Acegi Security. What is Acegi Security Key features Conclusion Examples in reality References. Aureliusz Rempala Emily Brand Fan Wang

Size: px
Start display at page:

Download "Acegi Security. What is Acegi Security Key features Conclusion Examples in reality References. Aureliusz Rempala Emily Brand Fan Wang"

Transcription

1 What is Acegi Security Key features Conclusion Examples in reality References Aureliusz Rempala Emily Brand Fan Wang

2 - What is Acegi Security? Provides o advanced authentication o advanced authorization o and other features for enterprise application built using the Spring Framework It is an official Spring Sub-Project Commercial support and training available from interface21. Authentication Procedure 1. Check if resource is secure 2. Check if the user has been authenticated 3. Check if authenticated user is authorized 4. Serve the requested resource

3 - Authentication Overview Authentication mechanism key participants: o ExceptionTranslationFilter Detects any Acegi Security exceptions that are thrown o AuthenticationEntryPoint When the user is not authenticated, it sends back a response indicating that s/he must authenticate. o authentication mechanism collects authentication details from a user agent (usually a web browser), builds "Authentication request" object from the collected data, presents the Authentication object to an AuthenticationProvider. o AuthenticationProvider obtains UserDetail object from the UserDetailsService validates the content of the Authentication object against UserDetail object puts the Authentication object is put in the SecurityContextHolder if authentication is successful.

4 - Key features (cont.) Acegi performs HTTP session authentication through the use of a servlet filter: Web.xml: <filter> <filter-name>acegi Authentication Processing Filter</filter-name> <filter-class>net.sf.acegisecurity.util.filtertobeanproxy </filter-class> <init-param> <param-name>targetclass</param-name> <param-value> net.sf.acegisecurity.ui.webapp.authenticationprocessingfilter </param-value> </init-param> </filter> <filter-mapping> <filter-name>acegi Authentication Processing Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> How and when authentication takes place is decided by the content of the applicationcontext.xml

5 - securitycontext.xml FilterChainProxy o all of the requests pass through this bean o defines a cascade of filters o allows to define a different set of filters for different URL o the order of the filters is important. Sample FilterChainProxy bean: <bean id="filterchainproxy" class="org.acegisecurity.util.filterchainproxy"> <property name="filterinvocationdefinitionsource"> <value><![cdata[convert_url_to_lowercase_before_comparison PATTERN_TYPE_APACHE_ANT /**=httpsessioncontextintegrationfilter,logoutfilter,authenticatio nprocessingfilter, basicprocessingfilter, securitycontextholderawarerequestfilter, remembermeprocessingfilter, anonymousprocessingfilter, exceptiontranslationfilter, filterinvocationinterceptor]]></value> </property>

6 - Commonly Used Filters HttpSessionContextIntegrationFilter: o keeps the contents of the SecurityContext between HTTP requests. AuthenticationProcessingFilter: o Form based authentications (JSP for ex) BasicProcessingFilter: o BASIC HTTP header-based authentication (WebServices) RememberMeProcessingFilter: o cookie that enables remember-me services AnonymousProcessingFilter: o allows anonymous access FilterSecurityInterceptor: o protects web URIs

7 - Filters (a closer look) HttpSessionContextIntegrationFilter <bean id="httpsessioncontextintegrationfilter" class="org.acegisecurity.context.httpsessioncontextintegrationfilter"> AuthenticationProcessingFilter: <bean id="authenticationprocessingfilter class="org.acegisecurity.ui.webapp.authenticationprocessingfilter"> <property name="authenticationmanager" ref="authenticationmanager"/> <property name="authenticationfailureurl" value="/acegilogin.jsp?login_error=1"/> <property name="defaulttargeturl" value="/"/> <property name="filterprocessesurl" value="/j_acegi_security_check"/> <property name="remembermeservices" ref="remembermeservices"/> BasicProcessingFilter: <bean id="basicprocessingfilter" class="org.acegisecurity.ui.basicauth.basicprocessingfilter"> <property name="authenticationmanager"><ref local="authenticationmanager"/></property> <property name="authenticationentrypoint"><ref local="basicprocessingfilterentrypoint"/></property>

8 - Filters (a closer look) RememberMeProcessingFilter: <bean id="remembermeprocessingfilter" class="org.acegisecurity.ui.rememberme.remembermeprocessingfilter"> <property name="authenticationmanager"><ref local="authenticationmanager"/></property> <property name="remembermeservices"><ref local="remembermeservices"/></property> <bean id="remembermeservices" class="org.acegisecurity.ui.rememberme.tokenbasedremembermeservices "> <property name="userdetailsservice" ref="userdetailsservice"/> <property name="key" value="changethis"/> AnonymousProcessingFilter: <bean id="anonymousprocessingfilter" class="org.acegisecurity.providers.anonymous.anonymousprocessingfil ter"> <property name="key" value="changethis"/> <property name="userattribute" value="anonymoususer,role_anonymous"/>

9 - Filters (a closer look) FilterSecurityInterceptor: o Allows to incorporate all kinds of managers that will participate in the authentication/authorization process. o More specific URLs should be listed at the top <bean id="filterinvocationinterceptor" class="org.acegisecurity.intercept.web.filtersecurityinterceptor"> <property name="authenticationmanager"> <ref bean="authenticationmanager"/> </property> <property name="accessdecisionmanager"> <ref local="httprequestaccessdecisionmanager"/> </property> <property name="objectdefinitionsource"> <value><![cdata[convert_url_to_lowercase_before_comparison PATTERN_TYPE_APACHE_ANT /index.jsp=role_anonymous,role_user /switchuser.jsp=role_supervisor /acegilogin.jsp*=role_anonymous,role_user /**=ROLE_USER]]> </value> </property>

10 - Authentication Manager AuthenticationManager is responsible for passing requests through a chain of AuthenticationProviders, and it might be configured in a following way: <bean id="authenticationmanager" class="org.acegisecurity.providers.providermanager"> <property name="providers"> <list> <ref local="daoauthenticationprovider"/> <ref local="anonymousauthenticationprovider"/> <ref local="remembermeauthenticationprovider"/> </list> </property>

11 - Authentication Provider AuthenticationProvider points to the location where principal information such as usernames,passwords, and access rights are stored. <bean id="daoauthenticationprovider" class="org.acegisecurity.providers.dao.daoauthenticationprovider"> <property name="userdetailsservice" ref="userdetailsservice"/> <!-- UserDetailsService is the most commonly frequently Acegi Security interface implemented by end users --> <bean id="userdetailsservice" class="org.acegisecurity.userdetails.memory.inmemorydaoimpl"> <property name="userproperties"> <bean class="org.springframework.beans.factory.config.propertiesfactorybe an"> <property name="location" value="/web-inf/users.properties"/>

12 - Key features (cont.) Authentication Provider (Easy to understand, configure, and demonstrate) o ProviderManager Most popular implementation a wrapper around a list of one or more Authentication Providers provided to the class Authenticate method of the AuthenticationManager delegates to that specific provider Wrapper class cycles through the list of providers until it locate a compatible one. o Recommendation for Developers Developers should examine providers to determine the one that suits their needs best

13 - Key features Authorization - Security Interception o key to protecting resources under Acegi o Prior to access to the resource and interception determines whether or not the resource should be protected o Traces the chain of authorization to receive access to a protected resource o Assuming the user is authenticated, it delegates to an implementation of the AccessDecisionManager receives key parameters such as the authenticated Authentication object resource properties, among others. The final decision for access is left in the hands of the AccessDecisionManager.

14 - Key features (cont.) AccessDecisionManager o tallies votes ConsensusBased grants or denies access based upon the consensus of nonabstain votes UnanimousBased requires unanimous consent in order to grant access but does ignore abstains AffirmativeBased grants access if at least one access granted is received while deny votes are disregarded.

15 - Key features (cont.) Configure the authorization system starting with the RoleVoter and UnanimousBased : applicationcontext.xml: <bean id="rolevoter" class="net.sf.acegisecurity.vote.rolevoter"/> <bean id="accessdecisionmanager" class="net.sf.acegisecurity.vote.unanimousbased"> <property name="allowifallabstaindecisions"> <value>false</value> </property> <property name="decisionvoters"> <list> <ref local="rolevoter"/> </list> </property>

16 Future Will be promoted to be an official part of the Spring Framework o New name Spring Security o In version 2M1 Spring Security 2 will offer o considerably simplified configuration o Windows NTLM authentication o a user management API o persistence-backed remember-me services o hierarchical roles o Spring LdapTemplate support o considerable ACL enhancements o portlet support o and much more.

17 - References entationid=9249&showid=147

Spring Security 3. http://www.springsource.com/download/community?project=spring%20security

Spring Security 3. http://www.springsource.com/download/community?project=spring%20security Spring Security 3 1. Introduction http://www.springsource.com/download/community?project=spring%20security 2. Security Namespace Configuration Web.xml configuration: springsecurityfilterchain

More information

A (re)introduction to Spring Security

A (re)introduction to Spring Security A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security Introducing Spring Security View layer security What s coming in Spring Security 3 Before Spring Security There was...

More information

Reference Documentation

Reference Documentation Reference Documentation 1.0.0 RC 1 Copyright (c) 2004 - Ben Alex Table of Contents Preface... iv 1. Security... 1 1.1. Before You Begin... 1 1.2. Introduction... 1 1.2.1. Current Status... 1 1.3. High

More information

Pierce County IT Department GIS Division Xuejin Ruan Dan King

Pierce County IT Department GIS Division Xuejin Ruan Dan King Pierce County IT Department GIS Division Xuejin Ruan Dan King Web Application Work Flow Main Topics Authentication Authorization Session Management * Concurrent Session Management * Session Timeout Single

More information

Spring Security. Reference Documentation. 2.0.x. Copyright 2005-2007

Spring Security. Reference Documentation. 2.0.x. Copyright 2005-2007 Spring Security Reference Documentation 2.0.x Copyright 2005-2007 Preface... vi I. Getting Started... 1 1. Introduction... 2 1.1. What is Spring Security?... 2 1.2. History... 3 1.3. Release Numbering...

More information

Welcome to Spring Forward 2006. www.springforward2006.com September 26, 2006 Penn State Great Valley

Welcome to Spring Forward 2006. www.springforward2006.com September 26, 2006 Penn State Great Valley Welcome to Spring Forward 2006 Securing Your Applications with CAS and Acegi Dmitriy Kopylenko Application Developer Architecture & Framework Rutgers University Scott Battaglia Application Developer Enterprise

More information

Java Enterprise Security. Stijn Van den Enden s.vandenenden@aca-it.be

Java Enterprise Security. Stijn Van den Enden s.vandenenden@aca-it.be Java Enterprise Security Stijn Van den Enden s.vandenenden@aca-it.be Agenda Java EE introduction Web module security EJB module security Runtime configuration Other security aspects Spring Security JBoss

More information

entries_inheriting, 208

entries_inheriting, 208 Index A AbstractSecurityInterceptor, 31 AbstractSecurityInterceptor s beforeinvocation method, 122 Access Control Entry (ACE), 207 Access control lists (ACLs) accessing secured objects AclEntryVoter(s),

More information

<Insert Picture Here> Hudson Security Architecture. Winston Prakash. Click to edit Master subtitle style

<Insert Picture Here> Hudson Security Architecture. Winston Prakash. Click to edit Master subtitle style Hudson Security Architecture Click to edit Master subtitle style Winston Prakash Hudson Security Architecture Hudson provides a security mechanism which allows Hudson Administrators

More information

Space Details. Available Pages. BI Server Documentation - Latest. Description:

Space Details. Available Pages. BI Server Documentation - Latest. Description: Space Details Key: Name: Description: PentahoDoc BI Server Documentation - Latest Latest version of the Pentaho BI Server Creator (Creation Date): admin (Nov 15, 2006) Last Modifier (Mod. Date): admin

More information

Spring Security 3. rpafktl Pen source. intruders with this easy to follow practical guide. Secure your web applications against malicious

Spring Security 3. rpafktl Pen source. intruders with this easy to follow practical guide. Secure your web applications against malicious Spring Security 3 Secure your web applications against malicious intruders with this easy to follow practical guide Peter Mularien rpafktl Pen source cfb II nv.iv I I community experience distilled

More information

SSO Plugin. Authentication service for HP, Kinetic, Jasper, SAP and CA products. J System Solutions. JSS SSO Plugin Authentication service

SSO Plugin. Authentication service for HP, Kinetic, Jasper, SAP and CA products. J System Solutions. JSS SSO Plugin Authentication service SSO Plugin Authentication service for HP, Kinetic, Jasper, SAP and CA products J System Solutions http://www.javasystemsolutions.com Version 3.6 Introduction... 4 Implementing SSO... 5 Copying the SSO

More information

Advanced OpenEdge REST/Mobile Security

Advanced OpenEdge REST/Mobile Security Advanced OpenEdge REST/Mobile Security Securing your OpenEdge Web applications Michael Jacobs August 2013 Legal Disclaimer The contents of these materials are confidential information of Progress Software

More information

Securing RESTful Web Services Using Spring and OAuth 2.0

Securing RESTful Web Services Using Spring and OAuth 2.0 Securing RESTful Web Services Using Spring and OAuth 2.0 1.0 EXECUTIVE SUMMARY While the market is hugely 1 accepting REST based architectures due to their light weight nature, there is a strong need to

More information

Ehcache Web Cache User Guide. Version 2.9

Ehcache Web Cache User Guide. Version 2.9 Ehcache Web Cache User Guide Version 2.9 October 2014 This document applies to Ehcache Version 2.9 and to all subsequent releases. Specifications contained herein are subject to change and these changes

More information

Apache Shiro - Executive Summary

Apache Shiro - Executive Summary Apache Shiro - Executive Summary Apache Shiro is a powerful, easy-to-use Java Security Framework with a goal to be more powerful and easier to use than the standard Java APIs. If you have any interest

More information

SSO Plugin. Authentication service for HP, Kinetic, Jasper, SAP and CA products. J System Solutions. Page 1 of 23. http://www.javasystemsolutions.

SSO Plugin. Authentication service for HP, Kinetic, Jasper, SAP and CA products. J System Solutions. Page 1 of 23. http://www.javasystemsolutions. Page 1 of 23 SSO Plugin Authentication service for HP, Kinetic, Jasper, SAP and CA products J System Solutions Version 4.0 Page 2 of 23 Introduction... 4 Implementing SSO... 5 Licensing... 6 Copying the

More information

Ch-03 Web Applications

Ch-03 Web Applications Ch-03 Web Applications 1. What is ServletContext? a. ServletContext is an interface that defines a set of methods that helps us to communicate with the servlet container. There is one context per "web

More information

Define BA Server Advanced Security

Define BA Server Advanced Security Define BA Server Advanced Security This document supports Pentaho Business Analytics Suite 5.0 GA and Pentaho Data Integration 5.0 GA, documentation revision February 3, 2014, copyright 2014 Pentaho Corporation.

More information

Single Sign-On Research and Expansion Based On CAS

Single Sign-On Research and Expansion Based On CAS Send Orders for Reprints to reprints@benthamscience.ae 200 The Open Cybernetics & Systemics Journal, 2014, 8, 200-207 Single Sign-On Research and Expansion Based On CAS Open Access Fang Yinglan *, Jin

More information

Social Enterprise Java Apps

Social Enterprise Java Apps Social Enterprise Java Apps Safe Harbor Statement Safe harbor statement under the Private Securities Litigation Reform Act of 1995. This presentation may contain forward-looking statements that involve

More information

Apache Roller, Acegi Security and Single Sign-on

Apache Roller, Acegi Security and Single Sign-on Apache Roller, Acegi Security and Single Sign-on Matt Raible matt@raibledesigns.com http://raibledesigns.com Matt Raible Apache Roller, Acegi Security and Single Sign-on Slide 1 Today s Agenda Introductions

More information

Apache Ki (formerly JSecurity) DevNexus - 2009

Apache Ki (formerly JSecurity) DevNexus - 2009 Apache Ki (formerly JSecurity) DevNexus - 2009 Introduction Jeremy Haile Project Co-Founder VP Product Development, WeTheCitizens Agenda What is Apache Ki? Terminology Authentication, Authorization, Session

More information

ADMINISTERING ADOBE LIVECYCLE MOSAIC 9.5

ADMINISTERING ADOBE LIVECYCLE MOSAIC 9.5 ADMINISTERING ADOBE LIVECYCLE MOSAIC 9.5 Legal notices Copyright 2011 Adobe Systems Incorporated and its licensors. All rights reserved. Administering Adobe LiveCycle Mosaic 9.5 March 31, 2011 This administering

More information

SSO Plugin. HP Service Request Catalog. J System Solutions. http://www.javasystemsolutions.com Version 3.6

SSO Plugin. HP Service Request Catalog. J System Solutions. http://www.javasystemsolutions.com Version 3.6 SSO Plugin HP Service Request Catalog J System Solutions Version 3.6 Page 2 of 7 Introduction... 3 Adobe Flash and NTLM... 3 Enabling the identity federation service... 4 Federation key... 4 Token lifetime...

More information

ClearPass A CAS Extension Enabling Credential Replay

ClearPass A CAS Extension Enabling Credential Replay ClearPass A CAS Extension Enabling Credential Replay Andrew Petro Unicon, Inc. http://www.ja-sig.org/wiki/display/casum/clearpass Copyright Unicon, Inc., 2008-2010. Some rights reserved. This work is licensed

More information

Managing Data on the World Wide-Web

Managing Data on the World Wide-Web Managing Data on the World Wide-Web Sessions, Listeners, Filters, Shopping Cart Elad Kravi 1 Web Applications In the Java EE platform, web components provide the dynamic extension capabilities for a web

More information

An Approach to Achieve Delegation of Sensitive RESTful Resources on Storage Cloud

An Approach to Achieve Delegation of Sensitive RESTful Resources on Storage Cloud An Approach to Achieve Delegation of Sensitive RESTful Resources on Storage Cloud Kanchanna Ramasamy Balraj Engineering Ingegneria Informatica Spa, Rome, Italy Abstract. The paper explains a simple approach

More information

Table of contents. Jasig CAS support for the Spring Security plugin.

Table of contents. Jasig CAS support for the Spring Security plugin. Table of contents Jasig CAS support for the Spring Security plugin. 1 Spring Security ACL Plugin - Reference Documentation Authors: Burt Beckwith Version: 1.0.4 Table of Contents 1 Introduction 1.1 History

More information

HP Asset Manager. Implementing Single Sign On for Asset Manager Web 5.x. Legal Notices... 2. Introduction... 3. Using AM 5.20... 3

HP Asset Manager. Implementing Single Sign On for Asset Manager Web 5.x. Legal Notices... 2. Introduction... 3. Using AM 5.20... 3 HP Asset Manager Implementing Single Sign On for Asset Manager Web 5.x Legal Notices... 2 Introduction... 3 Using AM 5.20... 3 Using AM 5.12... 3 Design Blueprint... 3 Technical Design... 3 Requirements,

More information

Integration of Shibboleth and (Web) Applications

Integration of Shibboleth and (Web) Applications workshop Integration of Shibboleth and (Web) Applications MPG-AAI Workshop Clarin Centers Prague 2009 2009-11-06 (Web) Application Protection Models Classical Application behind Shibboleth Standard Session

More information

Identification and Implementation of Authentication and Authorization Patterns in the Spring Security Framework

Identification and Implementation of Authentication and Authorization Patterns in the Spring Security Framework Identification and Implementation of Authentication and Authorization Patterns in the Spring Security Framework Aleksander Dikanski, Roland Steinegger, Sebastian Abeck Research Group Cooperation & Management

More information

That s why it s more practical to only implement SSO on the web client. Before you run this exercise, make sure you have the following files:

That s why it s more practical to only implement SSO on the web client. Before you run this exercise, make sure you have the following files: How to implement SSO for web client ONLY: To activate SSO on web client, you only have to generate certificates for the WEB Application Server. If you want to activate SSO for the windows client, you have

More information

Spring Security SAML module

Spring Security SAML module Spring Security SAML module Author: Vladimir Schäfer E-mail: vladimir.schafer@gmail.com Copyright 2009 The package contains the implementation of SAML v2.0 support for Spring Security framework. Following

More information

SINGLE SIGN-ON SETUP T ECHNICAL NOTE

SINGLE SIGN-ON SETUP T ECHNICAL NOTE T ECHNICAL NOTE Product: Create!archive 6.2.1 Last modified: October 5, 2007 12:03 pm Created by: Development SINGLE SIGN-ON SETUP This Technical Note contains the following sections: Summary Create!archive

More information

UPGRADING SPRING SECURITY IN TIBCO JASPERREPORTS SERVER 6.0.1

UPGRADING SPRING SECURITY IN TIBCO JASPERREPORTS SERVER 6.0.1 UPGRADING SPRING SECURITY IN TIBCO JASPERREPORTS SERVER 6.0.1 Table of Contents Overview 1 Migrating External Authentication Sample Files 2 Wrapper Classes 3 Migrating Customizations 4 Overview JasperReports

More information

Unlocking the Secrets of Alfresco Authentication. Mehdi BELMEKKI,! Consultancy Team! Alfresco!

Unlocking the Secrets of Alfresco Authentication. Mehdi BELMEKKI,! Consultancy Team! Alfresco! Unlocking the Secrets of Alfresco Authentication Mehdi BELMEKKI,! Consultancy Team! Alfresco! Agenda Introduction! Talk objectives! Repository Authentication! Share Authentication! External Authentication!

More information

Module 13 Implementing Java EE Web Services with JAX-WS

Module 13 Implementing Java EE Web Services with JAX-WS Module 13 Implementing Java EE Web Services with JAX-WS Objectives Describe endpoints supported by Java EE 5 Describe the requirements of the JAX-WS servlet endpoints Describe the requirements of JAX-WS

More information

Servlet and JSP Filters

Servlet and JSP Filters 2009 Marty Hall Servlet and JSP Filters Originals of Slides and Source Code for Examples: http://courses.coreservlets.com/course-materials/msajsp.html Customized Java EE Training: http://courses.coreservlets.com/

More information

Model-View-Controller. and. Struts 2

Model-View-Controller. and. Struts 2 Model-View-Controller and Struts 2 Problem area Mixing application logic and markup is bad practise Harder to change and maintain Error prone Harder to re-use public void doget( HttpServletRequest request,

More information

Complete Java Web Development

Complete Java Web Development Complete Java Web Development JAVA-WD Rev 11.14 4 days Description Complete Java Web Development is a crash course in developing cutting edge Web applications using the latest Java EE 6 technologies from

More information

Web Container Components Servlet JSP Tag Libraries

Web Container Components Servlet JSP Tag Libraries Web Application Development, Best Practices by Jeff Zhuk, JavaSchool.com ITS, Inc. dean@javaschool.com Web Container Components Servlet JSP Tag Libraries Servlet Standard Java class to handle an HTTP request

More information

I) Add support for OAuth in CAS server

I) Add support for OAuth in CAS server Table of contents I)Add support for OAuth in CAS server...2 II)How to add OAuth client support in CAS server?...3 A)Add dependency...3 B)Add the identity providers needed...3 C)Add the OAuth action in

More information

Implementing CAS. Adam Rybicki. 2010 Jasig Conference, San Diego, CA March 7, 2010

Implementing CAS. Adam Rybicki. 2010 Jasig Conference, San Diego, CA March 7, 2010 Implementing CAS Adam Rybicki 2010 Jasig Conference, San Diego, CA March 7, 2010 Copyright Unicon, Inc., 2009. This work is the intellectual property of Unicon, Inc. Permission is granted for this material

More information

A detailed walk through a CAS authentication

A detailed walk through a CAS authentication Welcome! First of all, what is CAS? Web single sign on Uses federated authentication, where all authentication is done by the CAS server, instead of individual application servers The implementation is

More information

Crawl Proxy Installation and Configuration Guide

Crawl Proxy Installation and Configuration Guide Crawl Proxy Installation and Configuration Guide Google Enterprise EMEA Google Search Appliance is able to natively crawl secure content coming from multiple sources using for instance the following main

More information

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE Identity Management in Liferay Overview and Best Practices Liferay Portal 6.0 EE Table of Contents Introduction... 1 IDENTITY MANAGEMENT HYGIENE... 1 Where Liferay Fits In... 2 How Liferay Authentication

More information

UPGRADING TO XI 3.1 SP6 AND SINGLE SIGN ON. Chad Watson Sr. Business Intelligence Developer

UPGRADING TO XI 3.1 SP6 AND SINGLE SIGN ON. Chad Watson Sr. Business Intelligence Developer UPGRADING TO XI 3.1 SP6 AND SINGLE SIGN ON Chad Watson Sr. Business Intelligence Developer UPGRADING TO XI 3.1 SP6 What Business Objects Administrators should consider before installing a Service Pack.

More information

CONTROLLING WEB APPLICATION BEHAVIOR WITH

CONTROLLING WEB APPLICATION BEHAVIOR WITH CONTROLLING WEB APPLICATION BEHAVIOR WITH WEB.XML Chapter Topics in This Chapter Customizing URLs Turning off default URLs Initializing servlets and JSP pages Preloading servlets and JSP pages Declaring

More information

Liferay Enterprise ecommerce. Adding ecommerce functionality to Liferay Reading Time: 10 minutes

Liferay Enterprise ecommerce. Adding ecommerce functionality to Liferay Reading Time: 10 minutes Liferay Enterprise ecommerce Adding ecommerce functionality to Liferay Reading Time: 10 minutes Broadleaf + Liferay ecommerce + Portal Options Integration Details REST APIs Integrated IFrame Separate Conclusion

More information

Application Security. Petr Křemen. petr.kremen@fel.cvut.cz

Application Security. Petr Křemen. petr.kremen@fel.cvut.cz Application Security Petr Křemen petr.kremen@fel.cvut.cz What is application security? Security is a set of measures that So, what can happen? taken from [7] first half of 2013 Let's focus on application

More information

XAP 10 Global HTTP Session Sharing

XAP 10 Global HTTP Session Sharing XAP 10 Global HTTP Session Sharing Sep 2014 Shay Hassidim Deputy CTO, Distinguished Engineer 1 Agenda Agenda Web Application Challenges Introduce XAP Global HTTP Session Sharing Application Session Sharing

More information

JAMon Performance Monitoring of Java EE-Applications

JAMon Performance Monitoring of Java EE-Applications Mathias Scharl 1 Siegfried Göschl 2 1 Verisign Platform Development Vienna 2 Independent Contractor Vienna Vienna, July 17, 2007 1 / 21 Outline 1 Motivation 2 Basics 3 Methods of Instrumentation 4 Analysis

More information

Research Article. ISSN 2347-9523 (Print) *Corresponding author Lili Wang Email: lily@nepu.edu.cn

Research Article. ISSN 2347-9523 (Print) *Corresponding author Lili Wang Email: lily@nepu.edu.cn Scholars Journal of Engineering and Technology (SJET) Sch. J. Eng. Tech., 2015; 3(4B):424-428 Scholars Academic and Scientific Publisher (An International Publisher for Academic and Scientific Resources)

More information

SSC - Web applications and development Introduction and Java Servlet (II)

SSC - Web applications and development Introduction and Java Servlet (II) SSC - Web applications and development Introduction and Java Servlet (II) Shan He School for Computational Science University of Birmingham Module 06-19321: SSC Outline Outline of Topics Servlet Configuration

More information

CHAPTER 9: SERVLET AND JSP FILTERS

CHAPTER 9: SERVLET AND JSP FILTERS Taken from More Servlets and JavaServer Pages by Marty Hall. Published by Prentice Hall PTR. For personal use only; do not redistribute. For a complete online version of the book, please see http://pdf.moreservlets.com/.

More information

Web Frameworks and WebWork

Web Frameworks and WebWork Web Frameworks and WebWork Problem area Mixing application logic and markup is bad practise Harder to change and maintain Error prone Harder to re-use public void doget( HttpServletRequest request, HttpServletResponse

More information

Configuration Guide - OneDesk to SalesForce Connector

Configuration Guide - OneDesk to SalesForce Connector Configuration Guide - OneDesk to SalesForce Connector Introduction The OneDesk to SalesForce Connector allows users to capture customer feedback and issues in OneDesk without leaving their familiar SalesForce

More information

Creating Java EE Applications and Servlets with IntelliJ IDEA

Creating Java EE Applications and Servlets with IntelliJ IDEA Creating Java EE Applications and Servlets with IntelliJ IDEA In this tutorial you will: 1. Create IntelliJ IDEA project for Java EE application 2. Create Servlet 3. Deploy the application to JBoss server

More information

A Java proxy for MS SQL Server Reporting Services

A Java proxy for MS SQL Server Reporting Services 1 of 5 1/10/2005 9:37 PM Advertisement: Support JavaWorld, click here! January 2005 HOME FEATURED TUTORIALS COLUMNS NEWS & REVIEWS FORUM JW RESOURCES ABOUT JW A Java proxy for MS SQL Server Reporting Services

More information

Get Success in Passing Your Certification Exam at first attempt!

Get Success in Passing Your Certification Exam at first attempt! Get Success in Passing Your Certification Exam at first attempt! Exam : 1Z0-899 Title : Java EE 6 Web Component Developer Certified Expert Exam Version : Demo 1.Given the element from the web application

More information

Acrobat Connect. Using Connect Enterprise Web Services

Acrobat Connect. Using Connect Enterprise Web Services Acrobat Connect Using Connect Enterprise Web Services 2007 Adobe Systems Incorporated. All rights reserved. Using Adobe Connect Enterprise Web Services If this guide is distributed with software that includes

More information

Spring @Async. Dragan Juričić, PBZ May 2015

Spring @Async. Dragan Juričić, PBZ May 2015 Spring @Async Dragan Juričić, PBZ May 2015 Topics Concept of thread pools Servlet 3 async configuration Task Execution and Scheduling Servlet 3 - asynchronous request processing Benefits and downsides

More information

Using ADOBE ACROBAT CONNECT PRO 7.5 Web Services

Using ADOBE ACROBAT CONNECT PRO 7.5 Web Services Using ADOBE ACROBAT CONNECT PRO 7.5 Web Services Copyright 2009 Adobe Systems Incorporated. All rights reserved. Using Adobe Acrobat Connect Pro 7.5 Web Services This user guide is protected under copyright

More information

Using the LiveCycle Data Services ES2 Sample Application Version 3.1

Using the LiveCycle Data Services ES2 Sample Application Version 3.1 Using the LiveCycle Data Services ES2 Sample Application Version 3.1 Copyright 2010 Adobe Systems Incorporated and its licensors. All rights reserved. Using the LiveCycle Data Services ES2 Sample Application

More information

<Insert Picture Here> Oracle Web Cache 11g Overview

<Insert Picture Here> Oracle Web Cache 11g Overview Oracle Web Cache 11g Overview Oracle Web Cache Oracle Web Cache is a secure reverse proxy cache and a compression engine deployed between Browser and HTTP server Browser and Content

More information

How to consume a Domino Web Services from Visual Studio under Security

How to consume a Domino Web Services from Visual Studio under Security How to consume a Domino Web Services from Visual Studio under Security Summary Authors... 2 Abstract... 2 Web Services... 3 Write a Visual Basic Consumer... 5 Authors Andrea Fontana IBM Champion for WebSphere

More information

APM for Java. AppDynamics Pro Documentation. Version 4.0.x. Page 1

APM for Java. AppDynamics Pro Documentation. Version 4.0.x. Page 1 APM for Java AppDynamics Pro Documentation Version 4.0.x Page 1 APM for Java............................................................ 4 Configure Java Monitoring................................................

More information

Master s Thesis EEG/ERP Portal Security in New Technologies

Master s Thesis EEG/ERP Portal Security in New Technologies University of West Bohemia Faculty of Applied Sciences Department of Computer Science and Engineering Master s Thesis EEG/ERP Portal Security in New Technologies Pilsen, 2012 Jiří Novotný Declaration of

More information

Oracle WebLogic Server

Oracle WebLogic Server Oracle WebLogic Server Developing Web Applications, Servlets, and JSPs for Oracle WebLogic Server 10g Release 3 (10.3) July 2008 Oracle WebLogic Server Developing Web Applications, Servlets, and JSPs for

More information

Web Applications and Struts 2

Web Applications and Struts 2 Web Applications and Struts 2 Problem area Problem area Separation of application logic and markup Easier to change and maintain Easier to re use Less error prone Access to functionality to solve routine

More information

Intro to Load-Balancing Tomcat with httpd and mod_jk

Intro to Load-Balancing Tomcat with httpd and mod_jk Intro to Load-Balancing Tomcat with httpd and mod_jk Christopher Schultz Chief Technology Officer Total Child Health, Inc. * Slides available on the Linux Foundation / ApacheCon2015 web site and at http://people.apache.org/~schultz/apachecon

More information

esoc SSA DC-I Part 1 - Single Sign-On and Access Management ICD

esoc SSA DC-I Part 1 - Single Sign-On and Access Management ICD esoc European Space Operations Centre Robert-Bosch-Strasse 5 64293 Darmstadt Germany Tel: (49)615190-0 Fax: (49)615190485 www.esa.int SSA DC-I Part 1 - Single Sign-On and Access Management ICD Prepared

More information

Kerberos and Windows SSO Guide Jahia EE v6.1

Kerberos and Windows SSO Guide Jahia EE v6.1 Documentation Kerberos and Windows SSO Guide Jahia EE v6.1 Jahia delivers the first Web Content Integration Software by combining Enterprise Web Content Management with Document and Portal Management features.

More information

JBoss Portlet Container. User Guide. Release 2.0

JBoss Portlet Container. User Guide. Release 2.0 JBoss Portlet Container User Guide Release 2.0 1. Introduction.. 1 1.1. Motivation.. 1 1.2. Audience 1 1.3. Simple Portal: showcasing JBoss Portlet Container.. 1 1.4. Resources. 1 2. Installation. 3 2.1.

More information

Web Application Development

Web Application Development Web Application Development Introduction Because of wide spread use of internet, web based applications are becoming vital part of IT infrastructure of large organizations. For example web based employee

More information

Mobile Security Jump Start. Wayne Henshaw & Mike Jacobs Progress OpenEdge October 8, 2013

Mobile Security Jump Start. Wayne Henshaw & Mike Jacobs Progress OpenEdge October 8, 2013 Mobile Security Jump Start Wayne Henshaw & Mike Jacobs Progress OpenEdge October 8, 2013 Agenda Architectural basics REST service Mobile client Making required choices Authentication model User sessions

More information

JBoss SOAP Web Services User Guide. Version: 3.3.0.M5

JBoss SOAP Web Services User Guide. Version: 3.3.0.M5 JBoss SOAP Web Services User Guide Version: 3.3.0.M5 1. JBoss SOAP Web Services Runtime and Tools support Overview... 1 1.1. Key Features of JBossWS... 1 2. Creating a Simple Web Service... 3 2.1. Generation...

More information

ISA Server Plugins Setup Guide

ISA Server Plugins Setup Guide ISA Server Plugins Setup Guide Secure Web (Webwasher) Version 1.3 Copyright 2008 Secure Computing Corporation. All rights reserved. No part of this publication may be reproduced, transmitted, transcribed,

More information

Wicket. 2013.09.12 Hiroto Yamakawa

Wicket. 2013.09.12 Hiroto Yamakawa Wicket 2013.09.12 Hiroto Yamakawa @gishi_yama yamakawa@photon.chitose.ac.jp Apache Wicket 6 Wicket Wicket-Sapporo New! "...Wicket Java " Java Apache Wicket, "Apache Wicket Web ",, pp.17 "...Apache Wicket

More information

Java Servlet 3.0. Rajiv Mordani Spec Lead

Java Servlet 3.0. Rajiv Mordani Spec Lead Java Servlet 3.0 Rajiv Mordani Spec Lead 1 Overview JCP Java Servlet 3.0 API JSR 315 20 members > Good mix of representation from major Java EE vendors, web container developers and web framework authors

More information

Enterprise Application Development In Java with AJAX and ORM

Enterprise Application Development In Java with AJAX and ORM Enterprise Application Development In Java with AJAX and ORM ACCU London March 2010 ACCU Conference April 2010 Paul Grenyer Head of Software Engineering p.grenyer@validus-ivc.co.uk http://paulgrenyer.blogspot.com

More information

Contents. Pentaho Corporation. Version 5.1. Copyright Page. Introduction. Implement Advanced Security. Switch to MS Active Directory.

Contents. Pentaho Corporation. Version 5.1. Copyright Page. Introduction. Implement Advanced Security. Switch to MS Active Directory. Contents Pentaho Corporation Version 5.1 Copyright Page Introduction Implement Advanced Security Switch to MS Active Directory Switch to LDAP Manual MSAD Configuration Manual LDAP Configuration Use Nested

More information

SAML 2.0 SSO Deployment with Okta

SAML 2.0 SSO Deployment with Okta SAML 2.0 SSO Deployment with Okta Simplify Network Authentication by Using Thunder ADC as an Authentication Proxy DEPLOYMENT GUIDE Table of Contents Overview...3 The A10 Networks SAML 2.0 SSO Deployment

More information

Web Application Security Assessment and Vulnerability Mitigation Tests

Web Application Security Assessment and Vulnerability Mitigation Tests White paper BMC Remedy Action Request System 7.6.04 Web Application Security Assessment and Vulnerability Mitigation Tests January 2011 www.bmc.com Contacting BMC Software You can access the BMC Software

More information

Quark Publishing Platform 10.5 System Administration Guide

Quark Publishing Platform 10.5 System Administration Guide Quark Publishing Platform 10.5 System Administration Guide CONTENTS Contents Introducing Quark Publishing Platform administration tasks...6 Deploying Quark Publishing Platform Server...7 Setting up environment

More information

Office365Mon Developer API

Office365Mon Developer API Office365Mon Developer API Office365Mon provides a set of services for retrieving report data, and soon for managing subscriptions. This document describes how you can create an application to programmatically

More information

Class Test 2 - e-security (CSN11102/11117) Semester 2, Session 2012-13

Class Test 2 - e-security (CSN11102/11117) Semester 2, Session 2012-13 Class Test 2 - e-security (CSN11102/11117) Semester 2, Session 2012-13 Outline Requirements The test will account for 20% of the module final grade, and is based on the academic content of the course covering

More information

Developing ASP.NET MVC 4 Web Applications MOC 20486

Developing ASP.NET MVC 4 Web Applications MOC 20486 Developing ASP.NET MVC 4 Web Applications MOC 20486 Course Outline Module 1: Exploring ASP.NET MVC 4 The goal of this module is to outline to the students the components of the Microsoft Web Technologies

More information

Identity Federation: Bridging the Identity Gap. Michael Koyfman, Senior Global Security Solutions Architect

Identity Federation: Bridging the Identity Gap. Michael Koyfman, Senior Global Security Solutions Architect Identity Federation: Bridging the Identity Gap Michael Koyfman, Senior Global Security Solutions Architect The Need for Federation 5 key patterns that drive Federation evolution - Mary E. Ruddy, Gartner

More information

Tutorial: Building a Web Application with Struts

Tutorial: Building a Web Application with Struts Tutorial: Building a Web Application with Struts Tutorial: Building a Web Application with Struts This tutorial describes how OTN developers built a Web application for shop owners and customers of the

More information

SSO Plugin. Integration for Jasper Server. J System Solutions. http://www.javasystemsolutions.com Version 3.6

SSO Plugin. Integration for Jasper Server. J System Solutions. http://www.javasystemsolutions.com Version 3.6 SSO Plugin Integration for Jasper Server J System Solutions Version 3.6 JSS SSO Plugin Integration with Jasper Server Introduction... 3 Jasper Server user administration... 4 Configuring SSO Plugin...

More information

Salesforce Opportunities Portlet Documentation v2

Salesforce Opportunities Portlet Documentation v2 Salesforce Opportunities Portlet Documentation v2 From ACA IT-Solutions Ilgatlaan 5C 3500 Hasselt liferay@aca-it.be Date 29.04.2014 This document will describe how the Salesforce Opportunities portlet

More information

WEB SERVICES. Revised 9/29/2015

WEB SERVICES. Revised 9/29/2015 WEB SERVICES Revised 9/29/2015 This Page Intentionally Left Blank Table of Contents Web Services using WebLogic... 1 Developing Web Services on WebSphere... 2 Developing RESTful Services in Java v1.1...

More information

Implementing SSO between the Enterprise Portal and the EPM Add-In

Implementing SSO between the Enterprise Portal and the EPM Add-In Implementing SSO between the Enterprise Portal and the EPM Add-In Applies to: SAP BusinessObjects Planning and Consolidation 10, version for SAP NetWeaver SP1 and higher EPM Add-In, SP3 and higher. For

More information

Visa Checkout September 2015

Visa Checkout September 2015 Visa Checkout September 2015 TABLE OF CONTENTS 1 Introduction 1 Integration Flow 1 Visa Checkout Partner merchant API Flow 2 2 Asset placement and Usage 3 Visa Checkout Asset Placement and Usage Requirements

More information

CA Technologies SiteMinder

CA Technologies SiteMinder CA Technologies SiteMinder Agent for Microsoft SharePoint r12.0 Second Edition This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to

More information