[Berkeley, CA], : Apress

New York, : Springer, c2013

9781430248194

143024819X

1 online resource (xx, 318 pages) : illustrations (some color)

The expert's voice in Spring

EleraManuel Jordan

005.3

Application software - Security measures

Application software - Development

Java (Computer program language)

Web site development

Computer networks - Security measures

Inglese

Includes index.

Cover; Title Page; Copyright Page; Contents at a Glance; Table of Contents; About the Author; About the Technical Reviewer; CHAPTER 1 The Scope of Security; The Network Security Layer; The Operating System Layer; The Application Layer; Authentication; Authorization; ACLs; Authentication and Authorization: General Concepts; What to Secure; More Security Concerns; Java Options for Security; Summary; CHAPTER 2 Introducing Spring Security; What Is Spring Security?; Where Does Spring Security Fit In?; Spring Security and Spring; Spring Framework: A Quick Overview; Dependency Injection

Aspect Oriented Programming (AOP)An Initial Spring Security Secured Application; Adding Spring Security (and Spring Core Itself ) to the Project; Spring Security Source; Configuring the Web Project To Be Aware of Spring Security; Understanding the Simple Application; Summary; CHAPTER 3 Spring Security Architecture and Design; What Components Make Up Spring Security?; The 10,000-Foot View; The 1,000-Foot View; The 100-Foot View; The Security Interceptor; The XML Namespace; The Filters and Filter Chain; ConfigAttribute; The

Authentication Object; SecurityContext and SecurityContextHolder

AuthenticationProviderAccessDecisionManager; AffirmativeBased; ConsensusBased; UnanimousBased; AccessDecisionVoter; UserDetailsService and AuthenticationUserDetailsService; UserDetails; ACL; JSP Taglib; Good Design and Patterns in Spring Security; Strategy Pattern; Decorator Pattern; SRP; DI; Summary; CHAPTER 4 Web Security; Introducing the Simple Example Application; The Special URLs; Custom Login Form; Basic HTTP Authentication; Digest Authentication; Remember-Me Authentication; Allowing Remember-Me Access to Selected Parts of the Application; Logging Out

The Session (javax.servlet.http.HttpSession) and the SecurityContextBeyond Simple User Roles: Using Spring Expression Language to Secure the Web Layer; Extend with Your Own Expressions; Switching to a Different User; Session Management; Using Different Pattern Matchers for Matching Requests; Forcing the Request to HTTPS; Using the JSP Taglib; Role Hierarchies; Summary; CHAPTER 5 Securing the Service Layer; The Limitations of Web-Level Security; What Is Business Service-Level Security?; Setting Up the Example for the Chapter; How the Described Actions Happen Under the Hood

Creating a Business Layer in Your Application@RolesAllowed Annotation; Securing the Application Using SpEL Expressions; Securing the Data Returned from a Method; Filtering Collections Sent and Returned from Methods; Security Defined in XML; Security Without a Web Layer; Using AspectJ AOP instead of Spring AOP; Summary; CHAPTER 6 Configuring Alternative Authentication Providers; Database-Provided Authentication; Creating the Basic Tables; Using Groups; Using Existing Schemas; LDAP Authentication; Installing and Configuring LDAP

Other Attributes and Elements in the LDAP Spring Security Namespace

Security is a key element in the development of any non-trivial application. The Spring Security Framework provides a comprehensive set of functionalities to implement industry-standard authentication and authorization mechanisms for Java applications. Pro Spring Security will be a reference and advanced tutorial that will do the following: Guides you through the implementation of the security features for a Java web application by presenting consistent examples built from the ground-up. Demonstrates the different authentication and authorization methods to secure enterprise-level applications by using the Spring Security Framework. Provides you with a broader look into Spring security by including up-to-date use cases such as building a security layer for RESTful web services and Grails applications.