SlideShare a Scribd company logo

Integrating spring security and SAML - JOIN 2014

JWORKS powered by Ordina
JWORKS powered by Ordina

At some point we all need to integrate our application with the security system used by the customer. Single Sign-On and the SAML protocol quickly becomes the standard in how web applications authenticate. In this session we'll go over the SAML principles and show how we can implement these principles in a Spring Security-enabled J2EE application.

Education
1 of 19
Download to read offline
Ordina JOIN 2014 Ken Coenen @CoenenKen Senior Java Developer Architecture & Best Practices Competence Lead at Ordina Integrating Spring Security and SAML
SAML
What is SAML? ▪ Security Assertion Markup Language ▪ XML protocol ▪ Approved standard ▪ SAML 2.0 dates from March 2005 ▪ Used for eg. Single Sign-On (SSO)
SAML overview ▪ Identity Provider (IDP) Authenticating party ▪ Service Provider (SP) Relies on the IDP and provides a service ▪ Circle of Trust (COT) Group of trusted SPs
SAML sequence 1. User requests access to a service 2. Redirect to IDP logon page 3. POST to IDP 4. Redirect to application 5. User can access any application in the Circle of Trust
Spring Security
What is Spring Security? ▪ Part of the Spring framework http://projects.spring.io/spring-security/ ▪ Provides dozens of customizable security features ▪ Authentication and Authorization → For now we’ll focus on authentication ▪ Support for a wide range of authentication models ▪ Possible to write your own → That’s what we’ll do!
Authentication Concepts ▪ Filter Chain ▪ Security rules for your application ▪ Entry Point ▪ How an unauthenticated user tries to access secured resources ▪ eg. Form login, OpenID, basic authentication, ... ▪ Manager ▪ Manages authentication requests ▪ Uses AuthenticationProvider and User Details Service
Putting the pieces together
Include Maven dependencies Check latest dependencies on http: //projects.spring.io/spring-security/
Include Maven dependencies (2) OpenAM library to interpret SAML assertion and perform redirects
Map Spring Security filter in web.xml ▪ Let your J2EE application know we’re using Spring Security
Authentication Filter Chain
Filter Chain Triggered if not authenticated 1. Redirect to IDP 2. Process SAML assertion
▪ Extends GenericFilterBean Request initiator Redirect to the IDP
Process the SAML response ▪ Extends AbstractAuthenticationProcessingFilter Wrap our SAML assertion in a PreAuthenticated- AuthenticationToken in the request parameters
Processes Authentication object Authentication Manager Triggers the User Details Service to authenticate the user Interpret SAML attributes
▪ Extends AuthenticationUserDetailsService <PreAuthenticatedAuthenticationToken> ▪ Maps SAML assertions to Spring privileges Custom User Details Service
Q&A

Recommended

Waffle at NYCJavaSig
Waffle at NYCJavaSigWaffle at NYCJavaSig
Waffle at NYCJavaSig
Daniel Doubrovkine
 
Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0
Mika Koivisto
 
SAML: Single Sign-On in Univention Management Console und Univention Apps
SAML: Single Sign-On in Univention Management Console und Univention AppsSAML: Single Sign-On in Univention Management Console und Univention Apps
SAML: Single Sign-On in Univention Management Console und Univention Apps
Univention GmbH
 
Mule security - ldap for spring security
Mule security - ldap for spring securityMule security - ldap for spring security
Mule security - ldap for spring security
D.Rajesh Kumar
 
Meteor - JOIN 2015
Meteor - JOIN 2015Meteor - JOIN 2015
Meteor - JOIN 2015
JWORKS powered by Ordina
 
Documenting your REST API with Swagger - JOIN 2014
Documenting your REST API with Swagger - JOIN 2014Documenting your REST API with Swagger - JOIN 2014
Documenting your REST API with Swagger - JOIN 2014
JWORKS powered by Ordina
 
Clean Code - A&BP CC
Clean Code - A&BP CCClean Code - A&BP CC
Clean Code - A&BP CC
JWORKS powered by Ordina
 
mwpc gas gain report
mwpc gas gain reportmwpc gas gain report
mwpc gas gain report
Andrew Schick
 

Recommended

Waffle at NYCJavaSig
Waffle at NYCJavaSigWaffle at NYCJavaSig
Waffle at NYCJavaSig
Daniel Doubrovkine
 
Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0
Mika Koivisto
 
SAML: Single Sign-On in Univention Management Console und Univention Apps
SAML: Single Sign-On in Univention Management Console und Univention AppsSAML: Single Sign-On in Univention Management Console und Univention Apps
SAML: Single Sign-On in Univention Management Console und Univention Apps
Univention GmbH
 
Mule security - ldap for spring security
Mule security - ldap for spring securityMule security - ldap for spring security
Mule security - ldap for spring security
D.Rajesh Kumar
 
Meteor - JOIN 2015
Meteor - JOIN 2015Meteor - JOIN 2015
Meteor - JOIN 2015
JWORKS powered by Ordina
 
Documenting your REST API with Swagger - JOIN 2014
Documenting your REST API with Swagger - JOIN 2014Documenting your REST API with Swagger - JOIN 2014
Documenting your REST API with Swagger - JOIN 2014
JWORKS powered by Ordina
 
Clean Code - A&BP CC
Clean Code - A&BP CCClean Code - A&BP CC
Clean Code - A&BP CC
JWORKS powered by Ordina
 
mwpc gas gain report
mwpc gas gain reportmwpc gas gain report
mwpc gas gain report
Andrew Schick
 
Batch Processing - A&BP CC
Batch Processing - A&BP CCBatch Processing - A&BP CC
Batch Processing - A&BP CC
JWORKS powered by Ordina
 
Mongodb @ vrt
Mongodb @ vrtMongodb @ vrt
Mongodb @ vrt
JWORKS powered by Ordina
 
Responsive web - CC FE & UX
Responsive web - CC FE & UXResponsive web - CC FE & UX
Responsive web - CC FE & UX
JWORKS powered by Ordina
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
JWORKS powered by Ordina
 
Big data document and graph d bs - couch-db and orientdb
Big data document and graph d bs - couch-db and orientdbBig data document and graph d bs - couch-db and orientdb
Big data document and graph d bs - couch-db and orientdb
JWORKS powered by Ordina
 
Microservices with Netflix OSS & Hypermedia APIs - JavaDay Kiev
Microservices with Netflix OSS & Hypermedia APIs - JavaDay KievMicroservices with Netflix OSS & Hypermedia APIs - JavaDay Kiev
Microservices with Netflix OSS & Hypermedia APIs - JavaDay Kiev
JWORKS powered by Ordina
 
Spring REST Docs: Documenting RESTful APIs using your tests - Devoxx
Spring REST Docs: Documenting RESTful APIs using your tests - DevoxxSpring REST Docs: Documenting RESTful APIs using your tests - Devoxx
Spring REST Docs: Documenting RESTful APIs using your tests - Devoxx
JWORKS powered by Ordina
 
Mongo db intro.pptx
Mongo db intro.pptxMongo db intro.pptx
Mongo db intro.pptx
JWORKS powered by Ordina
 
Unit testing - A&BP CC
Unit testing - A&BP CCUnit testing - A&BP CC
Unit testing - A&BP CC
JWORKS powered by Ordina
 
Single Sign-On Technologieüberblick
Single Sign-On TechnologieüberblickSingle Sign-On Technologieüberblick
Single Sign-On Technologieüberblick
Belsoft
 
Hadoop bootcamp getting started
Hadoop bootcamp getting startedHadoop bootcamp getting started
Hadoop bootcamp getting started
JWORKS powered by Ordina
 
An introduction to Cloud Foundry
An introduction to Cloud FoundryAn introduction to Cloud Foundry
An introduction to Cloud Foundry
JWORKS powered by Ordina
 
Introduction to Webpack - Ordina JWorks - CC JS & Web
Introduction to Webpack - Ordina JWorks - CC JS & WebIntroduction to Webpack - Ordina JWorks - CC JS & Web
Introduction to Webpack - Ordina JWorks - CC JS & Web
JWORKS powered by Ordina
 
Lagom in Practice
Lagom in PracticeLagom in Practice
Lagom in Practice
JWORKS powered by Ordina
 
Netflix OSS and HATEOAS deployed on production - JavaLand
Netflix OSS and HATEOAS deployed on production - JavaLandNetflix OSS and HATEOAS deployed on production - JavaLand
Netflix OSS and HATEOAS deployed on production - JavaLand
JWORKS powered by Ordina
 
Cc internet of things @ Thomas More
Cc internet of things @ Thomas MoreCc internet of things @ Thomas More
Cc internet of things @ Thomas More
JWORKS powered by Ordina
 
Cc internet of things LoRa and IoT - Innovation Enablers
Cc internet of things LoRa and IoT - Innovation Enablers Cc internet of things LoRa and IoT - Innovation Enablers
Cc internet of things LoRa and IoT - Innovation Enablers
JWORKS powered by Ordina
 
Big data key-value and column stores redis - cassandra
Big data key-value and column stores redis - cassandraBig data key-value and column stores redis - cassandra
Big data key-value and column stores redis - cassandra
JWORKS powered by Ordina
 
Big data elasticsearch practical
Big data elasticsearch practicalBig data elasticsearch practical
Big data elasticsearch practical
JWORKS powered by Ordina
 
Intro to cassandra
Intro to cassandraIntro to cassandra
Intro to cassandra
JWORKS powered by Ordina
 
Android wear - CC Mobile
Android wear - CC MobileAndroid wear - CC Mobile
Android wear - CC Mobile
JWORKS powered by Ordina
 
Integration testing - A&BP CC
Integration testing - A&BP CCIntegration testing - A&BP CC
Integration testing - A&BP CC
JWORKS powered by Ordina
 

More Related Content

Viewers also liked

Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
JWORKS powered by Ordina
 
Microservices with Netflix OSS & Hypermedia APIs - JavaDay Kiev
Microservices with Netflix OSS & Hypermedia APIs - JavaDay KievMicroservices with Netflix OSS & Hypermedia APIs - JavaDay Kiev
Microservices with Netflix OSS & Hypermedia APIs - JavaDay Kiev
JWORKS powered by Ordina
 
Spring REST Docs: Documenting RESTful APIs using your tests - Devoxx
Spring REST Docs: Documenting RESTful APIs using your tests - DevoxxSpring REST Docs: Documenting RESTful APIs using your tests - Devoxx
Spring REST Docs: Documenting RESTful APIs using your tests - Devoxx
JWORKS powered by Ordina
 
Single Sign-On Technologieüberblick
Single Sign-On TechnologieüberblickSingle Sign-On Technologieüberblick
Single Sign-On Technologieüberblick
Belsoft
 

Viewers also liked (12)

Batch Processing - A&BP CC
Batch Processing - A&BP CCBatch Processing - A&BP CC
Batch Processing - A&BP CC
 
Mongodb @ vrt
Mongodb @ vrtMongodb @ vrt
Mongodb @ vrt
 
Responsive web - CC FE & UX
Responsive web - CC FE & UXResponsive web - CC FE & UX
Responsive web - CC FE & UX
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
 
Big data document and graph d bs - couch-db and orientdb
Big data document and graph d bs - couch-db and orientdbBig data document and graph d bs - couch-db and orientdb
Big data document and graph d bs - couch-db and orientdb
 
Microservices with Netflix OSS & Hypermedia APIs - JavaDay Kiev
Microservices with Netflix OSS & Hypermedia APIs - JavaDay KievMicroservices with Netflix OSS & Hypermedia APIs - JavaDay Kiev
Microservices with Netflix OSS & Hypermedia APIs - JavaDay Kiev
 
Spring REST Docs: Documenting RESTful APIs using your tests - Devoxx
Spring REST Docs: Documenting RESTful APIs using your tests - DevoxxSpring REST Docs: Documenting RESTful APIs using your tests - Devoxx
Spring REST Docs: Documenting RESTful APIs using your tests - Devoxx
 
Mongo db intro.pptx
Mongo db intro.pptxMongo db intro.pptx
Mongo db intro.pptx
 
Unit testing - A&BP CC
Unit testing - A&BP CCUnit testing - A&BP CC
Unit testing - A&BP CC
 
Single Sign-On Technologieüberblick
Single Sign-On TechnologieüberblickSingle Sign-On Technologieüberblick
Single Sign-On Technologieüberblick
 
Hadoop bootcamp getting started
Hadoop bootcamp getting startedHadoop bootcamp getting started
Hadoop bootcamp getting started
 
An introduction to Cloud Foundry
An introduction to Cloud FoundryAn introduction to Cloud Foundry
An introduction to Cloud Foundry
 

More from JWORKS powered by Ordina

Lagom in Practice
Lagom in PracticeLagom in Practice
Lagom in Practice
JWORKS powered by Ordina
 
Netflix OSS and HATEOAS deployed on production - JavaLand
Netflix OSS and HATEOAS deployed on production - JavaLandNetflix OSS and HATEOAS deployed on production - JavaLand
Netflix OSS and HATEOAS deployed on production - JavaLand
JWORKS powered by Ordina
 
Integration testing - A&BP CC
Integration testing - A&BP CCIntegration testing - A&BP CC
Integration testing - A&BP CC
JWORKS powered by Ordina
 
Java 7 & 8 - A&BP CC
Java 7 & 8 - A&BP CCJava 7 & 8 - A&BP CC
Java 7 & 8 - A&BP CC
JWORKS powered by Ordina
 

More from JWORKS powered by Ordina (17)

Introduction to Webpack - Ordina JWorks - CC JS & Web
Introduction to Webpack - Ordina JWorks - CC JS & WebIntroduction to Webpack - Ordina JWorks - CC JS & Web
Introduction to Webpack - Ordina JWorks - CC JS & Web
 
Lagom in Practice
Lagom in PracticeLagom in Practice
Lagom in Practice
 
Netflix OSS and HATEOAS deployed on production - JavaLand
Netflix OSS and HATEOAS deployed on production - JavaLandNetflix OSS and HATEOAS deployed on production - JavaLand
Netflix OSS and HATEOAS deployed on production - JavaLand
 
Cc internet of things @ Thomas More
Cc internet of things @ Thomas MoreCc internet of things @ Thomas More
Cc internet of things @ Thomas More
 
Cc internet of things LoRa and IoT - Innovation Enablers
Cc internet of things LoRa and IoT - Innovation Enablers Cc internet of things LoRa and IoT - Innovation Enablers
Cc internet of things LoRa and IoT - Innovation Enablers
 
Big data key-value and column stores redis - cassandra
Big data key-value and column stores redis - cassandraBig data key-value and column stores redis - cassandra
Big data key-value and column stores redis - cassandra
 
Big data elasticsearch practical
Big data elasticsearch practicalBig data elasticsearch practical
Big data elasticsearch practical
 
Intro to cassandra
Intro to cassandraIntro to cassandra
Intro to cassandra
 
Android wear - CC Mobile
Android wear - CC MobileAndroid wear - CC Mobile
Android wear - CC Mobile
 
Integration testing - A&BP CC
Integration testing - A&BP CCIntegration testing - A&BP CC
Integration testing - A&BP CC
 
Spring 4 - A&BP CC
Spring 4 - A&BP CCSpring 4 - A&BP CC
Spring 4 - A&BP CC
 
Android secure offline storage - CC Mobile
Android secure offline storage - CC MobileAndroid secure offline storage - CC Mobile
Android secure offline storage - CC Mobile
 
Java 7 & 8 - A&BP CC
Java 7 & 8 - A&BP CCJava 7 & 8 - A&BP CC
Java 7 & 8 - A&BP CC
 
IoT: A glance into the future
IoT: A glance into the futureIoT: A glance into the future
IoT: A glance into the future
 
Workshop Ionic Framework - CC FE & UX
Workshop Ionic Framework - CC FE & UXWorkshop Ionic Framework - CC FE & UX
Workshop Ionic Framework - CC FE & UX
 
IoT: LoRa and Java on the PI
IoT: LoRa and Java on the PIIoT: LoRa and Java on the PI
IoT: LoRa and Java on the PI
 
IoT: An introduction
IoT: An introductionIoT: An introduction
IoT: An introduction
 

Recently uploaded

1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
QucHHunhnh
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
ciinovamais
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
AnaAcapella
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
Association for Project Management
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 

Recently uploaded (20)

Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptx
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Spatium Project Simulation student brief
Spatium Project Simulation student briefSpatium Project Simulation student brief
Spatium Project Simulation student brief
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
Asian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptxAsian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptx
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 

Integrating spring security and SAML - JOIN 2014