- Added new CXF authorization interceptor unit test description

- updated changelog

CHANGELOG.md

@@ -2,6 +2,24 @@
 All notable changes to this project are documented in this file following the [Keep a CHANGELOG](http://keepachangelog.com) conventions. 
 
 
+## Unreleased
+### Changed
+- Changed parent version: 4.1.1 -> 5.0.0
+- Changed dependency versions:
+	- AuthzForce Core PDP API: 8.2.0 -> 9.0.0
+	- SLF4J: 1.7.6 -> 1.7.22
+	- Spring: 4.3.5 -> 4.3.6
+	- Guava: 20.0 -> 21.0
+- Renamed `PDPImpl` class to `BasePdpEngine` implements new `PDPEngine` API
+
+### Removed
+- Removed/Merged `PdpConfigurationParser` class into new `BasePdpEngine` class (replacing `PDPImpl`)
+
+### Added
+- Unit test of CXF authorization interceptor (web service PEP) using AuthForce PDP engine, based on
+ @coheiga's [XACML 3.0 Authorization Interceptor test](https://github.com/coheigea/testcases/blob/master/apache/cxf/cxf-sts-xacml/src/test/java/org/apache/coheigea/cxf/sts/xacml/authorization/xacml3/XACML3AuthorizationTest.java)
+
+
 ## 6.1.0
 ### Changed
 - Parent project version: 4.0.0 -> 4.1.1 => Changed dependency versions: 

README.md

@@ -75,6 +75,11 @@ Our PDP implementation uses SLF4J for logging so you can use any SLF4J implement
 If you are using **Java 8**, make sure the following JVM argument is set before execution:
 `-Djavax.xml.accessExternalSchema=http`
 
+## Example of usage and code with a web service authorization module
+For an example of using an AuthzForce PDP engine in a real-life use case, please refer to the JUnit test class [LocalPdpAuthorizationTest](src/test/java/org/ow2/authzforce/core/pdp/impl/test/cxf/LocalPdpAuthorizationTest.java) and the Apache CXF authorization interceptor [LocalPdpBasedAuthzInterceptor](src/test/java/org/ow2/authzforce/core/pdp/impl/test/cxf/LocalPdpBasedAuthzInterceptor.java). The test class runs a test similar to @coheiga's [XACML 3.0 Authorization Interceptor test](https://github.com/coheigea/testcases/blob/master/apache/cxf/cxf-sts-xacml/src/test/java/org/apache/coheigea/cxf/sts/xacml/authorization/xacml3/XACML3AuthorizationTest.java) but using AuthzForce as PDP engine instead of OpenAZ. In this test, a web service client requests a Apache-CXF-based web service with a SAML token as credentials (previously issued by a Security Token Service upon successful client authentication) that contains the user ID and roles. Each request is intercepted on the web service side by a [CXF interceptor](src/test/java/org/ow2/authzforce/core/pdp/impl/test/cxf/LocalPdpBasedAuthzInterceptor.java) that plays the role of PEP (Policy Enforcement Point in XACML jargon), i.e. it extracts the various authorization attributes (user ID and roles, web service name, operation...) and requests a decision from a local PDP with these attributes, then enforces the PDP's decision, i.e. forwards the request to the web service implementation if the decision is Permit, else rejects it.
+For more information, see the Javadoc of  [LocalPdpAuthorizationTest](src/test/java/org/ow2/authzforce/core/pdp/impl/test/cxf/LocalPdpAuthorizationTest.java).
+
+
 ## Support
 
 If you are experiencing any issue with this project, please report it on the [OW2 Issue Tracker](https://jira.ow2.org/browse/AUTHZFORCE/).