SlideShare ist ein Scribd-Unternehmen logo
1 von 54
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
From JASPIC to Security API
Modern Application Security
Michael Remijan
System Architect,
Federal Reserve Bank St. Louis
JavaOne 2017 CON5954 Modern Application and Microservices Security from EE6 JASPIC to the EE8 Security API Moscone West Room 2024 Tues 03 Oct 2017
@mjremijan
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
About Me
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Where I work?
@since 2014
• Federal Reserve Bank St. Louis
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
What I do?
@since 1999
• Java EE
• Architect
• Scrum Master
• Tech Lead
• Developer
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
What I write?
@since 2014
• EJB in Action Second Edition
• EJB 3.2 – EE7 & EE8
@since 2010
• http://mjremijan.blogspot.com
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
What I teach?
@since 2009
• Adjunct Instructor
• Java I
• Java II
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
What’s the goal of this presentation?
• Get you to think: Java EE Security
• EE 7 or 8
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
What are we going to talk about?
• I just need to put my code somewhere to build “User”
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
History of EE Security
Servlet JASPIC (JSR 196) Security API (JSR 375)
https://readlearncode.com/java-ee/java-ee-past-present-and-future/
Pre-Modern Era Modern Era Post-Modern Era
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Pre-Modern era architecture
• Desktop ->Web
• 1 Application
• How do you
implement
Security?
http://www.softwaretestingclass.com/what-is-difference-between-two-tier-and-three-tier-architecture/
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Pre-Modern era…A tale of EE Security
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Pre-Modern era…A tale of EE Security
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Pre-Modern era…A tale of EE Security
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Pre-Modern era…A tale of EE Security
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Pre-Modern era…A tale of EE Security
https://ivanursul.com/spring-security-avoiding-basic-authentication-window-in-your-browser
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Pre-Modern era…A tale of EE Security
http://www.security-expert.be/
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Pre-Modern era…A tale of EE Security
• Sound familiar?
• Most common introduction to EE Security
• Quickly abandoned
• Inflexible
• A lot of server configuration
• There is no where to put my code!
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Modern era architecture
• Multiple applications
• Add another tier
• Identity-management
• SSO
• Federation…
• How do you
implement
Security?
https://blogs.vmware.com/vfabric/2013/03/putting-the-single-back-in-single-sign-on-sso.html
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Modern era…A tale of EE Security
• Create account
• Email
• OpenId
• OAuth2…
• Account activation
• Login (multi-factor)
• Validate location
• Account locking
• Password reset (reCaptica)
• Account disabling
• Password expiration
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Modern era…A tale of EE Security
What is this?
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Modern era…A tale of EE Security
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Consuming authorization HEADER
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Consuming authorization HEADER
• Does @WebFilter Work?
• Nope!
• EE Server enforces security before @WebFilter
• Other options to consume the HEADER?
• Where else can I put my code?
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Consuming authorization HEADER
This is where JASPIC comes in
• Move your code out of @WebFilter
• Put it into the JASPIC API
• Probably something you haven’t heard of
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Java EE6+ JASPIC
• @since 2009
• JSR-196 Java Authentication Service Provider Interface for
Containers (JASPIC)
• ServerAuthModule (interface)
• Executed by EE Server before enforcing any security
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Java EE6+ JASPIC
• How do you register JASPIC ServerAuthModule?
• It’s a 5 step process
Tijms, A. (2012, November 7). Implementing container authentication in Java EE with JASPIC.
Retrieved from http://arjan-tijms.omnifaces.org/2012/11/implementing-container-authentication.html
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Register JASPIC ServerAuthModule?
Step #1
• Create:
@WebListener
MyContextListener implements ServletContextListener
• Get factory-factory-factory AuthConfigFactory
• Register factory-factory AuthConfigProvider
Tijms, A. (2012, November 7). Implementing container authentication in Java EE with JASPIC.
Retrieved from http://arjan-tijms.omnifaces.org/2012/11/implementing-container-authentication.html
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Register JASPIC ServerAuthModule?
Step #2
• Create
MyAuthConfigProvider implements AuthConfigProvider
• Register factory ServerAuthConfig
Tijms, A. (2012, November 7). Implementing container authentication in Java EE with JASPIC.
Retrieved from http://arjan-tijms.omnifaces.org/2012/11/implementing-container-authentication.html
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Register JASPIC ServerAuthModule?
Step #3
• Create
MyServerAuthConfig implements ServerAuthConfig
• Creates delegator ServerAuthContext
Tijms, A. (2012, November 7). Implementing container authentication in Java EE with JASPIC.
Retrieved from http://arjan-tijms.omnifaces.org/2012/11/implementing-container-authentication.html
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Register JASPIC ServerAuthModule?
Step #4
• Create
MyServerAuthContext implements ServerAuthContext
• Creates authentication module ServerAuthModule
Tijms, A. (2012, November 7). Implementing container authentication in Java EE with JASPIC.
Retrieved from http://arjan-tijms.omnifaces.org/2012/11/implementing-container-authentication.html
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Register JASPIC ServerAuthModule?
Step #5
• Create
MyServerAuthModule implements ServerAuthModule
• This is where you finally put your code
• Building a Principal
• Getting roles/groups
• EE6 goal was flexibility
Tijms, A. (2012, November 7). Implementing container authentication in Java EE with JASPIC.
Retrieved from http://arjan-tijms.omnifaces.org/2012/11/implementing-container-authentication.html
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
How do you secure EE Components?
• Use standard EE security to secure components:
• Servlet
• JSP
• JSF/AJAX
• JAX-RS
• EJB
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Securing Servlet
web.xml
EMPTY
glassfish-web.xml
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Securing JSP
glassfish-web.xml
web.xml
EMPTY
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Securing JSF Page & AJAX call
glassfish-web.xml
web.xml
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Securing JSF @Named bean
glassfish-web.xml
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Securing JAX-RS #1
web.xml
glassfish-web.xml
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Securing JAX-RS #2
glassfish-web.xml
web.xml
EMPTY
Bien, A. (2015, December 07). What Is Faster--EJBs Or CDI? A JMH Benchmark. Retrieved from
http://adambien.blog/roller/abien/entry/what_is_faster_ejbs_or
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Securing JAX-RS #3
web.xml
EMPTY
glassfish-web.xml
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Securing JAX-RS #4
• What about JWT?
• JAX-RS has its own @PreMatching filters DecodeToken
In
ServerAuthModule
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Securing EJB
glassfish-web.xml
web.xml
EMPTY
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
So what’s the catch?
• JASPIC ignored when EE6 came out
• Overshadowed
• Web-Profile
• CDI
• JAX-RS
• Pre-EE8
• Full-profile only
• Vender support of open standard is tricky
• Tijms, A (2016, December 04). The state of portable authentication in Java
EE, end 2016 update. Retrieved from http://arjan-
tijms.omnifaces.org/2016/12/the-state-of-portable-authentication-in.html
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Are we still living in the modern era?
• Kinda, sorta
• Still have multiple
applications, but…
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Post-Modern era…
• Security is
needed
everywhere!
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Post-Modern era security with EE8
• JSR 375 Java EE Security 1.0
• Soteria RI
• Goals
• Modernization
• Simplification
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
What’s new in SecurityAPI?
Establishes some common definitions
• IdentityStore
• Caller data
• Credentials
• Groups
• Authentication mechanism
• How the caller interacts with the server
• Typically UI Rendering
http://arjan-tijms.omnifaces.org/p/whats-new-in-java-ee-security-api-10.html
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
IdentityStore
Built-in Identity Stores
• @EmbeddedIdentityStoreDefinition
• @DataBaseIdentityStoreDefinition
• @LdapIdentityStoreDefinition
Build your own
• Implement IdentityStore
• Embed into your application
• Auto-registration
• Multiple implementations with different responsibilities
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
IdentityStore –Validate caller
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
IdentityStore – Groups A,B,C...
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Authentication Mechanism
Built-in authentication mechanisms
1. @BasicAuthenticationMechanismDefinition
2. Digest
3. Client-cert
4. @FormAuthenticationMechanismDefinition
@CustomFormAuthenticationMechanismDefinition
Build your own
• Implement HttpAuthenticationMechanism
• Embed into your application
• Auto-registration
• Replaces JASPIC ServerAuthModule
http://arjan-tijms.omnifaces.org/p/whats-new-in-java-ee-security-api-10.html
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Authentication Mechanism
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Conclusions
• EE6 JASPIC brought flexibility to EE security
• Gave you a place to put your code
• ServerAuthModule
• EE8 Security API brought simplification to EE security
• HttpAuthenticationMechanism
• Both give full control over creating a Principal and roles/groups
• SoThink EE Security!
slideshare.net/mjremijan github.com/mjremijan/thoth-jaspic github.com/mjremijan/thoth-security-api
Thank you
mjremijan@yahoo.com
@mjremijan
http://mjremijan.blogspot.com
https://github.com/mjremijan
http://www.slideshare.net/mjremijan

Weitere ähnliche Inhalte

Was ist angesagt?

20+ Ways to Bypass Your macOS Privacy Mechanisms
20+ Ways to Bypass Your macOS Privacy Mechanisms20+ Ways to Bypass Your macOS Privacy Mechanisms
20+ Ways to Bypass Your macOS Privacy Mechanisms
SecuRing
 

Was ist angesagt? (20)

Java Web Application Security - UberConf 2011
Java Web Application Security - UberConf 2011Java Web Application Security - UberConf 2011
Java Web Application Security - UberConf 2011
 
Microservices for the Masses with Spring Boot, JHipster, and OAuth - Utah JUG...
Microservices for the Masses with Spring Boot, JHipster, and OAuth - Utah JUG...Microservices for the Masses with Spring Boot, JHipster, and OAuth - Utah JUG...
Microservices for the Masses with Spring Boot, JHipster, and OAuth - Utah JUG...
 
Security Patterns for Microservice Architectures - ADTMag Microservices & API...
Security Patterns for Microservice Architectures - ADTMag Microservices & API...Security Patterns for Microservice Architectures - ADTMag Microservices & API...
Security Patterns for Microservice Architectures - ADTMag Microservices & API...
 
Bootiful Development with Spring Boot and React - Richmond JUG 2018
Bootiful Development with Spring Boot and React - Richmond JUG 2018Bootiful Development with Spring Boot and React - Richmond JUG 2018
Bootiful Development with Spring Boot and React - Richmond JUG 2018
 
Case Study: Migrating Hyperic from EJB to Spring from JBoss to Apache Tomcat
Case Study: Migrating Hyperic from EJB to Spring from JBoss to Apache TomcatCase Study: Migrating Hyperic from EJB to Spring from JBoss to Apache Tomcat
Case Study: Migrating Hyperic from EJB to Spring from JBoss to Apache Tomcat
 
10 Excellent Ways to Secure Spring Boot Applications - Okta Webinar 2020
10 Excellent Ways to Secure Spring Boot Applications - Okta Webinar 202010 Excellent Ways to Secure Spring Boot Applications - Okta Webinar 2020
10 Excellent Ways to Secure Spring Boot Applications - Okta Webinar 2020
 
Java REST API Comparison: Micronaut, Quarkus, and Spring Boot - jconf.dev 2020
Java REST API Comparison: Micronaut, Quarkus, and Spring Boot - jconf.dev 2020Java REST API Comparison: Micronaut, Quarkus, and Spring Boot - jconf.dev 2020
Java REST API Comparison: Micronaut, Quarkus, and Spring Boot - jconf.dev 2020
 
Apache Roller, Acegi Security and Single Sign-on
Apache Roller, Acegi Security and Single Sign-onApache Roller, Acegi Security and Single Sign-on
Apache Roller, Acegi Security and Single Sign-on
 
Microservices for the Masses with Spring Boot, JHipster, and JWT - J-Spring 2017
Microservices for the Masses with Spring Boot, JHipster, and JWT - J-Spring 2017Microservices for the Masses with Spring Boot, JHipster, and JWT - J-Spring 2017
Microservices for the Masses with Spring Boot, JHipster, and JWT - J-Spring 2017
 
Microservices for the Masses with Spring Boot, JHipster, and JWT - Devoxx UK...
 Microservices for the Masses with Spring Boot, JHipster, and JWT - Devoxx UK... Microservices for the Masses with Spring Boot, JHipster, and JWT - Devoxx UK...
Microservices for the Masses with Spring Boot, JHipster, and JWT - Devoxx UK...
 
JavaOne India 2011 - Running your Java EE 6 Apps in the Cloud
JavaOne India 2011 - Running your Java EE 6 Apps in the CloudJavaOne India 2011 - Running your Java EE 6 Apps in the Cloud
JavaOne India 2011 - Running your Java EE 6 Apps in the Cloud
 
Front End Development for Back End Java Developers - Jfokus 2020
Front End Development for Back End Java Developers - Jfokus 2020Front End Development for Back End Java Developers - Jfokus 2020
Front End Development for Back End Java Developers - Jfokus 2020
 
20+ Ways to Bypass Your macOS Privacy Mechanisms
20+ Ways to Bypass Your macOS Privacy Mechanisms20+ Ways to Bypass Your macOS Privacy Mechanisms
20+ Ways to Bypass Your macOS Privacy Mechanisms
 
AWS Survival Guide
AWS Survival GuideAWS Survival Guide
AWS Survival Guide
 
Bootiful Development with Spring Boot and React - SpringOne 2017
Bootiful Development with Spring Boot and React - SpringOne 2017Bootiful Development with Spring Boot and React - SpringOne 2017
Bootiful Development with Spring Boot and React - SpringOne 2017
 
Mobile Development with Ionic, React Native, and JHipster - ACGNJ Java Users ...
Mobile Development with Ionic, React Native, and JHipster - ACGNJ Java Users ...Mobile Development with Ionic, React Native, and JHipster - ACGNJ Java Users ...
Mobile Development with Ionic, React Native, and JHipster - ACGNJ Java Users ...
 
Java REST API Framework Comparison - PWX 2021
Java REST API Framework Comparison - PWX 2021Java REST API Framework Comparison - PWX 2021
Java REST API Framework Comparison - PWX 2021
 
Web App Security for Java Developers - PWX 2021
Web App Security for Java Developers - PWX 2021Web App Security for Java Developers - PWX 2021
Web App Security for Java Developers - PWX 2021
 
Choosing a Java Web Framework
Choosing a Java Web FrameworkChoosing a Java Web Framework
Choosing a Java Web Framework
 
LASCON 2016 - It's 10PM Do You Know Where Your Access Keys Are?
LASCON 2016 - It's 10PM Do You Know Where Your Access Keys Are?LASCON 2016 - It's 10PM Do You Know Where Your Access Keys Are?
LASCON 2016 - It's 10PM Do You Know Where Your Access Keys Are?
 

Ähnlich wie Modern Application and Microservices Security from EE6 JASPIC to the EE8 Security API

Writing Secure SharePoint Code - SharePoint Saturday Toronto
Writing Secure SharePoint Code - SharePoint Saturday TorontoWriting Secure SharePoint Code - SharePoint Saturday Toronto
Writing Secure SharePoint Code - SharePoint Saturday Toronto
Eli Robillard
 
You wanna crypto in AEM
You wanna crypto in AEMYou wanna crypto in AEM
You wanna crypto in AEM
Damien Antipa
 
Attacking AWS: the full cyber kill chain
Attacking AWS: the full cyber kill chainAttacking AWS: the full cyber kill chain
Attacking AWS: the full cyber kill chain
SecuRing
 

Ähnlich wie Modern Application and Microservices Security from EE6 JASPIC to the EE8 Security API (20)

Javacro 2014 Spring Security 3 Speech
Javacro 2014 Spring Security 3 SpeechJavacro 2014 Spring Security 3 Speech
Javacro 2014 Spring Security 3 Speech
 
Vault and Security as a Service
Vault and Security as a ServiceVault and Security as a Service
Vault and Security as a Service
 
JavaCro'14 - Securing web applications with Spring Security 3 – Fernando Redo...
JavaCro'14 - Securing web applications with Spring Security 3 – Fernando Redo...JavaCro'14 - Securing web applications with Spring Security 3 – Fernando Redo...
JavaCro'14 - Securing web applications with Spring Security 3 – Fernando Redo...
 
Writing Secure SharePoint Code - SharePoint Saturday Toronto
Writing Secure SharePoint Code - SharePoint Saturday TorontoWriting Secure SharePoint Code - SharePoint Saturday Toronto
Writing Secure SharePoint Code - SharePoint Saturday Toronto
 
Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...
Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...
Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...
 
Web App Security for Java Developers - UberConf 2021
Web App Security for Java Developers - UberConf 2021Web App Security for Java Developers - UberConf 2021
Web App Security for Java Developers - UberConf 2021
 
Cqcon2015
Cqcon2015Cqcon2015
Cqcon2015
 
OWASP SF - Reviewing Modern JavaScript Applications
OWASP SF - Reviewing Modern JavaScript ApplicationsOWASP SF - Reviewing Modern JavaScript Applications
OWASP SF - Reviewing Modern JavaScript Applications
 
You wanna crypto in AEM
You wanna crypto in AEMYou wanna crypto in AEM
You wanna crypto in AEM
 
Microservices for the Masses with Spring Boot, JHipster and OAuth - GIDS 2019
Microservices for the Masses with Spring Boot, JHipster and OAuth - GIDS 2019Microservices for the Masses with Spring Boot, JHipster and OAuth - GIDS 2019
Microservices for the Masses with Spring Boot, JHipster and OAuth - GIDS 2019
 
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложение
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложениеJS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложение
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложение
 
August 2018: DevSecOps - London Gathering
August 2018: DevSecOps - London GatheringAugust 2018: DevSecOps - London Gathering
August 2018: DevSecOps - London Gathering
 
Essential security measures in ASP.NET MVC
Essential security measures in ASP.NET MVC Essential security measures in ASP.NET MVC
Essential security measures in ASP.NET MVC
 
Using Security to Build with Confidence in AWS - Trend Micro
Using Security to Build with Confidence in AWS - Trend Micro Using Security to Build with Confidence in AWS - Trend Micro
Using Security to Build with Confidence in AWS - Trend Micro
 
Bsidesnova- Pentesting Methodology - Making bits less complicated
Bsidesnova- Pentesting Methodology - Making bits less complicatedBsidesnova- Pentesting Methodology - Making bits less complicated
Bsidesnova- Pentesting Methodology - Making bits less complicated
 
Bootiful Development with Spring Boot and Vue - Devnexus 2019
Bootiful Development with Spring Boot and Vue - Devnexus 2019Bootiful Development with Spring Boot and Vue - Devnexus 2019
Bootiful Development with Spring Boot and Vue - Devnexus 2019
 
Building a low cost hack lab
Building a low cost hack labBuilding a low cost hack lab
Building a low cost hack lab
 
Attacking AWS: the full cyber kill chain
Attacking AWS: the full cyber kill chainAttacking AWS: the full cyber kill chain
Attacking AWS: the full cyber kill chain
 
Continuous Delivery, Continuous Integration
Continuous Delivery, Continuous Integration Continuous Delivery, Continuous Integration
Continuous Delivery, Continuous Integration
 
HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試
HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試
HITCON Defense Summit 2019 - 從 SAST 談持續式資安測試
 

Kürzlich hochgeladen

Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
VictoriaMetrics
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
chiefasafspells
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
masabamasaba
 
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 

Kürzlich hochgeladen (20)

Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 

Modern Application and Microservices Security from EE6 JASPIC to the EE8 Security API

Hinweis der Redaktion

  1. Where was security specified over time? Servlet, JASPIC, Security API
  2. If I want to implement security, how do I do it?
  3. Pre-Modern era is probably where most LAST LOOKED at EE security
  4. If I want to implement security, how do I do it?
  5. What are all the responsibilities of an identity-management tier? Avoid doing all this yourself It’s a separate product!
  6. How do these IdentityStores get used? Authentication Mechanisms