Instant Spring Security Starter [Instant]

This title is available as an eBook only
Instant Spring Security Starter [Instant]
eBook: $14.99
Formats: PDF, PacktLib, ePub and Mobi formats
save 15%!
Print & eBook also available on:
Learn in an Instant - Short, Fast, Focused
Table of Contents
Sample Chapters
  • Learn something new in an Instant! A short, fast, focused guide delivering immediate results
  • Learn basic login/password and two-phase authentication
  • Secure access all the way from frontend to backend
  • Learn about the available security models, SPEL, and pragmatic considerations

Book Details

Language : English
eBook : 70 pages
Release Date : June 2013
ISBN : 1782168834
ISBN 13 : 9781782168836
Author(s) : Piotr Jagielski, Jakub Nabrdalik
Topics and Technologies : All Books, Application Development, Instant, Open Source

Table of Contents

Spring Security Starter
  • Spring Security Starter
    • So, what is Spring Security?
    • Quick start – getting the basics right
      • Understanding the big picture
      • Adding the Spring Security layer
        • Step 1 – adding the correct dependencies to your project
        • Step 2 – firing up Spring Security using a filter in web.xml
        • Step 3 – setting up the security context
        • Step 4 – getting the basic web security configuration
        • Step 5 – login page
    • Top 11 features you need to know about
      • Password encoders
      • Registration
      • Remember-me
      • Logging out
      • Securing web resources
        • HTTPS versus HTTP
        • Basic access control
        • Expression-based access control
        • Web filters
        • One-time password and two-phase authentication
      • Logged-in user in the backend
      • Securing methods
      • The power of SPEL
      • Writing tests
      • Exposing secured RESTful services
        • Single-page applications
        • Straight approach
        • Basic Authentication
        • Digest
        • Dealing with the ugly login dialog
      • What else you may want to know
        • Internet authentication – because login/password is so 80s
        • OpenID 2.0
        • OAuth 2.0
    • People and places you should get to know
      • Official sites
      • Articles, tutorials, and blogs
      • Community

Piotr Jagielski

Piotr Jagielski graduated in Computer Science from Warsaw University, where he encountered functional (SML) and logic (Prolog) programming 10 years before Seven Languages by Bruce A. Tate was published. He started coding for money with C++, and after two years, switched to Java, which he still uses to this day (with a little help from Groovy) in both integration middleware and frontends as a senior developer at TouK. In his spare time, he discovers tech startups and trending open source frameworks, which has led him to create a framework rating system at He spent the last couple of months hacking Raspberry Pi and Arduino, with some quite successful proofs-of-concept (he won second place in Hackwaw for a teddy bear baby monitor). He is also a husband and the geek dad of a 2-year-old geek boy.

Jakub Nabrdalik

Jakub Nabrdalik was born a year before Commodore 64 was introduced, and soon started programming text-based adventure computer games for that machine. He got his B.Sc. from the University of Warmia and Mazury, and his M.Sc. from Military University of Technology, both in Poland. Sucked up by the world's transition to the Web, he started building ERP, e-commerce, and enterprise systems on a thin client with PHP, C#, Java, and Groovy. In 2005, his life was changed dramatically by Test Driven Development. As a strong believer in the Agile Manifesto and Craftsmanship, he started sharing his passion by speaking at conferences (33rd Degree, TopConf, Confitura, and Javarsowia), Warsaw Java User Group meetings, Agile Warsaw meetings, and mentoring/coding at several workshops and Hackathons. Since 2007, he has been working as a Solution Architect at TouK, a medium-sized Agile company, making dedicated software for telcos, banks, and smaller customers. His main goal is to build highly maintainable services, in a very time-and-money-constrained environment. He blogs a bit at
Sorry, we don't have any reviews for this title yet.

Code Downloads

Download the code and support files for this book.

Submit Errata

Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.

Sorry, there are currently no downloads available for this title.

Frequently bought together

Instant Spring Security Starter [Instant] +    Team Foundation Server 2012 Starter [Instant] =
50% Off
the second eBook
Price for both: $23.50

Buy both these recommended eBooks together and get 50% off the cheapest eBook.

What you will learn from this book

  • Understand two-phase authentication
  • Secure methods in the backend
  • Write integration tests with access control
  • Secure the backend for REST services and single-page applications

In Detail

When it comes to security, you need a proven but easy to understand solution. Spring Security is a highly customizable authentication and access-control JVM framework with a 10 year history. It has most of the answers to your security questions ready out of the box, while still allowing you to customize and configure everything you need.

Instant Spring Security Starter will help you get started with Spring Security in one evening of reading and one day of programming. Focusing only on the aspects of Spring Security that are most useful in practice, this book explains the architectural concepts of the framework in a simple and straightforward manner.

You will start off by learning the big picture and how to set up Spring Security, which will give you a better understanding of the fundamentals of the framework. You will be introduced to the authentication and authorization flows and the different possible models of security. The book will then teach you how to secure methods and web resources with business rules and will discuss the reasons for using two-phase authentication. You will also learn about aspects that you need to watch out for, and how to deal with them in integration tests. Furthermore, we will also cover the common pitfalls, mistakes, and open Single Sign-on solutions. By the end of the book, you will have learned how to use Spring Security effectively, and the book will also show you a few advanced but very popular solutions to modern problems.


Get to grips with a new technology, understand what it is and what it can do for you, and then get to work with the most important features and tasks. A concise guide written in an easy-to-follow format following the Starter guide approach.

Who this book is for

This book is for people who have not used Spring Security before and want to learn how to use it effectively in a short amount of time. It is assumed that readers know both Java and HTTP protocol at the level of basic web programming. The reader should also be familiar with Inversion-of-Control/Dependency Injection, preferably with the Spring framework itself.

Code Download and Errata
Packt Anytime, Anywhere
Register Books
Print Upgrades
eBook Downloads
Video Support
Contact Us
Awards Voting Nominations Previous Winners
Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software