SlideShare a Scribd company logo

Spring Security

Download as PPTX, PDF
M
Manish Sharma

Spring Security is a framework for authentication and authorization in Java applications. It provides components for authentication filters, providers, and managers as well as user details services. Basic authentication uses HTTP basic auth with a username and password encoded in the request header. Form authentication displays a login form and uses CSRF protection. Custom authentication allows multiple auth types by implementing custom auth providers, users, grants, and handlers. The documentation covers getting started, architecture, basic auth, form auth, and custom auth configurations and demos.

Technology
1 of 19
Downloaded 50 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
Spring Security - getting started
Manish Sharma
Agenda • Getting Started • Spring Security Architecture • Basic Auth • Configuration / Demo / Pros - Cons • Form Auth • Configuration / Demo / Pros - Cons • Custom Auth • Configuration walkthrough and Demo
Getting Started • Add Maven or Gradle dependencies. compile('org.springframework.boot:spring-boot-starter-security')
Getting Started • Filter Chain in Spring Boot app. • Filter Chain in Spring Boot App with Spring Security.
Spring Security
Deep inside DelegatingFilterProxy
Spring Security Components• Authentication Filter : e.g :UsernamePasswordAuthenticationFilter or BasicAuthenticationFilter • Authentication : to represent the principal in a Spring Security-specific manner. • Authentication Provider • Authentication Manager • UserDetailsService, to create a UserDetails when passed in a String-based username • UserDetails, to provide the necessary information to build an Authentication object from your application's DAOs or other source source of security data. • SecurityContextHolder, to provide access to the SecurityContext, default in ThreadLocal. • SecurityContext, to hold the Authentication and possibly request-specific security information. • GrantedAuthority, to reflect the application-wide permissions granted to a principal.
Spring Security
Http Basic Authentication • Something of lowest common denominator. • Support on practically all servers natively and out of the box. • ubiquitous support on the client side in all languages. • curl --header "Authorization: Basic dXNlcjp3b3JkcGFzcw==" http://localhost:8080/admin • dXNlcjp3b3JkcGFzcw== user:wordpass
Basic Auth Demo and Cons
Preflight request • https://developer.mozilla.org/en- US/docs/Glossary/Preflight_request
Form Based Authentication • CSRF protection • Form Based Auth Demo
Custom Authentication • More than one authentication. • Custom Authentication provider, User, Grants, UserDetailsService, AccessDeniedHandler. • Used of password encoder.
Spring Security
Useful configs out of the box • BCryptPasswordEncoder. • Max number of concurrent sessions. • JDBC Authentication. • Configure filter.
Spring Security Part -2 • Securing Microservices. • Token based Authentication • OAuth • OpenId
Questions???
Thank You!!

More Related Content

PPTX
Spring Security 3
Jason Ferguson
 
PPTX
Spring security
Saurabh Sharma
 
PDF
Spring Framework - Spring Security
Dzmitry Naskou
 
PDF
Spring Security
Sumit Gole
 
PPT
Spring Security Introduction
Mindfire Solutions
 
PPTX
Spring Security
Boy Tech
 
PDF
Fun With Spring Security
Burt Beckwith
 
PPTX
Spring security
sakhibarun
 
Spring Security 3
Jason Ferguson
 
Spring security
Saurabh Sharma
 
Spring Framework - Spring Security
Dzmitry Naskou
 
Spring Security
Sumit Gole
 
Spring Security Introduction
Mindfire Solutions
 
Spring Security
Boy Tech
 
Fun With Spring Security
Burt Beckwith
 
Spring security
sakhibarun
 

What's hot (20)

PPTX
Spring Security 5
Jesus Perez Franco
 
PDF
J2EE Security with Apache SHIRO
Cygnet Infotech
 
PPTX
Building Layers of Defense with Spring Security
Joris Kuipers
 
PPTX
Learn Apache Shiro
Smita Prasad
 
PDF
From 0 to Spring Security 4.0
robwinch
 
PDF
Enterprise Security mit Spring Security
Mike Wiesner
 
PPTX
Octopus framework; Permission based security framework for Java EE
Rudy De Busscher
 
PPTX
ApacheCon 2014: Infinite Session Clustering with Apache Shiro & Cassandra
DataStax Academy
 
PPTX
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
CA API Management
 
PDF
Javacro 2014 Spring Security 3 Speech
Fernando Redondo Ramírez
 
PPTX
Security asp.net application
ZAIYAUL HAQUE
 
PDF
Super simple application security with Apache Shiro
Marakana Inc.
 
PDF
Java EE Application Security With PicketLink
pigorcraveiro
 
PDF
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Kenneth Peeples
 
PPTX
Java Security Framework's
Mohammed Fazuluddin
 
PPTX
ASP.NET Web Security
SharePointRadi
 
PPTX
Token Authentication in ASP.NET Core
Stormpath
 
PPTX
REST API Security: OAuth 2.0, JWTs, and More!
Stormpath
 
PPTX
Intro to Apache Shiro
Claire Hunsaker
 
PPTX
Secure API Services in Node with Basic Auth and OAuth2
Stormpath
 
Spring Security 5
Jesus Perez Franco
 
J2EE Security with Apache SHIRO
Cygnet Infotech
 
Building Layers of Defense with Spring Security
Joris Kuipers
 
Learn Apache Shiro
Smita Prasad
 
From 0 to Spring Security 4.0
robwinch
 
Enterprise Security mit Spring Security
Mike Wiesner
 
Octopus framework; Permission based security framework for Java EE
Rudy De Busscher
 
ApacheCon 2014: Infinite Session Clustering with Apache Shiro & Cassandra
DataStax Academy
 
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
CA API Management
 
Javacro 2014 Spring Security 3 Speech
Fernando Redondo Ramírez
 
Security asp.net application
ZAIYAUL HAQUE
 
Super simple application security with Apache Shiro
Marakana Inc.
 
Java EE Application Security With PicketLink
pigorcraveiro
 
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Kenneth Peeples
 
Java Security Framework's
Mohammed Fazuluddin
 
ASP.NET Web Security
SharePointRadi
 
Token Authentication in ASP.NET Core
Stormpath
 
REST API Security: OAuth 2.0, JWTs, and More!
Stormpath
 
Intro to Apache Shiro
Claire Hunsaker
 
Secure API Services in Node with Basic Auth and OAuth2
Stormpath
 
Ad

Viewers also liked (12)

PPTX
Spring security
Slimen Belhaj Ali
 
PDF
Дикие микросервисы на JUG Екатеринбург
Кирилл Толкачёв
 
PDF
What's New in spring-security-core 2.0
Burt Beckwith
 
PDF
Java security in the real world (Ryan Sciampacone)
Chris Bailey
 
PDF
Java Security Manager Reloaded - Devoxx 2014
Josef Cacek
 
PPTX
Rest with Java EE 6 , Security , Backbone.js
Carol McDonald
 
PPTX
Power point aplicacion interactiva-uch
Gladys Flores Hurtado
 
PDF
Náquinas 3léctricas y transf0rmad0res lrving 1. k0sow - 2 ed
yanderax
 
PPT
Winning Strategy adopted in Mahabhrata Epic
Bharat Sharma
 
PPTX
Wed 2
ELIZALIV
 
PDF
My Five Minutes Bell!!
Mayra Lorena Diaz
 
PPTX
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
Martin Toshev
 
Spring security
Slimen Belhaj Ali
 
Дикие микросервисы на JUG Екатеринбург
Кирилл Толкачёв
 
What's New in spring-security-core 2.0
Burt Beckwith
 
Java security in the real world (Ryan Sciampacone)
Chris Bailey
 
Java Security Manager Reloaded - Devoxx 2014
Josef Cacek
 
Rest with Java EE 6 , Security , Backbone.js
Carol McDonald
 
Power point aplicacion interactiva-uch
Gladys Flores Hurtado
 
Náquinas 3léctricas y transf0rmad0res lrving 1. k0sow - 2 ed
yanderax
 
Winning Strategy adopted in Mahabhrata Epic
Bharat Sharma
 
Wed 2
ELIZALIV
 
My Five Minutes Bell!!
Mayra Lorena Diaz
 
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
Martin Toshev
 
Ad

Similar to Spring Security (20)

PPTX
Spring Security: Deep dive into basics. Ihor Polataiko.pptx
Ihor Polataiko
 
PPTX
Spring Security Framework
Jayasree Perilakkalam
 
PPT
Implementing application security using the .net framework
Lalit Kale
 
PDF
Spring security4.x
Zeeshan Khan
 
PPTX
springb security.pptxdsdsgfdsgsdgsdgsdgdsgdsgds
zmulani8
 
PDF
Spring security jwt tutorial toptal
jbsysatm
 
PPTX
Spring Security services for web applications
StephenKoc1
 
PPT
Developing With JAAS
rahmed_sct
 
PDF
Javantura v4 - Security architecture of the Java platform - Martin Toshev
HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
PPTX
Web security
Padam Banthia
 
PPTX
Passwordless Development using Azure Identity
Sarah Dutkiewicz
 
PPTX
Securing SharePoint Apps with OAuth
Kashif Imran
 
PPTX
Advance java session 19
Smita B Kumar
 
PDF
Developing custom claim providers to enable authorization in share point an...
AntonioMaio2
 
PPTX
AWS Security - An Engineer’s Introduction to AWS Security Auditing using CIS ...
😸 Richard Spindler
 
PPTX
Comprehensive_SpringBoot_Auth.pptx wokring
JayaPrakash579769
 
PDF
LF_APIStrat17_Bulletproofing Your API's
LF_APIStrat
 
PDF
MongoDB World 2019: Securing Application Data from Day One
MongoDB
 
PPTX
Protecting Web Applications The Role of Authentication and Authorization in a...
Gargee ExcelR
 
PDF
Microsoft_Azure_Security_Technologies_Exam_AZ-500_Course_Content.pdf
Mansi Kandari
 
Spring Security: Deep dive into basics. Ihor Polataiko.pptx
Ihor Polataiko
 
Spring Security Framework
Jayasree Perilakkalam
 
Implementing application security using the .net framework
Lalit Kale
 
Spring security4.x
Zeeshan Khan
 
springb security.pptxdsdsgfdsgsdgsdgsdgdsgdsgds
zmulani8
 
Spring security jwt tutorial toptal
jbsysatm
 
Spring Security services for web applications
StephenKoc1
 
Developing With JAAS
rahmed_sct
 
Javantura v4 - Security architecture of the Java platform - Martin Toshev
HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
Web security
Padam Banthia
 
Passwordless Development using Azure Identity
Sarah Dutkiewicz
 
Securing SharePoint Apps with OAuth
Kashif Imran
 
Advance java session 19
Smita B Kumar
 
Developing custom claim providers to enable authorization in share point an...
AntonioMaio2
 
AWS Security - An Engineer’s Introduction to AWS Security Auditing using CIS ...
😸 Richard Spindler
 
Comprehensive_SpringBoot_Auth.pptx wokring
JayaPrakash579769
 
LF_APIStrat17_Bulletproofing Your API's
LF_APIStrat
 
MongoDB World 2019: Securing Application Data from Day One
MongoDB
 
Protecting Web Applications The Role of Authentication and Authorization in a...
Gargee ExcelR
 
Microsoft_Azure_Security_Technologies_Exam_AZ-500_Course_Content.pdf
Mansi Kandari
 

Recently uploaded (20)

PPTX
Dev Dives: Automate, test, and deploy in one place—with Unified Developer Exp...
AndreeaTom
 
PDF
Tea4chat - another LLM Project by Kerem Atam
a0m0rajab1
 
PDF
Security features in Dell, HP, and Lenovo PC systems: A research-based compar...
Principled Technologies
 
PDF
Software Development Methodologies in 2025
KodekX
 
PPTX
Applied-Statistics-Mastering-Data-Driven-Decisions.pptx
parmaryashparmaryash
 
PDF
Doc9.....................................
SofiaCollazos
 
PDF
Data_Analytics_vs_Data_Science_vs_BI_by_CA_Suvidha_Chaplot.pdf
CA Suvidha Chaplot
 
PDF
The Future of Mobile Is Context-Aware—Are You Ready?
iProgrammer Solutions Private Limited
 
PDF
AI-Cloud-Business-Management-Platforms-The-Key-to-Efficiency-Growth.pdf
Artjoker Software Development Company
 
PDF
How ETL Control Logic Keeps Your Pipelines Safe and Reliable.pdf
Stryv Solutions Pvt. Ltd.
 
PPTX
Introduction to Flutter by Ayush Desai.pptx
ayushdesai204
 
PDF
Make GenAI investments go further with the Dell AI Factory
Principled Technologies
 
PPTX
IT Runs Better with ThousandEyes AI-driven Assurance
ThousandEyes
 
PDF
Using Anchore and DefectDojo to Stand Up Your DevSecOps Function
Anchore
 
PDF
Brief History of Internet - Early Days of Internet
sutharharshit158
 
PDF
Responsible AI and AI Ethics - By Sylvester Ebhonu
Sylvester Ebhonu
 
PDF
OFFOFFBOX™ – A New Era for African Film | Startup Presentation
ambaicciwalkerbrian
 
PDF
Accelerating Oracle Database 23ai Troubleshooting with Oracle AHF Fleet Insig...
Sandesh Rao
 
PPTX
AI and Robotics for Human Well-being.pptx
JAYMIN SUTHAR
 
PDF
Research-Fundamentals-and-Topic-Development.pdf
ayesha butalia
 
Dev Dives: Automate, test, and deploy in one place—with Unified Developer Exp...
AndreeaTom
 
Tea4chat - another LLM Project by Kerem Atam
a0m0rajab1
 
Security features in Dell, HP, and Lenovo PC systems: A research-based compar...
Principled Technologies
 
Software Development Methodologies in 2025
KodekX
 
Applied-Statistics-Mastering-Data-Driven-Decisions.pptx
parmaryashparmaryash
 
Doc9.....................................
SofiaCollazos
 
Data_Analytics_vs_Data_Science_vs_BI_by_CA_Suvidha_Chaplot.pdf
CA Suvidha Chaplot
 
The Future of Mobile Is Context-Aware—Are You Ready?
iProgrammer Solutions Private Limited
 
AI-Cloud-Business-Management-Platforms-The-Key-to-Efficiency-Growth.pdf
Artjoker Software Development Company
 
How ETL Control Logic Keeps Your Pipelines Safe and Reliable.pdf
Stryv Solutions Pvt. Ltd.
 
Introduction to Flutter by Ayush Desai.pptx
ayushdesai204
 
Make GenAI investments go further with the Dell AI Factory
Principled Technologies
 
IT Runs Better with ThousandEyes AI-driven Assurance
ThousandEyes
 
Using Anchore and DefectDojo to Stand Up Your DevSecOps Function
Anchore
 
Brief History of Internet - Early Days of Internet
sutharharshit158
 
Responsible AI and AI Ethics - By Sylvester Ebhonu
Sylvester Ebhonu
 
OFFOFFBOX™ – A New Era for African Film | Startup Presentation
ambaicciwalkerbrian
 
Accelerating Oracle Database 23ai Troubleshooting with Oracle AHF Fleet Insig...
Sandesh Rao
 
AI and Robotics for Human Well-being.pptx
JAYMIN SUTHAR
 
Research-Fundamentals-and-Topic-Development.pdf
ayesha butalia
 

Spring Security

  • 1. Spring Security - getting started
  • 3. Agenda • Getting Started • Spring Security Architecture • Basic Auth • Configuration / Demo / Pros - Cons • Form Auth • Configuration / Demo / Pros - Cons • Custom Auth • Configuration walkthrough and Demo
  • 4. Getting Started • Add Maven or Gradle dependencies. compile('org.springframework.boot:spring-boot-starter-security')
  • 5. Getting Started • Filter Chain in Spring Boot app. • Filter Chain in Spring Boot App with Spring Security.
  • 8. Spring Security Components• Authentication Filter : e.g :UsernamePasswordAuthenticationFilter or BasicAuthenticationFilter • Authentication : to represent the principal in a Spring Security-specific manner. • Authentication Provider • Authentication Manager • UserDetailsService, to create a UserDetails when passed in a String-based username • UserDetails, to provide the necessary information to build an Authentication object from your application's DAOs or other source source of security data. • SecurityContextHolder, to provide access to the SecurityContext, default in ThreadLocal. • SecurityContext, to hold the Authentication and possibly request-specific security information. • GrantedAuthority, to reflect the application-wide permissions granted to a principal.
  • 10. Http Basic Authentication • Something of lowest common denominator. • Support on practically all servers natively and out of the box. • ubiquitous support on the client side in all languages. • curl --header "Authorization: Basic dXNlcjp3b3JkcGFzcw==" http://localhost:8080/admin • dXNlcjp3b3JkcGFzcw== user:wordpass
  • 11. Basic Auth Demo and Cons
  • 13. Form Based Authentication • CSRF protection • Form Based Auth Demo
  • 14. Custom Authentication • More than one authentication. • Custom Authentication provider, User, Grants, UserDetailsService, AccessDeniedHandler. • Used of password encoder.
  • 16. Useful configs out of the box • BCryptPasswordEncoder. • Max number of concurrent sessions. • JDBC Authentication. • Configure filter.
  • 17. Spring Security Part -2 • Securing Microservices. • Token based Authentication • OAuth • OpenId

Editor's Notes

  • #12: Always send password with request. Not secure. No standard logout mechanism.