Re: Demonstrate End-to-End Security Enforcement using Open Source Software Wicket
On 08/20/2014 10:08 AM, Shawn McKinney wrote: Notably missing from the material is theory or why these types of complex security mechanisms are necessary. I'm working on that now and will publish it back here when ready. Hello again, just now getting back to this thread *** The fortressdemo2 web app tutorial shows an apache wicket web app deployed inside of a tomcat container using both an ldap and db server. It recommends various security layers for end-to-end security which is a 'defense in depth' approach. The fortressdemo2 source code is here: https://github.com/shawnmckinney/fortressdemo2 The fortress demo2 tutorial page has been moved to a new location: https://symas.com/kb/demonstrate-end-to-end-security-enforcement-using-open-source/ and on this page are more links to: a. static html javadoc (hosted on same server) containing instructions for actual fortressdemo2 tutorial installation. The overview page of the javadoc describes how to download the example source code and how to generate documentation locally. b. link to presentation given last week at JavaOne The J1 deck contains two parts: 1. Overview of the security controls used within the fortressdemo2 web app. 2. Description of how to drop the fortressdemo2 (and its associated infrastructure) into a cloud foundry PaaS (presented by John Field) Finally there is an abbreviated version of the slides containing the rationale for each layer by comparing to everyday situations: https://symas.com/javadocs/fortressdemo2/doc-files/AnatomyOfSecureWebApp.pdf We are donating this material to help others learn the proper way to security inside of web app envs. So there will be less violations and breaches of our personal and business data - events that are seemingly commonplace today. Suggestions or comments are welcome. Thanks for your attention, Shawn - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Demonstrate End-to-End Security Enforcement using Open Source Software Wicket
Hi, I am not able to find the tutorial ... :-/ At http://iamfortress.org/FortressDemo2 there is only a diagram. At the bottom there is a link to the Javadocs of the application. But I cannot find the tutorial. Martin Grigorov Wicket Training and Consulting https://twitter.com/mtgrigorov On Mon, Aug 18, 2014 at 6:32 AM, Shawn McKinney mckinney-sh...@att.net wrote: Posting another security tutorial featuring an Apache Wicket Web sample application. This one provides end-to-end security coverage: http://iamfortress.org/FortressDemo2 - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Demonstrate End-to-End Security Enforcement using Open Source Software Wicket
On 08/20/2014 08:01 AM, Martin Grigorov wrote: I am not able to find the tutorial ... :-/ Athttp://iamfortress.org/FortressDemo2 there is only a diagram. At the bottom there is a link to the Javadocs of the application. But I cannot find the tutorial. The steps are contained within the javadoc's overview-summary.html page which lists the sections required to install and run the security demo. The javadoc is generated from the fortress demo2 source bundle located here: https://github.com/shawnmckinney/fortressdemo2 The README contains instructions for generating javadoc so you may have an offline copy: https://github.com/shawnmckinney/fortressdemo2/blob/master/README.txt
Re: Demonstrate End-to-End Security Enforcement using Open Source Software Wicket
OK. Thanks! Martin Grigorov Wicket Training and Consulting https://twitter.com/mtgrigorov On Wed, Aug 20, 2014 at 5:39 PM, Shawn McKinney mckinney-sh...@att.net wrote: On 08/20/2014 08:01 AM, Martin Grigorov wrote: I am not able to find the tutorial ... :-/ Athttp://iamfortress.org/FortressDemo2 there is only a diagram. At the bottom there is a link to the Javadocs of the application. But I cannot find the tutorial. The steps are contained within the javadoc's overview-summary.html page which lists the sections required to install and run the security demo. The javadoc is generated from the fortress demo2 source bundle located here: https://github.com/shawnmckinney/fortressdemo2 The README contains instructions for generating javadoc so you may have an offline copy: https://github.com/shawnmckinney/fortressdemo2/blob/master/README.txt
Re: Demonstrate End-to-End Security Enforcement using Open Source Software Wicket
Notably missing from the material is theory or why these types of complex security mechanisms are necessary. I'm working on that now and will publish it back here when ready. On 08/20/2014 09:43 AM, Martin Grigorov wrote: OK. Thanks! Martin Grigorov Wicket Training and Consulting https://twitter.com/mtgrigorov On Wed, Aug 20, 2014 at 5:39 PM, Shawn McKinney mckinney-sh...@att.net wrote: On 08/20/2014 08:01 AM, Martin Grigorov wrote: I am not able to find the tutorial ... :-/ Athttp://iamfortress.org/FortressDemo2 there is only a diagram. At the bottom there is a link to the Javadocs of the application. But I cannot find the tutorial. The steps are contained within the javadoc's overview-summary.html page which lists the sections required to install and run the security demo. The javadoc is generated from the fortress demo2 source bundle located here: https://github.com/shawnmckinney/fortressdemo2 The README contains instructions for generating javadoc so you may have an offline copy: https://github.com/shawnmckinney/fortressdemo2/blob/master/README.txt - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Demonstrate End-to-End Security Enforcement using Open Source Software Wicket
Very interesting, thank you! Posting another security tutorial featuring an Apache Wicket Web sample application. This one provides end-to-end security coverage: http://iamfortress.org/FortressDemo2 - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
