Maksym Titov27.4.2011

Spring security 3

Why Spring Security?

Popularity,Features

Three easy steps

XML configuration file

DelegatingFilterProxy to web.xml

XML configuration reference to web.xml

Filter chain

User experience

Customization

Password change management

InMemoryDaoImpl Configuration Page Controller

Securing Credential Storage

Database

Advanced configuration of JdbcDaoImpl

User groups

Legacy schema

Secure passwords

Encoding, salt

‘Remember me’

Safe, but be careful

SSL

Transport layer security

Business layer security

public interface IUserService { @PreAuthorize("hasRole('ROLE_USER')") public void changePassword(String username, String password);}

@PreAuthorizeJSR-250 compliant rules@SecuredAspect Oriented Programming

Conditional rendering

Internal customization

SECURITY FILTER

AUTHENTICATION PROVIDER

Session management and concurrency

Session fixation

Concurrent session control

Exception handling

<http auto-config="true" ...><access-denied-handler error-page =

"/accessDenied.do"/></http>

AuthenticationExceptionAccessDeniedException

External security systems

Active directoryOpenIdLDAP