Enviar búsqueda
Cargar
Spring security 3
•
Descargar como PPTX, PDF
•
1 recomendación
•
804 vistas
IT Weekend
Seguir
by Maksym Titov
Leer menos
Leer más
Tecnología
Denunciar
Compartir
Denunciar
Compartir
1 de 16
Descargar ahora
Recomendados
Secure Middleware with JBoss AS 5
Secure Middleware with JBoss AS 5
Anil Saldanha
Physical Access Control and Identity Management
Physical Access Control and Identity Management
Mayank Jain
Pattern For Ws Security
Pattern For Ws Security
Gianfranco Conti
Distributed cache service
Distributed cache service
prajeeshprathap
Chapter (2) 2
Chapter (2) 2
YA11
Jsug 20160422 slides
Jsug 20160422 slides
Yuichi Hasegawa
Spring Security
Spring Security
Boy Tech
Spring Day 2016 - Web API アクセス制御の最適解
Spring Day 2016 - Web API アクセス制御の最適解
都元ダイスケ Miyamoto
Recomendados
Secure Middleware with JBoss AS 5
Secure Middleware with JBoss AS 5
Anil Saldanha
Physical Access Control and Identity Management
Physical Access Control and Identity Management
Mayank Jain
Pattern For Ws Security
Pattern For Ws Security
Gianfranco Conti
Distributed cache service
Distributed cache service
prajeeshprathap
Chapter (2) 2
Chapter (2) 2
YA11
Jsug 20160422 slides
Jsug 20160422 slides
Yuichi Hasegawa
Spring Security
Spring Security
Boy Tech
Spring Day 2016 - Web API アクセス制御の最適解
Spring Day 2016 - Web API アクセス制御の最適解
都元ダイスケ Miyamoto
ASP.NET Web Security
ASP.NET Web Security
SharePointRadi
Spring Security.ppt
Spring Security.ppt
Patiento Del Mar
SqlSa94
SqlSa94
Gabriel Villa
Security As A Service
Security As A Service
guest536dd0e
Java secure development part 3
Java secure development part 3
Rafel Ivgi
Securing you SQL Server - Denver, RMTT
Securing you SQL Server - Denver, RMTT
Gabriel Villa
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
Risk Analysis Consultants, s.r.o.
Java EE Web Security By Example: Frank Kim
Java EE Web Security By Example: Frank Kim
jaxconf
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...
IBM Danmark
Java Web Programming [9/9] : Web Application Security
Java Web Programming [9/9] : Web Application Security
IMC Institute
Spring Framework - Spring Security
Spring Framework - Spring Security
Dzmitry Naskou
Positive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-rays
qqlan
Fortress SQL Server
Fortress SQL Server
webhostingguy
Database Systems Security
Database Systems Security
amiable_indian
The hidden gems of Spring Security
The hidden gems of Spring Security
Massimiliano Dessì
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...
Amazon Web Services
Utilize the Full Power of GlassFish Server and Java EE Security
Utilize the Full Power of GlassFish Server and Java EE Security
Masoud Kalali
Spring Security 3
Spring Security 3
Jason Ferguson
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
MongoDB
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management Program
BeyondTrust
Quality attributes testing. From Architecture to test acceptance
Quality attributes testing. From Architecture to test acceptance
IT Weekend
Mobile development for JavaScript developer
Mobile development for JavaScript developer
IT Weekend
Más contenido relacionado
Similar a Spring security 3
ASP.NET Web Security
ASP.NET Web Security
SharePointRadi
Spring Security.ppt
Spring Security.ppt
Patiento Del Mar
SqlSa94
SqlSa94
Gabriel Villa
Security As A Service
Security As A Service
guest536dd0e
Java secure development part 3
Java secure development part 3
Rafel Ivgi
Securing you SQL Server - Denver, RMTT
Securing you SQL Server - Denver, RMTT
Gabriel Villa
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
Risk Analysis Consultants, s.r.o.
Java EE Web Security By Example: Frank Kim
Java EE Web Security By Example: Frank Kim
jaxconf
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...
IBM Danmark
Java Web Programming [9/9] : Web Application Security
Java Web Programming [9/9] : Web Application Security
IMC Institute
Spring Framework - Spring Security
Spring Framework - Spring Security
Dzmitry Naskou
Positive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-rays
qqlan
Fortress SQL Server
Fortress SQL Server
webhostingguy
Database Systems Security
Database Systems Security
amiable_indian
The hidden gems of Spring Security
The hidden gems of Spring Security
Massimiliano Dessì
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...
Amazon Web Services
Utilize the Full Power of GlassFish Server and Java EE Security
Utilize the Full Power of GlassFish Server and Java EE Security
Masoud Kalali
Spring Security 3
Spring Security 3
Jason Ferguson
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
MongoDB
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management Program
BeyondTrust
Similar a Spring security 3
(20)
ASP.NET Web Security
ASP.NET Web Security
Spring Security.ppt
Spring Security.ppt
SqlSa94
SqlSa94
Security As A Service
Security As A Service
Java secure development part 3
Java secure development part 3
Securing you SQL Server - Denver, RMTT
Securing you SQL Server - Denver, RMTT
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
Java EE Web Security By Example: Frank Kim
Java EE Web Security By Example: Frank Kim
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...
Java Web Programming [9/9] : Web Application Security
Java Web Programming [9/9] : Web Application Security
Spring Framework - Spring Security
Spring Framework - Spring Security
Positive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-rays
Fortress SQL Server
Fortress SQL Server
Database Systems Security
Database Systems Security
The hidden gems of Spring Security
The hidden gems of Spring Security
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...
Utilize the Full Power of GlassFish Server and Java EE Security
Utilize the Full Power of GlassFish Server and Java EE Security
Spring Security 3
Spring Security 3
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management Program
Más de IT Weekend
Quality attributes testing. From Architecture to test acceptance
Quality attributes testing. From Architecture to test acceptance
IT Weekend
Mobile development for JavaScript developer
Mobile development for JavaScript developer
IT Weekend
Building an Innovation & Strategy Process
Building an Innovation & Strategy Process
IT Weekend
IT Professionals – The Right Time/The Right Place
IT Professionals – The Right Time/The Right Place
IT Weekend
Building a Data Driven Organization
Building a Data Driven Organization
IT Weekend
7 Tools for the Product Owner
7 Tools for the Product Owner
IT Weekend
Hacking your Doorbell
Hacking your Doorbell
IT Weekend
An era of possibilities, a window in time
An era of possibilities, a window in time
IT Weekend
Web services automation from sketch
Web services automation from sketch
IT Weekend
Why Ruby?
Why Ruby?
IT Weekend
REST that won't make you cry
REST that won't make you cry
IT Weekend
Как договариваться с начальником и заказчиком: выбираем нужный протокол общения
Как договариваться с начальником и заказчиком: выбираем нужный протокол общения
IT Weekend
Обзор программы SAP HANA Startup Focus
Обзор программы SAP HANA Startup Focus
IT Weekend
World of Agile: Kanban
World of Agile: Kanban
IT Weekend
Risk Management
Risk Management
IT Weekend
«Spring Integration as Integration Patterns Provider»
«Spring Integration as Integration Patterns Provider»
IT Weekend
Cutting edge of Machine Learning
Cutting edge of Machine Learning
IT Weekend
Parallel Programming In Modern World .NET Technics
Parallel Programming In Modern World .NET Technics
IT Weekend
Parallel programming in modern world .net technics shared
Parallel programming in modern world .net technics shared
IT Weekend
Maximize Effectiveness of Human Capital
Maximize Effectiveness of Human Capital
IT Weekend
Más de IT Weekend
(20)
Quality attributes testing. From Architecture to test acceptance
Quality attributes testing. From Architecture to test acceptance
Mobile development for JavaScript developer
Mobile development for JavaScript developer
Building an Innovation & Strategy Process
Building an Innovation & Strategy Process
IT Professionals – The Right Time/The Right Place
IT Professionals – The Right Time/The Right Place
Building a Data Driven Organization
Building a Data Driven Organization
7 Tools for the Product Owner
7 Tools for the Product Owner
Hacking your Doorbell
Hacking your Doorbell
An era of possibilities, a window in time
An era of possibilities, a window in time
Web services automation from sketch
Web services automation from sketch
Why Ruby?
Why Ruby?
REST that won't make you cry
REST that won't make you cry
Как договариваться с начальником и заказчиком: выбираем нужный протокол общения
Как договариваться с начальником и заказчиком: выбираем нужный протокол общения
Обзор программы SAP HANA Startup Focus
Обзор программы SAP HANA Startup Focus
World of Agile: Kanban
World of Agile: Kanban
Risk Management
Risk Management
«Spring Integration as Integration Patterns Provider»
«Spring Integration as Integration Patterns Provider»
Cutting edge of Machine Learning
Cutting edge of Machine Learning
Parallel Programming In Modern World .NET Technics
Parallel Programming In Modern World .NET Technics
Parallel programming in modern world .net technics shared
Parallel programming in modern world .net technics shared
Maximize Effectiveness of Human Capital
Maximize Effectiveness of Human Capital
Último
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
FIDO Alliance
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
FIDO Alliance
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
FIDO Alliance
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering Teams
UXDXConf
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
Stephanie Beckett
Buy Epson EcoTank L3210 Colour Printer Online.pdf
Buy Epson EcoTank L3210 Colour Printer Online.pdf
EasyPrinterHelp
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
David Michel
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FIDO Alliance
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
UXDXConf
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
CzechDreamin
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
FIDO Alliance
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
Patrick Viafore
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Peter Udo Diehl
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
FIDO Alliance
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
CzechDreamin
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
ScyllaDB
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
CzechDreamin
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
Stefano
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
Femke de Vroome
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
Samy Fodil
Último
(20)
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering Teams
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
Buy Epson EcoTank L3210 Colour Printer Online.pdf
Buy Epson EcoTank L3210 Colour Printer Online.pdf
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
Spring security 3
1.
Spring security 3
Maksym Titov 27.4.2011
2.
Why Spring Security? Popularity,
Features
3.
Three easy steps
4.
Filter chain
5.
User experience
6.
Password change management
InMemoryDaoImpl Configuration Page Controller
7.
Securing Credential Storage Database
8.
Advanced configuration of JdbcDaoImpl User
Legacy groups schema
9.
Secure passwords Encoding, salt
10.
‘Remember me’
Safe, but be careful
11.
SSL Transport layer security
12.
Business layer security public
interface IUserService { @PreAuthorize("hasRole('ROLE_USER')") public void changePassword(String username, String password); } @PreAuthorize JSR-250 compliant rules @Secured Aspect Oriented Programming Conditional rendering
13.
Internal customization SECURITY FILTER
AUTHENTICATION PROVIDER
14.
Session management and
concurrency Session fixation Concurrent session control
15.
Exception handling <http
auto-config="true" ...> <access-denied-handler error-page = "/accessDenied.do"/> </http> AuthenticationException AccessDeniedException
16.
External security systems Active
directory OpenId LDAP
Notas del editor
-it packages up everything you need to implement a top-to-bottom application security-integration with many common enterprise authentication systems
Implementing a Spring Security XMLconfiguration file<?xml version="1.0" encoding="UTF-8"?><beans:beansxmlns="http://www.springframework.org/schema/security"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xmlns:beans="http://www.springframework.org/schema/beans"xsi:schemaLocation="http://www.springframework.org/schema/beanshttp://www.springframework.org/schema/beans/spring-beans.xsdhttp://www.springframework.org/schema/securityhttp://www.springframework.org/schema/security/spring-security-3.0.xsd"> <http auto-config="true"> <intercept-url pattern="/*" access="ROLE_USER"/> </http> <authentication-manager alias="authenticationManager"> <authentication-provider> <user-service> <user authorities="ROLE_USER" name="guest" password="guest"/> </user-service> </authentication-provider> </authentication-manager></beans:beans>Adding the Spring DelegatingFilterProxyto your web.xml file<filter> <filter-name>springSecurityFilterChain</filter-name> <filterclass>org.springframework.web.filter.DelegatingFilterProxy </filter-class></filter><filter-mapping><filter-name>springSecurityFilterChain</filter-name><url-pattern>/*</url-pattern></filter-mapping>Adding the Spring Security XML configurationfile reference to web.xml<servlet> <servlet-name>dogstore</servlet-name> <servletclass>org.springframework.web.servlet.DispatcherServlet </servlet-class> <load-on-startup>1</load-on-startup></servlet>
Login page customization – login controllerlogin JSP<http auto-config="true" use-expressions="true"><intercept-url pattern="/*" access="hasRole('ROLE_USER')"/><form-login login-page="/login.do" /></http>
Descargar ahora