Monday, December 10, 2012

Spring Social with JavaConfig (Part 4)

Review

In the previous section, we have discussed the Spring Social-related configuration. In this section we will focus on Spring Security for securing our application.

Table of Contents

Click on a link to jump to that section:
  1. Functional Specs
  2. Generate OAuth keys
    • Facebook
    • Twitter
  3. Spring Social configuration
  4. Spring Security configuration
  5. JavaConfig
    • ApplicationInitializer.java
    • ApplicationContext.java
    • DataConfig.java
    • ThymeleafConfig.java
    • spring.properties
  6. View with Thymeleaf
  7. Layers
    • Domain
    • Repository
    • Service
    • Controller
  8. Running the application
    • Clone from GitHub
    • Create the Database
    • Run with Maven and Tomcat 7
    • Run with Maven and Jetty 8
    • Import to Eclipse
    • Validate with W3C

Spring Security


What is Spring Security?

Spring Security is a powerful and highly customizable authentication and access-control framework. It is the de-facto standard for securing Spring-based applications.

Spring Security is one of the most mature and widely used Spring projects. Founded in 2003 and actively maintained by SpringSource since, today it is used to secure numerous demanding environments including government agencies, military applications and central banks. It is released under an Apache 2.0 license so you can confidently use it in your projects.

Source: http://www.springsource.org/spring-security

Here's our Spring Security configuration:

SecurityConfig.java

First, we declare a DelegatingFilterProxy bean using JavaConfig. This allows Spring Security to intercept requests to our application and verify if the required authentication and authorization are met. This bean needs to be registered in the web.xml (or ApplicationInitializer) as a filter (see next section).

Second, we declare the usual XML-based configuration. This allows us to define the intercept-url patterns. Why are we not using JavaConfig here? Because the XML-based configuration is simpler, less-verbose, and easier:

spring-security.xml


For an in-depth explanation of this configuration, please see my tutorial on Spring Security 3.1 - Implement UserDetailsService with Spring Data JPA

Next

In the next section, we will study the remaining JavaConfig-based configuration. Click here to proceed.
StumpleUpon DiggIt! Del.icio.us Blinklist Yahoo Furl Technorati Simpy Spurl Reddit Google I'm reading: Spring Social with JavaConfig (Part 4) ~ Twitter FaceBook

Subscribe by reader Subscribe by email Share

5 comments:

  1. Hi sir This is very nice blog.
    This helped me alot.


    Sir i want JAAS Integration with SpringMVC frame work. Can you please help me out
    Thanks.
    Dillirao

    ReplyDelete
  2. Your blog is so helpful, ever since I found it I have spent scountless hours on it and it is so easy to follow. You are the reason I was able to complete a lot of my projects at work with very little downtime.
    Thank you so much for taking the time to explain every minute detail.

    ReplyDelete
  3. generate OAuth keys for Facebook and Twitter (Online Java Training) Generate OAuth keys Java Training in Chennai Consumer key and Consumer secret values: J2EE Training in Chennai

    ReplyDelete
  4. I have read your blog its very attractive and impressive. I like it your blog.

    Spring online training Spring online training Spring Hibernate online training Spring Hibernate online training Java online training

    spring training in chennai spring hibernate training in chennai

    ReplyDelete