Commit a954f3d2 authored by cdanger's avatar cdanger
Browse files

Updating doc for v4.4.0 to be released

parent 3e7b862b
......@@ -22,11 +22,11 @@ Installation
Minimal
-------
#. Download the binary (Ubuntu package with ``.deb`` extension) release of AuthZForce from `the Github project releases page <https://github.com/authzforce/server/releases/download/release-4.3.0/authzforce-ce-server_4.3.0_all.deb>`_. You get a file called ``authzforce-ce-server_4.3.0_all.deb``.
#. Download the binary (Ubuntu package with ``.deb`` extension) release of AuthZForce from `the Github project releases page <https://github.com/authzforce/server/releases/download/release-4.4.0/authzforce-ce-server_4.4.0_all.deb>`_. You get a file called ``authzforce-ce-server_4.4.0_all.deb``.
#. Copy this file to the host where you want to install the software.
#. On the host, from the directory where you copied this file, run the following commands:
| ``$ sudo aptitude install gdebi curl``
| ``$ sudo gdebi authzforce-ce-server_4.3.0_all.deb``
| ``$ sudo gdebi authzforce-ce-server_4.4.0_all.deb``
#. At the end, you will see a message giving optional instructions to go through. Please follow them as necessary.
Note that Tomcat default configuration may specify a very low value for the Java Xmx flag, causing the authzforce webapp startup to fail. In that case, make sure Tomcat with Xmx at 1Go or more (2 Go recommended). For example, for ubuntu 12.04, Tomcat default Xmx used to be 128m. You can fix it as follows:
......@@ -77,14 +77,14 @@ The reasons for creating different domains:
Domain Creation
+++++++++++++++
You create a domain by doing a HTTP POST request with XML payload to URL: ``http://${SERVER_NAME}:${PORT}/authzforce/domains``. Replace ``${SERVER_NAME}`` and ``${PORT}`` with your server hostname and port for HTTP. You can do it with ``curl`` tool::
You create a domain by doing a HTTP POST request with XML payload to URL: ``http://${SERVER_NAME}:${PORT}/authzforce-ce/domains``. Replace ``${SERVER_NAME}`` and ``${PORT}`` with your server hostname and port for HTTP. You can do it with ``curl`` tool::
$ curl --verbose --trace-ascii - --request POST \
--header "Content-Type: application/xml;charset=UTF-8" \
--data '<?xml version="1.0" encoding="UTF-8"?><taz:domainProperties xmlns:taz="http://authzforce.github.io/rest-api-model/xmlns/authz/4"> <name>MyDomain</name><description>This is my domain.</description></taz:domainProperties>' \
--header "Accept: application/xml" http://${SERVER_NAME}:${PORT}/authzforce/domains
--header "Accept: application/xml" http://${SERVER_NAME}:${PORT}/authzforce-ce/domains
...
> POST /authzforce/domains HTTP/1.1
> POST /authzforce-ce/domains HTTP/1.1
> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
> Host: az.testbed.fi-ware.eu
> Content-Type: application/xml;charset=UTF-8
......@@ -108,12 +108,12 @@ Domain Removal
++++++++++++++
You remove a domain by doing a HTTP DELETE request with XML payload to URL:
``http://${SERVER_NAME}:${PORT}/authzforce/domains/{domain_ID}``.
``http://${SERVER_NAME}:${PORT}/authzforce-ce/domains/{domain_ID}``.
For example with ``curl`` tool::
$ curl --verbose --request DELETE --header "Content-Type: application/xml;charset=UTF-8" \
--header "Accept: application/xml" http://${SERVER_NAME}:${PORT}/authzforce/domains/h_D23LsDEeWFwqVFFMDLTQ
--header "Accept: application/xml" http://${SERVER_NAME}:${PORT}/authzforce-ce/domains/h_D23LsDEeWFwqVFFMDLTQ
Policy administration is part of the Authorization Server API, addressed more extensively in the :ref:`programmerGuide`.
......@@ -127,7 +127,7 @@ To check the proper deployment and operation of the Authorization Server, perfor
#. Get the list of policy administration domains by doing the following HTTP request, replacing ``${host}`` with the server hostname, and ``${port}`` with the HTTP port of the server, for example with ``curl`` tool::
$ curl --verbose --show-error --write-out '\n' --request GET http://${host}:${port}/authzforce/domains
$ curl --verbose --show-error --write-out '\n' --request GET http://${host}:${port}/authzforce-ce/domains
#. Check the response which should have the following headers and body (there may be more headers which do not require checking here)::
Status Code: 200 OK
......@@ -140,7 +140,7 @@ To check the proper deployment and operation of the Authorization Server, perfor
You can check the exact body format in the representation element of response code 200 for method ``getDomains``, and all other API resources and operations in general, in the WADL (Web Application Description Language) document available at the following URL::
http://${host}:${port}/authzforce/?_wadl
http://${host}:${port}/authzforce-ce/?_wadl
List of Running Processes
-------------------------
......@@ -172,7 +172,7 @@ Diagnosis Procedures
``$ sudo netstat -lataupen|grep java``
#. If you still get a connection refused/error, especially if you are connecting remotely, check whether you are able to connect locally, then check the network link, i.e. whether any network filtering is in place on the host or on the access network, or other network issue: network interface status, DNS/IP adress resolution, routing, etc.
#. If you get an error ``404 Not Found``, make sure the webapp is deployed and enabled in Tomcat. Check for any webapp deployment error in file:
``/var/log/tomcat7/authzforce/error.log``.
``/var/log/tomcat7/authzforce-ce/error.log``.
Resource availability
......
......@@ -25,7 +25,7 @@ AuthZForce provides the following APIs:
* PDP API (PDP = Policy Decision Point in the XACML terminology): provides an API for getting authorization decisions computed by a XACML-compliant access control engine;
* PAP API (PAP = Policy Administration Point in XACML terminology): provides API for managing XACML policies to be handled by the Authorization Service PDP.
The full API (RESTful) is described by a document written in the Web Application Description Language format (WADL) and associated XML schema files available in `the source release of Github project 'rest-api-model' <https://github.com/authzforce/rest-api-model/archive/release-4.3.0.zip>`_, more specifically in file ``src/main/resources/authz-api.wadl``.
The full API (RESTful) is described by a document written in the Web Application Description Language format (WADL) and associated XML schema files available in `the source release of Github project 'rest-api-model' <https://github.com/authzforce/rest-api-model/archive/release-4.4.0.zip>`_, more specifically in file ``src/main/resources/authz-api.wadl``.
XACML is the main international OASIS standard for access control language and request-response formats, that addresses most use cases of access control. AuthZForce supports the full core XACML 3.0 language; therefore it allows to enforce very generic and complex access control policies.
......@@ -523,4 +523,4 @@ The easy way to integrate with IdM is to delegate the integration to the PEP up-
Software Libraries for clients of AuthZForce or other Authorization PDP GEis
----------------------------------------------------------------------------
The full API (RESTful) is described by a document written in the Web Application Description Language format (WADL) and associated XML schema files available in `the source release of Github project 'rest-api-model' <https://github.com/authzforce/rest-api-model/archive/release-4.3.0.zip>`_, more specifically in file ``src/main/resources/authz-api.wadl``. Therefore, you can use any WADL-supporting REST framework for clients; for instance in Java: Jersey, Apache CXF. From that, you can use WADL-to-code generators to generate your client code. For example in Java, 'wadl2java' tools allow to generate code for JAX-RS compatible frameworks such as Apache CXF and Jersey. Actually, we can provide a CXF-based Java library created with this tool to facilitate the development of clients.
The full API (RESTful) is described by a document written in the Web Application Description Language format (WADL) and associated XML schema files available in `the source release of Github project 'rest-api-model' <https://github.com/authzforce/rest-api-model/archive/release-4.4.0.zip>`_, more specifically in file ``src/main/resources/authz-api.wadl``. Therefore, you can use any WADL-supporting REST framework for clients; for instance in Java: Jersey, Apache CXF. From that, you can use WADL-to-code generators to generate your client code. For example in Java, 'wadl2java' tools allow to generate code for JAX-RS compatible frameworks such as Apache CXF and Jersey. Actually, we can provide a CXF-based Java library created with this tool to facilitate the development of clients.
......@@ -52,7 +52,7 @@ master_doc = 'index'
# General information about the project.
project = u'AuthZForce'
copyright = u'2015, Thales Services'
copyright = u'2015-2016, Thales Services'
author = u'Cyril Dangerville'
# The version info for the project you're documenting, acts as replacement for
......@@ -60,9 +60,9 @@ author = u'Cyril Dangerville'
# built documents.
#
# The short X.Y version.
version = '4.3.0'
version = '4.4.0'
# The full version, including alpha/beta/rc tags.
release = '4.3.0'
release = '4.4.0-FIWARE-R4'
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
......
This diff is collapsed.
......@@ -18,13 +18,13 @@ ENV DEBIAN_FRONTEND noninteractive
# download and install Authzforce (service starts Automatically)
RUN curl -O -L http://catalogue.fiware.org/sites/default/files/storage/enablers/authzforce_4.2.0-fiware_all.deb && \
dpkg --extract https://github.com/authzforce/server/releases/download/release-4.3.0/authzforce-ce-server_4.3.0_all.deb /root/authzforce/ && \
RUN curl -O -L http://github.com/authzforce/server/releases/download/release-4.4.0/authzforce-ce-server_4.4.0_all.deb && \
dpkg --extract authzforce-ce-server_4.4.0_all.deb /root/authzforce/ && \
mv /root/authzforce/etc/tomcat7/Catalina /usr/local/tomcat/conf/ && \
mv /root/authzforce/opt/* /opt/ && \
rm -rf /opt/authzforce/data/domains/* && \
rm -rf /root/authzforce && \
rm -f authzforce-ce-server_4.3.0_all.deb
rm -f authzforce-ce-server_4.4.0_all.deb
### Exposed ports
# - App server
......
......@@ -11,13 +11,13 @@ This image is intended to work together with [Identity Manager - Keyrock](http:/
## Image contents
- [x] `tomcat:7.0` official image available [here](https://hub.docker.com/_/tomcat/)
- [x] Authzforce 4.3.0
- [x] Authzforce 4.4.0
## Usage
This image gives you a minimal installation for testing purposes. The [AuthZForce Installation and administration guide](http://authzforce-ce-fiware.readthedocs.org/en/4.3.0/InstallationAndAdministrationGuide.html) provides you a better approach for using it in a production environment.
This image gives you a minimal installation for testing purposes. The [AuthZForce Installation and administration guide](http://authzforce-ce-fiware.readthedocs.org/en/4.4.0/InstallationAndAdministrationGuide.html) provides you a better approach for using it in a production environment.
This image, if used with the [Chanchan APP](https://github.com/Bitergia/fiware-chanchan), is fully provided for testing. [PEP Proxy Wilma](http://catalogue.fiware.org/enablers/pep-proxy-wilma) included in Chanchan APP is aware of the [Domain creation](http://authzforce-ce-fiware.readthedocs.org/en/4.3.0/InstallationAndAdministrationGuide.html#domain-creation).
This image, if used with the [Chanchan APP](https://github.com/Bitergia/fiware-chanchan), is fully provided for testing. [PEP Proxy Wilma](http://catalogue.fiware.org/enablers/pep-proxy-wilma) included in Chanchan APP is aware of the [Domain creation](http://authzforce-ce-fiware.readthedocs.org/en/4.4.0/InstallationAndAdministrationGuide.html#domain-creation).
Still, you can always do it yourself.
......@@ -36,13 +36,13 @@ curl -s --request POST \
--header "Accept: application/xml" \
--header "Content-Type: application/xml;charset=UTF-8" \
--data '<?xml version="1.0" encoding="UTF-8"?><taz:domainProperties xmlns:taz="http://authzforce.github.io/rest-api-model/xmlns/authz/4"><name>MyDomain</name><description>This is my domain.</description></taz:domainProperties>' \
http://<authzforce-container-ip>:8080/authzforce/domains
http://<authzforce-container-ip>:8080/authzforce-ce/domains
```
* **Retrieve the domain ID**
```
curl -s --request GET http://<authzforce-container-ip>:8080/authzforce/domains
curl -s --request GET http://<authzforce-container-ip>:8080/authzforce-ce/domains
```
* **Domain removal**
......@@ -51,7 +51,7 @@ curl -s --request GET http://<authzforce-container-ip>:8080/authzforce/domains
curl --verbose --request DELETE \
--header "Content-Type: application/xml;charset=UTF-8" \
--header "Accept: application/xml" \
http://<authzforce-container-ip>:8080/authzforce/domains/<domain-id>
http://<authzforce-container-ip>:8080/authzforce-ce/domains/<domain-id>
```
* **User and Role Management Setup && Domain Role Assignment**
......
......@@ -8,8 +8,8 @@ sudo -E apt-get update --assume-yes -qq
sudo -E apt-get install --assume-yes -qq gdebi curl debconf-utils
sudo curl --silent --remote-name --location http://authzforce.github.io/fiware/dist/authzforce_latest_all.deb
# Prevent Tomcat restart before change to JAVA_OPTS applied later
sudo bash -c "echo authzforce authzforce/restartTomcat boolean false | debconf-set-selections"
sudo bash -c "echo authzforce authzforce/keepSamples boolean true | debconf-set-selections"
sudo bash -c "echo authzforce-ce-server authzforce-ce-server/restartTomcat boolean false | debconf-set-selections"
sudo bash -c "echo authzforce-ce-server authzforce-ce-server/keepSamples boolean true | debconf-set-selections"
sudo -E gdebi --quiet --non-interactive authzforce_latest_all.deb
# FIX issue with Tomcat (very) slow startup on Linux KVM since kernel 3.13:
......
......@@ -10,7 +10,7 @@
# Wait for 20 sec max and check every 5 sec
max_iterations=5
iterations=0
until [[ "`curl --silent --show-error --connect-timeout 5 --max-time 10 --request GET http://$IP:8080/authzforce/domains | grep 'resources'`" != "" || $iterations -gt $max_iterations ]];
until [[ "`curl --silent --show-error --connect-timeout 5 --max-time 10 --request GET http://$IP:8080/authzforce-ce/domains | grep 'resources'`" != "" || $iterations -gt $max_iterations ]];
do
echo --- waiting 5 more seconds for Authzforce app to start
sleep 5
......@@ -20,7 +20,7 @@ done
if [[ $iterations -gt $max_iterations ]]
then
echo "AuthzForce startup seems to have failed, OR the Tomcat server was stopped, OR network filtering measures are blocking the HTTP request, as it is unreachable at URL 'http://$IP:8080/authzforce/domains', please check /var/log/tomcat7/authzforce/error.log"
echo "AuthzForce startup seems to have failed, OR the Tomcat server was stopped, OR network filtering measures are blocking the HTTP request, as it is unreachable at URL 'http://$IP:8080/authzforce-ce/domains', please check /var/log/tomcat7/authzforce-ce/error.log"
else
echo AuthZForce is ready!
fi
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment