SlideShare ist ein Scribd-Unternehmen logo

Java Security Framework's

Mohammed Fazuluddin
Mohammed Fazuluddin

Java Security Framework's

Technologie
1 von 27
Java Security Framework’s Choosing The Right Java Security Framework @Mohammed Fazuluddin
Topics Overview List of Java Security Framework’s Details of Java Security Framework’s
Overview  if you need your application "to be secure", there's no generic framework that you can just installed and be done.  You need to understand what exactly you need and for that you should good functional/business knowledge.  There are many java based security frameworks some are open source and some are commercial.  if you have specific requirements around encryption, digital signatures, authentication, authorization, etc. you should list what your requirements are, as multiple frameworks can provide better support for each of these.  This framework is written for web and standalone applications, to resolve simply, access control problems.
List of Java Security Framework’s  Following are the list of frameworks which can be integrated with java based application, both web and standalone applications to make the application secure.  Spring Security  Apache Shiro  OACC  PicketLink  Wicket  JGaurd  HDIV
Details of Java Security Framework’s “Spring Security”  Spring Security provides security services for J2EE-based enterprise software applications.  Spring Security is a lightweight security framework that provides authentication and authorization support in order to Secure Spring-based applications.  It integrates well with Spring MVC and comes bundled with popular security algorithm implementations. There are two main areas for application securities.  Authentication: Process of checking the user, who they claim to be.  Authorization: Process of deciding whether an user is allowed to perform an activity within the application.  Authentication Models supported by Spring Security: Spring security supports more then 20 models for authentication. Some of them are…  X.509 client certificate exchange  LDAP Authentication  OpenID authentication  Java Open Source Single Sign On
Details of Java Security Framework’s “Spring Security”
Details of Java Security Framework’s “Spring Security”  Spring Security Modules: Spring security code has been divided in different JARs(Can be considers as modules)  Core (spring-security-core.jar) : Required Module. Contains core authentication and access-contol classes and interfaces, remoting support and basic provisioning APIs.  Web (spring-security-web.jar): Required* if web authentication services and URL-based access-control is required. Contains filters and related web-security infrastructure code.  Remoting : Provides integration with Spring Remoting.  Config : Contains the security namespace parsing code. You need it if you are using the Spring Security XML namespace for configuration.  LDAP : LDAP authentication and provisioning code. Required if you need to use LDAP authentication or manage LDAP user entries.  ACL : Used to apply security to specific domain object instances within your application.  CAS : If you want to use Spring Security web authentication with a CAS single sign-on server.  OPENID :Used to authenticate users against an external OpenID server.
Details of Java Security Framework’s “Apache Shiro”  Apache Shiro is a top level open source project under the Apache Software Foundation.  Apache Shiro is a powerful and easy to use Java security framework that offers developers an intuitive yet comprehensive solution to authentication, authorization, cryptography, and session management.  In practical terms, it achieves to manage all facets of your application’s security, while keeping out of the way as much as possible.  It is built on sound interface-driven design and OO principles, enabling custom behavior wherever you can imagine it. But with sensible defaults for everything, it is as “hands off” as application security can be.  Apache Shiro can be run in any environment, from the simplest command line application to the biggest enterprise web and clustered applications.
Details of Java Security Framework’s “Apache Shiro”
Details of Java Security Framework’s “Apache Shiro”  The easiest to understand Java Security API anywhere. Class and Interface names are intuitive and make sense. Anything is pluggable but good defaults exist for everything.  Support authentication (‘logins’) across one or more pluggable data sources (LDAP, JDBC, Active Directory, etc.).  Perform authorization (‘access control’) based on roles or fine-grained permissions, also using pluggable data sources.  First-class caching support for enhanced application performance.  Simple Single Sign-On (SSO) support piggybacking the above Enterprise Session Management. If sessions are federated across multiple applications, the user’s authentication state can be shared too. Log in once to any application and the others all recognize that log-in.  Secure data with the easiest possible Cryptography APIs available, giving you power and simplicity beyond what Java provides by default for ciphers and hashes.  An incredibly robust yet low-configuration web framework that can secure any url or resource, automatically handle logins and logouts, perform Remember Me services, and more.
Details of Java Security Framework’s “OACC”  OACC - pronounced [oak] - is a fully featured Java API to both enforce and manage your application's authentication and authorization needs.  The OACC framework is an open-source project and encourages engagement with and contributions from community members like you.  OACC provides an API to manage security relationships like the above. Most current security frameworks for Java™, however, do not, because their security model lacks an abstraction for the application resources being secured.  This forces the application developer to implement a means to store and manage the security relationships. The abstraction for an application resource is core to OACC’s security model.  The security relationships are stored in OACC’s security data repository, backed by a set of relational database tables. As a result you will not see the concept of realms in OACC that exists in other security frameworks.
Details of Java Security Framework’s “OACC”  OACC features a fully functioning, rich API that doesn’t require any DIY implementation to enable the programmatic and dynamic modeling of complex security scenarios. In other words, OACC provides all the functionality to manage your application’s security model, out of the box.  Fully implemented data store: OACC supplies a fully implemented RDBMS-backed data store for its security model, which the API manages for you behind the scenes.  Permission‐based security model: OACC’s security model is permission-based: it essentially manages permissions between resources.  Single access control paradigm: Other frameworks allow role-membership or expression-language checks to enforce some level of authorization at the web and service layers (URLs and methods), and then provide a separate ACL interface to secure the domain-model layer (objects).  Annotations or expression language support: OACC is a security framework that facilitates programmatic authorization at the code-level, thus there currently is no support for aspect-oriented intercepts with annotations or expression-language constructs. Instead, simple API methods to check or assert permissions allow for authorization enforcement.
Details of Java Security Framework’s “OACC”  True RBAC modeling: If role membership checks aren’t enough to secure your application, you’ll be pleased to learn that OACC supports full RBAC, in which a “role is essentially a collection of permissions” (NIST). Roles - and groups for that matter - can be modeled through permission inheritance, allowing for hierarchical roles through which a subject transitively acquires any assigned permissions.  Symmetric query methods: OACC provides efficient query methods to find resources by permission, without loading all resources first and then filtering out the unauthorized ones. These methods are symmetric in the sense that you can find both  the resources to which a specified resource has a specific set of permissions, and  the resources that have a specific set of permissions to a specified resource.  For auditing or for purposes of managing authorization, these query methods make it easy to find, for example, users “belonging” to a role, or users that have permissions on a resource.  Permission delegation: OACC is the only framework that natively supports delegation control at the authorization level. With OACC, subjects can delegate their permissions to others.
Details of Java Security Framework’s “OACC”  Automatic permission assignment: Another novel feature of OACC are create-permissions, which not only control what kind of resources a subject may create, but also define exactly what permissions they would get on a new resource after creating it - defined once, permissions are automatically assigned to a resource creator, without the need for explicit API calls.  Multi‐tenancy support: OACC supports partitioning the resource space into (hierarchical) logical security domains, which facilitates modeling security scenarios in multi-tenant applications. These domains constitute a useful abstraction in itself, because they also allow permissions to be efficiently assigned and queried at the domain-level.  Caching: OACC does not yet come with a built-in caching mechanism. To prevent any performance degradation in terms of memory or query time as the size of your secured data set increases, OACC uses dynamic, highly targeted queries into a very efficient data model for all access control checks. As a result, OACC doesn’t load a subject’s entire permission set into memory up front and then iterate over it for each authorization check.
Details of Java Security Framework’s “PicketLink”  PicketLink is an open source project for simplified security and identity management for Java Applications.  A Picket Fence is a secure system of pickets joined together via some type of links. Basically, the Pickets by themselves do not offer any security.  But when they are brought together by linking them, they provide the necessary security.  This project is that link for other security systems or systems to bring together or join, to finally provide the necessary secure system.
Details of Java Security Framework’s “PicketLink”
Details of Java Security Framework’s “PicketLink”  Robust IDM feature: Model Identie’s and Attributes. build model from various data sources such as Databases, LDAP, File System and mix-n-match! Simple API for Users, Roles, Groups and Attributes.  Suitable for JavaEE Applications: Use CDI based application programming.  Robust Authentication Support: Application developers have greater control for authentication. You use the IDM as the foundation for your authentication needs.  Extensive Access Control/Authorization Support: PicketLink has a permission model that allows you to have robust access control for your Java Applications. Permission implementations include ACL and Drools Rules based implementations.  Plug in your own access control: API allows custom authorization implementations. Easy migration to a fine grained access control model using XACML.  SAML Web Browser Profile Single Sign-On: PicketLink provides SSO using SAML v1.1 and v2.0,parsers and Object Model available to build robust SAML enabled applications.  Social Media Based Login: PicketLink allows you to incorporate Social Login into your applications. You can build applications that allow sign in using Facebook, Google and Twitter.  Open Standards: PicketLink supports SAML, XACML and WS-Trust.
Details of Java Security Framework’s “Wicket”  Apache Wicket is a simple and features rich component-based web framework , the real reusable components is the main selling point of this framework.  Security is one of the most important non-functional requirements we must implement in our applications.  This is particularly true for enterprise applications as they usually support multiple concurrent users, and therefore they need to have an access control policy.  In this chapter we will explore the security infrastructure provided by Wicket and we will learn how to use it to implement authentication and authorizations in our web applications.
Details of Java Security Framework’s “Wicket”  Authentication: The authentication is implemented in wicket based on the security policie, which means that we must authenticate them on the basis of trusted user credentials and it supports for web applications usually adopt a form-based authentication with a login form.  Authorizations: The authorization support provided by Wicket is built around the concept of authorization strategy, there 2 main authorization strategies…  Simple Page Authorization Strategy  Role-based strategies  HTTPS protocol: HTTPS is the standard technology adopted on Internet to create a secure communication channel between web applications and their users. In Wicket we can easily protect our pages with HTTPS mounting a special request mapper called HttpsMapper.  URLs encryption: Wicket has a feature to encrypt/decrypt the URL using the interfaces like Icrypt.
Details of Java Security Framework’s “JGuard”  JGuard is an open source Java Security framework that is primarily used for securing Java Web Applications.  It is built on JAAS and offers simple and flexible configurations to authenticate and authorize user roles and manage the permission of the users.  It can be also considered for resolving access control problems and user rights in standalone and desktop based applications.  JGuard is very flexible and allows several different ways to configure those mechanisms for authentication and authorization, i.e., in a relational database, XML files, or LDAP service.  JGuard is under the open source LGPL license.
Details of Java Security Framework’s “JGuard”
Details of Java Security Framework’s “JGuard”  It can be adapted to any webapp, on any application server.  It permits a user to have more than one role simultaneously.  It Does not depend on a web framework, or an AOP framework.  It built on top of the standard, very secure, and flexible JAAS.  Authentication and authorization are handled by pluggable mechanisms.  Authentication data stored in a database, an XML file, a JNDI data source, an LDAP directory, Kerberos...  The changes take effects 'on the fly' (dynamic configuration).  In JGuard the permissions, roles, and their associations can be created, updated, deleted on the fly through a webapp (an API is provided too),  For each webapp has its own authentication and authorization configuration,  A taglib is provided to protect jsp fragments.  It provides the feature to support security manager.
Details of Java Security Framework’s “JGuard”
Details of Java Security Framework’s “HDIV”  Hdiv has pioneered application self-protection since 2008.  Hdiv enables applications to protect themselves through runtime application self-protection (RASP) products.  By building protection in during development, we protect applications from the inside. Hdiv solutions combine the strongest protection against OWASP Top 10 threats with deep understanding of business configuration and logic to enable real-time, all-the-time application protection.  Protect your applications in runtime, with fewer resources, and greater accuracy.  Hdiv delivers the best protection against application risks without having to change anything.
Details of Java Security Framework’s “HDIV”
Details of Java Security Framework’s “HDIV”  STRONGEST REAL-TIME PROTECTION: Hdiv repels 90% of application security risks included in the OWASP Top 10, such as SQL injection, cross-site scripting, cross-site request forgery, data tampering and brute force attacks. Hdiv offers higher effectiveness than any of the solutions currently available to fight web application security risks.  ULTRA-HIGH ACCURACY: Hdiv RASP has deep insight into application logic, configuration, and data and event flows. These capabilities enable Hdiv to analyze and block security attacks with less dependence on external security devices without false positives and with no need of learning processes and content parsing.  NO EXTENSIVE SECURITY EXPERTISE NEEDED: Programmers don’t have to be security experts to apply Hdiv during development. Hdiv enables self-protected applications with almost zero operations costs, and enables customers to avoid having to upgrade programming environments.  REAL-TIME VISIBILITY AND PROTECTION: It provides real-time visibility into actual attacks hitting applications in production. Get actionable information, including detected attacks, vulnerabilities and business logic flaws, and protect your business with instant information from interactive dashboards and alerts.  KEEP YOUR PROGRAMMING ENVIRONMENT: Hdiv installation and updates are easy, needing only a declarative configuration based on XML files. Hdiv does not change app source code, so it can be used with any application before and after development.
THANKS

Empfohlen

SAML Protocol Overview
SAML Protocol OverviewSAML Protocol Overview
SAML Protocol OverviewMike Schwartz
 
Microservice With Spring Boot and Spring Cloud
Microservice With Spring Boot and Spring CloudMicroservice With Spring Boot and Spring Cloud
Microservice With Spring Boot and Spring CloudEberhard Wolff
 
apidays New York 2023 - Embedded Payments in B2B and B2C use cases, Adrita Bh...
apidays New York 2023 - Embedded Payments in B2B and B2C use cases, Adrita Bh...apidays New York 2023 - Embedded Payments in B2B and B2C use cases, Adrita Bh...
apidays New York 2023 - Embedded Payments in B2B and B2C use cases, Adrita Bh...apidays
 
API Security Best Practices and Guidelines
API Security Best Practices and GuidelinesAPI Security Best Practices and Guidelines
API Security Best Practices and GuidelinesWSO2
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by defaultSecuRing
 
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectDemystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectVinay Manglani
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & GuidelinesPrabath Siriwardena
 
Cybersecurity - Mobile Application Security
Cybersecurity - Mobile Application SecurityCybersecurity - Mobile Application Security
Cybersecurity - Mobile Application SecurityEryk Budi Pratama
 

Empfohlen

SAML Protocol Overview
SAML Protocol OverviewSAML Protocol Overview
SAML Protocol OverviewMike Schwartz
 
Microservice With Spring Boot and Spring Cloud
Microservice With Spring Boot and Spring CloudMicroservice With Spring Boot and Spring Cloud
Microservice With Spring Boot and Spring CloudEberhard Wolff
 
apidays New York 2023 - Embedded Payments in B2B and B2C use cases, Adrita Bh...
apidays New York 2023 - Embedded Payments in B2B and B2C use cases, Adrita Bh...apidays New York 2023 - Embedded Payments in B2B and B2C use cases, Adrita Bh...
apidays New York 2023 - Embedded Payments in B2B and B2C use cases, Adrita Bh...apidays
 
API Security Best Practices and Guidelines
API Security Best Practices and GuidelinesAPI Security Best Practices and Guidelines
API Security Best Practices and GuidelinesWSO2
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by defaultSecuRing
 
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectDemystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectVinay Manglani
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & GuidelinesPrabath Siriwardena
 
Cybersecurity - Mobile Application Security
Cybersecurity - Mobile Application SecurityCybersecurity - Mobile Application Security
Cybersecurity - Mobile Application SecurityEryk Budi Pratama
 
Spring Security
Spring SecuritySpring Security
Spring SecurityKnoldus Inc.
 
Advanced Security Best Practices Masterclass
Advanced Security Best Practices MasterclassAdvanced Security Best Practices Masterclass
Advanced Security Best Practices MasterclassAmazon Web Services
 
Spring Security 5.5 From Taxi to Takeoff
Spring Security 5.5 From Taxi to TakeoffSpring Security 5.5 From Taxi to Takeoff
Spring Security 5.5 From Taxi to TakeoffVMware Tanzu
 
Microservices with Java, Spring Boot and Spring Cloud
Microservices with Java, Spring Boot and Spring CloudMicroservices with Java, Spring Boot and Spring Cloud
Microservices with Java, Spring Boot and Spring CloudEberhard Wolff
 
AWS IAM Introduction
AWS IAM IntroductionAWS IAM Introduction
AWS IAM IntroductionAmazon Web Services
 
Role-Based Access Control
Role-Based Access ControlRole-Based Access Control
Role-Based Access ControlEmpowerID
 
Spring Security 5
Spring Security 5Spring Security 5
Spring Security 5Jesus Perez Franco
 
Rest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityRest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityMohammed Fazuluddin
 
API as-a-Product with Azure API Management (APIM)
API as-a-Product with Azure API Management (APIM)API as-a-Product with Azure API Management (APIM)
API as-a-Product with Azure API Management (APIM)Bishoy Demian
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and ComplianceKarina Matos
 
Identity as a Service
Identity as a ServiceIdentity as a Service
Identity as a ServicePrabath Siriwardena
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak Abhishek Koserwal
 
Building towards a Composite API Framework in Salesforce
Building towards a Composite API Framework in SalesforceBuilding towards a Composite API Framework in Salesforce
Building towards a Composite API Framework in SalesforceSalesforce Developers
 
API Best Practices
API Best PracticesAPI Best Practices
API Best PracticesSai Koppala
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectSaran Doraiswamy
 
Spring Framework Tutorial | Spring Tutorial For Beginners With Examples | Jav...
Spring Framework Tutorial | Spring Tutorial For Beginners With Examples | Jav...Spring Framework Tutorial | Spring Tutorial For Beginners With Examples | Jav...
Spring Framework Tutorial | Spring Tutorial For Beginners With Examples | Jav...Edureka!
 
OWASP API Security Top 10 - API World
OWASP API Security Top 10 - API WorldOWASP API Security Top 10 - API World
OWASP API Security Top 10 - API World42Crunch
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0Uwe Friedrichsen
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
API Management Part 1 - An Introduction to Azure API Management
API Management Part 1 - An Introduction to Azure API ManagementAPI Management Part 1 - An Introduction to Azure API Management
API Management Part 1 - An Introduction to Azure API ManagementBizTalk360
 
зст
зстзст
зстdenchk
 
Ikip pgri-pontianak
Ikip pgri-pontianakIkip pgri-pontianak
Ikip pgri-pontianakWijaya Kusumah
 

Weitere ähnliche Inhalte

Was ist angesagt?

Advanced Security Best Practices Masterclass
Advanced Security Best Practices MasterclassAdvanced Security Best Practices Masterclass
Advanced Security Best Practices MasterclassAmazon Web Services
 
Spring Security 5.5 From Taxi to Takeoff
Spring Security 5.5 From Taxi to TakeoffSpring Security 5.5 From Taxi to Takeoff
Spring Security 5.5 From Taxi to TakeoffVMware Tanzu
 
Microservices with Java, Spring Boot and Spring Cloud
Microservices with Java, Spring Boot and Spring CloudMicroservices with Java, Spring Boot and Spring Cloud
Microservices with Java, Spring Boot and Spring CloudEberhard Wolff
 
Role-Based Access Control
Role-Based Access ControlRole-Based Access Control
Role-Based Access ControlEmpowerID
 
Rest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityRest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityMohammed Fazuluddin
 
API as-a-Product with Azure API Management (APIM)
API as-a-Product with Azure API Management (APIM)API as-a-Product with Azure API Management (APIM)
API as-a-Product with Azure API Management (APIM)Bishoy Demian
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and ComplianceKarina Matos
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak Abhishek Koserwal
 
Building towards a Composite API Framework in Salesforce
Building towards a Composite API Framework in SalesforceBuilding towards a Composite API Framework in Salesforce
Building towards a Composite API Framework in SalesforceSalesforce Developers
 
API Best Practices
API Best PracticesAPI Best Practices
API Best PracticesSai Koppala
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectSaran Doraiswamy
 
Spring Framework Tutorial | Spring Tutorial For Beginners With Examples | Jav...
Spring Framework Tutorial | Spring Tutorial For Beginners With Examples | Jav...Spring Framework Tutorial | Spring Tutorial For Beginners With Examples | Jav...
Spring Framework Tutorial | Spring Tutorial For Beginners With Examples | Jav...Edureka!
 
OWASP API Security Top 10 - API World
OWASP API Security Top 10 - API WorldOWASP API Security Top 10 - API World
OWASP API Security Top 10 - API World42Crunch
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
API Management Part 1 - An Introduction to Azure API Management
API Management Part 1 - An Introduction to Azure API ManagementAPI Management Part 1 - An Introduction to Azure API Management
API Management Part 1 - An Introduction to Azure API ManagementBizTalk360
 

Was ist angesagt? (20)

Spring Security
Spring SecuritySpring Security
Spring Security
 
Advanced Security Best Practices Masterclass
Advanced Security Best Practices MasterclassAdvanced Security Best Practices Masterclass
Advanced Security Best Practices Masterclass
 
Spring Security 5.5 From Taxi to Takeoff
Spring Security 5.5 From Taxi to TakeoffSpring Security 5.5 From Taxi to Takeoff
Spring Security 5.5 From Taxi to Takeoff
 
Microservices with Java, Spring Boot and Spring Cloud
Microservices with Java, Spring Boot and Spring CloudMicroservices with Java, Spring Boot and Spring Cloud
Microservices with Java, Spring Boot and Spring Cloud
 
AWS IAM Introduction
AWS IAM IntroductionAWS IAM Introduction
AWS IAM Introduction
 
Role-Based Access Control
Role-Based Access ControlRole-Based Access Control
Role-Based Access Control
 
Spring Security 5
Spring Security 5Spring Security 5
Spring Security 5
 
Rest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityRest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API Security
 
API as-a-Product with Azure API Management (APIM)
API as-a-Product with Azure API Management (APIM)API as-a-Product with Azure API Management (APIM)
API as-a-Product with Azure API Management (APIM)
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
 
Identity as a Service
Identity as a ServiceIdentity as a Service
Identity as a Service
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak
 
Building towards a Composite API Framework in Salesforce
Building towards a Composite API Framework in SalesforceBuilding towards a Composite API Framework in Salesforce
Building towards a Composite API Framework in Salesforce
 
API Best Practices
API Best PracticesAPI Best Practices
API Best Practices
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId Connect
 
Spring Framework Tutorial | Spring Tutorial For Beginners With Examples | Jav...
Spring Framework Tutorial | Spring Tutorial For Beginners With Examples | Jav...Spring Framework Tutorial | Spring Tutorial For Beginners With Examples | Jav...
Spring Framework Tutorial | Spring Tutorial For Beginners With Examples | Jav...
 
OWASP API Security Top 10 - API World
OWASP API Security Top 10 - API WorldOWASP API Security Top 10 - API World
OWASP API Security Top 10 - API World
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
 
API Management Part 1 - An Introduction to Azure API Management
API Management Part 1 - An Introduction to Azure API ManagementAPI Management Part 1 - An Introduction to Azure API Management
API Management Part 1 - An Introduction to Azure API Management
 

Andere mochten auch

зст
зстзст
зстdenchk
 
9 кла бун рус яз
9 кла бун рус яз9 кла бун рус яз
9 кла бун рус яз11book
 
тема урока
тема урокатема урока
тема урокаoquzaman
 
Transitions summary March 2017
Transitions summary March 2017Transitions summary March 2017
Transitions summary March 2017Sheila Heard RCDP
 
“Fairness Cases as an Accelerant and Enabler for Cognitive Assistance Adoption”
“Fairness Cases as an Accelerant and Enabler for Cognitive Assistance Adoption”“Fairness Cases as an Accelerant and Enabler for Cognitive Assistance Adoption”
“Fairness Cases as an Accelerant and Enabler for Cognitive Assistance Adoption”diannepatricia
 
Favourite Photo Shoot Photos
Favourite Photo Shoot Photos Favourite Photo Shoot Photos
Favourite Photo Shoot Photos rachelhubbard7
 
Communication and media response to the Westminster Attack
Communication and media response to the Westminster AttackCommunication and media response to the Westminster Attack
Communication and media response to the Westminster AttackStephen Waddington
 
Mgmt 203 total nbr of large urban householdstotal amount spent by large-urban...
Mgmt 203 total nbr of large urban householdstotal amount spent by large-urban...Mgmt 203 total nbr of large urban householdstotal amount spent by large-urban...
Mgmt 203 total nbr of large urban householdstotal amount spent by large-urban...JenniferBall46
 

Andere mochten auch (13)

зст
зстзст
зст
 
Ikip pgri-pontianak
Ikip pgri-pontianakIkip pgri-pontianak
Ikip pgri-pontianak
 
9 кла бун рус яз
9 кла бун рус яз9 кла бун рус яз
9 кла бун рус яз
 
TUVALU COUNTRY
TUVALU COUNTRYTUVALU COUNTRY
TUVALU COUNTRY
 
тема урока
тема урокатема урока
тема урока
 
Transitions summary March 2017
Transitions summary March 2017Transitions summary March 2017
Transitions summary March 2017
 
“Fairness Cases as an Accelerant and Enabler for Cognitive Assistance Adoption”
“Fairness Cases as an Accelerant and Enabler for Cognitive Assistance Adoption”“Fairness Cases as an Accelerant and Enabler for Cognitive Assistance Adoption”
“Fairness Cases as an Accelerant and Enabler for Cognitive Assistance Adoption”
 
Favourite Photo Shoot Photos
Favourite Photo Shoot Photos Favourite Photo Shoot Photos
Favourite Photo Shoot Photos
 
Opus grammar tips
Opus grammar tipsOpus grammar tips
Opus grammar tips
 
Ppt fia oficial para cataluña
Ppt fia oficial para cataluñaPpt fia oficial para cataluña
Ppt fia oficial para cataluña
 
Communication and media response to the Westminster Attack
Communication and media response to the Westminster AttackCommunication and media response to the Westminster Attack
Communication and media response to the Westminster Attack
 
גילון 123
גילון 123גילון 123
גילון 123
 
Mgmt 203 total nbr of large urban householdstotal amount spent by large-urban...
Mgmt 203 total nbr of large urban householdstotal amount spent by large-urban...Mgmt 203 total nbr of large urban householdstotal amount spent by large-urban...
Mgmt 203 total nbr of large urban householdstotal amount spent by large-urban...
 

Ähnlich wie Java Security Framework's

Security As A Service
Security As A ServiceSecurity As A Service
Security As A Serviceguest536dd0e
 
Spring security4.x
Spring security4.xSpring security4.x
Spring security4.xZeeshan Khan
 
Apache shiro security framework
Apache shiro security frameworkApache shiro security framework
Apache shiro security frameworkAshokkumar T A
 
Introduction To Building Enterprise Web Application With Spring Mvc
Introduction To Building Enterprise Web Application With Spring MvcIntroduction To Building Enterprise Web Application With Spring Mvc
Introduction To Building Enterprise Web Application With Spring MvcAbdelmonaim Remani
 
Weblogic Cluster Security
Weblogic Cluster SecurityWeblogic Cluster Security
Weblogic Cluster SecurityAditya Bhuyan
 
Introduction to Spring sec1.pptx
Introduction to Spring sec1.pptxIntroduction to Spring sec1.pptx
Introduction to Spring sec1.pptxNourhanTarek23
 
Azure Key Vault with a PaaS Architecture and ARM Template Deployment
Azure Key Vault with a PaaS Architecture and ARM Template DeploymentAzure Key Vault with a PaaS Architecture and ARM Template Deployment
Azure Key Vault with a PaaS Architecture and ARM Template DeploymentRoy Kim
 
Introduction Java Web Framework and Web Server.
Introduction Java Web Framework and Web Server.Introduction Java Web Framework and Web Server.
Introduction Java Web Framework and Web Server.suranisaunak
 
Spring security jwt tutorial toptal
Spring security jwt tutorial toptalSpring security jwt tutorial toptal
Spring security jwt tutorial toptaljbsysatm
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxjohnpragasam1
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxazida3
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxcgt38842
 
Asp net whitepaper
Asp net whitepaperAsp net whitepaper
Asp net whitepaperZayar Shwe
 
Presentation on Oracle Application Server
Presentation on Oracle Application Server Presentation on Oracle Application Server
Presentation on Oracle Application Server Muthoot finance Ltd
 
OWASP_Top_Ten_Proactive_Controls_v32.pptx
OWASP_Top_Ten_Proactive_Controls_v32.pptxOWASP_Top_Ten_Proactive_Controls_v32.pptx
OWASP_Top_Ten_Proactive_Controls_v32.pptxnmk42194
 

Ähnlich wie Java Security Framework's (20)

Security in Java
Security in JavaSecurity in Java
Security in Java
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Service
 
Spring security4.x
Spring security4.xSpring security4.x
Spring security4.x
 
Apache shiro security framework
Apache shiro security frameworkApache shiro security framework
Apache shiro security framework
 
Introduction To Building Enterprise Web Application With Spring Mvc
Introduction To Building Enterprise Web Application With Spring MvcIntroduction To Building Enterprise Web Application With Spring Mvc
Introduction To Building Enterprise Web Application With Spring Mvc
 
Weblogic security
Weblogic securityWeblogic security
Weblogic security
 
Weblogic Cluster Security
Weblogic Cluster SecurityWeblogic Cluster Security
Weblogic Cluster Security
 
Introduction to Spring sec1.pptx
Introduction to Spring sec1.pptxIntroduction to Spring sec1.pptx
Introduction to Spring sec1.pptx
 
Azure Key Vault with a PaaS Architecture and ARM Template Deployment
Azure Key Vault with a PaaS Architecture and ARM Template DeploymentAzure Key Vault with a PaaS Architecture and ARM Template Deployment
Azure Key Vault with a PaaS Architecture and ARM Template Deployment
 
Cyber ppt
Cyber pptCyber ppt
Cyber ppt
 
Introduction Java Web Framework and Web Server.
Introduction Java Web Framework and Web Server.Introduction Java Web Framework and Web Server.
Introduction Java Web Framework and Web Server.
 
Cloud Security Fundamentals Webinar
Cloud Security Fundamentals WebinarCloud Security Fundamentals Webinar
Cloud Security Fundamentals Webinar
 
Spring security jwt tutorial toptal
Spring security jwt tutorial toptalSpring security jwt tutorial toptal
Spring security jwt tutorial toptal
 
oracle
oracleoracle
oracle
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptx
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptx
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptx
 
Asp net whitepaper
Asp net whitepaperAsp net whitepaper
Asp net whitepaper
 
Presentation on Oracle Application Server
Presentation on Oracle Application Server Presentation on Oracle Application Server
Presentation on Oracle Application Server
 
OWASP_Top_Ten_Proactive_Controls_v32.pptx
OWASP_Top_Ten_Proactive_Controls_v32.pptxOWASP_Top_Ten_Proactive_Controls_v32.pptx
OWASP_Top_Ten_Proactive_Controls_v32.pptx
 

Mehr von Mohammed Fazuluddin

Software architectural patterns - A Quick Understanding Guide
Software architectural patterns - A Quick Understanding GuideSoftware architectural patterns - A Quick Understanding Guide
Software architectural patterns - A Quick Understanding GuideMohammed Fazuluddin
 
Mule ESB - An Enterprise Service Bus
Mule ESB - An Enterprise Service BusMule ESB - An Enterprise Service Bus
Mule ESB - An Enterprise Service BusMohammed Fazuluddin
 
Docker - A Quick Introduction Guide
Docker - A Quick Introduction GuideDocker - A Quick Introduction Guide
Docker - A Quick Introduction GuideMohammed Fazuluddin
 
Cassandra - A Basic Introduction Guide
Cassandra - A Basic Introduction GuideCassandra - A Basic Introduction Guide
Cassandra - A Basic Introduction GuideMohammed Fazuluddin
 
React JS - A quick introduction tutorial
React JS - A quick introduction tutorialReact JS - A quick introduction tutorial
React JS - A quick introduction tutorialMohammed Fazuluddin
 
Selecting the right cache framework
Selecting the right cache frameworkSelecting the right cache framework
Selecting the right cache frameworkMohammed Fazuluddin
 
Cloud computing and data security
Cloud computing and data securityCloud computing and data security
Cloud computing and data securityMohammed Fazuluddin
 

Mehr von Mohammed Fazuluddin (20)

DOMAIN DRIVER DESIGN
DOMAIN DRIVER DESIGNDOMAIN DRIVER DESIGN
DOMAIN DRIVER DESIGN
 
New Relic Basics
New Relic BasicsNew Relic Basics
New Relic Basics
 
Terraform Basics
Terraform BasicsTerraform Basics
Terraform Basics
 
Software architectural patterns - A Quick Understanding Guide
Software architectural patterns - A Quick Understanding GuideSoftware architectural patterns - A Quick Understanding Guide
Software architectural patterns - A Quick Understanding Guide
 
Mule ESB - An Enterprise Service Bus
Mule ESB - An Enterprise Service BusMule ESB - An Enterprise Service Bus
Mule ESB - An Enterprise Service Bus
 
Docker - A Quick Introduction Guide
Docker - A Quick Introduction GuideDocker - A Quick Introduction Guide
Docker - A Quick Introduction Guide
 
Cassandra - A Basic Introduction Guide
Cassandra - A Basic Introduction GuideCassandra - A Basic Introduction Guide
Cassandra - A Basic Introduction Guide
 
React JS - A quick introduction tutorial
React JS - A quick introduction tutorialReact JS - A quick introduction tutorial
React JS - A quick introduction tutorial
 
Rest API Design Rules
Rest API Design RulesRest API Design Rules
Rest API Design Rules
 
Scrum process framework
Scrum process frameworkScrum process framework
Scrum process framework
 
DevOps and Tools
DevOps and ToolsDevOps and Tools
DevOps and Tools
 
UI architecture & designing
UI architecture & designingUI architecture & designing
UI architecture & designing
 
Data streaming fundamentals
Data streaming fundamentalsData streaming fundamentals
Data streaming fundamentals
 
Microservice's in detailed
Microservice's in detailedMicroservice's in detailed
Microservice's in detailed
 
Java performance tuning
Java performance tuningJava performance tuning
Java performance tuning
 
Java workflow engines
Java workflow enginesJava workflow engines
Java workflow engines
 
Selecting the right cache framework
Selecting the right cache frameworkSelecting the right cache framework
Selecting the right cache framework
 
Cloud computing and data security
Cloud computing and data securityCloud computing and data security
Cloud computing and data security
 
Security Design Concepts
Security Design ConceptsSecurity Design Concepts
Security Design Concepts
 
Software Design Concepts
Software Design ConceptsSoftware Design Concepts
Software Design Concepts
 

Kürzlich hochgeladen

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 

Kürzlich hochgeladen (20)

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 

Java Security Framework's

  • 1. Java Security Framework’s Choosing The Right Java Security Framework @Mohammed Fazuluddin
  • 2. Topics Overview List of Java Security Framework’s Details of Java Security Framework’s
  • 3. Overview  if you need your application "to be secure", there's no generic framework that you can just installed and be done.  You need to understand what exactly you need and for that you should good functional/business knowledge.  There are many java based security frameworks some are open source and some are commercial.  if you have specific requirements around encryption, digital signatures, authentication, authorization, etc. you should list what your requirements are, as multiple frameworks can provide better support for each of these.  This framework is written for web and standalone applications, to resolve simply, access control problems.
  • 4. List of Java Security Framework’s  Following are the list of frameworks which can be integrated with java based application, both web and standalone applications to make the application secure.  Spring Security  Apache Shiro  OACC  PicketLink  Wicket  JGaurd  HDIV
  • 5. Details of Java Security Framework’s “Spring Security”  Spring Security provides security services for J2EE-based enterprise software applications.  Spring Security is a lightweight security framework that provides authentication and authorization support in order to Secure Spring-based applications.  It integrates well with Spring MVC and comes bundled with popular security algorithm implementations. There are two main areas for application securities.  Authentication: Process of checking the user, who they claim to be.  Authorization: Process of deciding whether an user is allowed to perform an activity within the application.  Authentication Models supported by Spring Security: Spring security supports more then 20 models for authentication. Some of them are…  X.509 client certificate exchange  LDAP Authentication  OpenID authentication  Java Open Source Single Sign On
  • 6. Details of Java Security Framework’s “Spring Security”
  • 7. Details of Java Security Framework’s “Spring Security”  Spring Security Modules: Spring security code has been divided in different JARs(Can be considers as modules)  Core (spring-security-core.jar) : Required Module. Contains core authentication and access-contol classes and interfaces, remoting support and basic provisioning APIs.  Web (spring-security-web.jar): Required* if web authentication services and URL-based access-control is required. Contains filters and related web-security infrastructure code.  Remoting : Provides integration with Spring Remoting.  Config : Contains the security namespace parsing code. You need it if you are using the Spring Security XML namespace for configuration.  LDAP : LDAP authentication and provisioning code. Required if you need to use LDAP authentication or manage LDAP user entries.  ACL : Used to apply security to specific domain object instances within your application.  CAS : If you want to use Spring Security web authentication with a CAS single sign-on server.  OPENID :Used to authenticate users against an external OpenID server.
  • 8. Details of Java Security Framework’s “Apache Shiro”  Apache Shiro is a top level open source project under the Apache Software Foundation.  Apache Shiro is a powerful and easy to use Java security framework that offers developers an intuitive yet comprehensive solution to authentication, authorization, cryptography, and session management.  In practical terms, it achieves to manage all facets of your application’s security, while keeping out of the way as much as possible.  It is built on sound interface-driven design and OO principles, enabling custom behavior wherever you can imagine it. But with sensible defaults for everything, it is as “hands off” as application security can be.  Apache Shiro can be run in any environment, from the simplest command line application to the biggest enterprise web and clustered applications.
  • 9. Details of Java Security Framework’s “Apache Shiro”
  • 10. Details of Java Security Framework’s “Apache Shiro”  The easiest to understand Java Security API anywhere. Class and Interface names are intuitive and make sense. Anything is pluggable but good defaults exist for everything.  Support authentication (‘logins’) across one or more pluggable data sources (LDAP, JDBC, Active Directory, etc.).  Perform authorization (‘access control’) based on roles or fine-grained permissions, also using pluggable data sources.  First-class caching support for enhanced application performance.  Simple Single Sign-On (SSO) support piggybacking the above Enterprise Session Management. If sessions are federated across multiple applications, the user’s authentication state can be shared too. Log in once to any application and the others all recognize that log-in.  Secure data with the easiest possible Cryptography APIs available, giving you power and simplicity beyond what Java provides by default for ciphers and hashes.  An incredibly robust yet low-configuration web framework that can secure any url or resource, automatically handle logins and logouts, perform Remember Me services, and more.
  • 11. Details of Java Security Framework’s “OACC”  OACC - pronounced [oak] - is a fully featured Java API to both enforce and manage your application's authentication and authorization needs.  The OACC framework is an open-source project and encourages engagement with and contributions from community members like you.  OACC provides an API to manage security relationships like the above. Most current security frameworks for Java™, however, do not, because their security model lacks an abstraction for the application resources being secured.  This forces the application developer to implement a means to store and manage the security relationships. The abstraction for an application resource is core to OACC’s security model.  The security relationships are stored in OACC’s security data repository, backed by a set of relational database tables. As a result you will not see the concept of realms in OACC that exists in other security frameworks.
  • 12. Details of Java Security Framework’s “OACC”  OACC features a fully functioning, rich API that doesn’t require any DIY implementation to enable the programmatic and dynamic modeling of complex security scenarios. In other words, OACC provides all the functionality to manage your application’s security model, out of the box.  Fully implemented data store: OACC supplies a fully implemented RDBMS-backed data store for its security model, which the API manages for you behind the scenes.  Permission‐based security model: OACC’s security model is permission-based: it essentially manages permissions between resources.  Single access control paradigm: Other frameworks allow role-membership or expression-language checks to enforce some level of authorization at the web and service layers (URLs and methods), and then provide a separate ACL interface to secure the domain-model layer (objects).  Annotations or expression language support: OACC is a security framework that facilitates programmatic authorization at the code-level, thus there currently is no support for aspect-oriented intercepts with annotations or expression-language constructs. Instead, simple API methods to check or assert permissions allow for authorization enforcement.
  • 13. Details of Java Security Framework’s “OACC”  True RBAC modeling: If role membership checks aren’t enough to secure your application, you’ll be pleased to learn that OACC supports full RBAC, in which a “role is essentially a collection of permissions” (NIST). Roles - and groups for that matter - can be modeled through permission inheritance, allowing for hierarchical roles through which a subject transitively acquires any assigned permissions.  Symmetric query methods: OACC provides efficient query methods to find resources by permission, without loading all resources first and then filtering out the unauthorized ones. These methods are symmetric in the sense that you can find both  the resources to which a specified resource has a specific set of permissions, and  the resources that have a specific set of permissions to a specified resource.  For auditing or for purposes of managing authorization, these query methods make it easy to find, for example, users “belonging” to a role, or users that have permissions on a resource.  Permission delegation: OACC is the only framework that natively supports delegation control at the authorization level. With OACC, subjects can delegate their permissions to others.
  • 14. Details of Java Security Framework’s “OACC”  Automatic permission assignment: Another novel feature of OACC are create-permissions, which not only control what kind of resources a subject may create, but also define exactly what permissions they would get on a new resource after creating it - defined once, permissions are automatically assigned to a resource creator, without the need for explicit API calls.  Multi‐tenancy support: OACC supports partitioning the resource space into (hierarchical) logical security domains, which facilitates modeling security scenarios in multi-tenant applications. These domains constitute a useful abstraction in itself, because they also allow permissions to be efficiently assigned and queried at the domain-level.  Caching: OACC does not yet come with a built-in caching mechanism. To prevent any performance degradation in terms of memory or query time as the size of your secured data set increases, OACC uses dynamic, highly targeted queries into a very efficient data model for all access control checks. As a result, OACC doesn’t load a subject’s entire permission set into memory up front and then iterate over it for each authorization check.
  • 15. Details of Java Security Framework’s “PicketLink”  PicketLink is an open source project for simplified security and identity management for Java Applications.  A Picket Fence is a secure system of pickets joined together via some type of links. Basically, the Pickets by themselves do not offer any security.  But when they are brought together by linking them, they provide the necessary security.  This project is that link for other security systems or systems to bring together or join, to finally provide the necessary secure system.
  • 16. Details of Java Security Framework’s “PicketLink”
  • 17. Details of Java Security Framework’s “PicketLink”  Robust IDM feature: Model Identie’s and Attributes. build model from various data sources such as Databases, LDAP, File System and mix-n-match! Simple API for Users, Roles, Groups and Attributes.  Suitable for JavaEE Applications: Use CDI based application programming.  Robust Authentication Support: Application developers have greater control for authentication. You use the IDM as the foundation for your authentication needs.  Extensive Access Control/Authorization Support: PicketLink has a permission model that allows you to have robust access control for your Java Applications. Permission implementations include ACL and Drools Rules based implementations.  Plug in your own access control: API allows custom authorization implementations. Easy migration to a fine grained access control model using XACML.  SAML Web Browser Profile Single Sign-On: PicketLink provides SSO using SAML v1.1 and v2.0,parsers and Object Model available to build robust SAML enabled applications.  Social Media Based Login: PicketLink allows you to incorporate Social Login into your applications. You can build applications that allow sign in using Facebook, Google and Twitter.  Open Standards: PicketLink supports SAML, XACML and WS-Trust.
  • 18. Details of Java Security Framework’s “Wicket”  Apache Wicket is a simple and features rich component-based web framework , the real reusable components is the main selling point of this framework.  Security is one of the most important non-functional requirements we must implement in our applications.  This is particularly true for enterprise applications as they usually support multiple concurrent users, and therefore they need to have an access control policy.  In this chapter we will explore the security infrastructure provided by Wicket and we will learn how to use it to implement authentication and authorizations in our web applications.
  • 19. Details of Java Security Framework’s “Wicket”  Authentication: The authentication is implemented in wicket based on the security policie, which means that we must authenticate them on the basis of trusted user credentials and it supports for web applications usually adopt a form-based authentication with a login form.  Authorizations: The authorization support provided by Wicket is built around the concept of authorization strategy, there 2 main authorization strategies…  Simple Page Authorization Strategy  Role-based strategies  HTTPS protocol: HTTPS is the standard technology adopted on Internet to create a secure communication channel between web applications and their users. In Wicket we can easily protect our pages with HTTPS mounting a special request mapper called HttpsMapper.  URLs encryption: Wicket has a feature to encrypt/decrypt the URL using the interfaces like Icrypt.
  • 20. Details of Java Security Framework’s “JGuard”  JGuard is an open source Java Security framework that is primarily used for securing Java Web Applications.  It is built on JAAS and offers simple and flexible configurations to authenticate and authorize user roles and manage the permission of the users.  It can be also considered for resolving access control problems and user rights in standalone and desktop based applications.  JGuard is very flexible and allows several different ways to configure those mechanisms for authentication and authorization, i.e., in a relational database, XML files, or LDAP service.  JGuard is under the open source LGPL license.
  • 21. Details of Java Security Framework’s “JGuard”
  • 22. Details of Java Security Framework’s “JGuard”  It can be adapted to any webapp, on any application server.  It permits a user to have more than one role simultaneously.  It Does not depend on a web framework, or an AOP framework.  It built on top of the standard, very secure, and flexible JAAS.  Authentication and authorization are handled by pluggable mechanisms.  Authentication data stored in a database, an XML file, a JNDI data source, an LDAP directory, Kerberos...  The changes take effects 'on the fly' (dynamic configuration).  In JGuard the permissions, roles, and their associations can be created, updated, deleted on the fly through a webapp (an API is provided too),  For each webapp has its own authentication and authorization configuration,  A taglib is provided to protect jsp fragments.  It provides the feature to support security manager.
  • 23. Details of Java Security Framework’s “JGuard”
  • 24. Details of Java Security Framework’s “HDIV”  Hdiv has pioneered application self-protection since 2008.  Hdiv enables applications to protect themselves through runtime application self-protection (RASP) products.  By building protection in during development, we protect applications from the inside. Hdiv solutions combine the strongest protection against OWASP Top 10 threats with deep understanding of business configuration and logic to enable real-time, all-the-time application protection.  Protect your applications in runtime, with fewer resources, and greater accuracy.  Hdiv delivers the best protection against application risks without having to change anything.
  • 25. Details of Java Security Framework’s “HDIV”
  • 26. Details of Java Security Framework’s “HDIV”  STRONGEST REAL-TIME PROTECTION: Hdiv repels 90% of application security risks included in the OWASP Top 10, such as SQL injection, cross-site scripting, cross-site request forgery, data tampering and brute force attacks. Hdiv offers higher effectiveness than any of the solutions currently available to fight web application security risks.  ULTRA-HIGH ACCURACY: Hdiv RASP has deep insight into application logic, configuration, and data and event flows. These capabilities enable Hdiv to analyze and block security attacks with less dependence on external security devices without false positives and with no need of learning processes and content parsing.  NO EXTENSIVE SECURITY EXPERTISE NEEDED: Programmers don’t have to be security experts to apply Hdiv during development. Hdiv enables self-protected applications with almost zero operations costs, and enables customers to avoid having to upgrade programming environments.  REAL-TIME VISIBILITY AND PROTECTION: It provides real-time visibility into actual attacks hitting applications in production. Get actionable information, including detected attacks, vulnerabilities and business logic flaws, and protect your business with instant information from interactive dashboards and alerts.  KEEP YOUR PROGRAMMING ENVIRONMENT: Hdiv installation and updates are easy, needing only a declarative configuration based on XML files. Hdiv does not change app source code, so it can be used with any application before and after development.