Quick Guide For Using Spring Roo and Spring Security In Rapid Web Application Development:

Size: px
Start display at page:

Download "Quick Guide For Using Spring Roo and Spring Security In Rapid Web Application Development:"

Transcription

1 Quick Guide For Using Spring Roo and Spring Security In Rapid Web Application Development: Examples For Basic Access Control Mecahnisms Implmentation By Using Spring Technologies Keywords: Authentication; Authorisation; RBAC; Spring Roo; Spring Security; Date: 07/12/2011 Author: Mohamed Bourimi Contributor: Yassin Daanoun

2 1 Spring Technologies For Web Applications Rapid Development of Secure Authentication and Authorisation 1.1 Introduction The basic access control of any web application addresses at least the following points: Securing the communications layer used to acces the respective application. Securing the Web Layer and allowing for authentication mechanisms (ensuring the identity of who is accessing the application). Allowing for authorization mechanisms to the application resources. A classical mechanism is the usage of the Role Based Access Control (RBAC), which helps in assigning permissions to roles coupled with the identity of the users (e.g., ROLE can be OWNER which has persmission to do everything in the application. GUESTs might just be allowed to read forums 'PERM_READ_FORUMS' or something like this and so on). Securing Business Logic Access in terms of which methods could call a given functionality within the application environment. In the following, we want to introduce Spring Framework technologies that help in rapid web application development. The following chapter will address concrete examples token from a document describing the implementation of the access control engine of the digital.me 1 project. 1.2 Spring Roo and Spring Framework Spring Roo 2 main goal is to ease Java-based development projects in terms of simplifying the complexity of configuring an application architecture (especially those tasks taking place periodically when creating an application from the scratch). Spring Roo can be seen as an powerfull extension of the Spring Framework with this respect. The Spring Framework 3 significantly reduces Enteprise Java code complexity by offering a development platform that uses interface-driven development, dependency injection, aspectoriented programming and a number of helper APIs and services. However, various configuration as well as deployment tasks remain unsatisfacally addressed which is entended to be covered with the help of Roo. For instance, Spring Roo includes plugins to manage Maven build files, configuring security of the web application, adding messaging support and different persistence datasources with just one line of commands! (Rimple et. al. 2012). 1.3 Spring Security Framework Spring security 4 provides a sophisticated authentication and access control system and became widely adopted as the standard solution for securing Spring Framework based applications used in critical applications (Walls, 2010). Spring Security 3 provides a bundle of resources that allow for many common security practices to be declared or configured in a straightforward manner (Mularien, 2010). According to various technical literature, standards such as Java Authentication and Authorisation Service (JAAS) or Java EE Security do offer some ways of performing some of the same authentication and Authorisation functions, but the Spring Security module packages up implementations in a concise way and offers powerful baseline configuration features available out of the box, e.g., for various security topics such as authentication and Authorisation. Furthermore, a

3 big community (also from the industry 5 ) is continousely contributing and improving this framework to cover new security topics and fix detected issues (Mularien, 2010). Even though Spring Security's, application specific implementation concerns, architecture limitations, and infrastructure integration requirements are likely to complicate implementations also in the case of using Spring Security. However, Spring Security is a "hands-on" framework where developer are able to customize or extend the code to fulfill requirements that go beyond the basic out of the box options (Mularien, 2010). 5 Spring was recently aquired (for 420 million dollars, by VMware Inc., the leading company for virtualization technologies. With this, the deployment of a Spring based PS into the cloud us assured since VMware is part of the Cloud Alliance targeting inter-operability.

4 2 Examples For Basic Configuration and Functional Documentation 2.1 Description The following examples are taken from the work done in the context of the digital.me project (Scerri et. all. 2011) with respect to the implementation of access control mechanisms of the first prototype (Bourimi et. al. 2011). Since Spring (Roo) and Spring Security are configuration based, we detail in the following the needed configuration at the level of the hosting web container for deployment and operation as well as the used classes. 2.2 Configuration for securing the communication and web layer In order to secure the communication layer of any Web application, a SSL keystore is needed. For that, the following maven support for generating SSL keystore and deployment on Tomcat and Jetty can just be added to your pom.xml generated in your Roo project Enabling SSL Support <!-- Deploy on Tomcat --> <plugin> <groupid>org.codehaus.mojo</groupid> <artifactid>tomcat-maven-plugin</artifactid> <version>1.1</version> <configuration> <url> <warfile>target/dime-communications.war</warfile> <update>true</update> <username>${tomcat.user}</username> <password>${tomcat.password}</password> <httpsport>${web.container.server.port}</httpsport> <keystorefile>${project.build.directory}/${key.store.filename}</keystorefile> <keystorepass>${key.store.keypass}</keystorepass> <systemproperties> <org.apache.tomcat.util.buf.udecoder.allow_encoded_slash> true </org.apache.tomcat.util.buf.udecoder.allow_encoded_slash> </systemproperties> </configuration> </plugin> <!-- Deploy on Jetty Server --> <plugin> <groupid>org.mortbay.jetty</groupid> <artifactid>maven-jetty-plugin</artifactid> <version>6.1.22</version> <configuration> <contextpath>dime-communications</contextpath> <scanintervalseconds>5</scanintervalseconds> <connectors> <!-- <connector implementation="org.mortbay.jetty.nio.selectchannelconnector"> --> <!-- <port>${web.container.server.port}</port> -->

5 <!-- <maxidletime>60000</maxidletime> --> <!-- </connector> --> <connector implementation="org.mortbay.jetty.security.sslsocketconnector"> <port>${web.container.server.port}</port> <maxidletime>60000</maxidletime> <keystore>${project.build.directory}/${key.store.filename}</keystore> <password>${key.store.keypass}</password> <keypassword>${key.store.storepass}</keypassword> </connector> </connectors> </configuration> </plugin> Configuration to enable HTTPS (keystore generation) 6 : <!-- Generating a SSL/TLS server key store --> <plugin> </plugin> <groupid>org.codehaus.mojo</groupid> <artifactid>keytool-maven-plugin</artifactid> <version>1.0</version> <executions> </executions> <execution> <phase>generate-resources</phase> <id>clean</id> <goals> </goals> </execution> <execution> <goal>clean</goal> <phase>generate-resources</phase> <id>genkey</id> <goals> </goals> </execution> <goal>genkey</goal> <configuration> <keystore>${project.build.directory}/${key.store.filename}</keystore> <dname>cn= ou=none, L=Siegen, ST=None, o=usiegen, c=de</dname> <keypass>${key.store.keypass}</keypass> <storepass>${key.store.storepass}</storepass> <alias>dime</alias> <keyalg>rsa</keyalg> </configuration> Configuration to enable HTTPS on Jetty (keystore generation): <!-- Deploy on Jetty Server --> <plugin> <groupid>org.mortbay.jetty</groupid> <artifactid>maven-jetty-plugin</artifactid> 6 Some additional configuration tweaking for eclipse can be found in the appendix.

6 </plugin> <version>6.1.22</version> <configuration> <contextpath>dime-communications</contextpath> <scanintervalseconds>5</scanintervalseconds> <connectors> <!-- <connector implementation="org.mortbay.jetty.nio.selectchannelconnector"> --> <!-- <port>${web.container.server.port}</port> --> <!-- <maxidletime>60000</maxidletime> --> <!-- </connector> --> </connectors> </configuration> <connector implementation="org.mortbay.jetty.security.sslsocketconnector"> </connector> <port>${web.container.server.port}</port> <maxidletime>60000</maxidletime> <keystore>${project.build.directory}/${key.store.filename}</keystore> <password>${key.store.keypass}</password> <keypassword>${key.store.storepass}</keypassword> Configuration to enable Basic Authentication Basic Authentication is a classical mean to ensure acces to web applications. An authentification dialog is shown in the used web browser and asks for the user credentials (username and password). In order to enable Basic Authentication support, the following steps have to be performed. The first step is related to adding a separate spring security file to the global context of the application and enabling there the Basic Authentication support: <!-- ***************************************************** --> <!-- ******* Load Application Context ******* --> <!-- ***************************************************** --> <!-- <import resource="classpath*:meta-inf/spring/spring/dime-controllersapplicationcontext.xml" /> --> <import resource="classpath*:meta-inf/spring/ps-applicationcontext.xml" /> <import resource="classpath*:meta-inf/spring/ps-applicationcontext-security.xml" /> <!-- <import resource="classpath*:**/spring-config/datamining-context.xml" /> --> <!-- ***************************************************** --> <!-- ******* Basic Authentication Services Layer ******* --> <!-- ***************************************************** --> <bean id="basicauthenticationfilter" class="org.springframework.security.web.authentication. <property name="authenticationmanager" ref="authenticationmanager" /> <property name="authenticationentrypoint" ref="authenticationentrypoint" /> </bean> <bean id="authenticationentrypoint" class="org.springframework.security.web.authentication. </bean> <property name="realmname" value="dime_realm" />

7 Adapted security configuration (spring security context file and web.xml file): <http create-session="ifrequired" auto-config="false" realm="dime_realm"> </http> <http-basic /> <intercept-url pattern="/**" access="role_owner" requires-channel="https" /> In order to enable Basic Authentication it is necessary to edit the web.xml in dime-communications subproject and add the following: <!-- Enables Spring Security --> <filter> </filter> <filter-name>springsecurityfilterchain</filter-name> <filter-class>org.springframework.web.filter.delegatingfilterproxy</filter-class>... <!-- <filter-mapping> --> <filter-name>springsecurityfilterchain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> Configruration to enable Hashing and Salting (spring security context file) <?xml version="1.0" encoding="utf-8"?> <beans:beans xmlns=" xmlns:beans=" xmlns:xsi=" xmlns:sec=" xsi:schemalocation=" <!-- HTTP(S) security configurations --> <http create-session="ifrequired" auto-config="false" realm="dime_realm" lowercasecomparisons="false"> </http> <http-basic /> <!-- HTTPS Testing --> <intercept-url pattern="/**" access="role_owner" requires-channel="https" /> <!-- HTTP Testing --> <!--<intercept-url pattern="/**" access="role_owner" /> --> <!-- Configure Authentication mechanism --> <authentication-manager alias="authenticationmanager"> <authentication-provider> <password-encoder ref="dimepasswordencoder">

8 <salt-source ref="dimesaltsource"/> </password-encoder> <!-- Short-term implementation: Later with db support and runtime-adding of users and roles etc. --> <!-- dimepass4owner and dimepass4guests --> <!-- </user-service> --> <user-service id="userdetailsservice" properties="/web-inf/ps-users.properties" /> </authentication-provider> </authentication-manager> </beans:beans> In the configuration shown above, the property file ps-users.properties contains the usernames and their sha-256 hashed passwords. 2.3 Implementing RBAC with Roo and securing business logic access In order to design a persistent solution for the following RBAC diagram concerned with the management of user accounts at the server-side, the following Roo commands creates entities 7 that allow many users could have different roles and each role could have different permissions. Permissions could be assigned to different roles at the same time and different roles could be assigned to the same user at the same time, too. entity --class ~.user.userrole --testautomatically field string --fieldname rolename --notnull entity --class ~.user.userpermission --testautomatically field string --fieldname permissionname --unique --notnull entity --class ~.user.useraccount --testautomatically field string --fieldname username --notnull field string --fieldname password --notnull field string --fieldname firstname --notnull field string --fieldname lastname --notnull field string --fieldname --notnull 7 Please ensure that you configured well your persistense layer by using the Roo command persistence setup and its arguments (Persistence Provider like Hibernate, Database like MySQL, Database name etc.)

9 field string --fieldname enabled --sizemax 1 --notnull focus --class ~.user.userpermission field set --fieldname permissionroles --type ~.user.userrole --cardinality MANY_TO_MANY focus --class ~.user.userrole field set --fieldname permissions --type ~.user.userpermission --mappedby permissionroles focus --class ~.user.userrole field set --fieldname roleaccounts --type ~.user.useraccount --cardinality ONE_TO_MANY --mappedby userrole focus --class ~.user.useraccount field reference --fieldname userrole --type ~.user.userrole --cardinality MANY_TO_ONE <connectors> The generated classes and the access to them can then used to implement the access control to the functionalities and resources of the repsective web application. For instance, the roles and permissions could help in configuring the access to the business logic by using JSR-250 notations in code (@PreAuthorize annotation above method defines a default denyall rule for the methods in the class and override later with combination of the RBAC configuration implemented.

10 3 References Bourimi M., Scerri S., Planaguma M., Heupel M., Fatih, K., and Schwarte P. A two-level approach to ontology-based access control in pervasive personal servers. Scientific research paper (ger. Wissenschaftlicher Artikel), urn:nbn:de:hbz: Mularien, P.,2010. Spring Security 3. Packt Publishing Scerri S., Gimenez R., Herman F., Bourimi M., and Thiel S. digital.me towards an integrated Personal Information Sphere. Technical report, June Federated Social Web Summit, Berlin (Germany). June 3rd-5th Rimple, K., Penchikala, S. and Dickens, G. Spring Roo in Action. Manning Publications (currently in press, accessed the MEAP program version) Walls, C. Spring in Action (Third Edition). Manning Publications Wheeler, W., Wheeler, J. and White J. Spring in Practice. (1st edition). Manning Publications (currently in press, accessed the MEAP program version)

IUCLID 5 Guidance and Support

IUCLID 5 Guidance and Support IUCLID 5 Guidance and Support Web Service Installation Guide July 2012 v 2.4 July 2012 1/11 Table of Contents 1. Introduction 3 1.1. Important notes 3 1.2. Prerequisites 3 1.3. Installation files 4 2.

More information

JVA-122. Secure Java Web Development

JVA-122. Secure Java Web Development JVA-122. Secure Java Web Development Version 7.0 This comprehensive course shows experienced developers of Java EE applications how to secure those applications and to apply best practices with regard

More information

Customer Bank Account Management System Technical Specification Document

Customer Bank Account Management System Technical Specification Document Customer Bank Account Management System Technical Specification Document Technical Specification Document Page 1 of 15 Table of Contents Contents 1 Introduction 3 2 Design Overview 4 3 Topology Diagram.6

More information

SSO Plugin. HP Service Request Catalog. J System Solutions. http://www.javasystemsolutions.com Version 3.6

SSO Plugin. HP Service Request Catalog. J System Solutions. http://www.javasystemsolutions.com Version 3.6 SSO Plugin HP Service Request Catalog J System Solutions Version 3.6 Page 2 of 7 Introduction... 3 Adobe Flash and NTLM... 3 Enabling the identity federation service... 4 Federation key... 4 Token lifetime...

More information

Framework Adoption for Java Enterprise Application Development

Framework Adoption for Java Enterprise Application Development Framework Adoption for Java Enterprise Application Development Clarence Ho Independent Consultant, Author, Java EE Architect http://www.skywidesoft.com clarence@skywidesoft.com Presentation can be downloaded

More information

An identity management solution. TELUS AD Sync

An identity management solution. TELUS AD Sync An identity management solution TELUS AD Sync June 2013 Introduction An important historic challenge faced by small and mid-sized businesses when opting for the TELUS Business E-mail Service is the requirement

More information

A Monitored Student Testing Application Using Cloud Computing

A Monitored Student Testing Application Using Cloud Computing A Monitored Student Testing Application Using Cloud Computing R. Mullapudi and G. Hsieh Department of Computer Science, Norfolk State University, Norfolk, Virginia, USA r.mullapudi@spartans.nsu.edu, ghsieh@nsu.edu

More information

Application Security

Application Security 2009 Marty Hall Declarative Web Application Security Originals of Slides and Source Code for Examples: http://courses.coreservlets.com/course-materials/msajsp.html Customized Java EE Training: http://courses.coreservlets.com/

More information

TIBCO Spotfire Platform IT Brief

TIBCO Spotfire Platform IT Brief Platform IT Brief This IT brief outlines features of the system: Communication security, load balancing and failover, authentication options, and recommended practices for licenses and access. It primarily

More information

The Compatible One Application and Platform Service 1 (COAPS) API User Guide

The Compatible One Application and Platform Service 1 (COAPS) API User Guide The Compatible One Application and Platform Service 1 (COAPS) API User Guide Using the COAPS API (v1.5.3) to provision and manage applications on Cloud Foundry Telecom SudParis, Computer Science Department

More information

Security As A Service Leveraged by Apache Projects. Oliver Wulff, Talend

Security As A Service Leveraged by Apache Projects. Oliver Wulff, Talend Security As A Service Leveraged by Apache Projects Oliver Wulff, Talend Application Security Landscape 2 Solution Building blocks Apache CXF Fediz Single Sign On (WS-Federation) Attribute Based Access

More information

DEPLOYMENT GUIDE DEPLOYING THE BIG-IP LTM SYSTEM WITH MICROSOFT WINDOWS SERVER 2008 TERMINAL SERVICES

DEPLOYMENT GUIDE DEPLOYING THE BIG-IP LTM SYSTEM WITH MICROSOFT WINDOWS SERVER 2008 TERMINAL SERVICES DEPLOYMENT GUIDE DEPLOYING THE BIG-IP LTM SYSTEM WITH MICROSOFT WINDOWS SERVER 2008 TERMINAL SERVICES Deploying the BIG-IP LTM system and Microsoft Windows Server 2008 Terminal Services Welcome to the

More information

Online Data Services. Security Guidelines. Online Data Services by Esri UK. Security Best Practice

Online Data Services. Security Guidelines. Online Data Services by Esri UK. Security Best Practice Online Data Services Security Guidelines Online Data Services by Esri UK Security Best Practice 28 November 2014 Contents Contents... 1 1. Introduction... 2 2. Data Service Accounts, Security and Fair

More information

UFTP AUTHENTICATION SERVICE

UFTP AUTHENTICATION SERVICE UFTP Authentication Service UFTP AUTHENTICATION SERVICE UNICORE Team Document Version: 1.1.0 Component Version: 1.1.1 Date: 17 11 2014 UFTP Authentication Service Contents 1 Installation 1 1.1 Prerequisites....................................

More information

Magento Search Extension TECHNICAL DOCUMENTATION

Magento Search Extension TECHNICAL DOCUMENTATION CHAPTER 1... 3 1. INSTALLING PREREQUISITES AND THE MODULE (APACHE SOLR)... 3 1.1 Installation of the search server... 3 1.2 Configure the search server for usage with the search module... 7 Deploy the

More information

APPLICATION SECURITY ENHANCEMENTS IN JAVA EE 6

APPLICATION SECURITY ENHANCEMENTS IN JAVA EE 6 APPLICATION SECURITY ENHANCEMENTS IN JAVA EE 6 SRINI PENCHIKALA Austin Java User Group Meeting October 26, 2010 ABOUT THE SPEAKER Security Architect Certified Scrum Master Author, Editor (InfoQ) IASA Austin

More information

Multi Factor Authentication API

Multi Factor Authentication API GEORGIA INSTITUTE OF TECHNOLOGY Multi Factor Authentication API Yusuf Nadir Saghar Amay Singhal CONTENTS Abstract... 3 Motivation... 3 Overall Design:... 4 MFA Architecture... 5 Authentication Workflow...

More information

Introduction to Mobile Access Gateway Installation

Introduction to Mobile Access Gateway Installation Introduction to Mobile Access Gateway Installation This document describes the installation process for the Mobile Access Gateway (MAG), which is an enterprise integration component that provides a secure

More information

esoc SSA DC-I Part 1 - Single Sign-On and Access Management ICD

esoc SSA DC-I Part 1 - Single Sign-On and Access Management ICD esoc European Space Operations Centre Robert-Bosch-Strasse 5 64293 Darmstadt Germany Tel: (49)615190-0 Fax: (49)615190485 www.esa.int SSA DC-I Part 1 - Single Sign-On and Access Management ICD Prepared

More information

Cloud Single Sign-On and On-Premise Identity Federation with SAP NetWeaver Cloud White Paper

Cloud Single Sign-On and On-Premise Identity Federation with SAP NetWeaver Cloud White Paper Cloud Single Sign-On and On-Premise Identity Federation with SAP NetWeaver Cloud White Paper TABLE OF CONTENTS INTRODUCTION... 3 Where we came from... 3 The User s Dilemma with the Cloud... 4 The Administrator

More information

enterprise^ IBM WebSphere Application Server v7.0 Security "publishing Secure your WebSphere applications with Java EE and JAAS security standards

enterprise^ IBM WebSphere Application Server v7.0 Security publishing Secure your WebSphere applications with Java EE and JAAS security standards IBM WebSphere Application Server v7.0 Security Secure your WebSphere applications with Java EE and JAAS security standards Omar Siliceo "publishing enterprise^ birmingham - mumbai Preface 1 Chapter 1:

More information

GlassFish v3. Building an ex tensible modular Java EE application server. Jerome Dochez and Ludovic Champenois Sun Microsystems, Inc.

GlassFish v3. Building an ex tensible modular Java EE application server. Jerome Dochez and Ludovic Champenois Sun Microsystems, Inc. GlassFish v3 Building an ex tensible modular Java EE application server Jerome Dochez and Ludovic Champenois Sun Microsystems, Inc. Agenda Java EE 6 and GlassFish V3 Modularity, Runtime Service Based Architecture

More information

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Copyright 2012, Oracle and/or its affiliates. All rights reserved. 1 OTM and SOA Mark Hagan Principal Software Engineer Oracle Product Development Content What is SOA? What is Web Services Security? Web Services Security in OTM Futures 3 PARADIGM 4 Content What is SOA?

More information

CHAPTER 1 - JAVA EE OVERVIEW FOR ADMINISTRATORS

CHAPTER 1 - JAVA EE OVERVIEW FOR ADMINISTRATORS CHAPTER 1 - JAVA EE OVERVIEW FOR ADMINISTRATORS Java EE Components Java EE Vendor Specifications Containers Java EE Blueprint Services JDBC Data Sources Java Naming and Directory Interface Java Message

More information

Spring Security 3. rpafktl Pen source. intruders with this easy to follow practical guide. Secure your web applications against malicious

Spring Security 3. rpafktl Pen source. intruders with this easy to follow practical guide. Secure your web applications against malicious Spring Security 3 Secure your web applications against malicious intruders with this easy to follow practical guide Peter Mularien rpafktl Pen source cfb II nv.iv I I community experience distilled

More information

Rapid Application Development. and Application Generation Tools. Walter Knesel

Rapid Application Development. and Application Generation Tools. Walter Knesel Rapid Application Development and Application Generation Tools Walter Knesel 5/2014 Java... A place where many, many ideas have been tried and discarded. A current problem is it's success: so many libraries,

More information

Angel Dichev RIG, SAP Labs

Angel Dichev RIG, SAP Labs Enabling SSL and Client Certificates on the SAP J2EE Engine Angel Dichev RIG, SAP Labs Learning Objectives As a result of this session, you will be able to: Understand the different SAP J2EE Engine SSL

More information

SSO Plugin. Integration for Jasper Server. J System Solutions. http://www.javasystemsolutions.com Version 3.6

SSO Plugin. Integration for Jasper Server. J System Solutions. http://www.javasystemsolutions.com Version 3.6 SSO Plugin Integration for Jasper Server J System Solutions Version 3.6 JSS SSO Plugin Integration with Jasper Server Introduction... 3 Jasper Server user administration... 4 Configuring SSO Plugin...

More information

Portals, Portlets & Liferay Platform

Portals, Portlets & Liferay Platform Portals, Portlets & Liferay Platform Repetition: Web Applications and Model View Controller (MVC) Design Pattern Web Applications Frameworks in J2EE world Struts Spring Hibernate Data Service Java Server

More information

Oracle WebLogic Server 11g Administration

Oracle WebLogic Server 11g Administration Oracle WebLogic Server 11g Administration This course is designed to provide instruction and hands-on practice in installing and configuring Oracle WebLogic Server 11g. These tasks include starting and

More information

DEPLOYMENT GUIDE. Deploying the BIG-IP LTM v9.x with Microsoft Windows Server 2008 Terminal Services

DEPLOYMENT GUIDE. Deploying the BIG-IP LTM v9.x with Microsoft Windows Server 2008 Terminal Services DEPLOYMENT GUIDE Deploying the BIG-IP LTM v9.x with Microsoft Windows Server 2008 Terminal Services Deploying the BIG-IP LTM system and Microsoft Windows Server 2008 Terminal Services Welcome to the BIG-IP

More information

Basic TCP/IP networking knowledge of client/server concepts Basic Linux commands and desktop navigation (if don't know we will cover it )

Basic TCP/IP networking knowledge of client/server concepts Basic Linux commands and desktop navigation (if don't know we will cover it ) About Oracle WebLogic Server Oracle WebLogic Server is the industry's best application server for building and deploying enterprise Java EE applications with support for new features for lowering cost

More information

MESSAGING SECURITY USING GLASSFISH AND OPEN MESSAGE QUEUE

MESSAGING SECURITY USING GLASSFISH AND OPEN MESSAGE QUEUE MESSAGING SECURITY USING GLASSFISH AND OPEN MESSAGE QUEUE OWASP AppSec USA 2011 Conference (@appsecusa / hashtag: #appsecusa) Srini Penchikala (@srinip) 09.23.11 GOALS AND SCOPE Goals: Messaging security

More information

How To Secure Your Data Center From Hackers

How To Secure Your Data Center From Hackers Xerox DocuShare Private Cloud Service Security White Paper Table of Contents Overview 3 Adherence to Proven Security Practices 3 Highly Secure Data Centers 4 Three-Tier Architecture 4 Security Layers Safeguard

More information

Grails 1.1. Web Application. Development. Reclaiming Productivity for Faster. Java Web Development. Jon Dickinson PUBLISHING J MUMBAI BIRMINGHAM

Grails 1.1. Web Application. Development. Reclaiming Productivity for Faster. Java Web Development. Jon Dickinson PUBLISHING J MUMBAI BIRMINGHAM Grails 1.1 Development Web Application Reclaiming Productivity for Faster Java Web Development Jon Dickinson PUBLISHING J BIRMINGHAM - MUMBAI Preface Chapter 1: Getting Started with Grails 7 Why Grails?

More information

WHITE PAPER. Domo Advanced Architecture

WHITE PAPER. Domo Advanced Architecture WHITE PAPER Domo Advanced Architecture Overview There are several questions that any architect or technology advisor may ask about a new system during the evaluation process: How will it fit into our organization

More information

IBM Unica emessage Version 8 Release 6 February 13, 2015. Startup and Administrator's Guide

IBM Unica emessage Version 8 Release 6 February 13, 2015. Startup and Administrator's Guide IBM Unica emessage Version 8 Release 6 February 13, 2015 Startup and Administrator's Guide Note Before using this information and the product it supports, read the information in Notices on page 83. This

More information

FreeSB Installation Guide 1. Introduction Purpose

FreeSB Installation Guide 1. Introduction Purpose FreeSB Installation Guide 1. Introduction Purpose This document provides step-by-step instructions on the installation and configuration of FreeSB Enterprise Service Bus. Quick Install Background FreeSB

More information

Web Application Security Assessment and Vulnerability Mitigation Tests

Web Application Security Assessment and Vulnerability Mitigation Tests White paper BMC Remedy Action Request System 7.6.04 Web Application Security Assessment and Vulnerability Mitigation Tests January 2011 www.bmc.com Contacting BMC Software You can access the BMC Software

More information

vcommander will use SSL and session-based authentication to secure REST web services.

vcommander will use SSL and session-based authentication to secure REST web services. vcommander REST API Draft Proposal v1.1 1. Client Authentication vcommander will use SSL and session-based authentication to secure REST web services. 1. All REST API calls must take place over HTTPS 2.

More information

Research Article. ISSN 2347-9523 (Print) *Corresponding author Lili Wang Email: lily@nepu.edu.cn

Research Article. ISSN 2347-9523 (Print) *Corresponding author Lili Wang Email: lily@nepu.edu.cn Scholars Journal of Engineering and Technology (SJET) Sch. J. Eng. Tech., 2015; 3(4B):424-428 Scholars Academic and Scientific Publisher (An International Publisher for Academic and Scientific Resources)

More information

Enterprise Application Development In Java with AJAX and ORM

Enterprise Application Development In Java with AJAX and ORM Enterprise Application Development In Java with AJAX and ORM ACCU London March 2010 ACCU Conference April 2010 Paul Grenyer Head of Software Engineering p.grenyer@validus-ivc.co.uk http://paulgrenyer.blogspot.com

More information

Lepide Active Directory Self Service. Configuration Guide. Follow the simple steps given in this document to start working with

Lepide Active Directory Self Service. Configuration Guide. Follow the simple steps given in this document to start working with Lepide Active Directory Self Service Configuration Guide 2014 Follow the simple steps given in this document to start working with Lepide Active Directory Self Service Table of Contents 1. Introduction...3

More information

How to configure the TopCloudXL WHMCS plugin (version 2+) Update: 16-09-2015 Version: 2.2

How to configure the TopCloudXL WHMCS plugin (version 2+) Update: 16-09-2015 Version: 2.2 èè How to configure the TopCloudXL WHMCS plugin (version 2+) Update: 16-09-2015 Version: 2.2 Table of Contents 1. General overview... 3 1.1. Installing the plugin... 3 1.2. Testing the plugin with the

More information

Connection Broker Managing User Connections to Workstations and Blades, OpenStack Clouds, VDI, and more. Security Review

Connection Broker Managing User Connections to Workstations and Blades, OpenStack Clouds, VDI, and more. Security Review Connection Broker Managing User Connections to Workstations and Blades, OpenStack Clouds, VDI, and more Security Review Version 8.1 March 31, 2016 Contacting Leostream Leostream Corporation http://www.leostream.com

More information

This document summarizes the steps of deploying ActiveVOS on the IBM WebSphere Platform.

This document summarizes the steps of deploying ActiveVOS on the IBM WebSphere Platform. Technical Note Overview This document summarizes the steps of deploying ActiveVOS on the IBM WebSphere Platform. Legal Notice The information in this document is preliminary and is subject to change without

More information

NetBrain Security Guidance

NetBrain Security Guidance NetBrain Security Guidance 1. User Authentication and Authorization 1.1. NetBrain Components NetBrain Enterprise Server includes five components: Customer License Server (CLS), Workspace Server (WSS),

More information

Building a Modular Server Platform with OSGi. Dileepa Jayakody Software Engineer SSWSO2 Inc.

Building a Modular Server Platform with OSGi. Dileepa Jayakody Software Engineer SSWSO2 Inc. Building a Modular Server Platform with OSGi Dileepa Jayakody Software Engineer SSWSO2 Inc. Outline Complex Systems OSGi for Modular Systems OSGi in SOA middleware Carbon : A modular server platform for

More information

The Java EE 6 Platform. Alexis Moussine-Pouchkine GlassFish Team

The Java EE 6 Platform. Alexis Moussine-Pouchkine GlassFish Team The Java EE 6 Platform Alexis Moussine-Pouchkine GlassFish Team This is no science fiction Java EE 6 and GlassFish v3 shipped final releases on December 10 th 2009 A brief History Project JPE Enterprise

More information

Apache Sling A REST-based Web Application Framework Carsten Ziegeler cziegeler@apache.org ApacheCon NA 2014

Apache Sling A REST-based Web Application Framework Carsten Ziegeler cziegeler@apache.org ApacheCon NA 2014 Apache Sling A REST-based Web Application Framework Carsten Ziegeler cziegeler@apache.org ApacheCon NA 2014 About cziegeler@apache.org @cziegeler RnD Team at Adobe Research Switzerland Member of the Apache

More information

Learning GlassFish for Tomcat Users

Learning GlassFish for Tomcat Users Learning GlassFish for Tomcat Users White Paper February 2009 Abstract There is a direct connection between the Web container technology used by developers and the performance and agility of applications.

More information

OpenShift is FanPaaStic For Java EE. By Shekhar Gulati Promo Code JUDCON.IN

OpenShift is FanPaaStic For Java EE. By Shekhar Gulati Promo Code JUDCON.IN OpenShift is FanPaaStic For Java EE By Shekhar Gulati Promo Code JUDCON.IN About Me ~ Shekhar Gulati OpenShift Evangelist at Red Hat Hands on developer Speaker Writer and Blogger Twitter @ shekhargulati

More information

Software Architecture Document

Software Architecture Document Software Architecture Document Project Management Cell 1.0 1 of 16 Abstract: This is a software architecture document for Project Management(PM ) cell. It identifies and explains important architectural

More information

PowerChute TM Network Shutdown Security Features & Deployment

PowerChute TM Network Shutdown Security Features & Deployment PowerChute TM Network Shutdown Security Features & Deployment By David Grehan, Sarah Jane Hannon ABSTRACT PowerChute TM Network Shutdown (PowerChute) software works in conjunction with the UPS Network

More information

Eylean server deployment guide

Eylean server deployment guide Eylean server deployment guide Contents 1 Minimum software and hardware requirements... 2 2 Setting up the server using Eylean.Server.Setup.exe wizard... 2 3 Manual setup with Windows authentication -

More information

SPARROW Gateway. Developer Data Vault Payment Type API. Version 2.7 (6293)

SPARROW Gateway. Developer Data Vault Payment Type API. Version 2.7 (6293) SPARROW Gateway Developer Data Vault Payment Type API Version 2.7 (6293) Released July 2015 Table of Contents SPARROW Gateway... 1 Developer Data Vault Payment Type API... 1 Overview... 3 Architecture...

More information

CloudCERT (Testbed framework to exercise critical infrastructure protection)

CloudCERT (Testbed framework to exercise critical infrastructure protection) WP2. CONCEPTUAL MODELLING AND ARCHITECTURE CloudCERT (Testbed framework to exercise critical infrastructure protection) With the financial support of the Prevention, Preparedness and Consequence Management

More information

Building Secure Applications. James Tedrick

Building Secure Applications. James Tedrick Building Secure Applications James Tedrick What We re Covering Today: Accessing ArcGIS Resources ArcGIS Web App Topics covered: Using Token endpoints Using OAuth/SAML User login App login Portal ArcGIS

More information

Java in Web 2.0. Alexis Roos Principal Field Technologist, CTO Office OEM SW Sales Sun Microsystems, Inc.

Java in Web 2.0. Alexis Roos Principal Field Technologist, CTO Office OEM SW Sales Sun Microsystems, Inc. Java in Web 2.0 Alexis Roos Principal Field Technologist, CTO Office OEM SW Sales Sun Microsystems, Inc. 1 Agenda Java overview Technologies supported by Java Platform to create Web 2.0 services Future

More information

T320 E-business technologies: foundations and practice

T320 E-business technologies: foundations and practice T320 E-business technologies: foundations and practice Block 3 Part 2 Activity 2: Generating a client from WSDL Prepared for the course team by Neil Simpkins Introduction 1 WSDL for client access 2 Static

More information

Cross-domain Identity Management System for Cloud Environment

Cross-domain Identity Management System for Cloud Environment Cross-domain Identity Management System for Cloud Environment P R E S E N T E D B Y: N A Z I A A K H TA R A I S H A S A J I D M. S O H A I B FA R O O Q I T E A M L E A D : U M M E - H A B I B A T H E S

More information

IP Application Security Manager and. VMware vcloud Air

IP Application Security Manager and. VMware vcloud Air Securing Web Applications with F5 BIG- IP Application Security Manager and VMware vcloud Air D E P L O Y M E N T G U I D E Securing Web Applications Migrating application workloads to the public cloud

More information

How To Use Saml 2.0 Single Sign On With Qualysguard

How To Use Saml 2.0 Single Sign On With Qualysguard QualysGuard SAML 2.0 Single Sign-On Technical Brief Introduction Qualys provides its customer the option to use SAML 2.0 Single Sign On (SSO) authentication with their QualysGuard subscription. When implemented,

More information

Xerox DocuShare Security Features. Security White Paper

Xerox DocuShare Security Features. Security White Paper Xerox DocuShare Security Features Security White Paper Xerox DocuShare Security Features Businesses are increasingly concerned with protecting the security of their networks. Any application added to a

More information

TG Web. Technical FAQ

TG Web. Technical FAQ TG Web Technical FAQ About this FAQ We encourage you to contact us if. You can't find the information you're looking for. You would like to discuss your specific testing requirements in more detail. You

More information

Table of contents. Reverse-engineers a database to Grails domain classes.

Table of contents. Reverse-engineers a database to Grails domain classes. Table of contents Reverse-engineers a database to Grails domain classes. 1 Database Reverse Engineering Plugin - Reference Documentation Authors: Burt Beckwith Version: 0.5.1 Table of Contents 1 Introduction

More information

2) Xen Hypervisor 3) UEC

2) Xen Hypervisor 3) UEC 5. Implementation Implementation of the trust model requires first preparing a test bed. It is a cloud computing environment that is required as the first step towards the implementation. Various tools

More information

OnCommand Performance Manager 1.1

OnCommand Performance Manager 1.1 OnCommand Performance Manager 1.1 Installation and Setup Guide For Red Hat Enterprise Linux NetApp, Inc. 495 East Java Drive Sunnyvale, CA 94089 U.S. Telephone: +1 (408) 822-6000 Fax: +1 (408) 822-4501

More information

From the Intranet to Mobile. By Divya Mehra and Stian Thorgersen

From the Intranet to Mobile. By Divya Mehra and Stian Thorgersen ENTERPRISE SECURITY WITH KEYCLOAK From the Intranet to Mobile By Divya Mehra and Stian Thorgersen PROJECT TIMELINE AGENDA THE OLD WAY Securing monolithic web app relatively easy Username and password

More information

Orbiter Series Service Oriented Architecture Applications

Orbiter Series Service Oriented Architecture Applications Workshop on Science Agency Uses of Clouds and Grids Orbiter Series Service Oriented Architecture Applications Orbiter Project Overview Mark L. Green mlgreen@txcorp.com Tech-X Corporation, Buffalo Office

More information

How To Configure The Jasig Casa Single Sign On On A Workstation On Ahtml.Org On A Server On A Microsoft Server On An Ubuntu 7.5.3 (Windows) On A Linux Computer On A Raspberry V

How To Configure The Jasig Casa Single Sign On On A Workstation On Ahtml.Org On A Server On A Microsoft Server On An Ubuntu 7.5.3 (Windows) On A Linux Computer On A Raspberry V Configuring CAS-based SSO with ActiveVOS on Apache Tomcat Technical Note Version: 1.3 Dated: August 2013 2013 Informatica Corporation ActiveVOS is a trademark of Informatica, Inc. All other company and

More information

Accessing Data with ADOBE FLEX 4.6

Accessing Data with ADOBE FLEX 4.6 Accessing Data with ADOBE FLEX 4.6 Legal notices Legal notices For legal notices, see http://help.adobe.com/en_us/legalnotices/index.html. iii Contents Chapter 1: Accessing data services overview Data

More information

In this chapter, we lay the foundation for all our further discussions. We start

In this chapter, we lay the foundation for all our further discussions. We start 01 Struts.qxd 7/30/02 10:23 PM Page 1 CHAPTER 1 Introducing the Jakarta Struts Project and Its Supporting Components In this chapter, we lay the foundation for all our further discussions. We start by

More information

Securing JAX-RS RESTful services. Miroslav Fuksa (software developer) Michal Gajdoš (software developer)

Securing JAX-RS RESTful services. Miroslav Fuksa (software developer) Michal Gajdoš (software developer) Securing JAX-RS RESTful services Miroslav Fuksa (software developer) Michal Gajdoš (software developer) The following is intended to outline our general product direction. It is intended for information

More information

Web Express Logon Reference

Web Express Logon Reference IBM WebSphere Host On-Demand Version 10 Web Express Logon Reference SC31-6377-01 IBM WebSphere Host On-Demand Version 10 Web Express Logon Reference SC31-6377-01 Note Before using this information and

More information

JSR-303 Bean Validation

JSR-303 Bean Validation JSR-303 Bean Validation Emmanuel Bernard JBoss, by Red Hat http://in.relation.to/bloggers/emmanuel Copyright 2007-2010 Emmanuel Bernard and Red Hat Inc. Enable declarative validation in your applications

More information

LIVE CHAT CLOUD SECURITY Everything you need to know about live chat and communicating with your customers securely

LIVE CHAT CLOUD SECURITY Everything you need to know about live chat and communicating with your customers securely LIVE CHAT CLOUD SECURITY Everything you need to know about live chat and communicating with your customers securely LIVE CHAT CLOUD SECURITY Introduction Security is a top priority online it is vital that

More information

Configuring Health Monitoring

Configuring Health Monitoring CHAPTER4 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features that are described in this chapter apply to both IPv6 and IPv4 unless

More information

NGASI AppServer Manager SaaS/ASP Hosting Automation for Cloud Computing Administrator and User Guide

NGASI AppServer Manager SaaS/ASP Hosting Automation for Cloud Computing Administrator and User Guide NGASI AppServer Manager SaaS/ASP Hosting Automation for Cloud Computing Administrator and User Guide NGASI SaaS Hosting Automation is a JAVA SaaS Enablement infrastructure that enables web hosting services

More information

This section contains information intended to help plan for SocialMiner installation and deployment.

This section contains information intended to help plan for SocialMiner installation and deployment. This section contains information intended to help plan for SocialMiner installation and deployment. Advanced UI Options, page 1 Deployment Models, page 1 Hardware and Software Specifications, page 2 Ports,

More information

Using SAP Logon Tickets for Single Sign on to Microsoft based web applications

Using SAP Logon Tickets for Single Sign on to Microsoft based web applications Collaboration Technology Support Center - Microsoft - Collaboration Brief March 2005 Using SAP Logon Tickets for Single Sign on to Microsoft based web applications André Fischer, Project Manager CTSC,

More information

Integrating EJBCA and OpenSSO

Integrating EJBCA and OpenSSO Integrating EJBCA and OpenSSO EJBCA is an Enterprise PKI Certificate Authority issuing certificates to users, servers and devices. In an organization certificate can be used for strong authentication.

More information

DEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP LTM with Apache Tomcat and Apache HTTP Server

DEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP LTM with Apache Tomcat and Apache HTTP Server DEPLOYMENT GUIDE Version 1.0 Deploying the BIG-IP LTM with Apache Tomcat and Apache HTTP Server Table of Contents Table of Contents Deploying the BIG-IP LTM with Tomcat application servers and Apache web

More information

This training is targeted at System Administrators and developers wanting to understand more about administering a WebLogic instance.

This training is targeted at System Administrators and developers wanting to understand more about administering a WebLogic instance. This course teaches system/application administrators to setup, configure and manage an Oracle WebLogic Application Server, its resources and environment and the Java EE Applications running on it. This

More information

1 Outlook Web Access. 1.1 Outlook Web Access (OWA) Foundation IT Written approximately Dec 2010

1 Outlook Web Access. 1.1 Outlook Web Access (OWA) Foundation IT Written approximately Dec 2010 Foundation IT Written approximately Dec 2010 1 Outlook Web Access With the new version of Exchange 2010 Outlook Anywhere has been enabled and configured with a secure socket layer (SSL) certificate from

More information

White Paper: Cloud for Service Providers

White Paper: Cloud for Service Providers White Paper: Cloud for Service Providers September 2011 Cloud for Service Providers This paper describes the architectural outline of an infrastructure as a Service (IaaS) cloud that Zimory built for an

More information

1 What is Cloud Computing?... 2 2 Cloud Infrastructures... 2 2.1 OpenStack... 2 2.2 Amazon EC2... 4 3 CAMF... 5 3.1 Cloud Application Management

1 What is Cloud Computing?... 2 2 Cloud Infrastructures... 2 2.1 OpenStack... 2 2.2 Amazon EC2... 4 3 CAMF... 5 3.1 Cloud Application Management 1 What is Cloud Computing?... 2 2 Cloud Infrastructures... 2 2.1 OpenStack... 2 2.2 Amazon EC2... 4 3 CAMF... 5 3.1 Cloud Application Management Frameworks... 5 3.2 CAMF Framework for Eclipse... 5 3.2.1

More information

Recommended readings. Lecture 11 - Securing Web. Applications. Security. Declarative Security

Recommended readings. Lecture 11 - Securing Web. Applications. Security. Declarative Security Recommended readings Lecture 11 Securing Web http://www.theserverside.com/tt/articles/content/tomcats ecurity/tomcatsecurity.pdf http://localhost:8080/tomcat-docs/security-managerhowto.html http://courses.coreservlets.com/course-

More information

SECURITY DOCUMENT. BetterTranslationTechnology

SECURITY DOCUMENT. BetterTranslationTechnology SECURITY DOCUMENT BetterTranslationTechnology XTM Security Document Documentation for XTM Version 6.2 Published by XTM International Ltd. Copyright XTM International Ltd. All rights reserved. No part of

More information

WebNow Single Sign-On Solutions

WebNow Single Sign-On Solutions WebNow Single Sign-On Solutions Technical Guide ImageNow Version: 6.7. x Written by: Product Documentation, R&D Date: June 2015 2012 Perceptive Software. All rights reserved CaptureNow, ImageNow, Interact,

More information

JBoss Portal 2.4. Quickstart User Guide

JBoss Portal 2.4. Quickstart User Guide Portal 2.4 Quickstart User Guide Table of Contents Portal - Overview... iii 1. Tutorial Forward...1 2. Installation...2 2.1. Downloading and Installing...2 2.2. Starting Portal...3 3. Portal Terminology...5

More information

SonicWALL SRA Virtual Appliance Getting Started Guide

SonicWALL SRA Virtual Appliance Getting Started Guide COMPREHENSIVE INTERNET SECURITY SonicWALL Secure Remote Access Appliances SonicWALL SRA Virtual Appliance Getting Started Guide SonicWALL SRA Virtual Appliance5.0 Getting Started Guide This Getting Started

More information

Web Curator Tool Software Architecture Document

Web Curator Tool Software Architecture Document Web Curator Tool Software Architecture Document Version 1.0 FINAL 31/05/2006 Table of Contents 1. Introduction 3 1.1 1.2 Purpose Scope 3 3 1.3 Definitions, Acronyms and Abbreviations 1.4 References 3 3

More information

Master Thesis: Single Sign-On (JOSSO)

Master Thesis: Single Sign-On (JOSSO) Single Sign- ON with JOSSO University of Piraeus Department of Digital Master Thesis: (JOSSO) Tzani Adamantia (MTE:1068) Supervisor Professor: Dr. Xenakis Christos December 2012 Contents University of

More information

Setup Corporate (Microsoft Exchange) Email. This tutorial will walk you through the steps of setting up your corporate email account.

Setup Corporate (Microsoft Exchange) Email. This tutorial will walk you through the steps of setting up your corporate email account. Setup Corporate (Microsoft Exchange) Email This tutorial will walk you through the steps of setting up your corporate email account. Microsoft Exchange Email Support Exchange Server Information You will

More information

Dashlane Security Whitepaper

Dashlane Security Whitepaper Dashlane Security Whitepaper November 2014 Protection of User Data in Dashlane Protection of User Data in Dashlane relies on 3 separate secrets: The User Master Password Never stored locally nor remotely.

More information

Salesforce1 Mobile Security Guide

Salesforce1 Mobile Security Guide Salesforce1 Mobile Security Guide Version 1, 1 @salesforcedocs Last updated: December 8, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of salesforce.com,

More information

How to Implement Enterprise SAML SSO

How to Implement Enterprise SAML SSO How to Implement Enterprise SSO THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY How to Implement Enterprise SSO Introduction Security Assertion Markup Language, or, provides numerous The advantages and

More information

Customize Mobile Apps with MicroStrategy SDK: Custom Security, Plugins, and Extensions

Customize Mobile Apps with MicroStrategy SDK: Custom Security, Plugins, and Extensions Customize Mobile Apps with MicroStrategy SDK: Custom Security, Plugins, and Extensions MicroStrategy Mobile SDK 1 Agenda MicroStrategy Mobile SDK Overview Requirements & Setup Custom App Delegate Custom

More information

CLOUD COMPUTING SECURITY CONCERNS

CLOUD COMPUTING SECURITY CONCERNS CLOUD COMPUTING SECURITY CONCERNS ABSTRACT ASMA GULAM MOHAMED Saveetha School of Engineering Cloud computing is set of resources including data storage, programs and hardware offered through the Internet.

More information