From 5ad1e1ec7fc5ac2ae96b9651c65dd9f7d5dc7439 Mon Sep 17 00:00:00 2001 From: cdanger Date: Tue, 21 Feb 2017 00:25:03 +0100 Subject: [PATCH 01/15] updating poms for 7.0.1-SNAPSHOT development --- dist/pom.xml | 2 +- pom.xml | 2 +- rest-service/pom.xml | 2 +- upgrader/pom.xml | 2 +- webapp/pom.xml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/dist/pom.xml b/dist/pom.xml index 3e28586..0a7766d 100644 --- a/dist/pom.xml +++ b/dist/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-server - 6.0.1-SNAPSHOT + 7.0.1-SNAPSHOT .. authzforce-ce-server-dist diff --git a/pom.xml b/pom.xml index b7629d4..be6f411 100644 --- a/pom.xml +++ b/pom.xml @@ -8,7 +8,7 @@ authzforce-ce-server - 6.0.1-SNAPSHOT + 7.0.1-SNAPSHOT pom ${project.groupId}:${project.artifactId} AuthZForce CE Server diff --git a/rest-service/pom.xml b/rest-service/pom.xml index 126a4c9..7a75ff9 100644 --- a/rest-service/pom.xml +++ b/rest-service/pom.xml @@ -4,7 +4,7 @@ org.ow2.authzforce authzforce-ce-server - 6.0.1-SNAPSHOT + 7.0.1-SNAPSHOT .. authzforce-ce-server-rest-service diff --git a/upgrader/pom.xml b/upgrader/pom.xml index 30ad1d5..1619807 100644 --- a/upgrader/pom.xml +++ b/upgrader/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-server - 6.0.1-SNAPSHOT + 7.0.1-SNAPSHOT .. authzforce-ce-server-upgrader diff --git a/webapp/pom.xml b/webapp/pom.xml index b535c47..460980f 100644 --- a/webapp/pom.xml +++ b/webapp/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-server - 6.0.1-SNAPSHOT + 7.0.1-SNAPSHOT .. authzforce-ce-server-webapp From e0e863d44715eb458eea9954ef3b72a7a47a4eff Mon Sep 17 00:00:00 2001 From: cdanger Date: Tue, 21 Feb 2017 00:38:43 +0100 Subject: [PATCH 02/15] updating develop poms to master versions to avoid merge conflicts --- dist/pom.xml | 2 +- pom.xml | 2 +- rest-service/pom.xml | 2 +- upgrader/pom.xml | 2 +- webapp/pom.xml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/dist/pom.xml b/dist/pom.xml index 0a7766d..be6f358 100644 --- a/dist/pom.xml +++ b/dist/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-server - 7.0.1-SNAPSHOT + 7.0.0 .. authzforce-ce-server-dist diff --git a/pom.xml b/pom.xml index be6f411..8979e4b 100644 --- a/pom.xml +++ b/pom.xml @@ -8,7 +8,7 @@ authzforce-ce-server - 7.0.1-SNAPSHOT + 7.0.0 pom ${project.groupId}:${project.artifactId} AuthZForce CE Server diff --git a/rest-service/pom.xml b/rest-service/pom.xml index 7a75ff9..609e47d 100644 --- a/rest-service/pom.xml +++ b/rest-service/pom.xml @@ -4,7 +4,7 @@ org.ow2.authzforce authzforce-ce-server - 7.0.1-SNAPSHOT + 7.0.0 .. authzforce-ce-server-rest-service diff --git a/upgrader/pom.xml b/upgrader/pom.xml index 1619807..d59c48c 100644 --- a/upgrader/pom.xml +++ b/upgrader/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-server - 7.0.1-SNAPSHOT + 7.0.0 .. authzforce-ce-server-upgrader diff --git a/webapp/pom.xml b/webapp/pom.xml index 460980f..b00bc37 100644 --- a/webapp/pom.xml +++ b/webapp/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-server - 7.0.1-SNAPSHOT + 7.0.0 .. authzforce-ce-server-webapp From 181cfe0c83c7ab3d1210b36e06a9eec00d85b846 Mon Sep 17 00:00:00 2001 From: cdanger Date: Tue, 21 Feb 2017 00:38:43 +0100 Subject: [PATCH 03/15] Updating develop poms back to pre merge state --- dist/pom.xml | 2 +- pom.xml | 2 +- rest-service/pom.xml | 2 +- upgrader/pom.xml | 2 +- webapp/pom.xml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/dist/pom.xml b/dist/pom.xml index be6f358..0a7766d 100644 --- a/dist/pom.xml +++ b/dist/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-server - 7.0.0 + 7.0.1-SNAPSHOT .. authzforce-ce-server-dist diff --git a/pom.xml b/pom.xml index 8979e4b..be6f411 100644 --- a/pom.xml +++ b/pom.xml @@ -8,7 +8,7 @@ authzforce-ce-server - 7.0.0 + 7.0.1-SNAPSHOT pom ${project.groupId}:${project.artifactId} AuthZForce CE Server diff --git a/rest-service/pom.xml b/rest-service/pom.xml index 609e47d..7a75ff9 100644 --- a/rest-service/pom.xml +++ b/rest-service/pom.xml @@ -4,7 +4,7 @@ org.ow2.authzforce authzforce-ce-server - 7.0.0 + 7.0.1-SNAPSHOT .. authzforce-ce-server-rest-service diff --git a/upgrader/pom.xml b/upgrader/pom.xml index d59c48c..1619807 100644 --- a/upgrader/pom.xml +++ b/upgrader/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-server - 7.0.0 + 7.0.1-SNAPSHOT .. authzforce-ce-server-upgrader diff --git a/webapp/pom.xml b/webapp/pom.xml index b00bc37..460980f 100644 --- a/webapp/pom.xml +++ b/webapp/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-server - 7.0.0 + 7.0.1-SNAPSHOT .. authzforce-ce-server-webapp From daf7c3ef68e4b87b3546df5d4d22a37eaf64eb07 Mon Sep 17 00:00:00 2001 From: Cyril Dangerville Date: Tue, 21 Feb 2017 00:43:08 +0100 Subject: [PATCH 04/15] Update CHANGELOG.md --- CHANGELOG.md | 440 +++++++++++++++++++++++++-------------------------- 1 file changed, 220 insertions(+), 220 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 08358a2..936eae6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,220 +1,220 @@ -# Change log -All notable changes to this project are documented in this file following the [Keep a CHANGELOG](http://keepachangelog.com) conventions. We try to apply [FIWARE Versioning](https://forge.fiware.org/plugins/mediawiki/wiki/fiware/index.php/Releases_and_Sprints_numbering,_with_mapping_to_calendar_dates) with one particular rule: the version must be equal to or greater than the version of the _authzforce-ce-rest-api-model_ dependency (declared in _rest-service_ module's POM). Indeed, this dependency holds the resources of the REST API specification implemented by this project. Therefore, the rule helps relate a specific version of this project to the specific version of the REST API specification that is implemented/supported. - -Issues reported on [GitHub](https://github.com/authzforce/server/issues) are referenced in the form of `[GH-N]`, where N is the issue number. Issues reported on [OW2](https://jira.ow2.org/browse/AUTHZFORCE/) are mentioned in the form of `[OW2-N]`, where N is the issue number. - - -## 7.0.0 -### Changed -- Version of AuthzForce dependencies: - - Parent project (authzforce-ce-parent): 5.0.0 - - authzforce-ce-pap-dao-flat-file: 8.0.0 - - authzforce-ce-core-pap-api: 6.3.0 - - authzforce-ce-core: 7.1.0 - - authzforce-ce-core-pdp-api: 9.0.0 - -> API changes (non-backward compatible) for PDP extensions: DecisionCache, DecisionResultFilter - -- Versions of third-party dependencies: - - SLF4J: 1.7.22 - - Spring: 4.3.6 - - Guava: 21.0 - - CXF: 3.1.10 - - Logback-classic: 1.1.9 - -### Added -- Class [RESTfulPdpBasedAuthzInterceptor](webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/RESTfulPdpBasedAuthzInterceptor): an example of PEP using PDP's REST API in the form of a CXF interceptor. More info on the test scenario in the associated test class [RESTfulPdpBasedAuthzInterceptorTest](webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/RESTfulPdpBasedAuthzInterceptorTest). - -### Fixed -- [OW2-25] NullPointerException when parsing Apply expressions using invalid/unsupported Function ID. This is the final fix addressing higher-order functions. Initial fix in v7.0.0 only addressed first-order ones. - - -## 6.0.0 -### Added -- [GH-8] JSON support on the REST API using [*mapped* convention](http://cxf.apache.org/docs/json-support.html) with configurable namespace-to-JSON-prefix mappings (new configuration file `xmlns-to-json-key-prefix-map.properties`) -- [GH-9] Configuration parameter `enablePdpOnly` (boolean): disables all API features except the PDP if true. Allows to have PDP-only AuthzForce Server instances. -- PDP engine (AuthzForce Core) enhancements: - - Extension mechanism to switch `HashMap`/`HashSet` implementations with different performance properties; default implementation is based on a mix of native JRE and Guava. - - Static validation (at policy initialization time) of the 'n' argument (minimum of *true* arguments) of XACML 'n-of' function if this argument is constant (must be a positive integer not greater than the number of remaining arguments) - - Static validation (at policy initialization time) of second and third arguments of XACML substring function if these are constants (arg1 >= 0 && (arg2 == -1 || arg2 >= arg1)) - -- Dependency vulnerability checking with OWASP dependency-check tool -- Source code security validation with Find Security Bugs plugin - -### Changed -- Compatible Java version changed from 1.7 to **1.8** -- Packaging for **Ubuntu 16.04 LTS / JRE 8 / Tomcat 8**: changed Ubuntu package dependencies to `openjdk-8-jre | oracle-java8-installer, tomcat8` -- Upgraded parent project authzforce-ce-parent: 3.4.0 -> 4.1.1: -- Upgraded dependencies: - - Guava dependency version: 18.0 -> 20.0 - - Saxon-HE dependency version: 9.6.0-5 -> 9.7.0-14 - - com.sun.mail:javax.mail v1.5.4 -> com.sun.mail:mailapi v1.5.6 - - Java Servlet API: 3.0.1 -> 3.1.0 - - Apache CXF: 3.1.0 -> 3.1.9 - - [GH-12] Spring framework: 3.2.2 -> 4.3.5 - - authzforce-ce-core: 5.0.2 -> 6.1.0 - - authzforce-ce-pap-dao-flat-file: 6.1.0 -> 7.0.0 - - authzforce-ce-core-pdp-api: 7.1.1 -> 8.2.0 -- Behavior of *unordered* rule combining algorithms (deny-overrides, permit-overrides, deny-unless-permit and permit-unless deny), i.e. for which the order of evaluation may be different from the order of declaration: child elements are re-ordered for more efficiency (e.g. Deny rules evaluated first in case of deny-overrides algorithm), therefore the algorithm implementation, the order of evaluation in particular, now differs from ordered-* variants. - -### Fixed -- [GH-6] Removing the latest version of a policy now possible using `latest` keyword: HTTP DELETE `/domains/{domainId}/policies/{policyId}/latest` -- [GH-11] Wrong response status code returned by API when trying to activate a policy with invalid/unsupported function ID (related to [OW2-25]) -- Issues in dependency Authzforce Core: - - [OW2-23] enforcement of XACML `RuleId`/`PolicyId`/`PolicySetId` uniqueness: - - `PolicyId` (resp. `PolicySetId`) should be unique across all policies loaded by PDP so that `PolicyIdReferences` (resp. `PolicySetIdReferences`) in XACML Responses' `PolicyIdentifierList` element are absolute references to applicable policies (no ambiguity). - - [RuleId should be unique within a policy](https://lists.oasis-open.org/archives/xacml/201310/msg00025.html) -> A rule is globally uniquely identified by the parent PolicyId and the RuleId. - - [OW2-25] NullPointerException when parsing Apply expressions using invalid/unsupported Function ID - -### Removed -- Dependency on Koloboke, replaced by extension mechanism mentioned in *Added* section that would allow to switch from the default HashMap/HashSet implementation to Koloboke-based. - - -## 5.4.1 -### Fixed -- [OW2-22] When handling the same XACML Request twice in the same JVM with the root PolicySet using deny-unless-permit algorithm over a Policy returning simple Deny (no status/obligation/advice) and a Policy returning Permit/Deny with obligations/advice, the obligation is duplicated in the final result at the second time this situation occurs. -- XACML `StatusCode` XML serialization/marshalling error when Missing Attribute info that is no valid anyURI is returned by PDP in a Indeterminate Result -- Other issues reported by Codacy - -### Changed -- Parent project version: authzforce-ce-parent: 3.4.0 -- Dependency versions: authzforce-ce-core-pap-api: 5.3.0, authzforce-ce-pap-dao-flat-file: 6.1.0 -- Interpretation of XACML Request flag `ReturnPolicyId=true`, considering a policy as _applicable_ if and only if the decision is not `NotApplicable` and if it is not a root policy, the same goes for the enclosing policy. See also the [discussion on the xacml-comment mailing list](https://lists.oasis-open.org/archives/xacml-comment/201605/msg00004.html). -- AttributeProvider module API: new environmentProperties parameter in factories, allowing module configurations to use global Environment properties like `PARENT_DIR` variable -- New PDP XML configuration schema namespace (used in file `conf/domain.tmpl/pdp.xml`): `http://authzforce.github.io/core/xmlns/pdp/5.0` (previous namespace: `http://authzforce.github.io/core/xmlns/pdp/3.6`). - - Removed `functionSet` element - - Added `standardEnvAttributeSource` attribute (enum): sets the source for the Standard Current Time Environment Attribute values (current-date, current-time, current-dateTime): `PDP_ONLY`, `REQUEST_ELSE_PDP`, `REQUEST_ONLY` - - Added `badRequestStatusDetailLevel` attribute (positive integer) sets the level of detail of the error message in `StatusDetail` returned in Indeterminate Results in case of bad Requests - -### Added -- Upgrader tool now supporting migration from 5.1.x, 5.2.x, 5.3.x, 5.4.x to current (to help deal with PDP XML schema changes, esp. namespace) - - -## 5.4.0 -### Added -- Conformance with [REST Profile of XACML v3.0 Version 1.0](http://docs.oasis-open.org/xacml/xacml-rest/v1.0/xacml-rest-v1.0.html), especially test assertion [urn:oasis:names:tc:xacml:3.0:profile:rest:assertion:home:pdp](http://docs.oasis-open.org/xacml/xacml-rest/v1.0/cs02/xacml-rest-v1.0-cs02.html#_Toc399235433) (FIWARE SEC-923). - -### Changed -- REST API model (authzforce-ce-rest-api-model) version: 5.3.1: changed `elementFormDefault` to _qualified_ in the XML schema for API payloads (and only text and FastInfoset-encoded XML are supported, not JSON) -- [GH-5] Moved maven dependency `cxf-rt-frontend-jaxrs` from child module `rest-service` to child module `webapp`. - - -## 5.3.0 -### Changed -- Version of dependency `authzforce-ce-pap-dao-flat-file` to `6.0.0`, causing changes to the REST API URL `/domains/{domainId}/pap/pdp.properties` regarding IDs of features of type `urn:ow2:authzforce:feature-type:pdp:request-filter`: - - `urn:ow2:authzforce:xacml:request-filter:default-lax` changed to `urn:ow2:authzforce:feature:pdp:request-filter:default-lax`; - - `urn:ow2:authzforce:xacml:request-filter:default-strict` changed to `urn:ow2:authzforce:feature:pdp:request-filter:default-strict`; - - `urn:ow2:authzforce:xacml:request-filter:multiple:repeated-attribute-categories-strict` changed to `urn:ow2:authzforce:feature:pdp:request-filter:multiple:repeated-attribute-categories-strict`; - - `urn:ow2:authzforce:xacml:request-filter:multiple:repeated-attribute-categories-lax` changed to `urn:ow2:authzforce:feature:pdp:request-filter:multiple:repeated-attribute-categories-lax`. - - -## 5.2.0 -### Added -- REST API spec (authzforce-ce-rest-api-model) v5.1.0 support: enhanced management of PDP features, i.e. all supported features may be listed, and each feature may have a 'type' and an 'enabled' (true or false) state that can be updated via the API -- [GH-1] Supported configurable PDP features by type: - - Type `urn:ow2:authzforce:feature-type:pdp:core` (PDP core engine features, as opposed to extensions below): `urn:ow2:authzforce:feature:pdp:core:xpath-eval` (experimental support for XACML AttributeSelector, xpathExpression datatype and xpath-node-count function), `urn:ow2:authzforce:feature:pdp:core:strict-attribute-issuer-match` (enable strict Attribute Issuer matching, i.e. AttributeDesignators without Issuer only match request Attributes with same AttributeId/Category but without Issuer) - - [GH-1] Type `urn:ow2:authzforce:feature-type:pdp:data-type`: any custom XACML Data type extension - - [GH-1] Type `urn:ow2:authzforce:feature-type:pdp:function`: any custom XACML function extension - - Type `urn:ow2:authzforce:feature-type:pdp:function-set`: any set of custom XACML function extensions - - [GH-2] Type `urn:ow2:authzforce:feature-type:pdp:combining-algorithm`: any custom XACML policy/rule combining algorithm extension - - [GH-2] Type `urn:ow2:authzforce:feature-type:pdp:request-filter`: any custom XACML request filter + native ones, i.e. `urn:ow2:authzforce:xacml:request-filter:default-lax` (default XACML Core-compliant Individual Decision Request filter), `urn:ow2:authzforce:xacml:request-filter:default-strict` (like previous one except duplicate in a is not allowed), `urn:ow2:authzforce:xacml:request-filter:multiple:repeated-attribute-categories-lax` (request filter implenting XACML profile `urn:oasis:names:tc:xacml:3.0:profile:multiple:repeated-attribute-categories`), `urn:ow2:authzforce:xacml:request-filter:multiple:repeated-attribute-categories-strict` (like previous one except duplicate in a is not allowed) - - [GH-2] Type `urn:ow2:authzforce:feature-type:pdp:result-filter`: any custom XACML Result filter extension -- [GH-4] Distribution upgrader now supporting all 4.x versions as old versions - - -## 5.1.2 -### Added -- REST API features (see *Changed* section for API changes): - - URL path specific to PDP properties: - - `GET /domains/{domainId}/pap/pdp.properties` gives properties of the PDP, including date/time of last modification and active/applicable policies (root policy and policies referenced directly/indirectly from root) - - `PUT /domains/{domainId}/pap/pdp.properties` also allows to set PDP's root policy reference and enable PDP implementation-specific features, such as Multiple Decision Profile support (scheme 2.3 - repeated attribute categories) - - URL path specific to PRP (Policy Repository Point) properties: `GET or PUT /domains/{domainId}/pap/prp.properties`: set/get properties `maxPolicyCount` (maximum number of policies), `maxVersionCount` (maximum number of versions per policy), `versionRollingEnabled` (enable policy version rolling, i.e. oldest versions auto-removed when the number of versions of a policy is about to exceed `maxVersionCount`) - - Special keyword `latest` usable as version ID pointing to the latest version of a given policy (in addition to XACML version IDs like before), e.g. URL path `/domains/{domainId}/pap/policies/P1/latest` points to the latest version of the policy `P1` - - Fast Infoset support with new data representation type `application/fastinfoset` (in addition to `application/xml`) for all API payloads. Requires Authzforce Server to be started in a specific mode using [JavaEE Environment Entry](https://tomcat.apache.org/tomcat-7.0-doc/config/context.html#Environment_Entries) `spring.profiles.active` in Tomcat-specific Authzforce webapp context file (`authzforce-ce.xml`). Default type remains `application/xml` (default type is used when a wildcard is received as Accept header value from the client) - - API caches domains' PDPs and externalIds for performance reasons, but it is now possible to force re-synchronizing this domain cache after any change to the backend domain repository, i.e. reloading domains' PDPs and externalIDs without restarting the webapp or server: - - `GET or HEAD /domains` forces re-synchronization of all domains - - `GET or HEAD /domains/{domainId}/properties` forces re-synchronization of externalId with domain properties file (properties.xml) in the domain directory - - `GET or HEAD /domains/{domainId}/pap/pdp.properties`; or `GET or HEAD /domains/{domainId}/pap/policies` forces re-synchronization of PDP with configuration file (`pdp.xml`) and policy files in subfolder `policies` of the domain directory - - `DELETE /domains/{domainId}` forces removal of the domain from cache, and the domain directory if it still exists (removes from cache only if directory already removed) - - Properties for controlling the size of incoming XML (`maxElementDepth`, `maxChildElements`, `maxAttributeCount`, `maxAttributeSize`, `maxTextLength`) corresponding to [CXF XML security properties](http://cxf.apache.org/docs/security.html#Security-XML) may be configured as [JavaEE Environment Entries](https://tomcat.apache.org/tomcat-7.0-doc/config/context.html#Environment_Entries) in Tomcat-specific Authzforce webapp context file (`authzforce-ce.xml`). Only `maxElementDepth` and `maxChildElements` are supported in Fast Infoset mode (due to issue [CXF-6848](https://issues.apache.org/jira/browse/CXF-6848)). -- Completed 100% XACML 3.0 Core Specification compliance with support of Extended Indeterminate values in policy evaluation (XACML 3.0 Core specification, section 7.10-7.14, appendix C: combining algorithms) -- Distribution upgrader: tool to upgrade from Authzforce 4.2.0 - -### Changed -- Supported REST API model (authzforce-ce-rest-api-model) upgraded to **v5.1.1** with following changes: - - PDP's root policy reference set via method `PUT /domains/{domainId}/pap/pdp.properties` (instead of `PUT /domains/{domainId}/properties` in previous version) - - URL path `/domains/{domainId}/pap/attribute.providers` replaces `/domains/{domainId}/pap/attributeProviders` from previous version, in order to apply better practices of REST API design (case-insensitive URLs) and to be consistent with new API paths `pdp.properties` and `prp.properties` (see *Added* section) -- Multiple Decision Profile disabled by default after domain creation (enabled by default in previous version) -- Backend flat-file database (DAO): - - Format of `properties.xml` (domain properties): XML namespace changed to `http://authzforce.github.io/pap-dao-flat-file/xmlns/properties/3.6` (instead of `http://authzforce.github.io/pap-dao-file/xmlns/properties/3.6` in previous version) - - Format of `pdp.xml` (PDP): XML schema/namespace of PDP PolicyProvider configuration changed to `http://authzforce.github.io/pap-dao-flat-file/xmlns/pdp-ext/3.6` (instead of `http://authzforce.github.io/pap-dao-file/xmlns/pdp-ext/3.6` in previous version) - - Strategy for synchronizing cached domain's PDP and externalId-to-domain mapping with configuration files: no longer using Java WatchService (not adapted to NFS or CIFS shares), but each domain has a specific thread polling files in the domain directory's and checking their `lastModifiedTime` attribute for change: - - If a given domain ID is requested and no matching domain in cache, but a matching domain directory is found, the domain is automatically synced to cache and the synchronizing thread created; - - If the domain's directory found missing by the synchronizing thread, the thread deletes the domain from cache. - - If any change to `properties.xml` (domain description, externalId) detected, externalId updated in cache - - If any change to `pdp.xml` or the file of any policy used by the PDP, the PDP is reloaded. -- ZIP distribution format (`.zip`) changed to tarball format (`.tar.gz`), more suitable for Unix/Linux environments. - -### Removed -- Dependency on commons-io, replaced with Java 7 java.nio.file API for recursive directory copy/deletion - -### Fixed -- [GH-6] deleted domain ID still returned by GET /domains?externalId=... -- FIWARE JIRA [SEC-870](https://jira.fiware.org/browse/SEC-870): Debian/Ubuntu package dependencies: `java7-jdk` replaced with `openjdk-7-jdk | oracle-java7-installer` -- Policy versions returned in wrong order by API - - -## 4.4.1 -### Changed -- Default domain rootPolicyRef no longer has 'Version' specified so that the root policy is always the latest version added via the PAP (by default). - -### Fixed -- Hiding file paths from error messages returned by the REST API - - -## 4.4.0 -### Added -- XACML 3.0: Support for new XACML 3.0 standard string functions: type-from-string and string-from-type where type can be any XACML datatype (boolean, integer, double, time, date, etc.), string-starts-with, string-ends-with, anyURI-ends-with, anyURI-starts-with, string-contains, anyURI-contains, string-substring, anyURI-substring. -- XACML 3.0: Support new xacml 3.0 standard higher-order bag functions: any-of, all-of, any-of-any, map. -- XACML 3.0: Suppport for new XACML 3.0 standard date/time functions: dateTime-add-dayTimeDuration, dateTime-add-yearMonthDuration, dateTime-subtract-dayTimeDuration, dateTime-subtract-yearMonthDuration, date-add-yearMonthDuration, date-subtract-yearMonthDuration, dayTimeDuration-one-and-only, dayTimeDuration-bag-size, dayTimeDuration-is-in, dayTimeDuration-bag, yearMonthDuration-one-and-only, yearMonthDuration-bag-size. -- REST API: Enable/Disable logging of API requests and responses with access info (timestamp, source IP address, requested URL path, requested method, message body...) for audit, debugging, troubleshooting purposes - - -## 4.3.0 -### Added -- REST API: CRUD operations per policy with versioning at URL path /domains/{id}/pap/policies/{policyId}/{policyVersion}. Each {policyId}/{policyVersion} represents a specific XACML PolicySet Id/Version that can be referenced from the PDP's root PolicySet or from other policies via PolicySetIdReference -- REST API: Domain property 'externalId' to be set by the client when provisioning/updating a domain (like in SCIM REST API). May be used in query parameter to retrieve a domain resource. -- REST API: Domain property 'rootPolicyRef' to define the root policy via policy reference to one of the policies managed via URL path /domains/{id}/pap/policies/{policyId}/{policyVersion}. -- XACML 3.0: Suppport for new xacml 3.0 standard equality functions: string-equal-ignore-case, dayTimeDuration-equal, yearMonthDuration-equal. -- XACML 3.0: Support for VariableDefinitions/VariableReferences -- XACML 3.0: support of Indeterminate arguments in boolean functions (and, or, n-of), i.e. the function may evaluate successfully with Indeterminate arguments under certain conditions - 1. OR: If at least 1 True arg, then True regardless of Indeterminate args; else if at least 1 Indeterminate, return Indeterminate; else false. - 1. AND: If at least 1 False arg, then False regardless of Indeterminate args; else if at least 1 Indeterminate, then Indeterminate; else True. - 1. N-OF: similar to OR but checking whether at least N args are True instead of 1, in the remaining arguments; else there is/are n True(s) with n < N; if there are at least (N-n) Indeterminate, return Indeterminate; else return false. -- Global configuration properties: max number of policies per domain, max number of versions per policy -- Distribution as WAR - -### Changed -- REST API: Base64url-encoded domain IDs, to make URL paths shorter. -- XML namespaces for REST API data model using public github.io URLs and schema versioning (namespace includes major version and usage of 'version' attribute in root schema element) - -### Fixed -- Policy(Set) IDs rejected although valid per definition of xs:anyURI, e.g. if it contained space characters. -- Error if no subject, action or resource attributes in XACML request - -### Security -- Detection of circular references in Policy(Set)IdReferences or VariableReference -- Configurable max allowed depth of PolicySetIdReference or VariableReference - - -## 4.2.0 -### Added -- Distribution as Debian package -- XACML 3.0: Permit-unless-deny policy/rule combining algorithm -- XACML 3.0: Ordered-deny-overrides policy/rule combining algorithm -- XACML 3.0: Ordered-permit-overrides policy/rule combining algorithm -- XACML 3.0: Multiple Decision Profile, scheme 2.3 (repetition of attribute categories) - - -## 4.1.0 -### Changed -- Initial release in open source +# Change log +All notable changes to this project are documented in this file following the [Keep a CHANGELOG](http://keepachangelog.com) conventions. We try to apply [FIWARE Versioning](https://forge.fiware.org/plugins/mediawiki/wiki/fiware/index.php/Releases_and_Sprints_numbering,_with_mapping_to_calendar_dates) with one particular rule: the version must be equal to or greater than the version of the _authzforce-ce-rest-api-model_ dependency (declared in _rest-service_ module's POM). Indeed, this dependency holds the resources of the REST API specification implemented by this project. Therefore, the rule helps relate a specific version of this project to the specific version of the REST API specification that is implemented/supported. + +Issues reported on [GitHub](https://github.com/authzforce/server/issues) are referenced in the form of `[GH-N]`, where N is the issue number. Issues reported on [OW2](https://jira.ow2.org/browse/AUTHZFORCE/) are mentioned in the form of `[OW2-N]`, where N is the issue number. + + +## 7.0.0 +### Changed +- Versions of AuthzForce dependencies: + - Parent project (authzforce-ce-parent): 5.0.0 + - authzforce-ce-pap-dao-flat-file: 8.0.0 + - authzforce-ce-core-pap-api: 6.3.0 + - authzforce-ce-core: 7.1.0 + - authzforce-ce-core-pdp-api: 9.0.0 + -> API changes (non-backward compatible) for PDP extensions: DecisionCache, DecisionResultFilter + +- Versions of third-party dependencies: + - SLF4J: 1.7.22 + - Spring: 4.3.6 + - Guava: 21.0 + - CXF: 3.1.10 + - Logback-classic: 1.1.9 + +### Added +- Class [RESTfulPdpBasedAuthzInterceptor](webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/RESTfulPdpBasedAuthzInterceptor): an example of PEP using PDP's REST API in the form of a CXF interceptor. More info on the test scenario in the associated test class [RESTfulPdpBasedAuthzInterceptorTest](webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/RESTfulPdpBasedAuthzInterceptorTest). + +### Fixed +- [OW2-25] NullPointerException when parsing Apply expressions using invalid/unsupported Function ID. This is the final fix addressing higher-order functions. Initial fix in v7.0.0 only addressed first-order ones. + + +## 6.0.0 +### Added +- [GH-8] JSON support on the REST API using [*mapped* convention](http://cxf.apache.org/docs/json-support.html) with configurable namespace-to-JSON-prefix mappings (new configuration file `xmlns-to-json-key-prefix-map.properties`) +- [GH-9] Configuration parameter `enablePdpOnly` (boolean): disables all API features except the PDP if true. Allows to have PDP-only AuthzForce Server instances. +- PDP engine (AuthzForce Core) enhancements: + - Extension mechanism to switch `HashMap`/`HashSet` implementations with different performance properties; default implementation is based on a mix of native JRE and Guava. + - Static validation (at policy initialization time) of the 'n' argument (minimum of *true* arguments) of XACML 'n-of' function if this argument is constant (must be a positive integer not greater than the number of remaining arguments) + - Static validation (at policy initialization time) of second and third arguments of XACML substring function if these are constants (arg1 >= 0 && (arg2 == -1 || arg2 >= arg1)) + +- Dependency vulnerability checking with OWASP dependency-check tool +- Source code security validation with Find Security Bugs plugin + +### Changed +- Compatible Java version changed from 1.7 to **1.8** +- Packaging for **Ubuntu 16.04 LTS / JRE 8 / Tomcat 8**: changed Ubuntu package dependencies to `openjdk-8-jre | oracle-java8-installer, tomcat8` +- Upgraded parent project authzforce-ce-parent: 3.4.0 -> 4.1.1: +- Upgraded dependencies: + - Guava dependency version: 18.0 -> 20.0 + - Saxon-HE dependency version: 9.6.0-5 -> 9.7.0-14 + - com.sun.mail:javax.mail v1.5.4 -> com.sun.mail:mailapi v1.5.6 + - Java Servlet API: 3.0.1 -> 3.1.0 + - Apache CXF: 3.1.0 -> 3.1.9 + - [GH-12] Spring framework: 3.2.2 -> 4.3.5 + - authzforce-ce-core: 5.0.2 -> 6.1.0 + - authzforce-ce-pap-dao-flat-file: 6.1.0 -> 7.0.0 + - authzforce-ce-core-pdp-api: 7.1.1 -> 8.2.0 +- Behavior of *unordered* rule combining algorithms (deny-overrides, permit-overrides, deny-unless-permit and permit-unless deny), i.e. for which the order of evaluation may be different from the order of declaration: child elements are re-ordered for more efficiency (e.g. Deny rules evaluated first in case of deny-overrides algorithm), therefore the algorithm implementation, the order of evaluation in particular, now differs from ordered-* variants. + +### Fixed +- [GH-6] Removing the latest version of a policy now possible using `latest` keyword: HTTP DELETE `/domains/{domainId}/policies/{policyId}/latest` +- [GH-11] Wrong response status code returned by API when trying to activate a policy with invalid/unsupported function ID (related to [OW2-25]) +- Issues in dependency Authzforce Core: + - [OW2-23] enforcement of XACML `RuleId`/`PolicyId`/`PolicySetId` uniqueness: + - `PolicyId` (resp. `PolicySetId`) should be unique across all policies loaded by PDP so that `PolicyIdReferences` (resp. `PolicySetIdReferences`) in XACML Responses' `PolicyIdentifierList` element are absolute references to applicable policies (no ambiguity). + - [RuleId should be unique within a policy](https://lists.oasis-open.org/archives/xacml/201310/msg00025.html) -> A rule is globally uniquely identified by the parent PolicyId and the RuleId. + - [OW2-25] NullPointerException when parsing Apply expressions using invalid/unsupported Function ID + +### Removed +- Dependency on Koloboke, replaced by extension mechanism mentioned in *Added* section that would allow to switch from the default HashMap/HashSet implementation to Koloboke-based. + + +## 5.4.1 +### Fixed +- [OW2-22] When handling the same XACML Request twice in the same JVM with the root PolicySet using deny-unless-permit algorithm over a Policy returning simple Deny (no status/obligation/advice) and a Policy returning Permit/Deny with obligations/advice, the obligation is duplicated in the final result at the second time this situation occurs. +- XACML `StatusCode` XML serialization/marshalling error when Missing Attribute info that is no valid anyURI is returned by PDP in a Indeterminate Result +- Other issues reported by Codacy + +### Changed +- Parent project version: authzforce-ce-parent: 3.4.0 +- Dependency versions: authzforce-ce-core-pap-api: 5.3.0, authzforce-ce-pap-dao-flat-file: 6.1.0 +- Interpretation of XACML Request flag `ReturnPolicyId=true`, considering a policy as _applicable_ if and only if the decision is not `NotApplicable` and if it is not a root policy, the same goes for the enclosing policy. See also the [discussion on the xacml-comment mailing list](https://lists.oasis-open.org/archives/xacml-comment/201605/msg00004.html). +- AttributeProvider module API: new environmentProperties parameter in factories, allowing module configurations to use global Environment properties like `PARENT_DIR` variable +- New PDP XML configuration schema namespace (used in file `conf/domain.tmpl/pdp.xml`): `http://authzforce.github.io/core/xmlns/pdp/5.0` (previous namespace: `http://authzforce.github.io/core/xmlns/pdp/3.6`). + - Removed `functionSet` element + - Added `standardEnvAttributeSource` attribute (enum): sets the source for the Standard Current Time Environment Attribute values (current-date, current-time, current-dateTime): `PDP_ONLY`, `REQUEST_ELSE_PDP`, `REQUEST_ONLY` + - Added `badRequestStatusDetailLevel` attribute (positive integer) sets the level of detail of the error message in `StatusDetail` returned in Indeterminate Results in case of bad Requests + +### Added +- Upgrader tool now supporting migration from 5.1.x, 5.2.x, 5.3.x, 5.4.x to current (to help deal with PDP XML schema changes, esp. namespace) + + +## 5.4.0 +### Added +- Conformance with [REST Profile of XACML v3.0 Version 1.0](http://docs.oasis-open.org/xacml/xacml-rest/v1.0/xacml-rest-v1.0.html), especially test assertion [urn:oasis:names:tc:xacml:3.0:profile:rest:assertion:home:pdp](http://docs.oasis-open.org/xacml/xacml-rest/v1.0/cs02/xacml-rest-v1.0-cs02.html#_Toc399235433) (FIWARE SEC-923). + +### Changed +- REST API model (authzforce-ce-rest-api-model) version: 5.3.1: changed `elementFormDefault` to _qualified_ in the XML schema for API payloads (and only text and FastInfoset-encoded XML are supported, not JSON) +- [GH-5] Moved maven dependency `cxf-rt-frontend-jaxrs` from child module `rest-service` to child module `webapp`. + + +## 5.3.0 +### Changed +- Version of dependency `authzforce-ce-pap-dao-flat-file` to `6.0.0`, causing changes to the REST API URL `/domains/{domainId}/pap/pdp.properties` regarding IDs of features of type `urn:ow2:authzforce:feature-type:pdp:request-filter`: + - `urn:ow2:authzforce:xacml:request-filter:default-lax` changed to `urn:ow2:authzforce:feature:pdp:request-filter:default-lax`; + - `urn:ow2:authzforce:xacml:request-filter:default-strict` changed to `urn:ow2:authzforce:feature:pdp:request-filter:default-strict`; + - `urn:ow2:authzforce:xacml:request-filter:multiple:repeated-attribute-categories-strict` changed to `urn:ow2:authzforce:feature:pdp:request-filter:multiple:repeated-attribute-categories-strict`; + - `urn:ow2:authzforce:xacml:request-filter:multiple:repeated-attribute-categories-lax` changed to `urn:ow2:authzforce:feature:pdp:request-filter:multiple:repeated-attribute-categories-lax`. + + +## 5.2.0 +### Added +- REST API spec (authzforce-ce-rest-api-model) v5.1.0 support: enhanced management of PDP features, i.e. all supported features may be listed, and each feature may have a 'type' and an 'enabled' (true or false) state that can be updated via the API +- [GH-1] Supported configurable PDP features by type: + - Type `urn:ow2:authzforce:feature-type:pdp:core` (PDP core engine features, as opposed to extensions below): `urn:ow2:authzforce:feature:pdp:core:xpath-eval` (experimental support for XACML AttributeSelector, xpathExpression datatype and xpath-node-count function), `urn:ow2:authzforce:feature:pdp:core:strict-attribute-issuer-match` (enable strict Attribute Issuer matching, i.e. AttributeDesignators without Issuer only match request Attributes with same AttributeId/Category but without Issuer) + - [GH-1] Type `urn:ow2:authzforce:feature-type:pdp:data-type`: any custom XACML Data type extension + - [GH-1] Type `urn:ow2:authzforce:feature-type:pdp:function`: any custom XACML function extension + - Type `urn:ow2:authzforce:feature-type:pdp:function-set`: any set of custom XACML function extensions + - [GH-2] Type `urn:ow2:authzforce:feature-type:pdp:combining-algorithm`: any custom XACML policy/rule combining algorithm extension + - [GH-2] Type `urn:ow2:authzforce:feature-type:pdp:request-filter`: any custom XACML request filter + native ones, i.e. `urn:ow2:authzforce:xacml:request-filter:default-lax` (default XACML Core-compliant Individual Decision Request filter), `urn:ow2:authzforce:xacml:request-filter:default-strict` (like previous one except duplicate in a is not allowed), `urn:ow2:authzforce:xacml:request-filter:multiple:repeated-attribute-categories-lax` (request filter implenting XACML profile `urn:oasis:names:tc:xacml:3.0:profile:multiple:repeated-attribute-categories`), `urn:ow2:authzforce:xacml:request-filter:multiple:repeated-attribute-categories-strict` (like previous one except duplicate in a is not allowed) + - [GH-2] Type `urn:ow2:authzforce:feature-type:pdp:result-filter`: any custom XACML Result filter extension +- [GH-4] Distribution upgrader now supporting all 4.x versions as old versions + + +## 5.1.2 +### Added +- REST API features (see *Changed* section for API changes): + - URL path specific to PDP properties: + - `GET /domains/{domainId}/pap/pdp.properties` gives properties of the PDP, including date/time of last modification and active/applicable policies (root policy and policies referenced directly/indirectly from root) + - `PUT /domains/{domainId}/pap/pdp.properties` also allows to set PDP's root policy reference and enable PDP implementation-specific features, such as Multiple Decision Profile support (scheme 2.3 - repeated attribute categories) + - URL path specific to PRP (Policy Repository Point) properties: `GET or PUT /domains/{domainId}/pap/prp.properties`: set/get properties `maxPolicyCount` (maximum number of policies), `maxVersionCount` (maximum number of versions per policy), `versionRollingEnabled` (enable policy version rolling, i.e. oldest versions auto-removed when the number of versions of a policy is about to exceed `maxVersionCount`) + - Special keyword `latest` usable as version ID pointing to the latest version of a given policy (in addition to XACML version IDs like before), e.g. URL path `/domains/{domainId}/pap/policies/P1/latest` points to the latest version of the policy `P1` + - Fast Infoset support with new data representation type `application/fastinfoset` (in addition to `application/xml`) for all API payloads. Requires Authzforce Server to be started in a specific mode using [JavaEE Environment Entry](https://tomcat.apache.org/tomcat-7.0-doc/config/context.html#Environment_Entries) `spring.profiles.active` in Tomcat-specific Authzforce webapp context file (`authzforce-ce.xml`). Default type remains `application/xml` (default type is used when a wildcard is received as Accept header value from the client) + - API caches domains' PDPs and externalIds for performance reasons, but it is now possible to force re-synchronizing this domain cache after any change to the backend domain repository, i.e. reloading domains' PDPs and externalIDs without restarting the webapp or server: + - `GET or HEAD /domains` forces re-synchronization of all domains + - `GET or HEAD /domains/{domainId}/properties` forces re-synchronization of externalId with domain properties file (properties.xml) in the domain directory + - `GET or HEAD /domains/{domainId}/pap/pdp.properties`; or `GET or HEAD /domains/{domainId}/pap/policies` forces re-synchronization of PDP with configuration file (`pdp.xml`) and policy files in subfolder `policies` of the domain directory + - `DELETE /domains/{domainId}` forces removal of the domain from cache, and the domain directory if it still exists (removes from cache only if directory already removed) + - Properties for controlling the size of incoming XML (`maxElementDepth`, `maxChildElements`, `maxAttributeCount`, `maxAttributeSize`, `maxTextLength`) corresponding to [CXF XML security properties](http://cxf.apache.org/docs/security.html#Security-XML) may be configured as [JavaEE Environment Entries](https://tomcat.apache.org/tomcat-7.0-doc/config/context.html#Environment_Entries) in Tomcat-specific Authzforce webapp context file (`authzforce-ce.xml`). Only `maxElementDepth` and `maxChildElements` are supported in Fast Infoset mode (due to issue [CXF-6848](https://issues.apache.org/jira/browse/CXF-6848)). +- Completed 100% XACML 3.0 Core Specification compliance with support of Extended Indeterminate values in policy evaluation (XACML 3.0 Core specification, section 7.10-7.14, appendix C: combining algorithms) +- Distribution upgrader: tool to upgrade from Authzforce 4.2.0 + +### Changed +- Supported REST API model (authzforce-ce-rest-api-model) upgraded to **v5.1.1** with following changes: + - PDP's root policy reference set via method `PUT /domains/{domainId}/pap/pdp.properties` (instead of `PUT /domains/{domainId}/properties` in previous version) + - URL path `/domains/{domainId}/pap/attribute.providers` replaces `/domains/{domainId}/pap/attributeProviders` from previous version, in order to apply better practices of REST API design (case-insensitive URLs) and to be consistent with new API paths `pdp.properties` and `prp.properties` (see *Added* section) +- Multiple Decision Profile disabled by default after domain creation (enabled by default in previous version) +- Backend flat-file database (DAO): + - Format of `properties.xml` (domain properties): XML namespace changed to `http://authzforce.github.io/pap-dao-flat-file/xmlns/properties/3.6` (instead of `http://authzforce.github.io/pap-dao-file/xmlns/properties/3.6` in previous version) + - Format of `pdp.xml` (PDP): XML schema/namespace of PDP PolicyProvider configuration changed to `http://authzforce.github.io/pap-dao-flat-file/xmlns/pdp-ext/3.6` (instead of `http://authzforce.github.io/pap-dao-file/xmlns/pdp-ext/3.6` in previous version) + - Strategy for synchronizing cached domain's PDP and externalId-to-domain mapping with configuration files: no longer using Java WatchService (not adapted to NFS or CIFS shares), but each domain has a specific thread polling files in the domain directory's and checking their `lastModifiedTime` attribute for change: + - If a given domain ID is requested and no matching domain in cache, but a matching domain directory is found, the domain is automatically synced to cache and the synchronizing thread created; + - If the domain's directory found missing by the synchronizing thread, the thread deletes the domain from cache. + - If any change to `properties.xml` (domain description, externalId) detected, externalId updated in cache + - If any change to `pdp.xml` or the file of any policy used by the PDP, the PDP is reloaded. +- ZIP distribution format (`.zip`) changed to tarball format (`.tar.gz`), more suitable for Unix/Linux environments. + +### Removed +- Dependency on commons-io, replaced with Java 7 java.nio.file API for recursive directory copy/deletion + +### Fixed +- [GH-6] deleted domain ID still returned by GET /domains?externalId=... +- FIWARE JIRA [SEC-870](https://jira.fiware.org/browse/SEC-870): Debian/Ubuntu package dependencies: `java7-jdk` replaced with `openjdk-7-jdk | oracle-java7-installer` +- Policy versions returned in wrong order by API + + +## 4.4.1 +### Changed +- Default domain rootPolicyRef no longer has 'Version' specified so that the root policy is always the latest version added via the PAP (by default). + +### Fixed +- Hiding file paths from error messages returned by the REST API + + +## 4.4.0 +### Added +- XACML 3.0: Support for new XACML 3.0 standard string functions: type-from-string and string-from-type where type can be any XACML datatype (boolean, integer, double, time, date, etc.), string-starts-with, string-ends-with, anyURI-ends-with, anyURI-starts-with, string-contains, anyURI-contains, string-substring, anyURI-substring. +- XACML 3.0: Support new xacml 3.0 standard higher-order bag functions: any-of, all-of, any-of-any, map. +- XACML 3.0: Suppport for new XACML 3.0 standard date/time functions: dateTime-add-dayTimeDuration, dateTime-add-yearMonthDuration, dateTime-subtract-dayTimeDuration, dateTime-subtract-yearMonthDuration, date-add-yearMonthDuration, date-subtract-yearMonthDuration, dayTimeDuration-one-and-only, dayTimeDuration-bag-size, dayTimeDuration-is-in, dayTimeDuration-bag, yearMonthDuration-one-and-only, yearMonthDuration-bag-size. +- REST API: Enable/Disable logging of API requests and responses with access info (timestamp, source IP address, requested URL path, requested method, message body...) for audit, debugging, troubleshooting purposes + + +## 4.3.0 +### Added +- REST API: CRUD operations per policy with versioning at URL path /domains/{id}/pap/policies/{policyId}/{policyVersion}. Each {policyId}/{policyVersion} represents a specific XACML PolicySet Id/Version that can be referenced from the PDP's root PolicySet or from other policies via PolicySetIdReference +- REST API: Domain property 'externalId' to be set by the client when provisioning/updating a domain (like in SCIM REST API). May be used in query parameter to retrieve a domain resource. +- REST API: Domain property 'rootPolicyRef' to define the root policy via policy reference to one of the policies managed via URL path /domains/{id}/pap/policies/{policyId}/{policyVersion}. +- XACML 3.0: Suppport for new xacml 3.0 standard equality functions: string-equal-ignore-case, dayTimeDuration-equal, yearMonthDuration-equal. +- XACML 3.0: Support for VariableDefinitions/VariableReferences +- XACML 3.0: support of Indeterminate arguments in boolean functions (and, or, n-of), i.e. the function may evaluate successfully with Indeterminate arguments under certain conditions + 1. OR: If at least 1 True arg, then True regardless of Indeterminate args; else if at least 1 Indeterminate, return Indeterminate; else false. + 1. AND: If at least 1 False arg, then False regardless of Indeterminate args; else if at least 1 Indeterminate, then Indeterminate; else True. + 1. N-OF: similar to OR but checking whether at least N args are True instead of 1, in the remaining arguments; else there is/are n True(s) with n < N; if there are at least (N-n) Indeterminate, return Indeterminate; else return false. +- Global configuration properties: max number of policies per domain, max number of versions per policy +- Distribution as WAR + +### Changed +- REST API: Base64url-encoded domain IDs, to make URL paths shorter. +- XML namespaces for REST API data model using public github.io URLs and schema versioning (namespace includes major version and usage of 'version' attribute in root schema element) + +### Fixed +- Policy(Set) IDs rejected although valid per definition of xs:anyURI, e.g. if it contained space characters. +- Error if no subject, action or resource attributes in XACML request + +### Security +- Detection of circular references in Policy(Set)IdReferences or VariableReference +- Configurable max allowed depth of PolicySetIdReference or VariableReference + + +## 4.2.0 +### Added +- Distribution as Debian package +- XACML 3.0: Permit-unless-deny policy/rule combining algorithm +- XACML 3.0: Ordered-deny-overrides policy/rule combining algorithm +- XACML 3.0: Ordered-permit-overrides policy/rule combining algorithm +- XACML 3.0: Multiple Decision Profile, scheme 2.3 (repetition of attribute categories) + + +## 4.1.0 +### Changed +- Initial release in open source From 93fd1562bb53ef52bc5d5e83f4c2dffa909f1d0c Mon Sep 17 00:00:00 2001 From: cdanger Date: Mon, 6 Mar 2017 23:47:00 +0100 Subject: [PATCH 05/15] - Changed projet.url to gitlab ow2 - Replaced dependency authzforce-ce-core:tests with new authzforce-ce-core-pdp-testutils:jar --- pom.xml | 15 +++++++-------- .../jaxrs/BadRequestExceptionMapper.java | 8 ++++---- .../jaxrs/ClientErrorExceptionMapper.java | 8 ++++---- .../service/jaxrs/DefaultExceptionMapper.java | 8 ++++---- .../rest/service/jaxrs/DomainResourceImpl.java | 8 ++++---- .../service/jaxrs/DomainsResourceImpl.java | 8 ++++---- .../rest/service/jaxrs/PolicyResourceImpl.java | 8 ++++---- .../jaxrs/PolicyVersionResourceImpl.java | 8 ++++---- .../service/jaxrs/PrpRWPropertiesImpl.java | 8 ++++---- .../jaxrs/ServerErrorExceptionMapper.java | 8 ++++---- .../UnsupportedOperationExceptionMapper.java | 8 ++++---- .../jaxrs/WritableDomainPropertiesImpl.java | 8 ++++---- .../jaxrs/WritablePdpPropertiesImpl.java | 8 ++++---- .../XmlAndJsonOnlyMediaTypeRequestFilter.java | 8 ++++---- upgrader/pom.xml | 3 +-- .../src/test/server/current/conf/catalog.xml | 2 +- webapp/pom.xml | 5 ++--- .../webapp/ErrorHandlerInterceptor.java | 8 ++++---- .../ow2/authzforce/webapp/ExceptionFilter.java | 8 ++++---- ...bResourceCompatibleFIStaxInInterceptor.java | 8 ++++---- .../authzforce/webapp/JsonJaxrsProvider.java | 8 ++++---- .../xacml/common/CommonCallbackHandler.java | 8 ++++---- .../sts/xacml/common/DoubleItPortTypeImpl.java | 8 ++++---- .../sts/xacml/common/RolesClaimsHandler.java | 8 ++++---- .../cxf/sts/xacml/common/STSServer.java | 8 ++++---- .../cxf/sts/xacml/common/TokenTestUtils.java | 8 ++++---- .../authzforce/web/test/AdminDomainTest.java | 8 ++++---- .../authzforce/web/test/DomainAPIHelper.java | 10 +++++----- ...ainTestWithoutAutoSyncOrVersionRolling.java | 18 +++++++++--------- .../ow2/authzforce/web/test/DomainSetTest.java | 8 ++++---- ...omainTestWithAutoSyncAndVersionRolling.java | 8 ++++---- .../web/test/DomainsResourceFastInfoset.java | 8 ++++---- .../web/test/MediaTypeHeaderSetter.java | 8 ++++---- .../authzforce/web/test/RestServiceTest.java | 10 +++++----- .../authzforce/web/test/SecurityDemoTest.java | 8 ++++---- .../web/test/XacmlToJsonConversion.java | 8 ++++---- .../authzforce/web/test/pep/cxf/PdpServer.java | 8 ++++---- .../cxf/RESTfulPdpBasedAuthzInterceptor.java | 8 ++++---- .../RESTfulPdpBasedAuthzInterceptorTest.java | 8 ++++---- .../authzforce/web/test/pep/cxf/Server.java | 8 ++++---- .../web/test/pep/cxf/WSS4JBasicAuthFilter.java | 8 ++++---- .../test/resources/META-INF/spring/client.xml | 5 ++--- .../test/server.conf/authzforce-ce/catalog.xml | 2 +- 43 files changed, 169 insertions(+), 173 deletions(-) diff --git a/pom.xml b/pom.xml index be6f411..8291f64 100644 --- a/pom.xml +++ b/pom.xml @@ -4,21 +4,21 @@ org.ow2.authzforce authzforce-ce-parent - 5.0.0 + 5.0.1-SNAPSHOT authzforce-ce-server 7.0.1-SNAPSHOT pom ${project.groupId}:${project.artifactId} - AuthZForce CE Server - https://github.com/authzforce/server + AuthzForce CE Server + ${project.url} https://github.com/authzforce/server - 7.1.0 - 6.3.0 + 7.1.1-SNAPSHOT + 6.3.1-SNAPSHOT - 8.0.0 + 8.0.1-SNAPSHOT scm:git:${git.url.base}.git @@ -30,9 +30,8 @@ ${project.groupId} - ${artifactId.prefix}-core + ${artifactId.prefix}-core-pdp-testutils ${authzforce-ce-core.version} - tests ${project.groupId} diff --git a/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/BadRequestExceptionMapper.java b/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/BadRequestExceptionMapper.java index b77922b..cda3a72 100644 --- a/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/BadRequestExceptionMapper.java +++ b/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/BadRequestExceptionMapper.java @@ -1,20 +1,20 @@ /** * Copyright (C) 2012-2017 Thales Services SAS. * - * This file is part of AuthZForce CE. + * This file is part of AuthzForce CE. * - * AuthZForce CE is free software: you can redistribute it and/or modify + * AuthzForce CE is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * - * AuthZForce CE is distributed in the hope that it will be useful, + * AuthzForce CE is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with AuthZForce CE. If not, see . + * along with AuthzForce CE. If not, see . */ /** * diff --git a/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/ClientErrorExceptionMapper.java b/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/ClientErrorExceptionMapper.java index e59e494..904fd25 100644 --- a/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/ClientErrorExceptionMapper.java +++ b/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/ClientErrorExceptionMapper.java @@ -1,20 +1,20 @@ /** * Copyright (C) 2012-2017 Thales Services SAS. * - * This file is part of AuthZForce CE. + * This file is part of AuthzForce CE. * - * AuthZForce CE is free software: you can redistribute it and/or modify + * AuthzForce CE is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * - * AuthZForce CE is distributed in the hope that it will be useful, + * AuthzForce CE is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with AuthZForce CE. If not, see . + * along with AuthzForce CE. If not, see . */ /** * diff --git a/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/DefaultExceptionMapper.java b/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/DefaultExceptionMapper.java index a6791a2..8e9da1c 100644 --- a/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/DefaultExceptionMapper.java +++ b/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/DefaultExceptionMapper.java @@ -1,20 +1,20 @@ /** * Copyright (C) 2012-2017 Thales Services SAS. * - * This file is part of AuthZForce CE. + * This file is part of AuthzForce CE. * - * AuthZForce CE is free software: you can redistribute it and/or modify + * AuthzForce CE is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * - * AuthZForce CE is distributed in the hope that it will be useful, + * AuthzForce CE is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with AuthZForce CE. If not, see . + * along with AuthzForce CE. If not, see . */ /** * diff --git a/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/DomainResourceImpl.java b/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/DomainResourceImpl.java index 555920b..2857ca9 100644 --- a/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/DomainResourceImpl.java +++ b/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/DomainResourceImpl.java @@ -1,20 +1,20 @@ /** * Copyright (C) 2012-2017 Thales Services SAS. * - * This file is part of AuthZForce CE. + * This file is part of AuthzForce CE. * - * AuthZForce CE is free software: you can redistribute it and/or modify + * AuthzForce CE is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * - * AuthZForce CE is distributed in the hope that it will be useful, + * AuthzForce CE is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with AuthZForce CE. If not, see . + * along with AuthzForce CE. If not, see . */ package org.ow2.authzforce.rest.service.jaxrs; diff --git a/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/DomainsResourceImpl.java b/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/DomainsResourceImpl.java index fc98b54..3041f6c 100644 --- a/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/DomainsResourceImpl.java +++ b/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/DomainsResourceImpl.java @@ -1,20 +1,20 @@ /** * Copyright (C) 2012-2017 Thales Services SAS. * - * This file is part of AuthZForce CE. + * This file is part of AuthzForce CE. * - * AuthZForce CE is free software: you can redistribute it and/or modify + * AuthzForce CE is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * - * AuthZForce CE is distributed in the hope that it will be useful, + * AuthzForce CE is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with AuthZForce CE. If not, see . + * along with AuthzForce CE. If not, see . */ /** * diff --git a/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/PolicyResourceImpl.java b/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/PolicyResourceImpl.java index 5217a3e..5093aaa 100644 --- a/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/PolicyResourceImpl.java +++ b/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/PolicyResourceImpl.java @@ -1,20 +1,20 @@ /** * Copyright (C) 2012-2017 Thales Services SAS. * - * This file is part of AuthZForce CE. + * This file is part of AuthzForce CE. * - * AuthZForce CE is free software: you can redistribute it and/or modify + * AuthzForce CE is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * - * AuthZForce CE is distributed in the hope that it will be useful, + * AuthzForce CE is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with AuthZForce CE. If not, see . + * along with AuthzForce CE. If not, see . */ package org.ow2.authzforce.rest.service.jaxrs; diff --git a/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/PolicyVersionResourceImpl.java b/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/PolicyVersionResourceImpl.java index e9ec622..10082f3 100644 --- a/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/PolicyVersionResourceImpl.java +++ b/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/PolicyVersionResourceImpl.java @@ -1,20 +1,20 @@ /** * Copyright (C) 2012-2017 Thales Services SAS. * - * This file is part of AuthZForce CE. + * This file is part of AuthzForce CE. * - * AuthZForce CE is free software: you can redistribute it and/or modify + * AuthzForce CE is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * - * AuthZForce CE is distributed in the hope that it will be useful, + * AuthzForce CE is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with AuthZForce CE. If not, see . + * along with AuthzForce CE. If not, see . */ package org.ow2.authzforce.rest.service.jaxrs; diff --git a/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/PrpRWPropertiesImpl.java b/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/PrpRWPropertiesImpl.java index 8095574..4bd4e31 100644 --- a/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/PrpRWPropertiesImpl.java +++ b/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/PrpRWPropertiesImpl.java @@ -1,20 +1,20 @@ /** * Copyright (C) 2012-2017 Thales Services SAS. * - * This file is part of AuthZForce CE. + * This file is part of AuthzForce CE. * - * AuthZForce CE is free software: you can redistribute it and/or modify + * AuthzForce CE is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * - * AuthZForce CE is distributed in the hope that it will be useful, + * AuthzForce CE is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with AuthZForce CE. If not, see . + * along with AuthzForce CE. If not, see . */ package org.ow2.authzforce.rest.service.jaxrs; diff --git a/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/ServerErrorExceptionMapper.java b/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/ServerErrorExceptionMapper.java index f40d922..4cbbbcd 100644 --- a/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/ServerErrorExceptionMapper.java +++ b/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/ServerErrorExceptionMapper.java @@ -1,20 +1,20 @@ /** * Copyright (C) 2012-2017 Thales Services SAS. * - * This file is part of AuthZForce CE. + * This file is part of AuthzForce CE. * - * AuthZForce CE is free software: you can redistribute it and/or modify + * AuthzForce CE is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * - * AuthZForce CE is distributed in the hope that it will be useful, + * AuthzForce CE is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with AuthZForce CE. If not, see . + * along with AuthzForce CE. If not, see . */ /** * diff --git a/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/UnsupportedOperationExceptionMapper.java b/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/UnsupportedOperationExceptionMapper.java index 4f99eec..2a55c89 100644 --- a/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/UnsupportedOperationExceptionMapper.java +++ b/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/UnsupportedOperationExceptionMapper.java @@ -1,20 +1,20 @@ /** * Copyright (C) 2012-2017 Thales Services SAS. * - * This file is part of AuthZForce CE. + * This file is part of AuthzForce CE. * - * AuthZForce CE is free software: you can redistribute it and/or modify + * AuthzForce CE is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * - * AuthZForce CE is distributed in the hope that it will be useful, + * AuthzForce CE is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with AuthZForce CE. If not, see . + * along with AuthzForce CE. If not, see . */ /** * diff --git a/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/WritableDomainPropertiesImpl.java b/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/WritableDomainPropertiesImpl.java index c5bd377..79145c2 100644 --- a/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/WritableDomainPropertiesImpl.java +++ b/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/WritableDomainPropertiesImpl.java @@ -1,20 +1,20 @@ /** * Copyright (C) 2012-2017 Thales Services SAS. * - * This file is part of AuthZForce CE. + * This file is part of AuthzForce CE. * - * AuthZForce CE is free software: you can redistribute it and/or modify + * AuthzForce CE is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * - * AuthZForce CE is distributed in the hope that it will be useful, + * AuthzForce CE is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with AuthZForce CE. If not, see . + * along with AuthzForce CE. If not, see . */ package org.ow2.authzforce.rest.service.jaxrs; diff --git a/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/WritablePdpPropertiesImpl.java b/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/WritablePdpPropertiesImpl.java index 4f5000e..5ae5318 100644 --- a/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/WritablePdpPropertiesImpl.java +++ b/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/WritablePdpPropertiesImpl.java @@ -1,20 +1,20 @@ /** * Copyright (C) 2012-2017 Thales Services SAS. * - * This file is part of AuthZForce CE. + * This file is part of AuthzForce CE. * - * AuthZForce CE is free software: you can redistribute it and/or modify + * AuthzForce CE is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * - * AuthZForce CE is distributed in the hope that it will be useful, + * AuthzForce CE is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with AuthZForce CE. If not, see . + * along with AuthzForce CE. If not, see . */ package org.ow2.authzforce.rest.service.jaxrs; diff --git a/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/XmlAndJsonOnlyMediaTypeRequestFilter.java b/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/XmlAndJsonOnlyMediaTypeRequestFilter.java index bd3fb0b..bbf2e69 100644 --- a/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/XmlAndJsonOnlyMediaTypeRequestFilter.java +++ b/rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/XmlAndJsonOnlyMediaTypeRequestFilter.java @@ -1,20 +1,20 @@ /** * Copyright (C) 2012-2017 Thales Services SAS. * - * This file is part of AuthZForce CE. + * This file is part of AuthzForce CE. * - * AuthZForce CE is free software: you can redistribute it and/or modify + * AuthzForce CE is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * - * AuthZForce CE is distributed in the hope that it will be useful, + * AuthzForce CE is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with AuthZForce CE. If not, see . + * along with AuthzForce CE. If not, see . */ package org.ow2.authzforce.rest.service.jaxrs; diff --git a/upgrader/pom.xml b/upgrader/pom.xml index 1619807..ed90452 100644 --- a/upgrader/pom.xml +++ b/upgrader/pom.xml @@ -51,8 +51,7 @@ ${project.groupId} - ${artifactId.prefix}-core - tests + ${artifactId.prefix}-core-pdp-testutils test diff --git a/upgrader/src/test/server/current/conf/catalog.xml b/upgrader/src/test/server/current/conf/catalog.xml index df07fcf..1215ed4 100644 --- a/upgrader/src/test/server/current/conf/catalog.xml +++ b/upgrader/src/test/server/current/conf/catalog.xml @@ -9,5 +9,5 @@ - + diff --git a/webapp/pom.xml b/webapp/pom.xml index 460980f..2980ff3 100644 --- a/webapp/pom.xml +++ b/webapp/pom.xml @@ -10,7 +10,7 @@ ${project.groupId}:${project.artifactId} war Web application packaging for AuthZForce (PAP/PDP) REST service - https://github.com/authzforce/server/rest-service + https://github.com/authzforce/server/webapp 8.0.32 @@ -166,8 +166,7 @@ ${project.groupId} - ${artifactId.prefix}-core - tests + ${artifactId.prefix}-core-pdp-testutils test diff --git a/webapp/src/main/java/org/ow2/authzforce/webapp/ErrorHandlerInterceptor.java b/webapp/src/main/java/org/ow2/authzforce/webapp/ErrorHandlerInterceptor.java index 8377ac2..647a54c 100644 --- a/webapp/src/main/java/org/ow2/authzforce/webapp/ErrorHandlerInterceptor.java +++ b/webapp/src/main/java/org/ow2/authzforce/webapp/ErrorHandlerInterceptor.java @@ -1,20 +1,20 @@ /** * Copyright (C) 2012-2017 Thales Services SAS. * - * This file is part of AuthZForce CE. + * This file is part of AuthzForce CE. * - * AuthZForce CE is free software: you can redistribute it and/or modify + * AuthzForce CE is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * - * AuthZForce CE is distributed in the hope that it will be useful, + * AuthzForce CE is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with AuthZForce CE. If not, see . + * along with AuthzForce CE. If not, see . */ package org.ow2.authzforce.webapp; diff --git a/webapp/src/main/java/org/ow2/authzforce/webapp/ExceptionFilter.java b/webapp/src/main/java/org/ow2/authzforce/webapp/ExceptionFilter.java index fb0870c..379f39e 100644 --- a/webapp/src/main/java/org/ow2/authzforce/webapp/ExceptionFilter.java +++ b/webapp/src/main/java/org/ow2/authzforce/webapp/ExceptionFilter.java @@ -1,20 +1,20 @@ /** * Copyright (C) 2012-2017 Thales Services SAS. * - * This file is part of AuthZForce CE. + * This file is part of AuthzForce CE. * - * AuthZForce CE is free software: you can redistribute it and/or modify + * AuthzForce CE is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * - * AuthZForce CE is distributed in the hope that it will be useful, + * AuthzForce CE is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with AuthZForce CE. If not, see . + * along with AuthzForce CE. If not, see . */ package org.ow2.authzforce.webapp; diff --git a/webapp/src/main/java/org/ow2/authzforce/webapp/JAXRSSubResourceCompatibleFIStaxInInterceptor.java b/webapp/src/main/java/org/ow2/authzforce/webapp/JAXRSSubResourceCompatibleFIStaxInInterceptor.java index b3f4dde..d3b66a6 100644 --- a/webapp/src/main/java/org/ow2/authzforce/webapp/JAXRSSubResourceCompatibleFIStaxInInterceptor.java +++ b/webapp/src/main/java/org/ow2/authzforce/webapp/JAXRSSubResourceCompatibleFIStaxInInterceptor.java @@ -1,20 +1,20 @@ /** * Copyright (C) 2012-2017 Thales Services SAS. * - * This file is part of AuthZForce CE. + * This file is part of AuthzForce CE. * - * AuthZForce CE is free software: you can redistribute it and/or modify + * AuthzForce CE is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * - * AuthZForce CE is distributed in the hope that it will be useful, + * AuthzForce CE is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with AuthZForce CE. If not, see . + * along with AuthzForce CE. If not, see . */ package org.ow2.authzforce.webapp; diff --git a/webapp/src/main/java/org/ow2/authzforce/webapp/JsonJaxrsProvider.java b/webapp/src/main/java/org/ow2/authzforce/webapp/JsonJaxrsProvider.java index 99b2632..36d6180 100644 --- a/webapp/src/main/java/org/ow2/authzforce/webapp/JsonJaxrsProvider.java +++ b/webapp/src/main/java/org/ow2/authzforce/webapp/JsonJaxrsProvider.java @@ -1,20 +1,20 @@ /** * Copyright (C) 2012-2017 Thales Services SAS. * - * This file is part of AuthZForce CE. + * This file is part of AuthzForce CE. * - * AuthZForce CE is free software: you can redistribute it and/or modify + * AuthzForce CE is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * - * AuthZForce CE is distributed in the hope that it will be useful, + * AuthzForce CE is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with AuthZForce CE. If not, see . + * along with AuthzForce CE. If not, see . */ package org.ow2.authzforce.webapp; diff --git a/webapp/src/test/java/org/apache/coheigea/cxf/sts/xacml/common/CommonCallbackHandler.java b/webapp/src/test/java/org/apache/coheigea/cxf/sts/xacml/common/CommonCallbackHandler.java index fbfe2f9..f0b8c47 100644 --- a/webapp/src/test/java/org/apache/coheigea/cxf/sts/xacml/common/CommonCallbackHandler.java +++ b/webapp/src/test/java/org/apache/coheigea/cxf/sts/xacml/common/CommonCallbackHandler.java @@ -1,20 +1,20 @@ /** * Copyright (C) 2012-2017 Thales Services SAS. * - * This file is part of AuthZForce CE. + * This file is part of AuthzForce CE. * - * AuthZForce CE is free software: you can redistribute it and/or modify + * AuthzForce CE is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * - * AuthZForce CE is distributed in the hope that it will be useful, + * AuthzForce CE is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with AuthZForce CE. If not, see . + * along with AuthzForce CE. If not, see . */ package org.apache.coheigea.cxf.sts.xacml.common; diff --git a/webapp/src/test/java/org/apache/coheigea/cxf/sts/xacml/common/DoubleItPortTypeImpl.java b/webapp/src/test/java/org/apache/coheigea/cxf/sts/xacml/common/DoubleItPortTypeImpl.java index c0253ee..083a97e 100644 --- a/webapp/src/test/java/org/apache/coheigea/cxf/sts/xacml/common/DoubleItPortTypeImpl.java +++ b/webapp/src/test/java/org/apache/coheigea/cxf/sts/xacml/common/DoubleItPortTypeImpl.java @@ -1,20 +1,20 @@ /** * Copyright (C) 2012-2017 Thales Services SAS. * - * This file is part of AuthZForce CE. + * This file is part of AuthzForce CE. * - * AuthZForce CE is free software: you can redistribute it and/or modify + * AuthzForce CE is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * - * AuthZForce CE is distributed in the hope that it will be useful, + * AuthzForce CE is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with AuthZForce CE. If not, see . + * along with AuthzForce CE. If not, see . */ package org.apache.coheigea.cxf.sts.xacml.common; diff --git a/webapp/src/test/java/org/apache/coheigea/cxf/sts/xacml/common/RolesClaimsHandler.java b/webapp/src/test/java/org/apache/coheigea/cxf/sts/xacml/common/RolesClaimsHandler.java index 84f7038..4e04cda 100644 --- a/webapp/src/test/java/org/apache/coheigea/cxf/sts/xacml/common/RolesClaimsHandler.java +++ b/webapp/src/test/java/org/apache/coheigea/cxf/sts/xacml/common/RolesClaimsHandler.java @@ -1,20 +1,20 @@ /** * Copyright (C) 2012-2017 Thales Services SAS. * - * This file is part of AuthZForce CE. + * This file is part of AuthzForce CE. * - * AuthZForce CE is free software: you can redistribute it and/or modify + * AuthzForce CE is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * - * AuthZForce CE is distributed in the hope that it will be useful, + * AuthzForce CE is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with AuthZForce CE. If not, see . + * along with AuthzForce CE. If not, see . */ package org.apache.coheigea.cxf.sts.xacml.common; diff --git a/webapp/src/test/java/org/apache/coheigea/cxf/sts/xacml/common/STSServer.java b/webapp/src/test/java/org/apache/coheigea/cxf/sts/xacml/common/STSServer.java index ecd37f4..48718bc 100644 --- a/webapp/src/test/java/org/apache/coheigea/cxf/sts/xacml/common/STSServer.java +++ b/webapp/src/test/java/org/apache/coheigea/cxf/sts/xacml/common/STSServer.java @@ -1,20 +1,20 @@ /** * Copyright (C) 2012-2017 Thales Services SAS. * - * This file is part of AuthZForce CE. + * This file is part of AuthzForce CE. * - * AuthZForce CE is free software: you can redistribute it and/or modify + * AuthzForce CE is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * - * AuthZForce CE is distributed in the hope that it will be useful, + * AuthzForce CE is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with AuthZForce CE. If not, see . + * along with AuthzForce CE. If not, see . */ package org.apache.coheigea.cxf.sts.xacml.common; diff --git a/webapp/src/test/java/org/apache/coheigea/cxf/sts/xacml/common/TokenTestUtils.java b/webapp/src/test/java/org/apache/coheigea/cxf/sts/xacml/common/TokenTestUtils.java index 4bf22f3..a29278d 100644 --- a/webapp/src/test/java/org/apache/coheigea/cxf/sts/xacml/common/TokenTestUtils.java +++ b/webapp/src/test/java/org/apache/coheigea/cxf/sts/xacml/common/TokenTestUtils.java @@ -1,20 +1,20 @@ /** * Copyright (C) 2012-2017 Thales Services SAS. * - * This file is part of AuthZForce CE. + * This file is part of AuthzForce CE. * - * AuthZForce CE is free software: you can redistribute it and/or modify + * AuthzForce CE is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * - * AuthZForce CE is distributed in the hope that it will be useful, + * AuthzForce CE is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with AuthZForce CE. If not, see . + * along with AuthzForce CE. If not, see . */ package org.apache.coheigea.cxf.sts.xacml.common; diff --git a/webapp/src/test/java/org/ow2/authzforce/web/test/AdminDomainTest.java b/webapp/src/test/java/org/ow2/authzforce/web/test/AdminDomainTest.java index 2561f1b..0c92ae3 100644 --- a/webapp/src/test/java/org/ow2/authzforce/web/test/AdminDomainTest.java +++ b/webapp/src/test/java/org/ow2/authzforce/web/test/AdminDomainTest.java @@ -1,20 +1,20 @@ /** * Copyright (C) 2012-2017 Thales Services SAS. * - * This file is part of AuthZForce CE. + * This file is part of AuthzForce CE. * - * AuthZForce CE is free software: you can redistribute it and/or modify + * AuthzForce CE is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * - * AuthZForce CE is distributed in the hope that it will be useful, + * AuthzForce CE is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with AuthZForce CE. If not, see . + * along with AuthzForce CE. If not, see . */ package org.ow2.authzforce.web.test; diff --git a/webapp/src/test/java/org/ow2/authzforce/web/test/DomainAPIHelper.java b/webapp/src/test/java/org/ow2/authzforce/web/test/DomainAPIHelper.java index f5d5efd..e3b43eb 100644 --- a/webapp/src/test/java/org/ow2/authzforce/web/test/DomainAPIHelper.java +++ b/webapp/src/test/java/org/ow2/authzforce/web/test/DomainAPIHelper.java @@ -1,20 +1,20 @@ /** * Copyright (C) 2012-2017 Thales Services SAS. * - * This file is part of AuthZForce CE. + * This file is part of AuthzForce CE. * - * AuthZForce CE is free software: you can redistribute it and/or modify + * AuthzForce CE is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * - * AuthZForce CE is distributed in the hope that it will be useful, + * AuthzForce CE is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with AuthZForce CE. If not, see . + * along with AuthzForce CE. If not, see . */ package org.ow2.authzforce.web.test; @@ -42,7 +42,7 @@ import oasis.names.tc.xacml._3_0.core.schema.wd_17.Response; import org.ow2.authzforce.core.pdp.impl.PdpModelHandler; -import org.ow2.authzforce.core.pdp.impl.test.utils.TestUtils; +import org.ow2.authzforce.core.pdp.testutil.TestUtils; import org.ow2.authzforce.core.xmlns.pdp.Pdp; import org.ow2.authzforce.core.xmlns.pdp.StaticRefBasedRootPolicyProvider; import org.ow2.authzforce.pap.dao.flatfile.FlatFileDAOUtils; diff --git a/webapp/src/test/java/org/ow2/authzforce/web/test/DomainMainTestWithoutAutoSyncOrVersionRolling.java b/webapp/src/test/java/org/ow2/authzforce/web/test/DomainMainTestWithoutAutoSyncOrVersionRolling.java index 852bf81..d48ddd6 100644 --- a/webapp/src/test/java/org/ow2/authzforce/web/test/DomainMainTestWithoutAutoSyncOrVersionRolling.java +++ b/webapp/src/test/java/org/ow2/authzforce/web/test/DomainMainTestWithoutAutoSyncOrVersionRolling.java @@ -1,20 +1,20 @@ /** * Copyright (C) 2012-2017 Thales Services SAS. * - * This file is part of AuthZForce CE. + * This file is part of AuthzForce CE. * - * AuthZForce CE is free software: you can redistribute it and/or modify + * AuthzForce CE is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * - * AuthZForce CE is distributed in the hope that it will be useful, + * AuthzForce CE is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with AuthZForce CE. If not, see . + * along with AuthzForce CE. If not, see . */ package org.ow2.authzforce.web.test; @@ -62,11 +62,11 @@ import org.apache.cxf.jaxrs.client.WebClient; import org.ow2.authzforce.core.pdp.impl.DefaultRequestFilter; import org.ow2.authzforce.core.pdp.impl.MultiDecisionRequestFilter; -import org.ow2.authzforce.core.pdp.impl.test.custom.TestCombinedDecisionResultFilter; -import org.ow2.authzforce.core.pdp.impl.test.custom.TestDNSNameValueEqualFunction; -import org.ow2.authzforce.core.pdp.impl.test.custom.TestDNSNameWithPortValue; -import org.ow2.authzforce.core.pdp.impl.test.custom.TestOnPermitApplySecondCombiningAlg; -import org.ow2.authzforce.core.xmlns.test.TestAttributeProvider; +import org.ow2.authzforce.core.pdp.testutil.ext.TestCombinedDecisionResultFilter; +import org.ow2.authzforce.core.pdp.testutil.ext.TestDNSNameValueEqualFunction; +import org.ow2.authzforce.core.pdp.testutil.ext.TestDNSNameWithPortValue; +import org.ow2.authzforce.core.pdp.testutil.ext.TestOnPermitApplySecondCombiningAlg; +import org.ow2.authzforce.core.pdp.testutil.ext.xmlns.TestAttributeProvider; import org.ow2.authzforce.pap.dao.flatfile.FlatFileBasedDomainsDAO; import org.ow2.authzforce.pap.dao.flatfile.FlatFileBasedDomainsDAO.PdpCoreFeature; import org.ow2.authzforce.pap.dao.flatfile.FlatFileBasedDomainsDAO.PdpFeatureType; diff --git a/webapp/src/test/java/org/ow2/authzforce/web/test/DomainSetTest.java b/webapp/src/test/java/org/ow2/authzforce/web/test/DomainSetTest.java index 4318523..2d55fe0 100644 --- a/webapp/src/test/java/org/ow2/authzforce/web/test/DomainSetTest.java +++ b/webapp/src/test/java/org/ow2/authzforce/web/test/DomainSetTest.java @@ -1,20 +1,20 @@ /** * Copyright (C) 2012-2017 Thales Services SAS. * - * This file is part of AuthZForce CE. + * This file is part of AuthzForce CE. * - * AuthZForce CE is free software: you can redistribute it and/or modify + * AuthzForce CE is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * - * AuthZForce CE is distributed in the hope that it will be useful, + * AuthzForce CE is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with AuthZForce CE. If not, see . + * along with AuthzForce CE. If not, see . */ package org.ow2.authzforce.web.test; diff --git a/webapp/src/test/java/org/ow2/authzforce/web/test/DomainTestWithAutoSyncAndVersionRolling.java b/webapp/src/test/java/org/ow2/authzforce/web/test/DomainTestWithAutoSyncAndVersionRolling.java index e27306b..2faaba2 100644 --- a/webapp/src/test/java/org/ow2/authzforce/web/test/DomainTestWithAutoSyncAndVersionRolling.java +++ b/webapp/src/test/java/org/ow2/authzforce/web/test/DomainTestWithAutoSyncAndVersionRolling.java @@ -1,20 +1,20 @@ /** * Copyright (C) 2012-2017 Thales Services SAS. * - * This file is part of AuthZForce CE. + * This file is part of AuthzForce CE. * - * AuthZForce CE is free software: you can redistribute it and/or modify + * AuthzForce CE is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * - * AuthZForce CE is distributed in the hope that it will be useful, + * AuthzForce CE is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with AuthZForce CE. If not, see . + * along with AuthzForce CE. If not, see . */ package org.ow2.authzforce.web.test; diff --git a/webapp/src/test/java/org/ow2/authzforce/web/test/DomainsResourceFastInfoset.java b/webapp/src/test/java/org/ow2/authzforce/web/test/DomainsResourceFastInfoset.java index 206a349..f33571b 100644 --- a/webapp/src/test/java/org/ow2/authzforce/web/test/DomainsResourceFastInfoset.java +++ b/webapp/src/test/java/org/ow2/authzforce/web/test/DomainsResourceFastInfoset.java @@ -1,20 +1,20 @@ /** * Copyright (C) 2012-2017 Thales Services SAS. * - * This file is part of AuthZForce CE. + * This file is part of AuthzForce CE. * - * AuthZForce CE is free software: you can redistribute it and/or modify + * AuthzForce CE is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * - * AuthZForce CE is distributed in the hope that it will be useful, + * AuthzForce CE is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with AuthZForce CE. If not, see . + * along with AuthzForce CE. If not, see . */ package org.ow2.authzforce.web.test; diff --git a/webapp/src/test/java/org/ow2/authzforce/web/test/MediaTypeHeaderSetter.java b/webapp/src/test/java/org/ow2/authzforce/web/test/MediaTypeHeaderSetter.java index ea803f1..76d7af5 100644 --- a/webapp/src/test/java/org/ow2/authzforce/web/test/MediaTypeHeaderSetter.java +++ b/webapp/src/test/java/org/ow2/authzforce/web/test/MediaTypeHeaderSetter.java @@ -1,20 +1,20 @@ /** * Copyright (C) 2012-2017 Thales Services SAS. * - * This file is part of AuthZForce CE. + * This file is part of AuthzForce CE. * - * AuthZForce CE is free software: you can redistribute it and/or modify + * AuthzForce CE is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * - * AuthZForce CE is distributed in the hope that it will be useful, + * AuthzForce CE is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with AuthZForce CE. If not, see . + * along with AuthzForce CE. If not, see . */ package org.ow2.authzforce.web.test; diff --git a/webapp/src/test/java/org/ow2/authzforce/web/test/RestServiceTest.java b/webapp/src/test/java/org/ow2/authzforce/web/test/RestServiceTest.java index 6220c5a..9c7244c 100644 --- a/webapp/src/test/java/org/ow2/authzforce/web/test/RestServiceTest.java +++ b/webapp/src/test/java/org/ow2/authzforce/web/test/RestServiceTest.java @@ -1,20 +1,20 @@ /** * Copyright (C) 2012-2017 Thales Services SAS. * - * This file is part of AuthZForce CE. + * This file is part of AuthzForce CE. * - * AuthZForce CE is free software: you can redistribute it and/or modify + * AuthzForce CE is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * - * AuthZForce CE is distributed in the hope that it will be useful, + * AuthzForce CE is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with AuthZForce CE. If not, see . + * along with AuthzForce CE. If not, see . */ package org.ow2.authzforce.web.test; @@ -67,7 +67,7 @@ import org.apache.tomcat.util.descriptor.web.ContextEnvironment; import org.apache.tomcat.util.descriptor.web.NamingResources; import org.ow2.authzforce.core.pdp.impl.PdpModelHandler; -import org.ow2.authzforce.core.xmlns.test.TestAttributeProvider; +import org.ow2.authzforce.core.pdp.testutil.ext.xmlns.TestAttributeProvider; import org.ow2.authzforce.pap.dao.flatfile.FlatFileDAOUtils; import org.ow2.authzforce.pap.dao.flatfile.xmlns.DomainProperties; import org.ow2.authzforce.rest.api.jaxrs.DomainsResource; diff --git a/webapp/src/test/java/org/ow2/authzforce/web/test/SecurityDemoTest.java b/webapp/src/test/java/org/ow2/authzforce/web/test/SecurityDemoTest.java index 6f85cca..22d321e 100644 --- a/webapp/src/test/java/org/ow2/authzforce/web/test/SecurityDemoTest.java +++ b/webapp/src/test/java/org/ow2/authzforce/web/test/SecurityDemoTest.java @@ -1,20 +1,20 @@ /** * Copyright (C) 2012-2017 Thales Services SAS. * - * This file is part of AuthZForce CE. + * This file is part of AuthzForce CE. * - * AuthZForce CE is free software: you can redistribute it and/or modify + * AuthzForce CE is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * - * AuthZForce CE is distributed in the hope that it will be useful, + * AuthzForce CE is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with AuthZForce CE. If not, see . + * along with AuthzForce CE. If not, see . */ package org.ow2.authzforce.web.test; diff --git a/webapp/src/test/java/org/ow2/authzforce/web/test/XacmlToJsonConversion.java b/webapp/src/test/java/org/ow2/authzforce/web/test/XacmlToJsonConversion.java index 0e2278e..830fc90 100644 --- a/webapp/src/test/java/org/ow2/authzforce/web/test/XacmlToJsonConversion.java +++ b/webapp/src/test/java/org/ow2/authzforce/web/test/XacmlToJsonConversion.java @@ -1,20 +1,20 @@ /** * Copyright (C) 2012-2017 Thales Services SAS. * - * This file is part of AuthZForce CE. + * This file is part of AuthzForce CE. * - * AuthZForce CE is free software: you can redistribute it and/or modify + * AuthzForce CE is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * - * AuthZForce CE is distributed in the hope that it will be useful, + * AuthzForce CE is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with AuthZForce CE. If not, see . + * along with AuthzForce CE. If not, see . */ package org.ow2.authzforce.web.test; diff --git a/webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/PdpServer.java b/webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/PdpServer.java index bcdc037..1577fbd 100644 --- a/webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/PdpServer.java +++ b/webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/PdpServer.java @@ -1,20 +1,20 @@ /** * Copyright (C) 2012-2017 Thales Services SAS. * - * This file is part of AuthZForce CE. + * This file is part of AuthzForce CE. * - * AuthZForce CE is free software: you can redistribute it and/or modify + * AuthzForce CE is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * - * AuthZForce CE is distributed in the hope that it will be useful, + * AuthzForce CE is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with AuthZForce CE. If not, see . + * along with AuthzForce CE. If not, see . */ package org.ow2.authzforce.web.test.pep.cxf; diff --git a/webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/RESTfulPdpBasedAuthzInterceptor.java b/webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/RESTfulPdpBasedAuthzInterceptor.java index f5bf4c5..9885727 100644 --- a/webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/RESTfulPdpBasedAuthzInterceptor.java +++ b/webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/RESTfulPdpBasedAuthzInterceptor.java @@ -1,20 +1,20 @@ /** * Copyright (C) 2012-2017 Thales Services SAS. * - * This file is part of AuthZForce CE. + * This file is part of AuthzForce CE. * - * AuthZForce CE is free software: you can redistribute it and/or modify + * AuthzForce CE is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * - * AuthZForce CE is distributed in the hope that it will be useful, + * AuthzForce CE is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with AuthZForce CE. If not, see . + * along with AuthzForce CE. If not, see . */ package org.ow2.authzforce.web.test.pep.cxf; diff --git a/webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/RESTfulPdpBasedAuthzInterceptorTest.java b/webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/RESTfulPdpBasedAuthzInterceptorTest.java index 9d9bc74..7c4dfaa 100644 --- a/webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/RESTfulPdpBasedAuthzInterceptorTest.java +++ b/webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/RESTfulPdpBasedAuthzInterceptorTest.java @@ -1,20 +1,20 @@ /** * Copyright (C) 2012-2017 Thales Services SAS. * - * This file is part of AuthZForce CE. + * This file is part of AuthzForce CE. * - * AuthZForce CE is free software: you can redistribute it and/or modify + * AuthzForce CE is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * - * AuthZForce CE is distributed in the hope that it will be useful, + * AuthzForce CE is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with AuthZForce CE. If not, see . + * along with AuthzForce CE. If not, see . */ package org.ow2.authzforce.web.test.pep.cxf; diff --git a/webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/Server.java b/webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/Server.java index f6b51c1..e96eaef 100644 --- a/webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/Server.java +++ b/webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/Server.java @@ -1,20 +1,20 @@ /** * Copyright (C) 2012-2017 Thales Services SAS. * - * This file is part of AuthZForce CE. + * This file is part of AuthzForce CE. * - * AuthZForce CE is free software: you can redistribute it and/or modify + * AuthzForce CE is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * - * AuthZForce CE is distributed in the hope that it will be useful, + * AuthzForce CE is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with AuthZForce CE. If not, see . + * along with AuthzForce CE. If not, see . */ package org.ow2.authzforce.web.test.pep.cxf; diff --git a/webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/WSS4JBasicAuthFilter.java b/webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/WSS4JBasicAuthFilter.java index 6674c8e..c15c393 100644 --- a/webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/WSS4JBasicAuthFilter.java +++ b/webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/WSS4JBasicAuthFilter.java @@ -1,20 +1,20 @@ /** * Copyright (C) 2012-2017 Thales Services SAS. * - * This file is part of AuthZForce CE. + * This file is part of AuthzForce CE. * - * AuthZForce CE is free software: you can redistribute it and/or modify + * AuthzForce CE is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * - * AuthZForce CE is distributed in the hope that it will be useful, + * AuthzForce CE is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with AuthZForce CE. If not, see . + * along with AuthzForce CE. If not, see . */ package org.ow2.authzforce.web.test.pep.cxf; diff --git a/webapp/src/test/resources/META-INF/spring/client.xml b/webapp/src/test/resources/META-INF/spring/client.xml index 10b8586..84cd572 100644 --- a/webapp/src/test/resources/META-INF/spring/client.xml +++ b/webapp/src/test/resources/META-INF/spring/client.xml @@ -25,7 +25,7 @@ classpath:/atom.xsd classpath:/xacml-core-v3-schema-wd-17.xsd classpath:/pdp-ext-base.xsd - classpath:/org.ow2.authzforce.core.test.xsd + classpath:/org.ow2.authzforce.core.pdp.testutil.ext.xsd classpath:/xsd/authz-rest-api.xsd @@ -37,8 +37,7 @@ - org.ow2.authzforce.core.xmlns.test.TestAttributeProvider - + org.ow2.authzforce.core.pdp.testutil.ext.xmlns.TestAttributeProvider diff --git a/webapp/src/test/server.conf/authzforce-ce/catalog.xml b/webapp/src/test/server.conf/authzforce-ce/catalog.xml index 9084df7..6f2382c 100644 --- a/webapp/src/test/server.conf/authzforce-ce/catalog.xml +++ b/webapp/src/test/server.conf/authzforce-ce/catalog.xml @@ -9,6 +9,6 @@ - + From e2b252f3e2f4dac8dcd84baf9a7b43394c6948b8 Mon Sep 17 00:00:00 2001 From: cdanger Date: Sat, 11 Mar 2017 01:38:05 +0100 Subject: [PATCH 06/15] Removed snapshot versions and updated changelog with latest changes --- CHANGELOG.md | 13 +++++++++++++ pom.xml | 8 ++++---- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 936eae6..1ad3510 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,19 @@ All notable changes to this project are documented in this file following the [K Issues reported on [GitHub](https://github.com/authzforce/server/issues) are referenced in the form of `[GH-N]`, where N is the issue number. Issues reported on [OW2](https://jira.ow2.org/browse/AUTHZFORCE/) are mentioned in the form of `[OW2-N]`, where N is the issue number. +## Unreleased +### Changed +- Project URL: https://tuleap.ow2.org/projects/authzforce -> https://authzforce.ow2.org +- GIT repository URL base: https://tuleap.ow2.org/plugins/git/authzforce -> https://gitlab.ow2.org/authzforce +- Versions of AuthzForce dependencies: + - Parent project (authzforce-ce-parent): 5.1.0 + - authzforce-ce-pap-dao-flat-file: 8.1.0 + - authzforce-ce-core-pap-api: 6.4.0 + - authzforce-ce-core-pdp-api: 9.1.0 + +- Dependency authzforce-ce-core replaced with authzforce-ce-core-pdp-engine with version 8.0.0 (authzforce-ce-core is now a multi-module project made of the core module `pdp-engine` and test utilities module `pdp-testutils` which is used by tests of webapp module) + + ## 7.0.0 ### Changed - Versions of AuthzForce dependencies: diff --git a/pom.xml b/pom.xml index 8291f64..50bb3be 100644 --- a/pom.xml +++ b/pom.xml @@ -4,7 +4,7 @@ org.ow2.authzforce authzforce-ce-parent - 5.0.1-SNAPSHOT + 5.1.0 authzforce-ce-server @@ -15,10 +15,10 @@ ${project.url} https://github.com/authzforce/server - 7.1.1-SNAPSHOT - 6.3.1-SNAPSHOT + 8.0.0 + 6.4.0 - 8.0.1-SNAPSHOT + 8.1.0 scm:git:${git.url.base}.git From d2f8474776533aed57095edc7011499f795ddd84 Mon Sep 17 00:00:00 2001 From: cdanger Date: Mon, 13 Mar 2017 12:08:59 +0100 Subject: [PATCH 07/15] added info on CXF interceptor PEP-like and related test cases --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 71f3760..3152fb2 100644 --- a/README.md +++ b/README.md @@ -75,6 +75,10 @@ For download links, please go to the specific [release page](https://github.com/ ## Documentation For links to the documentation of a release, please go to the specific [release page](https://github.com/authzforce/server/releases). +## Examples of usage and PEP code with a web service authorization module +For an example of using an AuthzForce Server's RESTful PDP API in a real-life use case, please refer to the JUnit test class [RESTfulPdpBasedAuthzInterceptorTest](webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/RESTfulPdpBasedAuthzInterceptorTest.java) and the Apache CXF authorization interceptor [RESTfulPdpBasedAuthzInterceptor](webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/RESTfulPdpBasedAuthzInterceptor.java). The test class runs a test similar to @coheigea's [XACML 3.0 Authorization Interceptor test](https://github.com/coheigea/testcases/blob/master/apache/cxf/cxf-sts-xacml/src/test/java/org/apache/coheigea/cxf/sts/xacml/authorization/xacml3/XACML3AuthorizationTest.java) but using AuthzForce Server as PDP instead of OpenAZ. In this test, a web service client requests a Apache-CXF-based web service with a SAML token as credentials (previously issued by a Security Token Service upon successful client authentication) that contains the user ID and roles. Each request is intercepted on the web service side by a [RESTfulPdpBasedAuthzInterceptor](webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/RESTfulPdpBasedAuthzInterceptor.java) that plays the role of PEP (Policy Enforcement Point in XACML jargon), i.e. it extracts the various authorization attributes (user ID and roles, web service name, operation...) and requests a decision with these attributes from a remote PDP provided by AuthzForce Server, then enforces the PDP's decision, i.e. forwards the request to the web service implementation if the decision is Permit, else rejects it. +For more information, see the Javadoc of [RESTfulPdpBasedAuthzInterceptorTest](webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/RESTfulPdpBasedAuthzInterceptorTest.java). + ## Support Use the *Issues* tab on the Github repository page. Please include as much information as possible; the more we know, the better the chance of a quicker resolution: From 06cc278e8c903c792529a7509f2b59ebc5f67c25 Mon Sep 17 00:00:00 2001 From: Cyril Dangerville Date: Tue, 9 May 2017 22:31:18 +0200 Subject: [PATCH 08/15] Fixed doc badge link --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3152fb2..8950f7d 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # AuthZForce Server (Community Edition) [![License badge](https://img.shields.io/badge/license-GPL-blue.svg)](https://opensource.org/licenses/GPL-3.0) -[![Documentation badge](https://readthedocs.org/projects/authzforce-ce-fiware/badge/?version=release-5.4.1c)](http://authzforce-ce-fiware.readthedocs.io/en/release-5.4.1c/?badge=release-5.4.1c) +[![Documentation badge](https://readthedocs.org/projects/authzforce-ce-fiware/badge/?version=release-5.4.1d)](http://authzforce-ce-fiware.readthedocs.io/en/release-5.4.1d/?badge=release-5.4.1d) [![Docker badge](https://img.shields.io/docker/pulls/fiware/authzforce-ce-server.svg)](https://hub.docker.com/r/fiware/authzforce-ce-server/) [![Support badge]( https://img.shields.io/badge/support-ask.fiware.org-yellowgreen.svg)](https://ask.fiware.org/questions/scope:all/sort:activity-desc/tags:authzforce/) [![Codacy Badge](https://api.codacy.com/project/badge/Grade/cdb9dd59cbf04a95bfbfbdcf770bb7d8)](https://www.codacy.com/app/coder103/authzforce-ce-server?utm_source=github.com&utm_medium=referral&utm_content=authzforce/server&utm_campaign=Badge_Grade) From fdcb562b3a634e641f7ccb08d11dc1897f35f26f Mon Sep 17 00:00:00 2001 From: Cyril Dangerville Date: Tue, 23 May 2017 20:37:01 +0200 Subject: [PATCH 09/15] Fixed obsolete links to release notes and release pages on github.com --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 8950f7d..a681933 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ AuthZForce Server provides a multi-tenant RESTful API to Policy Administration P AuthZForce Server is also the Reference Implementation (GEri) of [FIWARE](https://www.fiware.org) *Authorization PDP* Generic Enabler (GE). More info on the [FIWARE catalogue](http://catalogue.fiware.org/enablers/authorization-pdp-authzforce). -**Go to the [releases](https://github.com/authzforce/server/releases) page for links to downloads (Linux packages), Docker image, release notes, and documentation for a specific release.** +**Go to the [tags](https://gitlab.ow2.org/authzforce/server/tags) page for specific release info: downloads (Linux packages), Docker image, [release notes](CHANGELOG.md), and [documentation](http://readthedocs.org/projects/authzforce-ce-fiware/versions/).** *If you are interested in using an embedded XACML-compliant PDP in your Java applications, AuthZForce also provides a PDP engine as a Java library in [Authzforce core project](http://github.com/authzforce/core).* @@ -70,10 +70,10 @@ Every release is distributed as follows: - Other Linux distributions: `.tar.gz`; - Docker image. -For download links, please go to the specific [release page](https://github.com/authzforce/server/releases). +For download links, please go to the specific [release tag description](https://gitlab.ow2.org/authzforce/server/tags). ## Documentation -For links to the documentation of a release, please go to the specific [release page](https://github.com/authzforce/server/releases). +For documentation links, please go to the specific [release tag description](https://gitlab.ow2.org/authzforce/server/tags). ## Examples of usage and PEP code with a web service authorization module For an example of using an AuthzForce Server's RESTful PDP API in a real-life use case, please refer to the JUnit test class [RESTfulPdpBasedAuthzInterceptorTest](webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/RESTfulPdpBasedAuthzInterceptorTest.java) and the Apache CXF authorization interceptor [RESTfulPdpBasedAuthzInterceptor](webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/RESTfulPdpBasedAuthzInterceptor.java). The test class runs a test similar to @coheigea's [XACML 3.0 Authorization Interceptor test](https://github.com/coheigea/testcases/blob/master/apache/cxf/cxf-sts-xacml/src/test/java/org/apache/coheigea/cxf/sts/xacml/authorization/xacml3/XACML3AuthorizationTest.java) but using AuthzForce Server as PDP instead of OpenAZ. In this test, a web service client requests a Apache-CXF-based web service with a SAML token as credentials (previously issued by a Security Token Service upon successful client authentication) that contains the user ID and roles. Each request is intercepted on the web service side by a [RESTfulPdpBasedAuthzInterceptor](webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/RESTfulPdpBasedAuthzInterceptor.java) that plays the role of PEP (Policy Enforcement Point in XACML jargon), i.e. it extracts the various authorization attributes (user ID and roles, web service name, operation...) and requests a decision with these attributes from a remote PDP provided by AuthzForce Server, then enforces the PDP's decision, i.e. forwards the request to the web service implementation if the decision is Permit, else rejects it. From 97ee7e14bfc1bd7e743426f2760c4ae6c691bc87 Mon Sep 17 00:00:00 2001 From: Cyril Dangerville Date: Tue, 23 May 2017 20:41:15 +0200 Subject: [PATCH 10/15] Fix indentation of sub-sub-lists --- README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index a681933..8c484d3 100644 --- a/README.md +++ b/README.md @@ -20,16 +20,16 @@ AuthZForce Server is also the Reference Implementation (GEri) of [FIWARE](https: ### PDP (Policy Decision Point) * Compliance with the following OASIS XACML 3.0 standards: - * [XACML v3.0 Core standard](http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html): all mandatory and optional features are supported, **except**: - * Elements `AttributesReferences`, `MultiRequests` and `RequestReference`; - * Functions `urn:oasis:names:tc:xacml:3.0:function:xpath-node-equal`, `urn:oasis:names:tc:xacml:3.0:function:xpath-node-match` and `urn:oasis:names:tc:xacml:3.0:function:access-permitted`; - * [Algorithms planned for future deprecation](http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html#_Toc325047257). + * [XACML v3.0 Core standard](http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html): all mandatory and optional features are supported, **except**: + * Elements `AttributesReferences`, `MultiRequests` and `RequestReference`; + * Functions `urn:oasis:names:tc:xacml:3.0:function:xpath-node-equal`, `urn:oasis:names:tc:xacml:3.0:function:xpath-node-match` and `urn:oasis:names:tc:xacml:3.0:function:access-permitted`; + * [Algorithms planned for future deprecation](http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html#_Toc325047257). * [XACML v3.0 Core and Hierarchical Role Based Access Control (RBAC) Profile Version 1.0](http://docs.oasis-open.org/xacml/3.0/rbac/v1.0/xacml-3.0-rbac-v1.0.html) * [XACML v3.0 Multiple Decision Profile Version 1.0 - Repeated attribute categories](http://docs.oasis-open.org/xacml/3.0/multiple/v1.0/cs02/xacml-3.0-multiple-v1.0-cs02.html#_Toc388943334) (`urn:oasis:names:tc:xacml:3.0:profile:multiple:repeated-attribute-categories`). * Experimental support for: - * [XACML Data Loss Prevention / Network Access Control (DLP/NAC) Profile Version 1.0](http://docs.oasis-open.org/xacml/xacml-3.0-dlp-nac/v1.0/xacml-3.0-dlp-nac-v1.0.html): only `dnsName-value` datatype and `dnsName-value-equal` function are supported; - * [XACML 3.0 Additional Combining Algorithms Profile Version 1.0](http://docs.oasis-open.org/xacml/xacml-3.0-combalgs/v1.0/xacml-3.0-combalgs-v1.0.html): `on-permit-apply-second` policy combining algorithm; - * [XACML v3.0 Multiple Decision Profile Version 1.0 - Requests for a combined decision](http://docs.oasis-open.org/xacml/3.0/xacml-3.0-multiple-v1-spec-cd-03-en.html#_Toc260837890) (`urn:oasis:names:tc:xacml:3.0:profile:multiple:combined-decision`). + * [XACML Data Loss Prevention / Network Access Control (DLP/NAC) Profile Version 1.0](http://docs.oasis-open.org/xacml/xacml-3.0-dlp-nac/v1.0/xacml-3.0-dlp-nac-v1.0.html): only `dnsName-value` datatype and `dnsName-value-equal` function are supported; + * [XACML 3.0 Additional Combining Algorithms Profile Version 1.0](http://docs.oasis-open.org/xacml/xacml-3.0-combalgs/v1.0/xacml-3.0-combalgs-v1.0.html): `on-permit-apply-second` policy combining algorithm; + * [XACML v3.0 Multiple Decision Profile Version 1.0 - Requests for a combined decision](http://docs.oasis-open.org/xacml/3.0/xacml-3.0-multiple-v1-spec-cd-03-en.html#_Toc260837890) (`urn:oasis:names:tc:xacml:3.0:profile:multiple:combined-decision`). * Detection of circular XACML policy references (PolicySetIdReference); * Control of the **maximum XACML PolicySetIdReference depth**; * Control of the **maximum XACML VariableReference depth**; From 1041f066cef295ce886b99ef9ae6f5e4e97d2838 Mon Sep 17 00:00:00 2001 From: Cyril Dangerville Date: Sat, 27 May 2017 23:39:04 +0200 Subject: [PATCH 11/15] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3152fb2..8950f7d 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # AuthZForce Server (Community Edition) [![License badge](https://img.shields.io/badge/license-GPL-blue.svg)](https://opensource.org/licenses/GPL-3.0) -[![Documentation badge](https://readthedocs.org/projects/authzforce-ce-fiware/badge/?version=release-5.4.1c)](http://authzforce-ce-fiware.readthedocs.io/en/release-5.4.1c/?badge=release-5.4.1c) +[![Documentation badge](https://readthedocs.org/projects/authzforce-ce-fiware/badge/?version=release-5.4.1d)](http://authzforce-ce-fiware.readthedocs.io/en/release-5.4.1d/?badge=release-5.4.1d) [![Docker badge](https://img.shields.io/docker/pulls/fiware/authzforce-ce-server.svg)](https://hub.docker.com/r/fiware/authzforce-ce-server/) [![Support badge]( https://img.shields.io/badge/support-ask.fiware.org-yellowgreen.svg)](https://ask.fiware.org/questions/scope:all/sort:activity-desc/tags:authzforce/) [![Codacy Badge](https://api.codacy.com/project/badge/Grade/cdb9dd59cbf04a95bfbfbdcf770bb7d8)](https://www.codacy.com/app/coder103/authzforce-ce-server?utm_source=github.com&utm_medium=referral&utm_content=authzforce/server&utm_campaign=Badge_Grade) From a4c99008bba022f9f42a92eb282394a254f39670 Mon Sep 17 00:00:00 2001 From: cdanger Date: Mon, 10 Jul 2017 01:17:49 +0200 Subject: [PATCH 12/15] Added Dockerfile in dist/src/docker for minimal Docker image of AuthzForce Server --- CHANGELOG.md | 5 ++- README.md | 13 ++++--- dist/src/docker/Dockerfile | 75 ++++++++++++++++++++++++++++++++++++++ dist/src/docker/README.md | 59 ++++++++++++++++++++++++++++++ 4 files changed, 146 insertions(+), 6 deletions(-) create mode 100644 dist/src/docker/Dockerfile create mode 100644 dist/src/docker/README.md diff --git a/CHANGELOG.md b/CHANGELOG.md index 1ad3510..c45d762 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,7 +14,10 @@ Issues reported on [GitHub](https://github.com/authzforce/server/issues) are ref - authzforce-ce-core-pap-api: 6.4.0 - authzforce-ce-core-pdp-api: 9.1.0 -- Dependency authzforce-ce-core replaced with authzforce-ce-core-pdp-engine with version 8.0.0 (authzforce-ce-core is now a multi-module project made of the core module `pdp-engine` and test utilities module `pdp-testutils` which is used by tests of webapp module) +- Dependency authzforce-ce-core replaced with authzforce-ce-core-pdp-engine with version 8.0.0 (authzforce-ce-core is now a multi-module project made of the core module `pdp-engine` and test utilities module `pdp-testutils` which is used by tests of webapp module) + +### Added +- [Dockerfile](dist/src/docker/Dockerfile) for building Docker image of AuthzForce Server with minimal configuration ## 7.0.0 diff --git a/README.md b/README.md index 8c484d3..628b596 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ AuthZForce Server provides a multi-tenant RESTful API to Policy Administration P AuthZForce Server is also the Reference Implementation (GEri) of [FIWARE](https://www.fiware.org) *Authorization PDP* Generic Enabler (GE). More info on the [FIWARE catalogue](http://catalogue.fiware.org/enablers/authorization-pdp-authzforce). -**Go to the [tags](https://gitlab.ow2.org/authzforce/server/tags) page for specific release info: downloads (Linux packages), Docker image, [release notes](CHANGELOG.md), and [documentation](http://readthedocs.org/projects/authzforce-ce-fiware/versions/).** +**Go to the [releases](https://github.com/authzforce/server/releases) page for specific release info: downloads (Linux packages), Docker image, [release notes](CHANGELOG.md), and [documentation](http://readthedocs.org/projects/authzforce-ce-fiware/versions/).** *If you are interested in using an embedded XACML-compliant PDP in your Java applications, AuthZForce also provides a PDP engine as a Java library in [Authzforce core project](http://github.com/authzforce/core).* @@ -70,10 +70,10 @@ Every release is distributed as follows: - Other Linux distributions: `.tar.gz`; - Docker image. -For download links, please go to the specific [release tag description](https://gitlab.ow2.org/authzforce/server/tags). +For download links, please go to the specific [release page](https://github.com/authzforce/server/releases). ## Documentation -For documentation links, please go to the specific [release tag description](https://gitlab.ow2.org/authzforce/server/tags). +For links to the documentation of a release, please go to the specific [release page](https://github.com/authzforce/server/releases). ## Examples of usage and PEP code with a web service authorization module For an example of using an AuthzForce Server's RESTful PDP API in a real-life use case, please refer to the JUnit test class [RESTfulPdpBasedAuthzInterceptorTest](webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/RESTfulPdpBasedAuthzInterceptorTest.java) and the Apache CXF authorization interceptor [RESTfulPdpBasedAuthzInterceptor](webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/RESTfulPdpBasedAuthzInterceptor.java). The test class runs a test similar to @coheigea's [XACML 3.0 Authorization Interceptor test](https://github.com/coheigea/testcases/blob/master/apache/cxf/cxf-sts-xacml/src/test/java/org/apache/coheigea/cxf/sts/xacml/authorization/xacml3/XACML3AuthorizationTest.java) but using AuthzForce Server as PDP instead of OpenAZ. In this test, a web service client requests a Apache-CXF-based web service with a SAML token as credentials (previously issued by a Security Token Service upon successful client authentication) that contains the user ID and roles. Each request is intercepted on the web service side by a [RESTfulPdpBasedAuthzInterceptor](webapp/src/test/java/org/ow2/authzforce/web/test/pep/cxf/RESTfulPdpBasedAuthzInterceptor.java) that plays the role of PEP (Policy Enforcement Point in XACML jargon), i.e. it extracts the various authorization attributes (user ID and roles, web service name, operation...) and requests a decision with these attributes from a remote PDP provided by AuthzForce Server, then enforces the PDP's decision, i.e. forwards the request to the web service implementation if the decision is Permit, else rejects it. @@ -100,8 +100,11 @@ The sources for the manuals are located in [fiware repository](http://github.com 

     $ mvn -Dhttps.proxyHost=proxyhostname -Dhttps.proxyPort=8080 jgitflow:release-start
-1. Update the CHANGELOG according to keepachangelog.com. -1. To perform the release (example using a HTTP proxy): +1. Update the `AUTHZFORCE_SERVER_VERSION` ENV variable to the new version in [Dockerfile](dist/src/docker/Dockerfile). +1. Update the [changelog](CHANGELOG.md) with the new version according to keepachangelog.com. +1. Commit and push latest changes +1. Test the Dockerfile by triggering Docker automated build on the current Github release branch in [authzforce-ce-server's Docker repository](https://hub.docker.com/r/authzforce/server/) (*Build Settings*). Check the result in *Build Details*. +1. After Docker build is OK, perform the software release (example using a HTTP proxy): 

     $ mvn -Dhttps.proxyHost=proxyhostname -Dhttps.proxyPort=8080 jgitflow:release-finish
diff --git a/dist/src/docker/Dockerfile b/dist/src/docker/Dockerfile new file mode 100644 index 0000000..fddfd49 --- /dev/null +++ b/dist/src/docker/Dockerfile @@ -0,0 +1,75 @@ +# Copyright (C) 2012-2017 Thales Services SAS. +# +# This file is part of AuthZForce CE. +# +# AuthZForce CE is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# AuthZForce CE is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with AuthZForce CE. If not, see . + +# Best practices for writing Dockerfiles: +# https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/ + +# Tips to do an unattended installation on Debian/Ubuntu: +# http://www.microhowto.info/howto/perform_an_unattended_installation_of_a_debian_package.html + +# The alternative is to use FROM ubuntu:* then install tomcat ubuntu package and use upstart/sysctl init script but this is not the way to go: +# https://github.com/docker/docker/issues/6800 +FROM tomcat:8-jre8 +MAINTAINER AuthzForce Team (contact mailing list: http://scr.im/azteam) + +ENV DEBIAN_FRONTEND noninteractive + +# Proxy configuration (if you are building from behind a proxy) +# Next release of docker 1.9.0 should allow you to configure these by passing build-time arguments +# More info: https://github.com/docker/docker/issues/14634 + +#ENV http_proxy 'http://user:password@proxy-host:proxy-port' +#ENV https_proxy 'http://user:password@proxy-host:proxy-port' +#ENV HTTP_PROXY 'http://user:password@proxy-host:proxy-port' +#ENV HTTPS_PROXY 'http://user:password@proxy-host:proxy-port' + +ENV JAVA_OPTS="-Djava.security.egd=file:/dev/./urandom -Djava.awt.headless=true -Djavax.xml.accessExternalSchema=http -Xms1024m -Xmx1024m -XX:+UseConcMarkSweepGC -server" + +ENV AUTHZFORCE_SERVER_VERSION="7.0.0" +ENV AUTHZFORCE_SERVER_DOWNLOAD_URL="http://repo1.maven.org/maven2/org/ow2/authzforce/authzforce-ce-server-dist/$AUTHZFORCE_SERVER_VERSION/authzforce-ce-server-dist-$AUTHZFORCE_SERVER_VERSION.deb" + +# Download and install Authzforce Server (service starts automatically) +# Where there is a command with a pipe, we need to put in between quotes and make it an argument to bash -c command +RUN apt-get update --assume-yes -qq && \ + apt-get install --assume-yes -qq \ + locales-all \ + locales \ + less \ + apt-utils \ + debconf-utils \ + gdebi \ + curl && \ + rm -rf /var/lib/apt/lists/* + +RUN locale-gen en_US en_US.UTF-8 +RUN dpkg-reconfigure locales +ENV LANG en_US.UTF-8 +ENV LANGUAGE en_US:en +ENV LC_ALL en_US.UTF-8 + +RUN curl --silent --output authzforce-ce-server.deb --location $AUTHZFORCE_SERVER_DOWNLOAD_URL && \ + dpkg --extract authzforce-ce-server.deb /root/authzforce/ && \ + mv /root/authzforce/etc/tomcat8/Catalina /usr/local/tomcat/conf/ && \ + mv /root/authzforce/opt/* /opt/ && \ + rm -rf /opt/authzforce-ce-server/data/domains/* && \ + rm -rf /root/authzforce && \ + rm -f authzforce-ce-server.deb +CMD ["catalina.sh", "run"] + +### Exposed ports +# - App server +EXPOSE 8080 diff --git a/dist/src/docker/README.md b/dist/src/docker/README.md new file mode 100644 index 0000000..5b78508 --- /dev/null +++ b/dist/src/docker/README.md @@ -0,0 +1,59 @@ +## AuthzForce Server CE - Minimal Docker image + +This image of a minimal AuthzForce Server runtime is intended to work together with [Identity Manager - Keyrock](http://catalogue.fiware.org/enablers/identity-management-keyrock) and [PEP Proxy Wilma](http://catalogue.fiware.org/enablers/pep-proxy-wilma) generic enabler. + +## Image contents +- OpenJDK JRE 8; +- Tomcat 8; +- AuthzForce Server CE (version matching the Docker image tag). + +## Usage + +This image gives you a minimal installation for testing purposes. The AuthzForce Installation and Administration guide on [readthedocs.org](https://readthedocs.org/projects/authzforce-ce-fiware/versions/) (select the version matching the Docker image tag, then **AuthzForce - Installation and Administration Guide**) provides you a better approach for using it in a production environment. This installation guide also gives instructions to install from .deb package (instead of Docker), which is the recommended way for Ubuntu hosts. + +Create a container using `authzforce/server` image by doing (replace the first *8080* after *-p* with whatever network port you want to use on the host to access the AuthzForce Server, e.g. 80; and *release-7.0.0* with the current Docker image tag that you are using): + +``` +docker run -d -p 8080:8080 --name fiware/authzforce-ce-server:release-7.0.0 +``` + +As stands in the AuthZForce Installation and administration guide on [readthedocs.org](https://readthedocs.org/projects/authzforce-ce-fiware/versions/) (select the version matching the Docker image tag, then **AuthzForce - Installation and Administration Guide**) you can: + +* **Create a domain** + +``` +curl -s --request POST \ +--header "Accept: application/xml" \ +--header "Content-Type: application/xml;charset=UTF-8" \ +--data '' \ + http://:8080/authzforce-ce/domains +``` + +* **Retrieve the domain ID** + +``` +curl -s --request GET http://:8080/authzforce-ce/domains +``` + +* **Domain removal** + +``` +curl --verbose --request DELETE \ +--header "Content-Type: application/xml;charset=UTF-8" \ +--header "Accept: application/xml" \ +http://:8080/authzforce-ce/domains/ +``` + +* **User and Role Management Setup && Domain Role Assignment** + +These tasks are now delegated to the [Identity Manager - Keyrock](http://catalogue.fiware.org/enablers/identity-management-keyrock) enabler. Here you can find how to use the interface for that purpose: [How to manage AuthzForce in Fiware](https://www.fiware.org/devguides/handling-authorization-and-access-control-to-apis/how-to-manage-access-control-in-fiware/). + +## User feedback + +### Documentation + +All the information regarding the Dockerfile is hosted publicly on [Github](https://github.com/authzforce/server/tree/master/src/docker). + +### Issues + +If you find any issue with this image, feel free to report at [Github issue tracking system](https://github.com/authzforce/server/issues). From 8b4ec08f27513270a3f8aa13caee3e9c7a4650c9 Mon Sep 17 00:00:00 2001 From: cdanger Date: Mon, 10 Jul 2017 01:20:09 +0200 Subject: [PATCH 13/15] updating poms for 7.1.0 branch with snapshot versions --- dist/pom.xml | 2 +- pom.xml | 2 +- rest-service/pom.xml | 2 +- upgrader/pom.xml | 2 +- webapp/pom.xml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/dist/pom.xml b/dist/pom.xml index 0a7766d..eb314dc 100644 --- a/dist/pom.xml +++ b/dist/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-server - 7.0.1-SNAPSHOT + 7.1.0-SNAPSHOT .. authzforce-ce-server-dist diff --git a/pom.xml b/pom.xml index 50bb3be..22ad9a5 100644 --- a/pom.xml +++ b/pom.xml @@ -8,7 +8,7 @@ authzforce-ce-server - 7.0.1-SNAPSHOT + 7.1.0-SNAPSHOT pom ${project.groupId}:${project.artifactId} AuthzForce CE Server diff --git a/rest-service/pom.xml b/rest-service/pom.xml index 7a75ff9..79f9a6e 100644 --- a/rest-service/pom.xml +++ b/rest-service/pom.xml @@ -4,7 +4,7 @@ org.ow2.authzforce authzforce-ce-server - 7.0.1-SNAPSHOT + 7.1.0-SNAPSHOT .. authzforce-ce-server-rest-service diff --git a/upgrader/pom.xml b/upgrader/pom.xml index ed90452..253fb00 100644 --- a/upgrader/pom.xml +++ b/upgrader/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-server - 7.0.1-SNAPSHOT + 7.1.0-SNAPSHOT .. authzforce-ce-server-upgrader diff --git a/webapp/pom.xml b/webapp/pom.xml index 2980ff3..13355b9 100644 --- a/webapp/pom.xml +++ b/webapp/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-server - 7.0.1-SNAPSHOT + 7.1.0-SNAPSHOT .. authzforce-ce-server-webapp From fe1384d3429cf7e5a750c406a3325d94fb92d2e0 Mon Sep 17 00:00:00 2001 From: cdanger Date: Mon, 10 Jul 2017 01:31:46 +0200 Subject: [PATCH 14/15] Prepared next release --- CHANGELOG.md | 2 +- README.md | 6 +++--- dist/src/docker/Dockerfile | 2 +- dist/src/docker/README.md | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c45d762..5fee98c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ All notable changes to this project are documented in this file following the [K Issues reported on [GitHub](https://github.com/authzforce/server/issues) are referenced in the form of `[GH-N]`, where N is the issue number. Issues reported on [OW2](https://jira.ow2.org/browse/AUTHZFORCE/) are mentioned in the form of `[OW2-N]`, where N is the issue number. -## Unreleased +## 7.1.0 ### Changed - Project URL: https://tuleap.ow2.org/projects/authzforce -> https://authzforce.ow2.org - GIT repository URL base: https://tuleap.ow2.org/plugins/git/authzforce -> https://gitlab.ow2.org/authzforce diff --git a/README.md b/README.md index 628b596..e417371 100644 --- a/README.md +++ b/README.md @@ -102,9 +102,8 @@ The sources for the manuals are located in [fiware repository](http://github.com 1. Update the `AUTHZFORCE_SERVER_VERSION` ENV variable to the new version in [Dockerfile](dist/src/docker/Dockerfile). 1. Update the [changelog](CHANGELOG.md) with the new version according to keepachangelog.com. -1. Commit and push latest changes -1. Test the Dockerfile by triggering Docker automated build on the current Github release branch in [authzforce-ce-server's Docker repository](https://hub.docker.com/r/authzforce/server/) (*Build Settings*). Check the result in *Build Details*. -1. After Docker build is OK, perform the software release (example using a HTTP proxy): +1. Commit +1. Perform the software release (example using a HTTP proxy): 

     $ mvn -Dhttps.proxyHost=proxyhostname -Dhttps.proxyPort=8080 jgitflow:release-finish
@@ -117,5 +116,6 @@ The sources for the manuals are located in [fiware repository](http://github.com 1. Go to Staging Profiles and select the pending repository authzforce-*... you just uploaded with `jgitflow:release-finish` 1. Click the Release button to release to Maven Central. 1. When the artifacts have been successfully published on Maven Central, follow the instructions in the [Release section of fiware repository](https://github.com/authzforce/fiware/blob/master/README.md#release). +1. Build the Dockerfile by triggering Docker automated build on the current Github release branch in [authzforce-ce-server's Docker repository](https://hub.docker.com/r/authzforce/server/) (*Build Settings*). Check the result in *Build Details*. 1. Update the versions in badges at the top of this file. 1. Create a release on Github with a description based on the [release description template](release.description.tmpl.md), replacing M/m/P with the new major/minor/patch versions. diff --git a/dist/src/docker/Dockerfile b/dist/src/docker/Dockerfile index fddfd49..eceea65 100644 --- a/dist/src/docker/Dockerfile +++ b/dist/src/docker/Dockerfile @@ -39,7 +39,7 @@ ENV DEBIAN_FRONTEND noninteractive ENV JAVA_OPTS="-Djava.security.egd=file:/dev/./urandom -Djava.awt.headless=true -Djavax.xml.accessExternalSchema=http -Xms1024m -Xmx1024m -XX:+UseConcMarkSweepGC -server" -ENV AUTHZFORCE_SERVER_VERSION="7.0.0" +ENV AUTHZFORCE_SERVER_VERSION="7.1.0" ENV AUTHZFORCE_SERVER_DOWNLOAD_URL="http://repo1.maven.org/maven2/org/ow2/authzforce/authzforce-ce-server-dist/$AUTHZFORCE_SERVER_VERSION/authzforce-ce-server-dist-$AUTHZFORCE_SERVER_VERSION.deb" # Download and install Authzforce Server (service starts automatically) diff --git a/dist/src/docker/README.md b/dist/src/docker/README.md index 5b78508..ccfb856 100644 --- a/dist/src/docker/README.md +++ b/dist/src/docker/README.md @@ -11,10 +11,10 @@ This image of a minimal AuthzForce Server runtime is intended to work together w This image gives you a minimal installation for testing purposes. The AuthzForce Installation and Administration guide on [readthedocs.org](https://readthedocs.org/projects/authzforce-ce-fiware/versions/) (select the version matching the Docker image tag, then **AuthzForce - Installation and Administration Guide**) provides you a better approach for using it in a production environment. This installation guide also gives instructions to install from .deb package (instead of Docker), which is the recommended way for Ubuntu hosts. -Create a container using `authzforce/server` image by doing (replace the first *8080* after *-p* with whatever network port you want to use on the host to access the AuthzForce Server, e.g. 80; and *release-7.0.0* with the current Docker image tag that you are using): +Create a container using `authzforce/server` image by doing (replace the first *8080* after *-p* with whatever network port you want to use on the host to access the AuthzForce Server, e.g. 80; and *release-7.1.0* with the current Docker image tag that you are using): ``` -docker run -d -p 8080:8080 --name fiware/authzforce-ce-server:release-7.0.0 +docker run -d -p 8080:8080 --name fiware/authzforce-ce-server:release-7.1.0 ``` As stands in the AuthZForce Installation and administration guide on [readthedocs.org](https://readthedocs.org/projects/authzforce-ce-fiware/versions/) (select the version matching the Docker image tag, then **AuthzForce - Installation and Administration Guide**) you can: From 43bd52b90833bce5e4608cca4c332794d52a3a04 Mon Sep 17 00:00:00 2001 From: cdanger Date: Mon, 10 Jul 2017 01:33:30 +0200 Subject: [PATCH 15/15] updating poms for branch'release/7.1.0' with non-snapshot versions --- dist/pom.xml | 2 +- pom.xml | 2 +- rest-service/pom.xml | 2 +- upgrader/pom.xml | 2 +- webapp/pom.xml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/dist/pom.xml b/dist/pom.xml index eb314dc..6ba0a70 100644 --- a/dist/pom.xml +++ b/dist/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-server - 7.1.0-SNAPSHOT + 7.1.0 .. authzforce-ce-server-dist diff --git a/pom.xml b/pom.xml index 22ad9a5..9a21585 100644 --- a/pom.xml +++ b/pom.xml @@ -8,7 +8,7 @@ authzforce-ce-server - 7.1.0-SNAPSHOT + 7.1.0 pom ${project.groupId}:${project.artifactId} AuthzForce CE Server diff --git a/rest-service/pom.xml b/rest-service/pom.xml index 79f9a6e..5655a2e 100644 --- a/rest-service/pom.xml +++ b/rest-service/pom.xml @@ -4,7 +4,7 @@ org.ow2.authzforce authzforce-ce-server - 7.1.0-SNAPSHOT + 7.1.0 .. authzforce-ce-server-rest-service diff --git a/upgrader/pom.xml b/upgrader/pom.xml index 253fb00..448ff6b 100644 --- a/upgrader/pom.xml +++ b/upgrader/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-server - 7.1.0-SNAPSHOT + 7.1.0 .. authzforce-ce-server-upgrader diff --git a/webapp/pom.xml b/webapp/pom.xml index 13355b9..b4c818b 100644 --- a/webapp/pom.xml +++ b/webapp/pom.xml @@ -3,7 +3,7 @@ org.ow2.authzforce authzforce-ce-server - 7.1.0-SNAPSHOT + 7.1.0 .. authzforce-ce-server-webapp