instant security and user management in spring boot

@lhazlewood | @goStormpath

Instant Security& Scalable User Management

with Spring Boot

Les Hazlewood @lhazlewoodApache Shiro Project Chair

CTO, Stormpath stormpath.com

@lhazlewood | @goStormpath

Spring Security• Authentication• Authorization• Enforcement• No user management

@lhazlewood | @goStormpath

You’re on the hook for:• Data store integration• Data modeling• HTML pages• CSRF view support• Email verification• Forgot password• Oauth2 / Social setup• SAML coordination

• Crypto choices• Multi-factor auth• Scale / growth• SaaS Multi-Tenancy• Mobile auth strategy• Microservice auth• Best practices• ...etc...

@lhazlewood | @goStormpath

Traditional ApplicationYour

Application

Users

@lhazlewood | @goStormpath

What about new stores?

Users LDAP/AD

Your Application

@lhazlewood | @goStormpath

And legacy migration?

Legacy Users LDAP/ADNew

Users

Your Application

@lhazlewood | @goStormpath

And Social?

Legacy Users LDAP/AD Google

Apps Facebook GitHubNew Users

Your Application

@lhazlewood | @goStormpath

And SSO/SAML?

Legacy Users LDAP/AD Google

Apps Facebook GitHubNew Users

Your Application

PingOkta

Azure ADFS

Oracle SSO

SiteMinderLinkedIn

OneLogin

@lhazlewood | @goStormpath

And Multi-Tenant / SaaS ?

Legacy Users LDAP/AD Google

Apps Facebook GitHubNew Users

Your Application

PingOkta

Azure ADFS

Oracle SSO SiteMinder LinkedIn

OneLogin

Customer A

Customer CCustomer F

Customer B

Customer D Customer E

Customer G

@lhazlewood | @goStormpath

Oh the Hue Manatee!

@lhazlewood | @goStormpath

Stormpath takes you from this...

Legacy Users LDAP/AD Google

Apps Facebook GitHubNew Users

Your Application

PingOkta

Azure ADFS

Oracle SSO SiteMinder LinkedIn

OneLogin

Customer A

Customer CCustomer F

Customer B

Customer D Customer E

Customer G

@lhazlewood | @goStormpath

To this...Your

Application

@lhazlewood | @goStormpath

To this...Your

ApplicationYour

ApplicationYour

ApplicationYour

Application...

@lhazlewood | @goStormpath

But much more than a backend• Application SDKs• Framework Integrations• Best practices

@lhazlewood | @goStormpath

Live Demo Time!

@lhazlewood | @goStormpath

Pages & Workflows

@lhazlewood | @goStormpath

SSO & Social

@lhazlewood | @goStormpath

OAuth & Mobile

@lhazlewood | @goStormpath

Flexible Authorization

@lhazlewood | @goStormpath

Application

Servlet Filters

How does it work?Spring Security Stormpath MVC

Stormpath SDK

...

@lhazlewood | @goStormpath

Stormpath works hard for you• Java SDK 1.0.0 released last Tuesday!• SDK + Integration Effort: ~ 8 man years• Extreme customizability• Automatic defaults• Often no code required

@lhazlewood | @goStormpath

Thank You!• les@stormpath.com• Twitter: @lhazlewood• https://stormpath.com

@lhazlewood | @goStormpath

Spring Boot Resources• Spring Boot Stormpath Web Starter https://docs.stormpath.com/java/spring-boot-web/ • Simple Web App with Spring Boot, Spring Security, and Stormpath https://stormpath.com/blog/build-spring-boot-spring-security-app • Github Stormpath Spring Boot Tutorial https://github.com/stormpath/stormpath-spring-boot-tutorial