SlideShare a Scribd company logo

ICW Developer Conference - Instance-based Security with SAF

K
krasserm
TechnologyBusiness
1 of 8
Download to read offline
ICW Developer Conference - May 2008 Instance-based Security with the Security Annotation Framework (SAF) ICW Developer Conference Martin Krasser / 07.05.2008 Martin Krasser • Software Architect @ Professional Gate • Focus - Application Security - Application Integration Platforms - Application Integration Solutions - Research & Development 07.05.2008 ICW Developer Conference Security - Instance-based Security with SAF 13 - 1
ICW Developer Conference - May 2008 Agenda • Introduction • Architecture • Code Examples • Outlook • Live Demo 07.05.2008 ICW Developer Conference Overview • Open Source Security Project @ sourceforge.net - Instance-level access control - Attribute-level encryption • Driven by Java 5 Annotations - @Secure and @Filter annotations to enforce access decisions - @Encrypt annotation to trigger encryption/decryption operations • Framework with provider interfaces (SPI) for - Authorization Providers - Encryption Providers - Reference implementations available 07.05.2008 ICW Developer Conference Security - Instance-based Security with SAF 13 - 2
ICW Developer Conference - May 2008 Motivations • Java EE doesn‘t provide instance-level access control mechanisms - Access decisions and policy definitions in Java EE only based on static application properties (methods, ...) - Instance-level access control is additionally based on runtime application properties (domain object state, ...) • Encryption mechanisms decoupled from data storage/binding mechanisms - No Hibernate-specific encryption interceptors ... - No JAXB-specific marshal/unmarshal listeners ... • Avoid complex configurations - No need to deal with Spring/AspectJ AOP details - Place security interceptors using annotations • Support for pluggable authorization and crypto providers - Access control and encryption logic provided by plugins/providers - Different applications have significantly different access control and encryption requirements 07.05.2008 ICW Developer Conference History • SAF initially developed as part of the eHF - Refactoring of complex Spring/AspectJ AOP configurations • Open source since March 2007 - Apache 2.0 License • Three releases so far - Latest release is 0.8.2 (production-stable) - Current development on 0.9-SNAPSHOT 07.05.2008 ICW Developer Conference Security - Instance-based Security with SAF 13 - 3
ICW Developer Conference - May 2008 SAF Access Control Architecture Security Domain SAF Core Requestor Interceptor Object AccessManager SAF JAAS Authorization Spring Security Provider ... • Security Interceptor (Policy Enforcement Point) - Implemented by annotating domain objects, methods and method parameters • Authorization Providers (Policy Decision Point) - Makes access decisions based on class instances - Reference implementation based on JAAS extensions 07.05.2008 ICW Developer Conference SAF Crypto Architecture Crypto Instance SAF Core Requestor Interceptor Attribute CryptoProvider SAF Crypto Crypto ... Provider • Crypto Interceptor - Implemented by annotating instance attributes • Crypto Service Provider - Runs encrypt/decrypt operations - Reference implementation coming soon 07.05.2008 ICW Developer Conference Security - Instance-based Security with SAF 13 - 4
ICW Developer Conference - May 2008 Code Example – Access Control 07.05.2008 ICW Developer Conference Code Example – Attribute Encryption • BUT: No crypto operations for access via reflection • Hibernate can be configured for reflective access (field access) - Encrypted storage of attribute values in databases • JAXB2 can be configured for reflective access (field access) - XML binding of encrypted attribute values 07.05.2008 ICW Developer Conference Security - Instance-based Security with SAF 13 - 5
ICW Developer Conference - May 2008 Configuration Spring 2.5 Application Context Provider Implementations loads 07.05.2008 ICW Developer Conference Behind the Scenes Client Spring AOP AspectJ Spring Method Enhanced AspectJ RT CT Bytecode AOP Proxy Interceptor Advice Domain Object Application Service SAF Spring Bean Infrastructure RT Created at runtime Access Created at compile time Manager CT 07.05.2008 ICW Developer Conference Security - Instance-based Security with SAF 13 - 6
ICW Developer Conference - May 2008 Outlook – 1.0 Release • Crypto provider reference implementation • AspectJ load-time weaving • AspectJ 1.6 upgrade - Support for parameter-level annotations • OSGi support - Make SAF components OSGi compliant bundles - OSGi sample application using SAF components • Security annotations on - Static domain object methods - Constructors • Documentation extensions - Document new features, more examples - Translate Java Magazin article to English • Acegi authorization provider integration (optional) 07.05.2008 ICW Developer Conference Resources • Project Site - http://sourceforge.net/projects/safr • Web Site - http://safr.sourceforge.net/ • Article - Instanz-basierte Zugriffskontrolle, Java Magazin 7.2007 07.05.2008 ICW Developer Conference Security - Instance-based Security with SAF 13 - 7
ICW Developer Conference - May 2008 Live Demo • Notebook web application 07.05.2008 ICW Developer Conference Thank you for your attention! martin.krasser@icw.de Security - Instance-based Security with SAF 13 - 8

Recommended

Cisco Study: State of Web Security
Cisco Study: State of Web Security Cisco Study: State of Web Security
Cisco Study: State of Web Security Cisco Canada
 
Netflow analyzer- Datasheet
Netflow analyzer- DatasheetNetflow analyzer- Datasheet
Netflow analyzer- DatasheetINSPIRIT BRASIL
 
HTLV - DSS @Vilnius 2010
HTLV - DSS @Vilnius 2010HTLV - DSS @Vilnius 2010
HTLV - DSS @Vilnius 2010Andris Soroka
 
Forecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Forecast 2012 Panel: Security POC NAB, Terremark, TrapezoidForecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Forecast 2012 Panel: Security POC NAB, Terremark, TrapezoidOpen Data Center Alliance
 
OpSource Enterprise-Class Security
OpSource Enterprise-Class Security OpSource Enterprise-Class Security
OpSource Enterprise-Class Security OpSource
 
CCNA Security - Chapter 8
CCNA Security - Chapter 8CCNA Security - Chapter 8
CCNA Security - Chapter 8Irsandi Hasan
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data CenterCisco Canada
 
Palo alto networks product overview
Palo alto networks product overviewPalo alto networks product overview
Palo alto networks product overviewBelsoft
 

Recommended

Cisco Study: State of Web Security
Cisco Study: State of Web Security Cisco Study: State of Web Security
Cisco Study: State of Web Security Cisco Canada
 
Netflow analyzer- Datasheet
Netflow analyzer- DatasheetNetflow analyzer- Datasheet
Netflow analyzer- DatasheetINSPIRIT BRASIL
 
HTLV - DSS @Vilnius 2010
HTLV - DSS @Vilnius 2010HTLV - DSS @Vilnius 2010
HTLV - DSS @Vilnius 2010Andris Soroka
 
Forecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Forecast 2012 Panel: Security POC NAB, Terremark, TrapezoidForecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Forecast 2012 Panel: Security POC NAB, Terremark, TrapezoidOpen Data Center Alliance
 
OpSource Enterprise-Class Security
OpSource Enterprise-Class Security OpSource Enterprise-Class Security
OpSource Enterprise-Class Security OpSource
 
CCNA Security - Chapter 8
CCNA Security - Chapter 8CCNA Security - Chapter 8
CCNA Security - Chapter 8Irsandi Hasan
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data CenterCisco Canada
 
Palo alto networks product overview
Palo alto networks product overviewPalo alto networks product overview
Palo alto networks product overviewBelsoft
 
FortiGate-310B Datasheet
FortiGate-310B DatasheetFortiGate-310B Datasheet
FortiGate-310B Datasheetdemoteam
 
Datasheet stonegate ips-allinone
Datasheet stonegate ips-allinoneDatasheet stonegate ips-allinone
Datasheet stonegate ips-allinoneMultibyte Consultoria
 
Datasheet stonegate fw-allinone
Datasheet stonegate fw-allinoneDatasheet stonegate fw-allinone
Datasheet stonegate fw-allinoneMultibyte Consultoria
 
Secure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by PorticorSecure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by PorticorNewvewm
 
F5's IP Intelligence Service
F5's IP Intelligence ServiceF5's IP Intelligence Service
F5's IP Intelligence ServiceF5 Networks
 
Switch
SwitchSwitch
Switch1 2d
 
ISE_Pub
ISE_PubISE_Pub
ISE_PubWill Hatcher
 
F5 Networks: Introduction to Silverline WAF (web application firewall)
F5 Networks: Introduction to Silverline WAF (web application firewall)F5 Networks: Introduction to Silverline WAF (web application firewall)
F5 Networks: Introduction to Silverline WAF (web application firewall)F5 Networks
 
OCS LIA
OCS LIAOCS LIA
OCS LIAsimoninsa
 
Azure F5 Solutions
Azure F5 SolutionsAzure F5 Solutions
Azure F5 SolutionsMarketingArrowECS_CZ
 
Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Yes, you can be pci compliant using a public iaas cloud a case study by phi...Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Yes, you can be pci compliant using a public iaas cloud a case study by phi...Khazret Sapenov
 
Integrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processesIntegrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processesVladimir Jirasek
 
Demystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISEDemystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISECisco Canada
 
Data Center Security Now and into the Future
Data Center Security Now and into the FutureData Center Security Now and into the Future
Data Center Security Now and into the FutureCisco Security
 
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks VMworld
 
Simplifying the secure data center
Simplifying the secure data centerSimplifying the secure data center
Simplifying the secure data centerCisco Canada
 
Key Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation FirewallsKey Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation FirewallsAlgoSec
 
Data Center Security
Data Center SecurityData Center Security
Data Center SecurityCisco Canada
 
BIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionBIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionF5 Networks
 
Refense Security Risk Briefing July 2009
Refense Security Risk Briefing July 2009Refense Security Risk Briefing July 2009
Refense Security Risk Briefing July 2009apompliano
 
Zephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdfZephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdfibramax
 
Top 10 IaaS Highlights for Developers
Top 10 IaaS Highlights for DevelopersTop 10 IaaS Highlights for Developers
Top 10 IaaS Highlights for DevelopersMicrosoft Tech Community
 

More Related Content

What's hot

FortiGate-310B Datasheet
FortiGate-310B DatasheetFortiGate-310B Datasheet
FortiGate-310B Datasheetdemoteam
 
Secure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by PorticorSecure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by PorticorNewvewm
 
F5's IP Intelligence Service
F5's IP Intelligence ServiceF5's IP Intelligence Service
F5's IP Intelligence ServiceF5 Networks
 
Switch
SwitchSwitch
Switch1 2d
 
F5 Networks: Introduction to Silverline WAF (web application firewall)
F5 Networks: Introduction to Silverline WAF (web application firewall)F5 Networks: Introduction to Silverline WAF (web application firewall)
F5 Networks: Introduction to Silverline WAF (web application firewall)F5 Networks
 
Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Yes, you can be pci compliant using a public iaas cloud a case study by phi...Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Yes, you can be pci compliant using a public iaas cloud a case study by phi...Khazret Sapenov
 
Integrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processesIntegrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processesVladimir Jirasek
 
Demystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISEDemystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISECisco Canada
 
Data Center Security Now and into the Future
Data Center Security Now and into the FutureData Center Security Now and into the Future
Data Center Security Now and into the FutureCisco Security
 
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks VMworld
 
Simplifying the secure data center
Simplifying the secure data centerSimplifying the secure data center
Simplifying the secure data centerCisco Canada
 
Key Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation FirewallsKey Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation FirewallsAlgoSec
 
Data Center Security
Data Center SecurityData Center Security
Data Center SecurityCisco Canada
 
BIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionBIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionF5 Networks
 
Refense Security Risk Briefing July 2009
Refense Security Risk Briefing July 2009Refense Security Risk Briefing July 2009
Refense Security Risk Briefing July 2009apompliano
 

What's hot (20)

FortiGate-310B Datasheet
FortiGate-310B DatasheetFortiGate-310B Datasheet
FortiGate-310B Datasheet
 
Datasheet stonegate ips-allinone
Datasheet stonegate ips-allinoneDatasheet stonegate ips-allinone
Datasheet stonegate ips-allinone
 
Datasheet stonegate fw-allinone
Datasheet stonegate fw-allinoneDatasheet stonegate fw-allinone
Datasheet stonegate fw-allinone
 
Secure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by PorticorSecure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by Porticor
 
F5's IP Intelligence Service
F5's IP Intelligence ServiceF5's IP Intelligence Service
F5's IP Intelligence Service
 
Switch
SwitchSwitch
Switch
 
ISE_Pub
ISE_PubISE_Pub
ISE_Pub
 
F5 Networks: Introduction to Silverline WAF (web application firewall)
F5 Networks: Introduction to Silverline WAF (web application firewall)F5 Networks: Introduction to Silverline WAF (web application firewall)
F5 Networks: Introduction to Silverline WAF (web application firewall)
 
OCS LIA
OCS LIAOCS LIA
OCS LIA
 
Azure F5 Solutions
Azure F5 SolutionsAzure F5 Solutions
Azure F5 Solutions
 
Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Yes, you can be pci compliant using a public iaas cloud a case study by phi...Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Yes, you can be pci compliant using a public iaas cloud a case study by phi...
 
Integrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processesIntegrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processes
 
Demystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISEDemystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISE
 
Data Center Security Now and into the Future
Data Center Security Now and into the FutureData Center Security Now and into the Future
Data Center Security Now and into the Future
 
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
 
Simplifying the secure data center
Simplifying the secure data centerSimplifying the secure data center
Simplifying the secure data center
 
Key Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation FirewallsKey Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation Firewalls
 
Data Center Security
Data Center SecurityData Center Security
Data Center Security
 
BIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionBIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall Solution
 
Refense Security Risk Briefing July 2009
Refense Security Risk Briefing July 2009Refense Security Risk Briefing July 2009
Refense Security Risk Briefing July 2009
 

Similar to ICW Developer Conference - Instance-based Security with SAF

Zephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdfZephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdfibramax
 
SPEC INDIA Java Case Study
SPEC INDIA Java Case StudySPEC INDIA Java Case Study
SPEC INDIA Java Case StudySPEC INDIA
 
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the CloudsRationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the CloudsBob Rhubart
 
CCNA Security - Chapter 6
CCNA Security - Chapter 6CCNA Security - Chapter 6
CCNA Security - Chapter 6Irsandi Hasan
 
Java Platform Security Architecture
Java Platform Security ArchitectureJava Platform Security Architecture
Java Platform Security ArchitectureRamesh Nagappan
 
IBM DataPower Weekly Webcast - The Value of Datapower Frameworks - 11.03.17
IBM DataPower Weekly Webcast - The Value of Datapower Frameworks - 11.03.17 IBM DataPower Weekly Webcast - The Value of Datapower Frameworks - 11.03.17
IBM DataPower Weekly Webcast - The Value of Datapower Frameworks - 11.03.17 Natalia Kataoka
 
SaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsSaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsKannan Subbiah
 
ADDRESSING TOMORROW'S SECURITY REQUIREMENTS IN ENTERPRISE APPLICATIONS
ADDRESSING TOMORROW'S SECURITY REQUIREMENTS IN ENTERPRISE APPLICATIONSADDRESSING TOMORROW'S SECURITY REQUIREMENTS IN ENTERPRISE APPLICATIONS
ADDRESSING TOMORROW'S SECURITY REQUIREMENTS IN ENTERPRISE APPLICATIONSelliando dias
 
SUGCON EU 2023 - Secure Composable SaaS.pptx
SUGCON EU 2023 - Secure Composable SaaS.pptxSUGCON EU 2023 - Secure Composable SaaS.pptx
SUGCON EU 2023 - Secure Composable SaaS.pptxVasiliy Fomichev
 
Jain Sip Tutorial
Jain Sip TutorialJain Sip Tutorial
Jain Sip Tutorialrajibdk
 
WebSockets in Enterprise Applications
WebSockets in Enterprise ApplicationsWebSockets in Enterprise Applications
WebSockets in Enterprise ApplicationsPavel Bucek
 
IBM Impact session CICS & java a tale of liberty
IBM Impact session CICS & java a tale of libertyIBM Impact session CICS & java a tale of liberty
IBM Impact session CICS & java a tale of libertynick_garrod
 
Dr. David Movshovitz - Navajo SaaS
Dr. David Movshovitz - Navajo SaaSDr. David Movshovitz - Navajo SaaS
Dr. David Movshovitz - Navajo SaaSCSAIsrael
 
SevillaJUG - Unleash the power of your applications with Micronaut® ,GraalVM...
SevillaJUG - Unleash the power of your applications with Micronaut® ,GraalVM...SevillaJUG - Unleash the power of your applications with Micronaut® ,GraalVM...
SevillaJUG - Unleash the power of your applications with Micronaut® ,GraalVM...Juarez Junior
 
Enabling .NET Apps with Monitoring and Management Using Steeltoe
Enabling .NET Apps with Monitoring and Management Using SteeltoeEnabling .NET Apps with Monitoring and Management Using Steeltoe
Enabling .NET Apps with Monitoring and Management Using SteeltoeVMware Tanzu
 
GeeCon Prague 2023 - Unleash the power of your applications with Micronaut®, ...
GeeCon Prague 2023 - Unleash the power of your applications with Micronaut®, ...GeeCon Prague 2023 - Unleash the power of your applications with Micronaut®, ...
GeeCon Prague 2023 - Unleash the power of your applications with Micronaut®, ...Juarez Junior
 
Webinar: Unifying storage for EMC & NetApp
Webinar: Unifying storage for EMC & NetAppWebinar: Unifying storage for EMC & NetApp
Webinar: Unifying storage for EMC & NetAppJeannette Grand
 

Similar to ICW Developer Conference - Instance-based Security with SAF (20)

Zephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdfZephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdf
 
Top 10 IaaS Highlights for Developers
Top 10 IaaS Highlights for DevelopersTop 10 IaaS Highlights for Developers
Top 10 IaaS Highlights for Developers
 
SPEC INDIA Java Case Study
SPEC INDIA Java Case StudySPEC INDIA Java Case Study
SPEC INDIA Java Case Study
 
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the CloudsRationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
 
CCNA Security - Chapter 6
CCNA Security - Chapter 6CCNA Security - Chapter 6
CCNA Security - Chapter 6
 
Java Platform Security Architecture
Java Platform Security ArchitectureJava Platform Security Architecture
Java Platform Security Architecture
 
IBM DataPower Weekly Webcast - The Value of Datapower Frameworks - 11.03.17
IBM DataPower Weekly Webcast - The Value of Datapower Frameworks - 11.03.17 IBM DataPower Weekly Webcast - The Value of Datapower Frameworks - 11.03.17
IBM DataPower Weekly Webcast - The Value of Datapower Frameworks - 11.03.17
 
Enterprise Security & SSO
Enterprise Security & SSOEnterprise Security & SSO
Enterprise Security & SSO
 
SaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsSaaS Challenges & Security Concerns
SaaS Challenges & Security Concerns
 
ADDRESSING TOMORROW'S SECURITY REQUIREMENTS IN ENTERPRISE APPLICATIONS
ADDRESSING TOMORROW'S SECURITY REQUIREMENTS IN ENTERPRISE APPLICATIONSADDRESSING TOMORROW'S SECURITY REQUIREMENTS IN ENTERPRISE APPLICATIONS
ADDRESSING TOMORROW'S SECURITY REQUIREMENTS IN ENTERPRISE APPLICATIONS
 
SUGCON EU 2023 - Secure Composable SaaS.pptx
SUGCON EU 2023 - Secure Composable SaaS.pptxSUGCON EU 2023 - Secure Composable SaaS.pptx
SUGCON EU 2023 - Secure Composable SaaS.pptx
 
Jain Sip Tutorial
Jain Sip TutorialJain Sip Tutorial
Jain Sip Tutorial
 
WebSockets in Enterprise Applications
WebSockets in Enterprise ApplicationsWebSockets in Enterprise Applications
WebSockets in Enterprise Applications
 
IBM Impact session CICS & java a tale of liberty
IBM Impact session CICS & java a tale of libertyIBM Impact session CICS & java a tale of liberty
IBM Impact session CICS & java a tale of liberty
 
Dr. David Movshovitz - Navajo SaaS
Dr. David Movshovitz - Navajo SaaSDr. David Movshovitz - Navajo SaaS
Dr. David Movshovitz - Navajo SaaS
 
SevillaJUG - Unleash the power of your applications with Micronaut® ,GraalVM...
SevillaJUG - Unleash the power of your applications with Micronaut® ,GraalVM...SevillaJUG - Unleash the power of your applications with Micronaut® ,GraalVM...
SevillaJUG - Unleash the power of your applications with Micronaut® ,GraalVM...
 
Enabling .NET Apps with Monitoring and Management Using Steeltoe
Enabling .NET Apps with Monitoring and Management Using SteeltoeEnabling .NET Apps with Monitoring and Management Using Steeltoe
Enabling .NET Apps with Monitoring and Management Using Steeltoe
 
GeeCon Prague 2023 - Unleash the power of your applications with Micronaut®, ...
GeeCon Prague 2023 - Unleash the power of your applications with Micronaut®, ...GeeCon Prague 2023 - Unleash the power of your applications with Micronaut®, ...
GeeCon Prague 2023 - Unleash the power of your applications with Micronaut®, ...
 
Ashwin Resume
Ashwin ResumeAshwin Resume
Ashwin Resume
 
Webinar: Unifying storage for EMC & NetApp
Webinar: Unifying storage for EMC & NetAppWebinar: Unifying storage for EMC & NetApp
Webinar: Unifying storage for EMC & NetApp
 

Recently uploaded

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 

Recently uploaded (20)

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 

ICW Developer Conference - Instance-based Security with SAF

  • 1. ICW Developer Conference - May 2008 Instance-based Security with the Security Annotation Framework (SAF) ICW Developer Conference Martin Krasser / 07.05.2008 Martin Krasser • Software Architect @ Professional Gate • Focus - Application Security - Application Integration Platforms - Application Integration Solutions - Research & Development 07.05.2008 ICW Developer Conference Security - Instance-based Security with SAF 13 - 1
  • 2. ICW Developer Conference - May 2008 Agenda • Introduction • Architecture • Code Examples • Outlook • Live Demo 07.05.2008 ICW Developer Conference Overview • Open Source Security Project @ sourceforge.net - Instance-level access control - Attribute-level encryption • Driven by Java 5 Annotations - @Secure and @Filter annotations to enforce access decisions - @Encrypt annotation to trigger encryption/decryption operations • Framework with provider interfaces (SPI) for - Authorization Providers - Encryption Providers - Reference implementations available 07.05.2008 ICW Developer Conference Security - Instance-based Security with SAF 13 - 2
  • 3. ICW Developer Conference - May 2008 Motivations • Java EE doesn‘t provide instance-level access control mechanisms - Access decisions and policy definitions in Java EE only based on static application properties (methods, ...) - Instance-level access control is additionally based on runtime application properties (domain object state, ...) • Encryption mechanisms decoupled from data storage/binding mechanisms - No Hibernate-specific encryption interceptors ... - No JAXB-specific marshal/unmarshal listeners ... • Avoid complex configurations - No need to deal with Spring/AspectJ AOP details - Place security interceptors using annotations • Support for pluggable authorization and crypto providers - Access control and encryption logic provided by plugins/providers - Different applications have significantly different access control and encryption requirements 07.05.2008 ICW Developer Conference History • SAF initially developed as part of the eHF - Refactoring of complex Spring/AspectJ AOP configurations • Open source since March 2007 - Apache 2.0 License • Three releases so far - Latest release is 0.8.2 (production-stable) - Current development on 0.9-SNAPSHOT 07.05.2008 ICW Developer Conference Security - Instance-based Security with SAF 13 - 3
  • 4. ICW Developer Conference - May 2008 SAF Access Control Architecture Security Domain SAF Core Requestor Interceptor Object AccessManager SAF JAAS Authorization Spring Security Provider ... • Security Interceptor (Policy Enforcement Point) - Implemented by annotating domain objects, methods and method parameters • Authorization Providers (Policy Decision Point) - Makes access decisions based on class instances - Reference implementation based on JAAS extensions 07.05.2008 ICW Developer Conference SAF Crypto Architecture Crypto Instance SAF Core Requestor Interceptor Attribute CryptoProvider SAF Crypto Crypto ... Provider • Crypto Interceptor - Implemented by annotating instance attributes • Crypto Service Provider - Runs encrypt/decrypt operations - Reference implementation coming soon 07.05.2008 ICW Developer Conference Security - Instance-based Security with SAF 13 - 4
  • 5. ICW Developer Conference - May 2008 Code Example – Access Control 07.05.2008 ICW Developer Conference Code Example – Attribute Encryption • BUT: No crypto operations for access via reflection • Hibernate can be configured for reflective access (field access) - Encrypted storage of attribute values in databases • JAXB2 can be configured for reflective access (field access) - XML binding of encrypted attribute values 07.05.2008 ICW Developer Conference Security - Instance-based Security with SAF 13 - 5
  • 6. ICW Developer Conference - May 2008 Configuration Spring 2.5 Application Context Provider Implementations loads 07.05.2008 ICW Developer Conference Behind the Scenes Client Spring AOP AspectJ Spring Method Enhanced AspectJ RT CT Bytecode AOP Proxy Interceptor Advice Domain Object Application Service SAF Spring Bean Infrastructure RT Created at runtime Access Created at compile time Manager CT 07.05.2008 ICW Developer Conference Security - Instance-based Security with SAF 13 - 6
  • 7. ICW Developer Conference - May 2008 Outlook – 1.0 Release • Crypto provider reference implementation • AspectJ load-time weaving • AspectJ 1.6 upgrade - Support for parameter-level annotations • OSGi support - Make SAF components OSGi compliant bundles - OSGi sample application using SAF components • Security annotations on - Static domain object methods - Constructors • Documentation extensions - Document new features, more examples - Translate Java Magazin article to English • Acegi authorization provider integration (optional) 07.05.2008 ICW Developer Conference Resources • Project Site - http://sourceforge.net/projects/safr • Web Site - http://safr.sourceforge.net/ • Article - Instanz-basierte Zugriffskontrolle, Java Magazin 7.2007 07.05.2008 ICW Developer Conference Security - Instance-based Security with SAF 13 - 7
  • 8. ICW Developer Conference - May 2008 Live Demo • Notebook web application 07.05.2008 ICW Developer Conference Thank you for your attention! martin.krasser@icw.de Security - Instance-based Security with SAF 13 - 8