Apache Fortress Role Engineering Tutorial

Apache Fortress Role Engineering Tutorial

The Symas Blog Keeping our clients up to date on big fixes, helpful tips, and more. The goals of this tutorial are to Gain understanding of the Role Based Access Control (RBAC) standard Learn the repeatable steps of the Role Engineering Process Learn about using the...
Apache Fortress End-to-End Security Tutorial

Apache Fortress End-to-End Security Tutorial

The Symas Blog Keeping our clients up to date on big fixes, helpful tips, and more. The tutorial provides a how-to guide for applying end-to-end security enforcement across a sample Java Web environment using Java EE, Spring and Apache Fortress security. Requirements...
Apache Fortress SAML Demo

Apache Fortress SAML Demo

The Symas Blog Keeping our clients up to date on big fixes, helpful tips, and more. Overview The aim of this tutorial is to connect Apache Fortress with Spring Security SAML and a common Identity Provider – SSO Circle.com. It’s not intended to highlight all of the...

Understanding LMDB Database File Sizes and Memory Utilization

The Lightning Memory-mapped Database (LMDB) is designed around the virtual memory facilities found in modern operating systems, Multi-version Concurrency Control (MVCC), and Single-Level Store (SLS) concepts. This design is quite different than those of more traditional databases and, in operation, it can mimic behaviors that system administrators have been trained to recognize as signs of trouble. With LMDB, though, the behaviors are normal, but nonetheless this leads to the following questions:

Apache Fortress 1.0-RC42 Released

Announced just this week: Apache Fortress 1.0-RC42 released. What, is this some kind of joke? Why would a project go thru 42 iterations of release candidates just for a 1.0 designation? No joke here unless you find our efforts to create a simple, useful and robust access management solution funny. Before that 1.0 label gets used, we’re going to make sure it’s deserving.

DROWN Vulnerability with Remediation

Network traffic encrypted using an RSA-based SSL certificate may be decrypted if enough SSLv2 handshake data can be collected. Exploitation of this vulnerability—referred to as DROWN in public reporting—may allow a remote attacker to obtain the private key of a server supporting SSLv2.