directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From smckin...@apache.org
Subject directory-fortress-enmasse git commit: FC-59 - Modify sample Fortress Rest Server policy
Date Tue, 10 Feb 2015 23:06:28 GMT
Repository: directory-fortress-enmasse
Updated Branches:
  refs/heads/master d58179a71 -> 0bb26a579


FC-59 - Modify sample Fortress Rest Server policy


Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/commit/0bb26a57
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/tree/0bb26a57
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/diff/0bb26a57

Branch: refs/heads/master
Commit: 0bb26a579050c64ffb0f6e2b51af9324b60a3b9b
Parents: d58179a
Author: Shawn McKinney <smckinney@apache.org>
Authored: Tue Feb 10 17:06:16 2015 -0600
Committer: Shawn McKinney <smckinney@apache.org>
Committed: Tue Feb 10 17:06:16 2015 -0600

----------------------------------------------------------------------
 pom.xml                                         |  2 +-
 src/main/resources/FortressRestServerPolicy.xml | 79 ++++++++++++++++++++
 src/main/resources/FortressRestServerRoles.xml  | 68 -----------------
 3 files changed, 80 insertions(+), 69 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/0bb26a57/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 2d6b15b..bae8376 100755
--- a/pom.xml
+++ b/pom.xml
@@ -441,7 +441,7 @@
                   <sysproperty key="version" value="${project.version}"/>
                   <sysproperty key="tenant" value="HOME"/>
                   <arg value="-buildfile"/>
-                  <arg file="./src/main/resources/FortressRestServerRoles.xml"/>
+                  <arg file="./src/main/resources/FortressRestServerPolicy.xml"/>
                 </java>
               </target>
             </configuration>

http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/0bb26a57/src/main/resources/FortressRestServerPolicy.xml
----------------------------------------------------------------------
diff --git a/src/main/resources/FortressRestServerPolicy.xml b/src/main/resources/FortressRestServerPolicy.xml
new file mode 100644
index 0000000..1c42f88
--- /dev/null
+++ b/src/main/resources/FortressRestServerPolicy.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+   Licensed to the Apache Software Foundation (ASF) under one
+   or more contributor license agreements.  See the NOTICE file
+   distributed with this work for additional information
+   regarding copyright ownership.  The ASF licenses this file
+   to you under the Apache License, Version 2.0 (the
+   "License"); you may not use this file except in compliance
+   with the License.  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing,
+   software distributed under the License is distributed on an
+   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+   KIND, either express or implied.  See the License for the
+   specific language governing permissions and limitations
+   under the License.
+-->
+<project basedir="." default="all" name="Fortress Rest Server Role Policy">
+    <taskdef classname="org.apache.directory.fortress.core.ant.FortressAntTask" name="FortressAdmin"
>
+        <classpath path="${java.class.path}"/>
+    </taskdef>
+
+    <target name="all">
+        <FortressAdmin>
+
+
+            <!-- Begin RBAC Admin Data: -->
+            <adduser>
+                <user userId="demoUser4" password="password" description="Demo Test User
4" ou="demousrs1" cn="JoeUser4" sn="User4"  pwPolicy="Test1" beginTime="0000" endTime="0000"
beginDate="20090101" endDate="20990101" beginLockDate="" endLockDate="" dayMask="1234567"
timeout="60" photo="p4.jpeg"/>
+            </adduser>
+
+            <adduserrole>
+                <userrole userId="demoUser4" name="fortress-rest-user"  beginTime="0000"
endTime="0000" beginDate="" endDate="" beginLockDate="" endLockDate="" dayMask="" timeout="0"/>
+                <userrole userId="demoUser4" name="fortress-rest-super-user"  beginTime="0000"
endTime="0000" beginDate="" endDate="" beginLockDate="" endLockDate="" dayMask="" timeout="0"/>
+            </adduserrole>
+
+            <addrole>
+                <!-- This role is checked by the servlet container using JavaEE security.
 All callers must be assigned this role
+                plus at least one more of the interceptor roles from below -->
+                <role name="fortress-rest-user" description="This is JavaEE role required
to call Fortress Rest server"/>
+
+                <!-- These roles are checked by the FortressInterceptor authorization
annotation inside FortressServiceImpl class. -->
+
+                <!-- Users assigned the fortress-rest-super-user role will gain access
to services.
+                     This is hard-wired in the FortressServiceImpl policy-->
+                <role name="fortress-rest-super-user" description="This role is accepted
by all of the Fortress Rest services"/>
+
+                <!-- Users assigned to the fortress-power-user role will gain access to
all services.
+                     This is via inheritance relationship with all of the other service roles-->
+                <role name="fortress-rest-power-user" description="This role inherits
all of the other Fortress Rest services roles"/>
+                <role name="fortress-rest-access-user" description="This role gains access
to the Fortress Rest Access Mgr services"/>
+                <role name="fortress-rest-admin-user" description="This role gains access
to the Fortress Rest Admin Mgr services"/>
+                <role name="fortress-rest-review-user" description="This role gains access
to the Fortress Rest Delegated Access services"/>
+                <role name="fortress-rest-delaccess-user" description="This role gains
access to the Fortress Rest Delegatged Admin services"/>
+                <role name="fortress-rest-deladmin-user" description="This role gains
access to the Fortress Rest Delegated Admin services"/>
+                <role name="fortress-rest-delreview-user" description="This role gains
access to the Fortress Rest Delegated Review services"/>
+                <role name="fortress-rest-pwmgr-user" description="This role gains access
to the Fortress Rest Password Policy Mgr services"/>
+                <role name="fortress-rest-audit-user" description="This role gains access
to the Fortress Rest Audit Mgr services"/>
+                <role name="fortress-rest-config-user" description="This role gains access
to the Fortress Rest Config Mgr services"/>
+            </addrole>
+
+            <addroleinheritance>
+                <!-- Users assigned fortress-web-power-user role will inherit each of
the following roles. -->
+                <relationship child="fortress-web-power-user" parent="fortress-rest-access-user"/>
+                <relationship child="fortress-web-power-user" parent="fortress-rest-admin-user"/>
+                <relationship child="fortress-web-power-user" parent="fortress-rest-review-user"/>
+                <relationship child="fortress-web-power-user" parent="fortress-rest-delaccess-user"/>
+                <relationship child="fortress-web-power-user" parent="fortress-rest-deladmin-user"/>
+                <relationship child="fortress-web-power-user" parent="fortress-rest-delreview-user"/>
+                <relationship child="fortress-web-power-user" parent="fortress-rest-pwmgr-user"/>
+                <relationship child="fortress-web-power-user" parent="fortress-rest-audit-user"/>
+                <relationship child="fortress-web-power-user" parent="fortress-rest-config-user"/>
+            </addroleinheritance>
+
+        </FortressAdmin>
+    </target>
+</project>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/0bb26a57/src/main/resources/FortressRestServerRoles.xml
----------------------------------------------------------------------
diff --git a/src/main/resources/FortressRestServerRoles.xml b/src/main/resources/FortressRestServerRoles.xml
deleted file mode 100644
index 5d80d8c..0000000
--- a/src/main/resources/FortressRestServerRoles.xml
+++ /dev/null
@@ -1,68 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-   Licensed to the Apache Software Foundation (ASF) under one
-   or more contributor license agreements.  See the NOTICE file
-   distributed with this work for additional information
-   regarding copyright ownership.  The ASF licenses this file
-   to you under the Apache License, Version 2.0 (the
-   "License"); you may not use this file except in compliance
-   with the License.  You may obtain a copy of the License at
-
-     http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing,
-   software distributed under the License is distributed on an
-   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-   KIND, either express or implied.  See the License for the
-   specific language governing permissions and limitations
-   under the License.
--->
-<project basedir="." default="all" name="Fortress Rest Server Role Policy">
-    <taskdef classname="org.apache.directory.fortress.core.ant.FortressAntTask" name="FortressAdmin"
>
-        <classpath path="${java.class.path}"/>
-    </taskdef>
-
-    <target name="all">
-        <FortressAdmin>
-
-            <addrole>
-                <!-- This role is checked by the servlet container using JavaEE security.
 All callers must be assigned this role
-                plus at least one more of the interceptor roles from below -->
-                <role name="fortress-rest-user" description="This is JavaEE role required
to call Fortress Rest server"/>
-
-                <!-- These roles are checked by the FortressInterceptor authorization
annotation inside FortressServiceImpl class. -->
-
-                <!-- Users assigned the fortress-rest-super-user role will gain access
to services.
-                     This is hard-wired in the FortressServiceImpl policy-->
-                <role name="fortress-rest-super-user" description="This role is accepted
by all of the Fortress Rest services"/>
-
-                <!-- Users assigned to the fortress-power-user role will gain access to
all services.
-                     This is via inheritance relationship with all of the other service roles-->
-                <role name="fortress-rest-power-user" description="This role inherits
all of the other Fortress Rest services roles"/>
-                <role name="fortress-rest-access-user" description="This role gains access
to the Fortress Rest Access Mgr services"/>
-                <role name="fortress-rest-admin-user" description="This role gains access
to the Fortress Rest Admin Mgr services"/>
-                <role name="fortress-rest-review-user" description="This role gains access
to the Fortress Rest Delegated Access services"/>
-                <role name="fortress-rest-delaccess-user" description="This role gains
access to the Fortress Rest Delegatged Admin services"/>
-                <role name="fortress-rest-deladmin-user" description="This role gains
access to the Fortress Rest Delegated Admin services"/>
-                <role name="fortress-rest-delreview-user" description="This role gains
access to the Fortress Rest Delegated Review services"/>
-                <role name="fortress-rest-pwmgr-user" description="This role gains access
to the Fortress Rest Password Policy Mgr services"/>
-                <role name="fortress-rest-audit-user" description="This role gains access
to the Fortress Rest Audit Mgr services"/>
-                <role name="fortress-rest-config-user" description="This role gains access
to the Fortress Rest Config Mgr services"/>
-            </addrole>
-
-            <addroleinheritance>
-                <!-- Users assigned fortress-web-power-user role will inherit each of
the following roles. -->
-                <relationship child="fortress-web-power-user" parent="fortress-rest-access-user"/>
-                <relationship child="fortress-web-power-user" parent="fortress-rest-admin-user"/>
-                <relationship child="fortress-web-power-user" parent="fortress-rest-review-user"/>
-                <relationship child="fortress-web-power-user" parent="fortress-rest-delaccess-user"/>
-                <relationship child="fortress-web-power-user" parent="fortress-rest-deladmin-user"/>
-                <relationship child="fortress-web-power-user" parent="fortress-rest-delreview-user"/>
-                <relationship child="fortress-web-power-user" parent="fortress-rest-pwmgr-user"/>
-                <relationship child="fortress-web-power-user" parent="fortress-rest-audit-user"/>
-                <relationship child="fortress-web-power-user" parent="fortress-rest-config-user"/>
-            </addroleinheritance>
-
-        </FortressAdmin>
-    </target>
-</project>
\ No newline at end of file


Mime
View raw message