SlideShare ist ein Scribd-Unternehmen logo

ICW Developer Conference - Instance-based Security with SAF

K
krasserm
TechnologieBusiness
1 von 8
Downloaden Sie, um offline zu lesen
ICW Developer Conference - May 2008 Instance-based Security with the Security Annotation Framework (SAF) ICW Developer Conference Martin Krasser / 07.05.2008 Martin Krasser • Software Architect @ Professional Gate • Focus - Application Security - Application Integration Platforms - Application Integration Solutions - Research & Development 07.05.2008 ICW Developer Conference Security - Instance-based Security with SAF 13 - 1
ICW Developer Conference - May 2008 Agenda • Introduction • Architecture • Code Examples • Outlook • Live Demo 07.05.2008 ICW Developer Conference Overview • Open Source Security Project @ sourceforge.net - Instance-level access control - Attribute-level encryption • Driven by Java 5 Annotations - @Secure and @Filter annotations to enforce access decisions - @Encrypt annotation to trigger encryption/decryption operations • Framework with provider interfaces (SPI) for - Authorization Providers - Encryption Providers - Reference implementations available 07.05.2008 ICW Developer Conference Security - Instance-based Security with SAF 13 - 2
ICW Developer Conference - May 2008 Motivations • Java EE doesn‘t provide instance-level access control mechanisms - Access decisions and policy definitions in Java EE only based on static application properties (methods, ...) - Instance-level access control is additionally based on runtime application properties (domain object state, ...) • Encryption mechanisms decoupled from data storage/binding mechanisms - No Hibernate-specific encryption interceptors ... - No JAXB-specific marshal/unmarshal listeners ... • Avoid complex configurations - No need to deal with Spring/AspectJ AOP details - Place security interceptors using annotations • Support for pluggable authorization and crypto providers - Access control and encryption logic provided by plugins/providers - Different applications have significantly different access control and encryption requirements 07.05.2008 ICW Developer Conference History • SAF initially developed as part of the eHF - Refactoring of complex Spring/AspectJ AOP configurations • Open source since March 2007 - Apache 2.0 License • Three releases so far - Latest release is 0.8.2 (production-stable) - Current development on 0.9-SNAPSHOT 07.05.2008 ICW Developer Conference Security - Instance-based Security with SAF 13 - 3
ICW Developer Conference - May 2008 SAF Access Control Architecture Security Domain SAF Core Requestor Interceptor Object AccessManager SAF JAAS Authorization Spring Security Provider ... • Security Interceptor (Policy Enforcement Point) - Implemented by annotating domain objects, methods and method parameters • Authorization Providers (Policy Decision Point) - Makes access decisions based on class instances - Reference implementation based on JAAS extensions 07.05.2008 ICW Developer Conference SAF Crypto Architecture Crypto Instance SAF Core Requestor Interceptor Attribute CryptoProvider SAF Crypto Crypto ... Provider • Crypto Interceptor - Implemented by annotating instance attributes • Crypto Service Provider - Runs encrypt/decrypt operations - Reference implementation coming soon 07.05.2008 ICW Developer Conference Security - Instance-based Security with SAF 13 - 4
ICW Developer Conference - May 2008 Code Example – Access Control 07.05.2008 ICW Developer Conference Code Example – Attribute Encryption • BUT: No crypto operations for access via reflection • Hibernate can be configured for reflective access (field access) - Encrypted storage of attribute values in databases • JAXB2 can be configured for reflective access (field access) - XML binding of encrypted attribute values 07.05.2008 ICW Developer Conference Security - Instance-based Security with SAF 13 - 5
ICW Developer Conference - May 2008 Configuration Spring 2.5 Application Context Provider Implementations loads 07.05.2008 ICW Developer Conference Behind the Scenes Client Spring AOP AspectJ Spring Method Enhanced AspectJ RT CT Bytecode AOP Proxy Interceptor Advice Domain Object Application Service SAF Spring Bean Infrastructure RT Created at runtime Access Created at compile time Manager CT 07.05.2008 ICW Developer Conference Security - Instance-based Security with SAF 13 - 6
ICW Developer Conference - May 2008 Outlook – 1.0 Release • Crypto provider reference implementation • AspectJ load-time weaving • AspectJ 1.6 upgrade - Support for parameter-level annotations • OSGi support - Make SAF components OSGi compliant bundles - OSGi sample application using SAF components • Security annotations on - Static domain object methods - Constructors • Documentation extensions - Document new features, more examples - Translate Java Magazin article to English • Acegi authorization provider integration (optional) 07.05.2008 ICW Developer Conference Resources • Project Site - http://sourceforge.net/projects/safr • Web Site - http://safr.sourceforge.net/ • Article - Instanz-basierte Zugriffskontrolle, Java Magazin 7.2007 07.05.2008 ICW Developer Conference Security - Instance-based Security with SAF 13 - 7
ICW Developer Conference - May 2008 Live Demo • Notebook web application 07.05.2008 ICW Developer Conference Thank you for your attention! martin.krasser@icw.de Security - Instance-based Security with SAF 13 - 8

Empfohlen

Cisco Study: State of Web Security
Cisco Study: State of Web Security Cisco Study: State of Web Security
Cisco Study: State of Web Security Cisco Canada
 
Netflow analyzer- Datasheet
Netflow analyzer- DatasheetNetflow analyzer- Datasheet
Netflow analyzer- DatasheetINSPIRIT BRASIL
 
HTLV - DSS @Vilnius 2010
HTLV - DSS @Vilnius 2010HTLV - DSS @Vilnius 2010
HTLV - DSS @Vilnius 2010Andris Soroka
 
Forecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Forecast 2012 Panel: Security POC NAB, Terremark, TrapezoidForecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Forecast 2012 Panel: Security POC NAB, Terremark, TrapezoidOpen Data Center Alliance
 
OpSource Enterprise-Class Security
OpSource Enterprise-Class Security OpSource Enterprise-Class Security
OpSource Enterprise-Class Security OpSource
 
CCNA Security - Chapter 8
CCNA Security - Chapter 8CCNA Security - Chapter 8
CCNA Security - Chapter 8Irsandi Hasan
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data CenterCisco Canada
 
Palo alto networks product overview
Palo alto networks product overviewPalo alto networks product overview
Palo alto networks product overviewBelsoft
 

Empfohlen

Cisco Study: State of Web Security
Cisco Study: State of Web Security Cisco Study: State of Web Security
Cisco Study: State of Web Security Cisco Canada
 
Netflow analyzer- Datasheet
Netflow analyzer- DatasheetNetflow analyzer- Datasheet
Netflow analyzer- DatasheetINSPIRIT BRASIL
 
HTLV - DSS @Vilnius 2010
HTLV - DSS @Vilnius 2010HTLV - DSS @Vilnius 2010
HTLV - DSS @Vilnius 2010Andris Soroka
 
Forecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Forecast 2012 Panel: Security POC NAB, Terremark, TrapezoidForecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Forecast 2012 Panel: Security POC NAB, Terremark, TrapezoidOpen Data Center Alliance
 
OpSource Enterprise-Class Security
OpSource Enterprise-Class Security OpSource Enterprise-Class Security
OpSource Enterprise-Class Security OpSource
 
CCNA Security - Chapter 8
CCNA Security - Chapter 8CCNA Security - Chapter 8
CCNA Security - Chapter 8Irsandi Hasan
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data CenterCisco Canada
 
Palo alto networks product overview
Palo alto networks product overviewPalo alto networks product overview
Palo alto networks product overviewBelsoft
 
FortiGate-310B Datasheet
FortiGate-310B DatasheetFortiGate-310B Datasheet
FortiGate-310B Datasheetdemoteam
 
Datasheet stonegate ips-allinone
Datasheet stonegate ips-allinoneDatasheet stonegate ips-allinone
Datasheet stonegate ips-allinoneMultibyte Consultoria
 
Datasheet stonegate fw-allinone
Datasheet stonegate fw-allinoneDatasheet stonegate fw-allinone
Datasheet stonegate fw-allinoneMultibyte Consultoria
 
Secure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by PorticorSecure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by PorticorNewvewm
 
F5's IP Intelligence Service
F5's IP Intelligence ServiceF5's IP Intelligence Service
F5's IP Intelligence ServiceF5 Networks
 
Switch
SwitchSwitch
Switch1 2d
 
ISE_Pub
ISE_PubISE_Pub
ISE_PubWill Hatcher
 
F5 Networks: Introduction to Silverline WAF (web application firewall)
F5 Networks: Introduction to Silverline WAF (web application firewall)F5 Networks: Introduction to Silverline WAF (web application firewall)
F5 Networks: Introduction to Silverline WAF (web application firewall)F5 Networks
 
OCS LIA
OCS LIAOCS LIA
OCS LIAsimoninsa
 
Azure F5 Solutions
Azure F5 SolutionsAzure F5 Solutions
Azure F5 SolutionsMarketingArrowECS_CZ
 
Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Yes, you can be pci compliant using a public iaas cloud a case study by phi...Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Yes, you can be pci compliant using a public iaas cloud a case study by phi...Khazret Sapenov
 
Integrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processesIntegrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processesVladimir Jirasek
 
Demystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISEDemystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISECisco Canada
 
Data Center Security Now and into the Future
Data Center Security Now and into the FutureData Center Security Now and into the Future
Data Center Security Now and into the FutureCisco Security
 
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks VMworld
 
Simplifying the secure data center
Simplifying the secure data centerSimplifying the secure data center
Simplifying the secure data centerCisco Canada
 
Key Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation FirewallsKey Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation FirewallsAlgoSec
 
Data Center Security
Data Center SecurityData Center Security
Data Center SecurityCisco Canada
 
BIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionBIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionF5 Networks
 
Refense Security Risk Briefing July 2009
Refense Security Risk Briefing July 2009Refense Security Risk Briefing July 2009
Refense Security Risk Briefing July 2009apompliano
 
Zephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdfZephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdfibramax
 
Top 10 IaaS Highlights for Developers
Top 10 IaaS Highlights for DevelopersTop 10 IaaS Highlights for Developers
Top 10 IaaS Highlights for DevelopersMicrosoft Tech Community
 

Weitere ähnliche Inhalte

Was ist angesagt?

FortiGate-310B Datasheet
FortiGate-310B DatasheetFortiGate-310B Datasheet
FortiGate-310B Datasheetdemoteam
 
Secure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by PorticorSecure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by PorticorNewvewm
 
F5's IP Intelligence Service
F5's IP Intelligence ServiceF5's IP Intelligence Service
F5's IP Intelligence ServiceF5 Networks
 
Switch
SwitchSwitch
Switch1 2d
 
F5 Networks: Introduction to Silverline WAF (web application firewall)
F5 Networks: Introduction to Silverline WAF (web application firewall)F5 Networks: Introduction to Silverline WAF (web application firewall)
F5 Networks: Introduction to Silverline WAF (web application firewall)F5 Networks
 
Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Yes, you can be pci compliant using a public iaas cloud a case study by phi...Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Yes, you can be pci compliant using a public iaas cloud a case study by phi...Khazret Sapenov
 
Integrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processesIntegrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processesVladimir Jirasek
 
Demystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISEDemystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISECisco Canada
 
Data Center Security Now and into the Future
Data Center Security Now and into the FutureData Center Security Now and into the Future
Data Center Security Now and into the FutureCisco Security
 
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks VMworld
 
Simplifying the secure data center
Simplifying the secure data centerSimplifying the secure data center
Simplifying the secure data centerCisco Canada
 
Key Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation FirewallsKey Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation FirewallsAlgoSec
 
Data Center Security
Data Center SecurityData Center Security
Data Center SecurityCisco Canada
 
BIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionBIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionF5 Networks
 
Refense Security Risk Briefing July 2009
Refense Security Risk Briefing July 2009Refense Security Risk Briefing July 2009
Refense Security Risk Briefing July 2009apompliano
 

Was ist angesagt? (20)

FortiGate-310B Datasheet
FortiGate-310B DatasheetFortiGate-310B Datasheet
FortiGate-310B Datasheet
 
Datasheet stonegate ips-allinone
Datasheet stonegate ips-allinoneDatasheet stonegate ips-allinone
Datasheet stonegate ips-allinone
 
Datasheet stonegate fw-allinone
Datasheet stonegate fw-allinoneDatasheet stonegate fw-allinone
Datasheet stonegate fw-allinone
 
Secure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by PorticorSecure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by Porticor
 
F5's IP Intelligence Service
F5's IP Intelligence ServiceF5's IP Intelligence Service
F5's IP Intelligence Service
 
Switch
SwitchSwitch
Switch
 
ISE_Pub
ISE_PubISE_Pub
ISE_Pub
 
F5 Networks: Introduction to Silverline WAF (web application firewall)
F5 Networks: Introduction to Silverline WAF (web application firewall)F5 Networks: Introduction to Silverline WAF (web application firewall)
F5 Networks: Introduction to Silverline WAF (web application firewall)
 
OCS LIA
OCS LIAOCS LIA
OCS LIA
 
Azure F5 Solutions
Azure F5 SolutionsAzure F5 Solutions
Azure F5 Solutions
 
Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Yes, you can be pci compliant using a public iaas cloud a case study by phi...Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Yes, you can be pci compliant using a public iaas cloud a case study by phi...
 
Integrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processesIntegrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processes
 
Demystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISEDemystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISE
 
Data Center Security Now and into the Future
Data Center Security Now and into the FutureData Center Security Now and into the Future
Data Center Security Now and into the Future
 
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
 
Simplifying the secure data center
Simplifying the secure data centerSimplifying the secure data center
Simplifying the secure data center
 
Key Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation FirewallsKey Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation Firewalls
 
Data Center Security
Data Center SecurityData Center Security
Data Center Security
 
BIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionBIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall Solution
 
Refense Security Risk Briefing July 2009
Refense Security Risk Briefing July 2009Refense Security Risk Briefing July 2009
Refense Security Risk Briefing July 2009
 

Ähnlich wie ICW Developer Conference - Instance-based Security with SAF

Zephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdfZephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdfibramax
 
SPEC INDIA Java Case Study
SPEC INDIA Java Case StudySPEC INDIA Java Case Study
SPEC INDIA Java Case StudySPEC INDIA
 
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the CloudsRationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the CloudsBob Rhubart
 
CCNA Security - Chapter 6
CCNA Security - Chapter 6CCNA Security - Chapter 6
CCNA Security - Chapter 6Irsandi Hasan
 
Java Platform Security Architecture
Java Platform Security ArchitectureJava Platform Security Architecture
Java Platform Security ArchitectureRamesh Nagappan
 
IBM DataPower Weekly Webcast - The Value of Datapower Frameworks - 11.03.17
IBM DataPower Weekly Webcast - The Value of Datapower Frameworks - 11.03.17 IBM DataPower Weekly Webcast - The Value of Datapower Frameworks - 11.03.17
IBM DataPower Weekly Webcast - The Value of Datapower Frameworks - 11.03.17 Natalia Kataoka
 
SaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsSaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsKannan Subbiah
 
ADDRESSING TOMORROW'S SECURITY REQUIREMENTS IN ENTERPRISE APPLICATIONS
ADDRESSING TOMORROW'S SECURITY REQUIREMENTS IN ENTERPRISE APPLICATIONSADDRESSING TOMORROW'S SECURITY REQUIREMENTS IN ENTERPRISE APPLICATIONS
ADDRESSING TOMORROW'S SECURITY REQUIREMENTS IN ENTERPRISE APPLICATIONSelliando dias
 
SUGCON EU 2023 - Secure Composable SaaS.pptx
SUGCON EU 2023 - Secure Composable SaaS.pptxSUGCON EU 2023 - Secure Composable SaaS.pptx
SUGCON EU 2023 - Secure Composable SaaS.pptxVasiliy Fomichev
 
Jain Sip Tutorial
Jain Sip TutorialJain Sip Tutorial
Jain Sip Tutorialrajibdk
 
WebSockets in Enterprise Applications
WebSockets in Enterprise ApplicationsWebSockets in Enterprise Applications
WebSockets in Enterprise ApplicationsPavel Bucek
 
IBM Impact session CICS & java a tale of liberty
IBM Impact session CICS & java a tale of libertyIBM Impact session CICS & java a tale of liberty
IBM Impact session CICS & java a tale of libertynick_garrod
 
Dr. David Movshovitz - Navajo SaaS
Dr. David Movshovitz - Navajo SaaSDr. David Movshovitz - Navajo SaaS
Dr. David Movshovitz - Navajo SaaSCSAIsrael
 
SevillaJUG - Unleash the power of your applications with Micronaut® ,GraalVM...
SevillaJUG - Unleash the power of your applications with Micronaut® ,GraalVM...SevillaJUG - Unleash the power of your applications with Micronaut® ,GraalVM...
SevillaJUG - Unleash the power of your applications with Micronaut® ,GraalVM...Juarez Junior
 
Enabling .NET Apps with Monitoring and Management Using Steeltoe
Enabling .NET Apps with Monitoring and Management Using SteeltoeEnabling .NET Apps with Monitoring and Management Using Steeltoe
Enabling .NET Apps with Monitoring and Management Using SteeltoeVMware Tanzu
 
GeeCon Prague 2023 - Unleash the power of your applications with Micronaut®, ...
GeeCon Prague 2023 - Unleash the power of your applications with Micronaut®, ...GeeCon Prague 2023 - Unleash the power of your applications with Micronaut®, ...
GeeCon Prague 2023 - Unleash the power of your applications with Micronaut®, ...Juarez Junior
 
Webinar: Unifying storage for EMC & NetApp
Webinar: Unifying storage for EMC & NetAppWebinar: Unifying storage for EMC & NetApp
Webinar: Unifying storage for EMC & NetAppJeannette Grand
 

Ähnlich wie ICW Developer Conference - Instance-based Security with SAF (20)

Zephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdfZephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdf
 
Top 10 IaaS Highlights for Developers
Top 10 IaaS Highlights for DevelopersTop 10 IaaS Highlights for Developers
Top 10 IaaS Highlights for Developers
 
SPEC INDIA Java Case Study
SPEC INDIA Java Case StudySPEC INDIA Java Case Study
SPEC INDIA Java Case Study
 
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the CloudsRationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
 
CCNA Security - Chapter 6
CCNA Security - Chapter 6CCNA Security - Chapter 6
CCNA Security - Chapter 6
 
Java Platform Security Architecture
Java Platform Security ArchitectureJava Platform Security Architecture
Java Platform Security Architecture
 
IBM DataPower Weekly Webcast - The Value of Datapower Frameworks - 11.03.17
IBM DataPower Weekly Webcast - The Value of Datapower Frameworks - 11.03.17 IBM DataPower Weekly Webcast - The Value of Datapower Frameworks - 11.03.17
IBM DataPower Weekly Webcast - The Value of Datapower Frameworks - 11.03.17
 
Enterprise Security & SSO
Enterprise Security & SSOEnterprise Security & SSO
Enterprise Security & SSO
 
SaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsSaaS Challenges & Security Concerns
SaaS Challenges & Security Concerns
 
ADDRESSING TOMORROW'S SECURITY REQUIREMENTS IN ENTERPRISE APPLICATIONS
ADDRESSING TOMORROW'S SECURITY REQUIREMENTS IN ENTERPRISE APPLICATIONSADDRESSING TOMORROW'S SECURITY REQUIREMENTS IN ENTERPRISE APPLICATIONS
ADDRESSING TOMORROW'S SECURITY REQUIREMENTS IN ENTERPRISE APPLICATIONS
 
SUGCON EU 2023 - Secure Composable SaaS.pptx
SUGCON EU 2023 - Secure Composable SaaS.pptxSUGCON EU 2023 - Secure Composable SaaS.pptx
SUGCON EU 2023 - Secure Composable SaaS.pptx
 
Jain Sip Tutorial
Jain Sip TutorialJain Sip Tutorial
Jain Sip Tutorial
 
WebSockets in Enterprise Applications
WebSockets in Enterprise ApplicationsWebSockets in Enterprise Applications
WebSockets in Enterprise Applications
 
IBM Impact session CICS & java a tale of liberty
IBM Impact session CICS & java a tale of libertyIBM Impact session CICS & java a tale of liberty
IBM Impact session CICS & java a tale of liberty
 
Dr. David Movshovitz - Navajo SaaS
Dr. David Movshovitz - Navajo SaaSDr. David Movshovitz - Navajo SaaS
Dr. David Movshovitz - Navajo SaaS
 
SevillaJUG - Unleash the power of your applications with Micronaut® ,GraalVM...
SevillaJUG - Unleash the power of your applications with Micronaut® ,GraalVM...SevillaJUG - Unleash the power of your applications with Micronaut® ,GraalVM...
SevillaJUG - Unleash the power of your applications with Micronaut® ,GraalVM...
 
Enabling .NET Apps with Monitoring and Management Using Steeltoe
Enabling .NET Apps with Monitoring and Management Using SteeltoeEnabling .NET Apps with Monitoring and Management Using Steeltoe
Enabling .NET Apps with Monitoring and Management Using Steeltoe
 
GeeCon Prague 2023 - Unleash the power of your applications with Micronaut®, ...
GeeCon Prague 2023 - Unleash the power of your applications with Micronaut®, ...GeeCon Prague 2023 - Unleash the power of your applications with Micronaut®, ...
GeeCon Prague 2023 - Unleash the power of your applications with Micronaut®, ...
 
Ashwin Resume
Ashwin ResumeAshwin Resume
Ashwin Resume
 
Webinar: Unifying storage for EMC & NetApp
Webinar: Unifying storage for EMC & NetAppWebinar: Unifying storage for EMC & NetApp
Webinar: Unifying storage for EMC & NetApp
 

Kürzlich hochgeladen

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 

Kürzlich hochgeladen (20)

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 

ICW Developer Conference - Instance-based Security with SAF

  • 1. ICW Developer Conference - May 2008 Instance-based Security with the Security Annotation Framework (SAF) ICW Developer Conference Martin Krasser / 07.05.2008 Martin Krasser • Software Architect @ Professional Gate • Focus - Application Security - Application Integration Platforms - Application Integration Solutions - Research & Development 07.05.2008 ICW Developer Conference Security - Instance-based Security with SAF 13 - 1
  • 2. ICW Developer Conference - May 2008 Agenda • Introduction • Architecture • Code Examples • Outlook • Live Demo 07.05.2008 ICW Developer Conference Overview • Open Source Security Project @ sourceforge.net - Instance-level access control - Attribute-level encryption • Driven by Java 5 Annotations - @Secure and @Filter annotations to enforce access decisions - @Encrypt annotation to trigger encryption/decryption operations • Framework with provider interfaces (SPI) for - Authorization Providers - Encryption Providers - Reference implementations available 07.05.2008 ICW Developer Conference Security - Instance-based Security with SAF 13 - 2
  • 3. ICW Developer Conference - May 2008 Motivations • Java EE doesn‘t provide instance-level access control mechanisms - Access decisions and policy definitions in Java EE only based on static application properties (methods, ...) - Instance-level access control is additionally based on runtime application properties (domain object state, ...) • Encryption mechanisms decoupled from data storage/binding mechanisms - No Hibernate-specific encryption interceptors ... - No JAXB-specific marshal/unmarshal listeners ... • Avoid complex configurations - No need to deal with Spring/AspectJ AOP details - Place security interceptors using annotations • Support for pluggable authorization and crypto providers - Access control and encryption logic provided by plugins/providers - Different applications have significantly different access control and encryption requirements 07.05.2008 ICW Developer Conference History • SAF initially developed as part of the eHF - Refactoring of complex Spring/AspectJ AOP configurations • Open source since March 2007 - Apache 2.0 License • Three releases so far - Latest release is 0.8.2 (production-stable) - Current development on 0.9-SNAPSHOT 07.05.2008 ICW Developer Conference Security - Instance-based Security with SAF 13 - 3
  • 4. ICW Developer Conference - May 2008 SAF Access Control Architecture Security Domain SAF Core Requestor Interceptor Object AccessManager SAF JAAS Authorization Spring Security Provider ... • Security Interceptor (Policy Enforcement Point) - Implemented by annotating domain objects, methods and method parameters • Authorization Providers (Policy Decision Point) - Makes access decisions based on class instances - Reference implementation based on JAAS extensions 07.05.2008 ICW Developer Conference SAF Crypto Architecture Crypto Instance SAF Core Requestor Interceptor Attribute CryptoProvider SAF Crypto Crypto ... Provider • Crypto Interceptor - Implemented by annotating instance attributes • Crypto Service Provider - Runs encrypt/decrypt operations - Reference implementation coming soon 07.05.2008 ICW Developer Conference Security - Instance-based Security with SAF 13 - 4
  • 5. ICW Developer Conference - May 2008 Code Example – Access Control 07.05.2008 ICW Developer Conference Code Example – Attribute Encryption • BUT: No crypto operations for access via reflection • Hibernate can be configured for reflective access (field access) - Encrypted storage of attribute values in databases • JAXB2 can be configured for reflective access (field access) - XML binding of encrypted attribute values 07.05.2008 ICW Developer Conference Security - Instance-based Security with SAF 13 - 5
  • 6. ICW Developer Conference - May 2008 Configuration Spring 2.5 Application Context Provider Implementations loads 07.05.2008 ICW Developer Conference Behind the Scenes Client Spring AOP AspectJ Spring Method Enhanced AspectJ RT CT Bytecode AOP Proxy Interceptor Advice Domain Object Application Service SAF Spring Bean Infrastructure RT Created at runtime Access Created at compile time Manager CT 07.05.2008 ICW Developer Conference Security - Instance-based Security with SAF 13 - 6
  • 7. ICW Developer Conference - May 2008 Outlook – 1.0 Release • Crypto provider reference implementation • AspectJ load-time weaving • AspectJ 1.6 upgrade - Support for parameter-level annotations • OSGi support - Make SAF components OSGi compliant bundles - OSGi sample application using SAF components • Security annotations on - Static domain object methods - Constructors • Documentation extensions - Document new features, more examples - Translate Java Magazin article to English • Acegi authorization provider integration (optional) 07.05.2008 ICW Developer Conference Resources • Project Site - http://sourceforge.net/projects/safr • Web Site - http://safr.sourceforge.net/ • Article - Instanz-basierte Zugriffskontrolle, Java Magazin 7.2007 07.05.2008 ICW Developer Conference Security - Instance-based Security with SAF 13 - 7
  • 8. ICW Developer Conference - May 2008 Live Demo • Notebook web application 07.05.2008 ICW Developer Conference Thank you for your attention! martin.krasser@icw.de Security - Instance-based Security with SAF 13 - 8