Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Spring Security Patterns

SpringOne 2020
Spring Security Patterns

Josh Cummings, Software Engineer at VMware
Eleftheria Stein, Software Engineer at VMware

  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

Spring Security Patterns

  1. 1. Spring Security Patterns September 2–3, 2020 springone.io Ria Stein – Spring Security Maintainer Josh Cummings – Spring Security Maintainer – @jzheaux
  2. 2. Secure by Default PG application.properties App H2 App App H2 application-prod.properties PG App application.properties application-dev.properties
  3. 3. Principle of Least Privilege Username: Forgot Password jzheaux OK Sorry, we don’t recognize that username Username: Forgot Password jzheaux OK If that username exists, we’ve just sent an email
  4. 4. Request Thread Local try { SecurityContext ctx = lookup(request); SecurityContextHolder.setContext(ctx); chain.doFilter(request, response); } finally { SecurityContextHolder.clearContext() } public void serviceLayerMethod() { var ctx = SecurityContextHolder.getContext(); } Stores data in a ThreadLocal so only visible to this thread Clears data so ThreadLocal can be used for next request Now data can be retrieved at the service layer ForReactiveapps,use theReactorContext insteadofThreadLocals
  5. 5. Composition registration.html <div class=“registration-banner”> <button class=“registration-button”> Register Now </button> </div> <div> <span>Welcome to our talk!</span> <registration/> </div> homepage.html
  6. 6. Stay Connected. And be secure. https://github.com/spring-projects/spring-security https://github.com/jzheaux/springone2020 #springone@s1p

×