On 08/20/2014 10:08 AM, Shawn McKinney wrote:
> Notably missing from the material is theory or why these types of complex security mechanisms are necessary. I'm working on that now and will publish it back here when ready.

Hello again, just now getting back to this thread....

***

The fortressdemo2 web app tutorial shows an apache wicket web app deployed inside of a tomcat container using both an ldap and db server. It recommends various security layers for end-to-end security which is a 'defense in depth' approach.

The fortressdemo2 source code is here:

https://github.com/shawnmckinney/fortressdemo2

The fortress demo2 tutorial page has been moved to a new location:
https://symas.com/kb/demonstrate-end-to-end-security-enforcement-using-open-source/

and on this page are more links to:

a. static html javadoc (hosted on same server) containing instructions for actual fortressdemo2 tutorial installation. The overview page of the javadoc describes how to download the example source code and how to generate documentation locally.

b. link to presentation given last week at JavaOne

The J1 deck contains two parts:
1. Overview of the security controls used within the fortressdemo2 web app.

2. Description of how to drop the fortressdemo2 (and its associated infrastructure) into a cloud foundry PaaS (presented by John Field)

Finally there is an abbreviated version of the slides containing the rationale for each layer by comparing to everyday situations:
https://symas.com/javadocs/fortressdemo2/doc-files/AnatomyOfSecureWebApp.pdf

We are donating this material to help others learn the proper way to security inside of web app envs. So there will be less violations and breaches of our personal and business data - events that are seemingly commonplace today.

Suggestions or comments are welcome.

Thanks for your attention,

Shawn

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Reply via email to