winter internship in spring security at apextgi

8/11/2019 Winter internship in Spring Security at Apextgi.

http://slidepdf.com/reader/full/winter-internship-in-spring-security-at-apextgi 1/22

Apex T. G. India Pvt. Ltd

Spring SecuritySpring Framework

http://apextgi.in/

http://apextgi.in/



1

Spring Security

Spring Security provides comprehensive security

services for Java EE!ased enterprise app"ications.

There is a particu"ar emphasis on supporting

pro#ects !ui"t using The Spring $rame%or&' %hich is

the "eading Java EE so"ution for enterprise soft%are

deve"opment no% days.



1

Spring Security

Spring Security is a frame%or& that focuses on

providing !oth authentication and authori)ation to

Java app"ications. Li&e a"" Spring pro#ects' the rea"

po%er of Spring Security is found in ho% easi"y it

can !e extended to meet custom re*uirements.



1

Spring Security $eatures +omprehensive and extensi!"e support for !oth

Authentication and Authori)ation.

At an authentication "eve"' Spring Security

supports a %ide range of authentication mode"s.

,ost of these authentication mode"s are either

provided !y third parties' or are deve"oped !y

re"evant standards !odies such as the Internet

Engineering Tas& $orce etc.



1

Spring Security $eatures Spring Security provides its o%n set of

authentication features. It current"y supports

authentication integration %ith a "ot of

techno"ogies such as-

TTP /ASI+ authentication headers 0an IET$ $+

!ased standard2

TTP 3igest authentication headers 0an IET$ $+

!ased standard2



1

Spring Security $eatures TTP 4.567 c"ient certi8cate exchange 0an IET$

$+!ased standard2

L3AP 0a very common approach to crossp"atform

authentication needs' especia""y in "arge

environments2

$orm!ased authentication 0for simp"e user

interface needs2

9penI3 authentication



1

Spring Security $eatures Authentication !ased on preesta!"ished re*uest

headers 0such as +omputer Associates

Siteminder2

JASIG +entra" Authentication Service 0other%ise

&no%n as +AS' %hich is a popu"ar open source

sing"e signon system2

Transparent authentication context propagation for

emote ,ethod Invocation 0,I2 and ttpInvo&er

0a S rin remotin rotoco"2



1

Spring Security $eatures Automatic :remem!erme: authentication 0so you

can tic& a !ox to avoid reauthentication for a

predetermined period of time2

Anonymous authentication 0a""o%ing every

unauthenticated ca"" to automatica""y assume a

particu"ar security identity2

unas authentication 0%hich is usefu" if one ca""

shou"d proceed %ith a di;erent security identity2



1

Spring Security $eatures Java Authentication and Authori)ation Service

0JAAS2

JEE container autentication 0so you can sti"" use

+ontainer ,anaged Authentication if desired2

<er!eros

Java 9pen Source Sing"e Sign 9n 0J9SS92 =

9pen>,S >et%or& ,anagement P"atform =



1

Spring Security $eatures App$use =

Andro,3A =

,u"e ES/ =

3irect ?e! e*uest 03?2 =

Grai"s = Tapestry =



1

Spring Security $eatures JTrac =

Jasypt =

o""er =

E"astic Path =

At"assian +ro%d =



1

Spring Security $eatures Protection against attac&s "i&e session 8xation'

c"ic&#ac&ing' cross site re*uest forgery' etc

Serv"et API integration

9ptiona" integration %ith Spring ?e! ,@+



1

Spring Security Jars+ore springsecuritycore.#ar

+ontains core authentication and accessconto"

c"asses and interfaces' remoting support and !asic

provisioning APIs. e*uired !y any app"ication

%hich uses Spring Security. Supports standa"one

app"ications' remote c"ients' method 0service

"ayer2 security and J3/+ user provisioning.

+ontains the top"eve" pac&ages-



1

Spring Security Jars org.springframe%or&.security.core

org.springframe%or&.security.access

org.springframe%or&.security.authentication

org.springframe%or&.security.provisioning



1

Spring Security Jars

emoting springsecurityremoting.#ar

Provides intergration %ith Spring emoting. ou

donBt need this un"ess you are %riting a remote

c"ient %hich uses Spring emoting. The main

pac&age is org.springframe%or&.security.remoting.



1

Spring Security Jars?e! springsecurity%e!.#ar

+ontains 8"ters and re"ated %e!security

infrastructure code. Anything %ith a serv"et API

dependency. ouB"" need it if you re*uire Spring

Security %e! authentication services and CL

!ased accesscontro". The main pac&age

is org.springframe%or&.security.%e!.



1


+on8g springsecuritycon8g.#ar

+ontains the security namespace parsing code.

ou need it if you are using the Spring Security

4,L namespace for con8guration. The main

pac&age isorg.springframe%or&.security.con8g.

>one of the c"asses are intended for direct use in



1


L3AP springsecurity"dap.#ar

L3AP authentication and provisioning code.

e*uired if you need to use L3AP authentication or

manage L3AP user entries. The top"eve" pac&age

isorg.springframe%or&.security."dap.



1


A+L springsecurityac".#ar

Specia"i)ed domain o!#ect A+L imp"ementation.

Csed to app"y security to speci8c domain o!#ect

instances %ithin your app"ication. The top"eve"

pac&age is org.springframe%or&.security.ac"s.



1


+AS springsecuritycas.#ar

Spring SecurityBs +AS c"ient integration. If you

%ant to use Spring Security %e! authentication

%ith a +AS sing"e signon server. The top"eve"

pac&age is org.springframe%or&.security.cas.



1


9penI3 springsecurityopenid.#ar

9penI3 %e! authentication support. Csed to

authenticate users against an externa" 9penI3

server. org.springframe%or&.security.openid.

e*uires 9penI3DJava.



Thanks

facebook.com/apex.tgi

twitter.com/ApextgiNoida

pinterest.com/apextgi

Stay Connected with us for more chapters on JAVA

https://www.facebook.com/apex.tgi

https://twitter.com/ApextgiNoida

http://www.pinterest.com/apextgi





https://www.facebook.com/apex.tgi

winter internship in spring security at apextgi

Documents