This document summarizes approaches for securing Java microservice applications at different levels:
1) The endpoint level using frameworks like Spring Security or interceptors to apply authentication and authorization.
2) The web container level by applying constraints to restrict access to resources based on roles.
3) An external API management layer that acts as a proxy, enforcing centralized policies before requests reach endpoints.
Complex architectures for authentication and authorization on AWSBoyan Dimitrov
In this talk we discuss key architecture patterns for designing authentication and authorization solutions in complex microservices environments. We focus on the key advantages and capabilities of AWS Cognito User Pools and Federated Identities and explore how this service can address the challenges of implementing client to service, service to service and service to infrastructure auth.
In addition, we discuss patterns and best practices around building a highly available and resilient decentralised authorization solution for microservices environments based on OIDC. We present a simple RBAC implementation together with fine-grained permissions and end to end automation.
Apigee and Amazon Web Services join together in this webcast to discuss using Apigee's API management for AWS-powered backends. API management makes it easy to expose and consume APIs from services built on AWS. Whether your backend runs on EC2, DynamoDB, or AWS Lambda, we'll show you the best way to build AWeSome APIs.
BriForum 2014 Boston
Dan Brinkmann presents on Identity Providers, SAML, and OAuth. An example of setting up Office 365 to use Active Directory Federation Services is also shown.
This session is focused on the Hashicorp vault which is a secret management tool. We can manage secrets for 2-3 environments but what if we have more than 10 environments, then it will become a very painful task to manage them when secrets are dynamic and need to be rotated after some time. Hashicorp vault can easily manage secrets for both static and dynamic also it can help in secret rotations.
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultJeff Horwitz
Presented to the Philly DevOps Meetup November 29, 2016.
Managing secrets is hard. It’s even harder in the cloud. At Jornaya (formerly LeadiD), we chose Hashicorp Vault to manage our secrets in AWS, and I’d like to share our experience with everyone.
Complex architectures for authentication and authorization on AWSBoyan Dimitrov
In this talk we discuss key architecture patterns for designing authentication and authorization solutions in complex microservices environments. We focus on the key advantages and capabilities of AWS Cognito User Pools and Federated Identities and explore how this service can address the challenges of implementing client to service, service to service and service to infrastructure auth.
In addition, we discuss patterns and best practices around building a highly available and resilient decentralised authorization solution for microservices environments based on OIDC. We present a simple RBAC implementation together with fine-grained permissions and end to end automation.
Apigee and Amazon Web Services join together in this webcast to discuss using Apigee's API management for AWS-powered backends. API management makes it easy to expose and consume APIs from services built on AWS. Whether your backend runs on EC2, DynamoDB, or AWS Lambda, we'll show you the best way to build AWeSome APIs.
BriForum 2014 Boston
Dan Brinkmann presents on Identity Providers, SAML, and OAuth. An example of setting up Office 365 to use Active Directory Federation Services is also shown.
This session is focused on the Hashicorp vault which is a secret management tool. We can manage secrets for 2-3 environments but what if we have more than 10 environments, then it will become a very painful task to manage them when secrets are dynamic and need to be rotated after some time. Hashicorp vault can easily manage secrets for both static and dynamic also it can help in secret rotations.
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultJeff Horwitz
Presented to the Philly DevOps Meetup November 29, 2016.
Managing secrets is hard. It’s even harder in the cloud. At Jornaya (formerly LeadiD), we chose Hashicorp Vault to manage our secrets in AWS, and I’d like to share our experience with everyone.
by Fritz Kunstler, Sr. AWS Security Consultant AWS
Join us for four days of security and compliance sessions and hands-on labs led by our AWS security pros during AWS Security Week at the San Francisco Loft. Join us for all four days, or pick just the days that are most relevant to you. We'll open on Monday with Security 101 day, followed by sessions Tuesday on Identity and Access Management, our popular Threat Detection and Remediation day Wednesday will feature an updated GuardDuty lab, and we'll end Thursday with Incident Response sessions, labs, and a talk by Netflix on their new open source IR tool. This week will also feature Dome9 as a sponsor, and you can hear them speak and present a hands-on workshop Monday during Security 101 day.
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...Amazon Web Services
Learn about best practices on how to secure your AWS environment with AWS Identity and Access Management (IAM). We will discuss how you best create access policies; manage security credentials (i.e., access keys, password, multi factor authentication (MFA) devices etc); how to set up least privilege; minimizing the use of your root account etc.
Hashicorp Vault: Open Source Secrets Management at #OPEN18Kangaroot
HashiCorp Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. We'll show how this works.
The slides from the talk I gave in Java.IL's Apr 2019 session.
These slides describe Keycloak, OAuth 2.0, OpenID and SparkBeyond's integration with Keycloak
This session introduces the concepts of AWS Identity and Access Management (IAM) and walks through the tools and strategies you can use to control access to your AWS environment. We describe IAM users, groups, and roles and how to use them. We demonstrate how to create IAM users and roles, and grant them various types of permissions to access AWS APIs and resources.
Building an enterprise level single sign-on application with the help of keycloak (Open Source Identity and Access Management).
And understanding the way to secure your application; frontend & backend API’s. Managing user federation with minimum configuration.
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
Identity and Access Management (IAM) is first step towards AWS cloud adoption because in the cloud, first you grant access and only then can you provision infrastructure (the opposite approach of on-premises). In this session, you will learn how to define fine-grained access to AWS resources via users, roles, and groups; design privileged user and multi-factor authentication mechanisms; and operate IAM at scale.
Level: 100
Speaker: Don Edwards - Sr. Technical Delivery Manager, AWS
Learn from HashiCorp Vault engineer Nick Cabatoff how you can ensure that you actually use Vault effectively to allow no potential leaks of secret credentials, apis, or certs.
Hashicorp's understanding of Digital Transformation, and the different areas that require specific solutions. Provides an overview of each of the tools - Terraform, Consul, Vault and Nomad
Security enforcement of Microservices with API ManagementCharles Moulliard
This talk explains how microservices (Restfull Endpoint) could be secured using a Policy based approach to intercept the HTTP request. A less intrusive pattern is proposed at the level of the Web Container using Contrants mapping the Web Resources with JAAS API & Roles. Finally we will investigate how such Security design can be developed using an external API Management platform which reenforce the Security and Governance aspect.
by Fritz Kunstler, Sr. AWS Security Consultant AWS
Join us for four days of security and compliance sessions and hands-on labs led by our AWS security pros during AWS Security Week at the San Francisco Loft. Join us for all four days, or pick just the days that are most relevant to you. We'll open on Monday with Security 101 day, followed by sessions Tuesday on Identity and Access Management, our popular Threat Detection and Remediation day Wednesday will feature an updated GuardDuty lab, and we'll end Thursday with Incident Response sessions, labs, and a talk by Netflix on their new open source IR tool. This week will also feature Dome9 as a sponsor, and you can hear them speak and present a hands-on workshop Monday during Security 101 day.
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...Amazon Web Services
Learn about best practices on how to secure your AWS environment with AWS Identity and Access Management (IAM). We will discuss how you best create access policies; manage security credentials (i.e., access keys, password, multi factor authentication (MFA) devices etc); how to set up least privilege; minimizing the use of your root account etc.
Hashicorp Vault: Open Source Secrets Management at #OPEN18Kangaroot
HashiCorp Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. We'll show how this works.
The slides from the talk I gave in Java.IL's Apr 2019 session.
These slides describe Keycloak, OAuth 2.0, OpenID and SparkBeyond's integration with Keycloak
This session introduces the concepts of AWS Identity and Access Management (IAM) and walks through the tools and strategies you can use to control access to your AWS environment. We describe IAM users, groups, and roles and how to use them. We demonstrate how to create IAM users and roles, and grant them various types of permissions to access AWS APIs and resources.
Building an enterprise level single sign-on application with the help of keycloak (Open Source Identity and Access Management).
And understanding the way to secure your application; frontend & backend API’s. Managing user federation with minimum configuration.
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
Identity and Access Management (IAM) is first step towards AWS cloud adoption because in the cloud, first you grant access and only then can you provision infrastructure (the opposite approach of on-premises). In this session, you will learn how to define fine-grained access to AWS resources via users, roles, and groups; design privileged user and multi-factor authentication mechanisms; and operate IAM at scale.
Level: 100
Speaker: Don Edwards - Sr. Technical Delivery Manager, AWS
Learn from HashiCorp Vault engineer Nick Cabatoff how you can ensure that you actually use Vault effectively to allow no potential leaks of secret credentials, apis, or certs.
Hashicorp's understanding of Digital Transformation, and the different areas that require specific solutions. Provides an overview of each of the tools - Terraform, Consul, Vault and Nomad
Security enforcement of Microservices with API ManagementCharles Moulliard
This talk explains how microservices (Restfull Endpoint) could be secured using a Policy based approach to intercept the HTTP request. A less intrusive pattern is proposed at the level of the Web Container using Contrants mapping the Web Resources with JAAS API & Roles. Finally we will investigate how such Security design can be developed using an external API Management platform which reenforce the Security and Governance aspect.
From git to blockchain ! This talk is about git, immutability, bitcoin, blockchain and links between the two.
Is git a blockchain ? Is bitcoin a git repository ?
Find more inside...
This presentation explains the new challenges to be resolved with a Microservices Architecture and how the WildFly Swarm container & OpenShift/Kubernetes can address some of the patterns like running a lightweight JavaEE container, discover and load balance the services, inject the configuration of the services.
WildFly Swarm: Criando Microservices com Java EE 7George Gastaldi
Apresentado no TDC 2016 - Florianópolis
Microservices é a arquitetura do momento. Todos estão falando sobre Spring Boot, NodeJS, DropWizard e outros frameworks, mas nenhum deles é tão completa quanto a oferecida pela especificação Java EE. Nesta sessão live-coding você vai aprender sobre o WildFly Swarm, e como transformar um projeto Java EE 7 qualquer em um microservice.
This talk is about how to secure your front-end + backend applications using a RESTful approach. As opposed to traditional and monolithic server-side applications (where the HTTP session is used), when your front-end application is running on a browser and not securely from the server, there are few things you need to consider.
In this session Alvaro will explore standards like OAuth or JWT to achieve a stateless, token-based authentication and authorization using Spring Security in Grails.
If your service provides an API, it's essential to have a system for managing and securing it. API gateways are designed for that purpose. Using a real-world example, we'll dive into romanapi.com: a serverless microservice deployed on Amazon API Gateway + AWS Lambda. Learn all about the Amazon API Gateway, including current features, possible use cases, and how it compares to the alternatives.
Develop a Mobile Application coonected to a REST backendCharles Moulliard
This talk will guide you through the process to design a Hybrid HTML5 Mobile application to interconnect it with your REST backend system using the project Ionic, Apache Cordova & Feedhenry.
Authentication and authorization to the AWS management console using your on-premise Active Directory isn't all that straightforward, at first. This deck covers the easily adaptable and scalable methodology we created and have been following over the past year, leveraging our existing IdP and adhering to strict conventions.
WildFly AppServer - State of the Union
as presented at SoftShake Geneva, Oct 2015
http://soft-shake.ch/2015/en/
Covering the whole WildFly v8/9/10 series and the key aspects of the base AS7 architecture.
Best Practices for Architecting a Pragmatic Web API.Mario Cardinal
This presentation teach how to design a real-world and pragmatic web API. It draws from the experience Mario Cardinal have gained over the years being involved architecting many Web API. This presentation begins by differencing between a Web and a REST API, and then continue with the design process. We conclude with the core learnings of the session which is a review of the best practices when designing a web API. Armed with skills acquired, you can expect to see significant improvements in your ability to design a pragmatic web API.
Securing RESTful APIs using OAuth 2 and OpenID ConnectJonathan LeBlanc
Constructing a successful and simple API is the lifeblood of your developer community, and REST is a simple standard through which this can be accomplished. As we construct our API and need to secure the system to authenticate and track applications making requests, the open standard of OAuth 2 provides us with a secure and open source method of doing just this. In this talk, we will explore REST and OAuth 2 as standards for building out a secure API infrastructure, exploring many of the architectural decisions that PayPal took in choosing variations in the REST standard and specific implementations of OAuth 2.
MongoDB World 2019: Securing Application Data from Day OneMongoDB
All too often the trend is to build an application first and then secure it second.
Luckily, with MongoDB Stitch it's easy to put data security first without slowing down development.
This session will provide a walkthrough of the best practices for authentication, data access, and data validation. We'll even provide a full sample application that you can use to get started after the session.
How Open Policy Agent (OPA) helps in externalizing authorization from Code in Micro Services world. Before that let's look how Authorization evolved in last decade.
How to implement authorization in your backend with AWS IAMProvectus
AWS Dev Day Kyiv 2019
Track: Backend & Architecture
Session: ""How to implement authorization in your backend with AWS IAM""
Speaker: Stas Ivaschenko, AWS solutions architect at Provectus
Level: 400
Video: https://www.youtube.com/watch?v=4Jje_WJ4V7Q
AWS Dev Day is a free, full-day technical event where new developers will learn about some of the hottest topics in cloud computing, and experienced developers can dive deep on newer AWS services.
Provectus has organized AWS Dev Day Kyiv in close collaboration with Amazon Web Services: 800+ participants, 18 sessions, 3 tracks, a really AWSome Day!
Now, together with Zeo Alliance, we're building and nurturing AWS User Group Ukraine — join us on Facebook to stay updated about cloud technologies and AWS services: https://www.facebook.com/groups/AWSUserGroupUkraine
"
O365 DEVCamp Los Angeles June 16, 2015 Module 06 Hook into SharePoint APIs wi...Ivan Sanders
Overview
The lab instructs students in configuring and running an Android app which allows the user to edit items in a SharePoint Task list.
Objectives
- Learn how to authenticate with Azure AD from Android using the **Azure Active Directory Authentication Library (ADAL) for Android**
- Learn how to consume SharePoint APIs from Android using the **Office 365 SDK for Android**
- Implement a new feature in the Android app
JS Applications need to exchange data with Backend APIs running on domains other than your own – understanding the same origin policy CSP, CORS and postMessage.
Talk held on Grill.js conference in Wroclaw, Poland on 2018-08-18.
Rest-assured is a 100% java-based, BDD style, test library that you can use for testing REST api's in java projects. These are the slides from the presentation and demo I give at the 2017 #JBCNConf Java conference in Barcelona.
Join us for an overview of REST, the Force.com REST API, and learn how to use that REST API with Swagger, a language-agnostic framework for describing, producing, consuming, and visualizing RESTful web services. You'll learn how Swagger can generate a Spring MVC Controller to consume the Force.com REST API, and keep client and documentation systems in sync with the server.
Building RESTful applications using Spring MVCIndicThreads
REST is an alternate and simpler approach for implementing WebServices. It is based on the HTTP protocol and hence leverages a lot of existing infrastructures. It uses an uniform interface thus making it easy to build client applications. In this session we will look at the fundamental concepts behind REST (Resource, URI, Stateless Conversation ..) and how to apply it in the context of a real applcation. We will also discuss the pros & cons of RESTful vs Soap based webservices. We will discuss the design of RESTful application and then look at how to implement it using Spring MVC.
These slides focus on documentation for REST APIs. See http://idratherbewriting.com for more detail. For the video recording, see http://youtu.be/0yfNd7tzH2Q. This deep dive is the second slide deck I used in the presentation.
Building a Microgateway in Ballerina_KubeCon 2108Ballerina
API gateways play a critical role in modern enterprise architecture. As microservices strengthen their hold on modern-day application architectures, cloud native API gateways are high in demand. Ballerina, being a programming language designed to address and simplify the complexities of heavily distributed systems primarily built on microservice architectures, provides a rich set of language features and a smart compiler that makes it a good choice of technology to build a cloud native API gateway.
Similar to Security enforcement of Java Microservices with Apiman & Keycloak (20)
Presentation of the MicroService Architecture concept and how Apache Camel can be used into a MicroContainer and service loadbalanced using Kubernetes Service
Continuous Delivery & Integration with JBoss Fuse on OpenshiftCharles Moulliard
This talk presented by myself and Christian Posta present the technology developed around JBoss Fuse and opensource Fabric8 project to simplify the setup/creation of a DevOps environment supporting continuous delivery and integration strategy using Jenkins DSL Jobs, Gerrit and Gogs as Git Reviewing and Management platform like also Nexus to publish the code compiled.
Development of social media projects with Apache Camel, Fabric8 & HawtioCharles Moulliard
This talk presented at Devnation 2014 - San Francisco let's you to discover how to develop social media projects with Apache Camel, Fabric8 & Hawtio and more precisely how to handle your data/metrics to inquiry them using Full Text features of Lucene/ElasticSearch with Kibana3, how to design dashboard, monitor your activities and create plugins for your business based on Hawtio Web Console. The code f the 3 demos is available here : https://github.com/cmoulliard/devnation-2014-camel and cover use cases :
- Real Time application (apache camel, twitter and websocket)
- Collect and store metrics to query them (elasticsearch, lucene & kibana3)
- Design dashboard, plugin to measure activities
Build a Cloud Day presentation about Fuse Fabric technology in the cloud and how integration projects / architectures can be designed top of cloudstack, openstack, amazon, ...
Second part of my webinar about Transaction Management with Camel on Fuse ESB / Apache ServiceMix. Include also persistence with Idempotent consumer and aggregator EIP patterns
Presentation about Apache projects used for Integration (Apache Camel, CXF, ActiveMQ, ServiceMix) and new strategy about Cloud, Provisioning and Elastic Services (Fuse Fabric)
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
2. Who
Software Engineer
Work on Spring Boot & Cloud, WildFly Swarm, Fabric8
Mountain Biker, Belgian Beer Fan
Blog:
Twitter:
Email:
http://cmoulliard.github.io
@cmoulliard
cmoulliard@redhat.com
15. Camel Endpoint
Goal Extract from the HTTP request the info needed to authenticate a
user
How Use a Camel Policy to wrap the Route / Pipeline with a new
processor
Camel Example
public class ShiroSecurityPolicy implements AuthorizationPolicy {
public Processor wrap(RouteContext routeContext, final Processor processor) {
return new ShiroSecurityProcessor(processor, this);
}
...
@Override
public boolean process(Exchange exchange, AsyncCallback callback) {
try {
applySecurityPolicy(exchange);
16. CXF Endpoint
How Using the ContainerRequestFilter JAXRS Interface
Rely on CXF Intercept
CXF Example
@Provider
@PreMatching
public class SecurityRequestFilter implements ContainerRequestFilter {
@Override
public void filter(final ContainerRequestContext requestContext)
throws IOException {
...
19. HTTP Handler
How Apply Constraints on Web Resources path(s)
GET /rest/accountservice/account for User
POST /webservices/customerservices/customer for Admin
Designed using JAAS JDBC, LDAP, Properties
Could use Roles
20. Jetty Example
Goal restrict or allow access to resources
How URL requested matched with one the rule(s)
Example
Constraint constraint = new Constraint();
constraint.setRoles(new String[] { "user", "admin" });
ConstraintMapping mapping = new ConstraintMapping();
mapping.setPathSpec("/say/hello/*");
mapping.setMethod("GET");
mapping.setConstraint(constraint);
21. Login Auth Example
// Describe the Authentication Constraint to be applied (BASIC, DIGEST, NEGOTIATE, ...)
Constraint constraint = new Constraint(Constraint.__BASIC_AUTH, "user");
constraint.setAuthenticate(true);
// Map the Auth Constraint with a Path
ConstraintMapping cm = new ConstraintMapping();
cm.setPathSpec("/*");
cm.setConstraint(constraint);
HashLoginService loginService = new HashLoginService("MyRealm",
"myrealm.props");
ConstraintSecurityHandler sh = new ConstraintSecurityHandler();
sh.setAuthenticator(new BasicAuthenticator());
sh.setConstraintMappings(cm);
sh.setLoginService(loginService);
22. JAXRS @Roles
Goal Allow/Deny Access to resources
How using annotation @RolesAllowed
Example
@Path("projects")
@Produces("application/json")
public class ProjectsResource {
@POST
@RolesAllowed("manager")
public Project createProject(final Project project) { ... }
@GET
@Path("{id}")
public Project getProject(@PathParam("id") final Long id) { ... }
28. Api Man
Goal Externalize/Delegate security endpoint to Api
How Api acts as a Proxy/Gateway matching :
Incoming request against 1 Many policies
Delivering requests to target endpoint if validation succeeds
33. Api Man - Basic Auth
How : Associate a Policy using the Basic Auth Plugin to an endpoint
"contracts" : [
{
"apiOrgId" : "Policy_BasicAuthStatic",
"apiId" : "echo",
"apiVersion" : "1.0.0",
"policies" : [
{
"policyImpl" : "class:io.apiman.gateway.engine.policies.BasicAuthenticationPol
"policyJsonConfig" : "{ "realm" : "Test", "forwardIdentityHttpHeader" :
}
]
}
]
34. Api Man - OpenId connect
Goal Authenticate a user using an Identity provider to get a token used
for SSO purposes
Authentication between Client and Identity Provider: public, secret or PKI
JSon Web Token :
Compact token format,
Encode claims to be transmitted,
Base64url encoded and digitally signed and/or encrypted
36. Role Mapping
Goal Restrict/allow access to an application based on an Authorization
Rule
How Define a collection of Authorization rules as such & Combined with
Auth Plugin (Keycloak, Basic, …)
Path Verb Role required
.* PUT Writer
.* GET Reader
38. Conclusions
Pros
Centralized governance policy configuration
Loose coupling
Tracking of APIs and consumers of those APIs
Gathering statistics/metrics
Service Discovery
Simplify security audit
Cons
Performance
New Architecture Brick
Features = plugins available