SlideShare a Scribd company logo

J2EE Security with Apache SHIRO

Cygnet Infotech, profile picture
Cygnet Infotech

The document outlines a webinar discussing security in web applications using Apache Shiro, focusing on authentication, authorization, session management, and cryptography. It covers different security frameworks including Java Authentication and Authorization Service (JAAS), Spring Security, and the integration of Shiro with Grails applications. The conclusion highlights Shiro's simplicity in configuration compared to other security mechanisms, along with providing contact information for further inquiries.

TechnologyEducation
1 of 24
Downloaded 132 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
Webinar J2EE Security with Apache SHIRO 16th April, 2013
Agenda Authentication, Authorization, Session Management and Cryptography Introduction on market trending security framework Discussion on market trending security framework Grails inbuilt security Live Demo on integrating shiro security with grails web application Conclusion Q&A
Agenda Authentication, Authorization, Session Management and Cryptography Introduction on market trending security framework Discussion on market trending security framework Grails inbuilt security Live Demo on integrating shiro security with grails web application Conclusion Q&A
What is Authentication, Authorization & Session Mgmt.?  Authentication: prove genuineness  Authorization: process of granting approval or permission on resources.  Session Management: Session management means authenticate once and confirms on every action that the user is the one who provided the original credentials.  Key cornerstones in the security of a system.  Authentication and authorization are two very related, and yet separate, concepts.  Where Authentication deals with identifying a user, the Authorization determines what a user is allowed to do.
What is Authentication, Authorization & Session Mgmt.? Designers and developers should leverage authorization, authentication and session management capabilities as much as possible.
Agenda Authentication, Authorization, Session Management and Cryptography Introduction on market trending security framework Discussion on market trending security framework Grails inbuilt security Live Demo on integrating shiro security with grails web application Conclusion Q&A
Introduction on market trending security framework Java Authentication and Authorization Service or JAAS Apache Shiro Security Spring Security
Agenda Authentication, Authorization, Session Management and Cryptography Introduction on market trending security framework Discussion on market trending security framework Grails inbuilt security Live Demo on integrating shiro security with grails web application Conclusion Q&A
1 Javax.security to be imported. Discussion on market trending security framework JAAS Security Configuration Steps: 2 Implement LoginModule Interface 3 Override methods like initialize, login, commit, abort, logout. 4 Implement call back handlers 5 Implement privilege action 6 Configure jaas policy files 7 Implement Filters
Discussion on market trending security framework Spring Security Configuration Steps: 2 Install spring security libraries 3 Create & Configure spring-security.xml file in class path. 4 Provide @secured annotation above methods based on the privileges Install spring core libraries1
Discussion on market trending security framework Shiro Security Configuration Steps: 2 Create and configure shiro.ini file in class path 3 Provide roles and privileges in shiro.ini Install shiro libraries and required libraries to project1
Discussion on market trending security framework Shiro Spring Security JAAS Simplicity Bit Complicated (Not easily fathomable) More complicated. Enterprise session management is supported Not Supported Not supported Better cryptography simplified cryptography Grails plugin available Grails plugin available Grails plugin is not available Work and Gel with every environment Spring is not mandatory Dependent on Spring core libraries Part of Java and can work and get with every environment
Agenda Authentication, Authorization, Session Management and Cryptography Introduction on market trending security framework Discussion on market trending security framework Grails inbuilt security Live Demo on integrating shiro security with grails web application Conclusion Q&A
Grails inbuilt security  GORM - SQL escaped to prevent SQL injection attacks  The default scaffolding templates HTML escape all data fields when displayed  Link creating tags use appropriate escaping mechanisms to prevent code injection  Codecs to prevent injection attacks.
Grails inbuilt security class SecurityFilters { def filters = { loginCheck(controller: '*', action: '*') { before = { if (!session.user && actionName != "login") { redirect(controller: "user", action: "login") return false } } } } }
Agenda Authentication, Authorization, Session Management and Cryptography Introduction on market trending security framework Discussion on market trending security framework Grails inbuilt security Live Demo on integrating shiro security with grails web application Conclusion Q&A
Integrating shiro security with existing application Application Diagram without SHIRO
Integrating shiro security with existing application
Agenda Authentication, Authorization, Session Management and Cryptography Introduction on market trending security framework Discussion on market trending security framework Grails inbuilt security Live Demo on integrating shiro security with grails web application Conclusion Q&A
Conclusion With shiro it is quite easy to configure security, shiro takes care of most of the issues through its default settings, existing Java security mechanisms like JAAS, Spring security are too confusing, complex etc.
Agenda Authentication, Authorization, Session Management and Cryptography Introduction on market trending security framework Discussion on market trending security framework Grails inbuilt security Live Demo on integrating shiro security with grails web application Conclusion Q&A
Questions and Answers
Write us on info@cygnet-infotech.com to get a free demo Session Free Consultation
Contact Us Email: info@cygnet-infotech.com Website: www.cygnet-infotech.com Facebook LinkedIn Twitter - @CygnetInfotech Skype – cygnet-infotech-pvt-ltd India Cygnet Infotech Pvt Ltd. 2A, Manikyam, Opp. Samudra Annexe, Nr. Shilp Cross Roads, Off. C. G. Road, Navrangpura, Ahmedabad, Gujarat, India. Tel: +91-79-30487400; Fax: +91-79-30487422 USA Cygnet Infotech LLC. Mack-Cali Centre III, 140 E, Ridgewood Avenue, Suite 415 ST, Paramus, NJ 07652. Tel: +1-201-995-7444; Fax : +1-201-221-8516

More Related Content

PPTX
Learn Apache Shiro
Smita Prasad
 
PPTX
ApacheCon 2014: Infinite Session Clustering with Apache Shiro & Cassandra
DataStax Academy
 
PPTX
Spring Security
Manish Sharma
 
PPTX
Spring Security 3
Jason Ferguson
 
PDF
Spring Framework - Spring Security
Dzmitry Naskou
 
PPTX
Spring security
Saurabh Sharma
 
PPTX
Spring Security 5
Jesus Perez Franco
 
PDF
Fun With Spring Security
Burt Beckwith
 
Learn Apache Shiro
Smita Prasad
 
ApacheCon 2014: Infinite Session Clustering with Apache Shiro & Cassandra
DataStax Academy
 
Spring Security
Manish Sharma
 
Spring Security 3
Jason Ferguson
 
Spring Framework - Spring Security
Dzmitry Naskou
 
Spring security
Saurabh Sharma
 
Spring Security 5
Jesus Perez Franco
 
Fun With Spring Security
Burt Beckwith
 

What's hot (20)

PPTX
Spring Security
Boy Tech
 
PDF
Spring Security
Sumit Gole
 
PDF
Super simple application security with Apache Shiro
Marakana Inc.
 
PPT
Spring Security Introduction
Mindfire Solutions
 
PPTX
Octopus framework; Permission based security framework for Java EE
Rudy De Busscher
 
PPTX
Intro to Apache Shiro
Claire Hunsaker
 
PDF
Enterprise Security mit Spring Security
Mike Wiesner
 
PDF
From 0 to Spring Security 4.0
robwinch
 
PPTX
Java Security Framework's
Mohammed Fazuluddin
 
PPTX
Building Layers of Defense with Spring Security
Joris Kuipers
 
PPTX
Spring security
sakhibarun
 
PDF
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Kenneth Peeples
 
PDF
Java EE Application Security With PicketLink
pigorcraveiro
 
PPT
Security in java ee platform: what is included, what is missing
Masoud Kalali
 
PPTX
Access Control Pitfalls v2
Jim Manico
 
PPTX
Token Authentication in ASP.NET Core
Stormpath
 
PPTX
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
CA API Management
 
PPTX
Security asp.net application
ZAIYAUL HAQUE
 
PPTX
Top Ten Java Defense for Web Applications v2
Jim Manico
 
PPTX
REST API Security: OAuth 2.0, JWTs, and More!
Stormpath
 
Spring Security
Boy Tech
 
Spring Security
Sumit Gole
 
Super simple application security with Apache Shiro
Marakana Inc.
 
Spring Security Introduction
Mindfire Solutions
 
Octopus framework; Permission based security framework for Java EE
Rudy De Busscher
 
Intro to Apache Shiro
Claire Hunsaker
 
Enterprise Security mit Spring Security
Mike Wiesner
 
From 0 to Spring Security 4.0
robwinch
 
Java Security Framework's
Mohammed Fazuluddin
 
Building Layers of Defense with Spring Security
Joris Kuipers
 
Spring security
sakhibarun
 
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Kenneth Peeples
 
Java EE Application Security With PicketLink
pigorcraveiro
 
Security in java ee platform: what is included, what is missing
Masoud Kalali
 
Access Control Pitfalls v2
Jim Manico
 
Token Authentication in ASP.NET Core
Stormpath
 
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
CA API Management
 
Security asp.net application
ZAIYAUL HAQUE
 
Top Ten Java Defense for Web Applications v2
Jim Manico
 
REST API Security: OAuth 2.0, JWTs, and More!
Stormpath
 
Ad

Similar to J2EE Security with Apache SHIRO (20)

PDF
Apache shiro security framework
Ashokkumar T A
 
PPT
Secure visual algorithm simulator
Prachi Singhal
 
PPTX
Agile Gurugram Conference 2020 | Keeping software secure in agile | Gurpreet ...
AgileNetwork
 
PDF
SailPoint VS CyberArk.pdf
VishnuGone
 
PPTX
Chap 6 cloud security
Raj Sarode
 
PPTX
Making Security Agile
Oleg Gryb
 
PDF
Building a Product Security Practice in a DevOps World
Arun Prabhakar
 
PPTX
Product security by Blockchain, AI and Security Certs
LabSharegroup
 
PPTX
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
Moshe Ferber
 
PPTX
Cloud Security Fundamentals Webinar
Joseph Holbrook, Chief Learning Officer (CLO)
 
PDF
Multi-Factor Authentication Evaluation Guide.pdf
shriyarastogi7
 
PDF
Multi-Factor Authentication Evaluation Guide.pdf
shriyarastogi7
 
PPTX
API Security: Essential Practices for Developers
Dinusha Kumarasiri
 
PPTX
The user s identities
Giuliano Latini
 
PPTX
Build a complete security operations and compliance program using a graph dat...
Erkang Zheng
 
PDF
Common 2009 Getting Started On The Road To Compliance
imigrnt
 
PPTX
Spring Security services for web applications
StephenKoc1
 
PDF
Getting started with Spring Security
Knoldus Inc.
 
PPT
Path Maker Security Presentation
danhsmith
 
PDF
Spring security4.x
Zeeshan Khan
 
Apache shiro security framework
Ashokkumar T A
 
Secure visual algorithm simulator
Prachi Singhal
 
Agile Gurugram Conference 2020 | Keeping software secure in agile | Gurpreet ...
AgileNetwork
 
SailPoint VS CyberArk.pdf
VishnuGone
 
Chap 6 cloud security
Raj Sarode
 
Making Security Agile
Oleg Gryb
 
Building a Product Security Practice in a DevOps World
Arun Prabhakar
 
Product security by Blockchain, AI and Security Certs
LabSharegroup
 
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
Moshe Ferber
 
Cloud Security Fundamentals Webinar
Joseph Holbrook, Chief Learning Officer (CLO)
 
Multi-Factor Authentication Evaluation Guide.pdf
shriyarastogi7
 
Multi-Factor Authentication Evaluation Guide.pdf
shriyarastogi7
 
API Security: Essential Practices for Developers
Dinusha Kumarasiri
 
The user s identities
Giuliano Latini
 
Build a complete security operations and compliance program using a graph dat...
Erkang Zheng
 
Common 2009 Getting Started On The Road To Compliance
imigrnt
 
Spring Security services for web applications
StephenKoc1
 
Getting started with Spring Security
Knoldus Inc.
 
Path Maker Security Presentation
danhsmith
 
Spring security4.x
Zeeshan Khan
 
Ad

More from Cygnet Infotech (20)

PPTX
Roadmap for Digital Transformation
Cygnet Infotech
 
PPTX
Robotic Process Automation Capabilities - Cygnet Infotech
Cygnet Infotech
 
PDF
Enterprise QA and Application Testing Services
Cygnet Infotech
 
PPSX
Salesforce CRM - To Achieve Unparalleled ROI
Cygnet Infotech
 
PPSX
Full-stack Front-end Engineering Services
Cygnet Infotech
 
PPTX
Modernizing Supply Chain with Blockchain Technology
Cygnet Infotech
 
PPSX
IT Consulting - Aligning Technology to Business Strategy
Cygnet Infotech
 
PPTX
Emerging Technologies: The Power to Future Ready Business
Cygnet Infotech
 
PPSX
Cloud Computing: Delivering Public, Private and Hybrid Cloud Solutions
Cygnet Infotech
 
PPSX
Microsoft Dynamics 365 - The Engine that Thrives Transformation
Cygnet Infotech
 
PPSX
DevOps - The Best Way to Break the Silos
Cygnet Infotech
 
PPSX
Robotic Process Automation (RPA) in Manufacturing Industry
Cygnet Infotech
 
PPSX
Quality Engineering in the New Era
Cygnet Infotech
 
PPSX
5 ways blockchain improves business flexibility
Cygnet Infotech
 
PDF
5 Reasons to Adopt Product Engineering
Cygnet Infotech
 
PPTX
Successful SAP Implementation Checklist
Cygnet Infotech
 
PPTX
The Quality Assurance Checklist for Progressive Testing
Cygnet Infotech
 
PPTX
DevOps - The Key to Rapid Productization (Introduction to the 5C's of DevOps)
Cygnet Infotech
 
PPTX
Introduction to Blockchain-as-a-Service (BaaS)
Cygnet Infotech
 
PPTX
5 Ways MS Dynamics 365 Empowers Digital Transformation
Cygnet Infotech
 
Roadmap for Digital Transformation
Cygnet Infotech
 
Robotic Process Automation Capabilities - Cygnet Infotech
Cygnet Infotech
 
Enterprise QA and Application Testing Services
Cygnet Infotech
 
Salesforce CRM - To Achieve Unparalleled ROI
Cygnet Infotech
 
Full-stack Front-end Engineering Services
Cygnet Infotech
 
Modernizing Supply Chain with Blockchain Technology
Cygnet Infotech
 
IT Consulting - Aligning Technology to Business Strategy
Cygnet Infotech
 
Emerging Technologies: The Power to Future Ready Business
Cygnet Infotech
 
Cloud Computing: Delivering Public, Private and Hybrid Cloud Solutions
Cygnet Infotech
 
Microsoft Dynamics 365 - The Engine that Thrives Transformation
Cygnet Infotech
 
DevOps - The Best Way to Break the Silos
Cygnet Infotech
 
Robotic Process Automation (RPA) in Manufacturing Industry
Cygnet Infotech
 
Quality Engineering in the New Era
Cygnet Infotech
 
5 ways blockchain improves business flexibility
Cygnet Infotech
 
5 Reasons to Adopt Product Engineering
Cygnet Infotech
 
Successful SAP Implementation Checklist
Cygnet Infotech
 
The Quality Assurance Checklist for Progressive Testing
Cygnet Infotech
 
DevOps - The Key to Rapid Productization (Introduction to the 5C's of DevOps)
Cygnet Infotech
 
Introduction to Blockchain-as-a-Service (BaaS)
Cygnet Infotech
 
5 Ways MS Dynamics 365 Empowers Digital Transformation
Cygnet Infotech
 

Recently uploaded (20)

PPTX
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
PDF
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
PDF
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
PDF
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
PDF
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
PPTX
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
PDF
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
PDF
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
PDF
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
PDF
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
PDF
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
PDF
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
PDF
project resource management chapter-09.pdf
ssuser00e6e21
 
PDF
Hybrid model detection and classification of lung cancer
IAESIJAI
 
PDF
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
PDF
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
PPTX
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
PPTX
observCloud-Native Containerability and monitoring.pptx
anupsingh76937
 
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
project resource management chapter-09.pdf
ssuser00e6e21
 
Hybrid model detection and classification of lung cancer
IAESIJAI
 
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
observCloud-Native Containerability and monitoring.pptx
anupsingh76937
 

J2EE Security with Apache SHIRO

  • 1. Webinar J2EE Security with Apache SHIRO 16th April, 2013
  • 2. Agenda Authentication, Authorization, Session Management and Cryptography Introduction on market trending security framework Discussion on market trending security framework Grails inbuilt security Live Demo on integrating shiro security with grails web application Conclusion Q&A
  • 3. Agenda Authentication, Authorization, Session Management and Cryptography Introduction on market trending security framework Discussion on market trending security framework Grails inbuilt security Live Demo on integrating shiro security with grails web application Conclusion Q&A
  • 4. What is Authentication, Authorization & Session Mgmt.?  Authentication: prove genuineness  Authorization: process of granting approval or permission on resources.  Session Management: Session management means authenticate once and confirms on every action that the user is the one who provided the original credentials.  Key cornerstones in the security of a system.  Authentication and authorization are two very related, and yet separate, concepts.  Where Authentication deals with identifying a user, the Authorization determines what a user is allowed to do.
  • 5. What is Authentication, Authorization & Session Mgmt.? Designers and developers should leverage authorization, authentication and session management capabilities as much as possible.
  • 6. Agenda Authentication, Authorization, Session Management and Cryptography Introduction on market trending security framework Discussion on market trending security framework Grails inbuilt security Live Demo on integrating shiro security with grails web application Conclusion Q&A
  • 7. Introduction on market trending security framework Java Authentication and Authorization Service or JAAS Apache Shiro Security Spring Security
  • 8. Agenda Authentication, Authorization, Session Management and Cryptography Introduction on market trending security framework Discussion on market trending security framework Grails inbuilt security Live Demo on integrating shiro security with grails web application Conclusion Q&A
  • 9. 1 Javax.security to be imported. Discussion on market trending security framework JAAS Security Configuration Steps: 2 Implement LoginModule Interface 3 Override methods like initialize, login, commit, abort, logout. 4 Implement call back handlers 5 Implement privilege action 6 Configure jaas policy files 7 Implement Filters
  • 10. Discussion on market trending security framework Spring Security Configuration Steps: 2 Install spring security libraries 3 Create & Configure spring-security.xml file in class path. 4 Provide @secured annotation above methods based on the privileges Install spring core libraries1
  • 11. Discussion on market trending security framework Shiro Security Configuration Steps: 2 Create and configure shiro.ini file in class path 3 Provide roles and privileges in shiro.ini Install shiro libraries and required libraries to project1
  • 12. Discussion on market trending security framework Shiro Spring Security JAAS Simplicity Bit Complicated (Not easily fathomable) More complicated. Enterprise session management is supported Not Supported Not supported Better cryptography simplified cryptography Grails plugin available Grails plugin available Grails plugin is not available Work and Gel with every environment Spring is not mandatory Dependent on Spring core libraries Part of Java and can work and get with every environment
  • 13. Agenda Authentication, Authorization, Session Management and Cryptography Introduction on market trending security framework Discussion on market trending security framework Grails inbuilt security Live Demo on integrating shiro security with grails web application Conclusion Q&A
  • 14. Grails inbuilt security  GORM - SQL escaped to prevent SQL injection attacks  The default scaffolding templates HTML escape all data fields when displayed  Link creating tags use appropriate escaping mechanisms to prevent code injection  Codecs to prevent injection attacks.
  • 15. Grails inbuilt security class SecurityFilters { def filters = { loginCheck(controller: '*', action: '*') { before = { if (!session.user && actionName != "login") { redirect(controller: "user", action: "login") return false } } } } }
  • 16. Agenda Authentication, Authorization, Session Management and Cryptography Introduction on market trending security framework Discussion on market trending security framework Grails inbuilt security Live Demo on integrating shiro security with grails web application Conclusion Q&A
  • 17. Integrating shiro security with existing application Application Diagram without SHIRO
  • 18. Integrating shiro security with existing application
  • 19. Agenda Authentication, Authorization, Session Management and Cryptography Introduction on market trending security framework Discussion on market trending security framework Grails inbuilt security Live Demo on integrating shiro security with grails web application Conclusion Q&A
  • 20. Conclusion With shiro it is quite easy to configure security, shiro takes care of most of the issues through its default settings, existing Java security mechanisms like JAAS, Spring security are too confusing, complex etc.
  • 21. Agenda Authentication, Authorization, Session Management and Cryptography Introduction on market trending security framework Discussion on market trending security framework Grails inbuilt security Live Demo on integrating shiro security with grails web application Conclusion Q&A
  • 23. Write us on info@cygnet-infotech.com to get a free demo Session Free Consultation
  • 24. Contact Us Email: info@cygnet-infotech.com Website: www.cygnet-infotech.com Facebook LinkedIn Twitter - @CygnetInfotech Skype – cygnet-infotech-pvt-ltd India Cygnet Infotech Pvt Ltd. 2A, Manikyam, Opp. Samudra Annexe, Nr. Shilp Cross Roads, Off. C. G. Road, Navrangpura, Ahmedabad, Gujarat, India. Tel: +91-79-30487400; Fax: +91-79-30487422 USA Cygnet Infotech LLC. Mack-Cali Centre III, 140 E, Ridgewood Avenue, Suite 415 ST, Paramus, NJ 07652. Tel: +1-201-995-7444; Fax : +1-201-221-8516