{"id":24475368,"url":"https://github.com/authzforce/server","last_synced_at":"2025-04-13T13:07:30.157Z","repository":{"id":37885265,"uuid":"49609273","full_name":"authzforce/server","owner":"authzforce","description":"AuthzForce Server (Multi-tenant XACML PDP/PAP - REST API)","archived":false,"fork":false,"pushed_at":"2024-06-08T17:49:01.000Z","size":1517,"stargazers_count":57,"open_issues_count":3,"forks_count":17,"subscribers_count":6,"default_branch":"develop","last_synced_at":"2025-04-13T13:07:19.214Z","etag":null,"topics":["access-control","authorization","authzforce","fast-infoset","fiware","json","pdp","rest","rest-api","restful-api","xacml","xml","xml-schema"],"latest_commit_sha":null,"homepage":"https://authzforce-ce-fiware.rtfd.io/","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/authzforce.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":"ROADMAP.md","authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-01-13T23:35:03.000Z","updated_at":"2024-11-25T09:49:05.000Z","dependencies_parsed_at":"2024-02-18T03:29:56.376Z","dependency_job_id":"2c6c0348-66a0-4db1-8a21-2e160859bad5","html_url":"https://github.com/authzforce/server","commit_stats":null,"previous_names":[],"tags_count":25,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authzforce%2Fserver","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authzforce%2Fserver/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authzforce%2Fserver/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authzforce%2Fserver/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/authzforce","download_url":"https://codeload.github.com/authzforce/server/tar.gz/refs/heads/develop","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248717242,"owners_count":21150389,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["access-control","authorization","authzforce","fast-infoset","fiware","json","pdp","rest","rest-api","restful-api","xacml","xml","xml-schema"],"created_at":"2025-01-21T09:14:35.516Z","updated_at":"2025-04-13T13:07:30.134Z","avatar_url":"https://github.com/authzforce.png","language":"Java","readme":"# AuthzForce Server\n\n[![FIWARE Security](https://nexus.lab.fiware.org/static/badges/chapters/security.svg)](https://www.fiware.org/developers/catalogue/)\n[![License: GPL v3](https://img.shields.io/github/license/authzforce/server.svg)](https://www.gnu.org/licenses/gpl-3.0)\n[![Docker badge](https://img.shields.io/docker/pulls/authzforce/server.svg)](https://hub.docker.com/r/authzforce/server/)\n[![](https://img.shields.io/badge/tag-authzforce-orange.svg?logo=stackoverflow)](http://stackoverflow.com/questions/tagged/authzforce)\n[![Support badge](https://img.shields.io/badge/support-ask.fiware.org-yellowgreen.svg)](https://ask.fiware.org/questions/scope:all/sort:activity-desc/tags:authzforce/)\n\u003cbr/\u003e\n[![Documentation badge](https://readthedocs.org/projects/authzforce-ce-fiware/badge/?version=latest)](http://authzforce-ce-fiware.readthedocs.io/en/latest/?badge=latest)\n[![CI](https://github.com/authzforce/server/workflows/CI/badge.svg)](https://github.com/authzforce/server/actions?query=workflow%3ACI)\n![Status](https://nexus.lab.fiware.org/static/badges/statuses/authzforce.svg)\n[![Codacy Badge](https://app.codacy.com/project/badge/Grade/edd2ba7c87f44bf1beb2575e2d7e50ed)](https://www.codacy.com/gh/authzforce/server/dashboard?utm_source=github.com\u0026amp;utm_medium=referral\u0026amp;utm_content=authzforce/server\u0026amp;utm_campaign=Badge_Grade)\n[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fauthzforce%2Fserver.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2Fauthzforce%2Fserver?ref=badge_shield)\n\nAuthzForce Server provides a multi-tenant RESTful API to Policy Administration\nPoints (PAP) and Policy Decision Points (PDP) supporting Attribute-Based Access\nControl (ABAC), as defined in the\n[OASIS XACML 3.0 standard](http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html).\n\nThis project is part of [FIWARE](https://www.fiware.org/). For more information\ncheck the FIWARE Catalogue entry for\n[Security](https://github.com/Fiware/catalogue/tree/master/security).\n\n**Go to the [releases](https://github.com/authzforce/server/releases) page for\nspecific release info: downloads (Linux packages), Docker image,\n[release notes](CHANGELOG.md), and\n[documentation](http://readthedocs.org/projects/authzforce-ce-fiware/versions/).**\n\nThe roadmap of this FIWARE GE is described [here](ROADMAP.md).\n\n_If you are interested in using an embedded XACML-compliant PDP in your Java\napplications, AuthzForce also provides a PDP engine as a Java library in\n[Authzforce core project](http://github.com/authzforce/core)._\n\n|  :books: [Documentation](https://authzforce-ce-fiware.rtfd.io/) | :mortar_board: [Academy](https://fiware-academy.readthedocs.io/en/latest/security/authzforce) | :whale: [Docker Hub](https://hub.docker.com/r/authzforce/server/) |  :dart: [Roadmap](https://github.com/authzforce/server/blob/develop/ROADMAP.md)\n|---|---|---|---|\n\n\n## Contents\n\n-   [Features](#features)\n-   [Limitations](#limitations)\n-   [Quality Assurance](#quality-assurance)\n-   [Install](#install)\n-   [Documentation](#documentation)\n-   [Training Courses](#training-courses)\n-   [Usage](#usage)\n-   [Testing](#testing)\n-   [Support](#support)\n-   [Security](#security-vulnerability-reporting)\n-   [Contributing](#contributing)\n-   [License](#license)\n\n## Features\n\n### PDP (Policy Decision Point)\n\n-   Compliance with the following OASIS XACML 3.0 standards:\n    -   [XACML v3.0 Core standard](http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html)\n    -   [XACML v3.0 Core and Hierarchical Role Based Access Control (RBAC) Profile Version 1.0](http://docs.oasis-open.org/xacml/3.0/rbac/v1.0/xacml-3.0-rbac-v1.0.html)\n    -   [XACML v3.0 Multiple Decision Profile Version 1.0 - Repeated attribute categories](http://docs.oasis-open.org/xacml/3.0/multiple/v1.0/cs02/xacml-3.0-multiple-v1.0-cs02.html#_Toc388943334)\n        (`urn:oasis:names:tc:xacml:3.0:profile:multiple:repeated-attribute-categories`).\n    -   [XACML v3.0 - JSON Profile Version 1.0](http://docs.oasis-open.org/xacml/xacml-json-http/v1.0/xacml-json-http-v1.0.html),\n        with extra security features:\n        -   JSON schema\n            [Draft v6](https://tools.ietf.org/html/draft-wright-json-schema-01)\n            validation;\n        -   DoS mitigation: JSON parser variant checking max JSON string size,\n            max number of JSON keys/array items and max JSON object depth.\n    - [GeoXACML 1.0.1](http://portal.opengeospatial.org/files/?artifact_id=42734). Supported as third-party extension from [Secure Dimensions](https://github.com/securedimensions/authzforce-geoxacml-basic)\n    -   Experimental support for:\n        -   [XACML Data Loss Prevention / Network Access Control (DLP/NAC) Profile Version 1.0](http://docs.oasis-open.org/xacml/xacml-3.0-dlp-nac/v1.0/xacml-3.0-dlp-nac-v1.0.html):\n            only `dnsName-value` datatype and `dnsName-value-equal` function are\n            supported;\n        -   [XACML 3.0 Additional Combining Algorithms Profile Version 1.0](http://docs.oasis-open.org/xacml/xacml-3.0-combalgs/v1.0/xacml-3.0-combalgs-v1.0.html):\n            `on-permit-apply-second` policy combining algorithm;\n        -   [XACML v3.0 Multiple Decision Profile Version 1.0 - Requests for a combined decision](http://docs.oasis-open.org/xacml/3.0/xacml-3.0-multiple-v1-spec-cd-03-en.html#_Toc260837890)\n            (`urn:oasis:names:tc:xacml:3.0:profile:multiple:combined-decision`).\n-   Safety/Security:\n    -   Prevention of circular XACML policy references (PolicySetIdReference) as\n        mandated by\n        [XACML 3.0](http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html#_Toc325047192);\n    -   Control of the **maximum XACML PolicySetIdReference depth**;\n    -   Prevention of circular XACML variable references (VariableReference) as\n        mandated by\n        [XACML 3.0](http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html#_Toc325047185);\n    -   Control of the **maximum XACML VariableReference depth**;\n-   Optional **strict multivalued attribute parsing**: if enabled, multivalued\n    attributes must be formed by grouping all `AttributeValue` elements in the\n    same Attribute element (instead of duplicate Attribute elements); this does\n    not fully comply with\n    [XACML 3.0 Core specification of Multivalued attributes (§7.3.3)](http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html#_Toc325047176),\n    but it usually performs better than the default mode since it simplifies the\n    parsing of attribute values in the request;\n-   Optional **strict attribute Issuer matching**: if enabled,\n    `AttributeDesignators` without Issuer only match request Attributes without\n    Issuer (and same AttributeId, Category...); this option is not fully\n    compliant with XACML 3.0, §5.29, in the case that the Issuer is indeed not\n    present on a AttributeDesignator; but it is the recommended option when all\n    AttributeDesignators have an Issuer (the XACML 3.0 specification (5.29)\n    says: _If the Issuer is not present in the attribute designator, then the\n    matching of the attribute to the named attribute SHALL be governed by\n    AttributeId and DataType attributes alone._);\n-   Extensibility points:\n    -   **Attribute Datatypes**: you may extend the PDP engine with custom XACML\n        attribute datatypes;\n    -   **Functions**: you may extend the PDP engine with custom XACML\n        functions;\n    -   **Combining Algorithms**: you may extend the PDP engine with custom\n        XACML policy/rule combining algorithms;\n    -   **Attribute Providers a.k.a. PIPs** (Policy Information Points): you may\n        plug custom attribute providers into the PDP engine to allow it to\n        retrieve attributes from other attribute sources (e.g. remote service)\n        than the input XACML Request during evaluation;\n    -   **Request Preprocessor**: you may customize the processing of XACML\n        Requests before evaluation by the PDP core engine, e.g. used for\n        supporting new XACML Request formats, and/or implementing\n        [XACML v3.0 Multiple Decision Profile Version 1.0 - Repeated attribute categories](http://docs.oasis-open.org/xacml/3.0/multiple/v1.0/cs02/xacml-3.0-multiple-v1.0-cs02.html#_Toc388943334);\n    -   **Result Postprocessor**: you may customize the processing of XACML\n        Results after evaluation by the PDP engine, e.g. used for supporting new\n        XACML Response formats, and/or implementing\n        [XACML v3.0 Multiple Decision Profile Version 1.0 - Requests for a combined decision](http://docs.oasis-open.org/xacml/3.0/xacml-3.0-multiple-v1-spec-cd-03-en.html#_Toc260837890).\n\n### PIP (Policy Information Point)\n\nAuthzForce provides XACML PIP features in the form of _Attribute Providers_.\nMore information in the previous section.\n\n### PAP (Policy Administration Point)\n\n-   Policy management: create/read/update/delete multiple policies and\n    references from one to another (via PolicySetIdReference)\n-   Policy versioning: create/read/delete multiple versions per policy.\n-   Configurable root policy ID/version: top-level policy enforced by the PDP\n    may be any managed policy (if no version defined in configuration, the\n    latest available is selected)\n-   Configurable maximum number of policies;\n-   Configurable maximum number of versions per policy.\n-   Optional policy version rolling (when the maximum of versions per policy has\n    been reached, oldest versions are automatically removed to make place).\n\n### REST API\n\n-   Provides access to all PAP/PDP features mentioned in previous sections with\n    possibility to have PDP-only instances (i.e. without PAP features).\n-   Multi-tenant: allows to have multiple domains/tenants, each with its own\n    PAP/PDP, in particular its own policy repository.\n-   Conformance with\n    [REST Profile of XACML v3.0 Version 1.0](http://docs.oasis-open.org/xacml/xacml-rest/v1.0/xacml-rest-v1.0.html)\n-   Supported data formats, aka content types:\n    - `application/xml`: XML based on API schema;\n    - `application/fastinfoset`: [Fast Infoset](http://www.itu.int/en/ITU-T/asn1/Pages/Fast-Infoset.aspx) based on API's XML schema;\n    - `application/json`: JSON based on API's XMLschema with a generic XML-to-JSON mapping convention\n    - `application/xacml+xml`: XACML content only, as defined by [RFC 7061](https://tools.ietf.org/html/rfc7061)\n    - `application/xacml+json`: JSON format for XACML Request/Response on PDP only, as defined by [XACML v3.0 - JSON Profile Version 1.0](http://docs.oasis-open.org/xacml/xacml-json-http/v1.0/xacml-json-http-v1.0.html)\n-   Defined in standard\n    [Web Application Description Language and XML schema](https://github.com/authzforce/rest-api-model/tree/develop/src/main/resources)\n    so that you can automatically generate client code.\n\n### High availability and load-balancing\n\n-   Integration with file synchronization tools (e.g.\n    [csync2](http://oss.linbit.com/csync2/)) or distributed filesystems (e.g.\n    NFS and CIFS) to build clusters of AuthzForce Servers.\n\n## Limitations\n\nThe following optional features from\n[XACML v3.0 Core standard](http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html)\nare not supported:\n\n-   Elements `AttributesReferences`, `MultiRequests` and `RequestReference`;\n-   Functions `urn:oasis:names:tc:xacml:3.0:function:xpath-node-equal`,\n    `urn:oasis:names:tc:xacml:3.0:function:xpath-node-match` and\n    `urn:oasis:names:tc:xacml:3.0:function:access-permitted`;\n-   [Algorithms planned for future deprecation](http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html#_Toc325047257).\n\nIf you are interested in those, you can ask for [support](#support).\n\n## Quality Assurance\n\nThis project is part of [FIWARE](https://fiware.org/) and has been rated as\nfollows:\n\n-   **Version Tested:**\n    ![ ](https://img.shields.io/badge/dynamic/json.svg?label=Version\u0026url=https://fiware.github.io/catalogue/json/authzforce.json\u0026query=$.version\u0026colorB=blue)\n-   **Documentation:**\n    ![ ](https://img.shields.io/badge/dynamic/json.svg?label=Completeness\u0026url=https://fiware.github.io/catalogue/json/authzforce.json\u0026query=$.docCompleteness\u0026colorB=blue)\n    ![ ](https://img.shields.io/badge/dynamic/json.svg?label=Usability\u0026url=https://fiware.github.io/catalogue/json/authzforce.json\u0026query=$.docSoundness\u0026colorB=blue)\n-   **Responsiveness:**\n    ![ ](https://img.shields.io/badge/dynamic/json.svg?label=Time%20to%20Respond\u0026url=https://fiware.github.io/catalogue/json/authzforce.json\u0026query=$.timeToCharge\u0026colorB=blue)\n    ![ ](https://img.shields.io/badge/dynamic/json.svg?label=Time%20to%20Fix\u0026url=https://fiware.github.io/catalogue/json/authzforce.json\u0026query=$.timeToFix\u0026colorB=blue)\n-   **FIWARE Testing:**\n    ![ ](https://img.shields.io/badge/dynamic/json.svg?label=Tests%20Passed\u0026url=https://fiware.github.io/catalogue/json/authzforce.json\u0026query=$.failureRate\u0026colorB=blue)\n    ![ ](https://img.shields.io/badge/dynamic/json.svg?label=Scalability\u0026url=https://fiware.github.io/catalogue/json/authzforce.json\u0026query=$.scalability\u0026colorB=blue)\n    ![ ](https://img.shields.io/badge/dynamic/json.svg?label=Performance\u0026url=https://fiware.github.io/catalogue/json/authzforce.json\u0026query=$.performance\u0026colorB=blue)\n    ![ ](https://img.shields.io/badge/dynamic/json.svg?label=Stability\u0026url=https://fiware.github.io/catalogue/json/authzforce.json\u0026query=$.stability\u0026colorB=blue)\n\n## Install\n\nEvery release is packaged in various types of distribution and the installation depends on the distribution type:\n\n-   Ubuntu/Debian package (recommended option): `.deb`. Use your usual Ubuntu/Debian APT to install the package;\n-   Other Linux distributions: `.tar.gz` for any Linux distribution. More info in the [documentation](#documentation);\n-   Docker image, installed/deployed with the usual docker container commands. See [dist/src/docker/README.md](dist/src/docker/README.md) for more info.\n\nFor download links, please go to the specific\n[release page](https://github.com/authzforce/server/releases).\n\nOnce you downloaded the distribution of your preference, check the [documentation](#documentation) for more information.\n\n## Documentation\n\nFor links to the documentation of a release, please go to the specific\n[release page](https://github.com/authzforce/server/releases).\n\n## Training Courses\n### Academy Courses\n- [AuthzForce](https://fiware-academy.readthedocs.io/en/latest/security/authzforce/)\n\n### Tutorials\n\nThe following tutorials on **AuthzForce Server** are available:\n\n- 405. [Identity Management - XACML Rule-based Permissions](https://fiware-tutorials.readthedocs.io/en/latest/xacml-access-rules/).\n- 406. [Identity Management - Administrating XACML Rules](https://fiware-tutorials.readthedocs.io/en/latest/administrating-xacml/);\n\n## Usage\n\nThis section gives examples of usage and PEP code with a web service authorization module.\n\nFor an example of using an AuthzForce Server's RESTful PDP API in a real-life\nuse case, please refer to the JUnit test class\n[RESTfulPdpBasedAuthzInterceptorTest](webapp/src/test/java/org/ow2/authzforce/webapp/test/pep/cxf/RESTfulPdpBasedAuthzInterceptorTest.java)\nand the Apache CXF authorization interceptor\n[RESTfulPdpBasedAuthzInterceptor](webapp/src/test/java/org/ow2/authzforce/webapp/test/pep/cxf/RESTfulPdpBasedAuthzInterceptor.java).\nThe test class runs a test similar to @coheigea's\n[XACML 3.0 Authorization Interceptor test](https://github.com/coheigea/testcases/blob/master/apache/cxf/cxf-sts-xacml/src/test/java/org/apache/coheigea/cxf/sts/xacml/authorization/xacml3/XACML3AuthorizationTest.java)\nbut using AuthzForce Server as PDP instead of OpenAZ. In this test, a web\nservice client requests a Apache-CXF-based web service with a SAML token as\ncredentials (previously issued by a Security Token Service upon successful\nclient authentication) that contains the user ID and roles. Each request is\nintercepted on the web service side by a\n[RESTfulPdpBasedAuthzInterceptor](webapp/src/test/java/org/ow2/authzforce/webapp/test/pep/cxf/RESTfulPdpBasedAuthzInterceptor.java)\nthat plays the role of PEP (Policy Enforcement Point in XACML jargon), i.e. it\nextracts the various authorization attributes (user ID and roles, web service\nname, operation...) and requests a decision with these attributes from a remote\nPDP provided by AuthzForce Server, then enforces the PDP's decision, i.e.\nforwards the request to the web service implementation if the decision is\nPermit, else rejects it. For more information, see the Javadoc of\n[RESTfulPdpBasedAuthzInterceptorTest](webapp/src/test/java/org/ow2/authzforce/webapp/test/pep/cxf/RESTfulPdpBasedAuthzInterceptorTest.java).\n\n\n## Testing\n\nTo run unit tests, install Maven and type\n\n```console\nmvn test\n```\n\n## Support\n\nYou should use\n[AuthzForce users' mailing list](https://mail.ow2.org/wws/info/authzforce-users)\nas first contact for any communication about AuthzForce: question, feature\nrequest, notification, potential issue (unconfirmed), etc.\n\nIf you are experiencing any bug with this project and you indeed confirm this is\nnot an issue with your environment (contact the users mailing list first if you\nare unsure), please report it on the\n[OW2 Issue Tracker](https://gitlab.ow2.org/authzforce/server/issues). Please include as\nmuch information as possible; the more we know, the better the chance of a\nquicker resolution:\n\n-   Software version\n-   Platform (OS and JRE)\n-   Stack traces generally really help! If in doubt, include the whole thing;\n    often exceptions get wrapped in other exceptions and the exception right\n    near the bottom explains the actual error, not the first few lines at the\n    top. It's very easy for us to skim-read past unnecessary parts of a stack\n    trace.\n-   Log output can be useful too; sometimes enabling DEBUG logging can help;\n-   Your code \u0026 configuration files are often useful.\n\n## Security - Vulnerability reporting\n\nIf you want to report a vulnerability, you can do so on this Github repository by following the process: [Privately reporting a security vulnerability](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability).\n\n## Contributing\n\n### Documentation\n\nThe sources for the manuals are located in\n[fiware repository](http://github.com/authzforce/fiware/doc).\n\n### Releasing\n\n1.  From the develop branch, prepare a release (example using a HTTP proxy):\n\n```console\n$ mvn -Dhttps.proxyHost=proxyhostname -Dhttps.proxyPort=8080 jgitflow:release-start\n```\n\n2. Update the [changelog](CHANGELOG.md) with the new version according to\n    keepachangelog.com.\n3. Commit\n4. Perform the software release (example using a HTTP proxy):\n\n    ```console\n    $ mvn -Dhttps.proxyHost=proxyhostname -Dhttps.proxyPort=8080 jgitflow:release-finish\n    ```\n\n    If, after deployment, the command does not succeed because of some issue with the branches. Fix the issue, then re-run the     same command but with 'noDeploy' option set to true to avoid re-deployment:\n\n    ```console\n    $ mvn -Dhttps.proxyHost=proxyhostname -Dhttps.proxyPort=8080 -DnoDeploy=true jgitflow:release-finish\n    ```\n\n    More info on jgitflow: http://jgitflow.bitbucket.org/\n5. Connect and log in to the OSS Nexus Repository Manager:\n    https://oss.sonatype.org/\n6. Go to Staging Profiles and select the pending repository authzforce-\\*...\n    you just uploaded with `jgitflow:release-finish`\n7. Click the Release button to release to Maven Central.\n8. When the artifacts have been successfully published on Maven Central, follow\n    the instructions in the\n    [Release section of fiware repository](https://github.com/authzforce/fiware/blob/master/README.md#release).\n9. Build and publish the Docker image:\n   ```shell\n     $ git checkout master\n     $ mvn clean package\n     $ cd dist/target\n     $ chmod +x release-docker.sh\n     $ ./release.sh\n   ```\n10. Update the versions in badges at the top of this file.\n11. Create a release on Github with a description based on the\n    [release description template](release.description.tmpl.md), replacing M/m/P\n    with the new major/minor/patch versions.\n\n## License\n\nThis project is licensed under the terms of GPL v3 except Java classes in\npackages `org.ow2.authzforce.webapp.org.apache.cxf.jaxrs.provider.json.utils`\nand `org.ow2.authzforce.webapp.org.codehaus.jettison.mapped` which are under\nApache License.\n\n[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fauthzforce%2Fserver.svg?type=large)](https://app.fossa.io/projects/git%2Bgithub.com%2Fauthzforce%2Fserver?ref=badge_large)\n\n### Are there any legal issues with GPL 3.0? Is it safe for me to use?\n\nThere is absolutely no problem in using a product licensed under GPL 3.0. Issues with GPL\n(or AGPL) licenses are mostly related with the fact that different people assign different\ninterpretations on the meaning of the term “derivate work” used in these licenses. Due to this,\nsome people believe that there is a risk in just _using_ software under GPL or AGPL licenses\n(even without _modifying_ it).\n\nFor the avoidance of doubt, the owners of this software licensed under an GPL 3.0 license\nwish to make a clarifying public statement as follows:\n\n\u003e Please note that software derived as a result of modifying the source code of this\n\u003e software in order to fix a bug or incorporate enhancements is considered a derivative\n\u003e work of the product. Software that merely uses or aggregates (i.e. links to) an otherwise\n\u003e unmodified version of existing software is not considered a derivative work, and therefore\n\u003e it does not need to be released as under the same license, or even released as open source.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fauthzforce%2Fserver","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fauthzforce%2Fserver","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fauthzforce%2Fserver/lists"}