Friday, April 5, 2013

Book Review: Spring Security 3.1

I haven't written any tutorials for my blog since December because of a new job I just got in Chicago. And today I won't be sharing any new tutorials as well. But don't despair because I will be sharing my review of another Spring book: Spring Security 3.1 by Robert Winch and Peter Mularien and published by Packt Publishing. You can find the book at for $25.49.

It may sound that I'm selling, but I'm not. I'm actually promoting this book because it's a great reference that will help all developers regardless of expertise. In addition, the book is written by Robert, the project lead for Spring Security and by Peter, the author of the Spring Security 3 book. That means you're getting your information from the source and experts!

What's good about this book?
The book is fully packed with information regarding various aspects of Spring Security and integration steps with different scenarios, such as:

  • Basic Spring Security configuration
  • OpenID integration
  • Access Control List (ACL)
  • JDBC-based configuration
  • Remember-me services
  • LDAP-based authentication
  • Single Sign-on services
  • JSF and GWT integration
  • and many more

I like how the introduction starts with a fictitious company and enumerates the reasons why you may need to secure an unsecured application. There's an index that shows how to load the sample projects in STS and configure Tomcat along with SSL. If you have read the previous Spring Security 3 book, you might find the contents somewhat similar.

For me the most interesting chapters are Chapter 3: Custom Authentication and Chapter 10: Fine-grained Access Control because both chapters provide information on how to adapt Spring Security to match any project requirements.

What's bad about this book?
I believe the glaring problem of this book is it doesn't describe a whole project in any of its chapters. Mostly the chapters are focus on each aspect of Spring Security. They are detailed, but it's hard to see the overview or the general outlook of the chapter. Maybe because I'm used to the way I present my blog, and I prefer to have a full project laid out. Then describe each section part-by-part. Though there are samples in the book, but it's up to the reader to comprehend the whole project. But overall, this book is a great reference.
StumpleUpon DiggIt! Blinklist Yahoo Furl Technorati Simpy Spurl Reddit Google I'm reading: Book Review: Spring Security 3.1 ~ Twitter FaceBook

Subscribe by reader Subscribe by email Share


  1. I read it and agree with you. Your tutorials on the subject are great resources to use with the book.

  2. Thanks for the tip on the book. This may help me understand Spring Security better. Right now I just use grails in my projects, which hides so many details about the underlying framework.

  3. Then describe each section part-by-part. Though there are samples in the book, but it's up to the reader to comprehend the whole project. But overall, this book is a great reference. WOW Gold
    Gold Kaufen für World of Warcraft

  4. Dear sir,

    I'm working with CAS Single sign-on using Spring Security. I have a problem:

    I have 2 app: app1 and app2 using CAS Server

    In browser (Firefox) and I open 2 tabs on this browser.

    Then, paste address to login app1(using user1) and app2 (using user2)on each this tabs.

    Next, app1 login, generate it's Ticket Granting Cookie(TGC).

    After app2 login, generate it's Ticket Granting Cookie and override app1's TGC.

    On app1, I have a link, when click it, it will open a tab of app2.

    I would like app2 login with user 1 but not so.

    Help me.

    Thanks very much

  5. Thanks for those great tutorials. An advise for

    After imported as maven project in Eclipse, you can get this error:
    The superclass "javax.servlet.http.HttpServlet" was not found on the Java Build Path

    You should include servlet-api-3.1.jar in your dependencies in pom.xml:


    1. I meant:


  6. Really something grate in this article ,Thanks for sharing this. We are providing JAVA courses training online. After reading this slightly am changed my way of introduction about my training to people. And also refer my website for JAVA Training and solutions of JAVA applications. Please Visit Us @ JAVA training courses online

  7. This is extremely helpful info!! Very good work. Everything is very interesting to learn and easy to understood. Thank you for giving information.
    i like play games friv4 Download baixar facebook movel

  8. Hi please write tutorial for sitemesh integration into spring boot .


  9. Thanks for sharing this quality information with us. I really enjoyed reading. I think I need it.
    Games for girls|
    Kizi 1|
    Kizi 2

  10. Great article! I loved the insight and advice given. Further, your blogging style is very fun to read. If you have enough time please explore my brand new blog and let me know what you think.
    happy wheels
    super mario bros

  11. Thanks for sharing the information. It is very useful for my future. keep sharing
    Kizi 123|
    Friv 234|

  12. Thanks for sharing your info. I really appreciate your efforts and I will be waiting for your further write
    Kizi 123|
    Friv 234|

  13. Thanks for your great article friend, i get new information, new ideas to do somethings, i hope you will share again, i keep waiting for next post, thanks.
    Friv 4
    Kizi 3

  14. I would like more information about this, because it is very nice., Thanks for sharing.
    Friv 10

  15. Nice Information you have written here. Really Great Stuff. I keep it bookmark for our future purpose.

    We are also Web development Company in India who provide the services in Android App Development in Nagpur , SEO Company in Nagpur , Ecommerce Website Development in Nagpur. Visit Us today

    AceZed IT Solution

  16. Thank you for sharing a great information and useful. it really necessary and timely for me at this time. I wanted to share this information with my friends on the social network facebook.!
    Friv 10000

  17. When you develop a Java EE enterprise application Spring Security (Java Training Institutes in Chennai ) is an essential concept. This book ( Java EE Training) is really good to learn Spring Security. The prerequisites (Java Training in Chennai) is configure Tomcat along with SSL.

  18. This is something special! never seen this before! thank you

  19. You need to kill time, you need entertainment. Refer to our website. hope you get the most comfort.
    Thanks you for sharing!
    Friv Games