Professional Documents
Culture Documents
Architecture Deep Dive in Spring Security: Joe Grandja @joe - Grandja
Architecture Deep Dive in Spring Security: Joe Grandja @joe - Grandja
in
Spring Security
Joe Grandja
@joe_grandja
github.com/jgrandja
3 Key Areas in Security
• Authentication
• Authorization
• Exception Handling
@spring_io
#springio17
User Database
@spring_io
#springio17
DEMO
@spring_io
#springio17
AUTHENTICATION
AUTHORIZATION
EXCEPTION HANDLING
@spring_io
#springio17
Authentication Filter
@spring_io
#springio17
Authentication
Authentication
Principal: joe@example.com
Credentials: password
Authorities: ——
Authenticated: FALSE
Authentication
Principal: UserDetails
Credentials: ——
Authorities: ROLE_USER
Authenticated: TRUE
. . .
}
@spring_io
#springio17
UserDetails / Service
public interface UserDetailsService {
UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException;
}
. . .
}
@spring_io
#springio17
Security Context
SecurityContextHolder.getContext().setAuthentication(authenticated);
@spring_io
#springio17
Authentication Recap
@spring_io
#springio17
AUTHENTICATION
AUTHORIZATION
EXCEPTION HANDLING
@spring_io
#springio17
Filter Security Interceptor
Authentication
Principal: UserDetails
Credentials: ——
Authorities: ROLE_USER
Authenticated: TRUE
Security Metadata
@spring_io
#springio17
Access Decision
Authentication
Principal: UserDetails
Credentials: ——
Authorities: ROLE_USER
Authenticated: TRUE
Security Metadata
@spring_io
#springio17
Authorization Recap
@spring_io
#springio17
AUTHENTICATION
AUTHORIZATION
EXCEPTION HANDLING
@spring_io
#springio17
Access Denied
Authentication
Principal: UserDetails
Credentials: ——
Authorities: ROLE_USER
Authenticated: TRUE
Security Metadata
@spring_io
#springio17
Access Denied Handler
@spring_io
#springio17
“Unauthenticated”
Authentication
Principal: anonymousUser
Security Metadata
@spring_io
#springio17
Start Authentication
@spring_io
#springio17
Exception Handling Recap
@spring_io
#springio17
Summary
Authentication
Authorization
Exception Handling
@spring_io
#springio17
Spring Security Filter Chain
@spring_io
#springio17
Q&A
github.com/jgrandja/messaging-sample
@spring_io
#springio17