Hello, Thank you for the prompt reply. I will find some time to work on the code and post my findings in an article/code sample.
Regards, On 02.05.2016 16:24, Shawn McKinney wrote: > >> On May 1, 2016, at 5:08 PM, Ioan Eugen Stan <[email protected]> wrote: >> >> I am working on a SaaS project and of course we need proper security. >> Right now we are using our built in solution but I know in the future we >> will need more features and a better tool. As far as I have read Fortress >> fits the bill. >> >> However we use vertx.io and spring for networking and don't use Servlets or >> JavaEE . Can I use Fortress to manage Identities? >> > > Hello Stan, welcome! > > Fortress does not depend on servlets, spring or any other javaEE technologies. > >> >> On May 1, 2016, at 5:08 PM, Ioan Eugen Stan <[email protected]> wrote: >> >> >> How would I go about doing it? > > You can either invoke the apis directly (if your app is Java) or call the > rest APIs, if on some other platform. Typically when we’re securing apps, we > look at these apis: > > 1. createSession > 2. checkAccess > > if your app is a web or gui and you have lots of permissions to check per > page, you might use this api: > > 3. sessionPermissions > > which pulls all perms for that user and allows you to cache then for faster > response times. > > How you code is up to you. Typically I favor declarative security which > means the programmer doesn’t have to worry about calling apis in their code > rather the ‘container’ the app runs in calls the apis for them. This is > where technologies like Java EE or spring security come in. > > There are some samples out there that show ways to invoke the apis. The > simplest one is here: > https://github.com/shawnmckinney/wicket-sample > > while this code sample uses Java EE security, again it isn’t required. Take > a look at the pages, Page1, Page2, Page3. Here there is a wrapper for the > wicket ajax button that calls the apis before it renders to page, or allows > user to click on them. > > You can also look at this coding sample which shows you how to invoke the > apis I mentioned above: > https://github.com/apache/directory-fortress-core/blob/master/src/test/java/org/apache/directory/fortress/core/samples/AccessMgrSample.java > > The main thing to keep in mind, you call createSession in the beginning (at > same time user authenticates), and hold onto the transient ‘session’ object > that is returned because it’s needed for authZ (checkAccess, > sessionPermissions). > > It can get more complicated than that, but for starters, this is close enough. > > Good luck! > > Shawn >
