Commit adf52561 authored by cdanger's avatar cdanger
Browse files

Merge branch 'release/5.4.0'

parents d8f56598 fb958478
......@@ -2,3 +2,4 @@
/.project
/.settings/
/.README.md.html
/.CHANGELOG.md.html
......@@ -2,6 +2,14 @@
All notable changes to this project are documented in this file following the [Keep a CHANGELOG](http://keepachangelog.com) conventions. We try to apply [Semantic Versioning](http://semver.org) with one particular rule: the version must be equal to or greater than the version of the _authzforce-ce-rest-api-model_ dependency (declared in _rest-service_ module's POM). Indeed, this dependency holds the resources of the REST API specification implemented by this project. Therefore, the rule helps relate a specific version of this project to the specific version of the REST API specification that is implemented/supported.
## 5.4.0
### Added
- Conformance with [REST Profile of XACML v3.0 Version 1.0](http://docs.oasis-open.org/xacml/xacml-rest/v1.0/xacml-rest-v1.0.html), especially test assertion [urn:oasis:names:tc:xacml:3.0:profile:rest:assertion:home:pdp](http://docs.oasis-open.org/xacml/xacml-rest/v1.0/cs02/xacml-rest-v1.0-cs02.html#_Toc399235433) (FIWARE SEC-923).
### Changed
- REST API model (authzforce-ce-rest-api-model) version: 5.3.1 (only text and FastInfoset-encoded XML are supported, not JSON)
## 5.3.0
### Changed
- Version of dependency `authzforce-ce-pap-dao-flat-file` to `6.0.0`, causing changes to the REST API URL `/domains/{domainId}/pap/pdp.properties` regarding IDs of features of type `urn:ow2:authzforce:feature-type:pdp:request-filter`:
......
[![Codacy Badge](https://api.codacy.com/project/badge/Grade/cdb9dd59cbf04a95bfbfbdcf770bb7d8)](https://www.codacy.com/app/coder103/authzforce-ce-server?utm_source=github.com&utm_medium=referral&utm_content=authzforce/server&utm_campaign=Badge_Grade)
# AuthZForce Server
# AuthZForce Server (Community Edition)
[![License badge](https://img.shields.io/badge/license-GPL-blue.svg)](https://opensource.org/licenses/GPL-3.0)
[![Documentation badge](https://readthedocs.org/projects/authzforce-ce-fiware/badge/?version=release-5.3.0)](http://authzforce-ce-fiware.readthedocs.io/en/release-5.3.0/?badge=release-5.3.0)
[![Documentation badge](https://readthedocs.org/projects/authzforce-ce-fiware/badge/?version=release-5.3.0a)](http://authzforce-ce-fiware.readthedocs.io/en/release-5.3.0a/?badge=release-5.3.0a)
[![Docker badge](https://img.shields.io/docker/pulls/fiware/authzforce-ce-server.svg)](https://hub.docker.com/r/fiware/authzforce-ce-server/)
[![Support badge]( https://img.shields.io/badge/support-ask.fiware.org-yellowgreen.svg)](https://ask.fiware.org/questions/scope:all/sort:activity-desc/tags:authzforce/)
[![Codacy Badge](https://api.codacy.com/project/badge/Grade/cdb9dd59cbf04a95bfbfbdcf770bb7d8)](https://www.codacy.com/app/coder103/authzforce-ce-server?utm_source=github.com&utm_medium=referral&utm_content=authzforce/server&utm_campaign=Badge_Grade)
AuthZForce Server provides a multi-tenant RESTful API to Policy Administration Points (PAP) and Policy Decision Points (PDP) as defined in the [OASIS XACML 3.0 standard](http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html).
......@@ -55,7 +54,7 @@ The sources for the manuals are located in [fiware repository](http://github.com
* Defined in standard [Web Application Description Language and XML schema](https://github.com/authzforce/rest-api-model/tree/develop/src/main/resources) so that you can automatically generate client code.
* Provides access to all PAP/PDP features mentioned in previous sections.
* Multi-tenant: allows to have multiple domains/tenants, each with its own PAP/PDP, in particular its own policy repository.
* Conformance with [REST Profile of XACML v3.0 Version 1.0](http://docs.oasis-open.org/xacml/xacml-rest/v1.0/xacml-rest-v1.0.html) (at the level of each domain) except for test `urn:oasis:names:tc:xacml:3.0:profile:rest:assertion:home:pdp` (to be fixed in next release)
* Conformance with [REST Profile of XACML v3.0 Version 1.0](http://docs.oasis-open.org/xacml/xacml-rest/v1.0/xacml-rest-v1.0.html)
* [Fast Infoset](http://www.itu.int/en/ITU-T/asn1/Pages/Fast-Infoset.aspx) support for requests/responses.
### High availability and load-balancing
......
......@@ -3,7 +3,7 @@
<parent>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-server</artifactId>
<version>5.3.1-SNAPSHOT</version>
<version>5.4.0</version>
<relativePath>..</relativePath>
</parent>
<artifactId>authzforce-ce-server-dist</artifactId>
......
......@@ -8,7 +8,7 @@
</parent>
<artifactId>authzforce-ce-server</artifactId>
<!-- FIWARE Versioning + Version must be equal or higher than 'authzforce-ce-rest-api-model' dependency in 'rest-service' module -->
<version>5.3.1-SNAPSHOT</version>
<version>5.4.0</version>
<packaging>pom</packaging>
<name>${project.groupId}:${project.artifactId}</name>
<description>AuthZForce CE Server</description>
......
......@@ -4,7 +4,7 @@
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-server</artifactId>
<!-- Version must be equal or higher than authzforce-ce-rest-api-model dependency -->
<version>5.3.1-SNAPSHOT</version>
<version>5.4.0</version>
<relativePath>..</relativePath>
</parent>
<artifactId>authzforce-ce-server-rest-service</artifactId>
......@@ -29,10 +29,6 @@
<artifactId>log4j-over-slf4j</artifactId>
<version>${slf4j.version}</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxrs</artifactId>
</dependency>
<dependency>
<!-- For URL path segment escaper: http://google.github.io/guava/releases/18.0/api/docs/com/google/common/net/UrlEscapers.html#urlPathSegmentEscaper() -->
<groupId>com.google.guava</groupId>
......@@ -42,7 +38,7 @@
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>${artifactId.prefix}-rest-api-model</artifactId>
<version>5.2.0</version>
<version>5.3.1</version>
</dependency>
<dependency>
<groupId>${project.groupId}</groupId>
......
......@@ -218,7 +218,13 @@ public class DomainResourceImpl<DAO extends DomainDAO<PolicyVersionResourceImpl,
pdpLink.setHref(pdpResourcePath.value());
pdpLink.setTitle("Policy Decision Point");
pdpLink.setRel(Relation.ITEM);
/*
* Conformance with test assertion 'urn:oasis:names:tc:xacml:3.0:profile:rest:assertion:home:pdp' of REST Profile of XACML v3.0 Version 1.0:
* http://docs.oasis-open.org/xacml/xacml-rest/v1.0/cs02/xacml-rest-v1.0-cs02.html#_Toc399235433. Example:
* http://docs.oasis-open.org/xacml/xacml-rest/v1.0/cs02/xacml-rest-v1.0-cs02.html#_Toc399235419
*/
pdpLink.setRel(Relation.HTTP_DOCS_OASIS_OPEN_ORG_NS_XACML_RELATION_PDP);
final Resources childResources = new Resources(Arrays.asList(propsLink, papLink, pdpLink));
final ReadableDomainProperties props;
......
......@@ -28,12 +28,12 @@ import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.InternalServerErrorException;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.core.Context;
import org.apache.cxf.jaxrs.ext.MessageContext;
import org.ow2.authzforce.core.pap.api.dao.DomainsDAO;
import org.ow2.authzforce.rest.api.jaxrs.DomainResource;
import org.ow2.authzforce.rest.api.jaxrs.DomainsResource;
......@@ -53,7 +53,7 @@ public class DomainsResourceImpl implements DomainsResource
private static final BadRequestException INVALID_ARG_BAD_REQUEST_EXCEPTION = new BadRequestException("Invalid argument");
@Context
private MessageContext messageContext;
private HttpServletRequest httpRequest;
private final DomainsDAO<DomainResourceImpl<?>> domainRepo;
......@@ -130,7 +130,7 @@ public class DomainsResourceImpl implements DomainsResource
// add domain on the fly
// rename to resourceCollection
final Set<String> authorizedDomainIDs = new HashSet<>();
final Object attrVal = messageContext == null ? null : messageContext.getHttpServletRequest().getAttribute(authorizedResourceAttrId);
final Object attrVal = httpRequest == null ? null : httpRequest.getAttribute(authorizedResourceAttrId);
// attrVal may be null
if (attrVal == null)
{
......
This diff is collapsed.
......@@ -3,7 +3,7 @@
<parent>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-server</artifactId>
<version>5.3.1-SNAPSHOT</version>
<version>5.4.0</version>
<relativePath>..</relativePath>
</parent>
<artifactId>authzforce-ce-server-webapp</artifactId>
......
......@@ -132,7 +132,7 @@
</beans>
<beans profile="+fastinfoset">
<jaxrs:server id="tazService" address="/" docLocation="classpath:/authz-api.fastinfoset.wadl" staticSubresourceResolution="true">
<jaxrs:server id="tazService" address="/" docLocation="classpath:/authz-api+fi.wadl" staticSubresourceResolution="true">
<jaxrs:serviceBeans>
<ref bean="domainsResourceBean" />
</jaxrs:serviceBeans>
......
......@@ -19,6 +19,7 @@
package org.ow2.authzforce.web.test;
import static org.testng.Assert.assertEquals;
import static org.testng.Assert.assertNotNull;
import static org.testng.Assert.assertTrue;
import java.io.File;
......@@ -94,17 +95,27 @@ class DomainAPIHelper
String.format("Actual PolicySet Version (='%s') from %s() != expected PolicySet Version (='%s')", actual.getVersion(), testedMethodId, expected.getVersion()));
}
static boolean isHrefMatched(String href, List<Link> links)
/**
* Get link with href matching a given href
*
* @param hrefToBeMatched
* href to be matched
* @param links
* links where to look for the matching link
* @return matching link, null if none
*
*/
static Link getMatchingLink(String hrefToBeMatched, List<Link> links)
{
for (Link link : links)
{
if (link.getHref().equals(href))
if (link.getHref().equals(hrefToBeMatched))
{
return true;
return link;
}
}
return false;
return null;
}
protected void resetPdpAndPrp(List<Feature> pdpFeaturesToEnable) throws JAXBException
......@@ -330,12 +341,12 @@ class DomainAPIHelper
// Check result was committed
// check added policy link is in policies list
PoliciesResource policiesRes = domain.getPapResource().getPoliciesResource();
assertTrue(isHrefMatched(policyResId, policiesRes.getPolicies().getLinks()), "Added policy resource link not found in links returned by getPoliciesResource()");
assertNotNull(getMatchingLink(policyResId, policiesRes.getPolicies().getLinks()), "Added policy resource link not found in links returned by getPoliciesResource()");
// check added policy version is in policy versions list
PolicyResource policyRes = policiesRes.getPolicyResource(policyResId);
final Resources policyVersionsResources = policyRes.getPolicyVersions();
assertTrue(isHrefMatched(versionResId, policyVersionsResources.getLinks()), "Added policy version resource link not found in links returned by getPolicyVersions()");
assertNotNull(getMatchingLink(versionResId, policyVersionsResources.getLinks()), "Added policy version resource link not found in links returned by getPolicyVersions()");
// check PolicySet of added policy id/version is actually the one we
// added
......
......@@ -6,6 +6,7 @@ package org.ow2.authzforce.web.test;
import static org.testng.Assert.assertEquals;
import static org.testng.Assert.assertFalse;
import static org.testng.Assert.assertNotNull;
import static org.testng.Assert.assertNull;
import static org.testng.Assert.assertTrue;
import static org.testng.Assert.fail;
......@@ -592,8 +593,8 @@ public class DomainMainTestWithoutAutoSyncOrVersionRolling extends RestServiceTe
PolicyResource policyResource = testDomain.getPapResource().getPoliciesResource().getPolicyResource(TEST_POLICY_DELETE_ID);
Resources versionsResources = policyResource.deletePolicy();
assertNotNull(versionsResources);
assertTrue(DomainAPIHelper.isHrefMatched("1.2.3", versionsResources.getLinks()));
assertTrue(DomainAPIHelper.isHrefMatched("1.3.1", versionsResources.getLinks()));
assertNotNull(DomainAPIHelper.getMatchingLink("1.2.3", versionsResources.getLinks()));
assertNotNull(DomainAPIHelper.getMatchingLink("1.3.1", versionsResources.getLinks()));
try
{
......@@ -605,7 +606,7 @@ public class DomainMainTestWithoutAutoSyncOrVersionRolling extends RestServiceTe
}
PoliciesResource policiesRes = testDomain.getPapResource().getPoliciesResource();
assertFalse(DomainAPIHelper.isHrefMatched(TEST_POLICY_DELETE_ID, policiesRes.getPolicies().getLinks()),
assertNull(DomainAPIHelper.getMatchingLink(TEST_POLICY_DELETE_ID, policiesRes.getPolicies().getLinks()),
"Deleted policy resource (all versions) is still in links returned by getPoliciesResource()");
}
......@@ -634,7 +635,7 @@ public class DomainMainTestWithoutAutoSyncOrVersionRolling extends RestServiceTe
Resources policyVersionsResources = testDomain.getPapResource().getPoliciesResource().getPolicyResource(TEST_POLICY_DELETE_ID).getPolicyVersions();
assertEquals(policyVersionsResources.getLinks().size(), 1);
assertTrue(DomainAPIHelper.isHrefMatched("1.3.1", policyVersionsResources.getLinks()));
assertNotNull(DomainAPIHelper.getMatchingLink("1.3.1", policyVersionsResources.getLinks()));
}
private static final String TEST_POLICY_DELETE_SINGLE_VERSION_ID = "testPolicyDeleteSingleVersion";
......
......@@ -49,6 +49,7 @@ import org.testng.annotations.Optional;
import org.testng.annotations.Parameters;
import org.testng.annotations.Test;
import org.w3._2005.atom.Link;
import org.w3._2005.atom.Relation;
public class DomainSetTest extends RestServiceTest
{
......@@ -260,6 +261,10 @@ public class DomainSetTest extends RestServiceTest
final String testDomainId = createdDomainIds.iterator().next();
Domain testDomainResource = domainsAPIProxyClient.getDomainResource(testDomainId).getDomain();
assertNotNull(testDomainResource, String.format("Error retrieving domain ID=%s", testDomainId));
final Link pdpLink = DomainAPIHelper.getMatchingLink("/pdp", testDomainResource.getChildResources().getLinks());
assertNotNull(pdpLink, "Missing link to PDP in response to getDomain(" + testDomainId + ")");
assertEquals(pdpLink.getRel(), Relation.HTTP_DOCS_OASIS_OPEN_ORG_NS_XACML_RELATION_PDP, "PDP link relation in response to getDomain(" + testDomainId
+ ") does not comply with REST profile of XACML 3.0");
}
@Test(dependsOnMethods = { "getDomain" })
......
......@@ -21,6 +21,10 @@ package org.ow2.authzforce.web.test;
import org.apache.cxf.annotations.FastInfoset;
import org.ow2.authzforce.rest.api.jaxrs.DomainsResource;
/**
* FastInfoset-aware API client
*
*/
@FastInfoset(force = true)
public interface DomainsResourceFastInfoset extends DomainsResource
{
......
......@@ -84,7 +84,9 @@ abstract class RestServiceTest extends AbstractTestNGSpringContextTests
protected static final int XML_MAX_TEXT_LENGTH = 1000;
/*
* For maxAttributeSize = 500 in JAXRS server configuration, exception raised only when chars.length > 911! WHY? Possible issue with woodstox library. FIXME: report this issue to CXF/Woodstox
* For maxAttributeSize = 500 in JAXRS server configuration, exception raised only when chars.length > 911! WHY? Possible issue with woodstox library.
*
* FIXME: report this issue to CXF/Woodstox
*/
private static final int XML_MAX_ATTRIBUTE_SIZE = 500;
protected static final int XML_MAX_ATTRIBUTE_SIZE_EFFECTIVE = 911;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment