Skip to main content

Über dieses Buch

Security is a key element in the development of any non-trivial application. The Spring Security Framework provides a comprehensive set of functionalities to implement industry-standard authentication and authorization mechanisms for Java applications.

Pro Spring Security will be a reference and advanced tutorial that will do the following:

Guides you through the implementation of the security features for a Java web application by presenting consistent examples built from the ground-up. Demonstrates the different authentication and authorization methods to secure enterprise-level applications by using the Spring Security Framework. Provides you with a broader look into Spring security by including up-to-date use cases such as building a security layer for RESTful web services and Grails applications.



Chapter 1. The Scope of Security

Security. An incredibly overloaded word in the IT world. It means so many different things in so many different contexts, but in the end, it is all about protecting sensitive and valuable resources against malicious usage.

Carlo Scarioni

Chapter 2. Introducing Spring Security

In this chapter, you will learn what Spring Security is and how you can use it to address security concerns about your application. We’ll build a simple application secured with Spring Security. We’ll start with a Servlet-based web application without any security, and then we’ll add security to it in a declarative, nonintrusive way.

Carlo Scarioni

Chapter 3. Spring Security Architecture and Design

In the previous chapter, I developed an initial application secured with Spring Security. I gave an overview of the way this application worked and looked in detail at some of the Spring Security components that are put into action in common Spring Security-secured application. In this chapter, I am going to extend those explanations and delve deeply into the framework.

Carlo Scarioni

Chapter 4. Web Security

In this chapter, I will explain how to apply security at the web layer for Java web-based applications. You will see in detail the inner work of the security filter chain and the different metadata options at your disposal to define security constraints in your application. I will also cover the Taglib facility for enforcing security constraints at the view level.

Carlo Scarioni

Chapter 5. Securing the Service Layer

This chapter will drill down further into the core functionality of Spring Security.

Carlo Scarioni

Chapter 6. Configuring Alternative Authentication Providers

One of Spring Security’s strongest points is that you can plug different authentication mechanisms into the framework. Spring Security was built to create, as much as possible, a pluggable architecture model, where different things can be plugged into the framework in an easy and unobtrusive way. In the authentication layer, this means that an abstraction exists that takes care of this part of the security process. This abstraction comes in the form, mainly, of the


interface, but it also is supported by specific security Servlet filters and user details services.

Carlo Scarioni

Chapter 7. Business Object Security with ACLs

This chapter will introduce access control lists (ACLs) in the context of Spring Security.

Carlo Scarioni

Chapter 8. Customizing and Extending Spring Security

Spring Security is a very extendable and customizable framework. This is primarily because the framework is built using object-oriented principles and design practices so that it is open for extension and closed for modification. In the previous chapter, you saw one of the major extension points in Spring Security—namely, the pluggability of different authentication providers. This chapter covers some other extension points in the framework that you can take advantage of to extend Spring Security’s functionality or to modify or customize functionality that doesn’t work exactly the way you need in your applications.

Carlo Scarioni

Chapter 9. Integrating Spring Security with Other Frameworks and Languages

This chapter will explore Spring Security in the context of other application frameworks and languages that run on the JVM.

Carlo Scarioni


Weitere Informationen

Premium Partner

Neuer Inhalt

BranchenIndex Online

Die B2B-Firmensuche für Industrie und Wirtschaft: Kostenfrei in Firmenprofilen nach Lieferanten, Herstellern, Dienstleistern und Händlern recherchieren.



Product Lifecycle Management im Konzernumfeld – Herausforderungen, Lösungsansätze und Handlungsempfehlungen

Für produzierende Unternehmen hat sich Product Lifecycle Management in den letzten Jahrzehnten in wachsendem Maße zu einem strategisch wichtigen Ansatz entwickelt. Forciert durch steigende Effektivitäts- und Effizienzanforderungen stellen viele Unternehmen ihre Product Lifecycle Management-Prozesse und -Informationssysteme auf den Prüfstand. Der vorliegende Beitrag beschreibt entlang eines etablierten Analyseframeworks Herausforderungen und Lösungsansätze im Product Lifecycle Management im Konzernumfeld.
Jetzt gratis downloaden!