Hi, 1) By the way, are passwords stored using salting and hashing in LDAP?
2) Are there any plans to implement a JSON-based REST API? 3) After creating the session for the “emtestuser1” I get: <?xml version="1.0" encoding="UTF-8" standalone="yes"?><FortResponse><errorCode>0</errorCode><entity xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true"/><isAuthorized xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true"/><session><modId>2767b60b-bfe2-4b08-99c3-119e9ad9d5d8</modId ><user><modId>833bbb1c-fe87-4767-90cf-e9569ab235e6</modId><userId>emtestuse >r1</userId><description>enmasse test user1</description><name>emtest >user1</name><internalId>161d82ab-3022-4e15-ab22-4f4959ff8845</internalId>< >ou>emtestorg1</ou><sn>user1</sn><cn>emtest >user1</cn><dn>uid=emtestuser1,ou=People,dc=example,dc=com</dn><address><ad >dresses>123 Test Ln</addresses><addresses>Suite >1</addresses><addresses>c/o >resident</addresses><city>TestCity</city><state>AR</state><postalCode>7211 >3</postalCode></address><phones>111-222-3333</phones><phones>222-222-3333< >/phones><mobiles>333-222-3333</mobiles><mobiles>444-222-3333</mobiles><pro >ps><modId>05bc5018-f54c-4bf5-b877-5706352ee61d</modId><entry><key>prop1</k >ey><value>value1</value></entry><entry><key>init</key><value></value></ent >ry></props><locked>false</locked><reset>false</reset><timeout>0</timeout>< >roles><modId>5d3c9297-5489-49f3-9fc8-ad86b43c274b</modId><name>emrole1</na >me><userId>emtestuser1</userId><parents>EMROLE2</parents><beginDate>201201 >01</beginDate><beginLockDate>none</beginLockDate><beginTime>0100</beginTim >e><dayMask>1234567</dayMask><endDate>none</endDate><endLockDate>20140101</ >endLockDate><endTime>2359</endTime><timeout>0</timeout></roles></user><isA >uthenticated>true</isAuthenticated><sessionId>0d079d0f-8969-417e-8a5f-fbd9 >ec0eada2</sessionId><lastAccess>1429882798607</lastAccess><timeout>0</time >out><errorId>0</errorId><expirationSeconds>0</expirationSeconds><graceLogi >ns>0</graceLogins></session></FortResponse> But I have no idea how to use this session object to get RBAC permissions. I do the following: curl -X POST -H "Authorization: Basic ZGVtb3VzZXI0OnBhc3N3b3Jk" -H "Accept: application/xml" -H "Content-Type: application/xml" -d @perms.xml http://127.0.0.1:8080/fortress-rest-1.0-RC40-SNAPSHOT/rbacPerms Where perms.xml contains a copied session object (xml), and has the following form: <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <FortRequest><entity xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true"/><isAuthorized xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true"/><session><modId>2767b60b-bfe2-4b08-99c3-119e9ad9d5d8</modId ><user><modId>833bbb1c-fe87-4767-90cf-e9569ab235e6</modId><userId>emtestuse >r1</userId><description>enmasse test user1</description><name>emtest >user1</name><internalId>161d82ab-3022-4e15-ab22-4f4959ff8845</internalId>< >ou>emtestorg1</ou><sn>user1</sn><cn>emtest >user1</cn><dn>uid=emtestuser1,ou=People,dc=example,dc=com</dn><address><ad >dresses>123 Test Ln</addresses><addresses>Suite >1</addresses><addresses>c/o >resident</addresses><city>TestCity</city><state>AR</state><postalCode>7211 >3</postalCode></address><phones>111-222-3333</phones><phones>222-222-3333< >/phones><mobiles>333-222-3333</mobiles><mobiles>444-222-3333</mobiles><pro >ps><modId>05bc5018-f54c-4bf5-b877-5706352ee61d</modId><entry><key>prop1</k >ey><value>value1</value></entry><entry><key>init</key><value></value></ent >ry></props><locked>false</locked><reset>false</reset><timeout>0</timeout>< >roles><modId>5d3c9297-5489-49f3-9fc8-ad86b43c274b</modId><name>emrole1</na >me><userId>emtestuser1</userId><parents>EMROLE2</parents><beginDate>201201 >01</beginDate><beginLockDate>none</beginLockDate><beginTime>0100</beginTim >e><dayMask>1234567</dayMask><endDate>none</endDate><endLockDate>20140101</ >endLockDate><endTime>2359</endTime><timeout>0</timeout></roles></user><isA >uthenticated>true</isAuthenticated><sessionId>0d079d0f-8969-417e-8a5f-fbd9 >ec0eada2</sessionId><lastAccess>1429882798607</lastAccess><timeout>0</time >out><errorId>0</errorId><expirationSeconds>0</expirationSeconds><graceLogi >ns>0</graceLogins></session></FortRequest> I get: <?xml version="1.0" encoding="UTF-8" standalone="yes"?><FortResponse><errorCode>101</errorCode><errorMessage>ass ertContext detected null entity for method [org.apache.directory.fortress.core.AccessMgrFactory.createInstance], error code [101]</errorMessage><entity xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true"/><isAuthorized xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true"/><session xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true"/></FortResponse> What am I doing wrong in my POST? /Oleksandr On 24/4/2015 15:09 , "Emmanuel Lécharny" <elecha...@gmail.com> wrote: >Le 24/04/15 13:06, Shawn McKinney a écrit : >>> On Apr 24, 2015, at 4:59 AM, Oleksandr Bodriagov (Polystar) >>><oleksandr.bodria...@polystar.com> wrote: >>> >>> Hi, >>> >>> I wanted to test a rest component, so I looked into EmTest.java and >>>saw an >>> example of session creation in ³src/test/resources/createSession.xml" >>> <FortRequest> >>> <contextId>HOME</contextId> >>> <entity xsi:type="user" >>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> >>> <userId>emtestuser1</userId> >>> <password>112</password> >>> <password>97</password> >>> <password>115</password> >>> <password>115</password> >>> <password>119</password> >>> <password>111</password> >>> <password>114</password> >>> <password>100</password> >>> </entity> >>> </FortRequest> >>> >>> >>> If I run this POST request, then everything works and I get the session >>> info back. However, if I remove just one password from the list, then I >>> get >>> <FortResponse><errorCode>1013</errorCode><errorMessage>PASSWORD INVALID >>> for userId [emtestuser1], resultCode >>>[INVALID_CREDENTIALS]</errorMessage> >>> >>> I am not sure I understand this concept of multiple passwords. I would >>>be >>> grateful if someone could point me to the resource where I could read >>> about it. >>> >>> Best regards, >>> Oleksandr >>> >> Oleksandr, >> >> The password is stored on user object as array of characters: >> private char[] password; >> >> Each element in the array is represented as an element in the xml >>document. So if you delete and element, you aren’t deleting a password, >>you are removing one of the characters of the user’s password - thus the >>failure later on on createSession. Fortress does not support multiple >>passwords for users. > >Ouch !!! > >Wouldn't had it been more efficient to store the password using a base64 >encoding ?