The Anatomy of a Secure Web Application in Java Using Spring Security and Apache Fortress
John Tumminaro, Shawn McKinney at AppSec USA 2018
The Jakarta EE architecture provides the necessary enablement but most developers do not have the time or the training to take full advantage of what it has to offer. This technical session describes and demos an end-to-end application security architecture for an Apache Wicket Web app running in Tomcat. It includes practical, hands-on guidance to properly implementing authentication, authorization, and confidentiality controls using Java, Spring and Apache Fortress controls. In addition to finding out where the security controls must be placed and why, attendees will be provided with code they can use to kick-start their own highly secure Java web applications using Apache products and a few tricks.
Speakers
Shawn McKinney
Software Architect, Symas
Over twenty-five years as software developer and architect. Most of that time specializing in software security. Started an open source project called Fortress.
John Tumminaro
VP Technology, GlobalLogic
Passionate Enterprise & Security Architect. Experience/Roles include CTO, Chief Architect, Enterprise Architect, Security Architect & Solution Architect. Areas of specialty include: Transactional/BigData Systems, Integration, Performance/Scale/Resilience, Global Deployment, Cloud
Speakers
Shawn McKinney
Software Architect, Symas
Over twenty-five years as software developer and architect. Most of that time specializing in software security. Started an open source project called Fortress.
John Tumminaro
VP Technology, GlobalLogic
Passionate Enterprise & Security Architect. Experience/Roles include CTO, Chief Architect, Enterprise Architect, Security Architect & Solution Architect. Areas of specialty include: Transactional/BigData Systems, Integration, Performance/Scale/Resilience, Global Deployment, Cloud