Spring Security 3

Spring Security 3 is a pretty decent book if you want to get started with Spring Security or want to know more of the internals or exotic features it has to offer.

The book starts with a brief explanation of the different parts of secutiry and after that explains how these are implemented/used in Spring Security. During the different chapters in the book they explain the different features of Spring Security with the use of a consistent sample (application) and security review. During the samples the issues of the security review are being solved, it is also explained why you should solve them and why they are a risk.

The sample application is being secured in a couple of chapters, each of the chapters explains a part of Spring Security. It starts simple and progresses to the more exotic features of the framework, however it doesn’t stop there. There is also a lot of explaining going on what is happening internally in the framework, which classes are used and why. In short you basically get an in depth explanation of the Spring Security namespace.

Another great thing about the book is that it covers, in quite some detail, some of the less well documented features of Spring Security. Spring Security has the notion of groups, which is pretty much unmentioned in the reference guide, this book explains it in quite a clear and concise way. Another feature explained quite well is the use of ACL, often asked in the forums and still undocumented in the reference guide. So this book also fills in those gaps. Next to those features it also explains how to use OpenID, SSO, Client Certificates and how to configure them (again in quite some detail).

So in short if you want to know how Spring Security 3 works internally, what the namespace actually does, how those undocumented features work, this book is a must read. I would say this book is a must read for all the Spring Security users out there.

Advertisements

Securing Spring Web Flow


Well that is the title of the presentation I just gave at the NL-JUG 2007 conference. The presentation was about the Spring Web Flow solution we created to secure flows. The presentation can be found and the conference website. The code is available in the JIRA under issue SWF-93 but for your convenience also available for download (press the link on the bottom of this post).

The presentation went well, there were some nice questions and a little bit of discussion. So my conclusion was that it was a nice presentation. I will blog about using this security solutions shortly. However for now I have a conference to attend.

WebFlow Security