You are previewing Spring Security 3.x Cookbook.
O'Reilly logo
Spring Security 3.x Cookbook

Book Description

Over 60 recipes to help you successfully safeguard your web applications with Spring Security

  • Learn about all the mandatory security measures for modern day applications using Spring Security

  • Investigate different approaches to application level authentication and authorization

  • Master how to mount security on applications used by developers and organizations

In Detail

Web applications are exposed to a variety of threats and vulnerabilities at the authentication, authorization, service, and domain object levels. Spring Security can help secure these applications against those threats.

Spring Security is a popular application security solution for Java applications. It is widely used to secure standalone web applications, portlets, and increasingly REST applications. It is a powerful and highly customizable authentication and access-control framework. It is the de-facto standard for securing Spring-based applications and it is currently used to secure numerous demanding environments including government agencies, military applications, and central banks.

"Spring Security 3.x Cookbook" is a repository of recipes to help you successfully secure web applications against threats and vulnerabilities at the authentication and session level layers using the Spring Security framework. We will not only explore Spring-based web applications, but also Java-based and Grails-based applications that can use Spring Security as their security framework. Apart from conventional web applications, we will also look at securing portlets, RESTful web service applications, and other non-web applications.

This book will also take you through how to integrate Spring Security with other popular web frameworks/technologies such as Vaadin, EJB, and GWT. In addition to testing and debugging the implemented security measures, this book will also delve into finer aspects of Spring Security implementation such as how it deals with concurrency, multitenancy, and customization, and we will even show you how to disable it.

This book gives you an overview of Spring Security and its implementation with various frameworks. It starts with container-based authentication before taking you on a tour of the main features of Spring Security. It demonstrates security concepts like BASIC, FORM, and DIGEST authentication and shows you how to integrate the Spring Security framework with various frameworks like JSF, struts2, Vaadin, and more.

The book also demonstrates how to utilize container managed security without JAAS. Then, we move on to setting up a struts2 application before showing you how to integrate Spring Security with other frameworks like JSF, Groovy, Wicket, GWT, and Vaadin respectively.

This book will serve as a highly practical guide and will give you confidence when it comes to applying security to your applications. It’s packed with simple examples which show off each concept of Spring Security and which help you learn how it can be integrated with various frameworks.

Table of Contents

  1. Spring Security 3.x Cookbook
    1. Table of Contents
    2. Spring Security 3.x Cookbook
    3. Credits
    4. About the Author
    5. About the Reviewers
    6. www.PacktPub.com
      1. Support files, eBooks, discount offers and more
        1. Why Subscribe?
        2. Free Access for Packt account holders
    7. Preface
      1. Introduction
      2. What this book covers
      3. What you need for this book
      4. Who this book is for
      5. Conventions
      6. Reader feedback
      7. Customer support
        1. Downloading the example code
        2. Errata
        3. Piracy
        4. Questions
    8. 1. Basic Security
      1. Introduction
      2. JAAS-based security authentication on JSPs
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      3. JAAS-based security authentication on servlet
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      4. Container-based basic authentication on servlet
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      5. Form-based authentication on servlet
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      6. Form-based authentication with open LDAP and servlet
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      7. Hashing/Digest authentication on servlet
        1. Getting ready
        2. How to do it....
        3. How it works...
        4. See also
      8. Basic authentication for JAX-WS and JAX-RS
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      9. Enabling and disabling the file listing
        1. How to do it...
        2. See also
    9. 2. Spring Security with Struts 2
      1. Introduction
      2. Integrating Struts 2 with Spring Security
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      3. Struts 2 application with basic Spring Security
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      4. Using Struts 2 with digest/hashing-based Spring Security
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      5. Using Spring Security logout with Struts 2
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
        5. See also
      6. Authenticating databases with Struts 2 and Spring Security
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
        5. See also
      7. Getting the logged-in user info in Struts 2 with Spring Security
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
        5. See also
      8. Displaying custom error messages in Struts 2 for authentication failure
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      9. Authenticating with ApacheDS with Spring Security and Struts 2 application
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
    10. 3. Spring Security with JSF
      1. Introduction
      2. Integrating JSF with Spring Security
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      3. JSF with form-based Spring Security
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      4. JSF and form-based authentication using Spring Security to display logged-in user
        1. Getting ready
        2. How do it...
        3. How it works...
        4. See also
      5. Using JSF with digest/hashing-based Spring Security
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      6. Logging out with JSF using Spring Security
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      7. Authenticating database with Spring Security and JSF
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      8. ApacheDS authentication with JSF and Spring Security
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      9. Authentication error message with JSF and Spring Security
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
    11. 4. Spring Security with Grails
      1. Introduction
      2. Spring Security authentication with Groovy Grails setup
        1. Getting ready
        2. How to do it…
        3. How it works…
        4. See also
      3. Spring Security with Grails to secure Grails controller
        1. Getting ready
        2. How to do it…
        3. How it works…
        4. See also
      4. Spring Security authentication with Groovy Grails logout scenario
        1. Getting ready
        2. How to do it…
        3. How it works…
        4. See also
      5. Spring Security with Groovy Grails Basic authentication
        1. Getting ready
        2. How to do it…
        3. How it works…
        4. See also
      6. Spring Security with Groovy Grails Digest authentication
        1. Getting ready
        2. How to do it…
        3. How it works...
        4. See also
      7. Spring Security with Groovy Grails multiple authentication
        1. Getting ready
        2. How to do it…
        3. How it works…
        4. See also
      8. Spring Security with Groovy Grails LDAP authentication
        1. Getting ready
        2. How to do it…
        3. How it works…
        4. See also
    12. 5. Spring Security with GWT
      1. Introduction
      2. Spring Security with GWT authentication using Spring Security Beans
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      3. Form-based authentication with GWT and Spring Security
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      4. Basic authentication with GWT and Spring Security
        1. Getting ready
        2. How to do it...
        3. How it works..
        4. See also
      5. Digest authentication with GWT and Spring Security
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      6. Database authentication with GWT and Spring Security
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      7. LDAP authentication with GWT and Spring Security
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
    13. 6. Spring Security with Vaadin
      1. Introduction
      2. Spring Security with Vaadin – basic authentication
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      3. Spring Security with Vaadin – Spring form-based authentication
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      4. Spring Security with Vaadin – customized JSP form-based authentication
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      5. Spring Security with Vaadin – using Vaadin form
        1. Getting ready
        2. How to do it...
        3. How it works...
    14. 7. Spring Security with Wicket
      1. Introduction
        1. Setting up a database
        2. Setting up the Wicket application
      2. Spring Security with Wicket – basic database authentication
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      3. Spring Security with Wicket – Spring form-based database authentication
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      4. Spring Security with Wicket – customized JSP form-based database authentication
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      5. Spring authentication with Wicket authorization
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      6. Multitenancy using Wicket and Spring Security
        1. Getting ready
        2. How to do it...
        3. How it works...
    15. 8. Spring Security with ORM and NoSQL DB
      1. Introduction
        1. Setting up the Spring Hibernate application
      2. Spring Security with Hibernate using @preAuthorize annotation
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      3. Spring Security with Hibernate using authentication provider with @preAuthorize annotation
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      4. Spring Security with Hibernate using UserDetailsService with Derby database
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      5. Spring Security with MongoDB
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
    16. 9. Spring Security with Spring Social
      1. Introduction
      2. Spring Security with Spring Social to access Facebook
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      3. Spring Security with Spring Social to access Twitter
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      4. Spring Security with multiple authentication providers
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      5. Spring Security with OAuth
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
    17. 10. Spring Security with Spring Web Services
      1. Introduction
      2. Applying Spring Security on RESTful web services
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      3. Spring Security for Spring RESTful web service using the cURL tool
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      4. Integrating Spring Security with Apache CXF RESTful web service
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      5. Integrating Spring Security with Apache CXF SOAP based web service
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      6. Integrating Spring Security with Apache Camel
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
    18. 11. More on Spring Security
      1. Introduction
      2. Spring Security with multiple authentication providers
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      3. Spring Security with multiple input authentications
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      4. Spring Security with Captcha integration
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      5. Spring Security with JAAS
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
    19. Index