us.jts.enmasse.overview.html Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of enmasse Show documentation
Show all versions of enmasse Show documentation
EnMasse is a Web application that provides a RESTful implementation of Fortress' ANSI RBAC INCITS 359 engine.
Overview of the us.jts.enmasse component
EnMasse is a web application that implements RESTful Web services to interface with
Fortress and OpenLDAP.
What technologies are in use?
EnMasse was built using established Open Source technologies including
Apache CXF (web services stack), Spring Framework (glue), Maven (dependencies)
and JAXB (data binding layer) and runs inside any reasonably compliant Java Servlets container.
EnMasse service access control decisions are enforced using Sentry which itself
uses declarative Java EE Security and Spring Security policy hooks that are wired to
connect back to the Fortress RBAC component.
EnMasse server-side is a Java Web program artifact and is wholly dependent on Fortress
but also needs a V3 compliant LDAP server like OpenLDAP. For more information on installing and setting up OpenLDAP check out
Fortress Builder
What can EnMasse do?
Contained within this application are Web APIs to perform authentication, authorization, administration, audit and password policies.
The most important package in this system, us.jts.enmasse, contains the public Web APIs that are called by external systems.
There is a one-to-one correspondence between a Fortress API and an EnMasse Web service. The Fortress
APIs are organized into 'Managers' each implementing a specific area of functionality within the
Identity and Access Management lifecycle.
For a list of EnMasse services, see FortressService.
Fortress Manager Overview
- AccessMgr - This object performs runtime access control operations on objects that are provisioned RBAC entities that reside in LDAP directory.
- AdminMgr - This object performs administrative functions to provision Fortress RBAC entities into the LDAP directory.
- AuditMgr - This interface prescribes methods used to search OpenLDAP's slapd access log.
- DelegatedAccessMgr - This interface prescribes the API for performing runtime delegated access control operations on objects that are provisioned Fortress ARBAC02 entities that reside in LDAP directory.
- DelegatedAdminMgr - This class prescribes the ARBAC02 DelegatedAdminMgr interface for performing policy administration of Fortress ARBAC entities that reside in LDAP directory.
- DelegatedReviewMgr - This class prescribes the ARBAC02 DelegatedReviewMgr interface for performing policy interrogation of provisioned Fortress ARBAC02 entities that reside in LDAP directory.
- PswdPolicyMgr - This object adheres to IETF PW policy draft and is used to perform administrative and review functions on the PWPOLICIES and USERS data sets within Fortress.
- ReviewMgr - This interface prescribes the administrative review functions on already provisioned Fortress RBAC entities that reside in LDAP directory.
How can I connect with EnMasse?
Clients have a choice in how to connect with the EnMasse Web services. Integration can occur using a
preferred Web service toolkit like AXIS 1, AXIS 2,
Metro, CXF, Spring Web Services,
WSO2, JQuery, etc, or by using the Fortress APIs
themselves which have built in support for calling EnMasse.
The Fortress API plugs into its backend data repository (LDAP) using a simple facade pattern that
shields its clients from downstream details. The behavior of the Fortress APIs does not change based
on the route it takes.
Options for EnMasse service Integration
- Client uses Fortress to connect to EnMasse:
Client-->Fortress-->HTTP/S-->EnMasse
- Client uses other Web frameworks to connect to EnMasse:
Client[Axis, Metro, CXF, SpringWS,...]-->HTTP/S-->EnMasse
What are the conditions of use?
This software development toolkit is open source, thus free to use and distribute via the BSD 3-Clause License.
It was developed and tested on open systems like Ubuntu and Centos and was helped along
by the following open source products: