The Anatomy of a Secure Web Application Using Java EE, Spring Security and Apache Directory Fortress

The Java EE architecture provides the necessary enablement but most developers do not have the time or the training to take full advantage of what it has to offer. This technical session describes and demos an end-to-end application security architecture for an Apache Wicket Web app running in Tomcat. It includes practical, hands-on guidance to properly implementing authentication, authorization, and confidentiality controls using Java EE, Spring and Apache Directory Fortress. In addition to finding out where the security controls must be placed and why, attendees will be provided with code they can use to kick-start their own highly secure Java web applications using Apache products and a few tricks. 

Anyone who is interested in how to provide end-to-end security for Java web applications. The session's tutorial focuses on using Apache Wicket and Fortress but the techniques may be applied across any Java web and security frameworks. 

Attendees benefit by understanding security requirements. They will be provided a tutorial to satisfy the requirements using available open source tools. But the biggest benefit will be to the users. Techniques learned here will safeguard their electronic assets. 

Basic understanding of Java web and security concepts like authentication, authorization and encryption.