Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Spring Security Introduction


Published on

This presentation will cover the basics of Spring Security, how Java developers can secure web application using spring security.

Published in: Software
  • Be the first to comment

Spring Security Introduction

  1. 1. Spring Security Introduction Presenter: Nishant Handa, Mindfire Solutions Date: 05/05/2015
  2. 2. What is Spring Security  It's a powerful and highly customizable authentication and access control framework for web applications/ web services  It is build on top of Spring Framework  It handles authentication and authorization and alot of things
  3. 3. What Spring Security is not  Firewal, proxy server, intrusion detection system  Operating system security  JVM sandbox security
  4. 4. What I am Assuming  You are familiar with Java  You are at least somewhat familiar with Spring Framework
  5. 5. What I will cover  Spring security introduction done with that..  Start with minimal security to you web app  User Detail Storage in database  Spring security at view layer  How to enable HTTP Basic security  Password Encryption  Let's customize some by default configuration  Let's add powerfull spring security expression language  Enable HTTPS channel via spring security  Let's implement Remember-Me functionality  Introduction to CSRF attacks..
  6. 6. Minimal security configuration  Register DelegatingFilterProxy in your application  Authentication via in-memory user details storage  Declare Intercept url pattern
  7. 7. Let's store user detail in database  Register datasource for your database as a spring bean  Use this datasource in spring security flow  You can also write your customized SQLs or Java implementation(not cover in this session)
  8. 8. Spring security at view layer  Introduction to Spring security taglibs  Display current user name  Let's control the view rendering on the basis of users role/authorities
  9. 9. Let's add HTTP basic authentication  Just add one simple tag <http-basic />
  10. 10. Password encryption  Better to go with Bcrypt mechanism
  11. 11. Let's do some customization  Customized login screen  Add logout functionality  Customize unauthorized error
  12. 12. Expression based access control  Enable expressions in spring security  Power of @Pre and @Post Annotations
  13. 13. Enable HTTPS channel  Enable https in your container  Force your application to use HTTPS channel
  14. 14. Remember-ME  Simple hash based token approach  Persistent token approach  Let's decide between comfort and security
  15. 15. Security against CSRF attacks  What the heck is this CSRF  Basic protection by spring security
  16. 16. Way to go, this is just the beginning!
  17. 17. Queries????
  18. 18. References  Spring in action 3rd edition  Pro Spring Security By Carlo Scarioni 
  19. 19. Presenter: Nishant Handa, Mindfire Solutions