You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2015/05/28 09:08:59 UTC
[1/2] directory-fortress-core git commit: Fixed some not closed tags
Repository: directory-fortress-core
Updated Branches:
refs/heads/master 6840c7ba0 -> d72f03f23
Fixed some not closed tags
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/bca044f3
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/bca044f3
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/bca044f3
Branch: refs/heads/master
Commit: bca044f34021c83728477c92e6be6b12508c6001
Parents: 6840c7b
Author: Emmanuel Lécharny <el...@symas.com>
Authored: Thu May 28 08:23:29 2015 +0200
Committer: Emmanuel Lécharny <el...@symas.com>
Committed: Thu May 28 08:23:29 2015 +0200
----------------------------------------------------------------------
.../java/org/apache/directory/fortress/core/ant/package.html | 2 +-
.../java/org/apache/directory/fortress/core/cli/package.html | 7 ++++---
2 files changed, 5 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/bca044f3/src/main/java/org/apache/directory/fortress/core/ant/package.html
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/ant/package.html b/src/main/java/org/apache/directory/fortress/core/ant/package.html
index ab32115..bfb688b 100755
--- a/src/main/java/org/apache/directory/fortress/core/ant/package.html
+++ b/src/main/java/org/apache/directory/fortress/core/ant/package.html
@@ -27,7 +27,7 @@
using XML files.
</p>
<p>
- The <A HREF="package-summary.html">org.apache.directory.fortress.core.ant</a> package provides a provisioning utility that uses
+ The <a href="package-summary.html">org.apache.directory.fortress.core.ant</a> package provides a provisioning utility that uses
xml files that use Apache Ant to drive fortress administrative APIs.
See the {@link org.apache.directory.fortress.core.ant.FortressAntTask FortressAntTask} java doc for more info on how it works.
</p>
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/bca044f3/src/main/java/org/apache/directory/fortress/core/cli/package.html
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/cli/package.html b/src/main/java/org/apache/directory/fortress/core/cli/package.html
index 6bec747..d7dc5fa 100755
--- a/src/main/java/org/apache/directory/fortress/core/cli/package.html
+++ b/src/main/java/org/apache/directory/fortress/core/cli/package.html
@@ -57,7 +57,7 @@
also contains more than one word'.
<br/>
<br/>Below is reference manual for Fortress' CLI commands
- </p>
+ <br/>
<h2>Groups</h2>
@@ -97,7 +97,7 @@
<h2>Administrative Commands</h2>
This section contains a guide for the <b>functions</b> and <b>options</b> that fall in the <b>admin</b> group.
<ol type="A">
-<li>
+ <li>
<h3>auser : function to add a new User</h3>
<p>
@@ -1573,7 +1573,7 @@ This section contains a guide for the <b>functions</b> and <b>options</b> that f
This function searches for matching users on the userId field. It uses a search filter of:
<pre>
- String filter = "(&(objectclass=" + objectClassImpl + ")(" + GlobalIds.UID + "=" + searchVal + "*))";
+ String filter = "(&(objectclass=" + objectClassImpl + ")(" + GlobalIds.UID + "=" + searchVal + "*))";
</pre>
which will return all Users that match the leading characters of the search field which is case insensitive.
This logs the results using log4j to allow output to be logged to console or file.
@@ -2034,6 +2034,7 @@ This section contains a guide for the <b>functions</b> and <b>options</b> that f
<br/>
</ol>
</li>
+</ol>
<p>
The <b>org.apache.directory.fortress.cli.CommandLineInterpreter</b> drives the Fortress APIs. For more info on how the Fortress
APIs work, check out Fortress SDK Javadoc.
[2/2] directory-fortress-core git commit: Fixed some non closed tags
Posted by el...@apache.org.
Fixed some non closed tags
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/d72f03f2
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/d72f03f2
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/d72f03f2
Branch: refs/heads/master
Commit: d72f03f23dab9c6fc88ae0323fc30e071f082559
Parents: bca044f
Author: Emmanuel Lécharny <el...@symas.com>
Authored: Thu May 28 09:08:49 2015 +0200
Committer: Emmanuel Lécharny <el...@symas.com>
Committed: Thu May 28 09:08:49 2015 +0200
----------------------------------------------------------------------
.../apache/directory/fortress/core/package.html | 249 ++++++++++---------
1 file changed, 133 insertions(+), 116 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/d72f03f2/src/main/java/org/apache/directory/fortress/core/package.html
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/package.html b/src/main/java/org/apache/directory/fortress/core/package.html
index b31f249..12e5037 100755
--- a/src/main/java/org/apache/directory/fortress/core/package.html
+++ b/src/main/java/org/apache/directory/fortress/core/package.html
@@ -18,131 +18,148 @@
*
-->
<html>
- <head>
- <title>Package Documentation for org.apache.directory.fortress</title>
- </head>
- <body>
- <p>
- This package contains public APIs that are used by Java programs to provide Identity and Access Management functionality. The APIs
- are organized into categories or 'Managers'. Each manager controls a specific area of functionality.
+ <head>
+ <title>Package Documentation for org.apache.directory.fortress</title>
+ </head>
+ <body>
+ <p>
+ This package contains public APIs that are used by Java programs to provide Identity and Access Management functionality. The APIs
+ are organized into categories or 'Managers'. Each manager controls a specific area of functionality.
<h3>Managers</h3>
- <ol>
- <li>{@link org.apache.directory.fortress.core.AccessMgr} is used for RBAC runtime security checking</li>
- <li>{@link org.apache.directory.fortress.core.AdminMgr} is for RBAC provisioning</li>
- <li>{@link org.apache.directory.fortress.core.AuditMgr} is for interrogating OpenLDAP audit and historical logs</li>
- <li>{@link org.apache.directory.fortress.core.DelAccessMgr} is used for ARBAC runtime security checking</li>
- <li>{@link org.apache.directory.fortress.core.DelAdminMgr} is for ARBAC provisioning</li>
- <li>{@link org.apache.directory.fortress.core.DelReviewMgr} is used to interrogate ARBAC policy</li>
- <li>{@link org.apache.directory.fortress.core.PwPolicyMgr} is for performing OpenLDAP pwpolicy provisioning and interrogation</li>
- <li>{@link org.apache.directory.fortress.core.ReviewMgr} is used to interrogate RBAC policy</li>
- </ol>
- </p>
- <p>
- The <b>org.apache.directory.fortress</b> package provides managers, factories and exception classes that can be thrown when
- fortress needs to report an error status code back to caller. The fortress manager APIs are based on standards like <a href="http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf">RBAC</a>,
- <a href="http://profsandhu.com/journals/tissec/p113-oh.pdf">ARBAC02</a> and <a href="http://tools.ietf.org/html/draft-behera-ldap-password-policy-10/">Password Policy for LDAP Directories</a>.
- A {@link org.apache.directory.fortress.core.util.time.Constraint} mechanism is used by fortress to control the {@link org.apache.directory.fortress.core.util.time.Time}, {@link org.apache.directory.fortress.core.util.time.Date} and {@link org.apache.directory.fortress.core.util.time.Day} of week for when a
- {@link org.apache.directory.fortress.core.rbac.User} or {@link org.apache.directory.fortress.core.rbac.UserRole} entity can be activated within a {@link org.apache.directory.fortress.core.rbac.Session}.
- There is also a lockout mechanism to temporarily bar entities from activating. AuditMgr may be used to interrogate OpenLDAP audit and historical information.
- </p>
- <hr>
+ <ol>
+ <li>{@link org.apache.directory.fortress.core.AccessMgr} is used for RBAC runtime security checking</li>
+ <li>{@link org.apache.directory.fortress.core.AdminMgr} is for RBAC provisioning</li>
+ <li>{@link org.apache.directory.fortress.core.AuditMgr} is for interrogating OpenLDAP audit and historical logs</li>
+ <li>{@link org.apache.directory.fortress.core.DelAccessMgr} is used for ARBAC runtime security checking</li>
+ <li>{@link org.apache.directory.fortress.core.DelAdminMgr} is for ARBAC provisioning</li>
+ <li>{@link org.apache.directory.fortress.core.DelReviewMgr} is used to interrogate ARBAC policy</li>
+ <li>{@link org.apache.directory.fortress.core.PwPolicyMgr} is for performing OpenLDAP pwpolicy provisioning and interrogation</li>
+ <li>{@link org.apache.directory.fortress.core.ReviewMgr} is used to interrogate RBAC policy</li>
+ </ol>
+ </p>
+ <p>
+ The <b>org.apache.directory.fortress</b> package provides managers, factories and exception classes that can be thrown when
+ fortress needs to report an error status code back to caller. The fortress manager APIs are based on standards like
+ <a href="http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf">RBAC</a>,
+ <a href="http://profsandhu.com/journals/tissec/p113-oh.pdf">ARBAC02</a> and
+ <a href="http://tools.ietf.org/html/draft-behera-ldap-password-policy-10/">Password Policy for LDAP Directories</a>.
+ A {@link org.apache.directory.fortress.core.util.time.Constraint} mechanism is used by fortress to control the
+ {@link org.apache.directory.fortress.core.util.time.Time}, {@link org.apache.directory.fortress.core.util.time.Date} and
+ {@link org.apache.directory.fortress.core.util.time.Day} of week for when a
+ {@link org.apache.directory.fortress.core.rbac.User} or {@link org.apache.directory.fortress.core.rbac.UserRole}
+ entity can be activated within a {@link org.apache.directory.fortress.core.rbac.Session}.
+ There is also a lockout mechanism to temporarily bar entities from activating.
+ AuditMgr may be used to interrogate OpenLDAP audit and historical information.
+ </p>
+ <hr>
<h2>Description of Package Contents</h2>
This package contains APIs to do the following
<ol>
- <li>Role Based Access Control (RBAC)</li>
- <li>Administrative Role Based Access Control (ARBAC)</li>
- <li>Password Policies</li>
- <li>Audit Trail</li>
+ <li>Role Based Access Control (RBAC)</li>
+ <li>Administrative Role Based Access Control (ARBAC)</li>
+ <li>Password Policies</li>
+ <li>Audit Trail</li>
</ol>
The following sections provides more info on each.
<hr>
- <h3>1. Role Based Access Control description</h3>
- <p>
- Many of the method names and signatures within this package were taken directly from ANSI INCITS 359-2004.
- The RBAC Functional specification describes administrative operations for the creation
- and maintenance of RBAC element sets and relations; administrative review functions for
- performing administrative queries; and system functions for creating and managing
- RBAC attributes on user sessions and making access control decisions.
- <p/>
- <h4>RBAC0 - Core</h4>
- Many-to-many relationship between Users, Roles and Permissions. Selective role activation into sessions. API to add, update, delete identity data and perform identity and access control decisions during runtime operations.
- <p/>
- <img src="./doc-files/RbacCore.png">
- <h4>RBAC1 - General Hierarchical Roles</h4>
- Simplifies role engineering tasks using inheritance of one or more parent roles.
- <p/>
- <img src="./doc-files/RbacHier.png">
- <h4>RBAC2 - Static Separation of Duty (SSD) Relations</h4>
- Enforce mutual membership exclusions across role assignments. Facilitate dual control policies by restricting which roles may be assigned to users in combination. SSD provide added granularity for authorization limits which help enterprises meet strict compliance regulations.
- <p/>
- <img src="./doc-files/RbacSSD.png">
- <h4>RBAC3 - Dynamic Separation of Duty (DSD) Relations</h4>
- Control allowed role combinations to be activated within an RBAC session. DSD policies fine tune role policies that facilitate authorization dual control and two man policy restrictions during runtime security checks.
- <p/>
- <img src="./doc-files/RbacDSD.png">
- <p/>
+ <h3>1. Role Based Access Control description</h3>
+ <p>
+ Many of the method names and signatures within this package were taken directly from ANSI INCITS 359-2004.
+ The RBAC Functional specification describes administrative operations for the creation
+ and maintenance of RBAC element sets and relations; administrative review functions for
+ performing administrative queries; and system functions for creating and managing
+ RBAC attributes on user sessions and making access control decisions.
+ <p/>
+ <h4>RBAC0 - Core</h4>
+ Many-to-many relationship between Users, Roles and Permissions. Selective role activation into sessions. API to add, update, delete identity data and perform identity and access control decisions during runtime operations.
+ <p/>
+ <img src="./doc-files/RbacCore.png"/>
+ <h4>RBAC1 - General Hierarchical Roles</h4>
+ Simplifies role engineering tasks using inheritance of one or more parent roles.
+ <p/>
+ <img src="./doc-files/RbacHier.png"/>
+ <h4>RBAC2 - Static Separation of Duty (SSD) Relations</h4>
+ Enforce mutual membership exclusions across role assignments. Facilitate dual control policies by restricting which roles may be assigned to users in combination. SSD provide added granularity for authorization limits which help enterprises meet strict compliance regulations.
+ <p/>
+ <img src="./doc-files/RbacSSD.png"/>
+ <h4>RBAC3 - Dynamic Separation of Duty (DSD) Relations</h4>
+ Control allowed role combinations to be activated within an RBAC session. DSD policies fine tune role policies that facilitate authorization dual control and two man policy restrictions during runtime security checks.
+ <p/>
+ <img src="./doc-files/RbacDSD.png"/>
+ <p/>
+ </hr>
<hr>
- <h3>2. Administrative Role Based Access Control (ARBAC) description</h3>
- These APIs map directly to similar named APIs specified by ARBAC02 functions. The ARBAC Functional specification describes delegated administrative
- operations for the creation and maintenance of ARBAC element sets and relations. Delegated administrative review functions for performing administrative queries
- and system functions for creating and managing ARBAC attributes on user sessions and making delegated administrative access control decisions.
- <h4>ARBAC02 Diagram</h4>
- <img src="./doc-files/ARbac.png">
- <p/>
- Fortress fully supports the Oh/Sandhu/Zhang ARBAC02 model for delegated administration. ARBAC provides large enterprises the capability to delegate administrative authority to users that reside outside of the security admin group.
- Decentralizing administration helps because it provides security provisioning capability to work groups without sacrificing regulations for accountability or traceability.
- <p/>
+ <h3>2. Administrative Role Based Access Control (ARBAC) description</h3>
+ These APIs map directly to similar named APIs specified by ARBAC02 functions.
+ The ARBAC Functional specification describes delegated administrative
+ operations for the creation and maintenance of ARBAC element sets and relations.
+ Delegated administrative review functions for performing administrative queries
+ and system functions for creating and managing ARBAC attributes on user sessions and making delegated
+ administrative access control decisions.
+ <h4>ARBAC02 Diagram</h4>
+ <img src="./doc-files/ARbac.png"/>
+ <p/>
+ Fortress fully supports the Oh/Sandhu/Zhang ARBAC02 model for delegated administration.
+ ARBAC provides large enterprises the capability to delegate administrative authority to
+ users that reside outside of the security admin group.
+ Decentralizing administration helps because it provides security provisioning capability to
+ work groups without sacrificing regulations for accountability or traceability.
+ <p/>
+ </hr>
<hr>
- <h3>3. Password Policy description</h3>
- Fortress APIs store and interrogate policies on <a href="http://www.openldap.org/">OpenLDAP</a> which supports the IETF <a href="http://tools.ietf.org/html/draft-behera-ldap-password-policy-10/">Password Policies LDAP directories</a></li> draft. Policies may be applied at the user, group or global level.
- Password enforcement options include:
- <ul>
- <li>A configurable limit on failed authentication attempts.</li>
- <li>A counter to track the number of failed authentication attempts.</li>
- <li>A time frame in which the limit of consecutive failed authentication attempts must happen before action is taken.</li>
- <li>The action to be taken when the limit is reached. The action will either be nothing, or the account will be locked.</li>
- <li>An amount of time the account is locked (if it is to be locked) This can be indefinite.</li>
- <li>Password expiration.</li>
- <li>Expiration warning</li>
- <li>Grace authentications</li>
- <li>Password history</li>
- <li>Password minimum age</li>
- <li>Password minimum length</li>
- <li>Password Change after Reset</li>
- <li>Safe Modification of Password</li>
- </ul>
- <h4>Password Policy diagram</h4>
- The following is an example of policies that can be configured. There is no limit to the number of different policies that can be created and enforced.
- <p/>
- <img src="./doc-files/PasswordPolicy.png">
- <p/>
+ <h3>3. Password Policy description</h3>
+ Fortress APIs store and interrogate policies on <a href="http://www.openldap.org/">OpenLDAP</a> which supports the
+ IETF <a href="http://tools.ietf.org/html/draft-behera-ldap-password-policy-10/">Password Policies LDAP directories</a> draft.
+ Policies may be applied at the user, group or global level.
+ Password enforcement options include:
+ <ul>
+ <li>A configurable limit on failed authentication attempts.</li>
+ <li>A counter to track the number of failed authentication attempts.</li>
+ <li>A time frame in which the limit of consecutive failed authentication attempts must happen before action is taken.</li>
+ <li>The action to be taken when the limit is reached. The action will either be nothing, or the account will be locked.</li>
+ <li>An amount of time the account is locked (if it is to be locked) This can be indefinite.</li>
+ <li>Password expiration.</li>
+ <li>Expiration warning</li>
+ <li>Grace authentications</li>
+ <li>Password history</li>
+ <li>Password minimum age</li>
+ <li>Password minimum length</li>
+ <li>Password Change after Reset</li>
+ <li>Safe Modification of Password</li>
+ </ul>
+ <h4>Password Policy diagram</h4>
+ The following is an example of policies that can be configured. There is no limit to the number of different policies
+ that can be created and enforced.
+ <p/>
+ <img src="./doc-files/PasswordPolicy.png"/>
+ <p/>
+ </hr>
<hr>
- <h3>4. History and Audit trail using OpenLDAP</h3>
- Provides an OpenLDAP access log retrieval mechanism that enables security event monitoring.
- <ol>
- <li>Authentication events:
- <li>Session enablement events
- <li>Authorization events
- <li>Entity mods and deletes
- </li>
- </ol>
- <h4>Diagram of Audit Events</h4>
- <img src="./doc-files/Audit.png">
- <p/>
- All events include Fortress context, see {@code FortEntity}.
- <p/>
- <h4>
- The following APIs generate events subsequently stored in this access log:
- </h4>
- <ul>
- <li> {@link org.apache.directory.fortress.core.AccessMgr}
- <li> {@link org.apache.directory.fortress.core.AdminMgr}
- <li> {@link org.apache.directory.fortress.core.AdminMgr}
- <li> {@link org.apache.directory.fortress.core.DelAdminMgr}
- <li> {@link org.apache.directory.fortress.core.cfg.ConfigMgr}
- <li> {@link org.apache.directory.fortress.core.PwPolicyMgr}
- </ul>
- </p>
- </body>
+ <h3>4. History and Audit trail using OpenLDAP</h3>
+ Provides an OpenLDAP access log retrieval mechanism that enables security event monitoring.
+ <ol>
+ <li>Authentication events:</li>
+ <li>Session enablement events</li>
+ <li>Authorization events</li>
+ <li>Entity mods and deletes</li>
+ </ol>
+ <h4>Diagram of Audit Events</h4>
+ <img src="./doc-files/Audit.png"/>
+ <p/>
+ All events include Fortress context, see {@code FortEntity}.
+ <p/>
+ <h4>The following APIs generate events subsequently stored in this access log:</h4>
+ <ul>
+ <li> {@link org.apache.directory.fortress.core.AccessMgr}</li>
+ <li> {@link org.apache.directory.fortress.core.AdminMgr}</li>
+ <li> {@link org.apache.directory.fortress.core.AdminMgr}</li>
+ <li> {@link org.apache.directory.fortress.core.DelAdminMgr}</li>
+ <li> {@link org.apache.directory.fortress.core.cfg.ConfigMgr}</li>
+ <li> {@link org.apache.directory.fortress.core.PwPolicyMgr}</li>
+ </ul>
+ </p>
+ </hr>
+ </hr>
+ </body>
</html>