spring security 3
DESCRIPTION
by Maksym TitovTRANSCRIPT
![Page 1: Spring security 3](https://reader035.vdocuments.mx/reader035/viewer/2022070315/554f8923b4c905d25b8b4e15/html5/thumbnails/1.jpg)
Maksym Titov27.4.2011
Spring security 3
![Page 2: Spring security 3](https://reader035.vdocuments.mx/reader035/viewer/2022070315/554f8923b4c905d25b8b4e15/html5/thumbnails/2.jpg)
Why Spring Security?
Popularity,Features
![Page 3: Spring security 3](https://reader035.vdocuments.mx/reader035/viewer/2022070315/554f8923b4c905d25b8b4e15/html5/thumbnails/3.jpg)
Three easy steps
XML configuration file
DelegatingFilterProxy to web.xml
XML configuration reference to web.xml
![Page 4: Spring security 3](https://reader035.vdocuments.mx/reader035/viewer/2022070315/554f8923b4c905d25b8b4e15/html5/thumbnails/4.jpg)
Filter chain
![Page 5: Spring security 3](https://reader035.vdocuments.mx/reader035/viewer/2022070315/554f8923b4c905d25b8b4e15/html5/thumbnails/5.jpg)
User experience
Customization
![Page 6: Spring security 3](https://reader035.vdocuments.mx/reader035/viewer/2022070315/554f8923b4c905d25b8b4e15/html5/thumbnails/6.jpg)
Password change management
InMemoryDaoImpl Configuration Page Controller
![Page 7: Spring security 3](https://reader035.vdocuments.mx/reader035/viewer/2022070315/554f8923b4c905d25b8b4e15/html5/thumbnails/7.jpg)
Securing Credential Storage
Database
![Page 8: Spring security 3](https://reader035.vdocuments.mx/reader035/viewer/2022070315/554f8923b4c905d25b8b4e15/html5/thumbnails/8.jpg)
Advanced configuration of JdbcDaoImpl
User groups
Legacy schema
![Page 9: Spring security 3](https://reader035.vdocuments.mx/reader035/viewer/2022070315/554f8923b4c905d25b8b4e15/html5/thumbnails/9.jpg)
Secure passwords
Encoding, salt
![Page 10: Spring security 3](https://reader035.vdocuments.mx/reader035/viewer/2022070315/554f8923b4c905d25b8b4e15/html5/thumbnails/10.jpg)
‘Remember me’
Safe, but be careful
![Page 11: Spring security 3](https://reader035.vdocuments.mx/reader035/viewer/2022070315/554f8923b4c905d25b8b4e15/html5/thumbnails/11.jpg)
SSL
Transport layer security
![Page 12: Spring security 3](https://reader035.vdocuments.mx/reader035/viewer/2022070315/554f8923b4c905d25b8b4e15/html5/thumbnails/12.jpg)
Business layer security
public interface IUserService { @PreAuthorize("hasRole('ROLE_USER')") public void changePassword(String username, String password);}
@PreAuthorizeJSR-250 compliant rules@SecuredAspect Oriented Programming
Conditional rendering
![Page 13: Spring security 3](https://reader035.vdocuments.mx/reader035/viewer/2022070315/554f8923b4c905d25b8b4e15/html5/thumbnails/13.jpg)
Internal customization
SECURITY FILTER
AUTHENTICATION PROVIDER
![Page 14: Spring security 3](https://reader035.vdocuments.mx/reader035/viewer/2022070315/554f8923b4c905d25b8b4e15/html5/thumbnails/14.jpg)
Session management and concurrency
Session fixation
Concurrent session control
![Page 15: Spring security 3](https://reader035.vdocuments.mx/reader035/viewer/2022070315/554f8923b4c905d25b8b4e15/html5/thumbnails/15.jpg)
Exception handling
<http auto-config="true" ...><access-denied-handler error-page =
"/accessDenied.do"/></http>
AuthenticationExceptionAccessDeniedException
![Page 16: Spring security 3](https://reader035.vdocuments.mx/reader035/viewer/2022070315/554f8923b4c905d25b8b4e15/html5/thumbnails/16.jpg)
External security systems
Active directoryOpenIdLDAP