instant security and user management in spring boot
TRANSCRIPT
@lhazlewood | @goStormpath
Instant Security& Scalable User Management
with Spring Boot
Les Hazlewood @lhazlewoodApache Shiro Project Chair
CTO, Stormpath stormpath.com
@lhazlewood | @goStormpath
Spring Security• Authentication• Authorization• Enforcement• No user management
@lhazlewood | @goStormpath
You’re on the hook for:• Data store integration• Data modeling• HTML pages• CSRF view support• Email verification• Forgot password• Oauth2 / Social setup• SAML coordination
• Crypto choices• Multi-factor auth• Scale / growth• SaaS Multi-Tenancy• Mobile auth strategy• Microservice auth• Best practices• ...etc...
@lhazlewood | @goStormpath
Traditional ApplicationYour
Application
Users
@lhazlewood | @goStormpath
What about new stores?
Users LDAP/AD
Your Application
@lhazlewood | @goStormpath
And legacy migration?
Legacy Users LDAP/ADNew
Users
Your Application
@lhazlewood | @goStormpath
And Social?
Legacy Users LDAP/AD Google
Apps Facebook GitHubNew Users
Your Application
@lhazlewood | @goStormpath
And SSO/SAML?
Legacy Users LDAP/AD Google
Apps Facebook GitHubNew Users
Your Application
PingOkta
Azure ADFS
Oracle SSO
SiteMinderLinkedIn
OneLogin
@lhazlewood | @goStormpath
And Multi-Tenant / SaaS ?
Legacy Users LDAP/AD Google
Apps Facebook GitHubNew Users
Your Application
PingOkta
Azure ADFS
Oracle SSO SiteMinder LinkedIn
OneLogin
Customer A
Customer CCustomer F
Customer B
Customer D Customer E
Customer G
@lhazlewood | @goStormpath
Oh the Hue Manatee!
@lhazlewood | @goStormpath
Stormpath takes you from this...
Legacy Users LDAP/AD Google
Apps Facebook GitHubNew Users
Your Application
PingOkta
Azure ADFS
Oracle SSO SiteMinder LinkedIn
OneLogin
Customer A
Customer CCustomer F
Customer B
Customer D Customer E
Customer G
@lhazlewood | @goStormpath
To this...Your
Application
@lhazlewood | @goStormpath
To this...Your
ApplicationYour
ApplicationYour
ApplicationYour
Application...
@lhazlewood | @goStormpath
But much more than a backend• Application SDKs• Framework Integrations• Best practices
@lhazlewood | @goStormpath
Live Demo Time!
@lhazlewood | @goStormpath
Pages & Workflows
@lhazlewood | @goStormpath
SSO & Social
@lhazlewood | @goStormpath
OAuth & Mobile
@lhazlewood | @goStormpath
Flexible Authorization
@lhazlewood | @goStormpath
Application
Servlet Filters
How does it work?Spring Security Stormpath MVC
Stormpath SDK
...
@lhazlewood | @goStormpath
Stormpath works hard for you• Java SDK 1.0.0 released last Tuesday!• SDK + Integration Effort: ~ 8 man years• Extreme customizability• Automatic defaults• Often no code required
@lhazlewood | @goStormpath
Thank You!• [email protected]• Twitter: @lhazlewood• https://stormpath.com
@lhazlewood | @goStormpath
Spring Boot Resources• Spring Boot Stormpath Web Starter https://docs.stormpath.com/java/spring-boot-web/ • Simple Web App with Spring Boot, Spring Security, and Stormpath https://stormpath.com/blog/build-spring-boot-spring-security-app • Github Stormpath Spring Boot Tutorial https://github.com/stormpath/stormpath-spring-boot-tutorial