| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| --> |
| <html> |
| <head> |
| <title>Overview of the org.apache.directory.fortress.rest component</title> |
| </head> |
| <body> |
| Fortress Rest is a web application that implements <A |
| HREF="http://en.wikipedia.org/wiki/Representational_state_transfer">RESTful</A> Web services to interface with |
| <A HREF="http://symas.com/javadocs/fortress/index.html?overview-summary.html">Fortress Core</A> and a directory server |
| like <A HREF="http://www.openldap.org/">OpenLDAP</A> |
| or <A HREF="http://directory.apache.org/apacheds//">ApacheDS</A>. |
| |
| <h2>What technologies are in use?</h2> |
| |
| Fortress Rest was built using established <A HREF="http://www.opensource.org/">Open Source</A> technologies including |
| <A HREF="http://cxf.apache.org/">Apache CXF</A> (web services stack), <A HREF="http://www.springsource.org/">Spring |
| Framework</A> (glue), <A HREF="http://maven.apache.org/">Maven</A> (dependencies) |
| and <A HREF="http://java.sun.com/xml/downloads/jaxb.html">JAXB</A> (data binding layer) and runs inside any reasonably |
| compliant Java Servlets container. |
| |
| <a href="org/apache/directory/fortress/rest/FortressService.html">Fortress Rest service</a> access control decisions are |
| enforced using <A HREF="http://symas.com/javadoc/fortress-rest/">Fortress Realm</A> which itself |
| uses declarative <A HREF="http://docs.oracle.com/javaee/5/tutorial/doc/bnbwk.html">Java EE Security</A> and <A |
| HREF="http://static.springsource.org/spring-security/site/">Spring Security</A> policy hooks that are wired to |
| connect back to the Fortress access management APIs. |
| |
| Fortress Rest is a <a href="http://java.sun.com/developer/technicalArticles/tools/webapps_1/">Java Web program</a> |
| artifact and is wholly dependent on <A HREF="org.apache.directory.fortress.core/package-summary.html">Fortress</A> |
| but also needs a <A HREF="http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol">V3 compliant LDAP</A> |
| server like OpenLDAP or ApacheDS. |
| For more information on installing and setting up a directory server check out the Fortress README's in the |
| directory-fortress-core source package. |
| |
| <h2>What can Fortress Rest do?</h2> |
| |
| Contained within this application are Web APIs to perform authentication, authorization, administration, audit and |
| password policies. |
| The most important package in this system, <A HREF="org/apache/directory/fortress/rest/package-summary.html">org.apache.directory.fortress.rest</A>, |
| contains the public Web APIs that are called by external systems. |
| |
| There is a one-to-one correspondence between a Fortress Core API and a Fortress Rest service. The Fortress Core |
| APIs are organized into 'Managers' each implementing a specific area of functionality within the Access Management lifecycle. |
| For a list of Fortress Rest services, see <a href="org/apache/directory/fortress/rest/FortressService.html">FortressService</a>. |
| |
| <h3>Fortress Manager Overview</h3> |
| <ol> |
| <li><a href="http://directory.apache.org/fortress/gen-docs/latest/apidocs/org/apache/directory/fortress/core/AccessMgr.html">AccessMgr</a> - This object |
| performs runtime access control operations on objects that are provisioned <a |
| href="http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf">RBAC</a> |
| entities that reside in LDAP directory. |
| </li> |
| <li><a href="http://directory.apache.org/fortress/gen-docs/latest/apidocs/org/apache/directory/fortress/core/AdminMgr.html">AdminMgr</a> - This object |
| performs administrative functions to provision Fortress <a |
| href="http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf">RBAC</a> |
| entities into the LDAP directory. |
| </li> |
| <li><a href="http://directory.apache.org/fortress/gen-docs/latest/apidocs/org/apache/directory/fortress/core/AuditMgr.html">AuditMgr</a> - This interface |
| prescribes methods used to search OpenLDAP's slapd access log. |
| </li> |
| <li><a href="http://directory.apache.org/fortress/gen-docs/latest/apidocs/org/apache/directory/fortress/core/DelAccessMgr.html">DelegatedAccessMgr</a> - |
| This interface prescribes the API for performing runtime delegated access control operations on objects that are |
| provisioned Fortress <a href="http://profsandhu.com/journals/tissec/p113-oh.pdf">ARBAC02</a> entities that |
| reside in LDAP directory. |
| </li> |
| <li><a href="http://directory.apache.org/fortress/gen-docs/latest/apidocs/org/apache/directory/fortress/core/DelAdminMgr.html">DelegatedAdminMgr</a> - This |
| class prescribes the <a href="http://profsandhu.com/journals/tissec/p113-oh.pdf">ARBAC02</a> DelegatedAdminMgr |
| interface for performing policy administration of Fortress ARBAC entities that reside in LDAP directory. |
| </li> |
| <li><a href="http://directory.apache.org/fortress/gen-docs/latest/apidocs/org/apache/directory/fortress/core/DelReviewMgr.html">DelegatedReviewMgr</a> - |
| This class prescribes the <a href="http://profsandhu.com/journals/tissec/p113-oh.pdf">ARBAC02</a> |
| DelegatedReviewMgr interface for performing policy interrogation of provisioned Fortress ARBAC02 entities that |
| reside in LDAP directory. |
| </li> |
| <li><a href="http://directory.apache.org/fortress/gen-docs/latest/apidocs/org/apache/directory/fortress/core/PwPolicyMgr.html">PswdPolicyMgr</a> - This |
| object adheres to <a href="http://tools.ietf.org/html/draft-behera-ldap-password-policy-10">IETF PW policy |
| draft</a> and is used to perform administrative and review functions on the <a |
| href="http://directory.apache.org/fortress/gen-docs/latest/apidocs/org/apache/directory/fortress/core/model/PwPolicy.html">PWPOLICIES</a> and <a |
| href="http://directory.apache.org/fortress/gen-docs/latest/apidocs/org/apache/directory/fortress/core/model/User.html">USERS</a> data sets |
| within Fortress. |
| </li> |
| <li><a href="http://directory.apache.org/fortress/gen-docs/latest/apidocs/org/apache/directory/fortress/core/ReviewMgr.html">ReviewMgr</a> - This interface |
| prescribes the administrative review functions on already provisioned Fortress <a |
| href="http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf">RBAC</a> |
| entities that reside in LDAP directory. |
| </li> |
| </ol> |
| |
| <h2>How can I connect with Fortress Rest?</h2> |
| |
| Clients have a choice in how to connect with the Fortress Rest services. Integration can occur using a |
| preferred Web service toolkit like <a href="http://axis.apache.org/axis/">AXIS 1</a>, <a |
| href="http://axis.apache.org/axis2/java/core/">AXIS 2</a>, |
| <a href="http://metro.java.net/">Metro</a>, <a href="http://cxf.apache.org/">CXF</a>, <a |
| href="http://static.springsource.org/spring-ws/sites/1.5/">Spring Web Services</a>, |
| <a href="http://wso2.com/products/web-services-framework/php">WSO2</a>, <a href="http://jquery.com/">JQuery</a>, etc, or |
| by using the Fortress Core APIs |
| themselves which have built in support for calling Fortress Rest. |
| |
| The Fortress Core APIs plugs into its backend data repository (LDAP) using a simple facade pattern that |
| shields its clients from downstream details. The behavior of the Fortress APIs does not change based |
| on the route it takes. |
| |
| <h3>Options for Fortress Rest service Integration</h3> |
| <ol> |
| <li>Client uses Fortress Core to connect to LDAP via Fortress Rest:<br> |
| Client-->Fortress Core-->HTTP/S-->Fortress Rest |
| </li> |
| <li>Client uses other Web frameworks to connect to Fortress Rest:<br> |
| Client[Axis, Metro, CXF, SpringWS,...]-->HTTP/S-->Fortress Rest |
| </li> |
| </ol> |
| </p> |
| <h2>What are the conditions of use?</h2> |
| |
| <p> |
| This software development kit is open source, thus free to use and distribute via the <a |
| href="http://www.apache.org/licenses/">Apache License, Version 2.0</a>. |
| </p> |
| </body> |
| </html> |