Fortress Rest is a web application that implements RESTful Web services to interface with Fortress Core and a directory server like OpenLDAP or ApacheDS.

What technologies are in use?

Fortress Rest was built using established Open Source technologies including Apache CXF (web services stack), Spring Framework (glue), Maven (dependencies) and JAXB (data binding layer) and runs inside any reasonably compliant Java Servlets container. Fortress Rest service access control decisions are enforced using Fortress Realm which itself uses declarative Java EE Security and Spring Security policy hooks that are wired to connect back to the Fortress access management APIs. Fortress Rest is a Java Web program artifact and is wholly dependent on Fortress but also needs a V3 compliant LDAP server like OpenLDAP or ApacheDS. For more information on installing and setting up a directory server check out the Fortress README's in the directory-fortress-core source package.

What can Fortress Rest do?

Contained within this application are Web APIs to perform authentication, authorization, administration, audit and password policies. The most important package in this system, org.apache.directory.fortress.rest, contains the public Web APIs that are called by external systems. There is a one-to-one correspondence between a Fortress Core API and a Fortress Rest service. The Fortress Core APIs are organized into 'Managers' each implementing a specific area of functionality within the Access Management lifecycle. For a list of Fortress Rest services, see FortressService.

Fortress Manager Overview

  1. AccessMgr - This object performs runtime access control operations on objects that are provisioned RBAC entities that reside in LDAP directory.
  2. AdminMgr - This object performs administrative functions to provision Fortress RBAC entities into the LDAP directory.
  3. AuditMgr - This interface prescribes methods used to search OpenLDAP's slapd access log.
  4. DelegatedAccessMgr - This interface prescribes the API for performing runtime delegated access control operations on objects that are provisioned Fortress ARBAC02 entities that reside in LDAP directory.
  5. DelegatedAdminMgr - This class prescribes the ARBAC02 DelegatedAdminMgr interface for performing policy administration of Fortress ARBAC entities that reside in LDAP directory.
  6. DelegatedReviewMgr - This class prescribes the ARBAC02 DelegatedReviewMgr interface for performing policy interrogation of provisioned Fortress ARBAC02 entities that reside in LDAP directory.
  7. PswdPolicyMgr - This object adheres to IETF PW policy draft and is used to perform administrative and review functions on the PWPOLICIES and USERS data sets within Fortress.
  8. ReviewMgr - This interface prescribes the administrative review functions on already provisioned Fortress RBAC entities that reside in LDAP directory.

How can I connect with Fortress Rest?

Clients have a choice in how to connect with the Fortress Rest services. Integration can occur using a preferred Web service toolkit like AXIS 1, AXIS 2, Metro, CXF, Spring Web Services, WSO2, JQuery, etc, or by using the Fortress Core APIs themselves which have built in support for calling Fortress Rest. The Fortress Core APIs plugs into its backend data repository (LDAP) using a simple facade pattern that shields its clients from downstream details. The behavior of the Fortress APIs does not change based on the route it takes.

Options for Fortress Rest service Integration

  1. Client uses Fortress Core to connect to LDAP via Fortress Rest:
    Client-->Fortress Core-->HTTP/S-->Fortress Rest
  2. Client uses other Web frameworks to connect to Fortress Rest:
    Client[Axis, Metro, CXF, SpringWS,...]-->HTTP/S-->Fortress Rest

What are the conditions of use?

This software development kit is open source, thus free to use and distribute via the Apache License, Version 2.0.