A Brief Introduction 2012 Spring Security. What is it? Security toolkit for Java applications Primarily intended for web applications Open Source from.

Slides:



Advertisements
Similar presentations
Suchin Rengan Principal Technical Architect Salesforce.com
Advertisements

JLab Lattice Portal – Data Grid Web Service Ying Chen, Chip Watson Thomas Jefferson National Accelerator Facility.
Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Web Application Security SSE USTC Qing Ding. Agenda General security issues Web-tier security requirements and schemes HTTP basic authentication based.
Securing web applications using Java EE Dr Jim Briggs 1.
DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China DICOM Security Eric Pan Agfa HealthCare.
WEB2P security Java web application security Dr Jim Briggs.
Struts Basics SSE USTC Qing Ding. Agenda What is and Why Struts? Struts architecture – Controller: Focus of this presentation – Model – View Struts tag.
Copyright B. Wilkinson, This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.
Teamcenter™ Security Services SSO
IIS Configuration © N. Ganesan, Ph.D.. Renaming the Default Web.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.
LDS Account and the Java Stack. Disclaimer This is a training NOT a presentation. – Be prepared to learn and participate in labs Please ask questions.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
Shibboleth: New Functionality in Version 1 Steve Carmody July 9, 2003 Steve Carmody July 9, 2003.
Distributed Web Security for Science Gateways Jim Basney In collaboration with: Rion Dooley Jeff Gaynor
Identity Management Report By Jean Carreon and Marlon Gonzales.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
DSpace Users Group - Jan DSpace As A Platform Creating Custom Interfaces With Content Packaging Plugins Don Gourley Washington Research Library Consortium.
Standalone Java Application vs. Java Web Application
ArcGIS Server and Portal for ArcGIS An Introduction to Security
Chad La Joie Shibboleth’s Future.
Oracle Application Express Security. © 2009 Oracle Corporation Authentication Out-of-the-Box Pre-Configured Schemes LDAP Directory credentials Oracle.
1 ® Copyright 2009 Adobe Systems Incorporated. All rights reserved. Adobe confidential. 1 Building Portlets with ColdFusion Pete Freitag Foundeo, Inc.
Source: Peter Eeles, Kelli Houston, and Wojtek Kozaczynsky, Building J2EE Applicationa with the Rational Unified Process, Addison Wesley, 2003 Prepared.
authenticated networked guided environment for learning - secure integration of learning environments with digital libraries - Current.
Spring Security Just meat, no feathers 10/17/12Frank Schmager (inetwork.com)
Using Spring Security and CAS JA-SIG Summer Conference Denver, CO June 24 – 27, 2007.
1 Schema Registries Steven Hughes, Lou Reich, Dan Crichton NASA 21 October 2015.
Shibboleth 2.0 IdP Training: Authentication January, 2009.
CAS Lightning Talk Jasig-Sakai 2012 Tuesday June 12th 2012 Atlanta, GA Andrew Petro - Unicon, Inc.
Shibboleth at the U of M Christopher A. Bongaarts code-people June 2, 2011.
An Overview of Single Sign-On, Federation, Its Benefits, and Basic Procedures for Integrating Applications.
Hands-On Microsoft Windows Server Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.
LDS Account and the Java Stack. Disclaimer This is a training NOT a presentation. – Be prepared to learn and participate in labs Please ask questions.
JISC Middleware Security Workshop 20/10/05© 2005 University of Kent.1 The PERMIS Authorisation Infrastructure David Chadwick
Secure Systems Research Group - FAU SW Development methodology using patterns and model checking 8/13/2009 Maha B Abbey PhD Candidate.
NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.
Qaforum Security Structure. What’s SSO Single sign-on (SSO) is mechanism whereby a single action of user authentication and authorization can permit a.
Integrating and Troubleshooting Citrix Access Gateway.
Module 7: Advanced Application and Web Filtering.
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 JSP Application Models.
©SoftMoore ConsultingSlide 1 Filters. Filters can be used in a web application to intercept, examine, and possibly transform requests or responses associated.
The OWASP Foundation guarding your applications Koen Vanderloock
Configuring and Deploying Web Applications Lesson 7.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
15 Copyright © 2004, Oracle. All rights reserved. Adding JAAS Security to the Client.
2006/2007 Licence Apache 2.0 Castle.Igloo. Castle Igloo Basics Pre-require Concept Scopes PageFlow Configuration Controller View Exemple Castle.Igloo.
LDS Account and the Java Stack. Disclaimer This is a training NOT a presentation. – Be prepared to learn and participate in labs Please ask questions.
Securing Web Applications Lesson 4B / Slide 1 of 34 J2EE Web Components Pre-assessment Questions 1. Identify the correct return type returned by the doStartTag()
Google Code Libraries Dima Ionut Daniel. Contents What is Google Code? LDAPBeans Object-ldap-mapping Ldap-ODM Bug4j jOOR Rapa jongo Conclusion Bibliography.
CAS Proxying and Web Services The somewhat “easy way” Presented By: Joseph Mitola Programmer/Analyst Office Of The Registrar.
WAM and the Java Stack. Disclaimer This is a training NOT a presentation. – Be prepared to learn and participate in labs Please ask questions Prerequisites:
Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.
1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID Unity Connection Provisioning API Matt Penning Unity.
Unlocking the Secrets of Alfresco Authentication Mehdi BELMEKKI, Consultancy Team Alfresco.
Office of Information Technology GT Identity and Access Management JA-SIG CAS project (introducing login.gatech.edu) April 29th,
October 2014 HYBRIS ARCHITECTURE & TECHNOLOGY 01 OVERVIEW.
Using Your Own Authentication System with ArcGIS Online
Ask the Experts – Building Login-Based Sites in AEM
CS520 Web Programming Declarative Security (II)
Web Application Vulnerabilities, Detection Mechanisms, and Defenses
CollegeSource Security Application &
Single Sign-On Led by Terrice McClain, Jen Paulin, & Leighton Wingerd
CARA 3.10 Major New Features
CAS and Web Single Sign-on at UConn
Prime Service Catalog 12.0 SAML 2.0 Single Sign-On Support
Authentication and Authorization Federation
Presentation transcript:

A Brief Introduction 2012 Spring Security

What is it? Security toolkit for Java applications Primarily intended for web applications Open Source from Spring Source ( Current version is Requires Java 1.5+ and Spring

Authentication Support Integrates with a wide variety of authentication mechanisms HTTP (Basic/Digest/X.509 certificates) LDAP (and Active Directory) Distributed authentication / Single Sign-On OAuth 1.0, OpenID, SAML, JA-SIG CAS JEE Container-managed authentication Header-based authentication (e.g., Siteminder) Custom implementations And many more… (> 30) Can support multiple mechanisms simultaneously

Authorization Support Supports authorization based on URL / URL pattern Similar to url-pattern in web.xml file Supports authorization based on method invocation Done via Aspects Supports the use of annotations Both Spring-specific and JSR-250 Can use all three mechanisms at the same time Also allows you to modify value returned, if needed

Simple Example (1) web.xml springSecFilter …DelegatingFilterProxy springSecFilter /* Still need Spring config…

Simple Example (2) applicationContext.xml (Spring configuration file) Will expect to have users defined in the XML this way…

Slightly More Complex… applicationContext.xml <intercept-url pattern=‘/**’ access=‘ROLE_USER’ requires-channel=‘https’/>

Other Features Can configure Spring Security to detect timeouts Detects requests submitted with expired session and redirects to another location Can be used to limit the number of concurrent logins by a user Limit applies to all users not to specific one(s) Supports steps to eliminate session fixation attacks Via session-fixation-protection attribute on session-management element. Allows for user-defined filters to be included in the security checking filter chain Can specify both the additional filter and where in the chain to execute it

Authorization Checking Support Default (simple examples) authorization based on: intercept-url protect-pointcut Annotations using: ) JSR-250 annotations Spring Pre/Post annotation Annotations only effective when Spring used to instantiate annotated classes! More complex models supported by subclassing AccessDecisionManager class

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.