16
Maksym Titov 27.4.2011 Spring security 3

Spring security 3

Tags:

Embed Size (px)

DESCRIPTION

by Maksym Titov

Citation preview

Page 1: Spring security 3

Maksym Titov27.4.2011

Spring security 3

Page 2: Spring security 3

Why Spring Security?

Popularity,Features

Page 3: Spring security 3

Three easy steps

XML configuration file

DelegatingFilterProxy to web.xml

XML configuration reference to web.xml

Page 4: Spring security 3

Filter chain

Page 5: Spring security 3

User experience

Customization

Page 6: Spring security 3

Password change management

InMemoryDaoImpl Configuration Page Controller

Page 7: Spring security 3

Securing Credential Storage

Database

Page 8: Spring security 3

Advanced configuration of JdbcDaoImpl

User groups

Legacy schema

Page 9: Spring security 3

Secure passwords

Encoding, salt

Page 10: Spring security 3

‘Remember me’

Safe, but be careful

Page 11: Spring security 3

SSL

Transport layer security

Page 12: Spring security 3

Business layer security

public interface IUserService { @PreAuthorize("hasRole('ROLE_USER')") public void changePassword(String username, String password);}

@PreAuthorizeJSR-250 compliant rules@SecuredAspect Oriented Programming

Conditional rendering

Page 13: Spring security 3

Internal customization

SECURITY FILTER

AUTHENTICATION PROVIDER

Page 14: Spring security 3

Session management and concurrency

Session fixation

Concurrent session control

Page 15: Spring security 3

Exception handling

<http auto-config="true" ...><access-denied-handler error-page =

"/accessDenied.do"/></http>

AuthenticationExceptionAccessDeniedException

Page 16: Spring security 3

External security systems

Active directoryOpenIdLDAP


Java EE Architecture with the Spring Framework · Presentation Service Persistence Database Hibernate 3 Spring DAO / Hibernate Support Spring TX Spring Security (Acegi) Spring AOP

Java EE Architecture with the Spring Framework · Presentation Service Persistence Database Hibernate 3 Spring DAO / Hibernate Support Spring TX Spring Security (Acegi) Spring AOP

Documents
5 - Gia de Refer en CIA Spring Security 3

5 - Gia de Refer en CIA Spring Security 3

Documents
Spring Security Reference...Spring Security Reference 4.1.5.RELEASE Spring Security iv JDBC Authentication ..... 22 LDAP Authentication

Spring Security Reference...Spring Security Reference 4.1.5.RELEASE Spring Security iv JDBC Authentication ..... 22 LDAP Authentication

Documents
Identity Management with Spring Security · 2011-11-02 · Spring Security: Project Organization Spring Security Web Core LDAP OpenID ... Spring Extensions: Security SAML Kerberos

Identity Management with Spring Security · 2011-11-02 · Spring Security: Project Organization Spring Security Web Core LDAP OpenID ... Spring Extensions: Security SAML Kerberos

Documents
SCSC 455 Computer Security 2011 Spring Chapter 3 User Security

SCSC 455 Computer Security 2011 Spring Chapter 3 User Security

Documents
Spring Security ACL Plugin - Reference Documentationgrails-plugins.github.io/grails-spring-security-acl/v3/spring...Chapter 1. Introduction to the Spring Security ACL Plugin The ACL

Spring Security ACL Plugin - Reference Documentationgrails-plugins.github.io/grails-spring-security-acl/v3/spring...Chapter 1. Introduction to the Spring Security ACL Plugin The ACL

Documents
Oracle® Fusion Middleware · Acegi Security is now Spring Security, the official security project of the Spring Portfolio. The Spring security (acegi) framework provides security

Oracle® Fusion Middleware · Acegi Security is now Spring Security, the official security project of the Spring Portfolio. The Spring security (acegi) framework provides security

Documents
Mule security - authorization using spring security

Mule security - authorization using spring security

Technology
Homework 3 IS511: Information Security, Spring 2019

Homework 3 IS511: Information Security, Spring 2019

Documents
Security authorization using spring security

Security authorization using spring security

Technology
Javacro 2014 Spring Security 3 Speech

Javacro 2014 Spring Security 3 Speech

Technology
Spring Security Core Plugin - Reference Documentationgrails-plugins.github.io/grails-spring-security-core/4.0.x/spring-security-core.pdf · Chapter 1. Introduction to the Spring Security

Spring Security Core Plugin - Reference Documentationgrails-plugins.github.io/grails-spring-security-core/4.0.x/spring-security-core.pdf · Chapter 1. Introduction to the Spring Security

Documents
Spring Security Reference...Spring Security Reference 5.1.11.BUILD-SNAPSHOT Spring Security iv AbstractSecurityWebApplicationInitializer without Existing Spring ..... 17

Spring Security Reference...Spring Security Reference 5.1.11.BUILD-SNAPSHOT Spring Security iv AbstractSecurityWebApplicationInitializer without Existing Spring ..... 17

Documents
Rc106-Spring Security 3

Rc106-Spring Security 3

Documents
Spring Security 3

Spring Security 3

Education
Spring Security

Spring Security

Documents
Spring | Home · Spring Security Reference 4.0.3.RELEASE Spring Security iii Table of Contents

Spring | Home · Spring Security Reference 4.0.3.RELEASE Spring Security iii Table of Contents

Documents
Guidelines – Merging Custom Configuration Files for ......applicationContext-spring-security-ldap.xml applicationContext-spring-security-memory.xml applicationContext-spring-security-superuser.xml

Guidelines – Merging Custom Configuration Files for ......applicationContext-spring-security-ldap.xml applicationContext-spring-security-memory.xml applicationContext-spring-security-superuser.xml

Documents
Spring Security Kerberos - Reference Documentation...Spring Security Kerberos - Reference Documentation 1.0.1.RELEASE Spring Security Kerberos iv Preface This reference documentations

Spring Security Kerberos - Reference Documentation...Spring Security Kerberos - Reference Documentation 1.0.1.RELEASE Spring Security Kerberos iv Preface This reference documentations

Documents
Stormpath 101: Spring Boot + Spring Security

Stormpath 101: Spring Boot + Spring Security

Technology
Spring Security 3 - Packt · at Cerner, the largest provider ... Spring Security with a number of other technologies including Java Server Faces (JSF),

Spring Security 3 - Packt · at Cerner, the largest provider ... Spring Security with a number of other technologies including Java Server Faces (JSF),

Documents
Spring Security Reference...Spring Security Reference 4.0.4.RELEASE Spring Security iv 3.9. Post Processing Configured Objects 25 4. Security Namespace Configuration 26 4.1

Spring Security Reference...Spring Security Reference 4.0.4.RELEASE Spring Security iv 3.9. Post Processing Configured Objects 25 4. Security Namespace Configuration 26 4.1

Documents
Massig neue Features in Spring Security 3 · Neu in Spring Security 3.2 • Servlet 3 und 3.1 Integration • Concurrency Unterstützung • Spring MVC Integration • Basic CSRF

Massig neue Features in Spring Security 3 · Neu in Spring Security 3.2 • Servlet 3 und 3.1 Integration • Concurrency Unterstützung • Spring MVC Integration • Basic CSRF

Documents
Spring Framework - Spring Security

Spring Framework - Spring Security

Technology
Spring Security Core Plugin - Reference Documentationgrails-plugins.github.io/grails-spring-security-core/2.0.x/guide/... · 3 1 Introduction to the Spring Security Plugin The Spring

Spring Security Core Plugin - Reference Documentationgrails-plugins.github.io/grails-spring-security-core/2.0.x/guide/... · 3 1 Introduction to the Spring Security Plugin The Spring

Documents
Mule security - spring security manager

Mule security - spring security manager

Technology
Security spring security manager

Security spring security manager

Technology
Spring Security Reference - Spring Framework · Spring Security Reference vi ... 7.1. Security Database Schema ... patching, personnel vetting, audits, change control,

Spring Security Reference - Spring Framework · Spring Security Reference vi ... 7.1. Security Database Schema ... patching, personnel vetting, audits, change control,

Documents
Spring Security SAML Extension · Spring Security SAML Extension 1.0.0.RELEASE Spring Security SAML Extension iii 7.3. Extended metadata

Spring Security SAML Extension · Spring Security SAML Extension 1.0.0.RELEASE Spring Security SAML Extension iii 7.3. Extended metadata

Documents