Enhancing Spring Security

Spring Security provides authentication, basic authorization and other security features for the widely used Java application framework Spring and it is a popular choice for use in the development of enterprise applications.

It also provides an elegant way to cross-cut security concerns across various layers of the application, typically business and presentation tiers. In this webinar we explore how the framework can be extended to make use of externalized access control schemes like the eXtensible Access Control Markup Language (XACML) to provide further separation between application logic and security logic. This approach also enables the use of a fine-grained attribute based access control (ABAC) model within the framework. The session will also provide an overview of how the Spring Security framework can be extended to help implement fine-grained access control policies in enterprise applications.

Key takeaways: 

  • Basic understanding of authorization capabilities in Spring Security
  • Understanding an externalized and attribute-based approach to access control
  • Extending Spring Security to use an ABAC model for access control

Download Q&A from webinar

 

Other Resources

Webinars
The Convergence of Cloud, DevOps and Access Control
Security experts from industry-leading NTT DATA and Axiomatics are making a deep dive into migrating access control to the cloud. Follow the demonstration of how to set up a project for containerization using ALFA and Jenkins.
Webinars
ABAC as code – Applying Modern DevOps to Policy Authoring
A DevOps approach to externalized business policy engineering can ensure modern CI/CD processes help IT adoption of access control policy authoring.
Webinars
Taking an identity-centric approach to a modern security architecture
Federal agencies invest heavily in protecting data from external threat actors, but the insider threat problem requires a new approach to access control. While protecting data is paramount, that requirement must be balanced with the need to share certain information across a variety of use case scenarios within and across agencies/departments.