Spring Security in the simplest possible way!

Spring security has support for almost all the security protocols being used today. Here is the introduction and list of technologies supported by Spring. In addition it supports OAuth 1.0 and 2.0 !!!

In this article, I describe Spring security at very basic level: how to implement a simple client-server authentication using Spring security. So lets take a look at the steps to do this.

  • Including Spring security libraries in your classpath. If you are using eclipse put these .jar files into  WEB-INF/libs folder and add them to the build path.
 Note: These are the required srping security libraries
    • spring-security-core
    • spring-security-config
    • sprng-security-web
  • Creating the Spring security configurations file, say spring-security-context.xml. and configuring the namespaces.
my spring-security-context.xml file
Loading ....

  • Adding the  spring-security-config.xml to the web.xml file so that it can be loaded as a part of the spring application context.
  • Adding spring security filters
my web.xml file
Loading ....

Advanced Stuff

  • SecurityContextHolder, to provide access to the SecurityContext.
  • SecurityContext, to hold the Authentication and possibly request-specific security information.
  • Authentication, to represent the principal in a Spring Security-specific manner.
  • GrantedAuthority, to reflect the application-wide permissions granted to a principal.
  • UserDetails, to provide the necessary information to build an Authentication object from your application's DAOs or other source source of security data.
  • UserDetailsService, to create a UserDetails when passed in a String-based username (or certificate ID or the like).

No comments:

Post a Comment