instant security and scalable user management in spring boot
Post on 14-Apr-2017
329 Views
Preview:
TRANSCRIPT
@lhazlewood | @goStormpath#springone
Instant Security& Scalable User Management
with Spring Boot
Les Hazlewood @lhazlewoodApache Shiro Project Chair
CTO, Stormpath stormpath.com
SpringOne 2016
@lhazlewood | @goStormpath#springone
.com• User Management and Authentication API• Security for your applications• User security workflows• Security best practices• Developer tools, SDKs, libraries
@lhazlewood | @goStormpath#springone
Spring Security• Authentication• Authorization• Enforcement• No user management
@lhazlewood | @goStormpath#springone
You’re on the hook for:• Data store integration• Data modeling• HTML pages• CSRF view support• Email verification• Forgot password• Oauth2 / Social setup• SAML coordination
• Crypto choices• Multi-‐factor auth• Scale / growth• SaaS Multi-‐Tenancy• Mobile auth strategy• Microservice auth• Best practices• ...etc...
@lhazlewood | @goStormpath#springone
And legacy migration?
Legacy Users LDAP/ADNew
Users
Your Application
@lhazlewood | @goStormpath#springone
And Social?
Legacy Users LDAP/AD Google
Apps Facebook GitHubNew Users
Your Application
@lhazlewood | @goStormpath#springone
And SSO/SAML?
Legacy Users LDAP/AD Google
Apps Facebook GitHubNew Users
Your Application
PingOkta
Azure ADFS
Oracle SSO
SiteMinderLinkedIn
OneLogin
@lhazlewood | @goStormpath#springone
And Multi-‐Tenant / SaaS ?
Legacy Users LDAP/AD Google
Apps Facebook GitHubNew Users
Your Application
PingOkta
Azure ADFS
Oracle SSO SiteMinder LinkedIn
OneLogin
Customer A
Customer CCustomer F
Customer B
Customer D Customer E
Customer G
@lhazlewood | @goStormpath#springone
Stormpath takes you from this...
Legacy Users LDAP/AD Google
Apps Facebook GitHubNew Users
Your Application
PingOkta
Azure ADFS
Oracle SSO SiteMinder LinkedIn
OneLogin
Customer A
Customer CCustomer F
Customer B
Customer D Customer E
Customer G
@lhazlewood | @goStormpath#springone
To this...Your
ApplicationYour
ApplicationYour
ApplicationYour
Application...
@lhazlewood | @goStormpath#springone
But much more than a backend• Application SDKs• Framework Integrations• Best practices
@lhazlewood | @goStormpath#springone
Application
Servlet Filters
How does it work?Spring Security Stormpath MVC
Stormpath SDK
...
@lhazlewood | @goStormpath#springone
Stormpath works hard for you• Java SDK 1.0.0 released TODAY!• SDK + Integration Effort: ~ 8 man years• Extreme customizability• Automatic defaults• Often no code required
top related