ReviewIn the previous section, we have discussed the Spring Social-related configuration. In this section we will focus on Spring Security for securing our application.
Table of Contents
Click on a link to jump to that section:
Spring Social configuration
Spring Security configuration
View with Thymeleaf
Running the application
- Clone from GitHub
- Create the Database
- Run with Maven and Tomcat 7
- Run with Maven and Jetty 8
- Import to Eclipse
- Validate with W3C
What is Spring Security?
Spring Security is a powerful and highly customizable authentication and access-control framework. It is the de-facto standard for securing Spring-based applications.
Spring Security is one of the most mature and widely used Spring projects. Founded in 2003 and actively maintained by SpringSource since, today it is used to secure numerous demanding environments including government agencies, military applications and central banks. It is released under an Apache 2.0 license so you can confidently use it in your projects.
Here's our Spring Security configuration:
First, we declare a DelegatingFilterProxy bean using JavaConfig. This allows Spring Security to intercept requests to our application and verify if the required authentication and authorization are met. This bean needs to be registered in the web.xml (or ApplicationInitializer) as a filter (see next section).
Second, we declare the usual XML-based configuration. This allows us to define the intercept-url patterns. Why are we not using JavaConfig here? Because the XML-based configuration is simpler, less-verbose, and easier:
For an in-depth explanation of this configuration, please see my tutorial on Spring Security 3.1 - Implement UserDetailsService with Spring Data JPA
NextIn the next section, we will study the remaining JavaConfig-based configuration. Click here to proceed.
Share the joy:
Subscribe by reader Subscribe by email Share