The Java EE architecture provides the necessary enablement but most developers do not have the time or the training to take full advantage of what it has to offer. This technical session describes and demos an end-to-end application security architecture for an Apache Wicket Web app running in Tomcat. It includes practical, hands-on guidance to properly implementing authentication, authorization, and confidentiality controls using Java EE, Spring and Apache Directory Fortress. In addition to finding out where the security controls must be placed and why, attendees will be provided with code they can use to kick-start their own highly secure Java web applications using Apache products and a few tricks.
Over twenty-five years as software developer and architect. Most of that time specializing in software security. Started an open source project called Fortress.
