Friday, April 5, 2013

Book Review: Spring Security 3.1

I haven't written any tutorials for my blog since December because of a new job I just got in Chicago. And today I won't be sharing any new tutorials as well. But don't despair because I will be sharing my review of another Spring book: Spring Security 3.1 by Robert Winch and Peter Mularien and published by Packt Publishing. You can find the book at http://www.packtpub.com/spring-security-3-1/book for $25.49.

It may sound that I'm selling, but I'm not. I'm actually promoting this book because it's a great reference that will help all developers regardless of expertise. In addition, the book is written by Robert, the project lead for Spring Security and by Peter, the author of the Spring Security 3 book. That means you're getting your information from the source and experts!

What's good about this book?
The book is fully packed with information regarding various aspects of Spring Security and integration steps with different scenarios, such as:


  • Basic Spring Security configuration
  • OpenID integration
  • Access Control List (ACL)
  • JDBC-based configuration
  • Remember-me services
  • LDAP-based authentication
  • Single Sign-on services
  • JSF and GWT integration
  • and many more

I like how the introduction starts with a fictitious company and enumerates the reasons why you may need to secure an unsecured application. There's an index that shows how to load the sample projects in STS and configure Tomcat along with SSL. If you have read the previous Spring Security 3 book, you might find the contents somewhat similar.

For me the most interesting chapters are Chapter 3: Custom Authentication and Chapter 10: Fine-grained Access Control because both chapters provide information on how to adapt Spring Security to match any project requirements.

What's bad about this book?
I believe the glaring problem of this book is it doesn't describe a whole project in any of its chapters. Mostly the chapters are focus on each aspect of Spring Security. They are detailed, but it's hard to see the overview or the general outlook of the chapter. Maybe because I'm used to the way I present my blog, and I prefer to have a full project laid out. Then describe each section part-by-part. Though there are samples in the book, but it's up to the reader to comprehend the whole project. But overall, this book is a great reference.
StumpleUpon DiggIt! Del.icio.us Blinklist Yahoo Furl Technorati Simpy Spurl Reddit Google I'm reading: Book Review: Spring Security 3.1 ~ Twitter FaceBook

Subscribe by reader Subscribe by email Share

4 comments:

  1. I read it and agree with you. Your tutorials on the subject are great resources to use with the book.

    ReplyDelete
  2. Thanks for the tip on the book. This may help me understand Spring Security better. Right now I just use grails in my projects, which hides so many details about the underlying framework.

    ReplyDelete
  3. Then describe each section part-by-part. Though there are samples in the book, but it's up to the reader to comprehend the whole project. But overall, this book is a great reference. WOW Gold
    Gold Kaufen für World of Warcraft

    ReplyDelete
  4. Dear sir,

    I'm working with CAS Single sign-on using Spring Security. I have a problem:

    I have 2 app: app1 and app2 using CAS Server

    In browser (Firefox) and I open 2 tabs on this browser.

    Then, paste address to login app1(using user1) and app2 (using user2)on each this tabs.

    Next, app1 login, generate it's Ticket Granting Cookie(TGC).

    After app2 login, generate it's Ticket Granting Cookie and override app1's TGC.

    On app1, I have a link, when click it, it will open a tab of app2.

    I would like app2 login with user 1 but not so.


    Help me.

    Thanks very much

    ReplyDelete