• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Spring security
 

Spring security

on

  • 750 views

 

Statistics

Views

Total Views
750
Views on SlideShare
750
Embed Views
0

Actions

Likes
1
Downloads
17
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Spring security Spring security Presentation Transcript

    • Securing Web applications using Spring Security previously called as Acegi Security
    •   Security concerns   Why Spring security?   Configuring Web authentication   And others…
    •   Principal ◦  User, device or system that performs an action   Authentication ◦  Establishing that a principal’s credentials are valid   Authorization ◦  Deciding if a principal is allowed to perform an action   Secured resource ◦  Only accessible after successful authentication/ authorization
    •   There are many authentication mechanisms ◦ basic, digest, form, X.509   There are many storage options for credential and authority information ◦ Database, LDAP, properties files,…
    •   Authorization depends on authentication ◦ Before deciding if a user can perform an action, user identity must be established   The decision process is often based on roles   ADMIN can can cancel orders   MEMBER can place orders   GUEST can browse the catalog
    •   Servlet-Spec security is not portable ◦ Requires container specific adapters and role mappings   Spring Security is portable across containers ◦ Secured archive (e.g. WAR) can be deployed as-is ◦ Also runs in standalone environments
    •   Supports all common authentication mechanisms ◦ Basic, Form, X.509, Cookies, Single-Sign-On, etc.   Provides configurable storage options for user details (credentials and authorities) ◦ RDBMS, LDAP, Properties file, custom DAOs, etc.   Uses Spring for configuration
    •   Security requirements often require customization   With Spring Security, all of the following are extensible ◦ How a principal is defined ◦ Where authentication information is stored ◦ How authorization decisions are made ◦ Where security constraints are stored
    •   Spring provides a Servlet filter for managing security for our web applications   springSecurityFilterChain is declared in web.xml   This single proxy filter delegates to a chain of Springmanaged filters ◦  Drive authentication ◦  Enforce authorization ◦  Manage logout ◦  Maintain SecurityContext in HttpSession ◦  and more
    • http://www.majrul.com contactme@majrul.com