Apache Fortress
   HOME

TheInfoList



Click Here for Items Related To - Apache Fortress
OR:
Apache Fortress on:   [Wikipedia]   [Google]   [Amazon]

Apache Fortress is an
open source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use the source code, design documents, or content of the product. The open-source model is a decentralized sof ...
project of the
Apache Software Foundation The Apache Software Foundation (ASF) is an American nonprofit corporation (classified as a 501(c)(3) organization in the United States) to support a number of open source software projects. The ASF was formed from a group of developers of the A ...
and a subproject of the
Apache Directory Apache Directory is an open source project of the Apache Software Foundation. The Apache Directory Server, originally written by Alex Karasulu, is an embeddable directory server entirely written in Java. It was certified LDAPv3-compatible by The O ...
. It is an
authorization Authorization or authorisation (see spelling differences) is the function of specifying access rights/privileges to resources, which is related to general information security and computer security, and to access control in particular. More for ...
system, written in
Java Java (; id, Jawa, ; jv, ꦗꦮ; su, ) is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea to the north. With a population of 151.6 million people, Java is the world's List ...
, that provides
role-based access control In computer systems security, role-based access control (RBAC) or role-based security is an approach to restricting system access to authorized users. It is an approach to implement mandatory access control (MAC) or discretionary access control ( ...
, delegated administration and
password policy A password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly. A password policy is often part of an organization's official regulations and may be taught as part o ...
using an
LDAP The Lightweight Directory Access Protocol (LDAP ) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory servi ...
backend. Standards implemented: * Role-Based Access Control (RBAC) ANSI INCITS 359 * Administrative Role-Based Access Control (ARBAC02) * IETF Password Policy (draft) *Unix Users and Groups (RFC2307) Fortress has four separate components: * Core - A set of security authorization APIs. * Realm - A
Web Container A web container (also known as a servlet container; and compare "webcontainer" ) is the component of a web server that interacts with Jakarta Servlets. A web container is responsible for managing the lifecycle of servlets, mapping a URL to a par ...
plug-in that provides security for the
Apache Tomcat Apache Tomcat (called "Tomcat" for short) is a free and open-source implementation of the Jakarta Servlet, Jakarta Expression Language, and WebSocket technologies. It provides a "pure Java" HTTP web server environment in which Java code can also ...
container. * Rest -
HTTP The Hypertext Transfer Protocol (HTTP) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, ...
protocol wrappers of core APIs using
Apache CXF Apache CXF is an open source software project developing a Web services framework. It originated as the combination of Celtix developed by IONA Technologies and XFire developed by a team hosted at Codehaus in 2006. These two projects were combin ...
. * Web -
HTML The HyperText Markup Language or HTML is the standard markup language for documents designed to be displayed in a web browser. It can be assisted by technologies such as Cascading Style Sheets (CSS) and scripting languages such as JavaScri ...
pages of core APIs using
Apache Wicket Apache Wicket, commonly referred to as Wicket, is a component-based web application framework for the Java programming language conceptually similar to JavaServer Faces and Tapestry. It was originally written by Jonathan Locke in April 2004. Ver ...
.


History

Fortress was first contributed in 2011 to the
OpenLDAP OpenLDAP is a free, open-source implementation of the Lightweight Directory Access Protocol (LDAP) developed by the OpenLDAP Project. It is released under its own BSD-style license called the OpenLDAP Public License. LDAP is a platform-independe ...
Foundation and moved to the Apache Directory project in 2014.


Releases


API

Fortress provides security functions via APIs corresponding to the standards implemented. For example, it
RBAC API
design mimics the functional specifications of ANSI INCITS 359 with function names, entities being the same.


References


External links


Apache Fortress Project Pagepy-fortress on PyPI
Fortress A fortification is a military construction or building designed for the defense of territories in warfare, and is also used to establish rule in a region during peacetime. The term is derived from Latin ''fortis'' ("strong") and ''facere'' ...
Directory services Access control {{security-software-stub