You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@wicket.apache.org by Shawn McKinney <mc...@att.net> on 2014/10/08 19:32:47 UTC

Re: Demonstrate End-to-End Security Enforcement using Open Source Software & Wicket

On 08/20/2014 10:08 AM, Shawn McKinney wrote:
 > Notably missing from the material is theory or why these types of 
complex security mechanisms are necessary.  I'm working on that now and 
will publish it back here when ready.

Hello again, just now getting back to this thread....

***

The fortressdemo2 web app tutorial shows an apache wicket web app 
deployed inside of a tomcat container using both an ldap and db server. 
  It recommends various security layers for end-to-end security which is 
a 'defense in depth' approach.

The fortressdemo2 source code is here:

https://github.com/shawnmckinney/fortressdemo2

The fortress demo2 tutorial page has been moved to a new location:
https://symas.com/kb/demonstrate-end-to-end-security-enforcement-using-open-source/

and on this page are more links to:

a. static html javadoc (hosted on same server) containing instructions 
for actual fortressdemo2 tutorial installation.  The overview page of 
the javadoc describes how to download the example source code and how to 
generate documentation locally.

b. link to presentation given last week at JavaOne

The J1 deck contains two parts:
1. Overview of the security controls used within the fortressdemo2 web app.

2. Description of how to drop the fortressdemo2 (and its associated 
infrastructure) into a cloud foundry PaaS (presented by John Field)

Finally there is an abbreviated version of the slides containing the 
rationale for each layer by comparing to everyday situations:
https://symas.com/javadocs/fortressdemo2/doc-files/AnatomyOfSecureWebApp.pdf

We are donating this material to help others learn the proper way to 
security inside of web app envs.  So there will be less violations and 
breaches of our personal and business data - events that are seemingly 
commonplace today.

Suggestions or comments are welcome.

Thanks for your attention,

Shawn

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org