Chapter 8. Configuring security
This chapter covers
- Spring Security concepts
- Configuring security
- Generating configuration files
- Protecting URLs
- Customizing authorization credential storage
- Creating user and role management pages
- Implementing authentication to resources
- Enabling security event logging
Most applications have to provide some level of security to prevent unauthorized users or external programs from accessing the system. In traditional Java EE applications, developers would delegate security to the application server infrastructure. Although there’s a standard API for Java security—the Java Authentication and Authorization Service, or JAAS—it doesn’t standardize the entire process of implementing the application security. As a result, integrating security into applications ends up being a one-off affair for each application server a team encounters.
Spring developers know there’s a better solution: configure the Spring Security API. Originally called ACEGI Security (and later acquired by SpringSource), the Spring Security API is a platform-neutral, general-purpose, security API that can be hosted on any Java application server without changing the code written by a developer.