SlideShare une entreprise Scribd logo

Cqcon

Antonio Sanso
Antonio Sanso
Technologie
1  sur  27
Télécharger pour lire hors ligne
OAuth Server functionality in AEM Embrace Federation and unleash your REST APIs! 
 Antonio Sanso Software Engineer Adobe Research Switzerland
Who is this guy, BTW? eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ 9.eyJhdWQiOiJjb25uZWN0MjAxNCIsIm lzcyI6ImFzYW5zbyIsInN1YiI6ImFzYW5 zbyIsImV4cCI6MTQwMzYwMTU1OSwi aWF0IjoxNDAzNjAxNTU5fQ.9- MaGUiPg07ezuP9yAOaVLETQH6HMO pfoGwg_c0-PDw
Who is this guy, BTW? {  Software Engineer Adobe Research Switzerland {  VP (Chair) Apache Oltu (OAuth protocol implementation in Java) {  Committer and PMC member for Apache Sling {  Google Security hall of fame, Facebook security whitehat
Agenda { OAuth introduction { “OAuth dance” { Implementing OAuth { AEM and OAuth
Why OAuth? Several web sites offer you the chance to import the list of your contacts. It ONLY requires you giving your username and password. HOW NICE
OAuth Actors {  Resource Owner (Alice) { Client (Bob, worker at www.printondemand.biz ) { Server (Carol from Facebook) www.printondemand.biz
Traditional OAuth “dance” - Authorization Code Grant aka server side flow www.printondemand.biz 1. I want an Authz Code 2. Printondemand wants an Authz Code 3. Login and authorize 4. Here the Authz Code 5. Here we go Authorization: Bearer 1017097752d5f18f716cc90ac8a5e4c2a9ace6b9366526 684
Traditional OAuth “dance” - Authorization Code Grant aka server side flow www.printondemand.biz 1. I want an Authz Code 2. Printondemand wants an Authz Code 3. Login and authorize 4. Here the Authz Code 5. Here we go
Traditional OAuth “dance” - Authorization Code Grant aka server side flow www.printondemand.biz 1. I want an Authz Code 2. Printondemand wants an Authz Code 3. Login and authorize 4. Here the Authz Code 5. Here we go
Traditional OAuth “dance” - Authorization Code Grant aka server side flow www.printondemand.biz 1. I want an Authz Code 2. Printondemand wants an Authz Code 3. Login and authorize 4. Here the Authz Code 5. Here we go
How difficult is to implement OAuth ? OAuth client OAuth server
Bearer Token Authorization: Bearer 1017097752d5f18f716cc90ac8 a5e4c2a9ace6b9366526684
Scalable OAuth server { derive encryption key using salt1 { derive mac key using salt2 { generate random iv { encrypt. then mac(salt1 + iv + data) { transmit salt1, salt2 iv and encrypted
JSON Web Token eyJhbGciOiJIUzI1NiIs InR5cCI6IkpXVCJ9. eyJhdWQiOiJjb25uZ WN0MjAxNCIsImlzcy I6ImFzYW5zbyIsInN 1YiI6ImFzYW5zbyIsI mV4cCI6MTQwMzY wMTU1OSwiaWF0Ijo xNDAzNjAxNTU5fQ. MaGUiPg07ezuP9yA OaVLETQH6HMOpfo Gwg_c0-PDw {"alg":"HS256","typ":"JWT"} {"aud":"connect2014","iss":"asanso","sub":"asanso","exp": 1403601559,"iat":1403601559} HMAC Header Claims Signature
JSON Web Token
AEM: register an OAuth client http://<hostname>:<port>/libs/granite/oauth/content/newclient.html
AEM: edit an OAuth client • http://localhost:4502/libs/granite/oauth/content/ client.html/home/users/a/admin/oauth/ 3hp3gjumv1t51tdt8qnql3cb0u-ewt3wkjn
AEM: registered OAuth clients http://<hostname>:<port>/libs/granite/oauth/content/clients.html
AEM: OAuth consent screen
AEM: OAuth Endpoint { Authorization Endpoint - http://<hostname>:<port>/oauth/authorize { Token Endpoint -  http://<hostname>:<port>/oauth/token
AEM: OAuth APIs - Profile API
AEM: OAuth APIs - Profile API http://<hostname>:<port>/oauth/authorize? response_type=code&client_id=<client_id>&redirect_uri=<redirect_uri>&scope=profile
AEM: Profile API usage - Authentication
AEM: OAuth APIs - Extended Assume you have an API with an endpoint /content/assets OR You want to expose your content under /content/assets
AEM: OAuth APIs - Extended http://<hostname>:<port>/oauth/authorize? response_type=code&client_id=<client_id>&redirect_uri=<redirect_uri>&scope=/content/assets
References { OAuth 2.0 web site - http://oauth.net/2/ { OAuth 2.0 - http://tools.ietf.org/html/rfc6749 { Bearer Token - http://tools.ietf.org/html/rfc6750 { JWT - http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-23 { Apache Oltu - http://oltu.apache.org/ { http://intothesymmetry.blogspot.ch/
Cqcon

Recommandé

Top X OAuth 2 Hacks
Top X OAuth 2 HacksTop X OAuth 2 Hacks
Top X OAuth 2 HacksAntonio Sanso
 
festival ICT 2013: Solid as diamond: use ruby in an web application penetrati...
festival ICT 2013: Solid as diamond: use ruby in an web application penetrati...festival ICT 2013: Solid as diamond: use ruby in an web application penetrati...
festival ICT 2013: Solid as diamond: use ruby in an web application penetrati...festival ICT 2016
 
Real-time Web Application with Socket.IO, Node.js, and Redis
Real-time Web Application with Socket.IO, Node.js, and RedisReal-time Web Application with Socket.IO, Node.js, and Redis
Real-time Web Application with Socket.IO, Node.js, and RedisYork Tsai
 
Building & Hacking Modern iOS Apps
Building & Hacking Modern iOS AppsBuilding & Hacking Modern iOS Apps
Building & Hacking Modern iOS AppsSecuRing
 
Abusing & Securing XPC in macOS apps
Abusing & Securing XPC in macOS appsAbusing & Securing XPC in macOS apps
Abusing & Securing XPC in macOS appsSecuRing
 
Top Ten Web Hacking Techniques (2010)
Top Ten Web Hacking Techniques (2010)Top Ten Web Hacking Techniques (2010)
Top Ten Web Hacking Techniques (2010)Jeremiah Grossman
 
Memcache Injection (Hacktrick'15)
Memcache Injection (Hacktrick'15)Memcache Injection (Hacktrick'15)
Memcache Injection (Hacktrick'15)Ömer Çıtak
 
Real time web: is there a life without socket.io and node.js?
Real time web: is there a life without socket.io and node.js?Real time web: is there a life without socket.io and node.js?
Real time web: is there a life without socket.io and node.js?Eduard Trayan
 

Recommandé

Top X OAuth 2 Hacks
Top X OAuth 2 HacksTop X OAuth 2 Hacks
Top X OAuth 2 HacksAntonio Sanso
 
festival ICT 2013: Solid as diamond: use ruby in an web application penetrati...
festival ICT 2013: Solid as diamond: use ruby in an web application penetrati...festival ICT 2013: Solid as diamond: use ruby in an web application penetrati...
festival ICT 2013: Solid as diamond: use ruby in an web application penetrati...festival ICT 2016
 
Real-time Web Application with Socket.IO, Node.js, and Redis
Real-time Web Application with Socket.IO, Node.js, and RedisReal-time Web Application with Socket.IO, Node.js, and Redis
Real-time Web Application with Socket.IO, Node.js, and RedisYork Tsai
 
Building & Hacking Modern iOS Apps
Building & Hacking Modern iOS AppsBuilding & Hacking Modern iOS Apps
Building & Hacking Modern iOS AppsSecuRing
 
Abusing & Securing XPC in macOS apps
Abusing & Securing XPC in macOS appsAbusing & Securing XPC in macOS apps
Abusing & Securing XPC in macOS appsSecuRing
 
Top Ten Web Hacking Techniques (2010)
Top Ten Web Hacking Techniques (2010)Top Ten Web Hacking Techniques (2010)
Top Ten Web Hacking Techniques (2010)Jeremiah Grossman
 
Memcache Injection (Hacktrick'15)
Memcache Injection (Hacktrick'15)Memcache Injection (Hacktrick'15)
Memcache Injection (Hacktrick'15)Ömer Çıtak
 
Real time web: is there a life without socket.io and node.js?
Real time web: is there a life without socket.io and node.js?Real time web: is there a life without socket.io and node.js?
Real time web: is there a life without socket.io and node.js?Eduard Trayan
 
Integrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptIntegrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptFrancois Marier
 
URL to HTML
URL to HTMLURL to HTML
URL to HTMLFrancois Marier
 
URL to HTML
URL to HTMLURL to HTML
URL to HTMLFrancois Marier
 
Integrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptIntegrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptFrancois Marier
 
Weird new tricks for browser fingerprinting
Weird new tricks for browser fingerprintingWeird new tricks for browser fingerprinting
Weird new tricks for browser fingerprintingRoel Palmaers
 
Javascript Security
Javascript SecurityJavascript Security
Javascript Securityjgrahamc
 
44CON London 2015 - Hunting Asynchronous Vulnerabilities
44CON London 2015 - Hunting Asynchronous Vulnerabilities44CON London 2015 - Hunting Asynchronous Vulnerabilities
44CON London 2015 - Hunting Asynchronous Vulnerabilities44CON
 
Defending Against Attacks With Rails
Defending Against Attacks With RailsDefending Against Attacks With Rails
Defending Against Attacks With RailsTony Amoyal
 
[CB16] 80時間でWebを一周:クロムミウムオートメーションによるスケーラブルなフィンガープリント by Isaac Dawson
[CB16] 80時間でWebを一周:クロムミウムオートメーションによるスケーラブルなフィンガープリント by Isaac Dawson[CB16] 80時間でWebを一周:クロムミウムオートメーションによるスケーラブルなフィンガープリント by Isaac Dawson
[CB16] 80時間でWebを一周:クロムミウムオートメーションによるスケーラブルなフィンガープリント by Isaac DawsonCODE BLUE
 
Be ef presentation-securitybyte2011-michele_orru
Be ef presentation-securitybyte2011-michele_orruBe ef presentation-securitybyte2011-michele_orru
Be ef presentation-securitybyte2011-michele_orruMichele Orru
 
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés RianchoCODE BLUE
 
Web Uygulama Güvenliği (Akademik Bilişim 2016)
Web Uygulama Güvenliği (Akademik Bilişim 2016)Web Uygulama Güvenliği (Akademik Bilişim 2016)
Web Uygulama Güvenliği (Akademik Bilişim 2016)Ömer Çıtak
 
Cracking Into Embedded Devices - HACK.LU 2K8
Cracking Into Embedded Devices - HACK.LU 2K8Cracking Into Embedded Devices - HACK.LU 2K8
Cracking Into Embedded Devices - HACK.LU 2K8guest441c58b71
 
Null 14 may_lesser_known_attacks_by_ninadsarang
Null 14 may_lesser_known_attacks_by_ninadsarangNull 14 may_lesser_known_attacks_by_ninadsarang
Null 14 may_lesser_known_attacks_by_ninadsarangNinad Sarang
 
Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016bugcrowd
 
Hacktivity2011 be ef-preso_micheleorru
Hacktivity2011 be ef-preso_micheleorruHacktivity2011 be ef-preso_micheleorru
Hacktivity2011 be ef-preso_micheleorruMichele Orru
 
I'm in ur browser, pwning your stuff - Attacking (with) Google Chrome Extensions
I'm in ur browser, pwning your stuff - Attacking (with) Google Chrome ExtensionsI'm in ur browser, pwning your stuff - Attacking (with) Google Chrome Extensions
I'm in ur browser, pwning your stuff - Attacking (with) Google Chrome ExtensionsKrzysztof Kotowicz
 
When you don't have 0days: client-side exploitation for the masses
When you don't have 0days: client-side exploitation for the massesWhen you don't have 0days: client-side exploitation for the masses
When you don't have 0days: client-side exploitation for the massesMichele Orru
 
14. html 5 security considerations
14. html 5 security considerations14. html 5 security considerations
14. html 5 security considerationsEoin Keary
 
https
httpshttps
httpsJonas Lejon
 
How to defend from an attacker armed with a mathematician
How to defend from an attacker armed with a mathematician How to defend from an attacker armed with a mathematician
How to defend from an attacker armed with a mathematician Antonio Sanso
 
Cqcon2015
Cqcon2015Cqcon2015
Cqcon2015Antonio Sanso
 

Contenu connexe

Tendances

Integrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptIntegrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptFrancois Marier
 
Integrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptIntegrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptFrancois Marier
 
Weird new tricks for browser fingerprinting
Weird new tricks for browser fingerprintingWeird new tricks for browser fingerprinting
Weird new tricks for browser fingerprintingRoel Palmaers
 
Javascript Security
Javascript SecurityJavascript Security
Javascript Securityjgrahamc
 
44CON London 2015 - Hunting Asynchronous Vulnerabilities
44CON London 2015 - Hunting Asynchronous Vulnerabilities44CON London 2015 - Hunting Asynchronous Vulnerabilities
44CON London 2015 - Hunting Asynchronous Vulnerabilities44CON
 
Defending Against Attacks With Rails
Defending Against Attacks With RailsDefending Against Attacks With Rails
Defending Against Attacks With RailsTony Amoyal
 
[CB16] 80時間でWebを一周:クロムミウムオートメーションによるスケーラブルなフィンガープリント by Isaac Dawson
[CB16] 80時間でWebを一周:クロムミウムオートメーションによるスケーラブルなフィンガープリント by Isaac Dawson[CB16] 80時間でWebを一周:クロムミウムオートメーションによるスケーラブルなフィンガープリント by Isaac Dawson
[CB16] 80時間でWebを一周:クロムミウムオートメーションによるスケーラブルなフィンガープリント by Isaac DawsonCODE BLUE
 
Be ef presentation-securitybyte2011-michele_orru
Be ef presentation-securitybyte2011-michele_orruBe ef presentation-securitybyte2011-michele_orru
Be ef presentation-securitybyte2011-michele_orruMichele Orru
 
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés RianchoCODE BLUE
 
Web Uygulama Güvenliği (Akademik Bilişim 2016)
Web Uygulama Güvenliği (Akademik Bilişim 2016)Web Uygulama Güvenliği (Akademik Bilişim 2016)
Web Uygulama Güvenliği (Akademik Bilişim 2016)Ömer Çıtak
 
Cracking Into Embedded Devices - HACK.LU 2K8
Cracking Into Embedded Devices - HACK.LU 2K8Cracking Into Embedded Devices - HACK.LU 2K8
Cracking Into Embedded Devices - HACK.LU 2K8guest441c58b71
 
Null 14 may_lesser_known_attacks_by_ninadsarang
Null 14 may_lesser_known_attacks_by_ninadsarangNull 14 may_lesser_known_attacks_by_ninadsarang
Null 14 may_lesser_known_attacks_by_ninadsarangNinad Sarang
 
Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016bugcrowd
 
Hacktivity2011 be ef-preso_micheleorru
Hacktivity2011 be ef-preso_micheleorruHacktivity2011 be ef-preso_micheleorru
Hacktivity2011 be ef-preso_micheleorruMichele Orru
 
I'm in ur browser, pwning your stuff - Attacking (with) Google Chrome Extensions
I'm in ur browser, pwning your stuff - Attacking (with) Google Chrome ExtensionsI'm in ur browser, pwning your stuff - Attacking (with) Google Chrome Extensions
I'm in ur browser, pwning your stuff - Attacking (with) Google Chrome ExtensionsKrzysztof Kotowicz
 
When you don't have 0days: client-side exploitation for the masses
When you don't have 0days: client-side exploitation for the massesWhen you don't have 0days: client-side exploitation for the masses
When you don't have 0days: client-side exploitation for the massesMichele Orru
 
14. html 5 security considerations
14. html 5 security considerations14. html 5 security considerations
14. html 5 security considerationsEoin Keary
 

Tendances (20)

Integrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptIntegrity protection for third-party JavaScript
Integrity protection for third-party JavaScript
 
URL to HTML
URL to HTMLURL to HTML
URL to HTML
 
URL to HTML
URL to HTMLURL to HTML
URL to HTML
 
Integrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptIntegrity protection for third-party JavaScript
Integrity protection for third-party JavaScript
 
Weird new tricks for browser fingerprinting
Weird new tricks for browser fingerprintingWeird new tricks for browser fingerprinting
Weird new tricks for browser fingerprinting
 
Javascript Security
Javascript SecurityJavascript Security
Javascript Security
 
44CON London 2015 - Hunting Asynchronous Vulnerabilities
44CON London 2015 - Hunting Asynchronous Vulnerabilities44CON London 2015 - Hunting Asynchronous Vulnerabilities
44CON London 2015 - Hunting Asynchronous Vulnerabilities
 
Defending Against Attacks With Rails
Defending Against Attacks With RailsDefending Against Attacks With Rails
Defending Against Attacks With Rails
 
[CB16] 80時間でWebを一周:クロムミウムオートメーションによるスケーラブルなフィンガープリント by Isaac Dawson
[CB16] 80時間でWebを一周:クロムミウムオートメーションによるスケーラブルなフィンガープリント by Isaac Dawson[CB16] 80時間でWebを一周:クロムミウムオートメーションによるスケーラブルなフィンガープリント by Isaac Dawson
[CB16] 80時間でWebを一周:クロムミウムオートメーションによるスケーラブルなフィンガープリント by Isaac Dawson
 
Be ef presentation-securitybyte2011-michele_orru
Be ef presentation-securitybyte2011-michele_orruBe ef presentation-securitybyte2011-michele_orru
Be ef presentation-securitybyte2011-michele_orru
 
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
 
Web Uygulama Güvenliği (Akademik Bilişim 2016)
Web Uygulama Güvenliği (Akademik Bilişim 2016)Web Uygulama Güvenliği (Akademik Bilişim 2016)
Web Uygulama Güvenliği (Akademik Bilişim 2016)
 
Cracking Into Embedded Devices - HACK.LU 2K8
Cracking Into Embedded Devices - HACK.LU 2K8Cracking Into Embedded Devices - HACK.LU 2K8
Cracking Into Embedded Devices - HACK.LU 2K8
 
Null 14 may_lesser_known_attacks_by_ninadsarang
Null 14 may_lesser_known_attacks_by_ninadsarangNull 14 may_lesser_known_attacks_by_ninadsarang
Null 14 may_lesser_known_attacks_by_ninadsarang
 
Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016
 
Hacktivity2011 be ef-preso_micheleorru
Hacktivity2011 be ef-preso_micheleorruHacktivity2011 be ef-preso_micheleorru
Hacktivity2011 be ef-preso_micheleorru
 
I'm in ur browser, pwning your stuff - Attacking (with) Google Chrome Extensions
I'm in ur browser, pwning your stuff - Attacking (with) Google Chrome ExtensionsI'm in ur browser, pwning your stuff - Attacking (with) Google Chrome Extensions
I'm in ur browser, pwning your stuff - Attacking (with) Google Chrome Extensions
 
When you don't have 0days: client-side exploitation for the masses
When you don't have 0days: client-side exploitation for the massesWhen you don't have 0days: client-side exploitation for the masses
When you don't have 0days: client-side exploitation for the masses
 
14. html 5 security considerations
14. html 5 security considerations14. html 5 security considerations
14. html 5 security considerations
 
https
httpshttps
https
 

En vedette

How to defend from an attacker armed with a mathematician
How to defend from an attacker armed with a mathematician How to defend from an attacker armed with a mathematician
How to defend from an attacker armed with a mathematician Antonio Sanso
 
CIRCUIT 2015 - Content API's For AEM Sites
CIRCUIT 2015 - Content API's For AEM SitesCIRCUIT 2015 - Content API's For AEM Sites
CIRCUIT 2015 - Content API's For AEM SitesICF CIRCUIT
 
When dispatcher caching is not enough...
When dispatcher caching is not enough...When dispatcher caching is not enough...
When dispatcher caching is not enough...Jakub Wadolowski
 
AEM 6.0 Touch-optimized UI
AEM 6.0 Touch-optimized UIAEM 6.0 Touch-optimized UI
AEM 6.0 Touch-optimized UIGilles Knobloch
 
Introducing Apache Jackrabbit OAK
Introducing Apache Jackrabbit OAKIntroducing Apache Jackrabbit OAK
Introducing Apache Jackrabbit OAKYash Mody
 
AEM 6.0 - Author UI Customization & Features
AEM 6.0 - Author UI Customization & FeaturesAEM 6.0 - Author UI Customization & Features
AEM 6.0 - Author UI Customization & FeaturesAbhinit Bhatnagar
 
OAuth Hacks A gentle introduction to OAuth 2 and Apache Oltu
OAuth Hacks A gentle introduction to OAuth 2 and Apache OltuOAuth Hacks A gentle introduction to OAuth 2 and Apache Oltu
OAuth Hacks A gentle introduction to OAuth 2 and Apache OltuAntonio Sanso
 
Aem authentication vs idp
Aem authentication vs idpAem authentication vs idp
Aem authentication vs idpSaroj Mishra
 
AEM 6.1 User Interface Customization
AEM 6.1 User Interface CustomizationAEM 6.1 User Interface Customization
AEM 6.1 User Interface CustomizationChristian Meyer
 
CIRCUIT 2015 - Hybrid App Development with AEM Apps
CIRCUIT 2015 - Hybrid App Development with AEM AppsCIRCUIT 2015 - Hybrid App Development with AEM Apps
CIRCUIT 2015 - Hybrid App Development with AEM AppsICF CIRCUIT
 
CIRCUIT 2015 - AEM Infrastructure Automation with Chef Cookbooks
CIRCUIT 2015 - AEM Infrastructure Automation with Chef CookbooksCIRCUIT 2015 - AEM Infrastructure Automation with Chef Cookbooks
CIRCUIT 2015 - AEM Infrastructure Automation with Chef CookbooksICF CIRCUIT
 
User Interface customization for AEM 6
User Interface customization for AEM 6User Interface customization for AEM 6
User Interface customization for AEM 6Damien Antipa
 
Adobe AEM Commerce with hybris
Adobe AEM Commerce with hybrisAdobe AEM Commerce with hybris
Adobe AEM Commerce with hybrisPaolo Mottadelli
 
Master Chef class: learn how to quickly cook delightful CQ/AEM infrastructures
Master Chef class: learn how to quickly cook delightful CQ/AEM infrastructuresMaster Chef class: learn how to quickly cook delightful CQ/AEM infrastructures
Master Chef class: learn how to quickly cook delightful CQ/AEM infrastructuresFrançois Le Droff
 
AEM (CQ) eCommerce Framework
AEM (CQ) eCommerce FrameworkAEM (CQ) eCommerce Framework
AEM (CQ) eCommerce FrameworkPaolo Mottadelli
 
AEM Best Practices for Component Development
AEM Best Practices for Component DevelopmentAEM Best Practices for Component Development
AEM Best Practices for Component DevelopmentGabriel Walt
 

En vedette (20)

How to defend from an attacker armed with a mathematician
How to defend from an attacker armed with a mathematician How to defend from an attacker armed with a mathematician
How to defend from an attacker armed with a mathematician
 
Cqcon2015
Cqcon2015Cqcon2015
Cqcon2015
 
CIRCUIT 2015 - Content API's For AEM Sites
CIRCUIT 2015 - Content API's For AEM SitesCIRCUIT 2015 - Content API's For AEM Sites
CIRCUIT 2015 - Content API's For AEM Sites
 
When dispatcher caching is not enough...
When dispatcher caching is not enough...When dispatcher caching is not enough...
When dispatcher caching is not enough...
 
AEM 6.0 Touch-optimized UI
AEM 6.0 Touch-optimized UIAEM 6.0 Touch-optimized UI
AEM 6.0 Touch-optimized UI
 
Introducing Apache Jackrabbit OAK
Introducing Apache Jackrabbit OAKIntroducing Apache Jackrabbit OAK
Introducing Apache Jackrabbit OAK
 
AEM 6.0 - Author UI Customization & Features
AEM 6.0 - Author UI Customization & FeaturesAEM 6.0 - Author UI Customization & Features
AEM 6.0 - Author UI Customization & Features
 
OAuth Hacks A gentle introduction to OAuth 2 and Apache Oltu
OAuth Hacks A gentle introduction to OAuth 2 and Apache OltuOAuth Hacks A gentle introduction to OAuth 2 and Apache Oltu
OAuth Hacks A gentle introduction to OAuth 2 and Apache Oltu
 
(Re)discover your AEM
(Re)discover your AEM(Re)discover your AEM
(Re)discover your AEM
 
Aem authentication vs idp
Aem authentication vs idpAem authentication vs idp
Aem authentication vs idp
 
AEM 6.1 User Interface Customization
AEM 6.1 User Interface CustomizationAEM 6.1 User Interface Customization
AEM 6.1 User Interface Customization
 
AEM - Client Libraries
AEM - Client LibrariesAEM - Client Libraries
AEM - Client Libraries
 
REST in AEM
REST in AEMREST in AEM
REST in AEM
 
CIRCUIT 2015 - Hybrid App Development with AEM Apps
CIRCUIT 2015 - Hybrid App Development with AEM AppsCIRCUIT 2015 - Hybrid App Development with AEM Apps
CIRCUIT 2015 - Hybrid App Development with AEM Apps
 
CIRCUIT 2015 - AEM Infrastructure Automation with Chef Cookbooks
CIRCUIT 2015 - AEM Infrastructure Automation with Chef CookbooksCIRCUIT 2015 - AEM Infrastructure Automation with Chef Cookbooks
CIRCUIT 2015 - AEM Infrastructure Automation with Chef Cookbooks
 
User Interface customization for AEM 6
User Interface customization for AEM 6User Interface customization for AEM 6
User Interface customization for AEM 6
 
Adobe AEM Commerce with hybris
Adobe AEM Commerce with hybrisAdobe AEM Commerce with hybris
Adobe AEM Commerce with hybris
 
Master Chef class: learn how to quickly cook delightful CQ/AEM infrastructures
Master Chef class: learn how to quickly cook delightful CQ/AEM infrastructuresMaster Chef class: learn how to quickly cook delightful CQ/AEM infrastructures
Master Chef class: learn how to quickly cook delightful CQ/AEM infrastructures
 
AEM (CQ) eCommerce Framework
AEM (CQ) eCommerce FrameworkAEM (CQ) eCommerce Framework
AEM (CQ) eCommerce Framework
 
AEM Best Practices for Component Development
AEM Best Practices for Component DevelopmentAEM Best Practices for Component Development
AEM Best Practices for Component Development
 

Similaire à Cqcon

FIDO 생체인증 기술 개발 사례
FIDO 생체인증 기술 개발 사례FIDO 생체인증 기술 개발 사례
FIDO 생체인증 기술 개발 사례Lee Ji Eun
 
OAuth con doorkeeper
OAuth con doorkeeperOAuth con doorkeeper
OAuth con doorkeeperSergio Marin
 
What the Heck is OAuth and Open ID Connect? - UberConf 2017
What the Heck is OAuth and Open ID Connect? - UberConf 2017What the Heck is OAuth and Open ID Connect? - UberConf 2017
What the Heck is OAuth and Open ID Connect? - UberConf 2017Matt Raible
 
Liferay workshop
Liferay workshopLiferay workshop
Liferay workshopahmadsayed
 
ASFWS 2013 Rump Session - Abusing Twitter API One year later… Nicolas Seriot
ASFWS 2013 Rump Session - Abusing Twitter API One year later… Nicolas SeriotASFWS 2013 Rump Session - Abusing Twitter API One year later… Nicolas Seriot
ASFWS 2013 Rump Session - Abusing Twitter API One year later… Nicolas SeriotCyber Security Alliance
 
What the Heck is OAuth and OpenID Connect - RWX 2017
What the Heck is OAuth and OpenID Connect - RWX 2017What the Heck is OAuth and OpenID Connect - RWX 2017
What the Heck is OAuth and OpenID Connect - RWX 2017Matt Raible
 
Web Services with OAuth
Web Services with OAuthWeb Services with OAuth
Web Services with OAuthMarcus Ramberg
 
You wanna crypto in AEM
You wanna crypto in AEMYou wanna crypto in AEM
You wanna crypto in AEMDamien Antipa
 
Securing Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXSecuring Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXDocker, Inc.
 
Enterprise AIR Development for JavaScript Developers
Enterprise AIR Development for JavaScript DevelopersEnterprise AIR Development for JavaScript Developers
Enterprise AIR Development for JavaScript DevelopersAndreCharland
 
What the Heck is OAuth and OpenID Connect - DOSUG 2018
What the Heck is OAuth and OpenID Connect - DOSUG 2018What the Heck is OAuth and OpenID Connect - DOSUG 2018
What the Heck is OAuth and OpenID Connect - DOSUG 2018Matt Raible
 
Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...
Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...
Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...André Goliath
 
I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)Joel Lord
 
Stateless authentication for microservices applications - JavaLand 2015
Stateless authentication for microservices applications - JavaLand 2015Stateless authentication for microservices applications - JavaLand 2015
Stateless authentication for microservices applications - JavaLand 2015Alvaro Sanchez-Mariscal
 
Authorization with oAuth
Authorization with oAuthAuthorization with oAuth
Authorization with oAuthVivastream
 
O auth how_to
O auth how_toO auth how_to
O auth how_tovivaqa
 
Securing your apps with OAuth2 and OpenID Connect - Roland Guijt - Codemotion...
Securing your apps with OAuth2 and OpenID Connect - Roland Guijt - Codemotion...Securing your apps with OAuth2 and OpenID Connect - Roland Guijt - Codemotion...
Securing your apps with OAuth2 and OpenID Connect - Roland Guijt - Codemotion...Codemotion
 
WebRTC 101 - How to get started building your first WebRTC application
WebRTC 101 - How to get started building your first WebRTC applicationWebRTC 101 - How to get started building your first WebRTC application
WebRTC 101 - How to get started building your first WebRTC applicationDan Jenkins
 

Similaire à Cqcon (20)

FIDO 생체인증 기술 개발 사례
FIDO 생체인증 기술 개발 사례FIDO 생체인증 기술 개발 사례
FIDO 생체인증 기술 개발 사례
 
OAuth con doorkeeper
OAuth con doorkeeperOAuth con doorkeeper
OAuth con doorkeeper
 
What the Heck is OAuth and Open ID Connect? - UberConf 2017
What the Heck is OAuth and Open ID Connect? - UberConf 2017What the Heck is OAuth and Open ID Connect? - UberConf 2017
What the Heck is OAuth and Open ID Connect? - UberConf 2017
 
Liferay workshop
Liferay workshopLiferay workshop
Liferay workshop
 
ASFWS 2013 Rump Session - Abusing Twitter API One year later… Nicolas Seriot
ASFWS 2013 Rump Session - Abusing Twitter API One year later… Nicolas SeriotASFWS 2013 Rump Session - Abusing Twitter API One year later… Nicolas Seriot
ASFWS 2013 Rump Session - Abusing Twitter API One year later… Nicolas Seriot
 
What the Heck is OAuth and OpenID Connect - RWX 2017
What the Heck is OAuth and OpenID Connect - RWX 2017What the Heck is OAuth and OpenID Connect - RWX 2017
What the Heck is OAuth and OpenID Connect - RWX 2017
 
Web Services with OAuth
Web Services with OAuthWeb Services with OAuth
Web Services with OAuth
 
You wanna crypto in AEM
You wanna crypto in AEMYou wanna crypto in AEM
You wanna crypto in AEM
 
Securing Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXSecuring Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINX
 
Enterprise AIR Development for JavaScript Developers
Enterprise AIR Development for JavaScript DevelopersEnterprise AIR Development for JavaScript Developers
Enterprise AIR Development for JavaScript Developers
 
Jwt Security
Jwt SecurityJwt Security
Jwt Security
 
What the Heck is OAuth and OpenID Connect - DOSUG 2018
What the Heck is OAuth and OpenID Connect - DOSUG 2018What the Heck is OAuth and OpenID Connect - DOSUG 2018
What the Heck is OAuth and OpenID Connect - DOSUG 2018
 
Kiwipycon command line
Kiwipycon command lineKiwipycon command line
Kiwipycon command line
 
Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...
Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...
Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...
 
I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)
 
Stateless authentication for microservices applications - JavaLand 2015
Stateless authentication for microservices applications - JavaLand 2015Stateless authentication for microservices applications - JavaLand 2015
Stateless authentication for microservices applications - JavaLand 2015
 
Authorization with oAuth
Authorization with oAuthAuthorization with oAuth
Authorization with oAuth
 
O auth how_to
O auth how_toO auth how_to
O auth how_to
 
Securing your apps with OAuth2 and OpenID Connect - Roland Guijt - Codemotion...
Securing your apps with OAuth2 and OpenID Connect - Roland Guijt - Codemotion...Securing your apps with OAuth2 and OpenID Connect - Roland Guijt - Codemotion...
Securing your apps with OAuth2 and OpenID Connect - Roland Guijt - Codemotion...
 
WebRTC 101 - How to get started building your first WebRTC application
WebRTC 101 - How to get started building your first WebRTC applicationWebRTC 101 - How to get started building your first WebRTC application
WebRTC 101 - How to get started building your first WebRTC application
 

Dernier

DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 

Dernier (20)

DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 

Cqcon