- This sample shows how to invoke Apache Fortress APIs using REST via command-line invocations w/ curl.
- It also shows how to install Apache Fortress Rest component into an Apache Tomcat server instance and connect to a properly configured LDAP server.
- Use the DOCKER-QUICKSTART to run everything inside Docker containers.
- The samples load a fictional security policy that correspond with another fortress sample called the rbac-abac-sample.
- Once system is setup, test services using curl, find out how here: README-TESTING
- Prerequisites
- SECTION 1. Prepare an LDAP Server
- SECTION 2. Prepare Tomcat for Java EE Security
- SECTION 3. Prepare apache-fortress-quickstart package
- SECTION 4. Configure Apache Tomcat and Deploy Apache Fortress Rest
- Java 8++
- Apache Maven 3++, to run the fortress load utility, to bootstrap server data.
- Apache Tomcat 7++, to host the services.
- Docker, to host the LDAP server.
- Curl, to invoke/test fortress.
You may use the ApacheFortress Docker images for either OpenLDAP or ApacheDS:
Option A: Pull and run the Symas OpenLDAP 2.5 prebuilt image:
docker pull shawnmckinney/iamfortress:symas-openldap
docker run --name=openldap-fortress -d -p 32768:389 -P shawnmckinney/iamfortress:symas-openldap
Option B: Pull and run the ApacheDS prebuilt image:
docker pull apachedirectory/apacheds-for-apache-fortress-tests
docker run --name=apacheds-fortress -d -p 32768:10389 -P apachedirectory/apacheds-for-apache-fortress-tests
*depending on your docker setup may need to run as root or sudo priv's.
Apache Fortress Rest uses Java EE security for basic authentication and coarse-grained authorization.
wget https://repo.maven.apache.org/maven2/org/apache/directory/fortress/fortress-realm-proxy/[VERSION]/fortress-realm-proxy-[VERSION].jar -P $TOMCAT_HOME/lib- Where $TOMCAT_HOME points to the execution and [VERSION] is current version of Fortress Realm component, as of today, 2.0.5.
a. Download and extract from Github:
wget https://github.com/shawnmckinney/apache-fortress-quickstart/archive/master.zip-- Or --
b. Or git clone locally:
git clone https://github.com/shawnmckinney/apache-fortress-quickstart.git
cd apache-fortress-quickstarta. Copy the example:
cp src/main/resources/fortress.properties.example src/main/resources/fortress.propertiesb. Edit the file:
vi src/main/resources/fortress.propertiesPick either Apache Directory or OpenLDAP server:
c. Prepare fortress for OpenLDAP usage:
# This param tells fortress what type of ldap server in use:
ldap.server.type=openldap
# Use value from [Set Hostname Entry]:
host=localhost
# OpenLDAP defaults to this, natively:
# port=389
# OpenLDAP in Docker uses this:
port=32768
# These credentials are used for read/write access to all nodes under suffix:
admin.user=cn=Manager,dc=example,dc=com
admin.pw=secret-- Or --
d. Prepare fortress for ApacheDS usage:
# This param tells fortress what type of ldap server in use:
ldap.server.type=apacheds
# Use value from [Set Hostname Entry]:
host=localhost
# ApacheDS in Docker uses this:
port=32768
# These credentials are used for read/write access to all nodes under suffix:
admin.user=uid=admin,ou=system
admin.pw=secret- These values will work with the defaults, set within the Docker images. You may need to change the port, to match what's currently being used.
- If pointing to an existing LDAP server impl, change the coordinates accordingly.
mvn -version
This sample requires Java 8 and Maven 3 to be setup within the execution env.
a. Fortress Bootstrap creates the Directory Information Tree (DIT) structure and adds configuration parameters:
mvn install -Dload.file=./src/main/resources/FortressBootstrap.xml
b. The Fortress Rest Server Policy sets up a service account to have access to Apache Fortress Rest component:
mvn install -Dload.file=./src/main/resources/FortressRestServerPolicy.xml
Build Notes:
-Dload.fileloads this file's data, FortressRestServerPolicy, into ldap.-Dtenenatcan be used to specifies a tenant (subtree) being processed.
Set the java system properties in tomcat with the target ldap server's coordinates.
a. For OpenLDAP:
JAVA_OPTS="-Dfortress.host=localhost -Dfortress.port=32768 -Dfortress.admin.user=cn=manager,dc=example,dc=com -Dfortress.admin.pw=secret -Dfortress.min.admin.conn=1 -Dfortress.max.admin.conn=10 -Dfortress.ldap.server.type=openldap -Dfortress.enable.ldap.ssl=false -Dfortress.config.realm=DEFAULT -Dfortress.config.root=ou=config,dc=example,dc=com"
b. For ApacheDS:
JAVA_OPTS="-Dfortress.host=$HOSTNAME -Dfortress.port=32768 -Dfortress.admin.user=uid=admin,ou=system -Dfortress.admin.pw=secret -Dfortress.min.admin.conn=1 -Dfortress.max.admin.conn=10 -Dfortress.ldap.server.type=apacheds -Dfortress.enable.ldap.ssl=false -Dfortress.config.realm=DEFAULT -Dfortress.config.root=ou=config,dc=example,dc=com"
- The prepacked .war pull down from maven uses java options to point to a particular Apache Fortress LDAP server.
- These values will work with the defaults, set within the Docker images. You may need to change the port, to match what's currently being used.
- SECTION 4 Fortress Configuration Overrides contains an external property listing: README-CONFIG
wget https://repo.maven.apache.org/maven2/org/apache/directory/fortress/fortress-rest/[VERSION]/fortress-rest-[VERSION].war -P $TOMCAT_HOME/webapps- Where TOMCAT_HOME matches your target env and [VERSION] is latest Fortress Rest Component, as of today 2.0.6.