Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Introduction to Spring Security 3/3.1

Introduction to Spring Security 3/3.1

Mike Wiesner demoes using Spring Security 3 with its new features, such as expression language-based authorization and extensions, to implement authentication and authorization in Java applications. A video recording is available here: http://www.infoq.com/presentations/Spring-Security-3

Mike Wiesner

October 19, 2010
Tweet

More Decks by Mike Wiesner

Other Decks in Programming

Transcript

  1. SpringOne 2GX 2010. All rights reserved. Do not distribute without

    permission. Chicago, October 19 - 22, 2010 Introduction to Spring Security 3/3.1 Mike Wiesner - SpringSource
  2. Mike Wiesner • Senior Consultant with SpringSource • 10+ years

    experience in Java • Spring Security Developer • Focus: – Application Security – Integration – Authentication Systems • [email protected]
  3. What is Spring Security? • A flexible and powerful Java

    Enterprise Security Framework • which is build on top of Spring • but can be used for EVERY Java application 4
  4. Spring Security 2.x • Built on Spring 2.0 / Java

    1.4 • Successor of the Acegi Security System for Spring • Simpler configuration (Namespace) • Better LDAP support • More Single Sign On options 6
  5. Spring Security 3.0 • Built on: Spring 3 / Java

    5 • Spring Expression Language support • Extended Namespace support • Simpler API (Array -> Collections, varargs, ...) • Aspect Library for AspectJ weaving • Smaller modules • Fine tuning based on user feedback 7
  6. Around Spring Security 3 • Spring Security Extensions – SAML2

    (contributed by Vladimir Schäfer) – Kerberos – Start your own! • OAuth for Spring Security (contributed by Ryan Heaton) • Facelets tag library for Spring Security (Web Flow 2.2.0) 8
  7. Authentication Highlights • Form • Basic / Digest • JDBC

    • LDAP • JAAS • JA-SIG CAS • Atlassian Crowd • OpenID • X.509 • JOSSO 9
  8. SpringOne 2GX 2009. All rights reserved. Do not distribute without

    permission. Chicago, October 19 - 22, 2010 Demo Time!
  9. SpringOne 2GX 2009. All rights reserved. Do not distribute without

    permission. Chicago, October 19 - 22, 2010 Demo Time!
  10. SpringOne 2GX 2009. All rights reserved. Do not distribute without

    permission. Chicago, October 19 - 22, 2010 Demo Time!
  11. SpringOne 2GX 2009. All rights reserved. Do not distribute without

    permission. Chicago, October 19 - 22, 2010 Demo Time!
  12. Kerberos/SPNEGO Client Kerberos Server (e.g. Active Directory) Your web application

    (1) GET (2) AUTH required (5) GET + Service Ticket (3) Request Service Ticket (4) Return Service Ticket
  13. SpringOne 2GX 2009. All rights reserved. Do not distribute without

    permission. Chicago, October 19 - 22, 2010 Spring Security 3.1
  14. SpringOne 2GX 2009. All rights reserved. Do not distribute without

    permission. Chicago, October 19 - 22, 2010 Q&A Mike Wiesner [email protected] http://git.springsource.org/ s2gx-2010/spring-security-3