You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fortress@directory.apache.org by Shawn McKinney <sm...@apache.org> on 2015/01/27 16:13:46 UTC
Apache Fortress end-to-end security tutorial
Hello (Ritika),
I have recently added this project to my github:
https://github.com/shawnmckinney/apache-fortress-demo
To use, pull down a snapshot of the source from the link above, and follow the instructions under the readme to generate the javadoc. The javadoc contains the actual steps that need to be followed.
The purpose of this security tutorial is twofold:
1. To demonstrate techniques for applying end-to-end security to an apache wicket java web application (running in tomcat) along with its corresponding mysql database. This includes access controls applied in JavaEE, Spring, Web and Database frameworks. It also includes instuctions for using encryption of network resources using JSSE.
2. Provide instructions to install, configure, test and run apache directory fortress infrastruture including: a. fortress core (API), b. fortress realm (Java EE security plugin), c. fortress web (UI), apache directory and apache directory studio.
One word of caution:
The tutorial is experimental and does not completely cover all of the necessary steps - in particular the section(s) on apache directory and studio installation and configuration. When you encounter problems with any of the steps in this tutorial, you may post your questions here, and the corresponding instructions will get corrected as we go.
This will have the benefit for others that follow.
Thanks in advance for your interest and participation,
Shawn
Re: Apache Fortress end-to-end security tutorial
Posted by Shawn McKinney <sm...@apache.org>.
On 01/27/2015 09:13 AM, Shawn McKinney wrote:
> The purpose of this security tutorial is twofold:
>
> 1. To demonstrate techniques for applying end-to-end security to an apache wicket java web application (running in tomcat) along with its corresponding mysql database. This includes access controls applied in JavaEE, Spring, Web and Database frameworks. It also includes instuctions for using encryption of network resources using JSSE.
>
> 2. Provide instructions to install, configure, test and run apache directory fortress infrastruture including: a. fortress core (API), b. fortress realm (Java EE security plugin), c. fortress web (UI), apache directory and apache directory studio.
To just do #2 (bypassing the end-to-end security tutorial): you may omit these steps:
Section I. Heartbleed Bug
Section II. Managing PKI Keys
Section III. Set Hostname Entry
Section VI - Install MySQL