Winter Intership Learn Spring security in Noida with Apextgi.
description
Transcript of Winter Intership Learn Spring security in Noida with Apextgi.
1
Spring Security
Spring Security provides comprehensive security services
for Java EE-based enterprise applications. There is a
particular emphasis on supporting projects built using The
Spring Framework, which is the leading Java EE solution for
enterprise software development now days.
1
Spring Security
Spring Security is a framework that focuses on providing
both authentication and authorization to Java applications.
Like all Spring projects, the real power of Spring Security is
found in how easily it can be extended to meet custom
requirements.
1
Spring Security Features Comprehensive and extensible support for both
Authentication and Authorization.
At an authentication level, Spring Security supports a wide
range of authentication models. Most of these
authentication models are either provided by third parties,
or are developed by relevant standards bodies such as the
Internet Engineering Task Force etc.
1
Spring Security Features Spring Security provides its own set of authentication
features. It currently supports authentication integration
with a lot of technologies such as:
HTTP BASIC authentication headers (an IETF RFC-based
standard)
HTTP Digest authentication headers (an IETF RFC-based
standard)
1
Spring Security Features HTTP X.509 client certificate exchange (an IETF RFC-based
standard)
LDAP (a very common approach to cross-platform
authentication needs, especially in large environments)
Form-based authentication (for simple user interface
needs)
OpenID authentication
1
Spring Security Features Authentication based on pre-established request headers
(such as Computer Associates Siteminder)
JA-SIG Central Authentication Service (otherwise known as
CAS, which is a popular open source single sign-on system)
Transparent authentication context propagation for Remote
Method Invocation (RMI) and HttpInvoker (a Spring
remoting protocol)
1
Spring Security Features Automatic "remember-me" authentication (so you can tick a
box to avoid re-authentication for a predetermined period of
time)
Anonymous authentication (allowing every unauthenticated
call to automatically assume a particular security identity)
Run-as authentication (which is useful if one call should
proceed with a different security identity)
1
Spring Security Features Java Authentication and Authorization Service (JAAS)
JEE container autentication (so you can still use Container
Managed Authentication if desired)
Kerberos
Java Open Source Single Sign On (JOSSO) *
OpenNMS Network Management Platform *
1
Spring Security Features AppFuse *
AndroMDA *
Mule ESB *
Direct Web Request (DWR) *
Grails *
Tapestry *
1
Spring Security Features JTrac *
Jasypt *
Roller *
Elastic Path *
Atlassian Crowd *
1
Spring Security Features Protection against attacks like session fixation, clickjacking,
cross site request forgery, etc
Servlet API integration
Optional integration with Spring Web MVC
1
Spring Security Jars
Core - spring-security-core.jar
Contains core authentication and access-contol classes and
interfaces, remoting support and basic provisioning APIs.
Required by any application which uses Spring Security.
Supports standalone applications, remote clients, method
(service layer) security and JDBC user provisioning.
Contains the top-level packages:
1
Spring Security Jars
org.springframework.security.core
org.springframework.security.access
org.springframework.security.authentication
org.springframework.security.provisioning
1
Spring Security Jars
Remoting - spring-security-remoting.jar
Provides intergration with Spring Remoting. You don't need
this unless you are writing a remote client which uses
Spring Remoting. The main package
is org.springframework.security.remoting.
1
Spring Security Jars
Web - spring-security-web.jar
Contains filters and related web-security infrastructure
code. Anything with a servlet API dependency. You'll need it
if you require Spring Security web authentication services
and URL-based access-control. The main package
is org.springframework.security.web.
1
Spring Security Jars
Config - spring-security-config.jar
Contains the security namespace parsing code. You need it if
you are using the Spring Security XML namespace for
configuration. The main package
isorg.springframework.security.config. None of the classes
are intended for direct use in an application.
1
Spring Security Jars
LDAP - spring-security-ldap.jar
LDAP authentication and provisioning code. Required if you
need to use LDAP authentication or manage LDAP user
entries. The top-level package
isorg.springframework.security.ldap.
1
Spring Security Jars
ACL - spring-security-acl.jar
Specialized domain object ACL implementation. Used to
apply security to specific domain object instances within
your application. The top-level package
is org.springframework.security.acls.
1
Spring Security Jars
CAS - spring-security-cas.jar
Spring Security's CAS client integration. If you want to use
Spring Security web authentication with a CAS single sign-
on server. The top-level package
is org.springframework.security.cas.
1
Spring Security Jars
OpenID - spring-security-openid.jar
OpenID web authentication support. Used to authenticate
users against an external OpenID
server. org.springframework.security.openid. Requires
OpenID4Java.
Thanks
facebook.com/apex.tgi
twitter.com/ApextgiNoida
pinterest.com/apextgi
Stay Connected with us for more chapters on JAVA