Free Sample
+ Collection

Spring Security 3

Peter Mularien

Secure your web applications against malicious intruders with this easy to follow practical guide
RRP $29.99
RRP $49.99
Print + eBook

Want this title & more?

$12.99 p/month

Subscribe to PacktLib

Enjoy full and instant access to over 2000 books and videos – you’ll find everything you need to stay ahead of the curve and make sure you can always get the job done.

Book Details

ISBN 139781847199744
Paperback396 pages

About This Book

  • Make your web applications impenetrable.
  • Implement authentication and authorization of users.
  • Integrate Spring Security 3 with common external security providers.
  • Packed full with concrete, simple, and concise examples.

Who This Book Is For

This book is for Java developers who build web projects and applications. The book assumes basic familiarity with Java, XML and the Spring Framework. Newcomers to Spring Security will still be able to utilize all aspects of this book.

Table of Contents

Chapter 1: Anatomy of an Unsafe Application
Security audit
About the sample application
Reviewing the audit results
Using Spring Security 3 to address security concerns
Chapter 2: Getting Started with Spring Security
Core security concepts
Securing our application in three easy steps
Security is complicated: The architecture of secured web requests
Chapter 3: Enhancing the User Experience
Customizing the login page
Understanding logout functionality
Remember me
Implementing password change management
Chapter 4: Securing Credential Storage
Database-backed authentication with Spring Security
Advanced configuration of JdbcDaoImpl
Configuring secure passwords
Moving remember me to the database
Securing your site with SSL
Chapter 5: Fine-Grained Access Control
Re-thinking application functionality and security
Methods of Fine-Grained authorization
Securing the business tier
Advanced method security
Chapter 6: Advanced Configuration and Extension
Writing a custom security filter
Writing a custom AuthenticationProvider
Session management and concurrency
Understanding and configuring exception handling
Configuring Spring Security infrastructure beans manually
Advanced Spring Security bean-based configuration
Authentication event handling
Building a custom implementation of an SpEL expression handler
Chapter 7: Access Control Lists
Using Access Control Lists for business object security
Basic configuration of Spring Security ACL support
Advanced ACL topics
Considerations for a typical ACL deployment
Chapter 8: Opening up to OpenID
The promising world of OpenID
Enabling OpenID authentication with Spring Security
The OpenID user registration problem
Attribute Exchange
Is OpenID secure?
Chapter 9: LDAP Directory Services
Understanding LDAP
Configuring basic LDAP integration
Understanding how Spring LDAP authentication works
Advanced LDAP configuration
Integrating with an external LDAP server
Explicit LDAP bean configuration
Chapter 10: Single Sign On with Central Authentication Service
Introducing Central Authentication Service
Configuring basic CAS integration
Advanced CAS configuration
Chapter 11: Client Certificate Authentication
How Client Certificate authentication works
Setting up a Client Certificate authentication infrastructure
Configuring Client Certificate authentication in Spring Security
Configuring Client Certificate authentication using Spring Beans
Considerations when implementing Client Certificate authentication
Chapter 12: Spring Security Extensions
Spring Security Extensions
A primer on Kerberos and SPNEGO authentication
Kerberos authentication in Spring Security
Configuring LDAP UserDetailsService with Kerberos
Using form login with Kerberos
Chapter 13: Migration to Spring Security 3
Migrating from Spring Security 2
Enhancements in Spring Security 3
Changes to configuration in Spring Security 3
Changes to packages and classes

What You Will Learn

  • Recognize design flaws that will make your applications unsafe.
  • Implement basic authorization and credential storage.
  • Move seamlessly from Spring Security 2 to Spring Security 3.
  • Provide Enterprise adaptability with LDAP, Active Directory, and NTLM.
  • Push the Boundaries of Spring Security 3 through Extension and Customization.
  • Integrate in-house applications and popular Java frameworks with Spring Security 3.
  • Plan the configuration of Spring Security 3 to accommodate the authentication and authorization requirements of your application.

In Detail

Security is of critical importance to all web applications. Vulnerable applications are easy prey for hackers. This book is the perfect tool for Java developers looking to repel attacks against their web applications using the proven Spring Security library to achieve this.

A comprehensive guide to Spring Security 3. You will learn through real world business scenarios how to guard against the latest threats. You will also learn to combine Spring Security 3 with external security providers such as LDAP, OpenID, CAS, Kerberos, and Active Directory.

The book starts by giving an overview of security concepts and techniques, as well as setup and configuration. The book then gets you working with a JSP based web application that implements a simple e-commerce website. At this point you will progressively enhance the application giving you hands on experience implementing features of Spring Security 3 in real world business scenarios.

The second half of the book is devoted to common integration scenarios that you will come accross every day. At this stage you will be in a position to solve specific, complex integration problems. The book will end by showing migration from Spring Security 2 to 3.


Read More