SlideShare a Scribd company logo

Spring Security

Download as PPTX, PDF
M
Manish Sharma

Spring Security is a framework for authentication and authorization in Java applications. It provides components for authentication filters, providers, and managers as well as user details services. Basic authentication uses HTTP basic auth with a username and password encoded in the request header. Form authentication displays a login form and uses CSRF protection. Custom authentication allows multiple auth types by implementing custom auth providers, users, grants, and handlers. The documentation covers getting started, architecture, basic auth, form auth, and custom auth configurations and demos.

Technology
1 of 19
Downloaded 50 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
Spring Security - getting started
Manish Sharma
Agenda • Getting Started • Spring Security Architecture • Basic Auth • Configuration / Demo / Pros - Cons • Form Auth • Configuration / Demo / Pros - Cons • Custom Auth • Configuration walkthrough and Demo
Getting Started • Add Maven or Gradle dependencies. compile('org.springframework.boot:spring-boot-starter-security')
Getting Started • Filter Chain in Spring Boot app. • Filter Chain in Spring Boot App with Spring Security.
Spring Security
Deep inside DelegatingFilterProxy
Spring Security Components• Authentication Filter : e.g :UsernamePasswordAuthenticationFilter or BasicAuthenticationFilter • Authentication : to represent the principal in a Spring Security-specific manner. • Authentication Provider • Authentication Manager • UserDetailsService, to create a UserDetails when passed in a String-based username • UserDetails, to provide the necessary information to build an Authentication object from your application's DAOs or other source source of security data. • SecurityContextHolder, to provide access to the SecurityContext, default in ThreadLocal. • SecurityContext, to hold the Authentication and possibly request-specific security information. • GrantedAuthority, to reflect the application-wide permissions granted to a principal.
Spring Security
Http Basic Authentication • Something of lowest common denominator. • Support on practically all servers natively and out of the box. • ubiquitous support on the client side in all languages. • curl --header "Authorization: Basic dXNlcjp3b3JkcGFzcw==" http://localhost:8080/admin • dXNlcjp3b3JkcGFzcw== user:wordpass
Basic Auth Demo and Cons
Preflight request • https://developer.mozilla.org/en- US/docs/Glossary/Preflight_request
Form Based Authentication • CSRF protection • Form Based Auth Demo
Custom Authentication • More than one authentication. • Custom Authentication provider, User, Grants, UserDetailsService, AccessDeniedHandler. • Used of password encoder.
Spring Security
Useful configs out of the box • BCryptPasswordEncoder. • Max number of concurrent sessions. • JDBC Authentication. • Configure filter.
Spring Security Part -2 • Securing Microservices. • Token based Authentication • OAuth • OpenId
Questions???
Thank You!!

More Related Content

PPTX
Spring Security 3
Jason Ferguson
 
PPTX
Spring security
Saurabh Sharma
 
PDF
Spring Framework - Spring Security
Dzmitry Naskou
 
PDF
Spring Security
Sumit Gole
 
PPT
Spring Security Introduction
Mindfire Solutions
 
PPTX
Spring Security
Boy Tech
 
PDF
Fun With Spring Security
Burt Beckwith
 
PPTX
Spring security
sakhibarun
 
Spring Security 3
Jason Ferguson
 
Spring security
Saurabh Sharma
 
Spring Framework - Spring Security
Dzmitry Naskou
 
Spring Security
Sumit Gole
 
Spring Security Introduction
Mindfire Solutions
 
Spring Security
Boy Tech
 
Fun With Spring Security
Burt Beckwith
 
Spring security
sakhibarun
 

What's hot (20)

PPTX
Spring Security 5
Jesus Perez Franco
 
PDF
J2EE Security with Apache SHIRO
Cygnet Infotech
 
PPTX
Building Layers of Defense with Spring Security
Joris Kuipers
 
PPTX
Learn Apache Shiro
Smita Prasad
 
PDF
From 0 to Spring Security 4.0
robwinch
 
PDF
Enterprise Security mit Spring Security
Mike Wiesner
 
PPTX
Octopus framework; Permission based security framework for Java EE
Rudy De Busscher
 
PPTX
ApacheCon 2014: Infinite Session Clustering with Apache Shiro & Cassandra
DataStax Academy
 
PPTX
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
CA API Management
 
PDF
Javacro 2014 Spring Security 3 Speech
Fernando Redondo Ramírez
 
PPTX
Security asp.net application
ZAIYAUL HAQUE
 
PDF
Super simple application security with Apache Shiro
Marakana Inc.
 
PDF
Java EE Application Security With PicketLink
pigorcraveiro
 
PDF
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Kenneth Peeples
 
PPTX
Java Security Framework's
Mohammed Fazuluddin
 
PPTX
ASP.NET Web Security
SharePointRadi
 
PPTX
Token Authentication in ASP.NET Core
Stormpath
 
PPTX
REST API Security: OAuth 2.0, JWTs, and More!
Stormpath
 
PPTX
Intro to Apache Shiro
Claire Hunsaker
 
PPTX
Secure API Services in Node with Basic Auth and OAuth2
Stormpath
 
Spring Security 5
Jesus Perez Franco
 
J2EE Security with Apache SHIRO
Cygnet Infotech
 
Building Layers of Defense with Spring Security
Joris Kuipers
 
Learn Apache Shiro
Smita Prasad
 
From 0 to Spring Security 4.0
robwinch
 
Enterprise Security mit Spring Security
Mike Wiesner
 
Octopus framework; Permission based security framework for Java EE
Rudy De Busscher
 
ApacheCon 2014: Infinite Session Clustering with Apache Shiro & Cassandra
DataStax Academy
 
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
CA API Management
 
Javacro 2014 Spring Security 3 Speech
Fernando Redondo Ramírez
 
Security asp.net application
ZAIYAUL HAQUE
 
Super simple application security with Apache Shiro
Marakana Inc.
 
Java EE Application Security With PicketLink
pigorcraveiro
 
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Kenneth Peeples
 
Java Security Framework's
Mohammed Fazuluddin
 
ASP.NET Web Security
SharePointRadi
 
Token Authentication in ASP.NET Core
Stormpath
 
REST API Security: OAuth 2.0, JWTs, and More!
Stormpath
 
Intro to Apache Shiro
Claire Hunsaker
 
Secure API Services in Node with Basic Auth and OAuth2
Stormpath
 
Ad

Viewers also liked (12)

PPTX
Spring security
Slimen Belhaj Ali
 
PDF
Дикие микросервисы на JUG Екатеринбург
Кирилл Толкачёв
 
PDF
What's New in spring-security-core 2.0
Burt Beckwith
 
PDF
Java security in the real world (Ryan Sciampacone)
Chris Bailey
 
PDF
Java Security Manager Reloaded - Devoxx 2014
Josef Cacek
 
PPTX
Rest with Java EE 6 , Security , Backbone.js
Carol McDonald
 
PPTX
Power point aplicacion interactiva-uch
Gladys Flores Hurtado
 
PDF
Náquinas 3léctricas y transf0rmad0res lrving 1. k0sow - 2 ed
yanderax
 
PPT
Winning Strategy adopted in Mahabhrata Epic
Bharat Sharma
 
PPTX
Wed 2
ELIZALIV
 
PDF
My Five Minutes Bell!!
Mayra Lorena Diaz
 
PPTX
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
Martin Toshev
 
Spring security
Slimen Belhaj Ali
 
Дикие микросервисы на JUG Екатеринбург
Кирилл Толкачёв
 
What's New in spring-security-core 2.0
Burt Beckwith
 
Java security in the real world (Ryan Sciampacone)
Chris Bailey
 
Java Security Manager Reloaded - Devoxx 2014
Josef Cacek
 
Rest with Java EE 6 , Security , Backbone.js
Carol McDonald
 
Power point aplicacion interactiva-uch
Gladys Flores Hurtado
 
Náquinas 3léctricas y transf0rmad0res lrving 1. k0sow - 2 ed
yanderax
 
Winning Strategy adopted in Mahabhrata Epic
Bharat Sharma
 
Wed 2
ELIZALIV
 
My Five Minutes Bell!!
Mayra Lorena Diaz
 
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
Martin Toshev
 
Ad

Similar to Spring Security (20)

PDF
Spring security jwt tutorial toptal
jbsysatm
 
PDF
Spring Security
Knoldus Inc.
 
PDF
Getting started with Spring Security
Knoldus Inc.
 
PDF
Spring security4.x
Zeeshan Khan
 
PDF
Building layers of defense for your application
VMware Tanzu
 
PDF
Spring Security in Action 1st Edition Laurentiu Spilca Spilcă Laurenţiu
ticeyfedorvt
 
PPTX
springb security.pptxdsdsgfdsgsdgsdgsdgdsgdsgds
zmulani8
 
PPTX
Spring Security: Deep dive into basics. Ihor Polataiko.pptx
Ihor Polataiko
 
PPTX
Spring Security Framework
Jayasree Perilakkalam
 
PDF
Spring Security in Action 1st Edition Laurentiu Spilca
qbjpyqyprq1924
 
PPTX
Spring security 3
IT Weekend
 
PPTX
Spring Security services for web applications
StephenKoc1
 
PDF
Spring4 security
Sang Shin
 
PDF
Spring Security 5.5 From Taxi to Takeoff
VMware Tanzu
 
PDF
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
Matt Raible
 
PDF
JavaCro'14 - Securing web applications with Spring Security 3 – Fernando Redo...
HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
PDF
Spring5 hibernate5 security5 lab step by step
Rajiv Gupta
 
PPTX
Iasi code camp 20 april 2013 windows authentication-spring security -kerberos
Codecamp Romania
 
PPTX
Comprehensive_SpringBoot_Auth.pptx wokring
JayaPrakash579769
 
PDF
Lesson07-UsernamePasswordAuthenticationFilter.pdf
Scott Anderson
 
Spring security jwt tutorial toptal
jbsysatm
 
Spring Security
Knoldus Inc.
 
Getting started with Spring Security
Knoldus Inc.
 
Spring security4.x
Zeeshan Khan
 
Building layers of defense for your application
VMware Tanzu
 
Spring Security in Action 1st Edition Laurentiu Spilca Spilcă Laurenţiu
ticeyfedorvt
 
springb security.pptxdsdsgfdsgsdgsdgsdgdsgdsgds
zmulani8
 
Spring Security: Deep dive into basics. Ihor Polataiko.pptx
Ihor Polataiko
 
Spring Security Framework
Jayasree Perilakkalam
 
Spring Security in Action 1st Edition Laurentiu Spilca
qbjpyqyprq1924
 
Spring security 3
IT Weekend
 
Spring Security services for web applications
StephenKoc1
 
Spring4 security
Sang Shin
 
Spring Security 5.5 From Taxi to Takeoff
VMware Tanzu
 
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
Matt Raible
 
JavaCro'14 - Securing web applications with Spring Security 3 – Fernando Redo...
HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
Spring5 hibernate5 security5 lab step by step
Rajiv Gupta
 
Iasi code camp 20 april 2013 windows authentication-spring security -kerberos
Codecamp Romania
 
Comprehensive_SpringBoot_Auth.pptx wokring
JayaPrakash579769
 
Lesson07-UsernamePasswordAuthenticationFilter.pdf
Scott Anderson
 

Recently uploaded (20)

PDF
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
PDF
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
PDF
A Late Bloomer's Guide to GenAI: Ethics, Bias, and Effective Prompting - Boha...
Mindy Bohannon
 
PDF
CloudStack 4.21: First Look Webinar slides
ShapeBlue
 
DOCX
search engine optimization ppt fir known well about this
StandardCodeLearning
 
PDF
Unlock new opportunities with location data.pdf
Precisely
 
PDF
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
PDF
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
PDF
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
PPTX
Modernising the Digital Integration Hub
Daniel Toomey
 
PDF
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
PDF
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
PDF
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
PPTX
Web Crawler for Trend Tracking Gen Z Insights.pptx
Actowiz Solustions
 
PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PDF
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
PDF
August Patch Tuesday
Ivanti
 
PDF
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
PPT
What is a Computer? Input Devices /output devices
GulJan8
 
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
A Late Bloomer's Guide to GenAI: Ethics, Bias, and Effective Prompting - Boha...
Mindy Bohannon
 
CloudStack 4.21: First Look Webinar slides
ShapeBlue
 
search engine optimization ppt fir known well about this
StandardCodeLearning
 
Unlock new opportunities with location data.pdf
Precisely
 
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
Modernising the Digital Integration Hub
Daniel Toomey
 
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
Web Crawler for Trend Tracking Gen Z Insights.pptx
Actowiz Solustions
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
August Patch Tuesday
Ivanti
 
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
What is a Computer? Input Devices /output devices
GulJan8
 

Spring Security

  • 1. Spring Security - getting started
  • 3. Agenda • Getting Started • Spring Security Architecture • Basic Auth • Configuration / Demo / Pros - Cons • Form Auth • Configuration / Demo / Pros - Cons • Custom Auth • Configuration walkthrough and Demo
  • 4. Getting Started • Add Maven or Gradle dependencies. compile('org.springframework.boot:spring-boot-starter-security')
  • 5. Getting Started • Filter Chain in Spring Boot app. • Filter Chain in Spring Boot App with Spring Security.
  • 8. Spring Security Components• Authentication Filter : e.g :UsernamePasswordAuthenticationFilter or BasicAuthenticationFilter • Authentication : to represent the principal in a Spring Security-specific manner. • Authentication Provider • Authentication Manager • UserDetailsService, to create a UserDetails when passed in a String-based username • UserDetails, to provide the necessary information to build an Authentication object from your application's DAOs or other source source of security data. • SecurityContextHolder, to provide access to the SecurityContext, default in ThreadLocal. • SecurityContext, to hold the Authentication and possibly request-specific security information. • GrantedAuthority, to reflect the application-wide permissions granted to a principal.
  • 10. Http Basic Authentication • Something of lowest common denominator. • Support on practically all servers natively and out of the box. • ubiquitous support on the client side in all languages. • curl --header "Authorization: Basic dXNlcjp3b3JkcGFzcw==" http://localhost:8080/admin • dXNlcjp3b3JkcGFzcw== user:wordpass
  • 11. Basic Auth Demo and Cons
  • 13. Form Based Authentication • CSRF protection • Form Based Auth Demo
  • 14. Custom Authentication • More than one authentication. • Custom Authentication provider, User, Grants, UserDetailsService, AccessDeniedHandler. • Used of password encoder.
  • 16. Useful configs out of the box • BCryptPasswordEncoder. • Max number of concurrent sessions. • JDBC Authentication. • Configure filter.
  • 17. Spring Security Part -2 • Securing Microservices. • Token based Authentication • OAuth • OpenId

Editor's Notes

  • #12: Always send password with request. Not secure. No standard logout mechanism.