Downloaded 11 times
Uploaded byKnoldus Inc.
Getting started with Spring Security
The document introduces Spring Security, a framework for securing Java enterprise applications that provides features such as authentication, authorization, and password storage. It outlines core concepts and functionalities of the framework, including LDAP, single sign-on, and various authentication methods. Additionally, it emphasizes the importance of etiquette during sessions, including punctuality, constructive feedback, and minimizing disturbances.
More Related Content
Similar to Getting started with Spring Security
More from Knoldus Inc.
Getting started with Spring Security
- 1. Presented By: AasifAli Getting started with Spring Security
- 2. Lack of etiquetteand manners is a huge turn off. KnolX Etiquettes Punctuality Respect Knolx session timings, you are requested not to join sessions after a 5 minutes threshold post the session start time. Feedback Make sure to submit a constructive feedback for all sessions as it is very helpful for the presenter. Silent Mode Keep your mobile devices in silent mode, feel free to move out of session in case you need to attend an urgent call. Avoid Disturbance Avoid unwanted chit chat during the session.
- 3. 01 What isSpring Security? 02 03 04 05 Agenda Features of Spring Security Spring Security core concepts How does it works 06 Demo Spring Security Architecture and Workflow
- 4. What is SpringSecurity ● Spring Security is a framework which provides various security features like: authentication, authorization to create secure Java Enterprise Applications. ● It is a sub-project of Spring framework which was started in 2003 by Ben Alex. Later on, in 2004, It was released under the Apache License as Spring Security 2.0.0. ● This framework targets two major areas of application are authentication and authorization. ● We can apply authorization to authorize web request, methods and access to individual domain.
- 5. Features of SpringSecurity ● LDAP (Lightweight Directory Access Protocol) ● Single sign-on ● Basic Access Authentication ● Digest Access Authentication ● Remember-me ● Web Form Authentication ● Authorization ● OAuth 2.0 Login ● HTTP Authorization
- 6. Spring security workson the following three core concepts ● Authentication. ● Authorization ● Password Storage ● Servlet Filters ● Authentication: Used to verify if a user using an application by providing valid credentials used to verify who you are! Authentication is establishing identity of a principal (user, system, that can perform an action in an application).
- 7. Spring security workson the following three core concepts ● Authorization: It is the process to allow authority to perform actions in the application. Authorization helps to provide this information before the user tries to access a resource. It is a process of access control, deciding whether it allows a principal to perform an action (access-control → admin, user, leader, manager, contractor, anonymous etc) or not. ● Password Storage: Spring Security’s PasswordEncoder interface perform one way transform for the password. Spring Security provides several PasswordEncoder. ● Servlet Filters: Spring security uses the Java servlet filters to start the security check for our web application.
- 8.
- 9.
- 10. How does itwork? ● AuthenticationFilter creates an Authentication Request then passes it to the AuthenticationManager. ● AuthenticationManager delegates instance to the AuthenticationProvider. ● AuthenticationProvider uses a UserDetailsService to load UserDetails and return authenticated principal (user) ● Finally AuthenticationFIlter store the authenticated principal into SecurityContext. ● At the end user get response. Note: Default authentication filter is BasicAuthenticationFilter.
- 11. Advantages of SpringSecurity ● Extensible support for authentication and authorization. ● Integration with Spring MVC ● Portability ● CSRF protection ● Java Configuration support ● Protection against attacks like session fixation, click jacking.
- 12.