Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Introduction to Spring Security 3/3.1

Mike Wiesner
October 19, 2010
Programming
0
110

Introduction to Spring Security 3/3.1

Mike Wiesner demoes using Spring Security 3 with its new features, such as expression language-based authorization and extensions, to implement authentication and authorization in Java applications. A video recording is available here: http://www.infoq.com/presentations/Spring-Security-3

Mike Wiesner

October 19, 2010
Tweet

More Decks by Mike Wiesner

See All by Mike Wiesner
Transaktionen in Java
mikewiesner
0
71
Security Patterns 2012
mikewiesner
0
36

Other Decks in Programming

See All in Programming
Identifying User Idenity
moro
6
7.8k
PagerDuty を軸にした On-Call 構築と運用課題の解決 / PagerDuty Japan Community Meetup 4
horimislime
1
110
Server Driven Compose With Firebase
skydoves
0
390
Generative AI Use Cases JP (略称:GenU)奮闘記
hideg
0
150
Piniaの現状と今後
waka292
5
1.4k
PHP でアセンブリ言語のように書く技術
memory1994
PRO
1
150
Universal Linksの実装方法と陥りがちな罠
kaitokudou
1
220
JaSST 24 九州:ワークショップ(は除く) 実践!マインドマップを活用したソフトウェアテスト+活用事例
satohiroyuki
0
260
Kaigi on Rails 2024 - Rails APIモードのためのシンプルで効果的なCSRF対策 / kaigionrails-2024-csrf
corocn
5
3.3k
現場で役立つモデリング 超入門
masuda220
PRO
12
2.9k
Go言語でターミナルフレンドリーなAIコマンド、afaを作った/fukuokago20_afa
monochromegane
2
140
色々なIaCツールを実際に触って比較してみる
iriikeita
0
260

Featured

See All Featured
RailsConf 2023
tenderlove
29
880
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
41
2.1k
4 Signs Your Business is Dying
shpigford
180
21k
How To Stay Up To Date on Web Technology
chriscoyier
788
250k
Typedesign – Prime Four
hannesfritz
39
2.4k
Fashionably flexible responsive web design (full day workshop)
malarkey
404
65k
Building Your Own Lightsaber
phodgson
102
6k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
92
16k
Rails Girls Zürich Keynote
gr2m
93
13k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
37
1.8k
Faster Mobile Websites
deanohume
304
30k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k

Transcript

  1. SpringOne 2GX 2010. All rights reserved. Do not distribute without

    permission. Chicago, October 19 - 22, 2010 Introduction to Spring Security 3/3.1 Mike Wiesner - SpringSource

  2. Mike Wiesner • Senior Consultant with SpringSource • 10+ years

    experience in Java • Spring Security Developer • Focus: – Application Security – Integration – Authentication Systems • [email protected]

  3. Spring + Security = Spring Security

  4. What is Spring Security? • A flexible and powerful Java

    Enterprise Security Framework • which is build on top of Spring • but can be used for EVERY Java application 4

  5. Spring + Authentication + Authorization = Spring Security

  6. Spring Security 2.x • Built on Spring 2.0 / Java

    1.4 • Successor of the Acegi Security System for Spring • Simpler configuration (Namespace) • Better LDAP support • More Single Sign On options 6

  7. Spring Security 3.0 • Built on: Spring 3 / Java

    5 • Spring Expression Language support • Extended Namespace support • Simpler API (Array -> Collections, varargs, ...) • Aspect Library for AspectJ weaving • Smaller modules • Fine tuning based on user feedback 7

  8. Around Spring Security 3 • Spring Security Extensions – SAML2

    (contributed by Vladimir Schäfer) – Kerberos – Start your own! • OAuth for Spring Security (contributed by Ryan Heaton) • Facelets tag library for Spring Security (Web Flow 2.2.0) 8

  9. Authentication Highlights • Form • Basic / Digest • JDBC

    • LDAP • JAAS • JA-SIG CAS • Atlassian Crowd • OpenID • X.509 • JOSSO 9

  10. SpringOne 2GX 2009. All rights reserved. Do not distribute without

    permission. Chicago, October 19 - 22, 2010 Demo Time!

  11. Encoding Problems 11 Internet Tomcat Browser File- System ../ %C0%AE%C0%AE%C0%AF

  12. Defense in Depth

  13. SpringOne 2GX 2009. All rights reserved. Do not distribute without

    permission. Chicago, October 19 - 22, 2010 Demo Time!

  14. Method Security 14 Security Business Caller Service Security Interceptor call

    call exception security check

  15. User Role

  16. User Role Right

  17. User Role Right

  18. User Role Right

  19. User Role Right

  20. User Role Right Role

  21. SpringOne 2GX 2009. All rights reserved. Do not distribute without

    permission. Chicago, October 19 - 22, 2010 Demo Time!

  22. Request requestor from to deletable

  23. Request requestor from to deletable

  24. Request requestor from to deletable

  25. Request requestor from to Secured deletable

  26. Request requestor from to Secured deletable AspectJ Request requestor from

    to deletable

  27. SpringOne 2GX 2009. All rights reserved. Do not distribute without

    permission. Chicago, October 19 - 22, 2010 Demo Time!

  28. Kerberos/SPNEGO Client Kerberos Server (e.g. Active Directory) Your web application

    (1) GET (2) AUTH required (5) GET + Service Ticket (3) Request Service Ticket (4) Return Service Ticket

  29. SpringOne 2GX 2009. All rights reserved. Do not distribute without

    permission. Chicago, October 19 - 22, 2010 Spring Security 3.1

  30. SpringOne 2GX 2009. All rights reserved. Do not distribute without

    permission. Chicago, October 19 - 22, 2010 Q&A Mike Wiesner [email protected] http://git.springsource.org/ s2gx-2010/spring-security-3