You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by bu...@apache.org on 2017/05/07 18:19:17 UTC

svn commit: r1011813 - in /websites/staging/directory/trunk/content: ./ fortress/testimonials.html

Author: buildbot
Date: Sun May  7 18:19:17 2017
New Revision: 1011813

Log:
Staging update by buildbot for directory

Modified:
    websites/staging/directory/trunk/content/   (props changed)
    websites/staging/directory/trunk/content/fortress/testimonials.html

Propchange: websites/staging/directory/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Sun May  7 18:19:17 2017
@@ -1 +1 @@
-1794243
+1794249

Modified: websites/staging/directory/trunk/content/fortress/testimonials.html
==============================================================================
--- websites/staging/directory/trunk/content/fortress/testimonials.html (original)
+++ websites/staging/directory/trunk/content/fortress/testimonials.html Sun May  7 18:19:17 2017
@@ -172,11 +172,11 @@ h2:hover > .headerlink, h3:hover > .head
 <h2 id="credits">Credits<a class="headerlink" href="#credits" title="Permanent link">&para;</a></h2>
 <p>This work was contributed by Yudhi Karunia Surtan of PT. Global Digital Niaga (blibli.com).  Thanks to him and his team for their efforts in helping others use Fortress.</p>
 <h2 id="introduction">Introduction<a class="headerlink" href="#introduction" title="Permanent link">&para;</a></h2>
-<p>This document contains an overview of the URL filtering mechanism.</p>
+<p>This document contains an overview for combining a CAS-based SSO module with fortress-based authorization, using a declarative URL filtering mechanism. </p>
 <h3 id="detailed-description-of-the-project">Detailed description of the project<a class="headerlink" href="#detailed-description-of-the-project" title="Permanent link">&para;</a></h3>
-<p>I created this solution because at the time I was looking an IAM and SSO solution, and there were no open source solution to provide everything that I required.</p>
-<p>Basically, the idea is, I wanted to have a framework where the developer doesn't need to programmatically make authorization calls, use annotation or any other kind of “if condition” statements, in their code. With this solution, I'm can have a declarative mechanism capable of dynamic authorization decisions, even if the user hasn't been logged in or has the the proper role activated.  This is because the authorization has been centralized at the server and that server can activate and deactivate user roles that are needed to access the runtime environment.</p>
-<p>I searched across all available open source solutions and finally decided to use Apereo CAS and Apache Fortress as the combined solution. Apereo CAS does the authentication and Apache Fortress will handle the authorization.</p>
+<p>I created this solution a few years ago because at the time I was looking for an IAM and SSO solution, and there were no open source solutions that provided everything that I needed.</p>
+<p>Basically, the idea was, I needed a framework where the developer didn't have to programmatically add authorization calls to their code, or use annotations, or any other kind of “if condition” statement. With this solution, I can have a declarative mechanism that is still capable of making advanced dynamic authorization decisions, even if the user hasn't been logged in before or has any of the proper roles activated to their session.  I can do this because I control the authorization and it has been centralized in the server, and that server can activate whatever user roles needed to to allow access to the runtime environment.</p>
+<p>I searched across all available open source solutions and finally decided to combine Apereo CAS and Apache Fortress into a single solution. Apereo CAS does the authentication and Apache Fortress will handle authorization.</p>
 <p>Apereo CAS is very good way to handle the Single Sign-On and Single Sign-Out problems, on the other hand it lacks authorization capaibilities because there aren't standardized solutions for authorization in that space yet. Apache Fortress is good at authorization because it uses standard RBAC. However, Apache Fortress doesn't have an SSO solution yet. That is why I think both should be combined because they complement each other.  Unfortunately, there aren't yet good documentation resources available to combine these which is why I figured I needed to create this, so other developers can follow my team's lead and make their life easier provding good security for their webapps.</p>
 <p>The solution I present to you here has operated successfully inside production environments since 2015 and so we have maintained it for almost 2 years now and it's quite mature.  I write this documentation to describe how it works and it's intended as something you should try as well.</p>
 <p>Here are the technologies stack used within my extended framework: