2. Topics
• What is security?
• Acquaring & integrating Spring Security
• HTTP BASIC authentication (Basic & Form Login/Logout options)
• Authorization
• Security Interceptors, Filters
• Authentication Manager & Provider, Authorization Manager & Provider
• Advance concept of integration
By: SAURABH SHARMA | http://javazone.techsharezone.com 2
3. What is security?
• Spring Security provides comprehensive security services for J2EE-based enterprise
software applications. Its powerful, flexible and pluggable.
• Formerly known as “Acegi Security”.
• Authentication – Database, LDAP, CAS, OpenID, Pre-Authentication, custom, etc.
• Authorization – URL based, Method based (AOP)
• Its not Firewall, proxy sever, instruction detection system, OS security, JVM security
etc.
By: SAURABH SHARMA | http://javazone.techsharezone.com 3
4. Major Operations
• Authentication (Prove who you say you are!) – process of establishing a
principal (user, system etc. which can perform an action in application)
• Authorization (We know who you are but are you allowed to access what
you want) – process of deciding whether a principal allowed to perform an
action (access-control -> admin, leader, member, contractor, anonymous
etc.) Authorization process establishes identity of the principal , which is
used for authorizationdecision.
By: SAURABH SHARMA | http://javazone.techsharezone.com 4
14. Ant Patterns
• Spring Security uses an “AntPathRequestMatcher” to determine if a URL matches
the current URL. The following rules are used when matching:
a.Query parameters are not included in the match.
b.The contextPath is not included in the match.
c.? Matches one character.
d.* matches zero or more characters (not a directory delimiter i.e. /)
e.**matches zero or more ‘directories’ in a path.
By: SAURABH SHARMA | http://javazone.techsharezone.com 14
15. Ant patterns - Examples
• Ant pattern examples that assume a context path of/messages
By: SAURABH SHARMA | http://javazone.techsharezone.com 15