PacktLib: Spring Security 3

Spring Security 3

Credits

Foreword

About the Author

About the Reviewers

Preface

Anatomy of an Unsafe Application

Security audit

About the sample application

Reviewing the audit results

Using Spring Security 3 to address security concerns

Summary

Getting Started with Spring Security

Core security concepts

Securing our application in three easy steps

Security is complicated: The architecture of secured web requests

Summary

Enhancing the User Experience

Customizing the login page

Understanding logout functionality

Remember me

Implementing password change management

Summary

Securing Credential Storage

Database-backed authentication with Spring Security

Advanced configuration of JdbcDaoImpl

Configuring secure passwords

Moving remember me to the database

Securing your site with SSL

Summary

Fine-Grained Access Control

Re-thinking application functionality and security

Methods of Fine-Grained authorization

Securing the business tier

Advanced method security

Summary

Advanced Configuration and Extension

Writing a custom security filter

Writing a custom AuthenticationProvider

Session management and concurrency

Understanding and configuring exception handling

Configuring Spring Security infrastructure beans manually

Advanced Spring Security bean-based configuration

Authentication event handling

Building a custom implementation of an SpEL expression handler

Summary

Access Control Lists

Using Access Control Lists for business object security

Basic configuration of Spring Security ACL support

Advanced ACL topics

Considerations for a typical ACL deployment

Summary

Opening up to OpenID

The promising world of OpenID

Enabling OpenID authentication with Spring Security

The OpenID user registration problem

Attribute Exchange

Is OpenID secure?

Summary

LDAP Directory Services

Understanding LDAP

Configuring basic LDAP integration

Understanding how Spring LDAP authentication works

Advanced LDAP configuration

Integrating with an external LDAP server

Explicit LDAP bean configuration

Summary

Single Sign On with Central Authentication Service

Introducing Central Authentication Service

Configuring basic CAS integration

Advanced CAS configuration

Summary

Client Certificate Authentication

How Client Certificate authentication works

Setting up a Client Certificate authentication infrastructure

Configuring Client Certificate authentication in Spring Security

Configuring Client Certificate authentication using Spring Beans

Considerations when implementing Client Certificate authentication

Summary

Spring Security Extensions

Spring Security Extensions

A primer on Kerberos and SPNEGO authentication

Kerberos authentication in Spring Security

Configuring LDAP UserDetailsService with Kerberos

Using form login with Kerberos

Summary

Migration to Spring Security 3

Migrating from Spring Security 2

Enhancements in Spring Security 3

Changes to configuration in Spring Security 3

Changes to packages and classes

Summary

Additional Reference Material

Additional Reference Material

Additional Reference Material

Additional Reference Material

Additional Reference Material

Additional Reference Material

Index