Massig neue Features in Spring Security 3 · Neu in Spring Security 3.2 • Servlet 3 und 3.1...
Transcript of Massig neue Features in Spring Security 3 · Neu in Spring Security 3.2 • Servlet 3 und 3.1...
![Page 1: Massig neue Features in Spring Security 3 · Neu in Spring Security 3.2 • Servlet 3 und 3.1 Integration • Concurrency Unterstützung • Spring MVC Integration • Basic CSRF](https://reader030.fdocuments.us/reader030/viewer/2022021801/5b3ff1027f8b9a5e528cb5fb/html5/thumbnails/1.jpg)
© Copyright 2014 Pivotal. All rights reserved.© Copyright 2014 Pivotal. All rights reserved. !1
Massig neue Features in Spring Security 3.2Mike Wiesner, Pivotal [email protected]
![Page 2: Massig neue Features in Spring Security 3 · Neu in Spring Security 3.2 • Servlet 3 und 3.1 Integration • Concurrency Unterstützung • Spring MVC Integration • Basic CSRF](https://reader030.fdocuments.us/reader030/viewer/2022021801/5b3ff1027f8b9a5e528cb5fb/html5/thumbnails/2.jpg)
© Copyright 2014 Pivotal. All rights reserved. !2
Mike Wiesner
• Principal Technical Instructor @Pivotal • 13 Jahre Java Enterprise Erfahrung • 8 Jahre Spring Erfahrung • Fokus: Application Security, Enterprise
Integration !
![Page 3: Massig neue Features in Spring Security 3 · Neu in Spring Security 3.2 • Servlet 3 und 3.1 Integration • Concurrency Unterstützung • Spring MVC Integration • Basic CSRF](https://reader030.fdocuments.us/reader030/viewer/2022021801/5b3ff1027f8b9a5e528cb5fb/html5/thumbnails/3.jpg)
© Copyright 2014 Pivotal. All rights reserved.
![Page 4: Massig neue Features in Spring Security 3 · Neu in Spring Security 3.2 • Servlet 3 und 3.1 Integration • Concurrency Unterstützung • Spring MVC Integration • Basic CSRF](https://reader030.fdocuments.us/reader030/viewer/2022021801/5b3ff1027f8b9a5e528cb5fb/html5/thumbnails/4.jpg)
© Copyright 2014 Pivotal. All rights reserved.
BUILT FOR THE SPEED OF BUSINESS
Application Security?
![Page 5: Massig neue Features in Spring Security 3 · Neu in Spring Security 3.2 • Servlet 3 und 3.1 Integration • Concurrency Unterstützung • Spring MVC Integration • Basic CSRF](https://reader030.fdocuments.us/reader030/viewer/2022021801/5b3ff1027f8b9a5e528cb5fb/html5/thumbnails/5.jpg)
© Copyright 2014 Pivotal. All rights reserved.
Enterprise Java = Spring ;-)
!
Spring + Security
=
Spring Security
![Page 6: Massig neue Features in Spring Security 3 · Neu in Spring Security 3.2 • Servlet 3 und 3.1 Integration • Concurrency Unterstützung • Spring MVC Integration • Basic CSRF](https://reader030.fdocuments.us/reader030/viewer/2022021801/5b3ff1027f8b9a5e528cb5fb/html5/thumbnails/6.jpg)
© Copyright 2014 Pivotal. All rights reserved. !6
Spring Security
• Authentifizierung und Autorisierung • Unterstützung gegen gängige Angriffe • Servlet API Unterstützung • Spring MVC Integration (optional) • Flexible Laufzeitumgebungen
![Page 7: Massig neue Features in Spring Security 3 · Neu in Spring Security 3.2 • Servlet 3 und 3.1 Integration • Concurrency Unterstützung • Spring MVC Integration • Basic CSRF](https://reader030.fdocuments.us/reader030/viewer/2022021801/5b3ff1027f8b9a5e528cb5fb/html5/thumbnails/7.jpg)
© Copyright 2014 Pivotal. All rights reserved. !7
Neu in Spring Security 3.2
• Servlet 3 und 3.1 Integration • Concurrency Unterstützung • Spring MVC Integration • Basic CSRF Schutz • Security Headers • Java Configuration (anstatt XML)
![Page 8: Massig neue Features in Spring Security 3 · Neu in Spring Security 3.2 • Servlet 3 und 3.1 Integration • Concurrency Unterstützung • Spring MVC Integration • Basic CSRF](https://reader030.fdocuments.us/reader030/viewer/2022021801/5b3ff1027f8b9a5e528cb5fb/html5/thumbnails/8.jpg)
© Copyright 2014 Pivotal. All rights reserved.
Noch wach?
![Page 9: Massig neue Features in Spring Security 3 · Neu in Spring Security 3.2 • Servlet 3 und 3.1 Integration • Concurrency Unterstützung • Spring MVC Integration • Basic CSRF](https://reader030.fdocuments.us/reader030/viewer/2022021801/5b3ff1027f8b9a5e528cb5fb/html5/thumbnails/9.jpg)
© Copyright 2014 Pivotal. All rights reserved.
Demo Time!
![Page 10: Massig neue Features in Spring Security 3 · Neu in Spring Security 3.2 • Servlet 3 und 3.1 Integration • Concurrency Unterstützung • Spring MVC Integration • Basic CSRF](https://reader030.fdocuments.us/reader030/viewer/2022021801/5b3ff1027f8b9a5e528cb5fb/html5/thumbnails/10.jpg)
© Copyright 2014 Pivotal. All rights reserved. !10
Java Config Defaults
• Neue (bessere) defaults: • GET /login vs. /spring_security_login • POST /login vs. /j_spring_security_check • username vs. j_username • password vs. j_password !
• Information hiding
![Page 11: Massig neue Features in Spring Security 3 · Neu in Spring Security 3.2 • Servlet 3 und 3.1 Integration • Concurrency Unterstützung • Spring MVC Integration • Basic CSRF](https://reader030.fdocuments.us/reader030/viewer/2022021801/5b3ff1027f8b9a5e528cb5fb/html5/thumbnails/11.jpg)
© Copyright 2014 Pivotal. All rights reserved. !11
Java Config
• Transparenter • Flexibler • JavaDoc • Eigene Security DSL möglich
![Page 12: Massig neue Features in Spring Security 3 · Neu in Spring Security 3.2 • Servlet 3 und 3.1 Integration • Concurrency Unterstützung • Spring MVC Integration • Basic CSRF](https://reader030.fdocuments.us/reader030/viewer/2022021801/5b3ff1027f8b9a5e528cb5fb/html5/thumbnails/12.jpg)
© Copyright 2014 Pivotal. All rights reserved.
BUILT FOR THE SPEED OF BUSINESS
���12
Mike Wiesner [email protected] http://bit.ly/JL_SpringSec
![Page 13: Massig neue Features in Spring Security 3 · Neu in Spring Security 3.2 • Servlet 3 und 3.1 Integration • Concurrency Unterstützung • Spring MVC Integration • Basic CSRF](https://reader030.fdocuments.us/reader030/viewer/2022021801/5b3ff1027f8b9a5e528cb5fb/html5/thumbnails/13.jpg)
© Copyright 2014 Pivotal. All rights reserved.
BUILT FOR THE SPEED OF BUSINESS
!13