Presentation is loading. Please wait.

Presentation is loading. Please wait.

WAM and the Java Stack. Disclaimer This is a training NOT a presentation. – Be prepared to learn and participate in labs Please ask questions Prerequisites:

Published byMeghan Laureen Elliott Modified over 8 years ago

Similar presentations

Presentation on theme: "WAM and the Java Stack. Disclaimer This is a training NOT a presentation. – Be prepared to learn and participate in labs Please ask questions Prerequisites:"— Presentation transcript:

1 WAM and the Java Stack

2 Disclaimer This is a training NOT a presentation. – Be prepared to learn and participate in labs Please ask questions Prerequisites: – Basic Java knowledge – Basic Spring knowledge – LDS Account Integration Training – Part 1

3 Outline Spring Security and Authorization WAM (Web Access Management) WAM integration w/o Spring Security WAM integration w/ Spring Security

4 Review Authentication vs. Authorization Previously discussed authentication with Spring Security Now focus on authorization with Spring Security

5 Authorization with Spring Security http://static.springsource.org/spring- security/site/features.html – Comprehensive Authorization Services HTTP requests authorization (securing urls) @PreAuthorize annotation

6 Protecting Urls Example of protecting urls

7 ???? Fine grained authorization Content only visible to users who have the “chicken" authority in their list of GrantedAuthority(s). Content only visible to users authorized to send requests to the "/chicken" URL.

8 @PreAuthorize annotation Scanning enabled with following element: Some examples: @PreAuthorize("hasRole('ROLE_ADMIN')") public void create(User newUser); @PreAuthorize("#user.username == authentication.username") public void doSomething(User user);

9

10 Authorities Populators http://code.lds.org/maven- sites/stack/module.html?module=lds- account/stack-lds-account- spring/index.html#Authorities_Populators Example TODO: show example of specifying on a authentication element

11 Demo

12 WAM (Web Access Management)

13 What is WAM? WAM stands for Web Access Management Authentication – Authentication management – Single Sign-on Authorization – Url (course-grained) – Entitlements (fine-grained)

14 Architectural Overview of WAM

15 Injected Headers WAM injected headers: – https://tech.lds.org/wiki/SSO_Injected_Headers How the headers map with LDS Account (LDAP) attributes: – https://ldsteams.ldschurch.org/sites/wam/Implemen tation%20Details/HTTP%20Headers.aspx Required headers – policy-ldsaccountid – policy-cn

16 Wamulator For complete documentation: – http://tech.lds.org/wiki/WAMulator WAM Maven plugin provided to start/stop the wamulator

17 Demo

18 Stack / WAM integration w/o Spring Security code.lds.org/maven- sites/stack/module.html?module=lds- account/stack-lds-account- wam/index.html#Configuration wamContextFilter org.lds.stack.wam.filter.WamContextFilter wamContextFilter /*

19 WamContext Accessed with: WamContexts consists of 3 main parts: – LdsAccountDetails object – WamRequestProvider – EntitlementService WamContextHolder.getWamContext(); WamContextHolder.getWamContext().getLdsAccountDetails().getPreferredName(); WamContextHolder.getWamContext().getWamRequestProvider ().getCookieHeader(); WamContextHolder.getWamContext().getEntitlementService()….

20 Demo

21 Lab 1 https://tech.lds.org/wiki/WAM_Integration_- _Part_1#Lab_1

22 WAM and Spring Security

23 Why WAM and Spring Security? Spring Security provides – Full featured authorization system – Abstraction to authentication and authorization – Allows for complex fallback authentication systems – Facilitates proxy support

24 WAM Spring Security Integration Integration point <intercept url TODO …

25 Demo

26 Spring Security and WAM authorization Spring provides programming tools – Full featured EL capabilities – Convenient annotations – Management central to the application

27 Spring Security EntryPoint Simplifies WAM configuration / management Utilizes WAM for authentication – User details injected if authenticated Allows course grained authorization to be managed within the application

28 Spring Integration

29 Demo

30 Lab 2 https://tech.lds.org/wiki/WAM_Integration_- _Part_1#Lab_2

31 Conclusion LDS Account rocks! The Java Stack integration with LDS Account and Spring Security rocks!

32 Credit Where Credit is Due http:// http://static.springsource.org/spring- security/site/docs/3.1.x/reference/springsecurity -single.html Spring Security 3 – by Peter Mularien http://en.wikipedia.org/wiki/

Download ppt "WAM and the Java Stack. Disclaimer This is a training NOT a presentation. – Be prepared to learn and participate in labs Please ask questions Prerequisites:"

Similar presentations

WebGoat & WebScarab “What is computer security for $1000 Alex?”

WebGoat & WebScarab “What is computer security for $1000 Alex?”
Web Services with Apache CXF

Web Services with Apache CXF
A Brief Introduction 2012 Spring Security. What is it? Security toolkit for Java applications Primarily intended for web applications Open Source from.

A Brief Introduction 2012 Spring Security. What is it? Security toolkit for Java applications Primarily intended for web applications Open Source from.
Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.

Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.
Novell iChain ® 2.x Configuration Using the Web Server Accelerator Wizard Cary Andrews Senior Software Engineer Novell, Inc.

Novell iChain ® 2.x Configuration Using the Web Server Accelerator Wizard Cary Andrews Senior Software Engineer Novell, Inc.
Copyright B. Wilkinson, 2008. This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.

Copyright B. Wilkinson, This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.
1 Classification: Genpact Internal.  Tool From Oracle  Works with Oracle Database  PL/SQL Based  Widely Used with Oracle Applications  Can be Used.

1 Classification: Genpact Internal.  Tool From Oracle  Works with Oracle Database  PL/SQL Based  Widely Used with Oracle Applications  Can be Used.
Application Architectures Vijayan Sugumaran Department of DIS Oakland University.

Application Architectures Vijayan Sugumaran Department of DIS Oakland University.
What Can You do With BTM? Business Transaction Management touches the following disciplines:  Performance Management  Application Management  Capacity.

What Can You do With BTM? Business Transaction Management touches the following disciplines:  Performance Management  Application Management  Capacity.
LDS Account and the Java Stack. Disclaimer This is a training NOT a presentation. – Be prepared to learn and participate in labs Please ask questions.

LDS Account and the Java Stack. Disclaimer This is a training NOT a presentation. – Be prepared to learn and participate in labs Please ask questions.
Introduction to the Java Stack Michael Youngstrom.

Introduction to the Java Stack Michael Youngstrom.
Digital Object: A Virtual Online Storage Solution 598C Course Project Huajing Li.

Digital Object: A Virtual Online Storage Solution 598C Course Project Huajing Li.
W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.

W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.
Intermediate Spring Matt Wheeler. Notes This is a training NOT a presentation Please ask questions Prerequisites – Introduction to Java Stack – Basic.

Intermediate Spring Matt Wheeler. Notes This is a training NOT a presentation Please ask questions Prerequisites – Introduction to Java Stack – Basic.
Spring Overview, Application demo -Midhila Paineni 09/23/2011 Spring Overview, Application demo9/8/20151.

Spring Overview, Application demo -Midhila Paineni 09/23/2011 Spring Overview, Application demo9/8/20151.
Get more out of 11i with Oracle ADI Richard Byrom Oracle Applications Consultant Appsworld January 2003.

Get more out of 11i with Oracle ADI Richard Byrom Oracle Applications Consultant Appsworld January 2003.
Internationalization and the Java Stack Part 1 Matt Wheeler.

Internationalization and the Java Stack Part 1 Matt Wheeler.
What’s new in Stack 3.2 Michael Youngstrom. Disclaimer This IS a presentation – So sit back and relax Please ask questions.

What’s new in Stack 3.2 Michael Youngstrom. Disclaimer This IS a presentation – So sit back and relax Please ask questions.
Internationalization and the Java Stack Matt Wheeler.

Internationalization and the Java Stack Matt Wheeler.
LDS Account Integration. Disclaimer This is a training NOT a presentation. – Be prepared to learn and participate in labs Please ask questions Prerequisites:

LDS Account Integration. Disclaimer This is a training NOT a presentation. – Be prepared to learn and participate in labs Please ask questions Prerequisites:

Similar presentations

Ads by Google