Security Annotation Framework

Security Annotation Framework

Instance-based Security with the Security Annotation Framework (SAF) ICW Developer Conference Martin Krasser / 07.05.2008 Martin Krasser Software Architect @ Professional Gate Focus - Application Security - Application Integration Platforms - Application Integration Solutions

- Research & Development 07.05.2008 ICW Developer Conference Agenda Introduction Architecture Code Examples Outlook

Live Demo 07.05.2008 ICW Developer Conference Overview Open Source Security Project @ - Instance-level access control - Attribute-level encryption Driven by Java 5 Annotations - @Secure and @Filter annotations to enforce access decisions - @Encrypt annotation to trigger encryption/decryption operations Framework with provider interfaces (SPI) for - Authorization Providers

- Encryption Providers - Reference implementations available 07.05.2008 ICW Developer Conference Motivations Java EE doesnt provide instance-level access control mechanisms - Access decisions and policy definitions in Java EE only based on static application properties (methods, ...) - Instance-level access control is additionally based on runtime application properties (domain object state, ...) Encryption mechanisms decoupled from data storage/binding mechanisms - No Hibernate-specific encryption interceptors ... - No JAXB-specific marshal/unmarshal listeners ... Avoid complex configurations

- No need to deal with Spring/AspectJ AOP details - Place security interceptors using annotations Support for pluggable authorization and crypto providers - Access control and encryption logic provided by plugins/providers - Different applications have significantly different access control and encryption requirements 07.05.2008 ICW Developer Conference History SAF initially developed as part of the eHF - Open source since March 2007 -

Refactoring of complex Spring/AspectJ AOP configurations Apache 2.0 License Three releases so far - Latest release is 0.8.2 (production-stable) - Current development on 0.9-SNAPSHOT 07.05.2008 ICW Developer Conference SAF Access Control Architecture Security Interceptor Requestor

Domain Object SAF Core AccessManager Authorization Provider SAF JAAS Spring Security ... Security Interceptor (Policy Enforcement Point) - Implemented by annotating domain objects, methods and method parameters Authorization Providers (Policy Decision Point) - Makes access decisions based on class instances - Reference implementation based on JAAS extensions

07.05.2008 ICW Developer Conference SAF Crypto Architecture Crypto Interceptor Requestor Instance Attribute SAF Core CryptoProvider Crypto Provider Crypto Interceptor -

Implemented by annotating instance attributes Crypto Service Provider - Runs encrypt/decrypt operations - Reference implementation coming soon 07.05.2008 ICW Developer Conference SAF Crypto ... Code Example Access Control 07.05.2008 ICW Developer Conference

Code Example Attribute Encryption BUT: No crypto operations for access via reflection Hibernate can be configured for reflective access (field access) - Encrypted storage of attribute values in databases JAXB2 can be configured for reflective access (field access) - XML binding of encrypted attribute values 07.05.2008 ICW Developer Conference Configuration Spring 2.5 Application Context Provider Implementations loads 07.05.2008 ICW Developer Conference

Behind the Scenes Client Spring AOP RT Spring AOP Proxy Method Interceptor AspectJ CT Enhanced Bytecode AspectJ Advice Domain Object Application

Service SAF Spring Bean Infrastructure RT Created at runtime CT Created at compile time 07.05.2008 ICW Developer Conference Access Manager Crypto Provider

Outlook 1.0 Release Crypto provider reference implementation AspectJ load-time weaving AspectJ 1.6 upgrade - Support for parameter-level annotations

OSGi support - Make SAF components OSGi compliant bundles - OSGi sample application using SAF components Security annotations on - Static domain object methods - Constructors Documentation extensions - Document new features, more examples -

Translate Java Magazin article to English Acegi authorization provider integration (optional) 07.05.2008 ICW Developer Conference Resources Project Site - Web Site -

Article - 07.05.2008 Instanz-basierte Zugriffskontrolle, Java Magazin 7.2007 ICW Developer Conference Live Demo Notebook web application 07.05.2008 ICW Developer Conference Thank you for your attention! [email protected]

Recently Viewed Presentations

  • Combinatorial Chemistry in Durham - InnovaSyn

    Combinatorial Chemistry in Durham - InnovaSyn

    Speed Of course there are all the speed things like "speed to clinic", "speed to market", fail fast But the need for speed really came from the greatly enhanced speed of screening compounds Economics Economics is driving the speed craze...
  • Neonatal Non-Invasive Respiratory Support: Overview and ...

    Neonatal Non-Invasive Respiratory Support: Overview and ...

    (Pillow et al, Am J . Crit. Care Med 2007) ... (Owen et al, Arch Dis Child Fetal Neonat Ed. 2010 ) Is variable pressure delivery favorable to lung function? Is apnea Improved through cyclic receptor stimulation? Synchronization may improve...
  • Слайд 1 -

    Слайд 1 -

    Чашук О.Ф., вчитель інформатики ЗОШ№23, Луцьк. Захоплення аудіо та відео, створення
  • 8th Grade Artist Research Project - Amazon Web Services

    8th Grade Artist Research Project - Amazon Web Services

    Times MS Pゴシック Arial Calibri Blank Presentation 8th Grade Artist Research Project Andy Warhol Faith Ringgold Jacob Lawrence Georgia O'Keeffe Pablo Picasso Jim Dine Vincent Van Gogh Georges Seurat Chuck Close Edgar Degas Andy Goldsworthy Guiseppe Arcimboldo Piet Mondrian Peter...
  • Los Mandatos - Quia

    Los Mandatos - Quia

    Commands in Spanish Three Types of Commands Informal (tú) you Formal (Ud.) you Plural (Formal) (Uds.) all of you Informal Commands Mandatos Informales To form affirmative* informal commands: Use the "he" (él) form of the present tense verb.
  • Apostrophe to the Ocean - Weebly

    Apostrophe to the Ocean - Weebly

    In addition to numerous dogs and horses, Byron kept a fox, four monkeys, a parrot, five cats, an eagle, a crow, a crocodile falcon, five peacocks, two guinea hens, an Egyptian crane, a badger, three geese, a heron, and a...
  • Deliberatre Hypotension

    Deliberatre Hypotension

    Indirect : Trimethaphan(Intravenous infusion, 3 to 4 mg per minute) 3.Cardiac depressants : GA inh. Agents, β blockers, CCBs. By simple method . Decrease systolic to preop diastolic to a maximum . i.e. Preop BP : 130/85 mmHg.
  • The Digestive System - Ms. Trimble's Website

    The Digestive System - Ms. Trimble's Website

    Introduction to the Digestive System. Digestion takes place within a tube called the digestive tract, which begins with the mouth and ends with the anus. The function of the digestive system is to ingest food, digest the nutrients that can...