Securing Spring

In this session, I'll show you how to secure your Spring application with Spring Security 3.2. You'll see how to declare both request-oriented and method-oriented security constraints. And you'll see how SpEL can make simple work of expressing complex security rules.

Although we may invite guests into our homes and give someone a ride in our car, we locks and alarms on our homes and our cars to keep uninvited and malicious visitors out. Similarly, we allow people to use the applications that we develop, but we probably want to control the access that they have.

Security is an important aspect of any application. And while we could program security rules into the web controllers and methods in our application, we'd find ourselves cluttering our business logic with repetitive security code. Security is a cross-cutting concern–begging to be handled with aspect-oriented techniques.

Spring Security is an authentication and access-control framework based on Spring that provides security aspects. With Spring Security, you can declare who is allowed to access your application and what they're allowed to see, keeping your application logic focused and uncluttered with security details.