> On Mar 16, 2019, at 1:26 PM, Shawn McKinney <[email protected]> wrote: > > See the readme above for more description on how the ARBAC checks work. > > The ARBAC02 checks are turned off by default in the Apache Fortress REST > runtime. To enable, add this to fortress.properties file: > is.arbac02=true >
Here’s an example of a working ARBAC02 policy that can be loaded into an LDAP server: https://github.com/apache/directory-fortress-enmasse/blob/master/src/main/resources/FortressRestServerPolicy.xml The admin user, demouser4 has been granted the RBAC role, fortress-rest-power-user, to pass the Java EE and CXF coarse-grained checks. The ADMIN role assigned, fortress-rest-admin, has been granted all of the ADMIN permissions to call every service. This same role passes UserOU checks for DEV0 - DEV10, PermOU checks for APP0 - APP10, and will has assign/grant authority over all RBAC roles. The demouser4 will pass the fortress junit integration tests, routed through REST, when the arbac02 checks have been enabled on the REST side. —Shawn
