Scribd
Upload
460 views

Spring Security 3.0: by Tanuj Kathuria

Spring Security provides security for web applications built with the Spring framework. It handles authentication, authorization, and protecting web resources. The document discusses Spring Security concepts like authentication, authorization, filters, configuration, and authentication providers.

Uploaded by

Tanuj Kathuria
Copyright
© © All Rights Reserved
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
460 views

Spring Security 3.0: by Tanuj Kathuria

Spring Security provides security for web applications built with the Spring framework. It handles authentication, authorization, and protecting web resources. The document discusses Spring Security concepts like authentication, authorization, filters, configuration, and authentication providers.

Uploaded by

Tanuj Kathuria
Copyright
© © All Rights Reserved
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 12

Spring Security 3.

0
BY TANUJ KATHURIA

WHAT IS SPRING SECURITY

Spring Security provides security for the Web J2EE based Applications.

It is powerful, flexible and pluggable just like Spring Framework.

It is not a firewall, proxy server, intrusion detection system, OS


Security, JVM Security etc.

MAJOR OPERATIONS

AUTHENTICATION

Process of login is Authentication,


prove who you say you are.

IDENTIFICATION + VERIFICATION

AUTHORIZATION

We know who you are but you are


allowed to access only what you
want.

For ex Manager, Leader, Admin, user


etc.

SERVLET FILTERS

SPRING SECURITY SETUP


JARS :
Spring-security-config-3.0.1.RELEASE.jar
Spring

security-core-3.0.1.RELEASE.jar

Spring

security-web-3.0.1.RELEASE.jar

SCHEMA:

CONFIGURATION CHANGE 1

FILTER CHAIN PROXY

CONFIGURATION CHANGE 2
WEB-INF/spring-security.xml

BASIC ARCHITECTURE

Authentication Manager

UserDetailsService(UserRepository),
it loads Security Context information
like user details and authorities.

Security Context

User Information

User Details and Granted Authorities

3 TYPES OF AUTHENTICATION

HTTP BASIC

DEFAULT FORM

CUSTOM FORM

<http-basic> tag need to be


included in order to use the
basic form based authentication.

<http auto-config="true"> is
the tag which calls the default
login form in case of Spring
security.

<http ><intercept-url pattern="/admin**"


access="ROLE_USER" />
<form-login login-page="/login" default-targeturl="/admin" authentication-failureurl="/loginfailed"/>
<logout logout-success-url="/logout" />
</http>
These tags call the custom Login page.

AUTHENTICATION PROVIDERS

HASHED PASSWORD

<password-encoder hash="sha-256"/>
<user name="tanuj"
password="8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12
020c923adc6c92" authorities="ROLE_USER" />

DATABASE PASSWORD

THANK YOU
TANUJ KATHURIA

You might also like