Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Brief Introduction 2012 Spring Security. What is it? Security toolkit for Java applications Primarily intended for web applications Open Source from.

Published byBenjamin Neal Modified over 9 years ago

Similar presentations

Presentation on theme: "A Brief Introduction 2012 Spring Security. What is it? Security toolkit for Java applications Primarily intended for web applications Open Source from."— Presentation transcript:

1 A Brief Introduction 2012 Spring Security

2 What is it? Security toolkit for Java applications Primarily intended for web applications Open Source from Spring Source (http://www.springsource.org/spring-security)http://www.springsource.org/spring-security Current version is 3.1.1 Requires Java 1.5+ and Spring 3.0.7+

3 Authentication Support Integrates with a wide variety of authentication mechanisms HTTP (Basic/Digest/X.509 certificates) LDAP (and Active Directory) Distributed authentication / Single Sign-On OAuth 1.0, OpenID, SAML, JA-SIG CAS JEE Container-managed authentication Header-based authentication (e.g., Siteminder) Custom implementations And many more… (> 30) Can support multiple mechanisms simultaneously

4 Authorization Support Supports authorization based on URL / URL pattern Similar to url-pattern in web.xml file Supports authorization based on method invocation Done via Aspects Supports the use of annotations Both Spring-specific and JSR-250 Can use all three mechanisms at the same time Also allows you to modify value returned, if needed

5 Simple Example (1) web.xml springSecFilter …DelegatingFilterProxy springSecFilter /* Still need Spring config…

6 Simple Example (2) applicationContext.xml (Spring configuration file) Will expect to have users defined in the XML this way…

7 Slightly More Complex… applicationContext.xml <intercept-url pattern=‘/**’ access=‘ROLE_USER’ requires-channel=‘https’/>

8 Other Features Can configure Spring Security to detect timeouts Detects requests submitted with expired session and redirects to another location Can be used to limit the number of concurrent logins by a user Limit applies to all users not to specific one(s) Supports steps to eliminate session fixation attacks Via session-fixation-protection attribute on session-management element. Allows for user-defined filters to be included in the security checking filter chain Can specify both the additional filter and where in the chain to execute it

9 Authorization Checking Support Default (simple examples) authorization based on: intercept-url protect-pointcut Annotations using: Spring @Secured (e.g., @Secured(“ROLE_ADMIN”) ) JSR-250 annotations Spring Pre/Post annotation (e.g., @PreAuthorize(“hasAuthority(‘ROLE_ADMIN’)”) Annotations only effective when Spring used to instantiate annotated classes! More complex models supported by subclassing AccessDecisionManager class

10 Questions?

Download ppt "A Brief Introduction 2012 Spring Security. What is it? Security toolkit for Java applications Primarily intended for web applications Open Source from."

Similar presentations

Suchin Rengan Principal Technical Architect Salesforce.com

Suchin Rengan Principal Technical Architect Salesforce.com
JLab Lattice Portal – Data Grid Web Service Ying Chen, Chip Watson Thomas Jefferson National Accelerator Facility.

JLab Lattice Portal – Data Grid Web Service Ying Chen, Chip Watson Thomas Jefferson National Accelerator Facility.
Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal 1 1 2 2 4 4 3,6 5 5 7 7 8 8 9 9 1010 1010 DNS Hello User Sample (Gateway)

Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Web Application Security SSE USTC Qing Ding. Agenda General security issues Web-tier security requirements and schemes HTTP basic authentication based.

Web Application Security SSE USTC Qing Ding. Agenda General security issues Web-tier security requirements and schemes HTTP basic authentication based.
Securing web applications using Java EE Dr Jim Briggs 1.

Securing web applications using Java EE Dr Jim Briggs 1.
DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China DICOM Security Eric Pan Agfa HealthCare.

DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China DICOM Security Eric Pan Agfa HealthCare.
WEB2P security Java web application security Dr Jim Briggs.

WEB2P security Java web application security Dr Jim Briggs.
Struts Basics SSE USTC Qing Ding. Agenda What is and Why Struts? Struts architecture – Controller: Focus of this presentation – Model – View Struts tag.

Struts Basics SSE USTC Qing Ding. Agenda What is and Why Struts? Struts architecture – Controller: Focus of this presentation – Model – View Struts tag.
Copyright B. Wilkinson, 2008. This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.

Copyright B. Wilkinson, This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.
Teamcenter™ Security Services SSO

Teamcenter™ Security Services SSO
IIS Configuration © N. Ganesan, Ph.D.. Renaming the Default Web.

IIS Configuration © N. Ganesan, Ph.D.. Renaming the Default Web.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.

Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.
LDS Account and the Java Stack. Disclaimer This is a training NOT a presentation. – Be prepared to learn and participate in labs Please ask questions.

LDS Account and the Java Stack. Disclaimer This is a training NOT a presentation. – Be prepared to learn and participate in labs Please ask questions.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
Shibboleth: New Functionality in Version 1 Steve Carmody July 9, 2003 Steve Carmody July 9, 2003.

Shibboleth: New Functionality in Version 1 Steve Carmody July 9, 2003 Steve Carmody July 9, 2003.
Distributed Web Security for Science Gateways Jim Basney In collaboration with: Rion Dooley Jeff Gaynor

Distributed Web Security for Science Gateways Jim Basney In collaboration with: Rion Dooley Jeff Gaynor
Identity Management Report By Jean Carreon and Marlon Gonzales.

Identity Management Report By Jean Carreon and Marlon Gonzales.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

Similar presentations

Ads by Google