WAM and the Java Stack

WAM and the Java Stack

Disclaimer • This is a training NOT a presentation. • Be prepared to learn and participate in labs • Please ask questions • Prerequisites: • Basic Java knowledge • Basic Spring knowledge • LDS Account Integration Training – Part 1

Outline • Spring Security and Authorization • WAM (Web Access Management) • WAM integration w/o Spring Security • WAM integration w/ Spring Security

Review • Authentication vs. Authorization • Previously discussed authentication with Spring Security • Now focus on authorization with Spring Security

Authorization with Spring Security • http://static.springsource.org/spring-security/site/features.html • Comprehensive Authorization Services • HTTP requests authorization (securing urls) • @PreAuthorizeannotation

Protecting Urls • Example of protecting urls <sec:http security="none" pattern="/errors/accessDenied*"/> <sec:http> <sec:intercept-url access="hasRole('ROLE_ADMIN')" pattern="/secure/**" /> <sec:intercept-url access="isAuthenticated()" pattern="**" /> <sec:access-denied-handler error-page="/errors/accessDenied" /> </sec:http>

???? • Fine grained authorization <%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %> <sec:authorize access="hasRole(‘ROLE_CHICKEN')"> Content only visible to users who have the “chicken" authority in their list of GrantedAuthority(s). </sec:authorize> <sec:authorizeurl="/chicken"> Content only visible to users authorized to send requests to the "/chicken" URL. </sec:authorize>

@PreAuthorize annotation • Scanning enabled with following element: • Some examples: <sec:global-method-security pre-post-annotations="enabled"/> @PreAuthorize("hasRole('ROLE_ADMIN')") public void create(User newUser); @PreAuthorize("#user.username == authentication.username") public void doSomething(User user);

<lds-account:authorities-populators > </lds-account:authorities-populators>

Authorities Populators • http://code.lds.org/maven-sites/stack/module.html?module=lds-account/stack-lds-account-spring/index.html#Authorities_Populators • Example <lds-account:authorities-populatorsinclude-defaults="false"> <lds-account:member/> <lds-account:workforce/> <lds-account:role name="ROLE_USER" /> <lds-account:custom ref="customAuthoritiesPopulator"/> </lds-account:authorities-populators> TODO: show example of specifying on a authentication element

Demo

WAM (Web Access Management)

What is WAM? • WAM stands for Web Access Management • Authentication • Authentication management • Single Sign-on • Authorization • Url (course-grained) • Entitlements (fine-grained)

Architectural Overview of WAM

Injected Headers • WAM injected headers: • https://tech.lds.org/wiki/SSO_Injected_Headers • How the headers map with LDS Account (LDAP) attributes: • https://ldsteams.ldschurch.org/sites/wam/Implementation%20Details/HTTP%20Headers.aspx • Required headers • policy-ldsaccountid • policy-cn

Wamulator • For complete documentation: • http://tech.lds.org/wiki/WAMulator • WAM Maven plugin provided to start/stop the wamulator

Demo

Stack / WAM integration w/o Spring Security • code.lds.org/maven-sites/stack/module.html?module=lds-account/stack-lds-account-wam/index.html#Configuration <filter> <filter-name>wamContextFilter</filter-name> <filter-class>org.lds.stack.wam.filter.WamContextFilter</filter-class> </filter> <filter-mapping> <filter-name>wamContextFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>

WamContext • Accessed with: • WamContexts consists of 3 main parts: • LdsAccountDetails object • WamRequestProvider • EntitlementService WamContextHolder.getWamContext(); WamContextHolder.getWamContext().getLdsAccountDetails().getPreferredName(); WamContextHolder.getWamContext().getWamRequestProvider ().getCookieHeader(); WamContextHolder.getWamContext().getEntitlementService()….

Demo

Lab 1 https://tech.lds.org/wiki/WAM_Integration_-_Part_1#Lab_1

WAM and Spring Security

Why WAM and Spring Security? • Spring Security provides • Full featured authorization system • Abstraction to authentication and authorization • Allows for complex fallback authentication systems • Facilitates proxy support

WAM Spring Security Integration • Integration point <lds-account:wam> <intercept url TODO … </lds-acount:wam> <sec:authentication-manager> <sec:authentication-provider ref="ldsAccountAuthenticationProvider" /> </sec:authentication-manager>

Demo

Spring Security and WAM authorization • Spring provides programming tools • Full featured EL capabilities • Convenient annotations • Management central to the application

Spring Security EntryPoint • Simplifies WAM configuration / management • Utilizes WAM for authentication • User details injected if authenticated • Allows course grained authorization to be managed within the application

Spring Integration

Demo

Lab 2 https://tech.lds.org/wiki/WAM_Integration_-_Part_1#Lab_2

Conclusion • LDS Account rocks! • The Java Stack integration with LDS Account and Spring Security rocks!

Credit Where Credit is Due • http:// http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html • Spring Security 3 – by Peter Mularien • http://en.wikipedia.org/wiki/

WAM and the Java Stack

WAM and the Java Stack

Presentation Transcript

Procedures and the Stack

WAM and the Java Stack

The Stack and Procedures

LDS Account and the Java Stack

Functional Testing with the Java Stack Test Runner

The Stack

The Stack and Subroutines

The Stack and Procedures

Procedures and the Stack

Java Stack 4

Functional Testing with the Java Stack Test Runner

WAM CAMBODGE

Hire Full Stack Java Developer - Full Stack Java Development

STACK and Stack Pointer

Java Bluetooth stack

Hire Full Stack Java Developer - best Full Stack Java Development

Top full stack java web developer - Full Stack Java Development

Learning Elf | Java full stack training in Bangalore | Java full stack training

Hire Full Stack Java Developer - Full Stack Java Development