Skip navigation links

Apache Fortress Demo 2.0.2

See: Description

Package Description
This package contains the Fortress Sample Web Demo Application.
This package contains the Fortress Sample Web Demo Application Data Access Objects.

Demo Overview

The tutorial provides a how-to guide for applying end-to-end security enforcement across a sample Java Web environment. Security concerns covered are authentication, authorization, confidentiality and audit trail. Both declarative and programmatic enforcement controls will be used.

More info here: The Anatomy of a Secure Web App


  1. Debian or Redhat Linux machine with OpenSSL installed
  2. Java 8 SDK installed.
  3. Git installed.
  4. Apache Maven 3 installed.
  5. Firefox Web Browser
  6. Setup of LDAP server by completing the the Apache Fortress Core Integration Tests in either of these two quickstarts: Pick One:
    1. ApacheDS: README-QUICKSTART-APACHEDS sections 2,3 & 4
    2. OpenLDAP: README-QUICKSTART-SLAPD sections 2 and 3

Demo Installation Instructions

Tutorial installation requires completion of these sections:

Demo Security Architecture Overview

The following block diagram illustrates the layered approach used to enforce security in this tutorial:

Getting Started - Generating the tutorial's how-to guide

This tutorial uses javadoc that is contained within the apache-fortress-demo web application. To generate, follow these instructions:
  1. Download and extract bundle:apache-fortress-demo source bundle from GitHub

    Or clone:

    git clone

  2. Change directory into the project:

    cd apache-fortress-demo

  3. Set java and maven home

  4. Build the javadoc for this package:

    mvn javadoc:javadoc

  5. Point your web browser to the javadoc: file:///[apache-fortress-demo]//target/site/apidocs/overview-summary.html.

  6. Complete the sections under Demo Installation Instructions section

Infrastructure Installed During this Tutorial

  1. MySQL Database Manager

Infrastructure Configured During this Tutorial

  1. Apache Tomcat Servlet Container
  2. Apache Directory Server
  3. Apache Fortress Core

Security Functions Covered

This sample Web application shows how-to do the following:
  1. Java EE Authentication with UserId and Password
  2. Java EE Coarse-grained Authorization using Roles
  3. Spring Coarse-grained Page Authorization using Roles
  4. Medium-grained Authorization inside Web Framework using RBAC Roles and Permissions
  5. Fine-grained Authorization inside Data Access Objects using RBAC Permissions
  6. HTTPS Confidentiality
  7. LDAP v3 Confidentiality
  8. JDBC Confidentiality

These concepts apply to other Web application infrastructure configurations. If you find security flaws, or have questions about Apache Fortress, submit to Apache Fortress Discussion list.
Skip navigation links

This is free and unencumbered software released into the public domain. Generated 2018-09-13T14:58:52Z.