In this chapter, we'll review the core concepts behind Spring Security, including important terminology and product architecture. We'll look at some of the options for configuring Spring Security, and what effect they have on the application.
Most importantly, to save our jobs, we'll have to start securing the JBCP Pets online store! We'll address our first finding—inadvertent privilege escalation due to lack of URL protection and general authentication—from the security audit discussed in Chapter 1, Anatomy of an Unsafe Application by analyzing and understanding how to ensure that authentication exists to protect appropriate areas of the store.
During the course of this chapter, we'll: