You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by bu...@apache.org on 2017/05/10 01:55:37 UTC
svn commit: r1011984 - in /websites/staging/directory/trunk/content: ./
fortress/installation.html fortress/overview.html fortress/testimonials.html
Author: buildbot
Date: Wed May 10 01:55:36 2017
New Revision: 1011984
Log:
Staging update by buildbot for directory
Modified:
websites/staging/directory/trunk/content/ (props changed)
websites/staging/directory/trunk/content/fortress/installation.html
websites/staging/directory/trunk/content/fortress/overview.html
websites/staging/directory/trunk/content/fortress/testimonials.html
Propchange: websites/staging/directory/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Wed May 10 01:55:36 2017
@@ -1 +1 @@
-1794489
+1794668
Modified: websites/staging/directory/trunk/content/fortress/installation.html
==============================================================================
--- websites/staging/directory/trunk/content/fortress/installation.html (original)
+++ websites/staging/directory/trunk/content/fortress/installation.html Wed May 10 01:55:36 2017
@@ -173,7 +173,7 @@ h2:hover > .headerlink, h3:hover > .head
<ul>
<li><a href="https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-APACHEDS.md">README-QUICKSTART-APACHEDS.md</a> - Install Core for use with APACHEDS</li>
<li><a href="https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-SLAPD.md">README-QUICKSTART-SLAPD.md</a> - Install Core for use with OPENLDAP</li>
-<li><a href="https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-DOCKER-SLAPD.md">README-QUICKSTART-SLAPD.md</a> - Install Core for use with OPENLDAP running inside DOCKER</li>
+<li><a href="https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-DOCKER-SLAPD.md">README-QUICKSTART-DOCKER-SLAPD.md</a> - Install Core for use with OPENLDAP running inside DOCKER</li>
<li><a href="https://github.com/apache/directory-fortress-realm/blob/master/REALM-HOST-SETUP.md">REALM-HOST-SETUP.md</a> - Configure Tomcat Global Security using Realm</li>
<li><a href="https://github.com/apache/directory-fortress-realm/blob/master/REALM-CONTEXT-SETUP.md">REALM-CONTEXT-SETUP.md</a> - Configure Tomcat Local Security using Realm</li>
<li><a href="https://github.com/apache/directory-fortress-enmasse/blob/master/README-QUICKSTART.md">README-QUICKSTART.md</a> - Install Fortress Rest to Tomcat</li>
Modified: websites/staging/directory/trunk/content/fortress/overview.html
==============================================================================
--- websites/staging/directory/trunk/content/fortress/overview.html (original)
+++ websites/staging/directory/trunk/content/fortress/overview.html Wed May 10 01:55:36 2017
@@ -184,7 +184,7 @@ h2:hover > .headerlink, h3:hover > .head
<ul>
<li><a href="https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-APACHEDS.md">README-QUICKSTART-APACHEDS.md</a> - Install Core for use with APACHEDS</li>
<li><a href="https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-SLAPD.md">README-QUICKSTART-SLAPD.md</a> - Install Core for use with OPENLDAP</li>
-<li><a href="https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-DOCKER-SLAPD.md">README-QUICKSTART-SLAPD.md</a> - Install Core for use with OPENLDAP running inside DOCKER</li>
+<li><a href="https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-DOCKER-SLAPD.md">README-QUICKSTART-DOCKER-SLAPD.md</a> - Install Core for use with OPENLDAP running inside DOCKER</li>
<li><a href="https://github.com/apache/directory-fortress-realm/blob/master/REALM-HOST-SETUP.md">REALM-HOST-SETUP.md</a> - Configure Tomcat Global Security using Realm</li>
<li><a href="https://github.com/apache/directory-fortress-realm/blob/master/REALM-CONTEXT-SETUP.md">REALM-CONTEXT-SETUP.md</a> - Configure Tomcat Local Security using Realm</li>
<li><a href="https://github.com/apache/directory-fortress-enmasse/blob/master/README-QUICKSTART.md">README-QUICKSTART.md</a> - Install Fortress Rest to Tomcat</li>
Modified: websites/staging/directory/trunk/content/fortress/testimonials.html
==============================================================================
--- websites/staging/directory/trunk/content/fortress/testimonials.html (original)
+++ websites/staging/directory/trunk/content/fortress/testimonials.html Wed May 10 01:55:36 2017
@@ -175,7 +175,7 @@ h2:hover > .headerlink, h3:hover > .head
<p>This document contains an overview for combining a CAS-based SSO module with fortress-based authorization, using a declarative URL filtering mechanism. </p>
<h3 id="detailed-description-of-the-project">Detailed description of the project<a class="headerlink" href="#detailed-description-of-the-project" title="Permanent link">¶</a></h3>
<p>I created this solution a few years ago because at the time I was looking for an IAM and SSO solution, and there were no open source solutions that provided everything that I needed.</p>
-<p>Basically, the idea was, I needed a framework where the developer didn't have to programmatically add authorization calls to their code, or use annotations, or any other kind of âif conditionâ statement. With this solution, I can have a declarative mechanism that is still capable of making advanced dynamic authorization decisions, even if the user hasn't been logged in before or has any of the proper roles activated to their session. I can do this because I control the authorization and it has been centralized in the server, and that server can activate whatever user roles needed to to allow access to the runtime environment.</p>
+<p>Basically, the idea was, I needed a framework where the developer didn't have to programmatically add authorization calls to their code, or use annotations, or any other kind of <em>if condition</em> statement. With this solution, I can have a declarative mechanism that is still capable of making advanced dynamic authorization decisions, even if the user hasn't been logged in before or has any of the proper roles activated to their session. I can do this because I control the authorization and it has been centralized in the server, and that server can activate whatever user roles needed to to allow access to the runtime environment.</p>
<p>I searched all available open source solutions and finally decided to combine Apereo CAS and Apache Fortress into a single solution. Apereo CAS does the authentication and Apache Fortress will handle authorization.</p>
<p>I went this route because Apereo CAS is very good way to handle the Single Sign-On and Single Sign-Out problems, but it lacks authorization capabilities, because there aren't standardized solutions in that space yet. Apache Fortress is good at authorization because it uses standard RBAC. However, Apache Fortress doesn't have an SSO solution yet. That is why I think both should be combined because they complement each other. Unfortunately, there aren't yet good documentation resources available to combine these which is why I created this one, so other developers can follow my team's lead and make their life easier by providing good security for their webapps.</p>
<p>The solution I present to you here has operated successfully inside production environments since 2015 and so it's quite mature. I write this how-to document to explain how it works. It's intended as a guide for you to follow as well.</p>