Spring security 3
-
Upload
it-weekend -
Category
Technology
-
view
625 -
download
0
description
Transcript of Spring security 3
Maksym Titov27.4.2011
Spring security 3
Why Spring Security?
Popularity,Features
Three easy steps
XML configuration file
DelegatingFilterProxy to web.xml
XML configuration reference to web.xml
Filter chain
User experience
Customization
Password change management
InMemoryDaoImpl Configuration Page Controller
Securing Credential Storage
Database
Advanced configuration of JdbcDaoImpl
User groups
Legacy schema
Secure passwords
Encoding, salt
‘Remember me’
Safe, but be careful
SSL
Transport layer security
Business layer security
public interface IUserService { @PreAuthorize("hasRole('ROLE_USER')") public void changePassword(String username, String password);}
@PreAuthorizeJSR-250 compliant rules@SecuredAspect Oriented Programming
Conditional rendering
Internal customization
SECURITY FILTER
AUTHENTICATION PROVIDER
Session management and concurrency
Session fixation
Concurrent session control
Exception handling
<http auto-config="true" ...><access-denied-handler error-page =
"/accessDenied.do"/></http>
AuthenticationExceptionAccessDeniedException
External security systems
Active directoryOpenIdLDAP