Maturing your application's security with Seam Security

Learn how Seam's security can protect your application throughout the development life cycle, from simple authentication to fine-grained, rule-based security restrictions.

Security is the cornerstone of your application's integrity and, therefore, it should be a key component of any enterprise framework. And you'd rather the complexity be confined to the security rules, not contributed by the security framework itself.

Seam's security module is a central component of the Seam framework and offers a significantly simpler alternative to the monolithic and complex Java Authentication and Authorization Service (JAAS) in Java EE. In this talk, you learn how Seam Security allows you to evolve the security model of your application over time, keeping inline with the development cycle.

The talk starts you off with a very simple configuration that applies a security blanket over the application to keep out guests and establish a basic identity for the user. Then you mature the security infrastructure of the application gradually by adopting Seam's declarative approach to authentication or defining fine-grained authorization rules that enforce contextual restrictions at the level of database records, database fields, object fields and UI fragments.

You are introduced to the numerous authorization styles that Seam supports ranging from binary, role-based, rule-based (Drools), and ACLs. Examples are presented to help you differentiate the four styles of authorization and when it's appropriate to use each one. In the process, you learn to appreciate that Seam's authorization is able to take the context of the restriction into account, a feature than many security frameworks overlook.

By the end of the talk, you will be intimately familiar with Seam's security module and be able to use it to enforce advanced security rules in your application you never thought possible.