Spring Security Patterns

VMware Tanzu
VMware TanzuVMware Tanzu
Spring Security Patterns September 2–3, 2020 springone.io Ria Stein – Spring Security Maintainer Josh Cummings – Spring Security Maintainer – @jzheaux
Secure by Default PG application.properties App H2 App App H2 application-prod.properties PG App application.properties application-dev.properties
Principle of Least Privilege Username: Forgot Password jzheaux OK Sorry, we don’t recognize that username Username: Forgot Password jzheaux OK If that username exists, we’ve just sent an email
Request Thread Local try { SecurityContext ctx = lookup(request); SecurityContextHolder.setContext(ctx); chain.doFilter(request, response); } finally { SecurityContextHolder.clearContext() } public void serviceLayerMethod() { var ctx = SecurityContextHolder.getContext(); } Stores data in a ThreadLocal so only visible to this thread Clears data so ThreadLocal can be used for next request Now data can be retrieved at the service layer ForReactiveapps,use theReactorContext insteadofThreadLocals
Composition registration.html <div class=“registration-banner”> <button class=“registration-button”> Register Now </button> </div> <div> <span>Welcome to our talk!</span> <registration/> </div> homepage.html
Stay Connected. And be secure. https://github.com/spring-projects/spring-security https://github.com/jzheaux/springone2020 #springone@s1p
1 of 6

Spring Security Patterns

Download to read offline
Software

SpringOne 2020 Spring Security Patterns Josh Cummings, Software Engineer at VMware Eleftheria Stein, Software Engineer at VMware

VMware Tanzu
VMware TanzuVMware Tanzu

Recommended

Getting Started with Spring Authorization ServerGetting Started with Spring Authorization Server
Getting Started with Spring Authorization ServerVMware Tanzu
2.7K views8 slides
Explain it to Me Like I’m 5: Oauth2 and OpenIDExplain it to Me Like I’m 5: Oauth2 and OpenID
Explain it to Me Like I’m 5: Oauth2 and OpenIDVMware Tanzu
3.4K views28 slides
Spring Framework - Spring SecuritySpring Framework - Spring Security
Spring Framework - Spring SecurityDzmitry Naskou
23.5K views95 slides
Spring SecuritySpring Security
Spring SecuritySumit Gole
1.1K views14 slides
Spring Security 5Spring Security 5
Spring Security 5Jesus Perez Franco
8.1K views36 slides
Spring SecuritySpring Security
Spring SecurityKnoldus Inc.
595 views24 slides

More Related Content

What's hot

Open Policy AgentOpen Policy Agent
Open Policy AgentTorin Sandall
7.2K views52 slides
Webauthn TutorialWebauthn Tutorial
Webauthn TutorialFIDO Alliance
12.2K views45 slides

What's hot(20)

A story of the passive aggressive sysadmin of AEMA story of the passive aggressive sysadmin of AEM
A story of the passive aggressive sysadmin of AEM
Frans Rosén2.9K views
Open Policy AgentOpen Policy Agent
Open Policy Agent
Torin Sandall7.2K views
NGINX Installation and TuningNGINX Installation and Tuning
NGINX Installation and Tuning
NGINX, Inc.10.3K views
What should a hacker know about WebDav?What should a hacker know about WebDav?
What should a hacker know about WebDav?
Mikhail Egorov8.5K views
Webauthn TutorialWebauthn Tutorial
Webauthn Tutorial
FIDO Alliance12.2K views
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & Guidelines
Prabath Siriwardena2.7K views
Spring Boot and REST APISpring Boot and REST API
Spring Boot and REST API
07.pallav625 views
Stateless authentication with OAuth 2 and JWT - JavaZone 2015Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Alvaro Sanchez-Mariscal28.3K views
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - Introduction
Knoldus Inc.6.2K views
Introducing Spring Cloud Gateway and API Hub for VMware TanzuIntroducing Spring Cloud Gateway and API Hub for VMware Tanzu
Introducing Spring Cloud Gateway and API Hub for VMware Tanzu
VMware Tanzu1.5K views
Hacking Adobe Experience Manager sitesHacking Adobe Experience Manager sites
Hacking Adobe Experience Manager sites
Mikhail Egorov13.2K views
SCIM presentation from CIS 2012SCIM presentation from CIS 2012
SCIM presentation from CIS 2012
Twobo Technologies9.5K views
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect
Nat Sakimura18.3K views
Policy Enforcement on Kubernetes with Open Policy AgentPolicy Enforcement on Kubernetes with Open Policy Agent
Policy Enforcement on Kubernetes with Open Policy Agent
VMware Tanzu631 views
Winning the Lottery with Spring: A Microservices Case Study for the Dutch Lot...Winning the Lottery with Spring: A Microservices Case Study for the Dutch Lot...
Winning the Lottery with Spring: A Microservices Case Study for the Dutch Lot...
VMware Tanzu615 views
OpenId Connect ProtocolOpenId Connect Protocol
OpenId Connect Protocol
Michael Furman2.9K views
Demystifying OAuth 2.0Demystifying OAuth 2.0
Demystifying OAuth 2.0
Karl McGuinness7.5K views
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect Explained
Vladimir Dzhuvinov11.3K views
JavaOne 2014 - Securing RESTful Resources with OAuth2JavaOne 2014 - Securing RESTful Resources with OAuth2
JavaOne 2014 - Securing RESTful Resources with OAuth2
Rodrigo Cândido da Silva18K views
Spring securitySpring security
Spring security
Saurabh Sharma900 views

Similar to Spring Security Patterns

Similar to Spring Security Patterns(20)

Java EE Connector Architecture 1.6 (JSR 322) TechnologyJava EE Connector Architecture 1.6 (JSR 322) Technology
Java EE Connector Architecture 1.6 (JSR 322) Technology
Sivakumar Thyagarajan3.3K views
Networking and Security in JavaNetworking and Security in Java
Networking and Security in Java
Conestoga Collage93 views
JDD 2016 - Michał Balinski, Oleksandr Goldobin - Practical Non Blocking Micro...JDD 2016 - Michał Balinski, Oleksandr Goldobin - Practical Non Blocking Micro...
JDD 2016 - Michał Balinski, Oleksandr Goldobin - Practical Non Blocking Micro...
PROIDEA81 views
Taking advantage of the Amazon Web Services (AWS) FamilyTaking advantage of the Amazon Web Services (AWS) Family
Taking advantage of the Amazon Web Services (AWS) Family
Ben Hall2.8K views
IRJET- A Key-Policy Attribute based Temporary Keyword Search Scheme for S...IRJET- A Key-Policy Attribute based Temporary Keyword Search Scheme for S...
IRJET- A Key-Policy Attribute based Temporary Keyword Search Scheme for S...
IRJET Journal72 views
Nestjs MasterClass SlidesNestjs MasterClass Slides
Nestjs MasterClass Slides
Nir Kaufman2.7K views
Learn Apache ShiroLearn Apache Shiro
Learn Apache Shiro
Smita Prasad659 views
Security In .Net FrameworkSecurity In .Net Framework
Security In .Net Framework
Ramakanta Behera536 views
Step-by-step Development of an Application for the Java Card Connected PlatformStep-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected Platform
Eric Vétillard1.8K views
Strata London 2018: Multi-everything with Apache PulsarStrata London 2018: Multi-everything with Apache Pulsar
Strata London 2018: Multi-everything with Apache Pulsar
Streamlio781 views
Application SecurityApplication Security
Application Security
florinc1.6K views
iOS Keychain by 흰, 민디iOS Keychain by 흰, 민디
iOS Keychain by 흰, 민디
MINJICHO20106 views
read and write program on c#read and write program on c#
read and write program on c#
zameer Abbas168 views
Serialization in javaSerialization in java
Serialization in java
Janu Jahnavi124 views
Rapid JCR Applications Development with SlingRapid JCR Applications Development with Sling
Rapid JCR Applications Development with Sling
Felix Meschberger4.2K views
Servlet session 9Servlet session 9
Servlet session 9
Anuj Singh Rajput18 views
Softshake - Offline applicationsSoftshake - Offline applications
Softshake - Offline applications
jeromevdl237 views
Leap Ahead with Redis 6.2Leap Ahead with Redis 6.2
Leap Ahead with Redis 6.2
VMware Tanzu167 views
Secureerasurecodebasedcloudstoragesystemwithsecuredataforwarding Secureerasurecodebasedcloudstoragesystemwithsecuredataforwarding
Secureerasurecodebasedcloudstoragesystemwithsecuredataforwarding
kadalisrikanth1.1K views
PCI Security Requirements - secure codingPCI Security Requirements - secure coding
PCI Security Requirements - secure coding
Haitham Raik1.3K views

More from VMware Tanzu

More from VMware Tanzu(20)

What AI Means For Your Product Strategy And What To Do About ItWhat AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About It
VMware Tanzu71 views
Make the Right Thing the Obvious Thing at Cardinal Health 2023Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023
VMware Tanzu61 views
Enhancing DevEx and Simplifying Operations at ScaleEnhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at Scale
VMware Tanzu52 views
Spring Update | July 2023Spring Update | July 2023
Spring Update | July 2023
VMware Tanzu68 views
Platforms, Platform Engineering, & Platform as a ProductPlatforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a Product
VMware Tanzu75 views
Building Cloud Ready AppsBuilding Cloud Ready Apps
Building Cloud Ready Apps
VMware Tanzu54 views
Spring Boot 3 And BeyondSpring Boot 3 And Beyond
Spring Boot 3 And Beyond
VMware Tanzu130 views
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdfSpring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
VMware Tanzu70 views
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
VMware Tanzu64 views
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
VMware Tanzu43 views
tanzu_developer_connect.pptxtanzu_developer_connect.pptx
tanzu_developer_connect.pptx
VMware Tanzu153 views
Tanzu Virtual Developer Connect Workshop - FrenchTanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - French
VMware Tanzu32 views
Tanzu Developer Connect Workshop - EnglishTanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - English
VMware Tanzu90 views
Virtual Developer Connect Workshop - EnglishVirtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - English
VMware Tanzu26 views
Tanzu Developer Connect - FrenchTanzu Developer Connect - French
Tanzu Developer Connect - French
VMware Tanzu13 views
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
VMware Tanzu77 views
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring BootSpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
VMware Tanzu114 views
SpringOne Tour: The Influential Software EngineerSpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software Engineer
VMware Tanzu39 views
SpringOne Tour: Domain-Driven Design: Theory vs PracticeSpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs Practice
VMware Tanzu22 views
SpringOne Tour: Spring Recipes: A Collection of Common-Sense SolutionsSpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
VMware Tanzu36 views

Recently uploaded

Like SpecFlowLike SpecFlow
Like SpecFlowDmitry Dorogoy
9 views35 slides

Recently uploaded(20)

Like SpecFlowLike SpecFlow
Like SpecFlow
Dmitry Dorogoy9 views
Build and Modernize Intelligent Apps​Build and Modernize Intelligent Apps​
Build and Modernize Intelligent Apps​
Lorenzo Barbieri35 views
New ThousandEyes Product Features and Release Highlights: November 2023New ThousandEyes Product Features and Release Highlights: November 2023
New ThousandEyes Product Features and Release Highlights: November 2023
ThousandEyes23 views
Building a Bridge between Terraform and ArgoCDBuilding a Bridge between Terraform and ArgoCD
Building a Bridge between Terraform and ArgoCD
Carlos Santana88 views
Building Intelligent Workplace Limits and Challenges RIGA COMM 2023 Building Intelligent Workplace Limits and Challenges RIGA COMM 2023
Building Intelligent Workplace Limits and Challenges RIGA COMM 2023
Muntis Rudzitis33 views
The Power of AI Transcription in Audio to Text ConversionThe Power of AI Transcription in Audio to Text Conversion
The Power of AI Transcription in Audio to Text Conversion
Ecango9 views
Q&A with Confluent Professional Services: Confluent Service MeshQ&A with Confluent Professional Services: Confluent Service Mesh
Q&A with Confluent Professional Services: Confluent Service Mesh
confluent31 views
IBM MQ Whats new - up to 9.3.4.pptxIBM MQ Whats new - up to 9.3.4.pptx
IBM MQ Whats new - up to 9.3.4.pptx
Matt Leming10 views
Oxygen JSON EditorOxygen JSON Editor
Oxygen JSON Editor
Octavian Nadolu20 views
Loading your Life into a Vector DatabaseLoading your Life into a Vector Database
Loading your Life into a Vector Database
Ben Church12 views
If your code could speak, what would it tell you? Let GitHub Copilot Chat hel...If your code could speak, what would it tell you? Let GitHub Copilot Chat hel...
If your code could speak, what would it tell you? Let GitHub Copilot Chat hel...
Maxim Salnikov15 views
Citi Tech Talk: Event Driven Kafka MicroservicesCiti Tech Talk: Event Driven Kafka Microservices
Citi Tech Talk: Event Driven Kafka Microservices
confluent14 views
Newsletter Linchpin AI Review ✍️ (Bonus Worth $997).pdfNewsletter Linchpin AI Review ✍️ (Bonus Worth $997).pdf
Newsletter Linchpin AI Review ✍️ (Bonus Worth $997).pdf
LouisaHall26 views
HTMX: Web 1.0 with the benefits of Web 2.0 without the grift of Web 3.0HTMX: Web 1.0 with the benefits of Web 2.0 without the grift of Web 3.0
HTMX: Web 1.0 with the benefits of Web 2.0 without the grift of Web 3.0
Martijn Dashorst1K views
Using the power of OpenAI with your own data: what's possible and how to start?Using the power of OpenAI with your own data: what's possible and how to start?
Using the power of OpenAI with your own data: what's possible and how to start?
Maxim Salnikov21 views
Things to Keep in Mind While Hiring a DevOps Consulting Company.pdfThings to Keep in Mind While Hiring a DevOps Consulting Company.pdf
Things to Keep in Mind While Hiring a DevOps Consulting Company.pdf
Flexsin 16 views
Java-ML-lego-j-fallJava-ML-lego-j-fall
Java-ML-lego-j-fall
Jago de Vreede45 views
Unleashing the Power of Generative AI.pdfUnleashing the Power of Generative AI.pdf
Unleashing the Power of Generative AI.pdf
TomHalpin922 views
linux-namespaces.pdflinux-namespaces.pdf
linux-namespaces.pdf
Ignat Korchagin17 views
MAXQDA-24-Features-EN.pdfMAXQDA-24-Features-EN.pdf
MAXQDA-24-Features-EN.pdf
Cheer Chain Enterprise Co., Ltd.153 views

Spring Security Patterns