{"id":225,"date":"2015-08-11T17:44:20","date_gmt":"2015-08-11T17:44:20","guid":{"rendered":"http:\/\/ldapcon.org\/2015\/?page_id=225"},"modified":"2015-10-16T16:55:01","modified_gmt":"2015-10-16T16:55:01","slug":"tutorial-applying-end-to-end-security-across-a-java-web-environment-using-ldap-and-apache-fortress","status":"publish","type":"page","link":"https:\/\/ldapcon.org\/2015\/tutorials\/tutorial-applying-end-to-end-security-across-a-java-web-environment-using-ldap-and-apache-fortress\/","title":{"rendered":"Tutorial: Applying End-to-End Security Across a Java Web Environment Using LDAP and Apache Fortress"},"content":{"rendered":"<h1>Tutorial: Applying End-to-End Security Across a Java Web Environment Using LDAP and Apache Fortress<\/h1>\n<p>Shawn McKinney<\/p>\n<h2>Summary<\/h2>\n<p>This tutorial covers how to apply an end-to-end application security architecture featuring Apache<br \/>\nFortress and OpenLDAP. It will be divided into four 30 minute segments:<\/p>\n<ol>\n<li>Install security infrastructure: OpenLDAP and Apache Fortress.<\/li>\n<li>Deploy a simple Java Web app into Apache Tomcat. Get authentication and coarse-grained authorization enabled to control page access.<\/li>\n<li>Add fine-grained authorization to Web application controls (buttons, list boxes, &#8230;) and database functions (create, read, update, delete).<\/li>\n<li>Generate keys and certs, enable TLS to HTTP, LDAP and JDBC connections.<\/li>\n<\/ol>\n<p>The student will leave with understanding to apply proper security techniques to Web apps. A number of relevant standards including Java EE Security, Role-Based Access Controls (ANSI INCITS 359), Transport Level Security (TLS), and X.509 are followed. The sample code uses Java, but the techniques may be applied across many different platforms.<\/p>\n<h2>Prerequisites<\/h2>\n<ul>\n<li>All steps run on Debian machines running inside an IAAS cloud environment.<\/li>\n<li>Student should have some experience developing apps in Java and using containers like Apache Tomcat.<\/li>\n<li>Student should bring a PC or other device that can connect to the internet with a web browser and get to an ssh command prompt.<\/li>\n<\/ul>\n<h2>Outline<\/h2>\n<ol>\n<li>Complete Apache Fortress 10 Minute Guide<\/li>\n<li>Complete Apache Wicket Security Tutorial<\/li>\n<li>Complete Apache Fortress Demo<\/li>\n<li>Enable TLS for OpenLDAP, MySQL and Tomcat.<\/li>\n<li>Run Selenium automated unit tests.<\/li>\n<li>Run manual tests to verify security policy.<\/li>\n<\/ol>\n<h2>Course Material<\/h2>\n<p>This tutorial is based on a presentation that was given at JavaOne 2014 and ApacheCon North America 2015. The material that will be covered follows:<\/p>\n<ol>\n<li>Apache Fortress Ten Minute Guide:<br \/>\n\u25e6 <a href=\"https:\/\/directory.apache.org\/fortress\/gendocs\/latest\/apidocs\/org\/apache\/directory\/fortress\/core\/doc-files\/ten-minute-guide.html\">https:\/\/directory.apache.org\/fortress\/gendocs\/latest\/apidocs\/org\/apache\/directory\/fortress\/core\/doc-files\/ten-minute-guide.html<\/a><\/li>\n<li>Apache Fortress &amp; Wicket Example<br \/>\n\u25e6 <a href=\"https:\/\/github.com\/shawnmckinney\/wicket-sample\">https:\/\/github.com\/shawnmckinney\/wicket-sample<\/a><\/li>\n<li>Apache Fortress End-to-End Tutorial<br \/>\n\u25e6 <a href=\"https:\/\/github.com\/shawnmckinney\/apache-fortress-demo\">https:\/\/github.com\/shawnmckinney\/apache-fortress-demo<\/a><\/li>\n<\/ol>\n<h2>Biography<\/h2>\n<p>System Architect at Symas. Member of the OpenLDAP Engineering Team. Apache Directory PMC.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Tutorial: Applying End-to-End Security Across a Java Web Environment Using LDAP and Apache Fortress Shawn McKinney Summary This tutorial covers how to apply an end-to-end application security architecture featuring Apache Fortress and OpenLDAP. It will be divided into four 30&#8230; <a class=\"read-more-button\" href=\"https:\/\/ldapcon.org\/2015\/tutorials\/tutorial-applying-end-to-end-security-across-a-java-web-environment-using-ldap-and-apache-fortress\/\">(READ MORE)<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"parent":128,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"template-without-title.php","meta":{"footnotes":""},"class_list":["post-225","page","type-page","status-publish","hentry"],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ldapcon.org\/2015\/wp-json\/wp\/v2\/pages\/225","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ldapcon.org\/2015\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/ldapcon.org\/2015\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/ldapcon.org\/2015\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ldapcon.org\/2015\/wp-json\/wp\/v2\/comments?post=225"}],"version-history":[{"count":3,"href":"https:\/\/ldapcon.org\/2015\/wp-json\/wp\/v2\/pages\/225\/revisions"}],"predecessor-version":[{"id":362,"href":"https:\/\/ldapcon.org\/2015\/wp-json\/wp\/v2\/pages\/225\/revisions\/362"}],"up":[{"embeddable":true,"href":"https:\/\/ldapcon.org\/2015\/wp-json\/wp\/v2\/pages\/128"}],"wp:attachment":[{"href":"https:\/\/ldapcon.org\/2015\/wp-json\/wp\/v2\/media?parent=225"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}