You are viewing a plain text version of this content. The canonical link for it is here.

Posted to fortress@directory.apache.org by Shawn McKinney <sm...@apache.org> on 2015/01/27 16:13:46 UTC

Apache Fortress end-to-end security tutorial

Hello (Ritika),

I have recently added this project to my github:

https://github.com/shawnmckinney/apache-fortress-demo

To use, pull down a snapshot of the source from the link above, and follow the instructions under the readme to generate the javadoc.  The javadoc contains the actual steps that need to be followed.

The purpose of this security tutorial is twofold:

1. To demonstrate techniques for applying end-to-end security to an apache wicket java web application (running in tomcat) along with its corresponding mysql database.  This includes access controls applied in JavaEE, Spring, Web and Database frameworks.  It also includes instuctions for using encryption of network resources using JSSE.

2. Provide instructions to install, configure, test and run apache directory fortress infrastruture including: a. fortress core (API), b. fortress realm (Java EE security plugin), c. fortress web (UI), apache directory and apache directory studio.

One word of caution:  

The tutorial is experimental and does not completely cover all of the necessary steps - in particular the section(s) on apache directory and studio installation and configuration.  When you encounter problems with any of the steps in this tutorial, you may post your questions here, and the corresponding instructions will get corrected as we go.

This will have the benefit for others that follow.

Thanks in advance for your interest and participation,

Shawn

Re: Apache Fortress end-to-end security tutorial

Posted by Shawn McKinney <sm...@apache.org>.

On 01/27/2015 09:13 AM, Shawn McKinney wrote:
> The purpose of this security tutorial is twofold:
> 
> 1. To demonstrate techniques for applying end-to-end security to an apache wicket java web application (running in tomcat) along with its corresponding mysql database.  This includes access controls applied in JavaEE, Spring, Web and Database frameworks.  It also includes instuctions for using encryption of network resources using JSSE.
> 
> 2. Provide instructions to install, configure, test and run apache directory fortress infrastruture including: a. fortress core (API), b. fortress realm (Java EE security plugin), c. fortress web (UI), apache directory and apache directory studio.

To just do #2 (bypassing the end-to-end security tutorial): you may omit these steps:

    Section I. Heartbleed Bug
    Section II. Managing PKI Keys
    Section III. Set Hostname Entry
    Section VI - Install MySQL