Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Spring Security Patterns


Published on

SpringOne 2020
Spring Security Patterns

Josh Cummings, Software Engineer at VMware
Eleftheria Stein, Software Engineer at VMware

Published in: Software
  • Be the first to comment

  • Be the first to like this

Spring Security Patterns

  1. 1. Spring Security Patterns September 2–3, 2020 Ria Stein – Spring Security Maintainer Josh Cummings – Spring Security Maintainer – @jzheaux
  2. 2. Secure by Default PG App H2 App App H2 PG App
  3. 3. Principle of Least Privilege Username: Forgot Password jzheaux OK Sorry, we don’t recognize that username Username: Forgot Password jzheaux OK If that username exists, we’ve just sent an email
  4. 4. Request Thread Local try { SecurityContext ctx = lookup(request); SecurityContextHolder.setContext(ctx); chain.doFilter(request, response); } finally { SecurityContextHolder.clearContext() } public void serviceLayerMethod() { var ctx = SecurityContextHolder.getContext(); } Stores data in a ThreadLocal so only visible to this thread Clears data so ThreadLocal can be used for next request Now data can be retrieved at the service layer ForReactiveapps,use theReactorContext insteadofThreadLocals
  5. 5. Composition registration.html <div class=“registration-banner”> <button class=“registration-button”> Register Now </button> </div> <div> <span>Welcome to our talk!</span> <registration/> </div> homepage.html
  6. 6. Stay Connected. And be secure. #springone@s1p