Soumettre la recherche
Mettre en ligne
Spring security 3
•
Télécharger en tant que PPTX, PDF
•
1 j'aime
•
804 vues
IT Weekend
Suivre
by Maksym Titov
Lire moins
Lire la suite
Technologie
Signaler
Partager
Signaler
Partager
1 sur 16
Télécharger maintenant
Recommandé
Secure Middleware with JBoss AS 5
Secure Middleware with JBoss AS 5
Anil Saldanha
Physical Access Control and Identity Management
Physical Access Control and Identity Management
Mayank Jain
Pattern For Ws Security
Pattern For Ws Security
Gianfranco Conti
Distributed cache service
Distributed cache service
prajeeshprathap
Chapter (2) 2
Chapter (2) 2
YA11
Jsug 20160422 slides
Jsug 20160422 slides
Yuichi Hasegawa
Spring Security
Spring Security
Boy Tech
Spring Day 2016 - Web API アクセス制御の最適解
Spring Day 2016 - Web API アクセス制御の最適解
都元ダイスケ Miyamoto
Recommandé
Secure Middleware with JBoss AS 5
Secure Middleware with JBoss AS 5
Anil Saldanha
Physical Access Control and Identity Management
Physical Access Control and Identity Management
Mayank Jain
Pattern For Ws Security
Pattern For Ws Security
Gianfranco Conti
Distributed cache service
Distributed cache service
prajeeshprathap
Chapter (2) 2
Chapter (2) 2
YA11
Jsug 20160422 slides
Jsug 20160422 slides
Yuichi Hasegawa
Spring Security
Spring Security
Boy Tech
Spring Day 2016 - Web API アクセス制御の最適解
Spring Day 2016 - Web API アクセス制御の最適解
都元ダイスケ Miyamoto
ASP.NET Web Security
ASP.NET Web Security
SharePointRadi
Spring Security.ppt
Spring Security.ppt
Patiento Del Mar
SqlSa94
SqlSa94
Gabriel Villa
Security As A Service
Security As A Service
guest536dd0e
Java secure development part 3
Java secure development part 3
Rafel Ivgi
Securing you SQL Server - Denver, RMTT
Securing you SQL Server - Denver, RMTT
Gabriel Villa
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
Risk Analysis Consultants, s.r.o.
Java EE Web Security By Example: Frank Kim
Java EE Web Security By Example: Frank Kim
jaxconf
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...
IBM Danmark
Java Web Programming [9/9] : Web Application Security
Java Web Programming [9/9] : Web Application Security
IMC Institute
Spring Framework - Spring Security
Spring Framework - Spring Security
Dzmitry Naskou
Positive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-rays
qqlan
Fortress SQL Server
Fortress SQL Server
webhostingguy
Database Systems Security
Database Systems Security
amiable_indian
The hidden gems of Spring Security
The hidden gems of Spring Security
Massimiliano Dessì
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...
Amazon Web Services
Utilize the Full Power of GlassFish Server and Java EE Security
Utilize the Full Power of GlassFish Server and Java EE Security
Masoud Kalali
Spring Security 3
Spring Security 3
Jason Ferguson
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
MongoDB
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management Program
BeyondTrust
Quality attributes testing. From Architecture to test acceptance
Quality attributes testing. From Architecture to test acceptance
IT Weekend
Mobile development for JavaScript developer
Mobile development for JavaScript developer
IT Weekend
Contenu connexe
Similaire à Spring security 3
ASP.NET Web Security
ASP.NET Web Security
SharePointRadi
Spring Security.ppt
Spring Security.ppt
Patiento Del Mar
SqlSa94
SqlSa94
Gabriel Villa
Security As A Service
Security As A Service
guest536dd0e
Java secure development part 3
Java secure development part 3
Rafel Ivgi
Securing you SQL Server - Denver, RMTT
Securing you SQL Server - Denver, RMTT
Gabriel Villa
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
Risk Analysis Consultants, s.r.o.
Java EE Web Security By Example: Frank Kim
Java EE Web Security By Example: Frank Kim
jaxconf
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...
IBM Danmark
Java Web Programming [9/9] : Web Application Security
Java Web Programming [9/9] : Web Application Security
IMC Institute
Spring Framework - Spring Security
Spring Framework - Spring Security
Dzmitry Naskou
Positive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-rays
qqlan
Fortress SQL Server
Fortress SQL Server
webhostingguy
Database Systems Security
Database Systems Security
amiable_indian
The hidden gems of Spring Security
The hidden gems of Spring Security
Massimiliano Dessì
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...
Amazon Web Services
Utilize the Full Power of GlassFish Server and Java EE Security
Utilize the Full Power of GlassFish Server and Java EE Security
Masoud Kalali
Spring Security 3
Spring Security 3
Jason Ferguson
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
MongoDB
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management Program
BeyondTrust
Similaire à Spring security 3
(20)
ASP.NET Web Security
ASP.NET Web Security
Spring Security.ppt
Spring Security.ppt
SqlSa94
SqlSa94
Security As A Service
Security As A Service
Java secure development part 3
Java secure development part 3
Securing you SQL Server - Denver, RMTT
Securing you SQL Server - Denver, RMTT
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
Java EE Web Security By Example: Frank Kim
Java EE Web Security By Example: Frank Kim
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...
Java Web Programming [9/9] : Web Application Security
Java Web Programming [9/9] : Web Application Security
Spring Framework - Spring Security
Spring Framework - Spring Security
Positive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-rays
Fortress SQL Server
Fortress SQL Server
Database Systems Security
Database Systems Security
The hidden gems of Spring Security
The hidden gems of Spring Security
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...
Utilize the Full Power of GlassFish Server and Java EE Security
Utilize the Full Power of GlassFish Server and Java EE Security
Spring Security 3
Spring Security 3
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management Program
Plus de IT Weekend
Quality attributes testing. From Architecture to test acceptance
Quality attributes testing. From Architecture to test acceptance
IT Weekend
Mobile development for JavaScript developer
Mobile development for JavaScript developer
IT Weekend
Building an Innovation & Strategy Process
Building an Innovation & Strategy Process
IT Weekend
IT Professionals – The Right Time/The Right Place
IT Professionals – The Right Time/The Right Place
IT Weekend
Building a Data Driven Organization
Building a Data Driven Organization
IT Weekend
7 Tools for the Product Owner
7 Tools for the Product Owner
IT Weekend
Hacking your Doorbell
Hacking your Doorbell
IT Weekend
An era of possibilities, a window in time
An era of possibilities, a window in time
IT Weekend
Web services automation from sketch
Web services automation from sketch
IT Weekend
Why Ruby?
Why Ruby?
IT Weekend
REST that won't make you cry
REST that won't make you cry
IT Weekend
Как договариваться с начальником и заказчиком: выбираем нужный протокол общения
Как договариваться с начальником и заказчиком: выбираем нужный протокол общения
IT Weekend
Обзор программы SAP HANA Startup Focus
Обзор программы SAP HANA Startup Focus
IT Weekend
World of Agile: Kanban
World of Agile: Kanban
IT Weekend
Risk Management
Risk Management
IT Weekend
«Spring Integration as Integration Patterns Provider»
«Spring Integration as Integration Patterns Provider»
IT Weekend
Cutting edge of Machine Learning
Cutting edge of Machine Learning
IT Weekend
Parallel Programming In Modern World .NET Technics
Parallel Programming In Modern World .NET Technics
IT Weekend
Parallel programming in modern world .net technics shared
Parallel programming in modern world .net technics shared
IT Weekend
Maximize Effectiveness of Human Capital
Maximize Effectiveness of Human Capital
IT Weekend
Plus de IT Weekend
(20)
Quality attributes testing. From Architecture to test acceptance
Quality attributes testing. From Architecture to test acceptance
Mobile development for JavaScript developer
Mobile development for JavaScript developer
Building an Innovation & Strategy Process
Building an Innovation & Strategy Process
IT Professionals – The Right Time/The Right Place
IT Professionals – The Right Time/The Right Place
Building a Data Driven Organization
Building a Data Driven Organization
7 Tools for the Product Owner
7 Tools for the Product Owner
Hacking your Doorbell
Hacking your Doorbell
An era of possibilities, a window in time
An era of possibilities, a window in time
Web services automation from sketch
Web services automation from sketch
Why Ruby?
Why Ruby?
REST that won't make you cry
REST that won't make you cry
Как договариваться с начальником и заказчиком: выбираем нужный протокол общения
Как договариваться с начальником и заказчиком: выбираем нужный протокол общения
Обзор программы SAP HANA Startup Focus
Обзор программы SAP HANA Startup Focus
World of Agile: Kanban
World of Agile: Kanban
Risk Management
Risk Management
«Spring Integration as Integration Patterns Provider»
«Spring Integration as Integration Patterns Provider»
Cutting edge of Machine Learning
Cutting edge of Machine Learning
Parallel Programming In Modern World .NET Technics
Parallel Programming In Modern World .NET Technics
Parallel programming in modern world .net technics shared
Parallel programming in modern world .net technics shared
Maximize Effectiveness of Human Capital
Maximize Effectiveness of Human Capital
Dernier
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
shyamraj55
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?
Mark Billinghurst
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
CzechDreamin
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
panagenda
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
Srushith Repakula
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
confluent
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
Samy Fodil
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101
vincent683379
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Julian Hyde
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
IES VE
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
CzechDreamin
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
FIDO Alliance
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
Femke de Vroome
Overview of Hyperledger Foundation
Overview of Hyperledger Foundation
Hyperleger Tokyo Meetup
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
marcuskenyatta275
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
FIDO Alliance
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
UXDXConf
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
UXDXConf
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
Patrick Viafore
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
FIDO Alliance
Dernier
(20)
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
Overview of Hyperledger Foundation
Overview of Hyperledger Foundation
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
Spring security 3
1.
Spring security 3
Maksym Titov 27.4.2011
2.
Why Spring Security? Popularity,
Features
3.
Three easy steps
4.
Filter chain
5.
User experience
6.
Password change management
InMemoryDaoImpl Configuration Page Controller
7.
Securing Credential Storage Database
8.
Advanced configuration of JdbcDaoImpl User
Legacy groups schema
9.
Secure passwords Encoding, salt
10.
‘Remember me’
Safe, but be careful
11.
SSL Transport layer security
12.
Business layer security public
interface IUserService { @PreAuthorize("hasRole('ROLE_USER')") public void changePassword(String username, String password); } @PreAuthorize JSR-250 compliant rules @Secured Aspect Oriented Programming Conditional rendering
13.
Internal customization SECURITY FILTER
AUTHENTICATION PROVIDER
14.
Session management and
concurrency Session fixation Concurrent session control
15.
Exception handling <http
auto-config="true" ...> <access-denied-handler error-page = "/accessDenied.do"/> </http> AuthenticationException AccessDeniedException
16.
External security systems Active
directory OpenId LDAP
Notes de l'éditeur
-it packages up everything you need to implement a top-to-bottom application security-integration with many common enterprise authentication systems
Implementing a Spring Security XMLconfiguration file<?xml version="1.0" encoding="UTF-8"?><beans:beansxmlns="http://www.springframework.org/schema/security"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xmlns:beans="http://www.springframework.org/schema/beans"xsi:schemaLocation="http://www.springframework.org/schema/beanshttp://www.springframework.org/schema/beans/spring-beans.xsdhttp://www.springframework.org/schema/securityhttp://www.springframework.org/schema/security/spring-security-3.0.xsd"> <http auto-config="true"> <intercept-url pattern="/*" access="ROLE_USER"/> </http> <authentication-manager alias="authenticationManager"> <authentication-provider> <user-service> <user authorities="ROLE_USER" name="guest" password="guest"/> </user-service> </authentication-provider> </authentication-manager></beans:beans>Adding the Spring DelegatingFilterProxyto your web.xml file<filter> <filter-name>springSecurityFilterChain</filter-name> <filterclass>org.springframework.web.filter.DelegatingFilterProxy </filter-class></filter><filter-mapping><filter-name>springSecurityFilterChain</filter-name><url-pattern>/*</url-pattern></filter-mapping>Adding the Spring Security XML configurationfile reference to web.xml<servlet> <servlet-name>dogstore</servlet-name> <servletclass>org.springframework.web.servlet.DispatcherServlet </servlet-class> <load-on-startup>1</load-on-startup></servlet>
Login page customization – login controllerlogin JSP<http auto-config="true" use-expressions="true"><intercept-url pattern="/*" access="hasRole('ROLE_USER')"/><form-login login-page="/login.do" /></http>
Télécharger maintenant