojo.rpc.JsonService");
+</script>
+
+<script language="JavaScript">
+
+	var catalog = new dojo.rpc.JsonService("Catalog?smd");
+	
+	var catalogItems;
+
+	function catalog_getResponse(items) {
+		var catalog = "";
+		for (var i=0; i<items.length; i++) {
+			var item = items[i].name + ' - ' + items[i].price;
+			catalog += '<input name="items" type="checkbox" value="' + 
+						item + '">' + item + ' <br>';
+		}
+		document.getElementById('catalog').innerHTML=catalog;
+		catalogItems = items;
+	}
+	
+	function init() {
+		catalog.get().addCallback(catalog_getResponse);
+	}
+	
+</script>
+
+</head>
+
+<body onload="init()">
+<h1>Store</h1>
+  <div id="store">
+   	<h2>Catalog</h2>
+   	<form name="catalogForm">
+		<div id="catalog" ></div>
+		<br>
+   	</form>
+ 
+ 	<br>    
+  </div>
+</body>
+</html>