MS
Uploaded byManish Sharma
PPTX, PDF1,457 views

Spring Security

Spring Security is a framework for authentication and authorization in Java applications. It provides components for authentication filters, providers, and managers as well as user details services. Basic authentication uses HTTP basic auth with a username and password encoded in the request header. Form authentication displays a login form and uses CSRF protection. Custom authentication allows multiple auth types by implementing custom auth providers, users, grants, and handlers. The documentation covers getting started, architecture, basic auth, form auth, and custom auth configurations and demos.

Embed presentation

Downloaded 50 times
Spring Security - getting started
Manish Sharma
Agenda • Getting Started • Spring Security Architecture • Basic Auth • Configuration / Demo / Pros - Cons • Form Auth • Configuration / Demo / Pros - Cons • Custom Auth • Configuration walkthrough and Demo
Getting Started • Add Maven or Gradle dependencies. compile('org.springframework.boot:spring-boot-starter-security')
Getting Started • Filter Chain in Spring Boot app. • Filter Chain in Spring Boot App with Spring Security.
Deep inside DelegatingFilterProxy
Spring Security Components• Authentication Filter : e.g :UsernamePasswordAuthenticationFilter or BasicAuthenticationFilter • Authentication : to represent the principal in a Spring Security-specific manner. • Authentication Provider • Authentication Manager • UserDetailsService, to create a UserDetails when passed in a String-based username • UserDetails, to provide the necessary information to build an Authentication object from your application's DAOs or other source source of security data. • SecurityContextHolder, to provide access to the SecurityContext, default in ThreadLocal. • SecurityContext, to hold the Authentication and possibly request-specific security information. • GrantedAuthority, to reflect the application-wide permissions granted to a principal.
Http Basic Authentication • Something of lowest common denominator. • Support on practically all servers natively and out of the box. • ubiquitous support on the client side in all languages. • curl --header "Authorization: Basic dXNlcjp3b3JkcGFzcw==" http://localhost:8080/admin • dXNlcjp3b3JkcGFzcw== user:wordpass
Basic Auth Demo and Cons
Preflight request • https://developer.mozilla.org/en- US/docs/Glossary/Preflight_request
Form Based Authentication • CSRF protection • Form Based Auth Demo
Custom Authentication • More than one authentication. • Custom Authentication provider, User, Grants, UserDetailsService, AccessDeniedHandler. • Used of password encoder.
Useful configs out of the box • BCryptPasswordEncoder. • Max number of concurrent sessions. • JDBC Authentication. • Configure filter.
Spring Security Part -2 • Securing Microservices. • Token based Authentication • OAuth • OpenId
Questions???
Thank You!!

More Related Content

PDF
Spring Framework - Spring Security
byDzmitry Naskou
 
PPTX
Spring security
bySaurabh Sharma
 
PDF
Spring Security
bySumit Gole
 
PPT
Spring Security Introduction
byMindfire Solutions
 
PPTX
Spring Security
byBoy Tech
 
PDF
Fun With Spring Security
byBurt Beckwith
 
PPTX
Spring security
bysakhibarun
 
PPTX
Spring Security 3
byJason Ferguson
 
Spring Framework - Spring Security
byDzmitry Naskou
 
Spring security
bySaurabh Sharma
 
Spring Security
bySumit Gole
 
Spring Security Introduction
byMindfire Solutions
 
Spring Security
byBoy Tech
 
Fun With Spring Security
byBurt Beckwith
 
Spring security
bysakhibarun
 
Spring Security 3
byJason Ferguson
 

What's hot

PPTX
Java Security Framework's
byMohammed Fazuluddin
 
PPTX
Spring Security 5
byJesus Perez Franco
 
PDF
Super simple application security with Apache Shiro
byMarakana Inc.
 
PPTX
Intro to Apache Shiro
byClaire Hunsaker
 
PDF
Java EE Application Security With PicketLink
bypigorcraveiro
 
PPTX
REST API Security: OAuth 2.0, JWTs, and More!
byStormpath
 
PPTX
Building Layers of Defense with Spring Security
byJoris Kuipers
 
PPTX
Octopus framework; Permission based security framework for Java EE
byRudy De Busscher
 
PPTX
Token Authentication in ASP.NET Core
byStormpath
 
PPTX
ApacheCon 2014: Infinite Session Clustering with Apache Shiro & Cassandra
byDataStax Academy
 
PPTX
Security asp.net application
byZAIYAUL HAQUE
 
PPTX
Learn Apache Shiro
bySmita Prasad
 
PPTX
ASP.NET Web Security
bySharePointRadi
 
PDF
J2EE Security with Apache SHIRO
byCygnet Infotech
 
PDF
Javacro 2014 Spring Security 3 Speech
byFernando Redondo Ramírez
 
PDF
From 0 to Spring Security 4.0
byrobwinch
 
PPTX
Secure API Services in Node with Basic Auth and OAuth2
byStormpath
 
PDF
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
byKenneth Peeples
 
PPTX
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
byCA API Management
 
PDF
Enterprise Security mit Spring Security
byMike Wiesner
 
Java Security Framework's
byMohammed Fazuluddin
 
Spring Security 5
byJesus Perez Franco
 
Super simple application security with Apache Shiro
byMarakana Inc.
 
Intro to Apache Shiro
byClaire Hunsaker
 
Java EE Application Security With PicketLink
bypigorcraveiro
 
REST API Security: OAuth 2.0, JWTs, and More!
byStormpath
 
Building Layers of Defense with Spring Security
byJoris Kuipers
 
Octopus framework; Permission based security framework for Java EE
byRudy De Busscher
 
Token Authentication in ASP.NET Core
byStormpath
 
ApacheCon 2014: Infinite Session Clustering with Apache Shiro & Cassandra
byDataStax Academy
 
Security asp.net application
byZAIYAUL HAQUE
 
Learn Apache Shiro
bySmita Prasad
 
ASP.NET Web Security
bySharePointRadi
 
J2EE Security with Apache SHIRO
byCygnet Infotech
 
Javacro 2014 Spring Security 3 Speech
byFernando Redondo Ramírez
 
From 0 to Spring Security 4.0
byrobwinch
 
Secure API Services in Node with Basic Auth and OAuth2
byStormpath
 
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
byKenneth Peeples
 
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
byCA API Management
 
Enterprise Security mit Spring Security
byMike Wiesner
 

Viewers also liked

PPTX
Spring security
bySlimen Belhaj Ali
 
PPTX
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
byMartin Toshev
 
PDF
Java Security Manager Reloaded - Devoxx 2014
byJosef Cacek
 
PDF
What's New in spring-security-core 2.0
byBurt Beckwith
 
PPTX
Rest with Java EE 6 , Security , Backbone.js
byCarol McDonald
 
PDF
Дикие микросервисы на JUG Екатеринбург
byКирилл Толкачёв
 
PDF
Java security in the real world (Ryan Sciampacone)
byChris Bailey
 
PPT
Winning Strategy adopted in Mahabhrata Epic
byBharat Sharma
 
PPTX
Wed 2
byELIZALIV
 
PPTX
Power point aplicacion interactiva-uch
byGladys Flores Hurtado
 
PDF
My Five Minutes Bell!!
byMayra Lorena Diaz
 
PDF
Náquinas 3léctricas y transf0rmad0res lrving 1. k0sow - 2 ed
byyanderax
 
Spring security
bySlimen Belhaj Ali
 
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
byMartin Toshev
 
Java Security Manager Reloaded - Devoxx 2014
byJosef Cacek
 
What's New in spring-security-core 2.0
byBurt Beckwith
 
Rest with Java EE 6 , Security , Backbone.js
byCarol McDonald
 
Дикие микросервисы на JUG Екатеринбург
byКирилл Толкачёв
 
Java security in the real world (Ryan Sciampacone)
byChris Bailey
 
Winning Strategy adopted in Mahabhrata Epic
byBharat Sharma
 
Wed 2
byELIZALIV
 
Power point aplicacion interactiva-uch
byGladys Flores Hurtado
 
My Five Minutes Bell!!
byMayra Lorena Diaz
 
Náquinas 3léctricas y transf0rmad0res lrving 1. k0sow - 2 ed
byyanderax
 

Similar to Spring Security

PDF
Spring Security in Action 1st Edition Laurentiu Spilca
byqbjpyqyprq1924
 
PPTX
Spring Security: Deep dive into basics. Ihor Polataiko.pptx
byIhor Polataiko
 
PPTX
springb security.pptxdsdsgfdsgsdgsdgsdgdsgdsgds
byzmulani8
 
PPTX
Spring Security Framework
byJayasree Perilakkalam
 
PPTX
Spring Security services for web applications
byStephenKoc1
 
PDF
Getting started with Spring Security
byKnoldus Inc.
 
PPTX
Comprehensive_SpringBoot_Auth.pptx wokring
byJayaPrakash579769
 
PDF
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
byMatt Raible
 
PDF
Spring5 hibernate5 security5 lab step by step
byRajiv Gupta
 
PDF
Spring security jwt tutorial toptal
byjbsysatm
 
PDF
Spring4 security
bySang Shin
 
PDF
Spring Security
byKnoldus Inc.
 
PDF
Spring Security in Action 1st Edition Laurentiu Spilca Spilcă Laurenţiu
byticeyfedorvt
 
PDF
Spring security4.x
byZeeshan Khan
 
PDF
JavaCro'14 - Securing web applications with Spring Security 3 – Fernando Redo...
byHUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
PDF
Building layers of defense for your application
byVMware Tanzu
 
PPTX
Iasi code camp 20 april 2013 windows authentication-spring security -kerberos
byCodecamp Romania
 
PDF
Spring Security 5.5 From Taxi to Takeoff
byVMware Tanzu
 
PDF
Lesson07-UsernamePasswordAuthenticationFilter.pdf
byScott Anderson
 
PPTX
Spring security 3
byIT Weekend
 
Spring Security in Action 1st Edition Laurentiu Spilca
byqbjpyqyprq1924
 
Spring Security: Deep dive into basics. Ihor Polataiko.pptx
byIhor Polataiko
 
springb security.pptxdsdsgfdsgsdgsdgsdgdsgdsgds
byzmulani8
 
Spring Security Framework
byJayasree Perilakkalam
 
Spring Security services for web applications
byStephenKoc1
 
Getting started with Spring Security
byKnoldus Inc.
 
Comprehensive_SpringBoot_Auth.pptx wokring
byJayaPrakash579769
 
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
byMatt Raible
 
Spring5 hibernate5 security5 lab step by step
byRajiv Gupta
 
Spring security jwt tutorial toptal
byjbsysatm
 
Spring4 security
bySang Shin
 
Spring Security
byKnoldus Inc.
 
Spring Security in Action 1st Edition Laurentiu Spilca Spilcă Laurenţiu
byticeyfedorvt
 
Spring security4.x
byZeeshan Khan
 
JavaCro'14 - Securing web applications with Spring Security 3 – Fernando Redo...
byHUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
Building layers of defense for your application
byVMware Tanzu
 
Iasi code camp 20 april 2013 windows authentication-spring security -kerberos
byCodecamp Romania
 
Spring Security 5.5 From Taxi to Takeoff
byVMware Tanzu
 
Lesson07-UsernamePasswordAuthenticationFilter.pdf
byScott Anderson
 
Spring security 3
byIT Weekend
 

Recently uploaded

PPTX
Guardrails in Action - Ensuring Safe AI with Azure AI Content Safety.pptx
byUdaiappa Ramachandran
 
PDF
[BDD 2025 - Mobile Development] Exploring Apple’s On-Device FoundationModels
byWintari Yasmin
 
PDF
[BDD 2025 - Full-Stack Development] The Modern Stack: Building Web & AI Appli...
byWintari Yasmin
 
PPTX
"Feelings versus facts: why metrics are more important than intuition", Igor ...
byFwdays
 
PDF
10 Best Automation QA Testing Software Tools in 2025.pdf
byRohitBhandari66
 
PDF
[BDD 2025 - Full-Stack Development] Agentic AI Architecture: Redefining Syste...
byWintari Yasmin
 
PDF
How Much Does It Cost to Build an eCommerce Website in 2025.pdf
byPixlogix Infotech
 
PDF
[BDD 2025 - Artificial Intelligence] Building AI Systems That Users (and Comp...
byWintari Yasmin
 
PDF
ODSC AI West: Agent Optimization: Beyond Context engineering
byShashikant Jagtap
 
PDF
[BDD 2025 - Full-Stack Development] PHP in AI Age: The Laravel Way. (Rizqy Hi...
byWintari Yasmin
 
PDF
Mastering UiPath Maestro – Session 2 – Building a Live Use Case - Session 2
byDianaGray10
 
PDF
Cybersecurity Prevention and Detection: Unit 2
byVICTOR MAESTRE RAMIREZ
 
PDF
KMWorld - KM & AI Bring Collectivity, Nostalgia, & Selectivity
byJonathan Ralton
 
PDF
Transcript: The partnership effect: Libraries and publishers on collaborating...
byBookNet Canada
 
PPTX
UFCD 0797 - SISTEMAS OPERATIVOS_Unidade Completa.pptx
byscribddobruno
 
PDF
Integrating AI with Meaningful Human Collaboration
byCadabra Studio
 
PDF
The Necessity of Digital Forensics, the Digital Forensics Process & Laborator...
bychrstnpetwinchester
 
PDF
The Evolving Role of the CEO in the Age of AI
byPipal Tree Services Executive Search Firm
 
PDF
Crane Accident Prevention Guide: Key OSHA Regulations for Safer Operations
bySharpEagle Technology
 
PDF
How Much Does It Cost To Build Software
bycollinmishell2
 
Guardrails in Action - Ensuring Safe AI with Azure AI Content Safety.pptx
byUdaiappa Ramachandran
 
[BDD 2025 - Mobile Development] Exploring Apple’s On-Device FoundationModels
byWintari Yasmin
 
[BDD 2025 - Full-Stack Development] The Modern Stack: Building Web & AI Appli...
byWintari Yasmin
 
"Feelings versus facts: why metrics are more important than intuition", Igor ...
byFwdays
 
10 Best Automation QA Testing Software Tools in 2025.pdf
byRohitBhandari66
 
[BDD 2025 - Full-Stack Development] Agentic AI Architecture: Redefining Syste...
byWintari Yasmin
 
How Much Does It Cost to Build an eCommerce Website in 2025.pdf
byPixlogix Infotech
 
[BDD 2025 - Artificial Intelligence] Building AI Systems That Users (and Comp...
byWintari Yasmin
 
ODSC AI West: Agent Optimization: Beyond Context engineering
byShashikant Jagtap
 
[BDD 2025 - Full-Stack Development] PHP in AI Age: The Laravel Way. (Rizqy Hi...
byWintari Yasmin
 
Mastering UiPath Maestro – Session 2 – Building a Live Use Case - Session 2
byDianaGray10
 
Cybersecurity Prevention and Detection: Unit 2
byVICTOR MAESTRE RAMIREZ
 
KMWorld - KM & AI Bring Collectivity, Nostalgia, & Selectivity
byJonathan Ralton
 
Transcript: The partnership effect: Libraries and publishers on collaborating...
byBookNet Canada
 
UFCD 0797 - SISTEMAS OPERATIVOS_Unidade Completa.pptx
byscribddobruno
 
Integrating AI with Meaningful Human Collaboration
byCadabra Studio
 
The Necessity of Digital Forensics, the Digital Forensics Process & Laborator...
bychrstnpetwinchester
 
The Evolving Role of the CEO in the Age of AI
byPipal Tree Services Executive Search Firm
 
Crane Accident Prevention Guide: Key OSHA Regulations for Safer Operations
bySharpEagle Technology
 
How Much Does It Cost To Build Software
bycollinmishell2
 

Spring Security

  • 1.
    Spring Security -getting started
  • 2.
  • 3.
    Agenda • Getting Started •Spring Security Architecture • Basic Auth • Configuration / Demo / Pros - Cons • Form Auth • Configuration / Demo / Pros - Cons • Custom Auth • Configuration walkthrough and Demo
  • 4.
    Getting Started • AddMaven or Gradle dependencies. compile('org.springframework.boot:spring-boot-starter-security')
  • 5.
    Getting Started • FilterChain in Spring Boot app. • Filter Chain in Spring Boot App with Spring Security.
  • 7.
  • 8.
    Spring Security Components•Authentication Filter : e.g :UsernamePasswordAuthenticationFilter or BasicAuthenticationFilter • Authentication : to represent the principal in a Spring Security-specific manner. • Authentication Provider • Authentication Manager • UserDetailsService, to create a UserDetails when passed in a String-based username • UserDetails, to provide the necessary information to build an Authentication object from your application's DAOs or other source source of security data. • SecurityContextHolder, to provide access to the SecurityContext, default in ThreadLocal. • SecurityContext, to hold the Authentication and possibly request-specific security information. • GrantedAuthority, to reflect the application-wide permissions granted to a principal.
  • 10.
    Http Basic Authentication •Something of lowest common denominator. • Support on practically all servers natively and out of the box. • ubiquitous support on the client side in all languages. • curl --header "Authorization: Basic dXNlcjp3b3JkcGFzcw==" http://localhost:8080/admin • dXNlcjp3b3JkcGFzcw== user:wordpass
  • 11.
  • 12.
  • 13.
    Form Based Authentication •CSRF protection • Form Based Auth Demo
  • 14.
    Custom Authentication • Morethan one authentication. • Custom Authentication provider, User, Grants, UserDetailsService, AccessDeniedHandler. • Used of password encoder.
  • 16.
    Useful configs outof the box • BCryptPasswordEncoder. • Max number of concurrent sessions. • JDBC Authentication. • Configure filter.
  • 17.
    Spring Security Part-2 • Securing Microservices. • Token based Authentication • OAuth • OpenId
  • 18.
  • 19.

Editor's Notes

  • #12 Always send password with request. Not secure. No standard logout mechanism.