Apache Fortress

Apache Fortress
Developer(s)	Apache Software Foundation
Stable release	3.0.1 / July 28, 2025;2 days ago (2025-07-28)
Repository	Fortress Repository
Written in	Java
Operating system	Cross-platform
Type	Authorization
License	Apache License 2.0
Website	Official website

Apache Fortress is an open source project of the Apache Software Foundation and a subproject of the Apache Directory. It is an authorization system, written in Java, that provides role-based access control, delegated administration and password policy using an LDAP backend.

Standards implemented:

• Role-Based Access Control (RBAC) ANSI INCITS 359
• Administrative Role-Based Access Control (ARBAC02)
• IETF Password Policy (draft)
• Unix Users and Groups (RFC2307)

Fortress has four separate components:

• Core - A set of security authorization APIs.
• Realm - A Web Container plug-in that provides security for the Apache Tomcat container.
• Rest - HTTP protocol wrappers of core APIs using Apache CXF.
• Web - HTML pages of core APIs using Apache Wicket.

History

Fortress was first contributed in 2011 to the OpenLDAP Foundation ^[1] and moved to the Apache Directory project in 2014. ^[2]

API

Fortress provides security functions via APIs corresponding to the standards implemented. For example, its RBAC API design mimics the functional specifications of ANSI INCITS 359 with function names, entities being the same.

References

1. "Request for Contribution of Identity Access Management Software to OpenLDAP Project". OpenLDAP Foundation. 15 July 2011. Retrieved 20 April 2016.
2. "Notice to donate Fortress to the Apache Directory Project". Apache Software Foundation. 16 September 2014. Retrieved 20 April 2016.

External links

• Apache Fortress Project Page
• py-fortress on PyPI