Securing JAX-RS RESTful services. Miroslav Fuksa (software developer) Michal Gajdoš (software developer)
|
|
- Abigail Walker
- 8 years ago
- Views:
Transcription
1 Securing JAX-RS RESTful services Miroslav Fuksa (software developer) Michal Gajdoš (software developer)
2 The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle s products remains at the sole discretion of Oracle. 2
3 Program Agenda Introduction to JAX-RS and Security Declarative Security and Entity Filtering Client Security OAuth 1 OAuth 2 3
4 Introduction to JAX-RS and security 4
5 Introduction RESTful Web Services Representation State Transfer Using HTTP methods GET, POST, DELETE... representations (HTML, JSON, XML), URI, caching, stateless JAX-RS: Java API for RESTful Services JAX-RS 2.0 (JSR 339): Java EE 7, released in May 2013 Reference implementation: Jersey 2 5
6 public class @Path("{id}") public Student get(@pathparam("id") String id) { return StudentService.getStudentById(id); } GET public Student post(student student) { return StudentService.addStudent(student); } POST 6
7 Introduction JAX-RS 2.0 JAX-RS 2.0 (JSR 339, part of Java EE 7, released in May 2013) Client API Asynchronous processing Filters Interceptors 7
8 Introduction Security Authentication HTTP Basic Authentication (BASE64 encoded username and password SSL) HTTP Digest Authentication (password is used only for signature, MD5) Authorization 8
9 Servlet Container Security Secure JAX-RS services using Servlet Container <security-constraint> <web-resource-collection> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>basic</auth-method> <realm-name>my-realm</realm-name> </login-config> 9
10 Servlet Container Security Secure JAX-RS services using Servlet Container <security-constraint> <web-resource-collection> <url-pattern>/student/*</url-pattern> <http-method>post</http-method> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> </security-constraint> <security-constraint> <web-resource-collection> <url-pattern>/student/*</url-pattern> <http-method>get</http-method> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> <role-name>user</role-name> </auth-constraint> </security-constraint> 10
11 Servlet Container Security Secure JAX-RS services using Servlet Container Advantages Independent on JAX-RS implementation managed by servlet container Disadvantages only for servlet containers fragile, verbose, bad maintenance Pre-matching filters 11
12 Pre-matching filters PUT Pre-matching filter POST 12
13 JAX-RS Security Context javax.ws.rs.core.securitycontext public interface SecurityContext { public Principal getuserprincipal(); public boolean isuserinrole(string role); public boolean issecure(); public String getauthenticationscheme(); } 13
14 JAX-RS Security Context Secure method programmatically using public class StudentResource private SecurityContext public Student get(@pathparam("id") String id) { if (!securitycontext.isuserinrole("admin")) { throw new WebApplicationException( You don t have privileges to access this resource.", 403); } return StudentService.getStudentById(id) } 14
15 Authorization in Jersey 2.x: Security annotations 15
16 Authorization Security annotations. Means in Jersey 2.x Define the access to resources based on the user groups. Security annotations from @RolesAllowed SecurityContext RolesAllowedDynamicFeature. 16
17 Authorization Security annotations. Example: Register api ) public class MyApplication extends ResourceConfig { public MyApplication() { packages( my.application ); } } register(rolesalloweddynamicfeature.class); 17
18 Authorization Security annotations. Example: Define access restrictions public class Resource public String get() { return "GET"; public String post(string content) { return content; } 18
19 Authorization in Jersey 2.x: Entity Filtering Feature 19
20 Feature: Entity Filtering Idea and Motivation Exposing only part of domain model for input/output. Reduce the amount of data exchanged over the wire. Define own filtering rules based on current context. Resource method. Assign security access rules to properties. Faster prototyping and development. One model and one place for defining the rules. 20
21 Feature: Entity Filtering Means in Jersey 2.3+ / MOXy meta-annotation. Create filtering annotations to define context. Create filtering annotations with custom meaning to define context. Security annotations from @RolesAllowed SecurityContext 21
22 Feature: Entity Filtering Putting it all together. Define dependencies on extension and media modules. Register SecurityEntityFilteringFeature in Jersey Application. Annotate Resources and Domain Model with security annotations. Enjoy! 22
23 Feature: Entity Filtering Example: Goal. Have: JAX-RS Application with security user roles. Want: Define access to resources. Restrict access to entities / entity members for different user roles. 23
24 Feature: Entity Filtering Example: Register Providers in JAX-RS api ) public class MyApplication extends ResourceConfig { public MyApplication() { packages( my.application ); } } register(securityentityfilteringfeature.class); 24
25 Feature: Entity Filtering Example: Model. public class RestrictedEntity { public class RestrictedSubEntity { } private String simplefield; private String denyall; private RestrictedSubEntity mixed; // getters and setters } private String managerfield; private String userfield; // getters and setters 25
26 Feature: Entity Filtering Example: Annotated Domain Model. public class RestrictedEntity { public String getsimplefield() {... public String getdenyall() {... "user"}) public RestrictedSubEntity getmixed() {} } public class RestrictedSubEntity public String getmanagerfield() {... public String getuserfield() {... } } 26
27 Feature: Entity Filtering Example: JAX-RS public class UnrestrictedResource { public RestrictedEntity getrestrictedentity() {... } 27
28 Feature: Entity Filtering Example: JAX-RS public class public RestrictedEntity denyall() {... @RolesAllowed({"manager"}) public RestrictedEntity rolesallowed() {... } 28
29 JAX-RS Client Security 29
30 Client Security SSL with JAX-RS support JAX-RS 2.0 defines support for SSL configuration javax.ws.rs.client.clientbuilder KeyStore, TrustStore, SSLContext Jersey provides SslConfigurator to create SSLContext 30
31 Client Security SslConfigurator SslConfigurator sslconfig = SslConfigurator.newInstance().trustStoreFile("./truststore_client").trustStorePassword("pwds65df4").keyStoreFile("./keystore_client").keyPassword("sf564fsds"); SSLContext sslcontext = sslconfig.createsslcontext(); Client client = ClientBuilder.newBuilder().sslContext(sslContext).build(); 31
32 Client Security Http Authentication ClientRequestFilter and ClientResponseFilter Jersey HttpAuthenticationFeature Basic, Digest, Universal HttpAuthenticationFeature basicauth = HttpAuthenticationFeature.basic("username,"12345"); Client client = ClientBuilder.newBuilder().register(basicAuth).newClient(); Student michal = client.target(" 32
33 OAuth 1 33
34 OAuth: introduction username/password Service Provider Resource owner Consumer 34
35 OAuth Motivation I want to give an access to my account to consumer (3 rd party application) Give Consumer my password Revoking access Password change Limit access (different authorization rules) Trust 35
36 OAuth: introduction username/password Service Provider Resource owner Consumer 36
37 OAuth Motivation OAuth No resource owner s password sharing Resource owner can revoke an access at any time Limited access User friendly process of issuing tokens (Authorization Process/Flow) 37
38 OAuth1 Details IETF OAuth 1.0 (RFC 5849) Previous community version 1.0 and 1.0a Signatures added to requests (HMAC-SHA1, RSA-SHA1) based on secret keys Authorization process (flow) Process of granting access to the consumer Authenticated requests Consumer calls REST APIs using OAuth signatures 38
39 OAuth1: Authorization flow 3 Service Provider 2 Resource owner Consumer 1 Request Token 2 Authorization Request 3 Resource owner authorization 4 Authorization Response 5 Access Token 39
40 OAuth1: Authenticated requests Service Provider Resource owner Consumer Access Token 40
41 OAuth1 Summary Secure Signatures Secret keys (consumer secret, request and access token secret) nonce, timestamp Complex for implementation 41
42 OAuth 2 42
43 OAuth 2 Introduction WRAP (Web Resource Authorization Protocol) OAuth 2.0 (IETF, RFC 6749), released in October 2012 Not backward compatible, framework (not protocol) Does not require signatures (bearer token), SSL Authorization flows Authorization Code Grant (refresh token) Implicit Grant (eg. Javascript client), Resource Owner Password Credentials Grant (user name + password), Client Credentials Grant (client app authentication) 43
44 OAuth 2 Compared to OAuth 1 Easier implementation OAuth 1.0a is not easy to implement Security questions no signature and no secret keys (risk of exposing tokens) SSL usage of authorization flows with limited security 44
45 OAuth Jersey and OAuth OAuth 1.0a: client and server OAuth 2: client (Authorization Code Grant) Client OAuth support: Authorization Flow: standalone utility Authenticated requests (Features => Filters) 45
46 OAuth 2 Demo server application that uses JAX-RS client to get and show Google tasks of any user that authorizes the application 46
47 Resources Securing JAX-RS Resources Entity Filtering in Jersey OAuth specification OAuth 2 sample Jersey 47
48 Questions & Answers 48
IBM WebSphere Application Server
IBM WebSphere Application Server OAuth 2.0 service provider and TAI 2012 IBM Corporation This presentation describes support for OAuth 2.0 included in IBM WebSphere Application Server V7.0.0.25. WASV70025_OAuth20.ppt
More informationvcommander will use SSL and session-based authentication to secure REST web services.
vcommander REST API Draft Proposal v1.1 1. Client Authentication vcommander will use SSL and session-based authentication to secure REST web services. 1. All REST API calls must take place over HTTPS 2.
More informationOAuth 2.0 Developers Guide. Ping Identity, Inc. 1001 17th Street, Suite 100, Denver, CO 80202 303.468.2900
OAuth 2.0 Developers Guide Ping Identity, Inc. 1001 17th Street, Suite 100, Denver, CO 80202 303.468.2900 Table of Contents Contents TABLE OF CONTENTS... 2 ABOUT THIS DOCUMENT... 3 GETTING STARTED... 4
More informationJVA-122. Secure Java Web Development
JVA-122. Secure Java Web Development Version 7.0 This comprehensive course shows experienced developers of Java EE applications how to secure those applications and to apply best practices with regard
More informationOracle EXAM - 1Z0-897. Java EE 6 Web Services Developer Certified Expert Exam. Buy Full Product. http://www.examskey.com/1z0-897.
Oracle EXAM - 1Z0-897 Java EE 6 Web Services Developer Certified Expert Exam Buy Full Product http://www.examskey.com/1z0-897.html Examskey Oracle 1Z0-897 exam demo product is here for you to test the
More informationAPPLICATION SECURITY ENHANCEMENTS IN JAVA EE 6
APPLICATION SECURITY ENHANCEMENTS IN JAVA EE 6 SRINI PENCHIKALA Austin Java User Group Meeting October 26, 2010 ABOUT THE SPEAKER Security Architect Certified Scrum Master Author, Editor (InfoQ) IASA Austin
More informationIntegrating Apex into Federated Environment using SAML 2.0. Jon Tupman Portalsoft Solutions Ltd
Integrating Apex into Federated Environment using SAML 2.0 Jon Tupman Portalsoft Solutions Ltd Introduction Migration challenge Federated vs Single sign-on SAML process flow Integrating Apex and Weblogic
More informationOracle Fusion Middleware Oracle API Gateway OAuth User Guide 11g Release 2 (11.1.2.4.0)
Oracle Fusion Middleware Oracle API Gateway OAuth User Guide 11g Release 2 (11.1.2.4.0) July 2015 Oracle API Gateway OAuth User Guide, 11g Release 2 (11.1.2.4.0) Copyright 1999, 2015, Oracle and/or its
More informationAxway API Gateway. Version 7.4.1
O A U T H U S E R G U I D E Axway API Gateway Version 7.4.1 3 February 2016 Copyright 2016 Axway All rights reserved. This documentation describes the following Axway software: Axway API Gateway 7.4.1
More informationRecommended readings. Lecture 11 - Securing Web. Applications. Security. Declarative Security
Recommended readings Lecture 11 Securing Web http://www.theserverside.com/tt/articles/content/tomcats ecurity/tomcatsecurity.pdf http://localhost:8080/tomcat-docs/security-managerhowto.html http://courses.coreservlets.com/course-
More informationEnterprise Access Control Patterns For REST and Web APIs
Enterprise Access Control Patterns For REST and Web APIs Francois Lascelles Layer 7 Technologies Session ID: STAR-402 Session Classification: intermediate Today s enterprise API drivers IAAS/PAAS distributed
More informationKeycloak SAML Client Adapter Reference Guide
Keycloak SAML Client Adapter Reference Guide SAML 2.0 Client Adapters 1.7.0.Final Preface... v 1. Overview... 1 2. General Adapter Config... 3 2.1. SP Element... 4 2.2. SP Keys and Key elements... 5 2.2.1.
More informationFairsail REST API: Guide for Developers
Fairsail REST API: Guide for Developers Version 1.02 FS-API-REST-PG-201509--R001.02 Fairsail 2015. All rights reserved. This document contains information proprietary to Fairsail and may not be reproduced,
More informationAPI documentation - 1 -
API documentation - 1 - Table of Contents 1. Introduction 1.1. What is an API 2. API Functions 2.1. Purge list of files 2.1.1 Description 2.1.2 Implementation 2.2. Purge of whole cache (all files on all
More informationOpenID Single Sign On and OAuth Data Access for Google Apps. Ryan Boyd @ryguyrg Dave Primmer May 2010
OpenID Single Sign On and OAuth Data Access for Google Apps Ryan Boyd @ryguyrg Dave Primmer May 2010 Why? View live notes and questions about this session on Google Wave: http://bit.ly/magicwave Agenda
More informationJava EE 6 New features in practice Part 3
Java EE 6 New features in practice Part 3 Java and all Java-based marks are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. License for use and distribution
More informationvcloud Air Platform Programmer's Guide
vcloud Air Platform Programmer's Guide vcloud Air OnDemand 5.7 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition.
More informationYou Are Hacked End-to-End Java EE Security in Practice. Karthik Shyamsunder, Principal Technologist Phani Pattapu, Engineer
You Are Hacked End-to-End Java EE Security in Practice Karthik Shyamsunder, Principal Technologist Phani Pattapu, Engineer Who Are We? Karthik Shyamsunder Principal Technologist, Verisign Adjunct Faculty,
More informationOAuth 2.0: Theory and Practice. Daniel Correia Pedro Félix
OAuth 2.0: Theory and Practice Daniel Correia Pedro Félix 1 whoami Daniel Correia Fast learner Junior Software Engineer Passionate about everything Web-related Currently working with the SAPO SDB team
More informationSecuring RESTful Web Services Using Spring and OAuth 2.0
Securing RESTful Web Services Using Spring and OAuth 2.0 1.0 EXECUTIVE SUMMARY While the market is hugely 1 accepting REST based architectures due to their light weight nature, there is a strong need to
More informationAuthenticate and authorize API with Apigility. by Enrico Zimuel (@ezimuel) Software Engineer Apigility and ZF2 Team
Authenticate and authorize API with Apigility by Enrico Zimuel (@ezimuel) Software Engineer Apigility and ZF2 Team About me Enrico Zimuel (@ezimuel) Software Engineer since 1996 PHP Engineer at Zend Technologies
More informationForce.com REST API Developer's Guide
Force.com REST API Developer's Guide Version 35.0, Winter 16 @salesforcedocs Last updated: December 10, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark
More informationApplication Security
2009 Marty Hall Declarative Web Application Security Originals of Slides and Source Code for Examples: http://courses.coreservlets.com/course-materials/msajsp.html Customized Java EE Training: http://courses.coreservlets.com/
More informationJava Enterprise Security. Stijn Van den Enden s.vandenenden@aca-it.be
Java Enterprise Security Stijn Van den Enden s.vandenenden@aca-it.be Agenda Java EE introduction Web module security EJB module security Runtime configuration Other security aspects Spring Security JBoss
More informationCopyright Pivotal Software Inc, 2013-2015 1 of 10
Table of Contents Table of Contents Getting Started with Pivotal Single Sign-On Adding Users to a Single Sign-On Service Plan Administering Pivotal Single Sign-On Choosing an Application Type 1 2 5 7 10
More informationEHR OAuth 2.0 Security
Hospital Health Information System EU HIS Contract No. IPA/2012/283-805 EHR OAuth 2.0 Security Final version July 2015 Visibility: Restricted Target Audience: EHR System Architects EHR Developers EPR Systems
More informationBuilding Secure Applications. James Tedrick
Building Secure Applications James Tedrick What We re Covering Today: Accessing ArcGIS Resources ArcGIS Web App Topics covered: Using Token endpoints Using OAuth/SAML User login App login Portal ArcGIS
More informationCentralized Oracle Database Authentication and Authorization in a Directory
Centralized Oracle Database Authentication and Authorization in a Directory Paul Sullivan Paul.J.Sullivan@oracle.com Principal Security Consultant Kevin Moulton Kevin.moulton@oracle.com Senior Manager,
More informationSecuring a Web Service
1 Securing a Web Service HTTP Basic Authentication and HTTPS/SSL Authentication and Encryption - Read Chaper 32 of the J2EE Tutorial - protected session, described later in this chapter, which ensur content
More informationLecture Notes for Advanced Web Security 2015
Lecture Notes for Advanced Web Security 2015 Part 6 Web Based Single Sign-On and Access Control Martin Hell 1 Introduction Letting users use information from one website on another website can in many
More informationSAML and OAUTH comparison
SAML and OAUTH comparison DevConf 2014, Brno JBoss by Red Hat Peter Škopek, pskopek@redhat.com, twitter: @pskopek Feb 7, 2014 Abstract SAML and OAuth are one of the most used protocols/standards for single
More informationTransport Layer Security Protocols
SSL/TLS 1 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally designed to by Netscape to secure HTTP Version 2 is being replaced by version 3 Subsequently became Internet Standard known
More informationEnabling SSO between Cognos 8 and WebSphere Portal
Guideline Enabling SSO between Cognos 8 and WebSphere Portal Product(s): Cognos 8 Area of Interest: Security Enabling SSO between Cognos 8 and WebSphere Portal 2 Copyright Your use of this document is
More informationThe increasing popularity of mobile devices is rapidly changing how and where we
Mobile Security BACKGROUND The increasing popularity of mobile devices is rapidly changing how and where we consume business related content. Mobile workforce expectations are forcing organizations to
More informationLogin with Amazon. Getting Started Guide for Websites. Version 1.0
Login with Amazon Getting Started Guide for Websites Version 1.0 Login with Amazon: Getting Started Guide for Websites Copyright 2016 Amazon Services, LLC or its affiliates. All rights reserved. Amazon
More informationE*TRADE Developer Platform. Developer Guide and API Reference. October 24, 2012 API Version: v0
E*TRADE Developer Platform Developer Guide and API Reference October 24, 2012 API Version: v0 Contents Getting Started... 5 Introduction... 6 Architecture... 6 Authorization... 6 Agreements... 7 Support
More informationIdentity Management with Spring Security. Dave Syer, VMware, SpringOne 2011
Identity Management with Spring Security Dave Syer, VMware, SpringOne 2011 Overview What is Identity Management? Is it anything to do with Security? Some existing and emerging standards Relevant features
More informationOAuth: Where are we going?
OAuth: Where are we going? What is OAuth? OAuth and CSRF Redirection Token Reuse OAuth Grant Types 1 OAuth v1 and v2 "OAuth 2.0 at the hand of a developer with deep understanding of web security will likely
More informationSecure Coding SSL, SOAP and REST. Astha Singhal Product Security Engineer salesforce.com
Secure Coding SSL, SOAP and REST Astha Singhal Product Security Engineer salesforce.com Safe Harbor Safe harbor statement under the Private Securities Litigation Reform Act of 1995: This presentation may
More informationOnegini Token server / Web API Platform
Onegini Token server / Web API Platform Companies and users interact securely by sharing data between different applications The Onegini Token server is a complete solution for managing your customer s
More informationConfiguration Guide - OneDesk to SalesForce Connector
Configuration Guide - OneDesk to SalesForce Connector Introduction The OneDesk to SalesForce Connector allows users to capture customer feedback and issues in OneDesk without leaving their familiar SalesForce
More informationAdvanced OpenEdge REST/Mobile Security
Advanced OpenEdge REST/Mobile Security Securing your OpenEdge Web applications Michael Jacobs August 2013 Legal Disclaimer The contents of these materials are confidential information of Progress Software
More informationHow To Protect Your Computer From Being Hacked On A J2Ee Application (J2Ee) On A Pc Or Macbook Or Macintosh (Jvee) On An Ipo (J 2Ee) (Jpe) On Pc Or
Pistoia_ch03.fm Page 55 Tuesday, January 6, 2004 1:56 PM CHAPTER3 Enterprise Java Security Fundamentals THE J2EE platform has achieved remarkable success in meeting enterprise needs, resulting in its widespread
More informationPowerCenter Real-Time Development
PowerCenter Real-Time Development Brian Bunn, Project Manager Serco Jay Moles, Sr. Informatica Designer Serco Tom Bennett, Sr. Consultant Informatica 1 Agenda Overview of PowerCenter Web Services Error
More informationUnderstanding Tomcat Security
Understanding Tomcat Security Anil Saldhana Project Lead JBoss Security and Identity Management Red Hat Inc Speaker Introduction Apache Web Services Program Management Committee. Apache Scout Project Lead.
More informationContents. 2 Alfresco API Version 1.0
The Alfresco API Contents The Alfresco API... 3 How does an application do work on behalf of a user?... 4 Registering your application... 4 Authorization... 4 Refreshing an access token...7 Alfresco CMIS
More informationLeveraging Cloud Storage Through Mobile Applications Using Mezeo Cloud Storage Platform REST API. John Eastman Mezeo
Leveraging Cloud Storage Through Mobile Applications Using Mezeo Cloud Storage Platform REST API John Eastman Mezeo Cloud Storage On-demand, API-based access to storage Storage accessed through REST Web
More informationMessage Containers and API Framework
Message Containers and API Framework Notices Copyright 2009-2010 Motion Picture Laboratories, Inc. This work is licensed under the Creative Commons Attribution-No Derivative Works 3.0 United States License.
More informationWEB SERVICES. Revised 9/29/2015
WEB SERVICES Revised 9/29/2015 This Page Intentionally Left Blank Table of Contents Web Services using WebLogic... 1 Developing Web Services on WebSphere... 2 Developing RESTful Services in Java v1.1...
More informationBuilding native mobile apps for Digital Factory
DIGITAL FACTORY 7.0 Building native mobile apps for Digital Factory Rooted in Open Source CMS, Jahia s Digital Industrialization paradigm is about streamlining Enterprise digital projects across channels
More informationThe Great Office 365 Adventure
COURSE OVERVIEW The Great Office 365 Adventure Duration: 5 days It's no secret that Microsoft has been shifting its development strategy away from the SharePoint on-premises environment to focus on the
More informationDistribution and Integration Technologies
Distribution and Integration Technologies RESTful Services REST style for web services REST Representational State Transfer, considers the web as a data resource Services accesses and modifies this data
More informationAn Oracle White Paper June 2014. RESTful Web Services for the Oracle Database Cloud - Multitenant Edition
An Oracle White Paper June 2014 RESTful Web Services for the Oracle Database Cloud - Multitenant Edition 1 Table of Contents Introduction to RESTful Web Services... 3 Architecture of Oracle Database Cloud
More informationOAuth 2.0. Weina Ma Weina.Ma@uoit.ca
OAuth 2.0 Weina Ma Weina.Ma@uoit.ca Agenda OAuth overview Simple example OAuth protocol workflow Server-side web application flow Client-side web application flow What s the problem As the web grows, more
More informationTitle page. Alcatel-Lucent 5620 SERVICE AWARE MANAGER 13.0 R7
Title page Alcatel-Lucent 5620 SERVICE AWARE MANAGER 13.0 R7 APPLICATION API DEVELOPER GUIDE 3HE-10590-AAAA-TQZZA Issue 1 December 2015 Legal notice Legal notice Alcatel, Lucent, Alcatel-Lucent and the
More informationEnabling Single-Sign-On between IBM Cognos 8 BI and IBM WebSphere Portal
Guideline Enabling Single-Sign-On between IBM Cognos 8 BI and IBM WebSphere Portal Product(s): IBM Cognos 8 BI Area of Interest: Security Copyright Copyright 2008 Cognos ULC (formerly Cognos Incorporated).
More informationMashery OAuth 2.0 Implementation Guide
Mashery OAuth 2.0 Implementation Guide June 2012 Revised: 7/18/12 www.mashery.com Mashery, Inc. 717 Market Street, Suite 300 San Francisco, CA 94103 Contents C hapter 1. About this Guide...5 Introduction...
More informationSecurity and ArcGIS Web Development. Heather Gonzago and Jeremy Bartley
Security and ArcGIS Web Development Heather Gonzago and Jeremy Bartley Agenda Types of apps Traditional token-based authentication OAuth2 authentication User login authentication Application authentication
More informationSpring Security 3. http://www.springsource.com/download/community?project=spring%20security
Spring Security 3 1. Introduction http://www.springsource.com/download/community?project=spring%20security 2. Security Namespace Configuration Web.xml configuration: springsecurityfilterchain
More informationUsing ArcGIS with OAuth 2.0. Aaron Parecki @aaronpk CTO, Esri R&D Center Portland
Using ArcGIS with OAuth 2.0 Aaron Parecki @aaronpk CTO, Esri R&D Center Portland Before OAuth Apps stored the user s password Apps got complete access to a user s account Users couldn t revoke access to
More informationACR Connect Authentication Service Developers Guide
ACR Connect Authentication Service Developers Guide Revision History Date Revised by Version Description 29/01/2015 Sergei Rusinov 1.0 Authentication using NRDR account Background The document describes
More informationRunning and Testing Java EE Applications in Embedded Mode with JupEEter Framework
JOURNAL OF APPLIED COMPUTER SCIENCE Vol. 21 No. 1 (2013), pp. 53-69 Running and Testing Java EE Applications in Embedded Mode with JupEEter Framework Marcin Kwapisz 1 1 Technical University of Lodz Faculty
More informationKeeping access control while moving to the cloud. Presented by Zdenek Nejedly Computing & Communications Services University of Guelph
Keeping access control while moving to the cloud Presented by Zdenek Nejedly Computing & Communications Services University of Guelph 1 Keeping access control while moving to the cloud Presented by Zdenek
More informationNetwork Security OAuth
Network Security OAuth Parma, May 28th, 2013 Online Services and Private Data The evolution of online services, such as social networks, has had a huge impact on the amount of data and personal information
More informationNUTECH COMPUTER TRAINING INSTITUTE 1682 E. GUDE DRIVE #102, ROCKVILLE, MD 20850
NUTECH COMPUTER TRAINING INSTITUTE 1682 E. GUDE DRIVE #102, ROCKVILLE, MD 20850 WEB: www.nutechtraining.com TEL: 301-610-9300 MCSD Web Applications Course Outlines 70-487 Developing Microsoft Azure and
More informationenterprise^ IBM WebSphere Application Server v7.0 Security "publishing Secure your WebSphere applications with Java EE and JAAS security standards
IBM WebSphere Application Server v7.0 Security Secure your WebSphere applications with Java EE and JAAS security standards Omar Siliceo "publishing enterprise^ birmingham - mumbai Preface 1 Chapter 1:
More informationRiverbed Cascade Shark Common REST API v1.0
Riverbed Cascade Shark Common REST API v1.0 Copyright Riverbed Technology Inc. 2015 Created Feb 1, 2015 at 04:02 PM Contents Contents Overview Data Encoding Resources information: ping information: list
More informationGOA365: The Great Office 365 Adventure
BEST PRACTICES IN OFFICE 365 DEVELOPMENT 5 DAYS GOA365: The Great Office 365 Adventure AUDIENCE FORMAT COURSE DESCRIPTION STUDENT PREREQUISITES Professional Developers Instructor-led training with hands-on
More informationHow To Synchronize With Gmail For Business On Shoretel
Voice Mail Synchronization with Gmail for Business Voice Mail Synchronization with Gmail for Business The Synchronization with Gmail for Business feature automatically synchronizes the state of a ShoreTel
More informationFrom Delphi to the cloud
From Delphi to the cloud Introduction Increasingly data and services hosted in the cloud become accessible by authenticated REST APIs for client applications, be it web clients, mobile clients and thus
More informationLogin with Amazon. Developer Guide for Websites
Login with Amazon Developer Guide for Websites Copyright 2014 Amazon Services, LLC or its affiliates. All rights reserved. Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates.
More informationAuthentication Integration
Authentication Integration VoiceThread provides multiple authentication frameworks allowing your organization to choose the optimal method to implement. This document details the various available authentication
More informationOAuth Guide Release 6.0
[1]Oracle Communications Services Gatekeeper OAuth Guide Release 6.0 E50767-02 November 2015 Oracle Communications Services Gatekeeper OAuth Guide, Release 6.0 E50767-02 Copyright 2012, 2015, Oracle and/or
More informationSalesforce Files Connect Implementation Guide
Salesforce Files Connect Implementation Guide Salesforce, Winter 16 @salesforcedocs Last updated: December 10, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered
More informationOAuth2 and UMA for ACE draft-maler-ace-oauth-uma-00.txt. Eve Maler, Erik Wahlström, Samuel Erdtman, Hannes Tschofenig
OAuth2 and UMA for ACE draft-maler-ace-oauth-uma-00.txt Eve Maler, Erik Wahlström, Samuel Erdtman, Hannes Tschofenig Agenda 1. Motivation behind draft-maler-ace-oauth-uma-00.txt. 2. Mapping of existing
More information02267: Software Development of Web Services
02267: Software Development of Web Services Week 8 Hubert Baumeister huba@dtu.dk Department of Applied Mathematics and Computer Science Technical University of Denmark Fall 2013 Contents RESTful Services
More information70-487: Developing Windows Azure and Web Services
70-487: Developing Windows Azure and Web Services The following tables show where changes to exam 70-487 have been made to include updates that relate to Windows Azure and Visual Studio 2013 tasks. These
More informationElectronic Ticket and Check-in System for Indico Conferences
Electronic Ticket and Check-in System for Indico Conferences September 2013 Author: Bernard Kolobara Supervisor: Jose Benito Gonzalez Lopez CERN openlab Summer Student Report 2013 Project Specification
More informationCopyright 2012, Oracle and/or its affiliates. All rights reserved.
1 OTM and SOA Mark Hagan Principal Software Engineer Oracle Product Development Content What is SOA? What is Web Services Security? Web Services Security in OTM Futures 3 PARADIGM 4 Content What is SOA?
More informationprofessional expertise distilled P U B L I S H I N G EJB 3.1 Cookbook Richard M. Reese Chapter No.7 "EJB Security"
P U B L I S H I N G professional expertise distilled EJB 3.1 Cookbook Richard M. Reese Chapter No.7 "EJB Security" In this package, you will find: A Biography of the author of the book A preview chapter
More informationComplete Java Web Development
Complete Java Web Development JAVA-WD Rev 11.14 4 days Description Complete Java Web Development is a crash course in developing cutting edge Web applications using the latest Java EE 6 technologies from
More informationOAuth. Network Security. Online Services and Private Data. A real-life example. Material and Credits. OAuth. OAuth
Network Security Dr. Ing. Simone Cirani Parma, May 28th, 2013 Online Services and Private Data The evolution of online services, such as social networks, has had a huge impact on the amount of data and
More informationAutomatic Recognition, Processing and Attacking of Single Sign-On Protocols with Burp Suite
Automatic Recognition, Processing and Attacking of Single Sign-On Protocols with Burp Suite Vladislav Mladenov, Tim Guenther, Christian Mainka, Horst-Görtz Institut für IT-Sicherheit, Ruhr-Universität
More informationCrawl Proxy Installation and Configuration Guide
Crawl Proxy Installation and Configuration Guide Google Enterprise EMEA Google Search Appliance is able to natively crawl secure content coming from multiple sources using for instance the following main
More informationMarkLogic Server. Java Application Developer s Guide. MarkLogic 8 February, 2015. Copyright 2015 MarkLogic Corporation. All rights reserved.
Java Application Developer s Guide 1 MarkLogic 8 February, 2015 Last Revised: 8.0-3, June, 2015 Copyright 2015 MarkLogic Corporation. All rights reserved. Table of Contents Table of Contents Java Application
More informationOracle Communications WebRTC Session Controller: Basic Admin. Student Guide
Oracle Communications WebRTC Session Controller: Basic Admin Student Guide Edition 1.0 April 2015 Copyright 2015, Oracle and/or its affiliates. All rights reserved. Disclaimer This document contains proprietary
More informationConfiguring IBM WebSphere Application Server 7 for Secure Sockets Layer and Client-Certificate Authentication on SAS 9.3 Enterprise BI Server Web
Configuring IBM WebSphere Application Server 7 for Secure Sockets Layer and Client-Certificate Authentication on SAS 9.3 Enterprise BI Server Web Applications Configuring IBM WebSphere 7 for SSL and Client-Certificate
More informationCloud Powered Mobile Apps with Azure
Cloud Powered Mobile Apps with Azure Malte Lantin Technical Evanglist Microsoft Azure Agenda Mobile Services Features and Demos Advanced Features Scaling and Pricing 2 What is Mobile Services? Storage
More informationConfiguring CQ Security
Configuring CQ Security About Me CQ Architect for Inside Solutions http://inside-solutions.ch CQ Blog: http://cqblog.inside-solutions.ch Customer Projects with Adobe CQ Training Material on Adobe CQ Agenda
More informationOpenText Information Hub (ihub) 3.1 and 3.1.1
OpenText Information Hub (ihub) 3.1 and 3.1.1 OpenText Information Hub (ihub) 3.1.1 meets the growing demand for analytics-powered applications that deliver data and empower employees and customers to
More informationEnabling Single-Sign-On on WebSphere Portal in IBM Cognos ReportNet
Guideline Enabling Single-Sign-On on WebSphere Portal in IBM Cognos ReportNet Product(s): IBM Cognos ReportNet Area of Interest: Security 2 Copyright Copyright 2008 Cognos ULC (formerly Cognos Incorporated).
More informationUsing Foundstone CookieDigger to Analyze Web Session Management
Using Foundstone CookieDigger to Analyze Web Session Management Foundstone Professional Services May 2005 Web Session Management Managing web sessions has become a critical component of secure coding techniques.
More informationwww.store.belvg.com skype ID: store.belvg email: store@belvg.com US phone number: +1-424-253-0801
1 Table of Contents Table of Contents: 1. Introduction to Google+ All in One... 3 2. How to Install... 4 3. How to Create Google+ App... 5 4. How to Configure... 8 5. How to Use... 13 2 Introduction to
More informationGlassFish Security. open source community experience distilled. security measures. Secure your GlassFish installation, Web applications,
GlassFish Security Secure your GlassFish installation, Web applications, EJB applications, application client module, and Web Services using Java EE and GlassFish security measures Masoud Kalali PUBLISHING
More informationWeb Security (SSL) Tecniche di Sicurezza dei Sistemi 1
Web Security (SSL) Tecniche di Sicurezza dei Sistemi 1 How the Web Works - HTTP Hypertext transfer protocol (http). Clients request documents (or scripts) through URL. Server response with documents. Documents
More informationAAI for Mobile Apps How mobile Apps can use SAML Authentication and Attributes. Lukas Hämmerle lukas.haemmerle@switch.ch
AAI for Mobile Apps How mobile Apps can use SAML Authentication and Attributes Lukas Hämmerle lukas.haemmerle@switch.ch Berne, 13. August 2014 Introduction App by University of St. Gallen Universities
More informationConfiguring BEA WebLogic Server for Web Authentication with SAS 9.2 Web Applications
Configuration Guide Configuring BEA WebLogic Server for Web Authentication with SAS 9.2 Web Applications This document describes how to configure Web authentication with BEA WebLogic for the SAS Web applications.
More informationExternal Authentication with WebCT. What We ll Discuss
External Authentication with WebCT WebCT, Inc http://www.webct.com/ What We ll Discuss Introductions Terminology Authentication in WebCT External Authentication Custom Authentication Authorization in WebCT
More informationSingle Sign-On Framework in Tizen Contributors: Alexander Kanavin, Jussi Laako, Jaska Uimonen
Single Sign-On Framework in Tizen Contributors: Alexander Kanavin, Jussi Laako, Jaska Uimonen Introduction Architecture Demonstration 2 What is the problem that Single Sign-on systems are aiming to solve?
More informationIBM WebSphere Application Server
IBM WebSphere Application Server SAML 2.0 web single-sign-on 2012 IBM Corporation This presentation describes support for SAML 2.0 web browser Single Sign On profile included in IBM WebSphere Application
More information