Scribd Logo
Upload

Welcome to Scribd!

  • Winter Internship in Spring Security at Apextgi.

    Uploaded by

    apex_tgi
    11 views22 pages
    Spring Security provides comprehensive security services for Java EE-based enterprise applications. There is a particular emphasis on supporting projects built using The Spring Framework, which is the leading Java EE solution for enterprise software development now days. 

    Original Title

    Winter internship in Spring Security at Apextgi.

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Spring Security provides comprehensive security services for Java EE-based enterprise applications. There is a particular emphasis on supporting projects built using The Spring Framework, which is the leading Java EE solution for enterprise software development now days. 

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    11 views22 pages

    Winter Internship in Spring Security at Apextgi.

    Uploaded by

    apex_tgi
    Spring Security provides comprehensive security services for Java EE-based enterprise applications. There is a particular emphasis on supporting projects built using The Spring Framework, which is the leading Java EE solution for enterprise software development now days. 

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 22

    Apex T. G. India Pvt.

    Ltd
    Spring Security
    Spring Framework
    1
    Spring Security

    Spring Security provides comprehensive security


    services for Java EE!ased enterprise app"ications.
    There is a particu"ar emphasis on supporting
    pro#ects !ui"t using The Spring $rame%or&' %hich is
    the "eading Java EE so"ution for enterprise soft%are
    deve"opment no% days.
    1
    Spring Security

    Spring Security is a frame%or& that focuses on


    providing !oth authentication and authori)ation to
    Java app"ications. Li&e a"" Spring pro#ects' the rea"
    po%er of Spring Security is found in ho% easi"y it
    can !e extended to meet custom re*uirements.
    1
    Spring Security $eatures

    +omprehensive and extensi!"e support for !oth


    Authentication and Authori)ation.

    At an authentication "eve"' Spring Security


    supports a %ide range of authentication mode"s.
    ,ost of these authentication mode"s are either
    provided !y third parties' or are deve"oped !y
    re"evant standards !odies such as the Internet
    Engineering Tas& $orce etc.
    1
    Spring Security $eatures

    Spring Security provides its o%n set of


    authentication features. It current"y supports
    authentication integration %ith a "ot of
    techno"ogies such as-

    .TTP /ASI+ authentication headers 0an IET$ 1$+


    !ased standard2

    .TTP 3igest authentication headers 0an IET$ 1$+


    !ased standard2

    1
    Spring Security $eatures

    .TTP 4.567 c"ient certi8cate exchange 0an IET$


    1$+!ased standard2

    L3AP 0a very common approach to crossp"atform


    authentication needs' especia""y in "arge
    environments2

    $orm!ased authentication 0for simp"e user


    interface needs2

    9penI3 authentication
    1
    Spring Security $eatures

    Authentication !ased on preesta!"ished re*uest


    headers 0such as +omputer Associates
    Siteminder2

    JASIG +entra" Authentication Service 0other%ise


    &no%n as +AS' %hich is a popu"ar open source
    sing"e signon system2

    Transparent authentication context propagation for


    1emote ,ethod Invocation 01,I2 and .ttpInvo&er
    0a Spring remoting protoco"2
    1
    Spring Security $eatures

    Automatic :remem!erme: authentication 0so you


    can tic& a !ox to avoid reauthentication for a
    predetermined period of time2

    Anonymous authentication 0a""o%ing every


    unauthenticated ca"" to automatica""y assume a
    particu"ar security identity2

    1unas authentication 0%hich is usefu" if one ca""


    shou"d proceed %ith a di;erent security identity2
    1
    Spring Security $eatures

    Java Authentication and Authori)ation Service


    0JAAS2

    JEE container autentication 0so you can sti"" use


    +ontainer ,anaged Authentication if desired2

    <er!eros

    Java 9pen Source Sing"e Sign 9n 0J9SS92 =

    9pen>,S >et%or& ,anagement P"atform =


    1
    Spring Security $eatures

    App$use =

    Andro,3A =

    ,u"e ES/ =

    3irect ?e! 1e*uest 03?12 =

    Grai"s =

    Tapestry =
    1
    Spring Security $eatures

    JTrac =

    Jasypt =

    1o""er =

    E"astic Path =

    At"assian +ro%d =
    1
    Spring Security $eatures

    Protection against attac&s "i&e session 8xation'


    c"ic&#ac&ing' cross site re*uest forgery' etc

    Serv"et API integration

    9ptiona" integration %ith Spring ?e! ,@+


    1
    Spring Security Jars
    +ore springsecuritycore.#ar

    +ontains core authentication and accessconto"


    c"asses and interfaces' remoting support and !asic
    provisioning APIs. 1e*uired !y any app"ication
    %hich uses Spring Security. Supports standa"one
    app"ications' remote c"ients' method 0service
    "ayer2 security and J3/+ user provisioning.
    +ontains the top"eve" pac&ages-
    1
    Spring Security Jars

    org.springframe%or&.security.core

    org.springframe%or&.security.access

    org.springframe%or&.security.authentication

    org.springframe%or&.security.provisioning
    1
    Spring Security Jars
    1emoting springsecurityremoting.#ar

    Provides intergration %ith Spring 1emoting. Aou


    donBt need this un"ess you are %riting a remote
    c"ient %hich uses Spring 1emoting. The main
    pac&age isorg.springframe%or&.security.remoting.
    1
    Spring Security Jars
    ?e! springsecurity%e!.#ar

    +ontains 8"ters and re"ated %e!security


    infrastructure code. Anything %ith a serv"et API
    dependency. AouB"" need it if you re*uire Spring
    Security %e! authentication services and C1L
    !ased accesscontro". The main pac&age
    isorg.springframe%or&.security.%e!.
    1
    Spring Security Jars
    +on8g springsecuritycon8g.#ar

    +ontains the security namespace parsing code.


    Aou need it if you are using the Spring Security
    4,L namespace for con8guration. The main
    pac&age isorg.springframe%or&.security.con8g.
    >one of the c"asses are intended for direct use in
    an app"ication.
    1
    Spring Security Jars
    L3AP springsecurity"dap.#ar

    L3AP authentication and provisioning code.


    1e*uired if you need to use L3AP authentication or
    manage L3AP user entries. The top"eve" pac&age
    isorg.springframe%or&.security."dap.
    1
    Spring Security Jars
    A+L springsecurityac".#ar

    Specia"i)ed domain o!#ect A+L imp"ementation.


    Csed to app"y security to speci8c domain o!#ect
    instances %ithin your app"ication. The top"eve"
    pac&age isorg.springframe%or&.security.ac"s.
    1
    Spring Security Jars
    +AS springsecuritycas.#ar

    Spring SecurityBs +AS c"ient integration. If you


    %ant to use Spring Security %e! authentication
    %ith a +AS sing"e signon server. The top"eve"
    pac&age isorg.springframe%or&.security.cas.
    1
    Spring Security Jars
    9penI3 springsecurityopenid.#ar

    9penI3 %e! authentication support. Csed to


    authenticate users against an externa" 9penI3
    server.org.springframe%or&.security.openid.
    1e*uires 9penI3DJava.
    Thanks
    facebook.com/apex.tgi
    twitter.com/ApextgiNoida
    pinterest.com/apextgi
    Stay Connected with us for more chapters on JAVA

    You might also like