Thursday, November 2, 2017

Security Misc



The SecurityContext and SecurityContextHolder are two fundamental classes of Spring Security. The SecurityContext is used to store the details of the currently authenticated user, also known as a principle. So, if you have to get the username or any other user details, you need to get this SecurityContext first. The SecurityContextHolder is a helper class, which provides access to the security context. By default, it uses a ThreadLocal object to store security context, which means that the security context is always available to methods in the same thread of execution, even if you don't pass the SecurityContext object around


JWT
https://github.com/dwyl/learn-json-web-tokens
"JSON Web Token (JWT) is a compact URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is digitally signed using JSON Web Signature (JWS). ~ IETF

In English

To identify/authenticate people in your (web/mobile) app, put a standards-based token in the header or url of the page (or API endpoint) which proves the user has logged in and is allowed to access the desired content.


example: https://www.yoursite.com/private-content/?token=eyJ0eXAiOiJKV1Qi.eyJrZXkiOi.eUiabuiKv
Tokens are a string of "url safe" characters which encode information. Tokens have three components (separated by periods) (shown here on multiple lines for readability but used as a single string of text)


eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9           // header
.eyJrZXkiOiJ2YWwiLCJpYXQiOjE0MjI2MDU0NDV9      // payload
.eUiabuiKv-8PYk2AkGY4Fb5KMZeorYBLw261JPQD5lM   // signature

What are "Claims"?

Claims are the predefined keys and their values:
  • iss: issuer of the token
  • exp: the expiration timestamp (reject tokens which have expired). Note: as defined in the spec, this must be in seconds.
  • iat: The time the JWT was issued. Can be used to determine the age of the JWT
  • nbf: "not before" is a future time when the token will become active.
  • jti: unique identifier for the JWT. Used to prevent the JWT from being re-used or replayed.
https://en.wikipedia.org/wiki/FreeIPA
FreeIPA -- aims to provide an easily managed IdentityPolicy, and Audit (IPA)

As of 2014 FreeIPA uses 389 Directory Server for its LDAP implementation, MIT's Kerberos 5 for authentication and single sign-on, the Apache HTTP Server and Python for the management framework and Web UI, and (optionally) DogTag[5] for the integrated CA, and BIND with a custom plugin for the integrated DNS. Since version 3.0.0, FreeIPA also uses Samba to integrate with Microsoft's Active Directory by way of Cross Forest Trusts.

https://techtalk.gfi.com/to-split-or-not-to-split-that-is-the-question/
In the context of a VPN connection, split tunneling refers to the practice of routing only some traffic over the VPN, while letting other traffic directly access the Internet. Usually, what is routed over the VPN will be traffic destined for internal resources, while web surfing, email, etc. will go directly to the Internet. The VPN client is configured to route interesting traffic through the tunnel, while using the default gateway of the physical address for everything else.

Inverse split tunneling

In inverse split tunneling, once the VPN connection is established, all traffic is routed through the VPN except specific traffic that is routed to the default gateway. 


Labels

Review (572) System Design (334) System Design - Review (198) Java (189) Coding (75) Interview-System Design (65) Interview (63) Book Notes (59) Coding - Review (59) to-do (45) Linux (43) Knowledge (39) Interview-Java (35) Knowledge - Review (32) Database (31) Design Patterns (31) Big Data (29) Product Architecture (28) MultiThread (27) Soft Skills (27) Concurrency (26) Cracking Code Interview (26) Miscs (25) Distributed (24) OOD Design (24) Google (23) Career (22) Interview - Review (21) Java - Code (21) Operating System (21) Interview Q&A (20) System Design - Practice (20) Tips (19) Algorithm (17) Company - Facebook (17) Security (17) How to Ace Interview (16) Brain Teaser (14) Linux - Shell (14) Redis (14) Testing (14) Tools (14) Code Quality (13) Search (13) Spark (13) Spring (13) Company - LinkedIn (12) How to (12) Interview-Database (12) Interview-Operating System (12) Solr (12) Architecture Principles (11) Resource (10) Amazon (9) Cache (9) Git (9) Interview - MultiThread (9) Scalability (9) Trouble Shooting (9) Web Dev (9) Architecture Model (8) Better Programmer (8) Cassandra (8) Company - Uber (8) Java67 (8) Math (8) OO Design principles (8) SOLID (8) Design (7) Interview Corner (7) JVM (7) Java Basics (7) Kafka (7) Mac (7) Machine Learning (7) NoSQL (7) C++ (6) Chrome (6) File System (6) Highscalability (6) How to Better (6) Network (6) Restful (6) CareerCup (5) Code Review (5) Hash (5) How to Interview (5) JDK Source Code (5) JavaScript (5) Leetcode (5) Must Known (5) Python (5)

Popular Posts