View RSS Feed

Security

Spring Security

  1. Using SpEL for Spring Security

    by , 11-27-2011 at 10:58 PM
    Sometimes you might need to have a more sophisticated method of defining security constraints. Fortunately as of version 3.0, Spring Security also supports SpEL as a means for declaring access requirements. I will give you show you how to use it in this tip.

    First thing you will need to do is to enable it. To do this, you must set the use-expressions attribute of <http> to true:

    Java Code:
    <http auto-config="true" use-expressions="true">
    ...

    Updated 11-30-2011 at 01:34 PM by Spring Framework

    Categories
    Spring EL , Security
  2. Request Interception with Spring Security

    by , 11-27-2011 at 10:54 PM
    This is the last of a series of tips on Spring Security. From my previous tips, you should be able to configure Spring Security as well as setup login and logout. In the last tip, I will show you how to intercept requests. The <intercept-url> element is the key in the request-level security. Its pattern attribute is provide with a URL pattern that will be matched against incoming requests. If any requests match the pattern, then the <intercept-url>ís security rules will be applied. So ...
  3. Logging Out with Spring Security

    by , 11-27-2011 at 10:52 PM
    In my previous tips, I showed you how to configure and setup Spring Security as well as the login form autogenerated when auto-config is set to true. In this tip, I will show you how to setup the logout for your application. Basically the <logout> element will setup a Spring Security filter that will invalidate a user session. If it is used as is, the filter set up by <logout> is mapped to /j_spring_security_ logout. In order to ensure that there is no collision with the DispatcherServlet, ...
    Categories
    Security , Web , Spring 3
  4. Login Forms with Spring Security

    by , 11-27-2011 at 10:51 PM
    In my previous tips I showed how to add in the necessary servlet filters in your Spring application file and then to configure minimal security in your Spring application. In this tip, we will look at setting up a form for logging into an application.

    As I mention in the last tip, by setting auto-config to true, the autoconfiguration give our a free login page, support for HTTP Basic authentication and logging out, and Spring Security will automatically generate a login page page. ...
    Categories
    Web , Spring 3 , Security
  5. Setting up Secure Web Requests in Spring

    by , 11-27-2011 at 10:48 PM
    Continuing our investigation of Spring Security, in this tip I will look at making secure web requests. All activities that starts in a java web application is initiated via an HttpServletRequests. As such, this is where the security of your application will start. This security takes the form of request-level security. This involves declaring one or more URL patterns as requiring some level of granted authority and restricting access to those without authority from accessing the content of those ...
  6. Configuring Spring Security

    by , 11-27-2011 at 10:45 PM
    In the last tip, I introduced Spring Security and outlined the modules that are available. In this tip, we will look at configuring namespaces. Using Spring, the nice thing about Spring Security is that all the security elements are configured as beans in the application context. It is not uncommon to have a Acegi configuration containing dozens of bean declarations that span multiple pages.

    Another nice feature is that Spring Security has its own security-specific namespace to simplify ...
  7. Intro to Spring Security

    by , 11-27-2011 at 10:44 PM
    Spring Security is a security framework that started out as Acegi Security and then became an official part of Spring in version 2.0. It provides declarative security for all Spring-based applications. Spring Security handles all aspects of security from authentication to authorization at both the web request level and at the method invocation level. Like many Spring Framework modules, it takes full advantage of dependency injection (DI) and aspect-oriented techniques.

    Irrespective ...
    Categories
    Security , Spring 3