Quick Guide For Using Spring Roo and Spring Security In Rapid Web Application Development:
|
|
- Mabel Elfreda Stafford
- 7 years ago
- Views:
Transcription
1 Quick Guide For Using Spring Roo and Spring Security In Rapid Web Application Development: Examples For Basic Access Control Mecahnisms Implmentation By Using Spring Technologies Keywords: Authentication; Authorisation; RBAC; Spring Roo; Spring Security; Date: 07/12/2011 Author: Mohamed Bourimi Contributor: Yassin Daanoun
2 1 Spring Technologies For Web Applications Rapid Development of Secure Authentication and Authorisation 1.1 Introduction The basic access control of any web application addresses at least the following points: Securing the communications layer used to acces the respective application. Securing the Web Layer and allowing for authentication mechanisms (ensuring the identity of who is accessing the application). Allowing for authorization mechanisms to the application resources. A classical mechanism is the usage of the Role Based Access Control (RBAC), which helps in assigning permissions to roles coupled with the identity of the users (e.g., ROLE can be OWNER which has persmission to do everything in the application. GUESTs might just be allowed to read forums 'PERM_READ_FORUMS' or something like this and so on). Securing Business Logic Access in terms of which methods could call a given functionality within the application environment. In the following, we want to introduce Spring Framework technologies that help in rapid web application development. The following chapter will address concrete examples token from a document describing the implementation of the access control engine of the digital.me 1 project. 1.2 Spring Roo and Spring Framework Spring Roo 2 main goal is to ease Java-based development projects in terms of simplifying the complexity of configuring an application architecture (especially those tasks taking place periodically when creating an application from the scratch). Spring Roo can be seen as an powerfull extension of the Spring Framework with this respect. The Spring Framework 3 significantly reduces Enteprise Java code complexity by offering a development platform that uses interface-driven development, dependency injection, aspectoriented programming and a number of helper APIs and services. However, various configuration as well as deployment tasks remain unsatisfacally addressed which is entended to be covered with the help of Roo. For instance, Spring Roo includes plugins to manage Maven build files, configuring security of the web application, adding messaging support and different persistence datasources with just one line of commands! (Rimple et. al. 2012). 1.3 Spring Security Framework Spring security 4 provides a sophisticated authentication and access control system and became widely adopted as the standard solution for securing Spring Framework based applications used in critical applications (Walls, 2010). Spring Security 3 provides a bundle of resources that allow for many common security practices to be declared or configured in a straightforward manner (Mularien, 2010). According to various technical literature, standards such as Java Authentication and Authorisation Service (JAAS) or Java EE Security do offer some ways of performing some of the same authentication and Authorisation functions, but the Spring Security module packages up implementations in a concise way and offers powerful baseline configuration features available out of the box, e.g., for various security topics such as authentication and Authorisation. Furthermore, a
3 big community (also from the industry 5 ) is continousely contributing and improving this framework to cover new security topics and fix detected issues (Mularien, 2010). Even though Spring Security's, application specific implementation concerns, architecture limitations, and infrastructure integration requirements are likely to complicate implementations also in the case of using Spring Security. However, Spring Security is a "hands-on" framework where developer are able to customize or extend the code to fulfill requirements that go beyond the basic out of the box options (Mularien, 2010). 5 Spring was recently aquired (for 420 million dollars, by VMware Inc., the leading company for virtualization technologies. With this, the deployment of a Spring based PS into the cloud us assured since VMware is part of the Cloud Alliance targeting inter-operability.
4 2 Examples For Basic Configuration and Functional Documentation 2.1 Description The following examples are taken from the work done in the context of the digital.me project (Scerri et. all. 2011) with respect to the implementation of access control mechanisms of the first prototype (Bourimi et. al. 2011). Since Spring (Roo) and Spring Security are configuration based, we detail in the following the needed configuration at the level of the hosting web container for deployment and operation as well as the used classes. 2.2 Configuration for securing the communication and web layer In order to secure the communication layer of any Web application, a SSL keystore is needed. For that, the following maven support for generating SSL keystore and deployment on Tomcat and Jetty can just be added to your pom.xml generated in your Roo project Enabling SSL Support <!-- Deploy on Tomcat --> <plugin> <groupid>org.codehaus.mojo</groupid> <artifactid>tomcat-maven-plugin</artifactid> <version>1.1</version> <configuration> <url> <warfile>target/dime-communications.war</warfile> <update>true</update> <username>${tomcat.user}</username> <password>${tomcat.password}</password> <httpsport>${web.container.server.port}</httpsport> <keystorefile>${project.build.directory}/${key.store.filename}</keystorefile> <keystorepass>${key.store.keypass}</keystorepass> <systemproperties> <org.apache.tomcat.util.buf.udecoder.allow_encoded_slash> true </org.apache.tomcat.util.buf.udecoder.allow_encoded_slash> </systemproperties> </configuration> </plugin> <!-- Deploy on Jetty Server --> <plugin> <groupid>org.mortbay.jetty</groupid> <artifactid>maven-jetty-plugin</artifactid> <version>6.1.22</version> <configuration> <contextpath>dime-communications</contextpath> <scanintervalseconds>5</scanintervalseconds> <connectors> <!-- <connector implementation="org.mortbay.jetty.nio.selectchannelconnector"> --> <!-- <port>${web.container.server.port}</port> -->
5 <!-- <maxidletime>60000</maxidletime> --> <!-- </connector> --> <connector implementation="org.mortbay.jetty.security.sslsocketconnector"> <port>${web.container.server.port}</port> <maxidletime>60000</maxidletime> <keystore>${project.build.directory}/${key.store.filename}</keystore> <password>${key.store.keypass}</password> <keypassword>${key.store.storepass}</keypassword> </connector> </connectors> </configuration> </plugin> Configuration to enable HTTPS (keystore generation) 6 : <!-- Generating a SSL/TLS server key store --> <plugin> </plugin> <groupid>org.codehaus.mojo</groupid> <artifactid>keytool-maven-plugin</artifactid> <version>1.0</version> <executions> </executions> <execution> <phase>generate-resources</phase> <id>clean</id> <goals> </goals> </execution> <execution> <goal>clean</goal> <phase>generate-resources</phase> <id>genkey</id> <goals> </goals> </execution> <goal>genkey</goal> <configuration> <keystore>${project.build.directory}/${key.store.filename}</keystore> <dname>cn= ou=none, L=Siegen, ST=None, o=usiegen, c=de</dname> <keypass>${key.store.keypass}</keypass> <storepass>${key.store.storepass}</storepass> <alias>dime</alias> <keyalg>rsa</keyalg> </configuration> Configuration to enable HTTPS on Jetty (keystore generation): <!-- Deploy on Jetty Server --> <plugin> <groupid>org.mortbay.jetty</groupid> <artifactid>maven-jetty-plugin</artifactid> 6 Some additional configuration tweaking for eclipse can be found in the appendix.
6 </plugin> <version>6.1.22</version> <configuration> <contextpath>dime-communications</contextpath> <scanintervalseconds>5</scanintervalseconds> <connectors> <!-- <connector implementation="org.mortbay.jetty.nio.selectchannelconnector"> --> <!-- <port>${web.container.server.port}</port> --> <!-- <maxidletime>60000</maxidletime> --> <!-- </connector> --> </connectors> </configuration> <connector implementation="org.mortbay.jetty.security.sslsocketconnector"> </connector> <port>${web.container.server.port}</port> <maxidletime>60000</maxidletime> <keystore>${project.build.directory}/${key.store.filename}</keystore> <password>${key.store.keypass}</password> <keypassword>${key.store.storepass}</keypassword> Configuration to enable Basic Authentication Basic Authentication is a classical mean to ensure acces to web applications. An authentification dialog is shown in the used web browser and asks for the user credentials (username and password). In order to enable Basic Authentication support, the following steps have to be performed. The first step is related to adding a separate spring security file to the global context of the application and enabling there the Basic Authentication support: <!-- ***************************************************** --> <!-- ******* Load Application Context ******* --> <!-- ***************************************************** --> <!-- <import resource="classpath*:meta-inf/spring/spring/dime-controllersapplicationcontext.xml" /> --> <import resource="classpath*:meta-inf/spring/ps-applicationcontext.xml" /> <import resource="classpath*:meta-inf/spring/ps-applicationcontext-security.xml" /> <!-- <import resource="classpath*:**/spring-config/datamining-context.xml" /> --> <!-- ***************************************************** --> <!-- ******* Basic Authentication Services Layer ******* --> <!-- ***************************************************** --> <bean id="basicauthenticationfilter" class="org.springframework.security.web.authentication. <property name="authenticationmanager" ref="authenticationmanager" /> <property name="authenticationentrypoint" ref="authenticationentrypoint" /> </bean> <bean id="authenticationentrypoint" class="org.springframework.security.web.authentication. </bean> <property name="realmname" value="dime_realm" />
7 Adapted security configuration (spring security context file and web.xml file): <http create-session="ifrequired" auto-config="false" realm="dime_realm"> </http> <http-basic /> <intercept-url pattern="/**" access="role_owner" requires-channel="https" /> In order to enable Basic Authentication it is necessary to edit the web.xml in dime-communications subproject and add the following: <!-- Enables Spring Security --> <filter> </filter> <filter-name>springsecurityfilterchain</filter-name> <filter-class>org.springframework.web.filter.delegatingfilterproxy</filter-class>... <!-- <filter-mapping> --> <filter-name>springsecurityfilterchain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> Configruration to enable Hashing and Salting (spring security context file) <?xml version="1.0" encoding="utf-8"?> <beans:beans xmlns=" xmlns:beans=" xmlns:xsi=" xmlns:sec=" xsi:schemalocation=" <!-- HTTP(S) security configurations --> <http create-session="ifrequired" auto-config="false" realm="dime_realm" lowercasecomparisons="false"> </http> <http-basic /> <!-- HTTPS Testing --> <intercept-url pattern="/**" access="role_owner" requires-channel="https" /> <!-- HTTP Testing --> <!--<intercept-url pattern="/**" access="role_owner" /> --> <!-- Configure Authentication mechanism --> <authentication-manager alias="authenticationmanager"> <authentication-provider> <password-encoder ref="dimepasswordencoder">
8 <salt-source ref="dimesaltsource"/> </password-encoder> <!-- Short-term implementation: Later with db support and runtime-adding of users and roles etc. --> <!-- dimepass4owner and dimepass4guests --> <!-- </user-service> --> <user-service id="userdetailsservice" properties="/web-inf/ps-users.properties" /> </authentication-provider> </authentication-manager> </beans:beans> In the configuration shown above, the property file ps-users.properties contains the usernames and their sha-256 hashed passwords. 2.3 Implementing RBAC with Roo and securing business logic access In order to design a persistent solution for the following RBAC diagram concerned with the management of user accounts at the server-side, the following Roo commands creates entities 7 that allow many users could have different roles and each role could have different permissions. Permissions could be assigned to different roles at the same time and different roles could be assigned to the same user at the same time, too. entity --class ~.user.userrole --testautomatically field string --fieldname rolename --notnull entity --class ~.user.userpermission --testautomatically field string --fieldname permissionname --unique --notnull entity --class ~.user.useraccount --testautomatically field string --fieldname username --notnull field string --fieldname password --notnull field string --fieldname firstname --notnull field string --fieldname lastname --notnull field string --fieldname --notnull 7 Please ensure that you configured well your persistense layer by using the Roo command persistence setup and its arguments (Persistence Provider like Hibernate, Database like MySQL, Database name etc.)
9 field string --fieldname enabled --sizemax 1 --notnull focus --class ~.user.userpermission field set --fieldname permissionroles --type ~.user.userrole --cardinality MANY_TO_MANY focus --class ~.user.userrole field set --fieldname permissions --type ~.user.userpermission --mappedby permissionroles focus --class ~.user.userrole field set --fieldname roleaccounts --type ~.user.useraccount --cardinality ONE_TO_MANY --mappedby userrole focus --class ~.user.useraccount field reference --fieldname userrole --type ~.user.userrole --cardinality MANY_TO_ONE <connectors> The generated classes and the access to them can then used to implement the access control to the functionalities and resources of the repsective web application. For instance, the roles and permissions could help in configuring the access to the business logic by using JSR-250 notations in code (@PreAuthorize annotation above method defines a default denyall rule for the methods in the class and override later with combination of the RBAC configuration implemented.
10 3 References Bourimi M., Scerri S., Planaguma M., Heupel M., Fatih, K., and Schwarte P. A two-level approach to ontology-based access control in pervasive personal servers. Scientific research paper (ger. Wissenschaftlicher Artikel), urn:nbn:de:hbz: Mularien, P.,2010. Spring Security 3. Packt Publishing Scerri S., Gimenez R., Herman F., Bourimi M., and Thiel S. digital.me towards an integrated Personal Information Sphere. Technical report, June Federated Social Web Summit, Berlin (Germany). June 3rd-5th Rimple, K., Penchikala, S. and Dickens, G. Spring Roo in Action. Manning Publications (currently in press, accessed the MEAP program version) Walls, C. Spring in Action (Third Edition). Manning Publications Wheeler, W., Wheeler, J. and White J. Spring in Practice. (1st edition). Manning Publications (currently in press, accessed the MEAP program version)
IUCLID 5 Guidance and Support
IUCLID 5 Guidance and Support Web Service Installation Guide July 2012 v 2.4 July 2012 1/11 Table of Contents 1. Introduction 3 1.1. Important notes 3 1.2. Prerequisites 3 1.3. Installation files 4 2.
More informationJVA-122. Secure Java Web Development
JVA-122. Secure Java Web Development Version 7.0 This comprehensive course shows experienced developers of Java EE applications how to secure those applications and to apply best practices with regard
More informationCustomer Bank Account Management System Technical Specification Document
Customer Bank Account Management System Technical Specification Document Technical Specification Document Page 1 of 15 Table of Contents Contents 1 Introduction 3 2 Design Overview 4 3 Topology Diagram.6
More informationSSO Plugin. HP Service Request Catalog. J System Solutions. http://www.javasystemsolutions.com Version 3.6
SSO Plugin HP Service Request Catalog J System Solutions Version 3.6 Page 2 of 7 Introduction... 3 Adobe Flash and NTLM... 3 Enabling the identity federation service... 4 Federation key... 4 Token lifetime...
More informationFramework Adoption for Java Enterprise Application Development
Framework Adoption for Java Enterprise Application Development Clarence Ho Independent Consultant, Author, Java EE Architect http://www.skywidesoft.com clarence@skywidesoft.com Presentation can be downloaded
More informationAn identity management solution. TELUS AD Sync
An identity management solution TELUS AD Sync June 2013 Introduction An important historic challenge faced by small and mid-sized businesses when opting for the TELUS Business E-mail Service is the requirement
More informationA Monitored Student Testing Application Using Cloud Computing
A Monitored Student Testing Application Using Cloud Computing R. Mullapudi and G. Hsieh Department of Computer Science, Norfolk State University, Norfolk, Virginia, USA r.mullapudi@spartans.nsu.edu, ghsieh@nsu.edu
More informationApplication Security
2009 Marty Hall Declarative Web Application Security Originals of Slides and Source Code for Examples: http://courses.coreservlets.com/course-materials/msajsp.html Customized Java EE Training: http://courses.coreservlets.com/
More informationTIBCO Spotfire Platform IT Brief
Platform IT Brief This IT brief outlines features of the system: Communication security, load balancing and failover, authentication options, and recommended practices for licenses and access. It primarily
More informationThe Compatible One Application and Platform Service 1 (COAPS) API User Guide
The Compatible One Application and Platform Service 1 (COAPS) API User Guide Using the COAPS API (v1.5.3) to provision and manage applications on Cloud Foundry Telecom SudParis, Computer Science Department
More informationSecurity As A Service Leveraged by Apache Projects. Oliver Wulff, Talend
Security As A Service Leveraged by Apache Projects Oliver Wulff, Talend Application Security Landscape 2 Solution Building blocks Apache CXF Fediz Single Sign On (WS-Federation) Attribute Based Access
More informationDEPLOYMENT GUIDE DEPLOYING THE BIG-IP LTM SYSTEM WITH MICROSOFT WINDOWS SERVER 2008 TERMINAL SERVICES
DEPLOYMENT GUIDE DEPLOYING THE BIG-IP LTM SYSTEM WITH MICROSOFT WINDOWS SERVER 2008 TERMINAL SERVICES Deploying the BIG-IP LTM system and Microsoft Windows Server 2008 Terminal Services Welcome to the
More informationOnline Data Services. Security Guidelines. Online Data Services by Esri UK. Security Best Practice
Online Data Services Security Guidelines Online Data Services by Esri UK Security Best Practice 28 November 2014 Contents Contents... 1 1. Introduction... 2 2. Data Service Accounts, Security and Fair
More informationUFTP AUTHENTICATION SERVICE
UFTP Authentication Service UFTP AUTHENTICATION SERVICE UNICORE Team Document Version: 1.1.0 Component Version: 1.1.1 Date: 17 11 2014 UFTP Authentication Service Contents 1 Installation 1 1.1 Prerequisites....................................
More informationMagento Search Extension TECHNICAL DOCUMENTATION
CHAPTER 1... 3 1. INSTALLING PREREQUISITES AND THE MODULE (APACHE SOLR)... 3 1.1 Installation of the search server... 3 1.2 Configure the search server for usage with the search module... 7 Deploy the
More informationAPPLICATION SECURITY ENHANCEMENTS IN JAVA EE 6
APPLICATION SECURITY ENHANCEMENTS IN JAVA EE 6 SRINI PENCHIKALA Austin Java User Group Meeting October 26, 2010 ABOUT THE SPEAKER Security Architect Certified Scrum Master Author, Editor (InfoQ) IASA Austin
More informationMulti Factor Authentication API
GEORGIA INSTITUTE OF TECHNOLOGY Multi Factor Authentication API Yusuf Nadir Saghar Amay Singhal CONTENTS Abstract... 3 Motivation... 3 Overall Design:... 4 MFA Architecture... 5 Authentication Workflow...
More informationIntroduction to Mobile Access Gateway Installation
Introduction to Mobile Access Gateway Installation This document describes the installation process for the Mobile Access Gateway (MAG), which is an enterprise integration component that provides a secure
More informationesoc SSA DC-I Part 1 - Single Sign-On and Access Management ICD
esoc European Space Operations Centre Robert-Bosch-Strasse 5 64293 Darmstadt Germany Tel: (49)615190-0 Fax: (49)615190485 www.esa.int SSA DC-I Part 1 - Single Sign-On and Access Management ICD Prepared
More informationCloud Single Sign-On and On-Premise Identity Federation with SAP NetWeaver Cloud White Paper
Cloud Single Sign-On and On-Premise Identity Federation with SAP NetWeaver Cloud White Paper TABLE OF CONTENTS INTRODUCTION... 3 Where we came from... 3 The User s Dilemma with the Cloud... 4 The Administrator
More informationenterprise^ IBM WebSphere Application Server v7.0 Security "publishing Secure your WebSphere applications with Java EE and JAAS security standards
IBM WebSphere Application Server v7.0 Security Secure your WebSphere applications with Java EE and JAAS security standards Omar Siliceo "publishing enterprise^ birmingham - mumbai Preface 1 Chapter 1:
More informationGlassFish v3. Building an ex tensible modular Java EE application server. Jerome Dochez and Ludovic Champenois Sun Microsystems, Inc.
GlassFish v3 Building an ex tensible modular Java EE application server Jerome Dochez and Ludovic Champenois Sun Microsystems, Inc. Agenda Java EE 6 and GlassFish V3 Modularity, Runtime Service Based Architecture
More informationCopyright 2012, Oracle and/or its affiliates. All rights reserved.
1 OTM and SOA Mark Hagan Principal Software Engineer Oracle Product Development Content What is SOA? What is Web Services Security? Web Services Security in OTM Futures 3 PARADIGM 4 Content What is SOA?
More informationCHAPTER 1 - JAVA EE OVERVIEW FOR ADMINISTRATORS
CHAPTER 1 - JAVA EE OVERVIEW FOR ADMINISTRATORS Java EE Components Java EE Vendor Specifications Containers Java EE Blueprint Services JDBC Data Sources Java Naming and Directory Interface Java Message
More informationSpring Security 3. rpafktl Pen source. intruders with this easy to follow practical guide. Secure your web applications against malicious
Spring Security 3 Secure your web applications against malicious intruders with this easy to follow practical guide Peter Mularien rpafktl Pen source cfb II nv.iv I I community experience distilled
More informationRapid Application Development. and Application Generation Tools. Walter Knesel
Rapid Application Development and Application Generation Tools Walter Knesel 5/2014 Java... A place where many, many ideas have been tried and discarded. A current problem is it's success: so many libraries,
More informationAngel Dichev RIG, SAP Labs
Enabling SSL and Client Certificates on the SAP J2EE Engine Angel Dichev RIG, SAP Labs Learning Objectives As a result of this session, you will be able to: Understand the different SAP J2EE Engine SSL
More informationSSO Plugin. Integration for Jasper Server. J System Solutions. http://www.javasystemsolutions.com Version 3.6
SSO Plugin Integration for Jasper Server J System Solutions Version 3.6 JSS SSO Plugin Integration with Jasper Server Introduction... 3 Jasper Server user administration... 4 Configuring SSO Plugin...
More informationPortals, Portlets & Liferay Platform
Portals, Portlets & Liferay Platform Repetition: Web Applications and Model View Controller (MVC) Design Pattern Web Applications Frameworks in J2EE world Struts Spring Hibernate Data Service Java Server
More informationOracle WebLogic Server 11g Administration
Oracle WebLogic Server 11g Administration This course is designed to provide instruction and hands-on practice in installing and configuring Oracle WebLogic Server 11g. These tasks include starting and
More informationDEPLOYMENT GUIDE. Deploying the BIG-IP LTM v9.x with Microsoft Windows Server 2008 Terminal Services
DEPLOYMENT GUIDE Deploying the BIG-IP LTM v9.x with Microsoft Windows Server 2008 Terminal Services Deploying the BIG-IP LTM system and Microsoft Windows Server 2008 Terminal Services Welcome to the BIG-IP
More informationBasic TCP/IP networking knowledge of client/server concepts Basic Linux commands and desktop navigation (if don't know we will cover it )
About Oracle WebLogic Server Oracle WebLogic Server is the industry's best application server for building and deploying enterprise Java EE applications with support for new features for lowering cost
More informationMESSAGING SECURITY USING GLASSFISH AND OPEN MESSAGE QUEUE
MESSAGING SECURITY USING GLASSFISH AND OPEN MESSAGE QUEUE OWASP AppSec USA 2011 Conference (@appsecusa / hashtag: #appsecusa) Srini Penchikala (@srinip) 09.23.11 GOALS AND SCOPE Goals: Messaging security
More informationHow To Secure Your Data Center From Hackers
Xerox DocuShare Private Cloud Service Security White Paper Table of Contents Overview 3 Adherence to Proven Security Practices 3 Highly Secure Data Centers 4 Three-Tier Architecture 4 Security Layers Safeguard
More informationGrails 1.1. Web Application. Development. Reclaiming Productivity for Faster. Java Web Development. Jon Dickinson PUBLISHING J MUMBAI BIRMINGHAM
Grails 1.1 Development Web Application Reclaiming Productivity for Faster Java Web Development Jon Dickinson PUBLISHING J BIRMINGHAM - MUMBAI Preface Chapter 1: Getting Started with Grails 7 Why Grails?
More informationWHITE PAPER. Domo Advanced Architecture
WHITE PAPER Domo Advanced Architecture Overview There are several questions that any architect or technology advisor may ask about a new system during the evaluation process: How will it fit into our organization
More informationIBM Unica emessage Version 8 Release 6 February 13, 2015. Startup and Administrator's Guide
IBM Unica emessage Version 8 Release 6 February 13, 2015 Startup and Administrator's Guide Note Before using this information and the product it supports, read the information in Notices on page 83. This
More informationFreeSB Installation Guide 1. Introduction Purpose
FreeSB Installation Guide 1. Introduction Purpose This document provides step-by-step instructions on the installation and configuration of FreeSB Enterprise Service Bus. Quick Install Background FreeSB
More informationWeb Application Security Assessment and Vulnerability Mitigation Tests
White paper BMC Remedy Action Request System 7.6.04 Web Application Security Assessment and Vulnerability Mitigation Tests January 2011 www.bmc.com Contacting BMC Software You can access the BMC Software
More informationvcommander will use SSL and session-based authentication to secure REST web services.
vcommander REST API Draft Proposal v1.1 1. Client Authentication vcommander will use SSL and session-based authentication to secure REST web services. 1. All REST API calls must take place over HTTPS 2.
More informationResearch Article. ISSN 2347-9523 (Print) *Corresponding author Lili Wang Email: lily@nepu.edu.cn
Scholars Journal of Engineering and Technology (SJET) Sch. J. Eng. Tech., 2015; 3(4B):424-428 Scholars Academic and Scientific Publisher (An International Publisher for Academic and Scientific Resources)
More informationEnterprise Application Development In Java with AJAX and ORM
Enterprise Application Development In Java with AJAX and ORM ACCU London March 2010 ACCU Conference April 2010 Paul Grenyer Head of Software Engineering p.grenyer@validus-ivc.co.uk http://paulgrenyer.blogspot.com
More informationLepide Active Directory Self Service. Configuration Guide. Follow the simple steps given in this document to start working with
Lepide Active Directory Self Service Configuration Guide 2014 Follow the simple steps given in this document to start working with Lepide Active Directory Self Service Table of Contents 1. Introduction...3
More informationHow to configure the TopCloudXL WHMCS plugin (version 2+) Update: 16-09-2015 Version: 2.2
èè How to configure the TopCloudXL WHMCS plugin (version 2+) Update: 16-09-2015 Version: 2.2 Table of Contents 1. General overview... 3 1.1. Installing the plugin... 3 1.2. Testing the plugin with the
More informationConnection Broker Managing User Connections to Workstations and Blades, OpenStack Clouds, VDI, and more. Security Review
Connection Broker Managing User Connections to Workstations and Blades, OpenStack Clouds, VDI, and more Security Review Version 8.1 March 31, 2016 Contacting Leostream Leostream Corporation http://www.leostream.com
More informationThis document summarizes the steps of deploying ActiveVOS on the IBM WebSphere Platform.
Technical Note Overview This document summarizes the steps of deploying ActiveVOS on the IBM WebSphere Platform. Legal Notice The information in this document is preliminary and is subject to change without
More informationNetBrain Security Guidance
NetBrain Security Guidance 1. User Authentication and Authorization 1.1. NetBrain Components NetBrain Enterprise Server includes five components: Customer License Server (CLS), Workspace Server (WSS),
More informationBuilding a Modular Server Platform with OSGi. Dileepa Jayakody Software Engineer SSWSO2 Inc.
Building a Modular Server Platform with OSGi Dileepa Jayakody Software Engineer SSWSO2 Inc. Outline Complex Systems OSGi for Modular Systems OSGi in SOA middleware Carbon : A modular server platform for
More informationThe Java EE 6 Platform. Alexis Moussine-Pouchkine GlassFish Team
The Java EE 6 Platform Alexis Moussine-Pouchkine GlassFish Team This is no science fiction Java EE 6 and GlassFish v3 shipped final releases on December 10 th 2009 A brief History Project JPE Enterprise
More informationApache Sling A REST-based Web Application Framework Carsten Ziegeler cziegeler@apache.org ApacheCon NA 2014
Apache Sling A REST-based Web Application Framework Carsten Ziegeler cziegeler@apache.org ApacheCon NA 2014 About cziegeler@apache.org @cziegeler RnD Team at Adobe Research Switzerland Member of the Apache
More informationLearning GlassFish for Tomcat Users
Learning GlassFish for Tomcat Users White Paper February 2009 Abstract There is a direct connection between the Web container technology used by developers and the performance and agility of applications.
More informationOpenShift is FanPaaStic For Java EE. By Shekhar Gulati Promo Code JUDCON.IN
OpenShift is FanPaaStic For Java EE By Shekhar Gulati Promo Code JUDCON.IN About Me ~ Shekhar Gulati OpenShift Evangelist at Red Hat Hands on developer Speaker Writer and Blogger Twitter @ shekhargulati
More informationSoftware Architecture Document
Software Architecture Document Project Management Cell 1.0 1 of 16 Abstract: This is a software architecture document for Project Management(PM ) cell. It identifies and explains important architectural
More informationPowerChute TM Network Shutdown Security Features & Deployment
PowerChute TM Network Shutdown Security Features & Deployment By David Grehan, Sarah Jane Hannon ABSTRACT PowerChute TM Network Shutdown (PowerChute) software works in conjunction with the UPS Network
More informationEylean server deployment guide
Eylean server deployment guide Contents 1 Minimum software and hardware requirements... 2 2 Setting up the server using Eylean.Server.Setup.exe wizard... 2 3 Manual setup with Windows authentication -
More informationSPARROW Gateway. Developer Data Vault Payment Type API. Version 2.7 (6293)
SPARROW Gateway Developer Data Vault Payment Type API Version 2.7 (6293) Released July 2015 Table of Contents SPARROW Gateway... 1 Developer Data Vault Payment Type API... 1 Overview... 3 Architecture...
More informationCloudCERT (Testbed framework to exercise critical infrastructure protection)
WP2. CONCEPTUAL MODELLING AND ARCHITECTURE CloudCERT (Testbed framework to exercise critical infrastructure protection) With the financial support of the Prevention, Preparedness and Consequence Management
More informationBuilding Secure Applications. James Tedrick
Building Secure Applications James Tedrick What We re Covering Today: Accessing ArcGIS Resources ArcGIS Web App Topics covered: Using Token endpoints Using OAuth/SAML User login App login Portal ArcGIS
More informationJava in Web 2.0. Alexis Roos Principal Field Technologist, CTO Office OEM SW Sales Sun Microsystems, Inc.
Java in Web 2.0 Alexis Roos Principal Field Technologist, CTO Office OEM SW Sales Sun Microsystems, Inc. 1 Agenda Java overview Technologies supported by Java Platform to create Web 2.0 services Future
More informationT320 E-business technologies: foundations and practice
T320 E-business technologies: foundations and practice Block 3 Part 2 Activity 2: Generating a client from WSDL Prepared for the course team by Neil Simpkins Introduction 1 WSDL for client access 2 Static
More informationCross-domain Identity Management System for Cloud Environment
Cross-domain Identity Management System for Cloud Environment P R E S E N T E D B Y: N A Z I A A K H TA R A I S H A S A J I D M. S O H A I B FA R O O Q I T E A M L E A D : U M M E - H A B I B A T H E S
More informationIP Application Security Manager and. VMware vcloud Air
Securing Web Applications with F5 BIG- IP Application Security Manager and VMware vcloud Air D E P L O Y M E N T G U I D E Securing Web Applications Migrating application workloads to the public cloud
More informationHow To Use Saml 2.0 Single Sign On With Qualysguard
QualysGuard SAML 2.0 Single Sign-On Technical Brief Introduction Qualys provides its customer the option to use SAML 2.0 Single Sign On (SSO) authentication with their QualysGuard subscription. When implemented,
More informationXerox DocuShare Security Features. Security White Paper
Xerox DocuShare Security Features Security White Paper Xerox DocuShare Security Features Businesses are increasingly concerned with protecting the security of their networks. Any application added to a
More informationTG Web. Technical FAQ
TG Web Technical FAQ About this FAQ We encourage you to contact us if. You can't find the information you're looking for. You would like to discuss your specific testing requirements in more detail. You
More informationTable of contents. Reverse-engineers a database to Grails domain classes.
Table of contents Reverse-engineers a database to Grails domain classes. 1 Database Reverse Engineering Plugin - Reference Documentation Authors: Burt Beckwith Version: 0.5.1 Table of Contents 1 Introduction
More information2) Xen Hypervisor 3) UEC
5. Implementation Implementation of the trust model requires first preparing a test bed. It is a cloud computing environment that is required as the first step towards the implementation. Various tools
More informationOnCommand Performance Manager 1.1
OnCommand Performance Manager 1.1 Installation and Setup Guide For Red Hat Enterprise Linux NetApp, Inc. 495 East Java Drive Sunnyvale, CA 94089 U.S. Telephone: +1 (408) 822-6000 Fax: +1 (408) 822-4501
More informationFrom the Intranet to Mobile. By Divya Mehra and Stian Thorgersen
ENTERPRISE SECURITY WITH KEYCLOAK From the Intranet to Mobile By Divya Mehra and Stian Thorgersen PROJECT TIMELINE AGENDA THE OLD WAY Securing monolithic web app relatively easy Username and password
More informationOrbiter Series Service Oriented Architecture Applications
Workshop on Science Agency Uses of Clouds and Grids Orbiter Series Service Oriented Architecture Applications Orbiter Project Overview Mark L. Green mlgreen@txcorp.com Tech-X Corporation, Buffalo Office
More informationHow To Configure The Jasig Casa Single Sign On On A Workstation On Ahtml.Org On A Server On A Microsoft Server On An Ubuntu 7.5.3 (Windows) On A Linux Computer On A Raspberry V
Configuring CAS-based SSO with ActiveVOS on Apache Tomcat Technical Note Version: 1.3 Dated: August 2013 2013 Informatica Corporation ActiveVOS is a trademark of Informatica, Inc. All other company and
More informationAccessing Data with ADOBE FLEX 4.6
Accessing Data with ADOBE FLEX 4.6 Legal notices Legal notices For legal notices, see http://help.adobe.com/en_us/legalnotices/index.html. iii Contents Chapter 1: Accessing data services overview Data
More informationIn this chapter, we lay the foundation for all our further discussions. We start
01 Struts.qxd 7/30/02 10:23 PM Page 1 CHAPTER 1 Introducing the Jakarta Struts Project and Its Supporting Components In this chapter, we lay the foundation for all our further discussions. We start by
More informationSecuring JAX-RS RESTful services. Miroslav Fuksa (software developer) Michal Gajdoš (software developer)
Securing JAX-RS RESTful services Miroslav Fuksa (software developer) Michal Gajdoš (software developer) The following is intended to outline our general product direction. It is intended for information
More informationWeb Express Logon Reference
IBM WebSphere Host On-Demand Version 10 Web Express Logon Reference SC31-6377-01 IBM WebSphere Host On-Demand Version 10 Web Express Logon Reference SC31-6377-01 Note Before using this information and
More informationJSR-303 Bean Validation
JSR-303 Bean Validation Emmanuel Bernard JBoss, by Red Hat http://in.relation.to/bloggers/emmanuel Copyright 2007-2010 Emmanuel Bernard and Red Hat Inc. Enable declarative validation in your applications
More informationLIVE CHAT CLOUD SECURITY Everything you need to know about live chat and communicating with your customers securely
LIVE CHAT CLOUD SECURITY Everything you need to know about live chat and communicating with your customers securely LIVE CHAT CLOUD SECURITY Introduction Security is a top priority online it is vital that
More informationConfiguring Health Monitoring
CHAPTER4 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features that are described in this chapter apply to both IPv6 and IPv4 unless
More informationNGASI AppServer Manager SaaS/ASP Hosting Automation for Cloud Computing Administrator and User Guide
NGASI AppServer Manager SaaS/ASP Hosting Automation for Cloud Computing Administrator and User Guide NGASI SaaS Hosting Automation is a JAVA SaaS Enablement infrastructure that enables web hosting services
More informationThis section contains information intended to help plan for SocialMiner installation and deployment.
This section contains information intended to help plan for SocialMiner installation and deployment. Advanced UI Options, page 1 Deployment Models, page 1 Hardware and Software Specifications, page 2 Ports,
More informationUsing SAP Logon Tickets for Single Sign on to Microsoft based web applications
Collaboration Technology Support Center - Microsoft - Collaboration Brief March 2005 Using SAP Logon Tickets for Single Sign on to Microsoft based web applications André Fischer, Project Manager CTSC,
More informationIntegrating EJBCA and OpenSSO
Integrating EJBCA and OpenSSO EJBCA is an Enterprise PKI Certificate Authority issuing certificates to users, servers and devices. In an organization certificate can be used for strong authentication.
More informationDEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP LTM with Apache Tomcat and Apache HTTP Server
DEPLOYMENT GUIDE Version 1.0 Deploying the BIG-IP LTM with Apache Tomcat and Apache HTTP Server Table of Contents Table of Contents Deploying the BIG-IP LTM with Tomcat application servers and Apache web
More informationThis training is targeted at System Administrators and developers wanting to understand more about administering a WebLogic instance.
This course teaches system/application administrators to setup, configure and manage an Oracle WebLogic Application Server, its resources and environment and the Java EE Applications running on it. This
More information1 Outlook Web Access. 1.1 Outlook Web Access (OWA) Foundation IT Written approximately Dec 2010
Foundation IT Written approximately Dec 2010 1 Outlook Web Access With the new version of Exchange 2010 Outlook Anywhere has been enabled and configured with a secure socket layer (SSL) certificate from
More informationWhite Paper: Cloud for Service Providers
White Paper: Cloud for Service Providers September 2011 Cloud for Service Providers This paper describes the architectural outline of an infrastructure as a Service (IaaS) cloud that Zimory built for an
More information1 What is Cloud Computing?... 2 2 Cloud Infrastructures... 2 2.1 OpenStack... 2 2.2 Amazon EC2... 4 3 CAMF... 5 3.1 Cloud Application Management
1 What is Cloud Computing?... 2 2 Cloud Infrastructures... 2 2.1 OpenStack... 2 2.2 Amazon EC2... 4 3 CAMF... 5 3.1 Cloud Application Management Frameworks... 5 3.2 CAMF Framework for Eclipse... 5 3.2.1
More informationRecommended readings. Lecture 11 - Securing Web. Applications. Security. Declarative Security
Recommended readings Lecture 11 Securing Web http://www.theserverside.com/tt/articles/content/tomcats ecurity/tomcatsecurity.pdf http://localhost:8080/tomcat-docs/security-managerhowto.html http://courses.coreservlets.com/course-
More informationSECURITY DOCUMENT. BetterTranslationTechnology
SECURITY DOCUMENT BetterTranslationTechnology XTM Security Document Documentation for XTM Version 6.2 Published by XTM International Ltd. Copyright XTM International Ltd. All rights reserved. No part of
More informationWebNow Single Sign-On Solutions
WebNow Single Sign-On Solutions Technical Guide ImageNow Version: 6.7. x Written by: Product Documentation, R&D Date: June 2015 2012 Perceptive Software. All rights reserved CaptureNow, ImageNow, Interact,
More informationJBoss Portal 2.4. Quickstart User Guide
Portal 2.4 Quickstart User Guide Table of Contents Portal - Overview... iii 1. Tutorial Forward...1 2. Installation...2 2.1. Downloading and Installing...2 2.2. Starting Portal...3 3. Portal Terminology...5
More informationSonicWALL SRA Virtual Appliance Getting Started Guide
COMPREHENSIVE INTERNET SECURITY SonicWALL Secure Remote Access Appliances SonicWALL SRA Virtual Appliance Getting Started Guide SonicWALL SRA Virtual Appliance5.0 Getting Started Guide This Getting Started
More informationWeb Curator Tool Software Architecture Document
Web Curator Tool Software Architecture Document Version 1.0 FINAL 31/05/2006 Table of Contents 1. Introduction 3 1.1 1.2 Purpose Scope 3 3 1.3 Definitions, Acronyms and Abbreviations 1.4 References 3 3
More informationMaster Thesis: Single Sign-On (JOSSO)
Single Sign- ON with JOSSO University of Piraeus Department of Digital Master Thesis: (JOSSO) Tzani Adamantia (MTE:1068) Supervisor Professor: Dr. Xenakis Christos December 2012 Contents University of
More informationSetup Corporate (Microsoft Exchange) Email. This tutorial will walk you through the steps of setting up your corporate email account.
Setup Corporate (Microsoft Exchange) Email This tutorial will walk you through the steps of setting up your corporate email account. Microsoft Exchange Email Support Exchange Server Information You will
More informationDashlane Security Whitepaper
Dashlane Security Whitepaper November 2014 Protection of User Data in Dashlane Protection of User Data in Dashlane relies on 3 separate secrets: The User Master Password Never stored locally nor remotely.
More informationSalesforce1 Mobile Security Guide
Salesforce1 Mobile Security Guide Version 1, 1 @salesforcedocs Last updated: December 8, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of salesforce.com,
More informationHow to Implement Enterprise SAML SSO
How to Implement Enterprise SSO THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY How to Implement Enterprise SSO Introduction Security Assertion Markup Language, or, provides numerous The advantages and
More informationCustomize Mobile Apps with MicroStrategy SDK: Custom Security, Plugins, and Extensions
Customize Mobile Apps with MicroStrategy SDK: Custom Security, Plugins, and Extensions MicroStrategy Mobile SDK 1 Agenda MicroStrategy Mobile SDK Overview Requirements & Setup Custom App Delegate Custom
More informationCLOUD COMPUTING SECURITY CONCERNS
CLOUD COMPUTING SECURITY CONCERNS ABSTRACT ASMA GULAM MOHAMED Saveetha School of Engineering Cloud computing is set of resources including data storage, programs and hardware offered through the Internet.
More information