14. IN YOUR ZONE
Spring Security – Filters
14
o.s.s.web.context.SecurityContextPersistenceFilter
o.s.s.web.authentication.logout.LogoutFilter
o.s.s.web.authentication.UsernamePasswordAuthentication
o.s.s.web.session.SessionManagementFilter
Secured Resource
Request Response
15. IN YOUR ZONE
Spring Security – Fundamentals
15
Security Interceptor
Authentication
Manager
Access Decision
Manager
Run-As
Manager
After-Invocation
Manager
16. IN YOUR ZONE
Spring Security – Authentication Manager
16
Authentication
Manager
Provider
Manager
LDAP
Authentication
Provider
CAS
Authentication
Provider
Kerberos
Authentication
Provider
DAO
Authentication
Provider
Remember Me
Authentication
Provider
17. IN YOUR ZONE
Spring Security – Access Decision Manager
17
Affirmative Based
Abstract
Decision Voter
Access Decision
Manager
Abstract Access
Decision
Manager
Consensus Based Unanimous Based Role Voter
Access Decision Manager Grant / Deny access?
Affirmative based At least one voter grant access
Consensus based Majority grant access
Unanimous based If all voters grant access
26. IN YOUR ZONE 26
Claudiu Stancu | Development Discipline Lead
Hinweis der Redaktion
The default AccessDecisionManager implementation provides an access granting mechanism based on AccessDecisionVoter and vote aggregation.
Guardian for the underworld: no one can escape or pass the Styx river1st head: Key Distribution Center (KDC) Makes sure you are who you say you are and you provide the right credentialsVouches for the user’s identityRuns on TCP / UDP port 882nd head: Authentication Service (AS)Actually does the authentication thru the network3rd head: Ticket Granting ServiceHelps with tickets
Authenticator = {username, network_address, timestamp, lifespan}_sessionKeyService Ticket = {session_key, username, network_address, service_name, lifespan, timestamp}TGT = {sessionKey, }Authenticator can not be used twice: each service has an internal cache for checking