O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Spring Security Patterns

SpringOne 2020
Spring Security Patterns

Josh Cummings, Software Engineer at VMware
Eleftheria Stein, Software Engineer at VMware

  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

Spring Security Patterns

  1. 1. Spring Security Patterns September 2–3, 2020 springone.io Ria Stein – Spring Security Maintainer Josh Cummings – Spring Security Maintainer – @jzheaux
  2. 2. Secure by Default PG application.properties App H2 App App H2 application-prod.properties PG App application.properties application-dev.properties
  3. 3. Principle of Least Privilege Username: Forgot Password jzheaux OK Sorry, we don’t recognize that username Username: Forgot Password jzheaux OK If that username exists, we’ve just sent an email
  4. 4. Request Thread Local try { SecurityContext ctx = lookup(request); SecurityContextHolder.setContext(ctx); chain.doFilter(request, response); } finally { SecurityContextHolder.clearContext() } public void serviceLayerMethod() { var ctx = SecurityContextHolder.getContext(); } Stores data in a ThreadLocal so only visible to this thread Clears data so ThreadLocal can be used for next request Now data can be retrieved at the service layer ForReactiveapps,use theReactorContext insteadofThreadLocals
  5. 5. Composition registration.html <div class=“registration-banner”> <button class=“registration-button”> Register Now </button> </div> <div> <span>Welcome to our talk!</span> <registration/> </div> homepage.html
  6. 6. Stay Connected. And be secure. https://github.com/spring-projects/spring-security https://github.com/jzheaux/springone2020 #springone@s1p

×