| <?xml version="1.0" encoding="UTF-8"?> |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| --> |
| <project basedir="." default="all" name="Fortress Sample Data"> |
| <taskdef classname="org.apache.directory.fortress.core.ant.FortressAntTask" name="FortressAdmin" > |
| <classpath path="${java.class.path}"/> |
| </taskdef> |
| |
| <target name="all"> |
| <FortressAdmin> |
| |
| <!-- |
| <addcontext> |
| <context name="${tenant}"/> |
| </addcontext> |
| --> |
| |
| <addcontainer> |
| <container name="People" description="Fortress People"/> |
| <container name="Policies" description="Fortress Policies"/> |
| <container name="RBAC" description="Fortress RBAC Policies"/> |
| <container name="Roles" parent="RBAC" description="Fortress Roles"/> |
| <container name="Permissions" parent="RBAC" description="Fortress Permissions"/> |
| <container name="Constraints" parent="RBAC" description="Fortress Separation of Duty Constraints"/> |
| <container name="ARBAC" description="Fortress Administrative RBAC Policies"/> |
| <container name="OS-U" parent="ARBAC" description="Fortress User Organizational Units"/> |
| <container name="OS-P" parent="ARBAC" description="Fortress Perm Organizational Units"/> |
| <container name="AdminRoles" parent="ARBAC" description="Fortress AdminRoles"/> |
| <container name="AdminPerms" parent="ARBAC" description="Fortress Admin Permissions"/> |
| </addcontainer> |
| |
| <!-- Begin RBAC Admin Data: --> |
| <adduser> |
| <!-- User end time is very early - 8am so this user will fail AuthN if you login after that time. --> |
| <user userId="demoUser1" |
| password="password" |
| description="Demo Test User 1" |
| ou="demousrs1" |
| cn="JoeUser1" |
| sn="User1" |
| pwPolicy="Test1" |
| beginTime="0000" |
| endTime="0800" |
| beginDate="20090101" |
| endDate="20990101" |
| beginLockDate="" |
| endLockDate="" |
| dayMask="1234567" |
| timeout="60" |
| city="Lawrence" |
| state="KS" |
| country="US" |
| addresses="1450 Jayhawk Blvd.,50 Strong Hall" |
| postalCode="66045" |
| postOfficeBox="321" |
| building="50" |
| departmentNumber="77" |
| roomNumber="1" |
| email="joe.user@ku.edu,joe.user@jts.us" |
| phone="785 864-4700,785-864-4000" |
| mobile="785 864-4701,785 864-2201" |
| photo="p1.jpeg" |
| /> |
| |
| <user userId="demoUser2" password="password" description="Demo Test User 2" ou="demousrs1" cn="JoeUser2" sn="User2" pwPolicy="Test1" beginTime="0000" endTime="0000" beginDate="20090101" endDate="20990101" beginLockDate="" endLockDate="" dayMask="1234567" timeout="60" photo="p2.jpeg"/> |
| |
| <!-- Bad User day mask --> |
| <user userId="demoUser3" password="password" description="Demo Test User 3" ou="demousrs1" cn="JoeUser3" sn="User3" pwPolicy="Test1" beginTime="0000" endTime="0000" beginDate="20090101" endDate="20990101" beginLockDate="" endLockDate="" dayMask="17" timeout="60" photo="p3.jpeg"/> |
| <user userId="demoUser4" password="password" description="Demo Test User 4" ou="demousrs1" cn="JoeUser4" sn="User4" pwPolicy="Test1" beginTime="0000" endTime="0000" beginDate="20090101" endDate="20990101" beginLockDate="" endLockDate="" dayMask="1234567" timeout="60" photo="p4.jpeg"/> |
| |
| <!-- Bad Role end time --> |
| <user userId="demoUser5" password="password" description="Demo Test User 5" ou="demousrs1" cn="JoeUser5" sn="User5" pwPolicy="Test1" beginTime="0000" endTime="0000" beginDate="20090101" endDate="20990101" beginLockDate="" endLockDate="" dayMask="1234567" timeout="60" photo="p5.jpeg"/> |
| <user userId="demoUser6" password="password" description="Demo Test User 6" ou="demousrs1" cn="JoeUser6" sn="User6" pwPolicy="Test1" beginTime="0000" endTime="0000" beginDate="20090101" endDate="20990101" beginLockDate="" endLockDate="" dayMask="1234567" timeout="60" photo="p6.jpeg"/> |
| |
| <!-- Bad Role begin date --> |
| <user userId="demoUser7" password="password" description="Demo Test User 7" ou="demousrs1" cn="JoeUser7" sn="User7" pwPolicy="Test1" beginTime="0000" endTime="0000" beginDate="20090101" endDate="20990101" beginLockDate="" endLockDate="" dayMask="1234567" timeout="60" photo="p7.jpeg"/> |
| <user userId="demoUser8" password="password" description="Demo Test User 8" ou="demousrs1" cn="JoeUser8" sn="User8" pwPolicy="Test1" beginTime="0000" endTime="0000" beginDate="20090101" endDate="20990101" beginLockDate="" endLockDate="" dayMask="1234567" timeout="60" photo="p8.jpeg"/> |
| |
| <!-- Bad Role end date --> |
| <user userId="demoUser9" password="password" description="Demo Test User 9" ou="demousrs1" cn="JoeUser9" sn="User9" pwPolicy="Test1" beginTime="0000" endTime="0000" beginDate="20090101" endDate="20990101" beginLockDate="" endLockDate="" dayMask="1234567" timeout="60" photo="p9.jpeg"/> |
| <user userId="demoUser10" password="password" description="Demo Test User 10" ou="demousrs1" cn="JoeUser10" sn="User10" pwPolicy="Test1" beginTime="0000" endTime="0000" beginDate="20090101" endDate="20990101" beginLockDate="" endLockDate="" dayMask="1234567" timeout="60" photo="p10.jpeg"/> |
| |
| <user userId="tcmanager" password="m@nager123" system="true" description="Tomcat Manager User" ou="demousrs1" cn="tcmanager" sn="manager" pwPolicy="Test1" beginTime="0000" endTime="0000" beginDate="20090101" endDate="20990101" beginLockDate="" endLockDate="" dayMask="1234567" timeout="0" photo="p11.jpeg"/> |
| |
| <user userId="wasadmin" password="@dmin123" system="true" description="Websphere Console Admin" ou="demousrs1" cn="wasadmin" sn="admin" pwPolicy="Test1" beginTime="0000" endTime="0000" beginDate="20090101" endDate="20990101" beginLockDate="" endLockDate="" dayMask="1234567" timeout="0" photo="p12.jpeg"/> |
| |
| <user userId="demoAdminUser1" |
| password="password" |
| description="Demo Test Admin User 1" |
| ou="demousrs1" |
| cn="adminUser1" |
| sn="adminUser1" |
| pwPolicy="Test1" |
| beginTime="0000" |
| endTime="0000" |
| beginDate="20090101" |
| endDate="20990101" |
| beginLockDate="" |
| endLockDate="" |
| dayMask="1234567" |
| timeout="60" |
| photo="p13.jpeg" |
| /> |
| </adduser> |
| |
| <adduserrole> |
| <userrole userId="demoUser1" |
| name="role1" |
| beginTime="0000" |
| endTime="0000" |
| beginDate="" |
| endDate="" |
| beginLockDate="" |
| endLockDate="" |
| dayMask="" |
| timeout="0"/> |
| |
| <userrole userId="demoUser2" name="role1" beginTime="0000" endTime="0000" beginDate="" endDate="" beginLockDate="" endLockDate="" dayMask="" timeout="0"/> |
| <userrole userId="demoUser3" name="role1" beginTime="0000" endTime="0000" beginDate="" endDate="" beginLockDate="" endLockDate="" dayMask="" timeout="0"/> |
| |
| <userrole userId="demoUser4" name="role1" beginTime="0000" endTime="0000" beginDate="" endDate="" beginLockDate="" endLockDate="" dayMask="" timeout="0"/> |
| <userrole userId="demoUser4" name="fortress-rest-user" beginTime="0000" endTime="0000" beginDate="" endDate="" beginLockDate="" endLockDate="" dayMask="" timeout="0"/> |
| <userrole userId="demoUser4" name="fortress-rest-super-user" beginTime="0000" endTime="0000" beginDate="" endDate="" beginLockDate="" endLockDate="" dayMask="" timeout="0"/> |
| <!-- Bad - role end time --> |
| <userrole userId="demoUser5" name="role1" beginTime="0700" endTime="0800" beginDate="20100101" endDate="21000101" beginLockDate="" endLockDate="" dayMask="" timeout="0"/> |
| <userrole userId="demoUser6" name="role1" beginTime="0000" endTime="0000" beginDate="" endDate="" beginLockDate="" endLockDate="" dayMask="" timeout="0"/> |
| <!-- Bad - role begin date --> |
| <userrole userId="demoUser7" name="role1" beginTime="0000" endTime="0000" beginDate="20110110" endDate="21000101" beginLockDate="" endLockDate="" dayMask="" timeout="0"/> |
| <userrole userId="demoUser8" name="role1" beginTime="0000" endTime="0000" beginDate="" endDate="" beginLockDate="" endLockDate="" dayMask="" timeout="0"/> |
| <!-- Bad - role end date --> |
| <userrole userId="demoUser9" name="role1" beginTime="0000" endTime="0000" beginDate="20100101" endDate="20100608" beginLockDate="" endLockDate="" dayMask="" timeout="0"/> |
| <userrole userId="demoUser10" name="role1" beginTime="0000" endTime="0000" beginDate="" endDate="" beginLockDate="" endLockDate="" dayMask="" timeout="0"/> |
| |
| <userrole userId="tcmanager" name="manager-gui" beginTime="0000" endTime="0000" beginDate="" endDate="" beginLockDate="" endLockDate="" dayMask="" timeout="0"/> |
| <userrole userId="tcmanager" name="manager-script" beginTime="0000" endTime="0000" beginDate="" endDate="" beginLockDate="" endLockDate="" dayMask="" timeout="0"/> |
| <userrole userId="tcmanager" name="manager" beginTime="0000" endTime="0000" beginDate="" endDate="" beginLockDate="" endLockDate="" dayMask="" timeout="0"/> |
| </adduserrole> |
| |
| <addrole> |
| <role name="role1" description="Tomcat Role 1 for Calendar App"/> |
| <role name="role2" description="Tomcat Role 2 for Calendar App"/> |
| <role name="manager-gui" description="Tomcat 7 Manager Role for Manager UI"/> |
| <role name="manager-script" description="Tomcat 7 Manager Role for Management Scripts"/> |
| <role name="manager" description="Tomcat Manager Role"/> |
| <role name="fortress-rest-super-user" description="Role to gain access to the Fortress Rest services"/> |
| <role name="fortress-rest-user" description="Role to gain access to the Fortress Rest server"/> |
| </addrole> |
| |
| <addadminrole> |
| <role name="DemoAdminUsers" |
| description="Test Admin Role for Demo" |
| osps="demoapps1,demoapps2" |
| osus="demousrs1,demousrs2" |
| beginrange="role1" |
| endrange="role1" |
| begininclusive="true" |
| endinclusive="true"/> |
| </addadminrole> |
| |
| <adduseradminrole> |
| <userrole userId="demouser4" |
| name="DemoAdminUsers" |
| beginTime="0000" |
| endTime="0000" |
| beginDate="" |
| endDate="" |
| beginLockDate="" |
| endLockDate="" |
| dayMask="" |
| timeout="0"/> |
| </adduseradminrole> |
| |
| <addsdset> |
| <sdset name="DemoSSD1" |
| description="Demo static separation of duties" |
| cardinality="2" |
| settype="STATIC" |
| setmembers="role1,role2"/> |
| </addsdset> |
| |
| <addpwpolicy> |
| <!-- safe modify must be false iff user can chg pw after reset --> |
| <policy name="Test1" |
| minAge="0" |
| maxAge="7776000" |
| inHistory="5" |
| checkQuality="2" |
| minLength="4" |
| expireWarning="2592000" |
| graceLoginLimit="3" |
| lockout="true" |
| lockoutDuration="0" |
| maxFailure="3" |
| failureCountInterval="0" |
| mustChange="true" |
| allowUserChange="true" |
| safeModify="false" /> |
| </addpwpolicy> |
| |
| <addpermobj> |
| <permobj objName="/cal/cal1.jsp" |
| description="Fortress Web Demo App Object 1" |
| ou="demoapps1" |
| type="Ant"/> |
| |
| <permobj objName="/cal/cal2.jsp" |
| description="Fortress Web Demo App Object 2" |
| ou="demoapps1" |
| type="Ant"/> |
| |
| <!-- |
| <permobj admin="true" |
| objName="org.apache.directory.fortress.audit.AuditMgrImpl" |
| description="AuditMgr Object" |
| ou="demoapps1" type="Ant"/> |
| --> |
| |
| </addpermobj> |
| |
| <addpermop> |
| <permop opName="main" objName="/cal/cal1.jsp" type="Ant"/> |
| <permop opName="8am" objName="/cal/cal2.jsp" type="Ant"/> |
| <permop opName="9am" objName="/cal/cal2.jsp" type="Ant"/> |
| <permop opName="10am" objName="/cal/cal2.jsp" type="Ant"/> |
| <permop opName="11am" objName="/cal/cal2.jsp" type="Ant"/> |
| <permop opName="12pm" objName="/cal/cal2.jsp" type="Ant"/> |
| <permop opName="1pm" objName="/cal/cal2.jsp" type="Ant"/> |
| <permop opName="2pm" objName="/cal/cal2.jsp" type="Ant"/> |
| <permop opName="3pm" objName="/cal/cal2.jsp" type="Ant"/> |
| <permop opName="4pm" objName="/cal/cal2.jsp" type="Ant"/> |
| <permop opName="5pm" objName="/cal/cal2.jsp" type="Ant"/> |
| <permop opName="6pm" objName="/cal/cal2.jsp" type="Ant"/> |
| |
| <!-- |
| <permop admin="true" opName="searchBinds" objName="org.apache.directory.fortress.audit.AuditMgrImpl" type="Ant"/> |
| <permop admin="true" opName="searchAuthZs" objName="org.apache.directory.fortress.audit.AuditMgrImpl" type="Ant"/> |
| <permop admin="true" opName="getUserAuthZs" objName="org.apache.directory.fortress.audit.AuditMgrImpl" type="Ant"/> |
| <permop admin="true" opName="searchUserSessions" objName="org.apache.directory.fortress.audit.AuditMgrImpl" type="Ant"/> |
| <permop admin="true" opName="searchAdminMods" objName="org.apache.directory.fortress.audit.AuditMgrImpl" type="Ant"/> |
| <permop admin="true" opName="searchInvalidUsers" objName="org.apache.directory.fortress.audit.AuditMgrImpl" type="Ant"/> |
| --> |
| </addpermop> |
| |
| <addpermgrant> |
| <permgrant objName="/cal/cal1.jsp" opName="main" roleNm="role1"/> |
| <permgrant objName="/cal/cal2.jsp" opName="8am" roleNm="role1"/> |
| <permgrant objName="/cal/cal2.jsp" opName="10am" roleNm="role1"/> |
| <permgrant objName="/cal/cal2.jsp" opName="12pm" roleNm="role1"/> |
| <permgrant objName="/cal/cal2.jsp" opName="2pm" roleNm="role1"/> |
| <permgrant objName="/cal/cal2.jsp" opName="4pm" roleNm="role1"/> |
| <permgrant objName="/cal/cal2.jsp" opName="6pm" roleNm="role1"/> |
| |
| <!-- |
| <permgrant admin="true" objName="org.apache.directory.fortress.audit.AuditMgrImpl" opName="searchBinds" roleNm="DemoAdminUsers"/> |
| <permgrant admin="true" objName="org.apache.directory.fortress.audit.AuditMgrImpl" opName="searchAuthZs" roleNm="DemoAdminUsers"/> |
| <permgrant admin="true" objName="org.apache.directory.fortress.audit.AuditMgrImpl" opName="getUserAuthZs" roleNm="DemoAdminUsers"/> |
| <permgrant admin="true" objName="org.apache.directory.fortress.audit.AuditMgrImpl" opName="searchUserSessions" roleNm="DemoAdminUsers"/> |
| <permgrant admin="true" objName="org.apache.directory.fortress.audit.AuditMgrImpl" opName="searchAdminMods" roleNm="DemoAdminUsers"/> |
| <permgrant admin="true" objName="org.apache.directory.fortress.audit.AuditMgrImpl" opName="searchInvalidUsers" roleNm="DemoAdminUsers"/> |
| --> |
| </addpermgrant> |
| |
| <!-- Begin ARBAC Delegated Admin Data: --> |
| <addorgunit> |
| <orgunit name="demousrs1" typeName="USER" description="Test User Org 1 for User on Tomcat Calendar App"/> |
| <orgunit name="demousrs2" typename="USER" description="Test User Org 2 for User on Tomcat Calendar App"/> |
| <orgunit name="demoapps1" typeName="PERM" description="Test Perm Org 1 for Permission on Tomcat Calendar App"/> |
| <orgunit name="demoapps2" typename="PERM" description="Test Perm Org 2 for Permission on Tomcat Calendar App"/> |
| </addorgunit> |
| |
| </FortressAdmin> |
| </target> |
| </project> |