commit | 60d7d31a52503b076b24d5e30de8a01f949f910f | [log] [tgz] |
---|---|---|
author | Shawn McKinney <smckinney@symas.com> | Sat Jul 16 07:36:40 2022 -0500 |
committer | Shawn McKinney <smckinney@symas.com> | Sat Jul 16 07:36:40 2022 -0500 |
tree | 99144fceb7601bd0d0878166aea95c449da19ab0 | |
parent | 08c648eb479320d2fae1fd4c0ce6c7591550b08a [diff] |
2.0.8 release preps
Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the “License”); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
This document contains instructions to download, build, and test operations using Apache Fortress Rest component.
An http service interface to drive Apache Fortress APIs.
Uses Apache CXF as the rest framework.
Layered security using ...
Minimum hardware requirements:
Minimum software requirements:
Everything else covered in steps that follow. Tested on Debian, Centos systems.
a. from git:
git clone --branch 2.0.5 https://gitbox.apache.org/repos/asf/directory-fortress-enmasse.git cd directory-fortress-enmasse
b. or apache fortress downloads
a. Java 8 target
mvn clean install
-- OR --
b. Java 11 target
mvn clean install -Djava.version=11
mvn javadoc:javadoc
This web app uses Java EE security.
wget https://repo.maven.apache.org/maven2/org/apache/directory/fortress/fortress-realm-proxy/2.0.8/fortress-realm-proxy-2.0.8.jar -P $TOMCAT_HOME/lib
$TOMCAT_HOME
points to the execution env.Note: The realm proxy enables Tomcat container-managed security functions to call back to fortress.
sudo vi /usr/local/tomcat8/conf/tomcat-users.xml
<role rolename="manager-script"/> <user username="tcmanager" password="m@nager123" roles="manager-script"/>
cp src/main/resources/fortress.properties.example src/main/resources/fortress.properties
vi src/main/resources/fortress.properties
Pick either Apache Directory or OpenLDAP server:
a. Prepare fortress for ApacheDS usage:
# This param tells fortress what type of ldap server in use: ldap.server.type=apacheds # Use value from [Set Hostname Entry]: host=localhost # ApacheDS defaults to this: port=10389 # These credentials are used for read/write access to all nodes under suffix: admin.user=uid=admin,ou=system admin.pw=secret
-- Or --
b. Prepare fortress for OpenLDAP usage:
# This param tells fortress what type of ldap server in use: ldap.server.type=openldap # Use value from [Set Hostname Entry]: host=localhost # OpenLDAP defaults to this: port=389 # These credentials are used for read/write access to all nodes under suffix: admin.user=cn=Manager,dc=example,dc=com admin.pw=secret
mvn -version
This sample requires Java 8 and Maven 3 to be setup within the execution env.
mvn install -Dload.file=src/main/resources/FortressRestServerPolicy.xml
mvn install -Dload.file=src/main/resources/FortressRestArbacSamplePolicy.xml
mvn
commands.a. If using autodeploy feature, verify the Tomcat auto-deploy options are set correctly in the pom.xml file:
<plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>tomcat-maven-plugin</artifactId> <version>1.0-beta-1</version> <configuration> ... <url>http://localhost:8080/manager/text</url> <path>/${project.artifactId}</path> <username>tcmanager</username> <password>m@nager123</password> </configuration> </plugin>
b. Now, automatically deploy to tomcat server:
mvn clean tomcat:deploy
c. To automatically redeploy sample app:
mvn clean tomcat:redeploy
d. To manually deploy app to Tomcat:
cp target/fortress-rest-[version].war $TOMCAT_HOME/webapps
$TOMCAT_HOME
points to the execution env.Run unit test:
mvn test -Dtest=EmTest
Test Notes:
These tests will use the Apache Fortress Core test programs to drive the Apache Fortress Rest services. It works via fortress core's inherent ability to call itself over REST, useful for testing and hopping over firewalls.
(FortressCore)<---https--->(FortressRest)<-in-process->(FortressCore)<---ldaps--->(DirectoryServer)
See SECTION 1. Prerequisites of this document for more info on how to prepare a test env.
enable.mgr.impl.rest=true # This user account is added automatically during deployment of fortress-rest via -Dload.file=./src/main/resources/FortressRestServerPolicy.xml: http.user=demouser4 http.pw=password http.host=localhost http.port=8080 http.protocol=http
mvn install
mvn -Dtest=FortressJUnitTest test
mvn test -Pconsole
This section describes the properties needed to control fortress rest.
The host name can be specified as a fully qualified domain name or IP address:
# Host name and port of LDAP DIT: host=localhost port=10389
# If ApacheDS server: ldap.server.type=apacheds
# Else if OpenLDAP server: ldap.server.type=openldap
# Else leave blank: #ldap.server.type=other
This service account must have read/write privileges over the entire Fortress LDAP Directory Information Tree (DIT):
# If ApacheDS it will look something like this: admin.user=uid=admin,ou=system admin.pw=secret
# Else If OpenLDAP it will look something like this: admin.user=cn=Manager,dc=example,dc=com
# This is min/max settings for LDAP connections. For testing and low-volume instances this will work: min.admin.conn=1 max.admin.conn=10
Notes on connection pools:
This will match your LDAP‘s server’s config node per Fortress Core setup:
# This node contains fortress properties stored on behalf of connecting LDAP clients: config.realm=DEFAULT config.root=ou=Config,dc=example,dc=com
# Used for SSL Connection to LDAP Server: enable.ldap.ssl=true enable.ldap.ssl.debug=true trust.store=/fully/qualified/path/and/file/name/to/java/truststore trust.store.password=changeit
# ApacheDS stores its password policies objects here by default: apacheds.pwpolicy.root=ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config