Iasi code camp 20 april 2013 windows authentication-spring security -kerberos

Preview:

Click to see full reader

DESCRIPTION

 

Citation preview

A bridge between two worlds: Spring Security & Kerberos

Claudiu Stancu

•Me & the other me

•Security concepts

•Kerberos

•All together

•Code time

Agenda

3

4IN YOUR ZONE

About me…

Development Discipline Lead at Endava

5IN YOUR ZONE

The other me…

6IN YOUR ZONE

Security concepts – Data types

PUBLIC PRIVATE

CONFIDENTIAL SECRET

7IN YOUR ZONE

Authentication

“The process of verifying that the users of our application are who they say they are”

8IN YOUR ZONE

Authentication

Credentials Based

9IN YOUR ZONE

Authentication

Biometrics Authentication

10IN YOUR ZONE

Authentication

Two factor authentication

11IN YOUR ZONE

Authentication

• Browser certificates

• Single Sing On

• Hardware authentication

12IN YOUR ZONE

Authorization

Assign authenticated Principals to one or more Roles

Assign the Principal’s Role(s) to secured resources

13IN YOUR ZONE

Spring Security

Servlet Filters

Delegation

14IN YOUR ZONE

Spring Security – Filters

o.s.s.web.context.SecurityContextPersistenceFilter

o.s.s.web.authentication.logout.LogoutFilter

o.s.s.web.authentication.UsernamePasswordAuthentication

o.s.s.web.session.SessionManagementFilter

Secured Resource

Request Response

15IN YOUR ZONE

Spring Security – Fundamentals

Security Interceptor

Authentication Manager

Access Decision Manager

Run-As Manager

After-Invocation Manager

16IN YOUR ZONE

Spring Security – Authentication Manager

Authentication Manager

Provider Manager

LDAP Authentication

Provider

CAS Authentication

Provider

Kerberos Authentication

Provider

DAO Authentication

Provider

Remember Me Authentication

Provider

17IN YOUR ZONE

Spring Security – Access Decision Manager

Affirmative Based

Abstract Decision Voter

Access Decision Manager

Abstract Access Decision Manager

Consensus Based Unanimous Based Role Voter

Access Decision Manager Grant / Deny access?

Affirmative based At least one voter grant access

Consensus based Majority grant access

Unanimous based If all voters grant access

18IN YOUR ZONE

Kerberos

19IN YOUR ZONE

Kerberos

{cstancu, 192.168.1.2}

SessionKey1

TGT

TGT

SessionKey1

20IN YOUR ZONE

Kerberos

{SessionKey1}Authenticator TGT

{SessionKey2}Authenticator

Mail Ticket{SessionKey2}

ok

TGT

SessionKey1

Mail Ticket

{SessionKey1}SessionKey2

Mail Ticket

SessionKey2

21IN YOUR ZONE

All together

(1)HTTP GET resource.html

WW

W-A

uthe

ntica

te: N

egoc

iate

(2

) HTT

P 401

– Den

ied:

22IN YOUR ZONE

All together

(3) Kerberos TGS_REQ

(4) Kerberos TGS_REP

23IN YOUR ZONE

All together

(5) H

TTP

GET

Aut

horiz

ation

Negotiate w/SPNEGO Token

(6) HTTP 200 – OK

reso

urce

.htm

l

24IN YOUR ZONE

Code time…

25IN YOUR ZONE

26IN YOUR ZONE

Claudiu Stancu | Development Discipline Lead

Recommended

Kerberos - Nanjing University · Kerberos Kerberos is an authentication and authorization protocol Kerberos uses a trusted third party authentication service that enables clients
Documents
Ahmad Ibrahim - Virginia Techcourses.cs.vt.edu › ... › Student-Presentations › Kerberos-Ibrahim.pdf · Kerberos Protocol Simplified Client to Authentication Server Authentication
Documents
Authentication Applications: Kerberos, X.509 and Certificates
Documents
Specifying Kerberos 5 Cross-Realm Authentication
Documents
Kerberos: An Authentication Sewice for Computer Networksyingdi/pub/papers/... · Kerberos: An Authentication Sewice for Computer Networks When using authentication based on cryptography,
Documents
GROUP 4: KERBEROS AUTHENTICATION
Documents
Kerberos: An Authentication Service for Computer Networkstrj1/cse543-f06/presents/kerberos-overview.pdf · Kerberos: An Authentication Service for Computer Networks ... Presented
Documents
Edgemo University€¦ ·  · 2016-06-07Lync 2013 – Deployment – GSLB ... – GSLB – ActiveSync with Kerberos • Office 365 – Forms authentication – Kerberos Authentication
Documents
Configuring Kerberos Authentication With Role Centers
Documents
Authentication June 24/2003. Overview Terminology Local Passwords Early Password Services Kerberos Basics Tickets Ticket Acquisition Kerberos Authentication
Documents
Configure Kerberos Authentication for SharePoint 2010 Productsdicassharepoint.weebly.com/.../2/8/1/5/28155593/sp2010_kerberos_gu… · Web viewConfigure Kerberos Authentication for
Documents
Configuring Kerberos Authentication in a Reporting ...download.microsoft.com/.../SSRSKerberos.docx  · Web viewManage Kerberos Authentication Issues in a Reporting Services Environment
Documents
Using Kerberos for Web Authentication - OpenAFSworkshop.openafs.org/afsbpw06/talks/wes-kerberos-on-web.pdf · Using Kerberos for Web Authentication. Outline • Basic Auth
Documents
Authentication in real world: Kerberos, SSH and SSLzoo.cs.yale.edu/classes/cs467/2005f/course/lectures/ln24-slides.pdf · Kerberos Authentication (Detail) Kerberos Authentication
Documents
Kerberos Authentication Protocol
Education
Security and Kerberos Authentication with K2 Servers
Documents
Kerberos: An Authentication Sewice for Computer Networks
Documents
Configuring the Bomgar Appliance for Kerberos Authentication
Documents
Configure Kerberos Authentication for Reporting Services
Documents
How Kerberos Authentication Works
Documents