Commit dbc2e69e authored by cdanger's avatar cdanger
Browse files

Updated documentation for v4.3.0

parent c41b1e64
......@@ -22,13 +22,17 @@ Installation
Minimal
-------
#. Download the latest binary (Ubuntu package with ``.deb`` extension) release of AuthZForce from the FIWARE catalogue, in the `Downloads section <http://catalogue.fiware.org/enablers/authorization-pdp-authzforce/downloads>`_. You get a file called ``authzforce_4.2.0-fiware_all.deb``.
#. Download the binary (Ubuntu package with ``.deb`` extension) release of AuthZForce from `the Github project releases page <https://github.com/authzforce/server/releases/download/release-4.3.0/authzforce-ce-server_4.3.0_all.deb>`_. You get a file called ``authzforce-ce-server_4.3.0_all.deb``.
#. Copy this file to the host where you want to install the software.
#. On the host, from the directory where you copied this file, run the following commands:
| ``$ sudo aptitude install gdebi curl``
| ``$ sudo gdebi authzforce_4.2.0-fiware_all.deb``
| ``$ sudo gdebi authzforce-ce-server_4.3.0_all.deb``
#. At the end, you will see a message giving optional instructions to go through. Please follow them as necessary.
Note that Tomcat default configuration may specify a very low value for the Java Xmx flag, causing the authzforce webapp startup to fail. In that case, make sure tomcat with Xmx at 1Go or more (2 Go recommended). For example, for ubuntu 12.04, tomcat default Xmx used to be 128m. You can fix it as follows:
| ``$ sudo sed -i "s/-Xmx128m/-Xmx1024m/" /etc/default/tomcat``
| ``$ sudo service tomcat7 restart``
Advanced
--------
......@@ -46,9 +50,9 @@ For configuring and managing Tomcat, please refer to the `official user guide <h
Authzforce webapp
-----------------
The Authzforce webapp configuration directory is located here: ``/opt/authzforce/conf``.
The Authzforce webapp configuration directory is located here: ``/opt/authzforce-ce-server/conf``.
In particular, the file ``logback.xml`` configures the logging for the webapp (independently from Tomcat). By default, Authzforce-specific logs go to ``/var/log/tomcat7/authzforce/error.log``.
In particular, the file ``logback.xml`` configures the logging for the webapp (independently from Tomcat). By default, Authzforce-specific logs go to ``/var/log/tomcat7/authzforce-ce/error.log``.
Restart Tomcat to apply any configuration change:
``$ sudo service tomcat7 restart``
......@@ -61,10 +65,9 @@ The Concept of Policy Domain
The application is multi-tenant, i.e. it allows users or organizations to work on authorization policies in complete isolation from each other. In this document, we use the term *domain* instead of *tenant*. In this context, a policy domain consists of:
* Various metadata about the domain: ID, name, description;
* The root XACML <PolicySet>;
* Optional <PolicySet>s that may be referenced in <Policy(Set)Reference>s by the aforementioned root <PolicySet>;
* Attribute Finders configuration: attribute finders resolve attributes from other sources than the PEP's or any other client's XACML <Request>.
* Various metadata about the domain: ID assigned by the Authzforce API, external ID (assigned by the provisioning client), description, reference to the (root) active policy in the domain;
* A policy repository;
* Attribute Providers configuration: attribute providers provide attributes that the PEP does NOT directly provide in the XACML <Request>. For example, an attribute provider may get attribute values from an external database.
The reasons for creating different domains:
......@@ -78,7 +81,7 @@ You create a domain by doing a HTTP POST request with XML payload to URL: ``http
$ curl --verbose --trace-ascii - --request POST \
--header "Content-Type: application/xml;charset=UTF-8" \
--data '<?xml version="1.0" encoding="UTF-8"?><taz:properties xmlns:taz="http://thalesgroup.com/authz/model/3.0/resource"> <name>MyDomain</name><description>This is my domain.</description></taz:properties>' \
--data '<?xml version="1.0" encoding="UTF-8"?><taz:domainProperties xmlns:taz="http://authzforce.github.io/rest-api-model/xmlns/authz/4"> <name>MyDomain</name><description>This is my domain.</description></taz:domainProperties>' \
--header "Accept: application/xml" http://${SERVER_NAME}:${PORT}/authzforce/domains
...
> POST /authzforce/domains HTTP/1.1
......@@ -95,7 +98,7 @@ You create a domain by doing a HTTP POST request with XML payload to URL: ``http
< Content-Type: application/xml
< Transfer-Encoding: chunked
<
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><link xmlns="http://www.w3.org/2005/Atom" rel="item" href="0ae7f48f-1f13-11e3-a300-eb6797612f3f"/>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><link xmlns="http://www.w3.org/2005/Atom" rel="item" href="h_D23LsDEeWFwqVFFMDLTQ" title="h_D23LsDEeWFwqVFFMDLTQ"/>
**WARNING**: Mind the leading and trailing single quotes for the ``--data`` argument. Do not use double quotes instead of these single quotes, otherwise curl will remove the double quotes in the XML payload itself, and send invalid XML which will be rejected by the server. The ``--trace-ascii -`` argument (the last dash here means *stdout*) is indeed a way to check the actual request body sent by ``curl``. So use it only if you need to dump the outgoing (and incoming) data, in particular the request body, on *stdout*.
......@@ -110,7 +113,7 @@ You remove a domain by doing a HTTP DELETE request with XML payload to URL:
For example with ``curl`` tool::
$ curl --verbose --request DELETE --header "Content-Type: application/xml;charset=UTF-8" \
--header "Accept: application/xml" http://${SERVER_NAME}:${PORT}/authzforce/domains/0ae7f48f-1f13-11e3-a300-eb6797612f3f
--header "Accept: application/xml" http://${SERVER_NAME}:${PORT}/authzforce/domains/h_D23LsDEeWFwqVFFMDLTQ
Policy administration is part of the Authorization Server API, addressed more extensively in the :ref:`programmerGuide`.
......@@ -130,7 +133,7 @@ To check the proper deployment and operation of the Authorization Server, perfor
Status Code: 200 OK
Content-Type: application/xml
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns2:resources xmlns:ns2="http://thalesgroup.com/authzforce/model" xmlns:ns3="http://www.w3.org/2005/Atom">
<ns2:resources xmlns:ns2="http://authzforce.github.io/rest-api-model/xmlns/authz/4">
... list of links to policy domains omitted here...
</ns2:resources>
......
......@@ -25,7 +25,7 @@ AuthZForce provides the following APIs:
* PDP API (PDP = Policy Decision Point in the XACML terminology): provides an API for getting authorization decisions computed by a XACML-compliant access control engine;
* PAP API (PAP = Policy Administration Point in XACML terminology): provides API for managing XACML policies to be handled by the Authorization Service PDP.
The full API (RESTful) is described by a document written in the Web Application Description Language format (WADL) and associated XML schema files available on the `FIWARE catalogue <http://catalogue.fiware.org/enablers/authorization-pdp-authzforce/downloads>`_ in the package ``FIWARE-AuthorizationPDP-REST-API-Model-XXX-src.zip`` where ``XXX`` is the current version.
The full API (RESTful) is described by a document written in the Web Application Description Language format (WADL) and associated XML schema files available in `the source release of Github project 'rest-api-model' <https://github.com/authzforce/rest-api-model/archive/release-4.3.0.zip>`_, more specifically in file ``src/main/resources/authz-api.wadl``.
XACML is the main international OASIS standard for access control language and request-response formats, that addresses most use cases of access control. AuthZForce supports the full core XACML 3.0 language; therefore it allows to enforce very generic and complex access control policies.
......@@ -39,35 +39,85 @@ AuthZForce provides Attribute-Based Access Control. To understand what is meant
* Action attributes: the action is the action that the subject requests to perform on the resource (e.g. create, read, delete); attributes may be action ID, parameter A, parameter B, etc.
* Environment attributes: anything else, e.g. current time, CPU load of the PEP/PDP, global threat level, etc.
Domain Management API
---------------------
The API allows AuthZForce application administrators or administration interfaces to create domains for the users, and remove domains once they are no longer used. This part of the API is described in the Installation and Administration guide. The API also allows users to update certain properties of the domain allocated to them:
* An externalId (optional) for the domain, which users/clients can modify and more easily use as reference, as opposed to the unique and read-only domain ID assigned by the API - once and for all - when the domain is created;
* Root policy reference (mandatory): a policy ID and version constraints expected to match one of the domain's policies and used as the root policy enforced by the domain's PDP. These policies are managed via the Policy Administration API described in the next section;
* A description of the domain (optional).
You may retrieve the current domain properties as follows:
* Method: GET
* Path: /domains/{domainId}/properties
* Headers:
* Accept: application/xml; charset=UTF-8
* Body: current properties.
For example, this request updates the externalId and the root policy reference some policy 'PolicyABC' that must exist in the domain (added via the PAP API mentioned later) as a prerequisite::
GET /domains/iMnxv7sDEeWFwqVFFMDLTQ/properties
HTTP/1.1
Accept: application/xml; charset=UTF-8
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns4:domainProperties xmlns:ns4="http://authzforce.github.io/rest-api-model/xmlns/authz/4">
<rootPolicyRef Version="1.0">PolicyABC</rootPolicyRef>
</ns4:domainProperties>
You may update the domain properties as follows::
* Method: PUT
* Path: /domains/{domainId}/properties
* Headers:
* Content-Type: application/xml; charset=UTF-8
* Accept: application/xml; charset=UTF-8
* Body: new properties.
For example, this request updates the externalId and the root policy reference some policy 'PolicyABC' that must exist in the domain (added via the PAP API mentioned later) as a prerequisite::
PUT /domains/iMnxv7sDEeWFwqVFFMDLTQ/properties
HTTP/1.1
Accept: application/xml; charset=UTF-8
Content-Type: application/xml; charset=UTF-8
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns4:domainProperties xmlns:ns4="http://authzforce.github.io/rest-api-model/xmlns/authz/4" externalId="my-domain-123">
<rootPolicyRef Version="2.1">PolicyDEF</rootPolicyRef>
</ns4:domainProperties>
Note that the *Version' attribute is optional here. If omitted, the latest version available is used.
The response is the new properties.
Policy Administration API
-------------------------
The PAP is used by policy administrators to manage the policy repository from which the PDP loads the enforced policies.
The PAP supports multi-tenancy in the form of generic administration domains that are separate from each other. Each policy administator (except the Superadmin) is in fact a domain administrator, insofar as he is allowed to manage the policy for one or more specific domains. Domains are typically used to support isolation of tenants (one domain per tenant).
Policy Management
+++++++++++++++++
Adding Policies
+++++++++++++++
The PAP provides a RESTful API for creating/updating policies for a specific domain, i.e. the top-level a.k.a. root XACML PolicySet of the domain.
HTTP requests to this API must be formatted as follows:
The PAP provides a RESTful API for adding policies to a specific domain.HTTP requests to this API must be formatted as follows:
* Method: PUT
* Path: /domains/{domainId}/pap/policySet
* Method: POST
* Path: /domains/{domainId}/pap/policies
* Headers:
* Content-Type: application/xml
* Accept: application/xml
* Content-Type: application/xml; charset=UTF-8
* Accept: application/xml; charset=UTF-8
* Body: XACML PolicySet as defined in the XACML 3.0 schema.
Example of request given below::
PUT /domains/3b39dad9-1380-4c5b-8662-50cac998c644/pap/policySet
POST /domains/iMnxv7sDEeWFwqVFFMDLTQ/pap/policies
HTTP/1.1
Host: 127.0.0.1:8080
Accept: application/xml
Accept-Encoding: gzip, deflate
Connection: keep-alive
Accept: application/xml; charset=UTF-8
Content-Type: application/xml; charset=UTF-8
Content-Length: 2631
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<PolicySet xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicySetId="P1"
......@@ -127,51 +177,134 @@ Example of request given below::
</PolicySet>
The HTTP response status is 200 if the policy has been successfully created/updated.
It is not possible to delete a policy as a minimal policy must always be in place. If you want a *Permit All* (resp. *Deny All*), you have to update with such a policy: Target All, no condition, effect is Permit (resp. Deny).
The HTTP response status is 200 with a link to manage the new policy, if the request was successfull. The link is made of the policy ID and version separated by '/'.
Response (body is the PolicySet uploaded in the request)::
Response ::
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/xml
Content-Length: 2631
Date: Mon, 03 Dec 2014 10:12:43 GMT
Content-Type: application/xml; charset=UTF-8
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<PolicySet ...
...content omitted...
</PolicySet>
<ns3:link xmlns:ns3="http://www.w3.org/2005/Atom" rel="item" href="P1/1.0" title="Policy 'P1' v1.0"/>
Getting Policies and Policy Versions
++++++++++++++++++++++++++++++++++++
Re-usable Policies (e.g. for Hierarchical RBAC)
+++++++++++++++++++++++++++++++++++++++++++++++
Once added to the domain as shown previously, you can get the policy by its ID as follows:
The PAP provides a RESTful API for creating/updating <PolicySet>s that can be referred to from the root <PolicySet> for inclusion. This allows to include/reuse a given <PolicySet>s from multiple points of the domain's <PolicySet>, by means of XACML <PolicySetIdReference>s. One major application of this is Hierarchical RBAC. You can refer to the ''Core and hierarchical role based access control (RBAC) profile of XACML v3.0'' specification for how to achieve Hierarchical RBAC with <PolicySetIdReference>s.
HTTP requests to this API must be formatted as follows:
* Method: GET
* Path: /domains/{domainId}/pap/policies/{policyId}
* Headers:
* Accept: application/xml; charset=UTF-8
* Method: PUT
* Path: /domains/{domainId}/pap/refPolicySets
For example::
GET /domains/iMnxv7sDEeWFwqVFFMDLTQ/pap/policies/P1
HTTP/1.1
Accept: application/xml; charset=UTF-8
The response is the list of links to the versions of the policy available in the domain::
HTTP/1.1 200 OK
Content-Type: application/xml; charset=UTF-8
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns2:resources xmlns:ns2="http://authzforce.github.io/rest-api-model/xmlns/authz/4" xmlns:ns3="http://www.w3.org/2005/Atom">
<ns3:link rel="item" href="1.0"/>
<ns3:link rel="item" href="1.1"/>
<ns3:link rel="item" href="2.0"/>
<ns3:link rel="item" href="2.1"/>
<ns3:link rel="item" href="2.2"/>
...
</ns2:resources>
Therefore, you may get a specific version of the policy as follows:
* Method: GET
* Path: /domains/{domainId}/pap/policies/{policyId}/{version}
* Headers:
* Content-Type: application/xml
* Accept: application/xml
* Body: 0 or more XACML <PolicySet>s in a <policySets> element from XML namespace ``http://thalesgroup.com/authz/model`` [#]_.
* Accept: application/xml; charset=UTF-8
For example::
.. [#] This is not a browsable URL, only an XML namespace URI.
GET /domains/iMnxv7sDEeWFwqVFFMDLTQ/pap/policies/P1/1.0
HTTP/1.1
Accept: application/xml; charset=UTF-8
Example of request given below::
The response is the policy document (XACML PolicySet) in this version.
PUT /domains/3b39dad9-1380-4c5b-8662-50cac998c644/pap/refPolicySets
Last but not least, you may get all policies in the domain as follows::
* Method: GET
* Path: /domains/{domainId}/pap/policies
* Headers:
* Accept: application/xml; charset=UTF-8
For example::
GET /domains/iMnxv7sDEeWFwqVFFMDLTQ/pap/policies
HTTP/1.1
Host: 127.0.0.1:8080
Accept: application/xml
Accept-Encoding: gzip, deflate
Connection: keep-alive
Accept: application/xml; charset=UTF-8
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns2:resources xmlns:ns2="http://authzforce.github.io/rest-api-model/xmlns/authz/4" xmlns:ns3="http://www.w3.org/2005/Atom">
<ns3:link rel="item" href="root"/>
<ns3:link rel="item" href="P1"/>
<ns3:link rel="item" href="P2"/>
...
</ns2:resources>
Removing Policies and Policy Versions
+++++++++++++++++++++++++++++++++++++
You may remove a policy version from the domain as follows:
* Method: DELETE
* Path: /domains/{domainId}/pap/policies/{policyId}/{version}
* Headers:
* Accept: application/xml; charset=UTF-8
For example::
DELETE /domains/iMnxv7sDEeWFwqVFFMDLTQ/pap/policies/P1/1.0
HTTP/1.1
Accept: application/xml; charset=UTF-8
The response is the removed policy document (XACML PolicySet) in this version.
You may remove all versions of a policy from the domain as follows:
* Method: DELETE
* Path: /domains/{domainId}/pap/policies/{policyId}
* Headers:
* Accept: application/xml; charset=UTF-8
For example::
DELETE /domains/iMnxv7sDEeWFwqVFFMDLTQ/pap/policies/P1
HTTP/1.1
Accept: application/xml; charset=UTF-8
The response is the list of links to all the removed versions of the policy, similar to the the GET request on the same URL.
Re-usable Policies (e.g. for Hierarchical RBAC)
+++++++++++++++++++++++++++++++++++++++++++++++
The PAP API supports policies that have references to other policies existing in the domain. This allows to include/reuse a given policy from multiple policies, or multiple parts of the same policy, by means of XACML <PolicySetIdReference>s. One major application of this is Hierarchical RBAC. You can refer to the ''Core and hierarchical role based access control (RBAC) profile of XACML v3.0'' specification for how to achieve Hierarchical RBAC with <PolicySetIdReference>s.
For example, I want to define a role *Employee* and a role *Manager* derived from *Employee*. In other words, permissions of an *Employee* are included in the permissions of a *Manager*.
In order to create this role hierarchy, we first add the Employee's *Permission PolicySet*::
POST /domains/iMnxv7sDEeWFwqVFFMDLTQ/pap/policies
HTTP/1.1
Accept: application/xml; charset=UTF-8
Content-Type: application/xml; charset=UTF-8
Content-Length: 2631
<?xml version="1.0" encoding="UTF-8"?>
<az:policySets xmlns:az="http://thalesgroup.com/authz/model/3.0" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17">
<PolicySet PolicySetId="PPS:Employee" Version="1.0"
PolicyCombiningAlgId="urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-unless-permit">
<Description>Permissions specific to the Employee role</Description>
......@@ -204,31 +337,17 @@ Example of request given below::
</Rule>
</Policy>
</PolicySet>
<!-- <PolicySet PolicySetId="PPS:Technician" PolicyCombiningAlgId="urn:oasis:names:tc:xacml:1.1:policy-combining-algorithm:ordered-permit-overrides">
...content omitted... </PolicySet> ... -->
</az:policySets>
The HTTP response status is 200 if the policy has been successfully created/updated.
Response (body is the PolicySet uploaded in the request)::
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/xml
Content-Length: 2631
Date: Mon, 03 Dec 2014 10:12:43 GMT
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<az:policySets ...
...content omitted (same as request body)...
</az:policySets>
Then we add the role-based hierarchical policy defining the Employee role and the Manager role, both with a reference (<PolicySetIdReference>) to the Employee's *Permission PolicySet* added previously; except the Manager role one policy more, so more permissions::
AFTER uploading the ''policySets'' above, the PolicySet ''PPS:Employee'' becomes available for use in <PolicySetIdReference>s within any root <PolicySet> you upload from now on, with the API feature of the previous section of this guide. For example, now you can use such a root policySet (bare the <PolicySetIdReference> in particular)::
POST /domains/iMnxv7sDEeWFwqVFFMDLTQ/pap/policies
HTTP/1.1
Accept: application/xml; charset=UTF-8
Content-Type: application/xml; charset=UTF-8
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<PolicySet xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
PolicySetId="root:policyset" Version="1.0"
PolicySetId="rbac:policyset" Version="1.0"
PolicyCombiningAlgId="urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-unless-permit">
<Description>Root PolicySet</Description>
<Target />
......@@ -298,6 +417,20 @@ AFTER uploading the ''policySets'' above, the PolicySet ''PPS:Employee'' becomes
</PolicySet>
</PolicySet>
You may add more policies for more roles as you wish. Once you are satisfied with your role hierarchy, you may apply your new RBAC policy by updating the domain's root policy reference (this may not be necessary if you reused the same root policy ID as before, in which case your policy is already active by now)::
PUT /domains/iMnxv7sDEeWFwqVFFMDLTQ/properties
HTTP/1.1
Accept: application/xml; charset=UTF-8
Content-Type: application/xml; charset=UTF-8
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns4:domainProperties xmlns:ns4="http://authzforce.github.io/rest-api-model/xmlns/authz/4">
<rootPolicyRef>rbac:policyset</rootPolicyRef>
</ns4:domainProperties>
The policy is now enforced by the PDP as described in the next section.
Policy Decision API
-------------------
......@@ -310,18 +443,18 @@ The HTTP request must be formatted as follows:
* Method: POST
* Path: /domains/{domainId}/pdp
* Headers:
* Content-Type: application/xml
* Accept: application/xml
* Content-Type: application/xml; charset=UTF-8
* Accept: application/xml; charset=UTF-8
* Body: XACML Request as defined in the XACML 3.0 schema.
The HTTP response body is a XACML Response as defined in the XACML 3.0 schema.
Example of request given below::
POST /domains/3b39dad9-1380-4c5b-8662-50cac998c644/pdp
POST /domains/iMnxv7sDEeWFwqVFFMDLTQ/pdp
HTTP/1.1
Host: 127.0.0.1:8080
Accept: application/xml
Accept: application/xml; charset=UTF-8
Accept-Encoding: gzip, deflate
Connection: keep-alive
Content-Type: application/xml; charset=UTF-8
......@@ -360,10 +493,7 @@ Example of request given below::
Response::
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/xml
Content-Length: 355
Date: Mon, 03 Dec 2014 14:06:26 GMT
Content-Type: application/xml; charset=UTF-8
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Response xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17">
......@@ -382,4 +512,4 @@ The easy way to integrate with IdM is to delegate the integration to the PEP up-
Software Libraries for clients of AuthZForce or other Authorization PDP GEis
----------------------------------------------------------------------------
The full API (RESTful) is described by a document written in the Web Application Description Language format (WADL) and associated XML schema files available on the `FIWARE catalogue <http://catalogue.fiware.org/enablers/authorization-pdp-authzforce/downloads>`_ in the package ``FIWARE-AuthorizationPDP-REST-API-Model-XXX-src.zip``, where ``XXX`` is the current version. Therefore, you can use any WADL-supporting REST framework for clients; for instance in Java: Jersey, Apache CXF. From that, you can use WADL-to-code generators to generate your client code. For example in Java, 'wadl2java' tools allow to generate code for JAX-RS compatible frameworks such as Apache CXF and Jersey. Actually, we can provide a CXF-based Java library created with this tool to facilitate the development of clients.
The full API (RESTful) is described by a document written in the Web Application Description Language format (WADL) and associated XML schema files available in `the source release of Github project 'rest-api-model' <https://github.com/authzforce/rest-api-model/archive/release-4.3.0.zip>`_, more specifically in file ``src/main/resources/authz-api.wadl``. Therefore, you can use any WADL-supporting REST framework for clients; for instance in Java: Jersey, Apache CXF. From that, you can use WADL-to-code generators to generate your client code. For example in Java, 'wadl2java' tools allow to generate code for JAX-RS compatible frameworks such as Apache CXF and Jersey. Actually, we can provide a CXF-based Java library created with this tool to facilitate the development of clients.
......@@ -60,9 +60,9 @@ author = u'Cyril Dangerville'
# built documents.
#
# The short X.Y version.
version = '4.2.0'
version = '4.3.0'
# The full version, including alpha/beta/rc tags.
release = '4.2.0-FIWARE-R4'
release = '4.3.0'
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
......
This diff is collapsed.
......@@ -19,12 +19,12 @@ ENV DEBIAN_FRONTEND noninteractive
# download and install Authzforce (service starts Automatically)
RUN curl -O -L http://catalogue.fiware.org/sites/default/files/storage/enablers/authzforce_4.2.0-fiware_all.deb && \
dpkg --extract authzforce_4.2.0-fiware_all.deb /root/authzforce/ && \
dpkg --extract https://github.com/authzforce/server/releases/download/release-4.3.0/authzforce-ce-server_4.3.0_all.deb /root/authzforce/ && \
mv /root/authzforce/etc/tomcat7/Catalina /usr/local/tomcat/conf/ && \
mv /root/authzforce/opt/* /opt/ && \
rm -rf /opt/authzforce/data/domains/* && \
rm -rf /root/authzforce && \
rm -f authzforce_4.2.0-fiware_all.deb
rm -f authzforce-ce-server_4.3.0_all.deb
### Exposed ports
# - App server
......
......@@ -11,23 +11,23 @@ This image is intended to work together with [Identity Manager - Keyrock](http:/
## Image contents
- [x] `tomcat:7.0` official image available [here](https://hub.docker.com/_/tomcat/)
- [x] Authzforce 4.2.0
- [x] Authzforce 4.3.0
## Usage
This image gives you a minimal installation for testing purposes. The [AuthZForce Installation and administration guide](https://forge.fiware.org/plugins/mediawiki/wiki/fiware/index.php/Authorization_PDP_-_AuthZForce_-_Installation_and_Administration_Guide_%28R4.2.0%29#Appendix) provides you a better approach for using it in a production environment.
This image gives you a minimal installation for testing purposes. The [AuthZForce Installation and administration guide](http://authzforce-ce-fiware.readthedocs.org/en/4.3.0/InstallationAndAdministrationGuide.html) provides you a better approach for using it in a production environment.
This image, if used with the [Chanchan APP](https://github.com/Bitergia/fiware-chanchan), is fully provided for testing. [PEP Proxy Wilma](http://catalogue.fiware.org/enablers/pep-proxy-wilma)incluided in Chanchan APP is aware of the [Domain creation](https://forge.fiware.org/plugins/mediawiki/wiki/fiware/index.php/Authorization_PDP_-_AuthZForce_-_Installation_and_Administration_Guide_%28R4.2.0%29#Domain_Creation).
This image, if used with the [Chanchan APP](https://github.com/Bitergia/fiware-chanchan), is fully provided for testing. [PEP Proxy Wilma](http://catalogue.fiware.org/enablers/pep-proxy-wilma) included in Chanchan APP is aware of the [Domain creation](http://authzforce-ce-fiware.readthedocs.org/en/4.3.0/InstallationAndAdministrationGuide.html#domain-creation).
Still, you can always do it yourself.
Create a container using `bitergia/authzforce` image by doing:
Create a container using `fiware/authzforce` image by doing:
```
docker run -d --name <container-name> bitergia/authzforce:4.2.0
docker run -d --name <container-name> fiware/authzforce:latest
```
As stands in the [AuthZForce Installation and administration guide](https://forge.fiware.org/plugins/mediawiki/wiki/fiware/index.php/Authorization_PDP_-_AuthZForce_-_Installation_and_Administration_Guide_%28R4.2.0%29#Policy_Domain_Administation) you can:
As stands in the [AuthZForce Installation and administration guide](http://authzforce-ce-fiware.readthedocs.org/en/latest/InstallationAndAdministrationGuide.html#policy-domain-administration) you can:
* **Create a domain**
......@@ -35,7 +35,7 @@ As stands in the [AuthZForce Installation and administration guide](https://forg
curl -s --request POST \
--header "Accept: application/xml" \
--header "Content-Type: application/xml;charset=UTF-8" \
--data '<?xml version="1.0" encoding="UTF-8"?><taz:properties xmlns:taz="http://thalesgroup.com/authz/model/3.0/resource"><name>MyDomain</name><description>This is my domain.</description></taz:properties>' \
--data '<?xml version="1.0" encoding="UTF-8"?><taz:domainProperties xmlns:taz="http://authzforce.github.io/rest-api-model/xmlns/authz/4"><name>MyDomain</name><description>This is my domain.</description></taz:domainProperties>' \
http://<authzforce-container-ip>:8080/authzforce/domains
```
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment