directory-fortress mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shawn McKinney <smckin...@apache.org>
Subject Re: Enhanced ARBAC02 checking in Apache Fortress REST
Date Sat, 16 Mar 2019 18:46:55 GMT

> On Mar 16, 2019, at 1:26 PM, Shawn McKinney <smckinney@apache.org> wrote:
> 
> See the readme above for more description on how the ARBAC checks work.
> 
> The ARBAC02 checks are turned off by default in the Apache Fortress REST runtime.  To
enable, add this to fortress.properties file:
> is.arbac02=true
> 

Here’s an example of a working ARBAC02 policy that can be loaded into an LDAP server:
https://github.com/apache/directory-fortress-enmasse/blob/master/src/main/resources/FortressRestServerPolicy.xml

The admin user, demouser4 has been granted the RBAC role, fortress-rest-power-user, to pass
the Java EE and CXF coarse-grained checks.  

The ADMIN role assigned, fortress-rest-admin, has been granted all of the ADMIN permissions
to call every service.  This same role passes UserOU checks for DEV0 - DEV10, PermOU checks
for APP0 - APP10, and will has assign/grant authority over all RBAC roles.

The demouser4 will pass the fortress junit integration tests, routed through REST, when the
arbac02 checks have been enabled on the REST side.  

—Shawn
Mime
View raw message