You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by Shawn McKinney <mc...@att.net> on 2014/10/08 19:32:47 UTC
Re: Demonstrate End-to-End Security Enforcement using Open Source
Software & Wicket
On 08/20/2014 10:08 AM, Shawn McKinney wrote:
> Notably missing from the material is theory or why these types of
complex security mechanisms are necessary. I'm working on that now and
will publish it back here when ready.
Hello again, just now getting back to this thread....
***
The fortressdemo2 web app tutorial shows an apache wicket web app
deployed inside of a tomcat container using both an ldap and db server.
It recommends various security layers for end-to-end security which is
a 'defense in depth' approach.
The fortressdemo2 source code is here:
https://github.com/shawnmckinney/fortressdemo2
The fortress demo2 tutorial page has been moved to a new location:
https://symas.com/kb/demonstrate-end-to-end-security-enforcement-using-open-source/
and on this page are more links to:
a. static html javadoc (hosted on same server) containing instructions
for actual fortressdemo2 tutorial installation. The overview page of
the javadoc describes how to download the example source code and how to
generate documentation locally.
b. link to presentation given last week at JavaOne
The J1 deck contains two parts:
1. Overview of the security controls used within the fortressdemo2 web app.
2. Description of how to drop the fortressdemo2 (and its associated
infrastructure) into a cloud foundry PaaS (presented by John Field)
Finally there is an abbreviated version of the slides containing the
rationale for each layer by comparing to everyday situations:
https://symas.com/javadocs/fortressdemo2/doc-files/AnatomyOfSecureWebApp.pdf
We are donating this material to help others learn the proper way to
security inside of web app envs. So there will be less violations and
breaches of our personal and business data - events that are seemingly
commonplace today.
Suggestions or comments are welcome.
Thanks for your attention,
Shawn
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org