Upload
apextgi
View
229
Download
0
Embed Size (px)
Citation preview
8/11/2019 Winter internship in Spring Security at Apextgi.
http://slidepdf.com/reader/full/winter-internship-in-spring-security-at-apextgi 1/22
Apex T. G. India Pvt. Ltd
Spring SecuritySpring Framework
8/11/2019 Winter internship in Spring Security at Apextgi.
http://slidepdf.com/reader/full/winter-internship-in-spring-security-at-apextgi 2/22
1
Spring Security
Spring Security provides comprehensive security
services for Java EE!ased enterprise app"ications.
There is a particu"ar emphasis on supporting
pro#ects !ui"t using The Spring $rame%or&' %hich is
the "eading Java EE so"ution for enterprise soft%are
deve"opment no% days.
8/11/2019 Winter internship in Spring Security at Apextgi.
http://slidepdf.com/reader/full/winter-internship-in-spring-security-at-apextgi 3/22
1
Spring Security
Spring Security is a frame%or& that focuses on
providing !oth authentication and authori)ation to
Java app"ications. Li&e a"" Spring pro#ects' the rea"
po%er of Spring Security is found in ho% easi"y it
can !e extended to meet custom re*uirements.
8/11/2019 Winter internship in Spring Security at Apextgi.
http://slidepdf.com/reader/full/winter-internship-in-spring-security-at-apextgi 4/22
1
Spring Security $eatures +omprehensive and extensi!"e support for !oth
Authentication and Authori)ation.
At an authentication "eve"' Spring Security
supports a %ide range of authentication mode"s.
,ost of these authentication mode"s are either
provided !y third parties' or are deve"oped !y
re"evant standards !odies such as the Internet
Engineering Tas& $orce etc.
8/11/2019 Winter internship in Spring Security at Apextgi.
http://slidepdf.com/reader/full/winter-internship-in-spring-security-at-apextgi 5/22
1
Spring Security $eatures Spring Security provides its o%n set of
authentication features. It current"y supports
authentication integration %ith a "ot of
techno"ogies such as-
TTP /ASI+ authentication headers 0an IET$ $+
!ased standard2
TTP 3igest authentication headers 0an IET$ $+
!ased standard2
8/11/2019 Winter internship in Spring Security at Apextgi.
http://slidepdf.com/reader/full/winter-internship-in-spring-security-at-apextgi 6/22
1
Spring Security $eatures TTP 4.567 c"ient certi8cate exchange 0an IET$
$+!ased standard2
L3AP 0a very common approach to crossp"atform
authentication needs' especia""y in "arge
environments2
$orm!ased authentication 0for simp"e user
interface needs2
9penI3 authentication
8/11/2019 Winter internship in Spring Security at Apextgi.
http://slidepdf.com/reader/full/winter-internship-in-spring-security-at-apextgi 7/22
1
Spring Security $eatures Authentication !ased on preesta!"ished re*uest
headers 0such as +omputer Associates
Siteminder2
JASIG +entra" Authentication Service 0other%ise
&no%n as +AS' %hich is a popu"ar open source
sing"e signon system2
Transparent authentication context propagation for
emote ,ethod Invocation 0,I2 and ttpInvo&er
0a S rin remotin rotoco"2
8/11/2019 Winter internship in Spring Security at Apextgi.
http://slidepdf.com/reader/full/winter-internship-in-spring-security-at-apextgi 8/22
1
Spring Security $eatures Automatic :remem!erme: authentication 0so you
can tic& a !ox to avoid reauthentication for a
predetermined period of time2
Anonymous authentication 0a""o%ing every
unauthenticated ca"" to automatica""y assume a
particu"ar security identity2
unas authentication 0%hich is usefu" if one ca""
shou"d proceed %ith a di;erent security identity2
8/11/2019 Winter internship in Spring Security at Apextgi.
http://slidepdf.com/reader/full/winter-internship-in-spring-security-at-apextgi 9/22
1
Spring Security $eatures Java Authentication and Authori)ation Service
0JAAS2
JEE container autentication 0so you can sti"" use
+ontainer ,anaged Authentication if desired2
<er!eros
Java 9pen Source Sing"e Sign 9n 0J9SS92 =
9pen>,S >et%or& ,anagement P"atform =
8/11/2019 Winter internship in Spring Security at Apextgi.
http://slidepdf.com/reader/full/winter-internship-in-spring-security-at-apextgi 10/22
1
Spring Security $eatures App$use =
Andro,3A =
,u"e ES/ =
3irect ?e! e*uest 03?2 =
Grai"s = Tapestry =
8/11/2019 Winter internship in Spring Security at Apextgi.
http://slidepdf.com/reader/full/winter-internship-in-spring-security-at-apextgi 11/22
1
Spring Security $eatures JTrac =
Jasypt =
o""er =
E"astic Path =
At"assian +ro%d =
8/11/2019 Winter internship in Spring Security at Apextgi.
http://slidepdf.com/reader/full/winter-internship-in-spring-security-at-apextgi 12/22
1
Spring Security $eatures Protection against attac&s "i&e session 8xation'
c"ic&#ac&ing' cross site re*uest forgery' etc
Serv"et API integration
9ptiona" integration %ith Spring ?e! ,@+
8/11/2019 Winter internship in Spring Security at Apextgi.
http://slidepdf.com/reader/full/winter-internship-in-spring-security-at-apextgi 13/22
1
Spring Security Jars+ore springsecuritycore.#ar
+ontains core authentication and accessconto"
c"asses and interfaces' remoting support and !asic
provisioning APIs. e*uired !y any app"ication
%hich uses Spring Security. Supports standa"one
app"ications' remote c"ients' method 0service
"ayer2 security and J3/+ user provisioning.
+ontains the top"eve" pac&ages-
8/11/2019 Winter internship in Spring Security at Apextgi.
http://slidepdf.com/reader/full/winter-internship-in-spring-security-at-apextgi 14/22
1
Spring Security Jars org.springframe%or&.security.core
org.springframe%or&.security.access
org.springframe%or&.security.authentication
org.springframe%or&.security.provisioning
8/11/2019 Winter internship in Spring Security at Apextgi.
http://slidepdf.com/reader/full/winter-internship-in-spring-security-at-apextgi 15/22
1
Spring Security Jars
emoting springsecurityremoting.#ar
Provides intergration %ith Spring emoting. ou
donBt need this un"ess you are %riting a remote
c"ient %hich uses Spring emoting. The main
pac&age is org.springframe%or&.security.remoting.
8/11/2019 Winter internship in Spring Security at Apextgi.
http://slidepdf.com/reader/full/winter-internship-in-spring-security-at-apextgi 16/22
1
Spring Security Jars?e! springsecurity%e!.#ar
+ontains 8"ters and re"ated %e!security
infrastructure code. Anything %ith a serv"et API
dependency. ouB"" need it if you re*uire Spring
Security %e! authentication services and CL
!ased accesscontro". The main pac&age
is org.springframe%or&.security.%e!.
8/11/2019 Winter internship in Spring Security at Apextgi.
http://slidepdf.com/reader/full/winter-internship-in-spring-security-at-apextgi 17/22
1
Spring Security Jars
+on8g springsecuritycon8g.#ar
+ontains the security namespace parsing code.
ou need it if you are using the Spring Security
4,L namespace for con8guration. The main
pac&age isorg.springframe%or&.security.con8g.
>one of the c"asses are intended for direct use in
8/11/2019 Winter internship in Spring Security at Apextgi.
http://slidepdf.com/reader/full/winter-internship-in-spring-security-at-apextgi 18/22
1
Spring Security Jars
L3AP springsecurity"dap.#ar
L3AP authentication and provisioning code.
e*uired if you need to use L3AP authentication or
manage L3AP user entries. The top"eve" pac&age
isorg.springframe%or&.security."dap.
8/11/2019 Winter internship in Spring Security at Apextgi.
http://slidepdf.com/reader/full/winter-internship-in-spring-security-at-apextgi 19/22
1
Spring Security Jars
A+L springsecurityac".#ar
Specia"i)ed domain o!#ect A+L imp"ementation.
Csed to app"y security to speci8c domain o!#ect
instances %ithin your app"ication. The top"eve"
pac&age is org.springframe%or&.security.ac"s.
8/11/2019 Winter internship in Spring Security at Apextgi.
http://slidepdf.com/reader/full/winter-internship-in-spring-security-at-apextgi 20/22
1
Spring Security Jars
+AS springsecuritycas.#ar
Spring SecurityBs +AS c"ient integration. If you
%ant to use Spring Security %e! authentication
%ith a +AS sing"e signon server. The top"eve"
pac&age is org.springframe%or&.security.cas.
8/11/2019 Winter internship in Spring Security at Apextgi.
http://slidepdf.com/reader/full/winter-internship-in-spring-security-at-apextgi 21/22
1
Spring Security Jars
9penI3 springsecurityopenid.#ar
9penI3 %e! authentication support. Csed to
authenticate users against an externa" 9penI3
server. org.springframe%or&.security.openid.
e*uires 9penI3DJava.
8/11/2019 Winter internship in Spring Security at Apextgi.
http://slidepdf.com/reader/full/winter-internship-in-spring-security-at-apextgi 22/22
Thanks
facebook.com/apex.tgi
twitter.com/ApextgiNoida
pinterest.com/apextgi
Stay Connected with us for more chapters on JAVA