SlideShare a Scribd company logo

Introduction to PicketLink

JBUG London
JBUG London

Presentation by Peter Skopek (JBoss by Red Hat) delivered at the London JBoss User Group event on the 30th of April 2014. Presentation Introductory talk to PicketLink from Federation through to Identity Management. What is PicketLink? PicketLink is an umbrella project for security and identity management for Java Applications. PicketLink is an important project under the security offerings from JBoss. A Picket Fence is a secure system of pickets joined together via some type of links. Basically, the Pickets by themselves do not offer any security. But when they are brought together by linking them, they provide the necessary security. This project is that link for other security systems or systems to bring together or join, to finally provide the necessary secure system. For more information visit http://picketlink.org/

TechnologyEducation
1 of 38
Download to read offline
Introduction to PicketLink JBUG, London JBoss by Red Hat Peter ˇSkopek, pskopek@redhat.com, twitter: @pskopek Apr 30, 2014 Abstract PicketLink is project offering multiple solutions to identity management and security for Java applications.
Section 1 Welcome
Welcome Agenda 1 Welcome 2 PicketLink Overview Areas of usage 3 Java EE Application Security Authentication API Permissions API 4 Identity Management Overview 5 PicketLink Federation Overview 6 PicketLink WildFly Subsystems Federation Identity Management
Section 2 PicketLink Overview
PicketLink Overview Areas of usage What is PicketLink? PicketLink is an Application Security Framework for Java EE applications. It provides features for authenticating users, authorizing access to the business methods of your application, managing your application’s users, groups, roles and permissions. Areas of usage: Java EE Application Security Identity Management Identity Federation Social Login Mobile Applications Security REST Applications Security
PicketLink Overview Areas of usage Areas of Usage
PicketLink Overview Areas of usage Java EE Application Security Authentication Authorization and Permissions API CDI Based Integration REST Security
PicketLink Overview Areas of usage Identity Management Built-in Identity Stores for Databases and LDAP Rich and Extensible API Multitenancy
PicketLink Overview Areas of usage Identity Federation SAML (v2.0 and v1.1) OAuth2 XACML v2 OpenID Security Token Server (STS) for WS-Trust
PicketLink Overview Areas of usage Social Login Facebook Connect Twitter Login Google+ Login
Section 3 Java EE Application Security
Java EE Application Security Authentication API PicketLink API Identity - central PicketLink API bean has following methods: boolean isLoggedIn(); AuthenticationResult login() throws AuthenticationException; void logout(); boolean hasPermission(Object resource, String operation); boolean hasPermission(Class<?>resourceClass, Serializable identifier, String operation); Account getAccount(); Please note that Identity bean is marked with @Named annotation, which means that its methods may be invoked directly from the view layer (if the view layer, such as JSF, supports it) via an EL expression.
Java EE Application Security Authentication API Authentication Example in JSF application @Named @RequestScoped public class AuthController { @Inject private FacesContext facesContext; @Inject private Conversation conversation; @Inject private Identity identity; public void login() { AuthenticationResult result = identity.login(); if (AuthenticationResult.FAILED.equals(result)) { facesContext.addMessage(null, new FacesMessage( "Authentication was unsuccessful. Please check your username and password " + "before trying again.")); } else { User user = getCurrentUser(); if (user == null) { user = createUser(getCurrentUserName()); } conversation.begin(); } } }
Java EE Application Security Authentication API Authentication Example in JSF application <h:form rendered="#{not identity.loggedIn}"> <h:panelGrid columns="2" > <h:outputLabel value="Username" /> <h:inputText value="#{loginCredentials.userId}" /> <h:outputLabel value="Password" /> <h:inputSecret value="#{loginCredentials.password}" /> <h:commandButton value="Log in" action="#{authController.login}" /> </h:panelGrid> </h:form>
Java EE Application Security Authentication API Authentication Process
Java EE Application Security Authentication API Authenticator It is a bean handling authentication. @PicketLink public class SimpleAuthenticator extends BaseAuthenticator { @Inject DefaultLoginCredentials credentials; @Override public void authenticate() { if ("jsmith".equals(credentials.getUserId()) && "abc123".equals(credentials.getPassword())) { setStatus(AuthenticationStatus.SUCCESS); setAccount(new User("jsmith")); } else { setStatus(AuthenticationStatus.FAILURE); FacesContext.getCurrentInstance().addMessage(null, new FacesMessage( "Authentication Failure - The username or password you provided were invalid.")); } } }
Java EE Application Security Authentication API Authenticator The first thing we can notice about the above code is that the class is annotated with the @PicketLink annotation. This annotation indicates that this bean should be used for the authentication process. The next thing is that the authenticator class extends something called BaseAuthenticator. Which is abstract base class provided by PicketLink which makes it easier for custom authenticator to just implement authenticate() method.
Java EE Application Security Authentication API Credentials Credentials are something that provides evidence of a user’s identity. PicketLink has extensive support for a variety of credential types, and also makes it relatively simple to add custom support for credential types that PicketLink doesn’t support out of the box itself. UsernamePasswordCredentials TOTPCredentials X509CertificateCredentials DigestCredentials
Java EE Application Security Authentication API Custom Authenticator and DefaultLoginCredentials The DefaultLoginCredentials bean is provided by PicketLink as a convenience, and is intended to serve as a general purpose Credentials implementation suitable for a variety of use cases. It supports the setting of a userId and credential property, and provides convenience methods for working with text-based passwords. It is a request-scoped bean and is also annotated with @Named so as to make it accessible directly from the view layer. public class VerySimpleAuthenticator extends BaseAuthenticator { @Inject DefaultLoginCredentials credentials; // code snipped }
Java EE Application Security Permissions API Permissions API The Permissions API is a set of extensible authorization features that provide capabilities for determining access privileges for application resources. public interface Permission { Object getResource(); Class<?> getResourceClass(); Serializable getResourceIdentifier(); IdentityType getAssignee(); String getOperation(); }
Java EE Application Security Permissions API Permissions API Each permission instance represents a specific resource permission, and contains three important pieces of state: assignee - identity to which the permission is assigned operation - string value that represents the exact action that the assigned identity is allowed to perform reference - to the resource (if known), or a combination of a resource class and resource identifier. This value represents the resource to which the permission applies.
Java EE Application Security Permissions API Checking permissions for the current user The primary method for accessing the Permissions API is via the Identity bean, which provides the following two methods for checking permissions for the currently authenticated user: boolean hasPermission(Object resource, String operation); boolean hasPermission(Class<?> resourceClass, Serializable identifier, String operation);
Java EE Application Security Permissions API Checking permissions for the current user - example 1 @Inject Identity identity; public void deleteAccount(Account account) { // Check the current user has permission to delete the account if (identity.hasPermission(account, "DELETE")) { // Logic to delete Account object goes here } else { throw new SecurityException("Insufficient privileges!"); } }
Java EE Application Security Permissions API Checking permissions for the current user - example 2 When you don’t have a reference to the resource object, but you have it’s identifier value (for example the primary key value of an entity bean). It is more efficient to not a resource when don’t actually need it. @Inject Identity identity; public void deleteCustomer(Long customerId) { // Check the current user has permission to delete the customer if (identity.hasPermission(Customer.class, customerId, "DELETE")) { // Logic to delete Customer object goes here } else { throw new SecurityException("Insufficient privileges!"); } }
Java EE Application Security Permissions API Restricting resource operations For many resource types it makes sense to restrict the set of resource operations for which permissions might be assigned. classOperation option can be set to true if the permission applies to the class itself, and not an instance of a class. @Entity @AllowedOperations({ @AllowedOperation(value = "CREATE", classOperation = true), @AllowedOperation(value = "READ"), @AllowedOperation(value = "UPDATE"), @AllowedOperation(value = "DELETE") }) public class Country implements Serializable {
Java EE Application Security Permissions API Restricting resource operations on Class One can check if the current user has permission to actually create a new Country bean. In this case, the permission check would look something like this: @Inject Identity identity; public void createCountry() { if (!identity.hasPermission(Country.class, "CREATE")) { throw new SecurityException( "Current user has insufficient privileges for this operation."); } .... }
Section 4 Identity Management
Identity Management Overview Overview PicketLink Identity Management is a fundamental module of PicketLink, with all other modules building on top of the IDM component to implement their extended features. Provides rich and extensible API for managing the identities (such as users, groups and roles) of your applications and services Supports a flexible system for identity partitioning Provides the core Identity Model API classes (see below) upon which an application’s identity classes are defined to provide the security structure for that application
Identity Management Overview Core Concepts PartitionManager is used to manage identity partitions, which are essentially containers for a set of identity objects IdentityManager is used to manage identity objects within the scope of a partition RelationshipManager is used to manage relationships - a relationship is a typed association between two or more identities IdentityStore provides the backend store for identity persistency JPAIdentityStore LDAPIdentityStore FileBasedIdentityStore
Identity Management Overview Schema
Section 5 PicketLink Federation
PicketLink Federation Overview PicketLink Federation - Overview The PicketLink Federation project provides the support for Federated Identity and Single Sign On type scenarios. PicketLink provides support for technologies SAML (v2.0 and v1.1) OAuth2 XACML v2 OpenID Security Token Server (STS) for WS-Trust OAuth2 Integration with following servers is supported WildFly 8 JBoss AS7 JBoss Application Server v5.0 onwards Apache Tomcat v5.5 onwards
Section 6 PicketLink WildFly Subsystems
PicketLink WildFly Subsystems General The PicketLink Subsystem extends WildFly Application Server to introduce some new capabilities, providing a infrastructure to deploy and manage PicketLink deployments and services. Minimal configuration for deployments. Part of the configuration is done automatically with some hooks for customizations. Minimal dependencies for deployments. All PicketLink dependencies are automatically set from modules. Configuration management using JBoss Application Server Management API. It can be managed in different ways: HTTP/JSON, CLI, Native DMR, etc. example located at docs/examples/configs/standalone-picketlink.xml
PicketLink WildFly Subsystems Federation Federation Subsystem A rich domain model supporting the configuration of PicketLink Federation deployments and Identity Management services. No need to provide picketlink.xml deployment descriptor Cetralized configuration
PicketLink WildFly Subsystems Identity Management Identity Managemet Subsystem Subsystem parses the configuration, automatically build a org.picketlink.idm.PartitionManager and expose it via JNDI for further access. Externalize and centralize the IDM configuration for deployments Define multiple configuration for identity management services Expose the PartitionManager via JNDI for further access If using CDI, inject the PartitionManager instances using the Resource annotation If using CDI, use the PicketLink IDM alone without requiring the base module dependencies
PicketLink WildFly Subsystems Identity Management Bibliography PicketLink Documentation Site http://docs.jboss.org/picketlink/2/latest/reference/html/ Security Assertion Markup Language (SAML) v2.0 https://www.oasis-open.org/standards#samlv2.0 PicketLink Web Site http://www.picketlink.org/
The end. Thanks for listening.

Recommended

Securing Applications With Picketlink
Securing Applications With PicketlinkSecuring Applications With Picketlink
Securing Applications With Picketlink
Anil Saldanha
 
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Kenneth Peeples
 
Java EE Application Security With PicketLink
Java EE Application Security With PicketLinkJava EE Application Security With PicketLink
Java EE Application Security With PicketLink
pigorcraveiro
 
Security in java ee platform: what is included, what is missing
Security in java ee platform: what is included, what is missingSecurity in java ee platform: what is included, what is missing
Security in java ee platform: what is included, what is missing
Masoud Kalali
 
Learn Apache Shiro
Learn Apache ShiroLearn Apache Shiro
Learn Apache Shiro
Smita Prasad
 
JavaEE Security
JavaEE SecurityJavaEE Security
JavaEE Security
Alex Kim
 
Authentication and Single Sing on
Authentication and Single Sing onAuthentication and Single Sing on
Authentication and Single Sing on
guest648519
 
CAS Enhancement
CAS EnhancementCAS Enhancement
CAS Enhancement
Guo Albert
 

Recommended

Securing Applications With Picketlink
Securing Applications With PicketlinkSecuring Applications With Picketlink
Securing Applications With Picketlink
Anil Saldanha
 
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Kenneth Peeples
 
Java EE Application Security With PicketLink
Java EE Application Security With PicketLinkJava EE Application Security With PicketLink
Java EE Application Security With PicketLink
pigorcraveiro
 
Security in java ee platform: what is included, what is missing
Security in java ee platform: what is included, what is missingSecurity in java ee platform: what is included, what is missing
Security in java ee platform: what is included, what is missing
Masoud Kalali
 
Learn Apache Shiro
Learn Apache ShiroLearn Apache Shiro
Learn Apache Shiro
Smita Prasad
 
JavaEE Security
JavaEE SecurityJavaEE Security
JavaEE Security
Alex Kim
 
Authentication and Single Sing on
Authentication and Single Sing onAuthentication and Single Sing on
Authentication and Single Sing on
guest648519
 
CAS Enhancement
CAS EnhancementCAS Enhancement
CAS Enhancement
Guo Albert
 
Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?
Anil Saldanha
 
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
Artur Barseghyan
 
Keycloak Single Sign-On
Keycloak Single Sign-OnKeycloak Single Sign-On
Keycloak Single Sign-On
Ravi Yasas
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'
Oliver Pfaff
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-onFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Craig Dickson
 
Protecting web APIs with OAuth 2.0
Protecting web APIs with OAuth 2.0Protecting web APIs with OAuth 2.0
Protecting web APIs with OAuth 2.0
Vladimir Dzhuvinov
 
Utilize the Full Power of GlassFish Server and Java EE Security
Utilize the Full Power of GlassFish Server and Java EE SecurityUtilize the Full Power of GlassFish Server and Java EE Security
Utilize the Full Power of GlassFish Server and Java EE Security
Masoud Kalali
 
Identity Management for Web Application Developers
Identity Management for Web Application DevelopersIdentity Management for Web Application Developers
Identity Management for Web Application Developers
WSO2
 
Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...
Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...
Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...
Hermann Burgmeier
 
ApacheCon 2014: Infinite Session Clustering with Apache Shiro & Cassandra
ApacheCon 2014: Infinite Session Clustering with Apache Shiro & CassandraApacheCon 2014: Infinite Session Clustering with Apache Shiro & Cassandra
ApacheCon 2014: Infinite Session Clustering with Apache Shiro & Cassandra
DataStax Academy
 
Identity Management Overview: CAS and Shibboleth
Identity Management Overview: CAS and ShibbolethIdentity Management Overview: CAS and Shibboleth
Identity Management Overview: CAS and Shibboleth
Andrew Petro
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId Connect
Saran Doraiswamy
 
LASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. OauthLASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. Oauth
Mike Schwartz
 
Java Security And Authentacation
Java Security And AuthentacationJava Security And Authentacation
Java Security And Authentacation
ckofoed
 
Intro to Apache Shiro
Intro to Apache ShiroIntro to Apache Shiro
Intro to Apache Shiro
Claire Hunsaker
 
Single SignOn with Federation using Claims
Single SignOn with Federation using ClaimsSingle SignOn with Federation using Claims
Single SignOn with Federation using Claims
Volkan Uzun
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_security
Marco Morana
 
Session 8 Tp8
Session 8 Tp8Session 8 Tp8
Session 8 Tp8
phanleson
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for Beginners
Salesforce Developers
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-OnFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
elliando dias
 
Developing With JAAS
Developing With JAASDeveloping With JAAS
Developing With JAAS
rahmed_sct
 
The hidden gems of Spring Security
The hidden gems of Spring SecurityThe hidden gems of Spring Security
The hidden gems of Spring Security
Massimiliano Dessì
 

More Related Content

What's hot

Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?
Anil Saldanha
 
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
Artur Barseghyan
 
Keycloak Single Sign-On
Keycloak Single Sign-OnKeycloak Single Sign-On
Keycloak Single Sign-On
Ravi Yasas
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'
Oliver Pfaff
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-onFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Craig Dickson
 
Protecting web APIs with OAuth 2.0
Protecting web APIs with OAuth 2.0Protecting web APIs with OAuth 2.0
Protecting web APIs with OAuth 2.0
Vladimir Dzhuvinov
 
Utilize the Full Power of GlassFish Server and Java EE Security
Utilize the Full Power of GlassFish Server and Java EE SecurityUtilize the Full Power of GlassFish Server and Java EE Security
Utilize the Full Power of GlassFish Server and Java EE Security
Masoud Kalali
 
Identity Management for Web Application Developers
Identity Management for Web Application DevelopersIdentity Management for Web Application Developers
Identity Management for Web Application Developers
WSO2
 
Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...
Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...
Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...
Hermann Burgmeier
 
ApacheCon 2014: Infinite Session Clustering with Apache Shiro & Cassandra
ApacheCon 2014: Infinite Session Clustering with Apache Shiro & CassandraApacheCon 2014: Infinite Session Clustering with Apache Shiro & Cassandra
ApacheCon 2014: Infinite Session Clustering with Apache Shiro & Cassandra
DataStax Academy
 
Identity Management Overview: CAS and Shibboleth
Identity Management Overview: CAS and ShibbolethIdentity Management Overview: CAS and Shibboleth
Identity Management Overview: CAS and Shibboleth
Andrew Petro
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId Connect
Saran Doraiswamy
 
LASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. OauthLASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. Oauth
Mike Schwartz
 
Java Security And Authentacation
Java Security And AuthentacationJava Security And Authentacation
Java Security And Authentacation
ckofoed
 
Intro to Apache Shiro
Intro to Apache ShiroIntro to Apache Shiro
Intro to Apache Shiro
Claire Hunsaker
 
Single SignOn with Federation using Claims
Single SignOn with Federation using ClaimsSingle SignOn with Federation using Claims
Single SignOn with Federation using Claims
Volkan Uzun
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_security
Marco Morana
 
Session 8 Tp8
Session 8 Tp8Session 8 Tp8
Session 8 Tp8
phanleson
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for Beginners
Salesforce Developers
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-OnFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
elliando dias
 

What's hot (20)

Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?
 
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
 
Keycloak Single Sign-On
Keycloak Single Sign-OnKeycloak Single Sign-On
Keycloak Single Sign-On
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-onFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
 
Protecting web APIs with OAuth 2.0
Protecting web APIs with OAuth 2.0Protecting web APIs with OAuth 2.0
Protecting web APIs with OAuth 2.0
 
Utilize the Full Power of GlassFish Server and Java EE Security
Utilize the Full Power of GlassFish Server and Java EE SecurityUtilize the Full Power of GlassFish Server and Java EE Security
Utilize the Full Power of GlassFish Server and Java EE Security
 
Identity Management for Web Application Developers
Identity Management for Web Application DevelopersIdentity Management for Web Application Developers
Identity Management for Web Application Developers
 
Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...
Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...
Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...
 
ApacheCon 2014: Infinite Session Clustering with Apache Shiro & Cassandra
ApacheCon 2014: Infinite Session Clustering with Apache Shiro & CassandraApacheCon 2014: Infinite Session Clustering with Apache Shiro & Cassandra
ApacheCon 2014: Infinite Session Clustering with Apache Shiro & Cassandra
 
Identity Management Overview: CAS and Shibboleth
Identity Management Overview: CAS and ShibbolethIdentity Management Overview: CAS and Shibboleth
Identity Management Overview: CAS and Shibboleth
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId Connect
 
LASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. OauthLASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. Oauth
 
Java Security And Authentacation
Java Security And AuthentacationJava Security And Authentacation
Java Security And Authentacation
 
Intro to Apache Shiro
Intro to Apache ShiroIntro to Apache Shiro
Intro to Apache Shiro
 
Single SignOn with Federation using Claims
Single SignOn with Federation using ClaimsSingle SignOn with Federation using Claims
Single SignOn with Federation using Claims
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_security
 
Session 8 Tp8
Session 8 Tp8Session 8 Tp8
Session 8 Tp8
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for Beginners
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-OnFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
 

Similar to Introduction to PicketLink

Developing With JAAS
Developing With JAASDeveloping With JAAS
Developing With JAAS
rahmed_sct
 
The hidden gems of Spring Security
The hidden gems of Spring SecurityThe hidden gems of Spring Security
The hidden gems of Spring Security
Massimiliano Dessì
 
Security enforcement of Java Microservices with Apiman & Keycloak
Security enforcement of Java Microservices with Apiman & KeycloakSecurity enforcement of Java Microservices with Apiman & Keycloak
Security enforcement of Java Microservices with Apiman & Keycloak
Charles Moulliard
 
Validate your entities with symfony validator and entity validation api
Validate your entities with symfony validator and entity validation apiValidate your entities with symfony validator and entity validation api
Validate your entities with symfony validator and entity validation api
Raffaele Chiocca
 
Deployment
DeploymentDeployment
Deployment
Roy Antony Arnold G
 
CDI @javaonehyderabad
CDI @javaonehyderabadCDI @javaonehyderabad
CDI @javaonehyderabad
Prasad Subramanian
 
AuthN deep.dive—ASP.NET Authentication Internals.pdf
AuthN deep.dive—ASP.NET Authentication Internals.pdfAuthN deep.dive—ASP.NET Authentication Internals.pdf
AuthN deep.dive—ASP.NET Authentication Internals.pdf
ondrejl1
 
Community call: Develop multi tenant apps with the Microsoft identity platform
Community call: Develop multi tenant apps with the Microsoft identity platformCommunity call: Develop multi tenant apps with the Microsoft identity platform
Community call: Develop multi tenant apps with the Microsoft identity platform
Microsoft 365 Developer
 
Modularized Persistence - B Zsoldos
Modularized Persistence - B ZsoldosModularized Persistence - B Zsoldos
Modularized Persistence - B Zsoldos
mfrancis
 
Authorization in asp
Authorization in aspAuthorization in asp
Authorization in asp
OPENLANE
 
Java EE 8 security and JSON binding API
Java EE 8 security and JSON binding APIJava EE 8 security and JSON binding API
Java EE 8 security and JSON binding API
Alex Theedom
 
Box Authentication Types
Box Authentication TypesBox Authentication Types
Box Authentication Types
Jonathan LeBlanc
 
JWT - Sécurisez vos APIs
JWT - Sécurisez vos APIsJWT - Sécurisez vos APIs
JWT - Sécurisez vos APIs
André Tapia
 
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
Matt Raible
 
REST API Authentication Methods.pdf
REST API Authentication Methods.pdfREST API Authentication Methods.pdf
REST API Authentication Methods.pdf
Rubersy Ramos García
 
Java Security Framework's
Java Security Framework'sJava Security Framework's
Java Security Framework's
Mohammed Fazuluddin
 
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
Matt Raible
 
Developing your first application using FI-WARE
Developing your first application using FI-WAREDeveloping your first application using FI-WARE
Developing your first application using FI-WARE
Fermin Galan
 
Lesson_07_Spring_Security_Login_NEW.pdf
Lesson_07_Spring_Security_Login_NEW.pdfLesson_07_Spring_Security_Login_NEW.pdf
Lesson_07_Spring_Security_Login_NEW.pdf
Scott Anderson
 
Rolebased security
Rolebased securityRolebased security
Rolebased security
Sudhanshu Kumar
 

Similar to Introduction to PicketLink (20)

Developing With JAAS
Developing With JAASDeveloping With JAAS
Developing With JAAS
 
The hidden gems of Spring Security
The hidden gems of Spring SecurityThe hidden gems of Spring Security
The hidden gems of Spring Security
 
Security enforcement of Java Microservices with Apiman & Keycloak
Security enforcement of Java Microservices with Apiman & KeycloakSecurity enforcement of Java Microservices with Apiman & Keycloak
Security enforcement of Java Microservices with Apiman & Keycloak
 
Validate your entities with symfony validator and entity validation api
Validate your entities with symfony validator and entity validation apiValidate your entities with symfony validator and entity validation api
Validate your entities with symfony validator and entity validation api
 
Deployment
DeploymentDeployment
Deployment
 
CDI @javaonehyderabad
CDI @javaonehyderabadCDI @javaonehyderabad
CDI @javaonehyderabad
 
AuthN deep.dive—ASP.NET Authentication Internals.pdf
AuthN deep.dive—ASP.NET Authentication Internals.pdfAuthN deep.dive—ASP.NET Authentication Internals.pdf
AuthN deep.dive—ASP.NET Authentication Internals.pdf
 
Community call: Develop multi tenant apps with the Microsoft identity platform
Community call: Develop multi tenant apps with the Microsoft identity platformCommunity call: Develop multi tenant apps with the Microsoft identity platform
Community call: Develop multi tenant apps with the Microsoft identity platform
 
Modularized Persistence - B Zsoldos
Modularized Persistence - B ZsoldosModularized Persistence - B Zsoldos
Modularized Persistence - B Zsoldos
 
Authorization in asp
Authorization in aspAuthorization in asp
Authorization in asp
 
Java EE 8 security and JSON binding API
Java EE 8 security and JSON binding APIJava EE 8 security and JSON binding API
Java EE 8 security and JSON binding API
 
Box Authentication Types
Box Authentication TypesBox Authentication Types
Box Authentication Types
 
JWT - Sécurisez vos APIs
JWT - Sécurisez vos APIsJWT - Sécurisez vos APIs
JWT - Sécurisez vos APIs
 
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
 
REST API Authentication Methods.pdf
REST API Authentication Methods.pdfREST API Authentication Methods.pdf
REST API Authentication Methods.pdf
 
Java Security Framework's
Java Security Framework'sJava Security Framework's
Java Security Framework's
 
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
 
Developing your first application using FI-WARE
Developing your first application using FI-WAREDeveloping your first application using FI-WARE
Developing your first application using FI-WARE
 
Lesson_07_Spring_Security_Login_NEW.pdf
Lesson_07_Spring_Security_Login_NEW.pdfLesson_07_Spring_Security_Login_NEW.pdf
Lesson_07_Spring_Security_Login_NEW.pdf
 
Rolebased security
Rolebased securityRolebased security
Rolebased security
 

More from JBUG London

London JBUG April 2015 - Performance Tuning Apps with WildFly Application Server
London JBUG April 2015 - Performance Tuning Apps with WildFly Application ServerLondon JBUG April 2015 - Performance Tuning Apps with WildFly Application Server
London JBUG April 2015 - Performance Tuning Apps with WildFly Application Server
JBUG London
 
WebSocketson WildFly
WebSocketson WildFly WebSocketson WildFly
WebSocketson WildFly
JBUG London
 
Hacking on WildFly 9
Hacking on WildFly 9Hacking on WildFly 9
Hacking on WildFly 9
JBUG London
 
Extending WildFly
Extending WildFlyExtending WildFly
Extending WildFly
JBUG London
 
What's New in Infinispan 6.0
What's New in Infinispan 6.0What's New in Infinispan 6.0
What's New in Infinispan 6.0
JBUG London
 
Compensating Transactions: When ACID is too much
Compensating Transactions: When ACID is too muchCompensating Transactions: When ACID is too much
Compensating Transactions: When ACID is too much
JBUG London
 
London JBUG - Connecting Applications Everywhere with JBoss A-MQ
London JBUG - Connecting Applications Everywhere with JBoss A-MQLondon JBUG - Connecting Applications Everywhere with JBoss A-MQ
London JBUG - Connecting Applications Everywhere with JBoss A-MQ
JBUG London
 
Easy Integration with Apache Camel and Fuse IDE
Easy Integration with Apache Camel and Fuse IDEEasy Integration with Apache Camel and Fuse IDE
Easy Integration with Apache Camel and Fuse IDE
JBUG London
 
jBPM5 - The Evolution of BPM Systems
jBPM5 - The Evolution of BPM SystemsjBPM5 - The Evolution of BPM Systems
jBPM5 - The Evolution of BPM Systems
JBUG London
 
Arquillian - Integration Testing Made Easy
Arquillian - Integration Testing Made EasyArquillian - Integration Testing Made Easy
Arquillian - Integration Testing Made Easy
JBUG London
 
Infinispan from POC to Production
Infinispan from POC to ProductionInfinispan from POC to Production
Infinispan from POC to Production
JBUG London
 
Hibernate OGM - JPA for Infinispan and NoSQL
Hibernate OGM - JPA for Infinispan and NoSQLHibernate OGM - JPA for Infinispan and NoSQL
Hibernate OGM - JPA for Infinispan and NoSQL
JBUG London
 
JBoss jBPM, the future is now for all your Business Processes by Eric Schabell
JBoss jBPM, the future is now for all your Business Processes by Eric SchabellJBoss jBPM, the future is now for all your Business Processes by Eric Schabell
JBoss jBPM, the future is now for all your Business Processes by Eric Schabell
JBUG London
 
JBoss AS7 by Matt Brasier
JBoss AS7 by Matt BrasierJBoss AS7 by Matt Brasier
JBoss AS7 by Matt Brasier
JBUG London
 

More from JBUG London (14)

London JBUG April 2015 - Performance Tuning Apps with WildFly Application Server
London JBUG April 2015 - Performance Tuning Apps with WildFly Application ServerLondon JBUG April 2015 - Performance Tuning Apps with WildFly Application Server
London JBUG April 2015 - Performance Tuning Apps with WildFly Application Server
 
WebSocketson WildFly
WebSocketson WildFly WebSocketson WildFly
WebSocketson WildFly
 
Hacking on WildFly 9
Hacking on WildFly 9Hacking on WildFly 9
Hacking on WildFly 9
 
Extending WildFly
Extending WildFlyExtending WildFly
Extending WildFly
 
What's New in Infinispan 6.0
What's New in Infinispan 6.0What's New in Infinispan 6.0
What's New in Infinispan 6.0
 
Compensating Transactions: When ACID is too much
Compensating Transactions: When ACID is too muchCompensating Transactions: When ACID is too much
Compensating Transactions: When ACID is too much
 
London JBUG - Connecting Applications Everywhere with JBoss A-MQ
London JBUG - Connecting Applications Everywhere with JBoss A-MQLondon JBUG - Connecting Applications Everywhere with JBoss A-MQ
London JBUG - Connecting Applications Everywhere with JBoss A-MQ
 
Easy Integration with Apache Camel and Fuse IDE
Easy Integration with Apache Camel and Fuse IDEEasy Integration with Apache Camel and Fuse IDE
Easy Integration with Apache Camel and Fuse IDE
 
jBPM5 - The Evolution of BPM Systems
jBPM5 - The Evolution of BPM SystemsjBPM5 - The Evolution of BPM Systems
jBPM5 - The Evolution of BPM Systems
 
Arquillian - Integration Testing Made Easy
Arquillian - Integration Testing Made EasyArquillian - Integration Testing Made Easy
Arquillian - Integration Testing Made Easy
 
Infinispan from POC to Production
Infinispan from POC to ProductionInfinispan from POC to Production
Infinispan from POC to Production
 
Hibernate OGM - JPA for Infinispan and NoSQL
Hibernate OGM - JPA for Infinispan and NoSQLHibernate OGM - JPA for Infinispan and NoSQL
Hibernate OGM - JPA for Infinispan and NoSQL
 
JBoss jBPM, the future is now for all your Business Processes by Eric Schabell
JBoss jBPM, the future is now for all your Business Processes by Eric SchabellJBoss jBPM, the future is now for all your Business Processes by Eric Schabell
JBoss jBPM, the future is now for all your Business Processes by Eric Schabell
 
JBoss AS7 by Matt Brasier
JBoss AS7 by Matt BrasierJBoss AS7 by Matt Brasier
JBoss AS7 by Matt Brasier
 

Recently uploaded

Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
Postman
 
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Tatiana Kojar
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
Intelisync
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
Shinana2
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
ScyllaDB
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Edge AI and Vision Alliance
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
Miro Wengner
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 

Recently uploaded (20)

Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
 
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 

Introduction to PicketLink

  • 1. Introduction to PicketLink JBUG, London JBoss by Red Hat Peter ˇSkopek, pskopek@redhat.com, twitter: @pskopek Apr 30, 2014 Abstract PicketLink is project offering multiple solutions to identity management and security for Java applications.
  • 3. Welcome Agenda 1 Welcome 2 PicketLink Overview Areas of usage 3 Java EE Application Security Authentication API Permissions API 4 Identity Management Overview 5 PicketLink Federation Overview 6 PicketLink WildFly Subsystems Federation Identity Management
  • 5. PicketLink Overview Areas of usage What is PicketLink? PicketLink is an Application Security Framework for Java EE applications. It provides features for authenticating users, authorizing access to the business methods of your application, managing your application’s users, groups, roles and permissions. Areas of usage: Java EE Application Security Identity Management Identity Federation Social Login Mobile Applications Security REST Applications Security
  • 6. PicketLink Overview Areas of usage Areas of Usage
  • 7. PicketLink Overview Areas of usage Java EE Application Security Authentication Authorization and Permissions API CDI Based Integration REST Security
  • 8. PicketLink Overview Areas of usage Identity Management Built-in Identity Stores for Databases and LDAP Rich and Extensible API Multitenancy
  • 9. PicketLink Overview Areas of usage Identity Federation SAML (v2.0 and v1.1) OAuth2 XACML v2 OpenID Security Token Server (STS) for WS-Trust
  • 10. PicketLink Overview Areas of usage Social Login Facebook Connect Twitter Login Google+ Login
  • 11. Section 3 Java EE Application Security
  • 12. Java EE Application Security Authentication API PicketLink API Identity - central PicketLink API bean has following methods: boolean isLoggedIn(); AuthenticationResult login() throws AuthenticationException; void logout(); boolean hasPermission(Object resource, String operation); boolean hasPermission(Class<?>resourceClass, Serializable identifier, String operation); Account getAccount(); Please note that Identity bean is marked with @Named annotation, which means that its methods may be invoked directly from the view layer (if the view layer, such as JSF, supports it) via an EL expression.
  • 13. Java EE Application Security Authentication API Authentication Example in JSF application @Named @RequestScoped public class AuthController { @Inject private FacesContext facesContext; @Inject private Conversation conversation; @Inject private Identity identity; public void login() { AuthenticationResult result = identity.login(); if (AuthenticationResult.FAILED.equals(result)) { facesContext.addMessage(null, new FacesMessage( "Authentication was unsuccessful. Please check your username and password " + "before trying again.")); } else { User user = getCurrentUser(); if (user == null) { user = createUser(getCurrentUserName()); } conversation.begin(); } } }
  • 14. Java EE Application Security Authentication API Authentication Example in JSF application <h:form rendered="#{not identity.loggedIn}"> <h:panelGrid columns="2" > <h:outputLabel value="Username" /> <h:inputText value="#{loginCredentials.userId}" /> <h:outputLabel value="Password" /> <h:inputSecret value="#{loginCredentials.password}" /> <h:commandButton value="Log in" action="#{authController.login}" /> </h:panelGrid> </h:form>
  • 15. Java EE Application Security Authentication API Authentication Process
  • 16. Java EE Application Security Authentication API Authenticator It is a bean handling authentication. @PicketLink public class SimpleAuthenticator extends BaseAuthenticator { @Inject DefaultLoginCredentials credentials; @Override public void authenticate() { if ("jsmith".equals(credentials.getUserId()) && "abc123".equals(credentials.getPassword())) { setStatus(AuthenticationStatus.SUCCESS); setAccount(new User("jsmith")); } else { setStatus(AuthenticationStatus.FAILURE); FacesContext.getCurrentInstance().addMessage(null, new FacesMessage( "Authentication Failure - The username or password you provided were invalid.")); } } }
  • 17. Java EE Application Security Authentication API Authenticator The first thing we can notice about the above code is that the class is annotated with the @PicketLink annotation. This annotation indicates that this bean should be used for the authentication process. The next thing is that the authenticator class extends something called BaseAuthenticator. Which is abstract base class provided by PicketLink which makes it easier for custom authenticator to just implement authenticate() method.
  • 18. Java EE Application Security Authentication API Credentials Credentials are something that provides evidence of a user’s identity. PicketLink has extensive support for a variety of credential types, and also makes it relatively simple to add custom support for credential types that PicketLink doesn’t support out of the box itself. UsernamePasswordCredentials TOTPCredentials X509CertificateCredentials DigestCredentials
  • 19. Java EE Application Security Authentication API Custom Authenticator and DefaultLoginCredentials The DefaultLoginCredentials bean is provided by PicketLink as a convenience, and is intended to serve as a general purpose Credentials implementation suitable for a variety of use cases. It supports the setting of a userId and credential property, and provides convenience methods for working with text-based passwords. It is a request-scoped bean and is also annotated with @Named so as to make it accessible directly from the view layer. public class VerySimpleAuthenticator extends BaseAuthenticator { @Inject DefaultLoginCredentials credentials; // code snipped }
  • 20. Java EE Application Security Permissions API Permissions API The Permissions API is a set of extensible authorization features that provide capabilities for determining access privileges for application resources. public interface Permission { Object getResource(); Class<?> getResourceClass(); Serializable getResourceIdentifier(); IdentityType getAssignee(); String getOperation(); }
  • 21. Java EE Application Security Permissions API Permissions API Each permission instance represents a specific resource permission, and contains three important pieces of state: assignee - identity to which the permission is assigned operation - string value that represents the exact action that the assigned identity is allowed to perform reference - to the resource (if known), or a combination of a resource class and resource identifier. This value represents the resource to which the permission applies.
  • 22. Java EE Application Security Permissions API Checking permissions for the current user The primary method for accessing the Permissions API is via the Identity bean, which provides the following two methods for checking permissions for the currently authenticated user: boolean hasPermission(Object resource, String operation); boolean hasPermission(Class<?> resourceClass, Serializable identifier, String operation);
  • 23. Java EE Application Security Permissions API Checking permissions for the current user - example 1 @Inject Identity identity; public void deleteAccount(Account account) { // Check the current user has permission to delete the account if (identity.hasPermission(account, "DELETE")) { // Logic to delete Account object goes here } else { throw new SecurityException("Insufficient privileges!"); } }
  • 24. Java EE Application Security Permissions API Checking permissions for the current user - example 2 When you don’t have a reference to the resource object, but you have it’s identifier value (for example the primary key value of an entity bean). It is more efficient to not a resource when don’t actually need it. @Inject Identity identity; public void deleteCustomer(Long customerId) { // Check the current user has permission to delete the customer if (identity.hasPermission(Customer.class, customerId, "DELETE")) { // Logic to delete Customer object goes here } else { throw new SecurityException("Insufficient privileges!"); } }
  • 25. Java EE Application Security Permissions API Restricting resource operations For many resource types it makes sense to restrict the set of resource operations for which permissions might be assigned. classOperation option can be set to true if the permission applies to the class itself, and not an instance of a class. @Entity @AllowedOperations({ @AllowedOperation(value = "CREATE", classOperation = true), @AllowedOperation(value = "READ"), @AllowedOperation(value = "UPDATE"), @AllowedOperation(value = "DELETE") }) public class Country implements Serializable {
  • 26. Java EE Application Security Permissions API Restricting resource operations on Class One can check if the current user has permission to actually create a new Country bean. In this case, the permission check would look something like this: @Inject Identity identity; public void createCountry() { if (!identity.hasPermission(Country.class, "CREATE")) { throw new SecurityException( "Current user has insufficient privileges for this operation."); } .... }
  • 28. Identity Management Overview Overview PicketLink Identity Management is a fundamental module of PicketLink, with all other modules building on top of the IDM component to implement their extended features. Provides rich and extensible API for managing the identities (such as users, groups and roles) of your applications and services Supports a flexible system for identity partitioning Provides the core Identity Model API classes (see below) upon which an application’s identity classes are defined to provide the security structure for that application
  • 29. Identity Management Overview Core Concepts PartitionManager is used to manage identity partitions, which are essentially containers for a set of identity objects IdentityManager is used to manage identity objects within the scope of a partition RelationshipManager is used to manage relationships - a relationship is a typed association between two or more identities IdentityStore provides the backend store for identity persistency JPAIdentityStore LDAPIdentityStore FileBasedIdentityStore
  • 32. PicketLink Federation Overview PicketLink Federation - Overview The PicketLink Federation project provides the support for Federated Identity and Single Sign On type scenarios. PicketLink provides support for technologies SAML (v2.0 and v1.1) OAuth2 XACML v2 OpenID Security Token Server (STS) for WS-Trust OAuth2 Integration with following servers is supported WildFly 8 JBoss AS7 JBoss Application Server v5.0 onwards Apache Tomcat v5.5 onwards
  • 34. PicketLink WildFly Subsystems General The PicketLink Subsystem extends WildFly Application Server to introduce some new capabilities, providing a infrastructure to deploy and manage PicketLink deployments and services. Minimal configuration for deployments. Part of the configuration is done automatically with some hooks for customizations. Minimal dependencies for deployments. All PicketLink dependencies are automatically set from modules. Configuration management using JBoss Application Server Management API. It can be managed in different ways: HTTP/JSON, CLI, Native DMR, etc. example located at docs/examples/configs/standalone-picketlink.xml
  • 35. PicketLink WildFly Subsystems Federation Federation Subsystem A rich domain model supporting the configuration of PicketLink Federation deployments and Identity Management services. No need to provide picketlink.xml deployment descriptor Cetralized configuration
  • 36. PicketLink WildFly Subsystems Identity Management Identity Managemet Subsystem Subsystem parses the configuration, automatically build a org.picketlink.idm.PartitionManager and expose it via JNDI for further access. Externalize and centralize the IDM configuration for deployments Define multiple configuration for identity management services Expose the PartitionManager via JNDI for further access If using CDI, inject the PartitionManager instances using the Resource annotation If using CDI, use the PicketLink IDM alone without requiring the base module dependencies
  • 37. PicketLink WildFly Subsystems Identity Management Bibliography PicketLink Documentation Site http://docs.jboss.org/picketlink/2/latest/reference/html/ Security Assertion Markup Language (SAML) v2.0 https://www.oasis-open.org/standards#samlv2.0 PicketLink Web Site http://www.picketlink.org/
  • 38. The end. Thanks for listening.