Google Git
Sign in
apache / directory-fortress-enmasse / 2c49e74c563d4cd7da3e64950f1a0315451a2d8b^! / .
commit2c49e74c563d4cd7da3e64950f1a0315451a2d8b[log] [tgz]
authorShawn McKinney <smckinney@apache.org>Wed Apr 24 10:49:14 2019 -0500
committerShawn McKinney <smckinney@apache.org>Wed Apr 24 10:49:14 2019 -0500
tree27ec43a044546700c3216766e902e36efd9465be
parenta02e017ccc31cc371231ac0bffb876888c65b1b9 [diff]
describe the policy load files

diff --git a/README-SECURITY-MODEL.md b/README-SECURITY-MODEL.md
index 8352cfb..3cf984e 100644
--- a/README-SECURITY-MODEL.md
+++ b/README-SECURITY-MODEL.md

@@ -139,7 +139,7 @@
 ## 5. Java EE security and Apache CXF *SimpleAuthorizingInterceptor* policy load
 
  a. The policy load file in this section performs the following:
-  * Creates an RBAC role, *fortress-rest-user* that needed for Java EE simple role check (described earlier). See [web.xml](src/main/webapp/WEB-INF/web.xml).
+  * Creates an RBAC role, *fortress-rest-user* for Java EE simple role check (described earlier). See [web.xml](src/main/webapp/WEB-INF/web.xml).
   * Create the roles for corresponding Apache CXF **SimpleAuthorizingInterceptor** checks (also described earlier). See [FortressInterceptor](src/main/java/org/apache/directory/fortress/rest/FortressInterceptor.java).
     * For example...
     * Users assigned to *fortress-rest-admin-user* have access to every RBAC admin service.
@@ -156,7 +156,7 @@
  mvn install -Dload.file=src/main/resources/FortressRestServerPolicy.xml
  ```
 
- c. Now demoUser4 should be able to execute every service and pass the JavaEE and Apache CXF interceptor checks.
+ c. Now demoUser4 may execute every service and pass the JavaEE and Apache CXF interceptor checks.
 
 ## 6. ARBAC policy load
 
@@ -166,7 +166,7 @@
 is.arbac02=true
  ```
 
- b. The policy load file in this section Creates an Admin RBAC (ARBAC) Role named: *fortress-rest-admin*, and associate with (Test) Perm and User OU's:
+ b. The policy load file in this section Creates an Admin RBAC (ARBAC) Role named: *fortress-rest-admin*, and associates with (Test) Perm and User OU's:
 
  ```
 PermOUs="APP0,APP1,APP2,APP3,APP4,APP5,APP6,APP7,APP8,APP9,APP10,
@@ -187,17 +187,17 @@
       T6UOrg3,T6UOrg4,T6UOrg5,T6UOrg6,T6UOrg7,T7UOrg1,T7UOrg2,
       T7UOrg3,T7UOrg4,T7UOrg5,T7UOrg6,T7UOrg7"
  ```
- Note: These Perm and User OUs must be created prior to this sections's ARBAC sample load script being run.
- Those OUs are created during Apache Fortress Core integration testing inside the class named *FortressJUnitTest*.
+ Note: The Perm and User OUs must be created prior to the ARBAC sample load script being run.
+ They get created during Apache Fortress Core integration testing. See [FortressJUnitTest](https://github.com/apache/directory-fortress-core/blob/master/src/test/java/org/apache/directory/fortress/core/impl/FortressJUnitTest.java).
 
- c. Next the policy load script performs the following:
+ c. Next, the ARBAC sample policy load script performs:
 
- * Creates the Administrative Permissions that correspond with every Apache Fortress Rest service in this system.
- * Grants the Admin Perms to the Admin Role *fortress-rest-admin*.
- * Assigns the Admin Role *fortress-rest-admin* to the test User *demoUser4*.
-   * Users who have been granted this role, like *demoUser4*, may call every Apache Fortress Rest service in this syteem and pass the ARBAC02 perm checks.
-   * Assigned users will pass the ARBAC02 organizational checks for (only) the data contained within the Apache Fortress core junit tests.
-   * Assigned users will pass *all* of the ARBAC02 role range checks.
+ * Create one ARBAC Permission for every Apache Fortress Rest service that is secured by ARBAC02 (all but the access and config managers).
+ * Grants every ARBAC Perm to the ARBAC Role *fortress-rest-admin*.
+ * Assigns the ARBAC Role *fortress-rest-admin* to the test User *demoUser4*.
+   * Users who have been granted this ARBAC role, like *demoUser4*, may call every Apache Fortress Rest service in this syteem and pass the ARBAC perm checks.
+   * Assigned users will pass the ARBAC organizational checks for (only) the data contained within the Apache Fortress core junit tests.
+   * Assigned users will pass *all* of the ARBAC role range checks.
 
  d. To load the [FortressRestArbacSamplePolicy](./src/main/resources/FortressRestArbacSamplePolicy.xml) into LDAP:
 
@@ -205,7 +205,9 @@
  mvn install -Dload.file=src/main/resources/FortressRestArbacSamplePolicy.xml
  ```
 
-## 7. The list of Services that enforce ARBAC02.
+ e. Now demoUser4 may execute every service and pass the ARBAC checks corresponding with the test data inside of Apache Fortress Core's integration test suite.
+
+## 7. The list of Services that enforce ARBAC02 checking.
 
 |  #  | **Services**                   | UserOU Check | PermOU Check | Role Range Check | **ADMIN Permissions**                                                                             | 
 | --- | ------------------------------ | ------------ | ------------ | ---------------- | ------------------------------------------------------------------------------------------------- |