1 / 16

Spring security 3

Spring security 3. Maksym Titov 27.4.2011. Why Spring Security?. Popularity, Features. Three easy steps. XML configuration file DelegatingFilterProxy to web.xml XML configuration reference to web.xml. Filter chain. User experience. Customization. Password change management.

hoyt-ramirez
Télécharger la présentation

Spring security 3

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Spring security 3 Maksym Titov 27.4.2011

  2. Why Spring Security? Popularity, Features

  3. Three easy steps XML configuration file DelegatingFilterProxy to web.xml XML configuration reference to web.xml

  4. Filter chain

  5. User experience Customization

  6. Password change management • InMemoryDaoImpl • Configuration • Page • Controller

  7. Securing Credential Storage Database

  8. Advanced configuration of JdbcDaoImpl User groups Legacy schema

  9. Secure passwords Encoding, salt

  10. ‘Remember me’ Safe, but be careful

  11. SSL Transport layer security

  12. Business layer security public interface IUserService { @PreAuthorize("hasRole('ROLE_USER')") public void changePassword(String username, String password); } • @PreAuthorize • JSR-250 compliant rules • @Secured • Aspect Oriented Programming Conditional rendering

  13. Internal customization SECURITY FILTER AUTHENTICATION PROVIDER

  14. Session management and concurrency Session fixation Concurrent session control

  15. Exception handling <http auto-config="true" ...> <access-denied-handler error-page = "/accessDenied.do"/> </http> AuthenticationException AccessDeniedException

  16. External security systems Active directory OpenId LDAP

More Related