Chapter 15. Securing applications
This chapter covers
- Spring Security overview
- Using Spring AOP to secure applications
- Using AspectJ to secure applications
Security is an important consideration in modern, highly connected software systems. Most applications need to expose functionality through multiple interfaces to allow access to the business data and make complex integration possible. But they need to do so in a secured manner. It isn’t a surprise that most enterprises spend substantial time, energy, and money to secure applications. Security consists of many components such as authentication, authorization, auditing, protection against web site attacks, and cryptography. In chapter 10, we discussed auditing that you can target for various purposes including security. In this chapter, we’ll focus on authentication and authorization.
Implementing security using conventional programming techniques requires you to modify multiple modules to add authentication and authorization code. For instance, to implement access control in an e-commerce system, you must invoke security code from methods of inventory control and procurement modules.