Submit Search
Upload
Spring security 3
•
1 like
•
804 views
IT Weekend
Follow
by Maksym Titov
Read less
Read more
Technology
Report
Share
Report
Share
1 of 16
Download Now
Download to read offline
Recommended
Secure Middleware with JBoss AS 5
Secure Middleware with JBoss AS 5
Anil Saldanha
Physical Access Control and Identity Management
Physical Access Control and Identity Management
Mayank Jain
Pattern For Ws Security
Pattern For Ws Security
Gianfranco Conti
Distributed cache service
Distributed cache service
prajeeshprathap
Chapter (2) 2
Chapter (2) 2
YA11
Jsug 20160422 slides
Jsug 20160422 slides
Yuichi Hasegawa
Spring Security
Spring Security
Boy Tech
Spring Day 2016 - Web API アクセス制御の最適解
Spring Day 2016 - Web API アクセス制御の最適解
都元ダイスケ Miyamoto
More Related Content
Similar to Spring security 3
ASP.NET Web Security
ASP.NET Web Security
SharePointRadi
Spring Security.ppt
Spring Security.ppt
Patiento Del Mar
SqlSa94
SqlSa94
Gabriel Villa
Security As A Service
Security As A Service
guest536dd0e
Java secure development part 3
Java secure development part 3
Rafel Ivgi
Securing you SQL Server - Denver, RMTT
Securing you SQL Server - Denver, RMTT
Gabriel Villa
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
Risk Analysis Consultants, s.r.o.
Java EE Web Security By Example: Frank Kim
Java EE Web Security By Example: Frank Kim
jaxconf
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...
IBM Danmark
Java Web Programming [9/9] : Web Application Security
Java Web Programming [9/9] : Web Application Security
IMC Institute
Spring Framework - Spring Security
Spring Framework - Spring Security
Dzmitry Naskou
Positive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-rays
qqlan
Fortress SQL Server
Fortress SQL Server
webhostingguy
Database Systems Security
Database Systems Security
amiable_indian
The hidden gems of Spring Security
The hidden gems of Spring Security
Massimiliano Dessì
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...
Amazon Web Services
Utilize the Full Power of GlassFish Server and Java EE Security
Utilize the Full Power of GlassFish Server and Java EE Security
Masoud Kalali
Spring Security 3
Spring Security 3
Jason Ferguson
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
MongoDB
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management Program
BeyondTrust
Similar to Spring security 3
(20)
ASP.NET Web Security
ASP.NET Web Security
Spring Security.ppt
Spring Security.ppt
SqlSa94
SqlSa94
Security As A Service
Security As A Service
Java secure development part 3
Java secure development part 3
Securing you SQL Server - Denver, RMTT
Securing you SQL Server - Denver, RMTT
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
Java EE Web Security By Example: Frank Kim
Java EE Web Security By Example: Frank Kim
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...
Java Web Programming [9/9] : Web Application Security
Java Web Programming [9/9] : Web Application Security
Spring Framework - Spring Security
Spring Framework - Spring Security
Positive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-rays
Fortress SQL Server
Fortress SQL Server
Database Systems Security
Database Systems Security
The hidden gems of Spring Security
The hidden gems of Spring Security
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...
Utilize the Full Power of GlassFish Server and Java EE Security
Utilize the Full Power of GlassFish Server and Java EE Security
Spring Security 3
Spring Security 3
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management Program
More from IT Weekend
Quality attributes testing. From Architecture to test acceptance
Quality attributes testing. From Architecture to test acceptance
IT Weekend
Mobile development for JavaScript developer
Mobile development for JavaScript developer
IT Weekend
Building an Innovation & Strategy Process
Building an Innovation & Strategy Process
IT Weekend
IT Professionals – The Right Time/The Right Place
IT Professionals – The Right Time/The Right Place
IT Weekend
Building a Data Driven Organization
Building a Data Driven Organization
IT Weekend
7 Tools for the Product Owner
7 Tools for the Product Owner
IT Weekend
Hacking your Doorbell
Hacking your Doorbell
IT Weekend
An era of possibilities, a window in time
An era of possibilities, a window in time
IT Weekend
Web services automation from sketch
Web services automation from sketch
IT Weekend
Why Ruby?
Why Ruby?
IT Weekend
REST that won't make you cry
REST that won't make you cry
IT Weekend
Как договариваться с начальником и заказчиком: выбираем нужный протокол общения
Как договариваться с начальником и заказчиком: выбираем нужный протокол общения
IT Weekend
Обзор программы SAP HANA Startup Focus
Обзор программы SAP HANA Startup Focus
IT Weekend
World of Agile: Kanban
World of Agile: Kanban
IT Weekend
Risk Management
Risk Management
IT Weekend
«Spring Integration as Integration Patterns Provider»
«Spring Integration as Integration Patterns Provider»
IT Weekend
Cutting edge of Machine Learning
Cutting edge of Machine Learning
IT Weekend
Parallel Programming In Modern World .NET Technics
Parallel Programming In Modern World .NET Technics
IT Weekend
Parallel programming in modern world .net technics shared
Parallel programming in modern world .net technics shared
IT Weekend
Maximize Effectiveness of Human Capital
Maximize Effectiveness of Human Capital
IT Weekend
More from IT Weekend
(20)
Quality attributes testing. From Architecture to test acceptance
Quality attributes testing. From Architecture to test acceptance
Mobile development for JavaScript developer
Mobile development for JavaScript developer
Building an Innovation & Strategy Process
Building an Innovation & Strategy Process
IT Professionals – The Right Time/The Right Place
IT Professionals – The Right Time/The Right Place
Building a Data Driven Organization
Building a Data Driven Organization
7 Tools for the Product Owner
7 Tools for the Product Owner
Hacking your Doorbell
Hacking your Doorbell
An era of possibilities, a window in time
An era of possibilities, a window in time
Web services automation from sketch
Web services automation from sketch
Why Ruby?
Why Ruby?
REST that won't make you cry
REST that won't make you cry
Как договариваться с начальником и заказчиком: выбираем нужный протокол общения
Как договариваться с начальником и заказчиком: выбираем нужный протокол общения
Обзор программы SAP HANA Startup Focus
Обзор программы SAP HANA Startup Focus
World of Agile: Kanban
World of Agile: Kanban
Risk Management
Risk Management
«Spring Integration as Integration Patterns Provider»
«Spring Integration as Integration Patterns Provider»
Cutting edge of Machine Learning
Cutting edge of Machine Learning
Parallel Programming In Modern World .NET Technics
Parallel Programming In Modern World .NET Technics
Parallel programming in modern world .net technics shared
Parallel programming in modern world .net technics shared
Maximize Effectiveness of Human Capital
Maximize Effectiveness of Human Capital
Recently uploaded
Keep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES Live
IES VE
UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3
DianaGray10
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
xtailishbaloch
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024
Brian Pichman
AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024
Brian Pichman
Automation Ops Series: Session 2 - Governance for UiPath projects
Automation Ops Series: Session 2 - Governance for UiPath projects
DianaGray10
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
ThousandEyes
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
EMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? Webinar
ThousandEyes
Extra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdf
Infopole1
Scenario Library et REX Discover industry- and role- based scenarios
Scenario Library et REX Discover industry- and role- based scenarios
Erol GIRAUDY
IT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced Computing
MAGNIntelligence
The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)
IES VE
Graphene Quantum Dots-Based Composites for Biomedical Applications
Graphene Quantum Dots-Based Composites for Biomedical Applications
nooralam814309
Oracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptx
Satishbabu Gunukula
UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4
DianaGray10
From the origin to the future of Open Source model and business
From the origin to the future of Open Source model and business
Francesco Corti
Top 10 Squarespace Development Companies
Top 10 Squarespace Development Companies
TopCSSGallery
Novo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4j
Neo4j
Recently uploaded
(20)
Keep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES Live
UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024
Automation Ops Series: Session 2 - Governance for UiPath projects
Automation Ops Series: Session 2 - Governance for UiPath projects
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
EMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? Webinar
Extra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdf
Scenario Library et REX Discover industry- and role- based scenarios
Scenario Library et REX Discover industry- and role- based scenarios
IT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced Computing
The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)
Graphene Quantum Dots-Based Composites for Biomedical Applications
Graphene Quantum Dots-Based Composites for Biomedical Applications
Oracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptx
UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4
From the origin to the future of Open Source model and business
From the origin to the future of Open Source model and business
Top 10 Squarespace Development Companies
Top 10 Squarespace Development Companies
Novo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4j
Spring security 3
1.
Spring security 3
Maksym Titov 27.4.2011
2.
Why Spring Security? Popularity,
Features
3.
Three easy steps
4.
Filter chain
5.
User experience
6.
Password change management
InMemoryDaoImpl Configuration Page Controller
7.
Securing Credential Storage Database
8.
Advanced configuration of JdbcDaoImpl User
Legacy groups schema
9.
Secure passwords Encoding, salt
10.
‘Remember me’
Safe, but be careful
11.
SSL Transport layer security
12.
Business layer security public
interface IUserService { @PreAuthorize("hasRole('ROLE_USER')") public void changePassword(String username, String password); } @PreAuthorize JSR-250 compliant rules @Secured Aspect Oriented Programming Conditional rendering
13.
Internal customization SECURITY FILTER
AUTHENTICATION PROVIDER
14.
Session management and
concurrency Session fixation Concurrent session control
15.
Exception handling <http
auto-config="true" ...> <access-denied-handler error-page = "/accessDenied.do"/> </http> AuthenticationException AccessDeniedException
16.
External security systems Active
directory OpenId LDAP
Editor's Notes
-it packages up everything you need to implement a top-to-bottom application security-integration with many common enterprise authentication systems
Implementing a Spring Security XMLconfiguration file<?xml version="1.0" encoding="UTF-8"?><beans:beansxmlns="http://www.springframework.org/schema/security"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xmlns:beans="http://www.springframework.org/schema/beans"xsi:schemaLocation="http://www.springframework.org/schema/beanshttp://www.springframework.org/schema/beans/spring-beans.xsdhttp://www.springframework.org/schema/securityhttp://www.springframework.org/schema/security/spring-security-3.0.xsd"> <http auto-config="true"> <intercept-url pattern="/*" access="ROLE_USER"/> </http> <authentication-manager alias="authenticationManager"> <authentication-provider> <user-service> <user authorities="ROLE_USER" name="guest" password="guest"/> </user-service> </authentication-provider> </authentication-manager></beans:beans>Adding the Spring DelegatingFilterProxyto your web.xml file<filter> <filter-name>springSecurityFilterChain</filter-name> <filterclass>org.springframework.web.filter.DelegatingFilterProxy </filter-class></filter><filter-mapping><filter-name>springSecurityFilterChain</filter-name><url-pattern>/*</url-pattern></filter-mapping>Adding the Spring Security XML configurationfile reference to web.xml<servlet> <servlet-name>dogstore</servlet-name> <servletclass>org.springframework.web.servlet.DispatcherServlet </servlet-class> <load-on-startup>1</load-on-startup></servlet>
Login page customization – login controllerlogin JSP<http auto-config="true" use-expressions="true"><intercept-url pattern="/*" access="hasRole('ROLE_USER')"/><form-login login-page="/login.do" /></http>
Download Now