SlideShare a Scribd company logo

Security authorizationusingspringsecurity-sathyaraj

Download as PPT, PDF
sathyaraj Anand
sathyaraj Anand

Mule Authorization

Technology
1 of 10
MULE –Component Authorization Using Spring Security
2 Component Authorization Using Spring Security This page describes how you can configure method-level authorization using Spring Security on your components so that users with different roles can only invoke certain methods.
3 Securing Flow Components To secure MethodInvocations, you must add a properly configured MethodSecurityInterceptor into the application context. The beans requiring security are chained into the interceptor. This chaining is accomplished using Spring’s ProxyFactoryBean or BeanNameAutoProxyCreator. Alternatively, Spring Security provides a MethodDefinitionSourceAdvisor, which you can use with Spring’s DefaultAdvisorAutoProxyCreator to automatically chain the security interceptor in front of any beans defined against the MethodSecurityInterceptor.
4 In addition to the daoAuthenticationProvider and inMemoryDaoImpl beans (see Configuring Security), the following beans must be configured: MethodSecurityInterceptor AuthenticationManager AccessDecisionManager AutoProxyCreator RoleVoter
5 The MethodSecurityInterceptor The MethodSecurityInterceptor is configured with a reference to the following: AuthenticationManager AccessDecisionManager
6 Following is a security interceptor for intercepting calls made to the methods of a component myComponent, which defines two methods: delete and writeSomething. Roles are set on these methods as seen below in the property securityMetadataSource. <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mule="http://www.mulesource.org/schema/mule/core" xmlns:mule-ss="http://www.mulesource.org/schema/mule/spring-security" ...cut... <bean id="myComponentSecurity" class="org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor"> <property name="authenticationManager" ref="authenticationManager"/> <property name="accessDecisionManager" ref="accessDecisionManager"/> <property name="securityMetadataSource"> <value> com.foo.myComponent.delete=ROLE_ADMIN com.foo.myComponent.writeSomething=ROLE_ANONYMOUS </value> </property> </bean>
7 The AuthenticationManager This bean is responsible for passing requests through a chain of AuthenticationProvider objects. <bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager"> <property name= "providers"> <list> <ref local="daoAuthenticationProvider"/> </list> </property> </bean>
8 The AccessDecisionManager This bean specifies that a user can access the protected methods if they have any one of the roles specified in the securityMetadataSource. <bean id="accessDecisionManager" class='org.springframework.security.access.vote.AffirmativeBased'> <property name="decisionVoters"> <list> <ref bean="roleVoter"/> </list> </property> </bean>
9 The AutoProxyCreator This bean defines a proxy for the protected bean. When an application asks Spring for a myComponent bean, it will get this proxy instead. <bean id="autoProxyCreator" class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator"> <property name="interceptorNames"> <list> <value>myComponentSecurity</value> </list> </property> <property name="beanNames"> <list> <value>myComponent</value> </list> </property> <property name='proxyTargetClass' value="true"/> </bean>
Security authorizationusingspringsecurity-sathyaraj

Recommended

Mule security - authorization using spring security
Mule security - authorization using spring securityMule security - authorization using spring security
Mule security - authorization using spring securityD.Rajesh Kumar
 
persentation
persentationpersentation
persentationvinaykumarmahla
 
Mule security-jaas
Mule security-jaasMule security-jaas
Mule security-jaasPraneethchampion
 
Mule security - jaas
Mule security - jaasMule security - jaas
Mule security - jaasD.Rajesh Kumar
 
Preventive Maintenance on Operating Systems
Preventive Maintenance on Operating SystemsPreventive Maintenance on Operating Systems
Preventive Maintenance on Operating SystemsMarek Majtan
 
SalemPhilip_ResearchReport
SalemPhilip_ResearchReportSalemPhilip_ResearchReport
SalemPhilip_ResearchReportPhilip Salem
 
Id fiware upm-dit
Id fiware upm-ditId fiware upm-dit
Id fiware upm-ditJoaquín Salvachúa
 
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...Edureka!
 

Recommended

Mule security - authorization using spring security
Mule security - authorization using spring securityMule security - authorization using spring security
Mule security - authorization using spring securityD.Rajesh Kumar
 
persentation
persentationpersentation
persentationvinaykumarmahla
 
Mule security-jaas
Mule security-jaasMule security-jaas
Mule security-jaasPraneethchampion
 
Mule security - jaas
Mule security - jaasMule security - jaas
Mule security - jaasD.Rajesh Kumar
 
Preventive Maintenance on Operating Systems
Preventive Maintenance on Operating SystemsPreventive Maintenance on Operating Systems
Preventive Maintenance on Operating SystemsMarek Majtan
 
SalemPhilip_ResearchReport
SalemPhilip_ResearchReportSalemPhilip_ResearchReport
SalemPhilip_ResearchReportPhilip Salem
 
Id fiware upm-dit
Id fiware upm-ditId fiware upm-dit
Id fiware upm-ditJoaquín Salvachúa
 
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...Edureka!
 
Jean piaget
Jean piagetJean piaget
Jean piagetNaidy Bustos Garcia
 
Պատմիչ Կորյուն
Պատմիչ ԿորյունՊատմիչ Կորյուն
Պատմիչ ԿորյունMark Hovsepyan
 
Colegio nacional nicolas esguerra
Colegio nacional nicolas esguerraColegio nacional nicolas esguerra
Colegio nacional nicolas esguerraDaniel Esteban Serrato Alvarado
 
Dosa besar
Dosa besarDosa besar
Dosa besarhufronafid07
 
Consejos para un periodista de viajes
Consejos para un periodista de viajesConsejos para un periodista de viajes
Consejos para un periodista de viajesMónica Torres
 
Eureka52
Eureka52Eureka52
Eureka52Annette Mense
 
Danii ned
Danii nedDanii ned
Danii nedDanitza Bermudez
 
Nayoon_Sams-Resume
Nayoon_Sams-ResumeNayoon_Sams-Resume
Nayoon_Sams-ResumeNayoon Sams
 
Anderson daniel
Anderson danielAnderson daniel
Anderson danielDaniel Esteban Serrato Alvarado
 
III Jornadas Nacionales de la Farmacia Rural
III Jornadas Nacionales de la Farmacia RuralIII Jornadas Nacionales de la Farmacia Rural
III Jornadas Nacionales de la Farmacia RuralSociedad Española de Farmacia Rural SEFAR
 
Presentaciã³n1[1]
Presentaciã³n1[1]Presentaciã³n1[1]
Presentaciã³n1[1]Danitza Bermudez
 
Nicolas esguerra (4)
Nicolas esguerra (4)Nicolas esguerra (4)
Nicolas esguerra (4)Daniel Esteban Serrato Alvarado
 
Daniela fresco
Daniela frescoDaniela fresco
Daniela frescodaniela fresco
 
Market Analysis: Softs and Grains week ended Nov 11, 2016
Market Analysis: Softs and Grains week ended Nov 11, 2016Market Analysis: Softs and Grains week ended Nov 11, 2016
Market Analysis: Softs and Grains week ended Nov 11, 2016Jose Briz CMT
 
Anderson
AndersonAnderson
AndersonDaniel Esteban Serrato Alvarado
 
Consejos para un periodista de viajes
Consejos para un periodista de viajesConsejos para un periodista de viajes
Consejos para un periodista de viajesMónica Torres
 
Spring Security
Spring SecuritySpring Security
Spring SecuritySumit Gole
 
Web Security Patterns - Jazoon 2010 - Zurich
Web Security Patterns - Jazoon 2010 - ZurichWeb Security Patterns - Jazoon 2010 - Zurich
Web Security Patterns - Jazoon 2010 - Zurichjavagroup2006
 
Spring security4.x
Spring security4.xSpring security4.x
Spring security4.xZeeshan Khan
 
Spring security jwt tutorial toptal
Spring security jwt tutorial toptalSpring security jwt tutorial toptal
Spring security jwt tutorial toptaljbsysatm
 
Developing With JAAS
Developing With JAASDeveloping With JAAS
Developing With JAASrahmed_sct
 
Spring Security Framework
Spring Security FrameworkSpring Security Framework
Spring Security FrameworkJayasree Perilakkalam
 

More Related Content

Viewers also liked

Պատմիչ Կորյուն
Պատմիչ ԿորյունՊատմիչ Կորյուն
Պատմիչ ԿորյունMark Hovsepyan
 
Consejos para un periodista de viajes
Consejos para un periodista de viajesConsejos para un periodista de viajes
Consejos para un periodista de viajesMónica Torres
 
Nayoon_Sams-Resume
Nayoon_Sams-ResumeNayoon_Sams-Resume
Nayoon_Sams-ResumeNayoon Sams
 
Market Analysis: Softs and Grains week ended Nov 11, 2016
Market Analysis: Softs and Grains week ended Nov 11, 2016Market Analysis: Softs and Grains week ended Nov 11, 2016
Market Analysis: Softs and Grains week ended Nov 11, 2016Jose Briz CMT
 
Consejos para un periodista de viajes
Consejos para un periodista de viajesConsejos para un periodista de viajes
Consejos para un periodista de viajesMónica Torres
 

Viewers also liked (16)

Jean piaget
Jean piagetJean piaget
Jean piaget
 
Պատմիչ Կորյուն
Պատմիչ ԿորյունՊատմիչ Կորյուն
Պատմիչ Կորյուն
 
Colegio nacional nicolas esguerra
Colegio nacional nicolas esguerraColegio nacional nicolas esguerra
Colegio nacional nicolas esguerra
 
Dosa besar
Dosa besarDosa besar
Dosa besar
 
Consejos para un periodista de viajes
Consejos para un periodista de viajesConsejos para un periodista de viajes
Consejos para un periodista de viajes
 
Eureka52
Eureka52Eureka52
Eureka52
 
Danii ned
Danii nedDanii ned
Danii ned
 
Nayoon_Sams-Resume
Nayoon_Sams-ResumeNayoon_Sams-Resume
Nayoon_Sams-Resume
 
Anderson daniel
Anderson danielAnderson daniel
Anderson daniel
 
III Jornadas Nacionales de la Farmacia Rural
III Jornadas Nacionales de la Farmacia RuralIII Jornadas Nacionales de la Farmacia Rural
III Jornadas Nacionales de la Farmacia Rural
 
Presentaciã³n1[1]
Presentaciã³n1[1]Presentaciã³n1[1]
Presentaciã³n1[1]
 
Nicolas esguerra (4)
Nicolas esguerra (4)Nicolas esguerra (4)
Nicolas esguerra (4)
 
Daniela fresco
Daniela frescoDaniela fresco
Daniela fresco
 
Market Analysis: Softs and Grains week ended Nov 11, 2016
Market Analysis: Softs and Grains week ended Nov 11, 2016Market Analysis: Softs and Grains week ended Nov 11, 2016
Market Analysis: Softs and Grains week ended Nov 11, 2016
 
Anderson
AndersonAnderson
Anderson
 
Consejos para un periodista de viajes
Consejos para un periodista de viajesConsejos para un periodista de viajes
Consejos para un periodista de viajes
 

Similar to Security authorizationusingspringsecurity-sathyaraj

Spring Security
Spring SecuritySpring Security
Spring SecuritySumit Gole
 
Web Security Patterns - Jazoon 2010 - Zurich
Web Security Patterns - Jazoon 2010 - ZurichWeb Security Patterns - Jazoon 2010 - Zurich
Web Security Patterns - Jazoon 2010 - Zurichjavagroup2006
 
Spring security4.x
Spring security4.xSpring security4.x
Spring security4.xZeeshan Khan
 
Spring security jwt tutorial toptal
Spring security jwt tutorial toptalSpring security jwt tutorial toptal
Spring security jwt tutorial toptaljbsysatm
 
Developing With JAAS
Developing With JAASDeveloping With JAAS
Developing With JAASrahmed_sct
 
Mule security jaas
Mule security jaasMule security jaas
Mule security jaasKhasim Saheb
 
Mule security jaas
Mule security jaasMule security jaas
Mule security jaasPhaniu
 
Mule security jaas
Mule security jaasMule security jaas
Mule security jaasPhaniu
 
Mule security - jaas
Mule security - jaasMule security - jaas
Mule security - jaascharan teja R
 
Mule security jaas
Mule security jaasMule security jaas
Mule security jaasAnand kalla
 
Mule security jaas
Mule security jaasMule security jaas
Mule security jaasirfan1008
 
Mule security - jaas
Mule security - jaasMule security - jaas
Mule security - jaashimajareddys
 
Azure Security Best Practises for Enterprises
Azure Security Best Practises for EnterprisesAzure Security Best Practises for Enterprises
Azure Security Best Practises for EnterprisesNuvento Systems Pvt Ltd
 
Data protection api's in asp dot net
Data protection api's in asp dot netData protection api's in asp dot net
Data protection api's in asp dot netsonia merchant
 

Similar to Security authorizationusingspringsecurity-sathyaraj (20)

Spring Security
Spring SecuritySpring Security
Spring Security
 
Web Security Patterns - Jazoon 2010 - Zurich
Web Security Patterns - Jazoon 2010 - ZurichWeb Security Patterns - Jazoon 2010 - Zurich
Web Security Patterns - Jazoon 2010 - Zurich
 
Spring security4.x
Spring security4.xSpring security4.x
Spring security4.x
 
Spring security jwt tutorial toptal
Spring security jwt tutorial toptalSpring security jwt tutorial toptal
Spring security jwt tutorial toptal
 
Developing With JAAS
Developing With JAASDeveloping With JAAS
Developing With JAAS
 
Spring Security Framework
Spring Security FrameworkSpring Security Framework
Spring Security Framework
 
Mule security jaas
Mule security jaasMule security jaas
Mule security jaas
 
Mule security - jaas
Mule security - jaasMule security - jaas
Mule security - jaas
 
Mule security jaas
Mule security jaasMule security jaas
Mule security jaas
 
Mule security jaas
Mule security jaasMule security jaas
Mule security jaas
 
Mule security jaas
Mule security jaasMule security jaas
Mule security jaas
 
Mule security - jaas
Mule security - jaasMule security - jaas
Mule security - jaas
 
Mule security jaas
Mule security jaasMule security jaas
Mule security jaas
 
Mule security jaas
Mule security jaasMule security jaas
Mule security jaas
 
Mule security - jaas
Mule security - jaasMule security - jaas
Mule security - jaas
 
Azure Security Best Practises for Enterprises
Azure Security Best Practises for EnterprisesAzure Security Best Practises for Enterprises
Azure Security Best Practises for Enterprises
 
Java EE Services
Java EE ServicesJava EE Services
Java EE Services
 
MULE-JAAS
MULE-JAASMULE-JAAS
MULE-JAAS
 
Web security
Web securityWeb security
Web security
 
Data protection api's in asp dot net
Data protection api's in asp dot netData protection api's in asp dot net
Data protection api's in asp dot net
 

More from sathyaraj Anand

Mule message processor or routers
Mule message processor or routersMule message processor or routers
Mule message processor or routerssathyaraj Anand
 
Mule cloudhubconsoleoverview-sathyaraj
Mule cloudhubconsoleoverview-sathyarajMule cloudhubconsoleoverview-sathyaraj
Mule cloudhubconsoleoverview-sathyarajsathyaraj Anand
 
Security springsecuritymanager-sathyaraj
Security springsecuritymanager-sathyarajSecurity springsecuritymanager-sathyaraj
Security springsecuritymanager-sathyarajsathyaraj Anand
 
Mule expression language
Mule expression languageMule expression language
Mule expression languagesathyaraj Anand
 

More from sathyaraj Anand (8)

Mule message processor or routers
Mule message processor or routersMule message processor or routers
Mule message processor or routers
 
Mule cloudhubconsoleoverview-sathyaraj
Mule cloudhubconsoleoverview-sathyarajMule cloudhubconsoleoverview-sathyaraj
Mule cloudhubconsoleoverview-sathyaraj
 
Security springsecuritymanager-sathyaraj
Security springsecuritymanager-sathyarajSecurity springsecuritymanager-sathyaraj
Security springsecuritymanager-sathyaraj
 
Mule esb
Mule esbMule esb
Mule esb
 
Rest web services
Rest web servicesRest web services
Rest web services
 
Mule esb mule message
Mule esb mule messageMule esb mule message
Mule esb mule message
 
Mule filters
Mule filtersMule filters
Mule filters
 
Mule expression language
Mule expression languageMule expression language
Mule expression language
 

Recently uploaded

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 

Recently uploaded (20)

DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 

Security authorizationusingspringsecurity-sathyaraj

  • 2. 2 Component Authorization Using Spring Security This page describes how you can configure method-level authorization using Spring Security on your components so that users with different roles can only invoke certain methods.
  • 3. 3 Securing Flow Components To secure MethodInvocations, you must add a properly configured MethodSecurityInterceptor into the application context. The beans requiring security are chained into the interceptor. This chaining is accomplished using Spring’s ProxyFactoryBean or BeanNameAutoProxyCreator. Alternatively, Spring Security provides a MethodDefinitionSourceAdvisor, which you can use with Spring’s DefaultAdvisorAutoProxyCreator to automatically chain the security interceptor in front of any beans defined against the MethodSecurityInterceptor.
  • 4. 4 In addition to the daoAuthenticationProvider and inMemoryDaoImpl beans (see Configuring Security), the following beans must be configured: MethodSecurityInterceptor AuthenticationManager AccessDecisionManager AutoProxyCreator RoleVoter
  • 5. 5 The MethodSecurityInterceptor The MethodSecurityInterceptor is configured with a reference to the following: AuthenticationManager AccessDecisionManager
  • 6. 6 Following is a security interceptor for intercepting calls made to the methods of a component myComponent, which defines two methods: delete and writeSomething. Roles are set on these methods as seen below in the property securityMetadataSource. <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mule="http://www.mulesource.org/schema/mule/core" xmlns:mule-ss="http://www.mulesource.org/schema/mule/spring-security" ...cut... <bean id="myComponentSecurity" class="org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor"> <property name="authenticationManager" ref="authenticationManager"/> <property name="accessDecisionManager" ref="accessDecisionManager"/> <property name="securityMetadataSource"> <value> com.foo.myComponent.delete=ROLE_ADMIN com.foo.myComponent.writeSomething=ROLE_ANONYMOUS </value> </property> </bean>
  • 7. 7 The AuthenticationManager This bean is responsible for passing requests through a chain of AuthenticationProvider objects. <bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager"> <property name= "providers"> <list> <ref local="daoAuthenticationProvider"/> </list> </property> </bean>
  • 8. 8 The AccessDecisionManager This bean specifies that a user can access the protected methods if they have any one of the roles specified in the securityMetadataSource. <bean id="accessDecisionManager" class='org.springframework.security.access.vote.AffirmativeBased'> <property name="decisionVoters"> <list> <ref bean="roleVoter"/> </list> </property> </bean>
  • 9. 9 The AutoProxyCreator This bean defines a proxy for the protected bean. When an application asks Spring for a myComponent bean, it will get this proxy instead. <bean id="autoProxyCreator" class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator"> <property name="interceptorNames"> <list> <value>myComponentSecurity</value> </list> </property> <property name="beanNames"> <list> <value>myComponent</value> </list> </property> <property name='proxyTargetClass' value="true"/> </bean>