instant security and user management in spring boot

23
@lhazlewood | @goStormpath Instant Security & Scalable User Management with Spring Boot Les Hazlewood @lhazlewood Apache Shiro Project Chair CTO, Stormpath stormpath.com

Upload: remy-champion

Post on 15-Apr-2017

179 views

Category:

Technology


3 download

TRANSCRIPT

Page 1: Instant Security and User Management in Spring Boot

@lhazlewood | @goStormpath

Instant Security& Scalable User Management

with Spring Boot

Les Hazlewood @lhazlewoodApache Shiro Project Chair

CTO, Stormpath stormpath.com

Page 2: Instant Security and User Management in Spring Boot

@lhazlewood | @goStormpath

Spring Security• Authentication• Authorization• Enforcement• No user management

Page 3: Instant Security and User Management in Spring Boot

@lhazlewood | @goStormpath

You’re on the hook for:• Data store integration• Data modeling• HTML pages• CSRF view support• Email verification• Forgot password• Oauth2 / Social setup• SAML coordination

• Crypto choices• Multi-factor auth• Scale / growth• SaaS Multi-Tenancy• Mobile auth strategy• Microservice auth• Best practices• ...etc...

Page 4: Instant Security and User Management in Spring Boot

@lhazlewood | @goStormpath

Traditional ApplicationYour

Application

Users

Page 5: Instant Security and User Management in Spring Boot

@lhazlewood | @goStormpath

What about new stores?

Users LDAP/AD

Your Application

Page 6: Instant Security and User Management in Spring Boot

@lhazlewood | @goStormpath

And legacy migration?

Legacy Users LDAP/ADNew

Users

Your Application

Page 7: Instant Security and User Management in Spring Boot

@lhazlewood | @goStormpath

And Social?

Legacy Users LDAP/AD Google

Apps Facebook GitHubNew Users

Your Application

Page 8: Instant Security and User Management in Spring Boot

@lhazlewood | @goStormpath

And SSO/SAML?

Legacy Users LDAP/AD Google

Apps Facebook GitHubNew Users

Your Application

PingOkta

Azure ADFS

Oracle SSO

SiteMinderLinkedIn

OneLogin

Page 9: Instant Security and User Management in Spring Boot

@lhazlewood | @goStormpath

And Multi-Tenant / SaaS ?

Legacy Users LDAP/AD Google

Apps Facebook GitHubNew Users

Your Application

PingOkta

Azure ADFS

Oracle SSO SiteMinder LinkedIn

OneLogin

Customer A

Customer CCustomer F

Customer B

Customer D Customer E

Customer G

Page 10: Instant Security and User Management in Spring Boot

@lhazlewood | @goStormpath

Oh the Hue Manatee!

Page 11: Instant Security and User Management in Spring Boot

@lhazlewood | @goStormpath

Stormpath takes you from this...

Legacy Users LDAP/AD Google

Apps Facebook GitHubNew Users

Your Application

PingOkta

Azure ADFS

Oracle SSO SiteMinder LinkedIn

OneLogin

Customer A

Customer CCustomer F

Customer B

Customer D Customer E

Customer G

Page 12: Instant Security and User Management in Spring Boot

@lhazlewood | @goStormpath

To this...Your

Application

Page 13: Instant Security and User Management in Spring Boot

@lhazlewood | @goStormpath

To this...Your

ApplicationYour

ApplicationYour

ApplicationYour

Application...

Page 14: Instant Security and User Management in Spring Boot

@lhazlewood | @goStormpath

But much more than a backend• Application SDKs• Framework Integrations• Best practices

Page 15: Instant Security and User Management in Spring Boot

@lhazlewood | @goStormpath

Live Demo Time!

Page 16: Instant Security and User Management in Spring Boot

@lhazlewood | @goStormpath

Pages & Workflows

Page 17: Instant Security and User Management in Spring Boot

@lhazlewood | @goStormpath

SSO & Social

Page 18: Instant Security and User Management in Spring Boot

@lhazlewood | @goStormpath

OAuth & Mobile

Page 19: Instant Security and User Management in Spring Boot

@lhazlewood | @goStormpath

Flexible Authorization

Page 20: Instant Security and User Management in Spring Boot

@lhazlewood | @goStormpath

Application

Servlet Filters

How does it work?Spring Security Stormpath MVC

Stormpath SDK

...

Page 21: Instant Security and User Management in Spring Boot

@lhazlewood | @goStormpath

Stormpath works hard for you• Java SDK 1.0.0 released last Tuesday!• SDK + Integration Effort: ~ 8 man years• Extreme customizability• Automatic defaults• Often no code required

Page 22: Instant Security and User Management in Spring Boot

@lhazlewood | @goStormpath

Thank You!• [email protected]• Twitter: @lhazlewood• https://stormpath.com

Page 23: Instant Security and User Management in Spring Boot

@lhazlewood | @goStormpath

Spring Boot Resources• Spring Boot Stormpath Web Starter https://docs.stormpath.com/java/spring-boot-web/ • Simple Web App with Spring Boot, Spring Security, and Stormpath https://stormpath.com/blog/build-spring-boot-spring-security-app • Github Stormpath Spring Boot Tutorial https://github.com/stormpath/stormpath-spring-boot-tutorial