Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Introduction to Spring Security 3/3.1

Mike Wiesner
October 19, 2010
Programming
0
110

Introduction to Spring Security 3/3.1

Mike Wiesner demoes using Spring Security 3 with its new features, such as expression language-based authorization and extensions, to implement authentication and authorization in Java applications. A video recording is available here: http://www.infoq.com/presentations/Spring-Security-3

Mike Wiesner

October 19, 2010
Tweet

More Decks by Mike Wiesner

See All by Mike Wiesner
Transaktionen in Java
mikewiesner
0
71
Security Patterns 2012
mikewiesner
0
36

Other Decks in Programming

See All in Programming
Outline View in SwiftUI
1024jp
1
330
Remix on Hono on Cloudflare Workers
yusukebe
1
290
macOS でできる リアルタイム動画像処理
biacco42
9
2.4k
.NET のための通信フレームワーク MagicOnion 入門 / Introduction to MagicOnion
mayuki
1
1.6k
3rd party scriptでもReactを使いたい! Preact + Reactのハイブリッド開発
righttouch
PRO
1
600
2024/11/8 関西Kaggler会 2024 #3 / Kaggle Kernel で Gemma 2 × vLLM を動かす。
kohecchi
5
920
聞き手から登壇者へ: RubyKaigi2024 LTでの初挑戦が 教えてくれた、可能性の星
mikik0
1
130
距離関数を極める! / SESSIONS 2024
gam0022
0
280
Jakarta EE meets AI
ivargrimstad
0
190
エンジニアとして関わる要件と仕様(公開用)
murabayashi
0
290
ピラミッド、アイスクリームコーン、SMURF: 自動テストの最適バランスを求めて / Pyramid Ice-Cream-Cone and SMURF
twada
PRO
10
1.3k
CSC509 Lecture 11
javiergs
PRO
0
180

Featured

See All Featured
Product Roadmaps are Hard
iamctodd
PRO
49
11k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.1k
GraphQLとの向き合い方2022年版
quramy
43
13k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
25
1.8k
Music & Morning Musume
bryan
46
6.2k
How GitHub (no longer) Works
holman
310
140k
We Have a Design System, Now What?
morganepeng
50
7.2k
Build your cross-platform service in a week with App Engine
jlugia
229
18k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
47
2.1k
Practical Orchestrator
shlominoach
186
10k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
10
720
Understanding Cognitive Biases in Performance Measurement
bluesmoon
26
1.4k

Transcript

  1. SpringOne 2GX 2010. All rights reserved. Do not distribute without

    permission. Chicago, October 19 - 22, 2010 Introduction to Spring Security 3/3.1 Mike Wiesner - SpringSource

  2. Mike Wiesner • Senior Consultant with SpringSource • 10+ years

    experience in Java • Spring Security Developer • Focus: – Application Security – Integration – Authentication Systems • [email protected]

  3. Spring + Security = Spring Security

  4. What is Spring Security? • A flexible and powerful Java

    Enterprise Security Framework • which is build on top of Spring • but can be used for EVERY Java application 4

  5. Spring + Authentication + Authorization = Spring Security

  6. Spring Security 2.x • Built on Spring 2.0 / Java

    1.4 • Successor of the Acegi Security System for Spring • Simpler configuration (Namespace) • Better LDAP support • More Single Sign On options 6

  7. Spring Security 3.0 • Built on: Spring 3 / Java

    5 • Spring Expression Language support • Extended Namespace support • Simpler API (Array -> Collections, varargs, ...) • Aspect Library for AspectJ weaving • Smaller modules • Fine tuning based on user feedback 7

  8. Around Spring Security 3 • Spring Security Extensions – SAML2

    (contributed by Vladimir Schäfer) – Kerberos – Start your own! • OAuth for Spring Security (contributed by Ryan Heaton) • Facelets tag library for Spring Security (Web Flow 2.2.0) 8

  9. Authentication Highlights • Form • Basic / Digest • JDBC

    • LDAP • JAAS • JA-SIG CAS • Atlassian Crowd • OpenID • X.509 • JOSSO 9

  10. SpringOne 2GX 2009. All rights reserved. Do not distribute without

    permission. Chicago, October 19 - 22, 2010 Demo Time!

  11. Encoding Problems 11 Internet Tomcat Browser File- System ../ %C0%AE%C0%AE%C0%AF

  12. Defense in Depth

  13. SpringOne 2GX 2009. All rights reserved. Do not distribute without

    permission. Chicago, October 19 - 22, 2010 Demo Time!

  14. Method Security 14 Security Business Caller Service Security Interceptor call

    call exception security check

  15. User Role

  16. User Role Right

  17. User Role Right

  18. User Role Right

  19. User Role Right

  20. User Role Right Role

  21. SpringOne 2GX 2009. All rights reserved. Do not distribute without

    permission. Chicago, October 19 - 22, 2010 Demo Time!

  22. Request requestor from to deletable

  23. Request requestor from to deletable

  24. Request requestor from to deletable

  25. Request requestor from to Secured deletable

  26. Request requestor from to Secured deletable AspectJ Request requestor from

    to deletable

  27. SpringOne 2GX 2009. All rights reserved. Do not distribute without

    permission. Chicago, October 19 - 22, 2010 Demo Time!

  28. Kerberos/SPNEGO Client Kerberos Server (e.g. Active Directory) Your web application

    (1) GET (2) AUTH required (5) GET + Service Ticket (3) Request Service Ticket (4) Return Service Ticket

  29. SpringOne 2GX 2009. All rights reserved. Do not distribute without

    permission. Chicago, October 19 - 22, 2010 Spring Security 3.1

  30. SpringOne 2GX 2009. All rights reserved. Do not distribute without

    permission. Chicago, October 19 - 22, 2010 Q&A Mike Wiesner [email protected] http://git.springsource.org/ s2gx-2010/spring-security-3