PacktLib: Spring Security 3

Spring Security 3



About the Author

About the Reviewers


Anatomy of an Unsafe Application

Security audit

About the sample application

Reviewing the audit results

Using Spring Security 3 to address security concerns


Getting Started with Spring Security

Core security concepts

Securing our application in three easy steps

Security is complicated: The architecture of secured web requests


Enhancing the User Experience

Customizing the login page

Understanding logout functionality

Remember me

Implementing password change management


Securing Credential Storage

Database-backed authentication with Spring Security

Advanced configuration of JdbcDaoImpl

Configuring secure passwords

Moving remember me to the database

Securing your site with SSL


Fine-Grained Access Control

Re-thinking application functionality and security

Methods of Fine-Grained authorization

Securing the business tier

Advanced method security


Advanced Configuration and Extension

Writing a custom security filter

Writing a custom AuthenticationProvider

Session management and concurrency

Understanding and configuring exception handling

Configuring Spring Security infrastructure beans manually

Advanced Spring Security bean-based configuration

Authentication event handling

Building a custom implementation of an SpEL expression handler


Access Control Lists

Using Access Control Lists for business object security

Basic configuration of Spring Security ACL support

Advanced ACL topics

Considerations for a typical ACL deployment


Opening up to OpenID

The promising world of OpenID

Enabling OpenID authentication with Spring Security

The OpenID user registration problem

Attribute Exchange

Is OpenID secure?


LDAP Directory Services

Understanding LDAP

Configuring basic LDAP integration

Understanding how Spring LDAP authentication works

Advanced LDAP configuration

Integrating with an external LDAP server

Explicit LDAP bean configuration


Single Sign On with Central Authentication Service

Introducing Central Authentication Service

Configuring basic CAS integration

Advanced CAS configuration


Client Certificate Authentication

How Client Certificate authentication works

Setting up a Client Certificate authentication infrastructure

Configuring Client Certificate authentication in Spring Security

Configuring Client Certificate authentication using Spring Beans

Considerations when implementing Client Certificate authentication


Spring Security Extensions

Spring Security Extensions

A primer on Kerberos and SPNEGO authentication

Kerberos authentication in Spring Security

Configuring LDAP UserDetailsService with Kerberos

Using form login with Kerberos


Migration to Spring Security 3

Migrating from Spring Security 2

Enhancements in Spring Security 3

Changes to configuration in Spring Security 3

Changes to packages and classes


Additional Reference Material

Additional Reference Material

Additional Reference Material

Additional Reference Material

Additional Reference Material

Additional Reference Material