SlideShare una empresa de Scribd logo

Securing data instances with ERBAC

Descargar como ODP, PDF
K
kaosko

Security systems have traditionally had a high level of support for Role-Based Access Control (RBAC) but typically fail at providing more than programmatic checks for instance-level access control. Come and see how Entity-Relationship Based Access Control (ERBAC) allows you to declaratively secure instances of data by using their association with the currently executing subject. Kalle Korhonen will be presenting an overview of several add-on modules he's built on top of Apache Shiro to provide comprehensive security framework for modern web applications using Apache Tapestry 5 and JPA.

TecnologíaEstilo de vida
1 de 14
Securing data instances with ERBAC Kalle Korhonen tynamo.org - Apache Tapestry - Apache Shiro
Me and open source • Founder of Tynamo.org • a full web stack suite for Tapestry 5 • successor to Trails Framework, one of the original Ruby on Rails wannabes for Java • Committer to Apache Tapestry, Apache Shiro tynamo.org - Apache Tapestry - Apache Shiro
Tynamo.org • Some stats : • 5 active committers, 13 all time • similar in size with Apache Shiro • 22 individual modules + sub modules • tapestry-model the bread and butter: the most customizable CRUD framework for Java • recently more JPA modules tynamo.org - Apache Tapestry - Apache Shiro
Security related modules • tapestry-security, Apache Shiro integration for Tapestry 5 • tynamo-federatedaccounts, account federation with remote authentication providers (Facebook, Twitter, Google, LDAP, etc.) • tapestry-editablecontent, poor man's CMS, currently JPA only • - tynamo-federatedaccounts- rollingtokens, rememberme authentication based on rolling tokens tynamo.org - Apache Tapestry - Apache Shiro
tapestry-editablecontent tynamo.org - Apache Tapestry - Apache Shiro
tynamo-federatedaccounts • Oauth: Facebook, Twitter, ... • OpenID • Not protocol specific public static void bind(ServiceBinder binder) { binder.bind(FederatedAccountService.class, DefaultHibernateFederatedAccountServiceImpl.class); } public static void contributeFederatedAccountService(MappedConfiguration<String, Object> configuration) { configuration.add("*", User.class); configuration.add("facebook.id", "facebookId"); } public static void contributeApplicationDefaults(MappedConfiguration<String, String> configuration) { configuration.add(FacebookRealm.FACEBOOK_CLIENTID, "<client id>"); configuration.add(FacebookRealm.FACEBOOK_CLIENTSECRET, "<client secret>"); } tynamo.org - Apache Tapestry - Apache Shiro
tapestry-security • started out as a thin layer • replaced (Ini)ShiroFilter • replaced ini configuration with Tapestry's all-in-java contributions • replaced shiro's built-in filters with our own base classes • proving ground for new stuff (e.g. logical operator first existed in tapestry-security) tynamo.org - Apache Tapestry - Apache Shiro
Security check points • secure views (url-based, annotations) • secure method invocations (role- type) • secure data - how? • how do I declare that user can only edit his profile? tynamo.org - Apache Tapestry - Apache Shiro
Current approach.. @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); info.addStringPermission("account:update:1"); } // page template... <t:security.haspermission permission="editEntityPermission"> ... </t:security> // page class (controller) public String getEditEntityPermission() { return "account:edit:" + entityId; } tynamo.org - Apache Tapestry - Apache Shiro
What if you could just do.. @Entity @RequiresAssociation(value = "owner", operations = Operation.UPDATE) public class Account { @OneToOne private User owner; } tynamo.org - Apache Tapestry - Apache Shiro
ERBAC • Entity-Relationship Based Access Control • Initial concept 5 years ago with Hibernate ! • find out how the data is associated with the currently executing subject • secure entities with annotations • role-based security is easy • allow limiting scope to a specific CRUD operation (CREATE, READ, UPDATE, DELETE) tynamo.org - Apache Tapestry - Apache Shiro
EntityManager operations • SecureEntityManager used automatically when Subject is bound • find -> READ (separate service for lists) • merge (INSERT if doesn't exist) • persist (update -> remove + insert) • remove • create*query() operations are unprotected • takes care of 80% of instance security needs tynamo.org - Apache Tapestry - Apache Shiro
What next? • same model would work for Hibernate, JDO.. • push to Shiro? • at least annotations ... anything more is difficult because Shiro is persistence agnostic tynamo.org - Apache Tapestry - Apache Shiro
Thank you! For more information, visit : http://tynamo.org/tapestry- security-jpa+guide What do You think? tynamo.org - Apache Tapestry - Apache Shiro

Recomendados

Now That's What I Call WordPress Security 2010
Now That's What I Call WordPress Security 2010Now That's What I Call WordPress Security 2010
Now That's What I Call WordPress Security 2010Brad Williams
 
Building A Poor man’s Fir3Ey3 Mail Scanner
Building A Poor man’s Fir3Ey3 Mail ScannerBuilding A Poor man’s Fir3Ey3 Mail Scanner
Building A Poor man’s Fir3Ey3 Mail ScannerXavier Mertens
 
WordPress Security Implementation Guideline - Presentation for OWASP Romania ...
WordPress Security Implementation Guideline - Presentation for OWASP Romania ...WordPress Security Implementation Guideline - Presentation for OWASP Romania ...
WordPress Security Implementation Guideline - Presentation for OWASP Romania ...Dan Vasile
 
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Vasile
 
Webscraping with asyncio
Webscraping with asyncioWebscraping with asyncio
Webscraping with asyncioJose Manuel Ortega Candel
 
IIS Tilde Enumeration Vulnerability
IIS Tilde Enumeration VulnerabilityIIS Tilde Enumeration Vulnerability
IIS Tilde Enumeration VulnerabilityMicah Hoffman
 
OSINT tools for security auditing with python
OSINT tools for security auditing with pythonOSINT tools for security auditing with python
OSINT tools for security auditing with pythonJose Manuel Ortega Candel
 
La cartographie indoor sur OpenStreetMap
La cartographie indoor sur OpenStreetMapLa cartographie indoor sur OpenStreetMap
La cartographie indoor sur OpenStreetMapAntoine Riche
 

Recomendados

Now That's What I Call WordPress Security 2010
Now That's What I Call WordPress Security 2010Now That's What I Call WordPress Security 2010
Now That's What I Call WordPress Security 2010Brad Williams
 
Building A Poor man’s Fir3Ey3 Mail Scanner
Building A Poor man’s Fir3Ey3 Mail ScannerBuilding A Poor man’s Fir3Ey3 Mail Scanner
Building A Poor man’s Fir3Ey3 Mail ScannerXavier Mertens
 
WordPress Security Implementation Guideline - Presentation for OWASP Romania ...
WordPress Security Implementation Guideline - Presentation for OWASP Romania ...WordPress Security Implementation Guideline - Presentation for OWASP Romania ...
WordPress Security Implementation Guideline - Presentation for OWASP Romania ...Dan Vasile
 
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Vasile
 
Webscraping with asyncio
Webscraping with asyncioWebscraping with asyncio
Webscraping with asyncioJose Manuel Ortega Candel
 
IIS Tilde Enumeration Vulnerability
IIS Tilde Enumeration VulnerabilityIIS Tilde Enumeration Vulnerability
IIS Tilde Enumeration VulnerabilityMicah Hoffman
 
OSINT tools for security auditing with python
OSINT tools for security auditing with pythonOSINT tools for security auditing with python
OSINT tools for security auditing with pythonJose Manuel Ortega Candel
 
La cartographie indoor sur OpenStreetMap
La cartographie indoor sur OpenStreetMapLa cartographie indoor sur OpenStreetMap
La cartographie indoor sur OpenStreetMapAntoine Riche
 
Building Deep Learning Applications with TensorFlow and Amazon SageMaker
Building Deep Learning Applications with TensorFlow and Amazon SageMakerBuilding Deep Learning Applications with TensorFlow and Amazon SageMaker
Building Deep Learning Applications with TensorFlow and Amazon SageMakerAmazon Web Services
 
AWS Machine Learning Week SF: Amazon SageMaker & TensorFlow
AWS Machine Learning Week SF: Amazon SageMaker & TensorFlowAWS Machine Learning Week SF: Amazon SageMaker & TensorFlow
AWS Machine Learning Week SF: Amazon SageMaker & TensorFlowAmazon Web Services
 
Build Deep Learning Applications with TensorFlow & SageMaker
Build Deep Learning Applications with TensorFlow & SageMakerBuild Deep Learning Applications with TensorFlow & SageMaker
Build Deep Learning Applications with TensorFlow & SageMakerAmazon Web Services
 
Build Deep Learning Applications with TensorFlow & SageMaker: Machine Learnin...
Build Deep Learning Applications with TensorFlow & SageMaker: Machine Learnin...Build Deep Learning Applications with TensorFlow & SageMaker: Machine Learnin...
Build Deep Learning Applications with TensorFlow & SageMaker: Machine Learnin...Amazon Web Services
 
Build Deep Learning Applications with TensorFlow and Amazon SageMaker
Build Deep Learning Applications with TensorFlow and Amazon SageMakerBuild Deep Learning Applications with TensorFlow and Amazon SageMaker
Build Deep Learning Applications with TensorFlow and Amazon SageMakerAmazon Web Services
 
Workshop: Build Deep Learning Applications with TensorFlow and SageMaker
Workshop: Build Deep Learning Applications with TensorFlow and SageMakerWorkshop: Build Deep Learning Applications with TensorFlow and SageMaker
Workshop: Build Deep Learning Applications with TensorFlow and SageMakerAmazon Web Services
 
Joomla plugin & module develpment - Presented at Sydney JUG 09/04/2013
Joomla plugin & module develpment - Presented at Sydney JUG 09/04/2013Joomla plugin & module develpment - Presented at Sydney JUG 09/04/2013
Joomla plugin & module develpment - Presented at Sydney JUG 09/04/2013Tim Plummer
 
Django Overview
Django OverviewDjango Overview
Django OverviewBrian Tol
 
Django deployment with PaaS
Django deployment with PaaSDjango deployment with PaaS
Django deployment with PaaSAppsembler
 
Tajo Seoul Meetup-201501
Tajo Seoul Meetup-201501Tajo Seoul Meetup-201501
Tajo Seoul Meetup-201501Jinho Kim
 
HIPAA Compliant Deployment of Apache Spark on AWS for Healthcare Nitin Panjwa...
HIPAA Compliant Deployment of Apache Spark on AWS for Healthcare Nitin Panjwa...HIPAA Compliant Deployment of Apache Spark on AWS for Healthcare Nitin Panjwa...
HIPAA Compliant Deployment of Apache Spark on AWS for Healthcare Nitin Panjwa...Databricks
 
End-to-end Data Governance with Apache Avro and Atlas
End-to-end Data Governance with Apache Avro and AtlasEnd-to-end Data Governance with Apache Avro and Atlas
End-to-end Data Governance with Apache Avro and AtlasDataWorks Summit
 
Apache Eagle: Secure Hadoop in Real Time
Apache Eagle: Secure Hadoop in Real TimeApache Eagle: Secure Hadoop in Real Time
Apache Eagle: Secure Hadoop in Real TimeDataWorks Summit/Hadoop Summit
 
Apache Eagle at Hadoop Summit 2016 San Jose
Apache Eagle at Hadoop Summit 2016 San JoseApache Eagle at Hadoop Summit 2016 San Jose
Apache Eagle at Hadoop Summit 2016 San JoseHao Chen
 
Workshop: Big Data Visualization for Security
Workshop: Big Data Visualization for SecurityWorkshop: Big Data Visualization for Security
Workshop: Big Data Visualization for SecurityRaffael Marty
 
Robert Meyer- pypet
Robert Meyer- pypetRobert Meyer- pypet
Robert Meyer- pypetPyData
 
PyFilesystem
PyFilesystemPyFilesystem
PyFilesystemAndreas Jung
 
Introduction to Apache NiFi 1.11.4
Introduction to Apache NiFi 1.11.4Introduction to Apache NiFi 1.11.4
Introduction to Apache NiFi 1.11.4Timothy Spann
 
DSpace 4.2 Transmission: Import/Export
DSpace 4.2 Transmission: Import/ExportDSpace 4.2 Transmission: Import/Export
DSpace 4.2 Transmission: Import/ExportDuraSpace
 
Lares from LOW to PWNED
Lares from LOW to PWNEDLares from LOW to PWNED
Lares from LOW to PWNEDChris Gates
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 

Más contenido relacionado

Similar a Securing data instances with ERBAC

Building Deep Learning Applications with TensorFlow and Amazon SageMaker
Building Deep Learning Applications with TensorFlow and Amazon SageMakerBuilding Deep Learning Applications with TensorFlow and Amazon SageMaker
Building Deep Learning Applications with TensorFlow and Amazon SageMakerAmazon Web Services
 
AWS Machine Learning Week SF: Amazon SageMaker & TensorFlow
AWS Machine Learning Week SF: Amazon SageMaker & TensorFlowAWS Machine Learning Week SF: Amazon SageMaker & TensorFlow
AWS Machine Learning Week SF: Amazon SageMaker & TensorFlowAmazon Web Services
 
Build Deep Learning Applications with TensorFlow & SageMaker
Build Deep Learning Applications with TensorFlow & SageMakerBuild Deep Learning Applications with TensorFlow & SageMaker
Build Deep Learning Applications with TensorFlow & SageMakerAmazon Web Services
 
Build Deep Learning Applications with TensorFlow & SageMaker: Machine Learnin...
Build Deep Learning Applications with TensorFlow & SageMaker: Machine Learnin...Build Deep Learning Applications with TensorFlow & SageMaker: Machine Learnin...
Build Deep Learning Applications with TensorFlow & SageMaker: Machine Learnin...Amazon Web Services
 
Build Deep Learning Applications with TensorFlow and Amazon SageMaker
Build Deep Learning Applications with TensorFlow and Amazon SageMakerBuild Deep Learning Applications with TensorFlow and Amazon SageMaker
Build Deep Learning Applications with TensorFlow and Amazon SageMakerAmazon Web Services
 
Workshop: Build Deep Learning Applications with TensorFlow and SageMaker
Workshop: Build Deep Learning Applications with TensorFlow and SageMakerWorkshop: Build Deep Learning Applications with TensorFlow and SageMaker
Workshop: Build Deep Learning Applications with TensorFlow and SageMakerAmazon Web Services
 
Joomla plugin & module develpment - Presented at Sydney JUG 09/04/2013
Joomla plugin & module develpment - Presented at Sydney JUG 09/04/2013Joomla plugin & module develpment - Presented at Sydney JUG 09/04/2013
Joomla plugin & module develpment - Presented at Sydney JUG 09/04/2013Tim Plummer
 
Django Overview
Django OverviewDjango Overview
Django OverviewBrian Tol
 
Django deployment with PaaS
Django deployment with PaaSDjango deployment with PaaS
Django deployment with PaaSAppsembler
 
Tajo Seoul Meetup-201501
Tajo Seoul Meetup-201501Tajo Seoul Meetup-201501
Tajo Seoul Meetup-201501Jinho Kim
 
HIPAA Compliant Deployment of Apache Spark on AWS for Healthcare Nitin Panjwa...
HIPAA Compliant Deployment of Apache Spark on AWS for Healthcare Nitin Panjwa...HIPAA Compliant Deployment of Apache Spark on AWS for Healthcare Nitin Panjwa...
HIPAA Compliant Deployment of Apache Spark on AWS for Healthcare Nitin Panjwa...Databricks
 
End-to-end Data Governance with Apache Avro and Atlas
End-to-end Data Governance with Apache Avro and AtlasEnd-to-end Data Governance with Apache Avro and Atlas
End-to-end Data Governance with Apache Avro and AtlasDataWorks Summit
 
Apache Eagle at Hadoop Summit 2016 San Jose
Apache Eagle at Hadoop Summit 2016 San JoseApache Eagle at Hadoop Summit 2016 San Jose
Apache Eagle at Hadoop Summit 2016 San JoseHao Chen
 
Workshop: Big Data Visualization for Security
Workshop: Big Data Visualization for SecurityWorkshop: Big Data Visualization for Security
Workshop: Big Data Visualization for SecurityRaffael Marty
 
Robert Meyer- pypet
Robert Meyer- pypetRobert Meyer- pypet
Robert Meyer- pypetPyData
 
Introduction to Apache NiFi 1.11.4
Introduction to Apache NiFi 1.11.4Introduction to Apache NiFi 1.11.4
Introduction to Apache NiFi 1.11.4Timothy Spann
 
DSpace 4.2 Transmission: Import/Export
DSpace 4.2 Transmission: Import/ExportDSpace 4.2 Transmission: Import/Export
DSpace 4.2 Transmission: Import/ExportDuraSpace
 
Lares from LOW to PWNED
Lares from LOW to PWNEDLares from LOW to PWNED
Lares from LOW to PWNEDChris Gates
 

Similar a Securing data instances with ERBAC (20)

Building Deep Learning Applications with TensorFlow and Amazon SageMaker
Building Deep Learning Applications with TensorFlow and Amazon SageMakerBuilding Deep Learning Applications with TensorFlow and Amazon SageMaker
Building Deep Learning Applications with TensorFlow and Amazon SageMaker
 
AWS Machine Learning Week SF: Amazon SageMaker & TensorFlow
AWS Machine Learning Week SF: Amazon SageMaker & TensorFlowAWS Machine Learning Week SF: Amazon SageMaker & TensorFlow
AWS Machine Learning Week SF: Amazon SageMaker & TensorFlow
 
Build Deep Learning Applications with TensorFlow & SageMaker
Build Deep Learning Applications with TensorFlow & SageMakerBuild Deep Learning Applications with TensorFlow & SageMaker
Build Deep Learning Applications with TensorFlow & SageMaker
 
Build Deep Learning Applications with TensorFlow & SageMaker: Machine Learnin...
Build Deep Learning Applications with TensorFlow & SageMaker: Machine Learnin...Build Deep Learning Applications with TensorFlow & SageMaker: Machine Learnin...
Build Deep Learning Applications with TensorFlow & SageMaker: Machine Learnin...
 
Build Deep Learning Applications with TensorFlow and Amazon SageMaker
Build Deep Learning Applications with TensorFlow and Amazon SageMakerBuild Deep Learning Applications with TensorFlow and Amazon SageMaker
Build Deep Learning Applications with TensorFlow and Amazon SageMaker
 
Workshop: Build Deep Learning Applications with TensorFlow and SageMaker
Workshop: Build Deep Learning Applications with TensorFlow and SageMakerWorkshop: Build Deep Learning Applications with TensorFlow and SageMaker
Workshop: Build Deep Learning Applications with TensorFlow and SageMaker
 
Joomla plugin & module develpment - Presented at Sydney JUG 09/04/2013
Joomla plugin & module develpment - Presented at Sydney JUG 09/04/2013Joomla plugin & module develpment - Presented at Sydney JUG 09/04/2013
Joomla plugin & module develpment - Presented at Sydney JUG 09/04/2013
 
Django Overview
Django OverviewDjango Overview
Django Overview
 
Django deployment with PaaS
Django deployment with PaaSDjango deployment with PaaS
Django deployment with PaaS
 
Tajo Seoul Meetup-201501
Tajo Seoul Meetup-201501Tajo Seoul Meetup-201501
Tajo Seoul Meetup-201501
 
HIPAA Compliant Deployment of Apache Spark on AWS for Healthcare Nitin Panjwa...
HIPAA Compliant Deployment of Apache Spark on AWS for Healthcare Nitin Panjwa...HIPAA Compliant Deployment of Apache Spark on AWS for Healthcare Nitin Panjwa...
HIPAA Compliant Deployment of Apache Spark on AWS for Healthcare Nitin Panjwa...
 
End-to-end Data Governance with Apache Avro and Atlas
End-to-end Data Governance with Apache Avro and AtlasEnd-to-end Data Governance with Apache Avro and Atlas
End-to-end Data Governance with Apache Avro and Atlas
 
Apache Eagle: Secure Hadoop in Real Time
Apache Eagle: Secure Hadoop in Real TimeApache Eagle: Secure Hadoop in Real Time
Apache Eagle: Secure Hadoop in Real Time
 
Apache Eagle at Hadoop Summit 2016 San Jose
Apache Eagle at Hadoop Summit 2016 San JoseApache Eagle at Hadoop Summit 2016 San Jose
Apache Eagle at Hadoop Summit 2016 San Jose
 
Workshop: Big Data Visualization for Security
Workshop: Big Data Visualization for SecurityWorkshop: Big Data Visualization for Security
Workshop: Big Data Visualization for Security
 
Robert Meyer- pypet
Robert Meyer- pypetRobert Meyer- pypet
Robert Meyer- pypet
 
PyFilesystem
PyFilesystemPyFilesystem
PyFilesystem
 
Introduction to Apache NiFi 1.11.4
Introduction to Apache NiFi 1.11.4Introduction to Apache NiFi 1.11.4
Introduction to Apache NiFi 1.11.4
 
DSpace 4.2 Transmission: Import/Export
DSpace 4.2 Transmission: Import/ExportDSpace 4.2 Transmission: Import/Export
DSpace 4.2 Transmission: Import/Export
 
Lares from LOW to PWNED
Lares from LOW to PWNEDLares from LOW to PWNED
Lares from LOW to PWNED
 

Último

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

Último (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

Securing data instances with ERBAC

  • 1. Securing data instances with ERBAC Kalle Korhonen tynamo.org - Apache Tapestry - Apache Shiro
  • 2. Me and open source • Founder of Tynamo.org • a full web stack suite for Tapestry 5 • successor to Trails Framework, one of the original Ruby on Rails wannabes for Java • Committer to Apache Tapestry, Apache Shiro tynamo.org - Apache Tapestry - Apache Shiro
  • 3. Tynamo.org • Some stats : • 5 active committers, 13 all time • similar in size with Apache Shiro • 22 individual modules + sub modules • tapestry-model the bread and butter: the most customizable CRUD framework for Java • recently more JPA modules tynamo.org - Apache Tapestry - Apache Shiro
  • 4. Security related modules • tapestry-security, Apache Shiro integration for Tapestry 5 • tynamo-federatedaccounts, account federation with remote authentication providers (Facebook, Twitter, Google, LDAP, etc.) • tapestry-editablecontent, poor man's CMS, currently JPA only • - tynamo-federatedaccounts- rollingtokens, rememberme authentication based on rolling tokens tynamo.org - Apache Tapestry - Apache Shiro
  • 5. tapestry-editablecontent tynamo.org - Apache Tapestry - Apache Shiro
  • 6. tynamo-federatedaccounts • Oauth: Facebook, Twitter, ... • OpenID • Not protocol specific public static void bind(ServiceBinder binder) { binder.bind(FederatedAccountService.class, DefaultHibernateFederatedAccountServiceImpl.class); } public static void contributeFederatedAccountService(MappedConfiguration<String, Object> configuration) { configuration.add("*", User.class); configuration.add("facebook.id", "facebookId"); } public static void contributeApplicationDefaults(MappedConfiguration<String, String> configuration) { configuration.add(FacebookRealm.FACEBOOK_CLIENTID, "<client id>"); configuration.add(FacebookRealm.FACEBOOK_CLIENTSECRET, "<client secret>"); } tynamo.org - Apache Tapestry - Apache Shiro
  • 7. tapestry-security • started out as a thin layer • replaced (Ini)ShiroFilter • replaced ini configuration with Tapestry's all-in-java contributions • replaced shiro's built-in filters with our own base classes • proving ground for new stuff (e.g. logical operator first existed in tapestry-security) tynamo.org - Apache Tapestry - Apache Shiro
  • 8. Security check points • secure views (url-based, annotations) • secure method invocations (role- type) • secure data - how? • how do I declare that user can only edit his profile? tynamo.org - Apache Tapestry - Apache Shiro
  • 9. Current approach.. @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); info.addStringPermission("account:update:1"); } // page template... <t:security.haspermission permission="editEntityPermission"> ... </t:security> // page class (controller) public String getEditEntityPermission() { return "account:edit:" + entityId; } tynamo.org - Apache Tapestry - Apache Shiro
  • 10. What if you could just do.. @Entity @RequiresAssociation(value = "owner", operations = Operation.UPDATE) public class Account { @OneToOne private User owner; } tynamo.org - Apache Tapestry - Apache Shiro
  • 11. ERBAC • Entity-Relationship Based Access Control • Initial concept 5 years ago with Hibernate ! • find out how the data is associated with the currently executing subject • secure entities with annotations • role-based security is easy • allow limiting scope to a specific CRUD operation (CREATE, READ, UPDATE, DELETE) tynamo.org - Apache Tapestry - Apache Shiro
  • 12. EntityManager operations • SecureEntityManager used automatically when Subject is bound • find -> READ (separate service for lists) • merge (INSERT if doesn't exist) • persist (update -> remove + insert) • remove • create*query() operations are unprotected • takes care of 80% of instance security needs tynamo.org - Apache Tapestry - Apache Shiro
  • 13. What next? • same model would work for Hibernate, JDO.. • push to Shiro? • at least annotations ... anything more is difficult because Shiro is persistence agnostic tynamo.org - Apache Tapestry - Apache Shiro
  • 14. Thank you! For more information, visit : http://tynamo.org/tapestry- security-jpa+guide What do You think? tynamo.org - Apache Tapestry - Apache Shiro