Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Spring Security Patterns

SpringOne 2020
Spring Security Patterns

Josh Cummings, Software Engineer at VMware
Eleftheria Stein, Software Engineer at VMware

  • Sé el primero en comentar

  • Sé el primero en recomendar esto

Spring Security Patterns

  1. 1. Spring Security Patterns September 2–3, 2020 springone.io Ria Stein – Spring Security Maintainer Josh Cummings – Spring Security Maintainer – @jzheaux
  2. 2. Secure by Default PG application.properties App H2 App App H2 application-prod.properties PG App application.properties application-dev.properties
  3. 3. Principle of Least Privilege Username: Forgot Password jzheaux OK Sorry, we don’t recognize that username Username: Forgot Password jzheaux OK If that username exists, we’ve just sent an email
  4. 4. Request Thread Local try { SecurityContext ctx = lookup(request); SecurityContextHolder.setContext(ctx); chain.doFilter(request, response); } finally { SecurityContextHolder.clearContext() } public void serviceLayerMethod() { var ctx = SecurityContextHolder.getContext(); } Stores data in a ThreadLocal so only visible to this thread Clears data so ThreadLocal can be used for next request Now data can be retrieved at the service layer ForReactiveapps,use theReactorContext insteadofThreadLocals
  5. 5. Composition registration.html <div class=“registration-banner”> <button class=“registration-button”> Register Now </button> </div> <div> <span>Welcome to our talk!</span> <registration/> </div> homepage.html
  6. 6. Stay Connected. And be secure. https://github.com/spring-projects/spring-security https://github.com/jzheaux/springone2020 #springone@s1p

×