|author||Shawn McKinney <email@example.com>||Thu Jul 21 07:26:55 2022 -0500|
|committer||Shawn McKinney <firstname.lastname@example.org>||Thu Jul 21 07:26:55 2022 -0500|
Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the “License”); you may not use this file except in compliance with the License. You may obtain a copy of the License at
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
This document contains instructions to download and install the Apache Fortress Realm. SECTION 3 contains steps to get it working with Apache Tomcat.
Role-Based Access Control security provider to Apache Tomcat.
Uses Apache Tomcat Realm Interface
Declarative controls for authentication & coarse-grained authorization (role check)
Minimum hardware requirements:
Minimum software requirements (to build):
a. from git:
git clone --branch 2.0.8 https://gitbox.apache.org/repos/asf/directory-fortress-realm.git cd directory-fortress-realm
b. or download package:
wget http://www.apache.org/dist/directory/fortress/dist/2.0.8/fortress-realm-2.0.8-source-release.zip unzip fortress-realm-2.0.8-source-release.zip cd fortress-realm-2.0.8
a. Java 8 target
mvn clean install
-- OR --
b. Java 11 target
mvn clean install -Djava.version=11
If using java 8, add this param to the pom.xml:
<plugin> ... <artifactId>maven-javadoc-plugin</artifactId> <configuration> <additionalparam>-Xdoclint:none</additionalparam> ... </configuration> </plugin>
There are two options for web app usage of the fortress realm:
Option 1 requires web apps to be dependent on the fortress realm libs but enables usage of the fortress RBAC programmatic authZ apis. It allows multiple realms, each of a different type and version, to be enabled within a single Tomcat instance.
Option 2 frees the web app from entanglement with fortress libs, which is easier to manage, but doesn't allow fortress api usage. It limits to a single realm instance, enabled globally, which might not agree with multitenant requirements.
|Realm Type||Is Global Security?||Is Declarative?||Is RBAC APIs?||Multiple Realms Supported?||Fortress Dependencies?|
enable Java EE security for a single web app running under Tomcat
enable Java EE security for all web apps running under Tomcat