You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by sm...@apache.org on 2017/07/14 21:41:37 UTC

directory-fortress-commander git commit: Add section to README that describes the properties.

Repository: directory-fortress-commander
Updated Branches:
  refs/heads/master 07e5e0322 -> d549ae619


Add section to README that describes the properties.


Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-commander/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-commander/commit/d549ae61
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-commander/tree/d549ae61
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-commander/diff/d549ae61

Branch: refs/heads/master
Commit: d549ae619c596b4b962d14668b8df0eabc6835b8
Parents: 07e5e03
Author: Shawn McKinney <sm...@apache.org>
Authored: Fri Jul 14 16:41:33 2017 -0500
Committer: Shawn McKinney <sm...@apache.org>
Committed: Fri Jul 14 16:41:33 2017 -0500

----------------------------------------------------------------------
 README.md                                      | 123 ++++++++++++++++++++
 src/main/resources/META-INF/context.xml        |   2 +-
 src/main/resources/fortress.properties.example |   1 +
 3 files changed, 125 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-fortress-commander/blob/d549ae61/README.md
----------------------------------------------------------------------
diff --git a/README.md b/README.md
index 11f5297..e4fc1d8 100644
--- a/README.md
+++ b/README.md
@@ -31,6 +31,7 @@
  * SECTION 4. Load Sample Security Policy
  * SECTION 5. Deploy to Tomcat Server
  * SECTION 6. Test with Selenium
+ * SECTION 7. Fortress Web properties
 
 ___________________________________________________________________________________
 ## Document Overview
@@ -207,4 +208,126 @@ ________________________________________________________________________________
  * [FortressWebDemoUsers](./src/main/resources/FortressWebDemoUsers.xml) policy loaded into target LDAP server.
 
 ___________________________________________________________________________________
+## SECTION 7. Fortress Web properties
+
+This section describes most of the fortress.properties that are needed to control fortress-web behavior.
+
+1. LDAP Hostname coordinates.  The host name can be specified as a fully qualified domain name or IP address.
+
+ ```
+ # Host name and port of LDAP DIT:
+ host=localhost
+ port=10389
+ ```
+
+2. LDAP Server type.  Each LDAP server impl has different behavior on operations like password policies and audit.  Fortress supports
+ OpenLDAP and ApacheDS and so specify which one here.  If using a 3rd type of server that isn't formally supported, leave blank or type is other.
+
+ ```
+ # If ApacheDS server:
+ ldap.server.type=apacheds
+ ```
+
+ ```
+ # Else if OpenLDAP server:
+ ldap.server.type=slapd
+ ```
+
+ ```
+ # Else leave blank:
+ #ldap.server.type=other
+ ```
+
+3.  Set the credentials of service account.  Must have read/write privileges over the Fortress LDAP DIT:
+
+ ```
+ # If ApacheDS it will look something like this:
+ admin.user=uid=admin,ou=system
+ admin.pw=secret
+ ```
+
+ ```
+ # Else If OpenLDAP it will look something like this:
+ admin.user=cn=Manager,dc=example,dc=com
+ admin.pw=secret
+ ```
+
+4. Define the number of LDAP connections to use in the pool  Unless you know what you're doing, use this:
+
+ ```
+ # This is min/max settings for LDAP administrator pool connections that have read/write access to all nodes under suffix:
+ min.admin.conn=1
+ max.admin.conn=10
+ ```
+
+5. Give coordinates to the Config node that contains all of the other Fortress properties.  This will match your LDAP's server's config node per Fortress Core setup.
+
+ ```
+ # This node contains fortress properties stored on behalf of connecting LDAP clients:
+ config.realm=DEFAULT
+ config.root=ou=Config,dc=example,dc=com
+ ```
+
+6. If using LDAPS.
+
+ ```
+ # Used for SSL Connection to LDAP Server:
+ enable.ldap.ssl=true
+ enable.ldap.ssl.debug=true
+ trust.store=/fully/qualified/path/and/file/name/to/java/truststore
+ trust.store.password=changeit
+ trust.store.set.prop=true
+ ```
+
+7. To use REST instead of LDAP.  Points to fortress-rest instance.
+
+ ```
+ # This will override default LDAP manager implementations for the RESTful ones:
+ enable.mgr.impl.rest=true
+ ```
+
+8. If using REST, provide the credentials of user that has access to fortress-rest.
+
+ ```
+ # Optional parameters needed when Fortress client is connecting with the En Masse (rather than LDAP) server:
+ http.user=demouser4
+ http.pw=gX9JbCTxJW5RiH+otQEX0Ja0RIAoPBQf
+ http.host=localhost
+ http.port=8080
+ ```
+
+9. To reenable the nav panel on startup.
+
+ ```
+ # The default is 'false':
+ #enable.nav.panel=true
+ ```
+
+10. If using ApacheDS and setting password policies, point to the correction location.
+
+ ```
+ # ApacheDS stores its password policies objects here by default:
+ apacheds.pwpolicy.root=ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
+ ```
+
+11. The fortress web runtime will cache user's permissions in their session if set to true.
+
+ ```
+ # Used by application security components:
+ perms.cached=true
+ ```
+
+12. Each instance of a fortress web can be scoped to one and only one tenant.  The default tenant is called HOME.
+
+ ```
+ # This is the default tenant or home context
+ contextId=HOME
+ ```
+
+ ```
+ # If you need to scope to a different tenant, supply its ID here:
+ contextId=mytenantid
+ ```
+
+___________________________________________________________________________________
 #### END OF README
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-fortress-commander/blob/d549ae61/src/main/resources/META-INF/context.xml
----------------------------------------------------------------------
diff --git a/src/main/resources/META-INF/context.xml b/src/main/resources/META-INF/context.xml
index 1b98e74..0870ec9 100644
--- a/src/main/resources/META-INF/context.xml
+++ b/src/main/resources/META-INF/context.xml
@@ -16,7 +16,7 @@
    specific language governing permissions and limitations
    under the License.
 -->
-<Context path="/commander" reloadable="true">
+<Context path="/fortress-web" reloadable="true">
 
     <Realm className="org.apache.directory.fortress.realm.tomcat.Tc7AccessMgrProxy"
            defaultRoles=""

http://git-wip-us.apache.org/repos/asf/directory-fortress-commander/blob/d549ae61/src/main/resources/fortress.properties.example
----------------------------------------------------------------------
diff --git a/src/main/resources/fortress.properties.example b/src/main/resources/fortress.properties.example
index c5a75fe..a9540e2 100644
--- a/src/main/resources/fortress.properties.example
+++ b/src/main/resources/fortress.properties.example
@@ -31,6 +31,7 @@ port=10389
 admin.user=uid=admin,ou=system
 admin.pw=secret
 
+
 # This is min/max settings for LDAP administrator pool connections that have read/write access to all nodes under suffix:
 min.admin.conn=1
 max.admin.conn=10