You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by sm...@apache.org on 2015/02/11 00:06:28 UTC
directory-fortress-enmasse git commit: FC-59 - Modify sample Fortress
Rest Server policy
Repository: directory-fortress-enmasse
Updated Branches:
refs/heads/master d58179a71 -> 0bb26a579
FC-59 - Modify sample Fortress Rest Server policy
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/commit/0bb26a57
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/tree/0bb26a57
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/diff/0bb26a57
Branch: refs/heads/master
Commit: 0bb26a579050c64ffb0f6e2b51af9324b60a3b9b
Parents: d58179a
Author: Shawn McKinney <sm...@apache.org>
Authored: Tue Feb 10 17:06:16 2015 -0600
Committer: Shawn McKinney <sm...@apache.org>
Committed: Tue Feb 10 17:06:16 2015 -0600
----------------------------------------------------------------------
pom.xml | 2 +-
src/main/resources/FortressRestServerPolicy.xml | 79 ++++++++++++++++++++
src/main/resources/FortressRestServerRoles.xml | 68 -----------------
3 files changed, 80 insertions(+), 69 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/0bb26a57/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 2d6b15b..bae8376 100755
--- a/pom.xml
+++ b/pom.xml
@@ -441,7 +441,7 @@
<sysproperty key="version" value="${project.version}"/>
<sysproperty key="tenant" value="HOME"/>
<arg value="-buildfile"/>
- <arg file="./src/main/resources/FortressRestServerRoles.xml"/>
+ <arg file="./src/main/resources/FortressRestServerPolicy.xml"/>
</java>
</target>
</configuration>
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/0bb26a57/src/main/resources/FortressRestServerPolicy.xml
----------------------------------------------------------------------
diff --git a/src/main/resources/FortressRestServerPolicy.xml b/src/main/resources/FortressRestServerPolicy.xml
new file mode 100644
index 0000000..1c42f88
--- /dev/null
+++ b/src/main/resources/FortressRestServerPolicy.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<project basedir="." default="all" name="Fortress Rest Server Role Policy">
+ <taskdef classname="org.apache.directory.fortress.core.ant.FortressAntTask" name="FortressAdmin" >
+ <classpath path="${java.class.path}"/>
+ </taskdef>
+
+ <target name="all">
+ <FortressAdmin>
+
+
+ <!-- Begin RBAC Admin Data: -->
+ <adduser>
+ <user userId="demoUser4" password="password" description="Demo Test User 4" ou="demousrs1" cn="JoeUser4" sn="User4" pwPolicy="Test1" beginTime="0000" endTime="0000" beginDate="20090101" endDate="20990101" beginLockDate="" endLockDate="" dayMask="1234567" timeout="60" photo="p4.jpeg"/>
+ </adduser>
+
+ <adduserrole>
+ <userrole userId="demoUser4" name="fortress-rest-user" beginTime="0000" endTime="0000" beginDate="" endDate="" beginLockDate="" endLockDate="" dayMask="" timeout="0"/>
+ <userrole userId="demoUser4" name="fortress-rest-super-user" beginTime="0000" endTime="0000" beginDate="" endDate="" beginLockDate="" endLockDate="" dayMask="" timeout="0"/>
+ </adduserrole>
+
+ <addrole>
+ <!-- This role is checked by the servlet container using JavaEE security. All callers must be assigned this role
+ plus at least one more of the interceptor roles from below -->
+ <role name="fortress-rest-user" description="This is JavaEE role required to call Fortress Rest server"/>
+
+ <!-- These roles are checked by the FortressInterceptor authorization annotation inside FortressServiceImpl class. -->
+
+ <!-- Users assigned the fortress-rest-super-user role will gain access to services.
+ This is hard-wired in the FortressServiceImpl policy-->
+ <role name="fortress-rest-super-user" description="This role is accepted by all of the Fortress Rest services"/>
+
+ <!-- Users assigned to the fortress-power-user role will gain access to all services.
+ This is via inheritance relationship with all of the other service roles-->
+ <role name="fortress-rest-power-user" description="This role inherits all of the other Fortress Rest services roles"/>
+ <role name="fortress-rest-access-user" description="This role gains access to the Fortress Rest Access Mgr services"/>
+ <role name="fortress-rest-admin-user" description="This role gains access to the Fortress Rest Admin Mgr services"/>
+ <role name="fortress-rest-review-user" description="This role gains access to the Fortress Rest Delegated Access services"/>
+ <role name="fortress-rest-delaccess-user" description="This role gains access to the Fortress Rest Delegatged Admin services"/>
+ <role name="fortress-rest-deladmin-user" description="This role gains access to the Fortress Rest Delegated Admin services"/>
+ <role name="fortress-rest-delreview-user" description="This role gains access to the Fortress Rest Delegated Review services"/>
+ <role name="fortress-rest-pwmgr-user" description="This role gains access to the Fortress Rest Password Policy Mgr services"/>
+ <role name="fortress-rest-audit-user" description="This role gains access to the Fortress Rest Audit Mgr services"/>
+ <role name="fortress-rest-config-user" description="This role gains access to the Fortress Rest Config Mgr services"/>
+ </addrole>
+
+ <addroleinheritance>
+ <!-- Users assigned fortress-web-power-user role will inherit each of the following roles. -->
+ <relationship child="fortress-web-power-user" parent="fortress-rest-access-user"/>
+ <relationship child="fortress-web-power-user" parent="fortress-rest-admin-user"/>
+ <relationship child="fortress-web-power-user" parent="fortress-rest-review-user"/>
+ <relationship child="fortress-web-power-user" parent="fortress-rest-delaccess-user"/>
+ <relationship child="fortress-web-power-user" parent="fortress-rest-deladmin-user"/>
+ <relationship child="fortress-web-power-user" parent="fortress-rest-delreview-user"/>
+ <relationship child="fortress-web-power-user" parent="fortress-rest-pwmgr-user"/>
+ <relationship child="fortress-web-power-user" parent="fortress-rest-audit-user"/>
+ <relationship child="fortress-web-power-user" parent="fortress-rest-config-user"/>
+ </addroleinheritance>
+
+ </FortressAdmin>
+ </target>
+</project>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/0bb26a57/src/main/resources/FortressRestServerRoles.xml
----------------------------------------------------------------------
diff --git a/src/main/resources/FortressRestServerRoles.xml b/src/main/resources/FortressRestServerRoles.xml
deleted file mode 100644
index 5d80d8c..0000000
--- a/src/main/resources/FortressRestServerRoles.xml
+++ /dev/null
@@ -1,68 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<project basedir="." default="all" name="Fortress Rest Server Role Policy">
- <taskdef classname="org.apache.directory.fortress.core.ant.FortressAntTask" name="FortressAdmin" >
- <classpath path="${java.class.path}"/>
- </taskdef>
-
- <target name="all">
- <FortressAdmin>
-
- <addrole>
- <!-- This role is checked by the servlet container using JavaEE security. All callers must be assigned this role
- plus at least one more of the interceptor roles from below -->
- <role name="fortress-rest-user" description="This is JavaEE role required to call Fortress Rest server"/>
-
- <!-- These roles are checked by the FortressInterceptor authorization annotation inside FortressServiceImpl class. -->
-
- <!-- Users assigned the fortress-rest-super-user role will gain access to services.
- This is hard-wired in the FortressServiceImpl policy-->
- <role name="fortress-rest-super-user" description="This role is accepted by all of the Fortress Rest services"/>
-
- <!-- Users assigned to the fortress-power-user role will gain access to all services.
- This is via inheritance relationship with all of the other service roles-->
- <role name="fortress-rest-power-user" description="This role inherits all of the other Fortress Rest services roles"/>
- <role name="fortress-rest-access-user" description="This role gains access to the Fortress Rest Access Mgr services"/>
- <role name="fortress-rest-admin-user" description="This role gains access to the Fortress Rest Admin Mgr services"/>
- <role name="fortress-rest-review-user" description="This role gains access to the Fortress Rest Delegated Access services"/>
- <role name="fortress-rest-delaccess-user" description="This role gains access to the Fortress Rest Delegatged Admin services"/>
- <role name="fortress-rest-deladmin-user" description="This role gains access to the Fortress Rest Delegated Admin services"/>
- <role name="fortress-rest-delreview-user" description="This role gains access to the Fortress Rest Delegated Review services"/>
- <role name="fortress-rest-pwmgr-user" description="This role gains access to the Fortress Rest Password Policy Mgr services"/>
- <role name="fortress-rest-audit-user" description="This role gains access to the Fortress Rest Audit Mgr services"/>
- <role name="fortress-rest-config-user" description="This role gains access to the Fortress Rest Config Mgr services"/>
- </addrole>
-
- <addroleinheritance>
- <!-- Users assigned fortress-web-power-user role will inherit each of the following roles. -->
- <relationship child="fortress-web-power-user" parent="fortress-rest-access-user"/>
- <relationship child="fortress-web-power-user" parent="fortress-rest-admin-user"/>
- <relationship child="fortress-web-power-user" parent="fortress-rest-review-user"/>
- <relationship child="fortress-web-power-user" parent="fortress-rest-delaccess-user"/>
- <relationship child="fortress-web-power-user" parent="fortress-rest-deladmin-user"/>
- <relationship child="fortress-web-power-user" parent="fortress-rest-delreview-user"/>
- <relationship child="fortress-web-power-user" parent="fortress-rest-pwmgr-user"/>
- <relationship child="fortress-web-power-user" parent="fortress-rest-audit-user"/>
- <relationship child="fortress-web-power-user" parent="fortress-rest-config-user"/>
- </addroleinheritance>
-
- </FortressAdmin>
- </target>
-</project>
\ No newline at end of file