Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Spring security

Spring security configuration, basic architecture, filter proxy and ant patterns,

  • Identifiez-vous pour voir les commentaires

Spring security

  1. 1. Spring Security [ Security Reloaded ]
  2. 2. Topics • What is security? • Acquaring & integrating Spring Security • HTTP BASIC authentication (Basic & Form Login/Logout options) • Authorization • Security Interceptors, Filters • Authentication Manager & Provider, Authorization Manager & Provider • Advance concept of integration By: SAURABH SHARMA | http://javazone.techsharezone.com 2
  3. 3. What is security? • Spring Security provides comprehensive security services for J2EE-based enterprise software applications. Its powerful, flexible and pluggable. • Formerly known as “Acegi Security”. • Authentication – Database, LDAP, CAS, OpenID, Pre-Authentication, custom, etc. • Authorization – URL based, Method based (AOP) • Its not Firewall, proxy sever, instruction detection system, OS security, JVM security etc. By: SAURABH SHARMA | http://javazone.techsharezone.com 3
  4. 4. Major Operations • Authentication (Prove who you say you are!) – process of establishing a principal (user, system etc. which can perform an action in application) • Authorization (We know who you are but are you allowed to access what you want) – process of deciding whether a principal allowed to perform an action (access-control -> admin, leader, member, contractor, anonymous etc.) Authorization process establishes identity of the principal , which is used for authorizationdecision. By: SAURABH SHARMA | http://javazone.techsharezone.com 4
  5. 5. Servlet Filters By: SAURABH SHARMA | http://javazone.techsharezone.com 5
  6. 6. Security Use Case By: SAURABH SHARMA | http://javazone.techsharezone.com 6
  7. 7. Spring Security Setup • JARs • Schema By: SAURABH SHARMA | http://javazone.techsharezone.com 7
  8. 8. Basic Architecture By: SAURABH SHARMA | http://javazone.techsharezone.com 8
  9. 9. Configuration 1 • WEB-INF/web.xml Proxies requests to a bean with ID “springSecurityFilterChain” By: SAURABH SHARMA | http://javazone.techsharezone.com 9
  10. 10. Filter Proxy By: SAURABH SHARMA | http://javazone.techsharezone.com 10
  11. 11. FilterChainProxy (springSecurityFilterChain) Pseudocode By: SAURABH SHARMA | http://javazone.techsharezone.com 11
  12. 12. Unauthorized Request to Protect Resource By: SAURABH SHARMA | http://javazone.techsharezone.com 12
  13. 13. Configuration 2 • WEB-INF/spring-security.xml By: SAURABH SHARMA | http://javazone.techsharezone.com 13
  14. 14. Ant Patterns • Spring Security uses an “AntPathRequestMatcher” to determine if a URL matches the current URL. The following rules are used when matching: a.Query parameters are not included in the match. b.The contextPath is not included in the match. c.? Matches one character. d.* matches zero or more characters (not a directory delimiter i.e. /) e.**matches zero or more ‘directories’ in a path. By: SAURABH SHARMA | http://javazone.techsharezone.com 14
  15. 15. Ant patterns - Examples • Ant pattern examples that assume a context path of/messages By: SAURABH SHARMA | http://javazone.techsharezone.com 15
  16. 16. Cont… By: SAURABH SHARMA | http://javazone.techsharezone.com 16
  17. 17. Cont.. • Be careful when using pattern matching By: SAURABH SHARMA | http://javazone.techsharezone.com 17
  18. 18. Request log in page By: SAURABH SHARMA | http://javazone.techsharezone.com 18
  19. 19. Authenticating via username & password By: SAURABH SHARMA | http://javazone.techsharezone.com 19
  20. 20. By: SAURABH SHARMA | http://javazone.techsharezone.com 20

×