Enterprise Security with Spring

Spring Security (formerly known as 'Acegi') enables self-contained, consistent, and extensible solutions for securing your applications. Version 2.0 provides major enhancements including a domain-specific XML namespace, convention-based defaulting, and annotation support. This provides a significantly simpler experience for developers while still supporting the same degree of flexibility.

Spring Security's interceptor-based approach is non-invasive even when extended to accommodate domain-specific requirements. The two main security processes (authentication and authorization) are decoupled in order to provide flexibility across a wide variety of providers and strategies. This presentation will include an overview of Spring Security's pluggable authentication process and how it accommodates a wide range of possibilities including Database, LDAP, Single Sign On, and even an in-memory option for development and testing. We will then proceed to cover authorization where you will see its consistent approach for securing web requests and method invocations. Throughout the session, we will walk through a sample application that demonstrates Spring Security's core features.

About Mark Fisher

Mark Fisher is an engineer at Pivotal and has been a member of the Spring team for over 7 years. Currently he co-leads Spring XD and also manages the group responsible for Spring Integration, Spring Batch, and Spring AMQP. Mark has provided consulting services for dozens of clients and has trained hundreds of developers how to use the Spring Framework and related projects effectively. He speaks regularly at conferences and user groups in America and Europe and is one of the authors of Spring Integration in Action, published by Manning in 2012.

More About Mark »