Enterprise Security with Spring

Spring Security (formerly known as 'Acegi') enables self-contained, consistent, and extensible solutions for securing your applications. Version 2.0 provides major enhancements including a domain-specific XML namespace, convention-based defaulting, and annotation support. This provides a significantly simpler experience for developers while still supporting the same degree of flexibility.

Spring Security's interceptor-based approach is non-invasive even when extended to accommodate domain-specific requirements. The two main security processes (authentication and authorization) are decoupled in order to provide flexibility across a wide variety of providers and strategies. This presentation will include an overview of Spring Security's pluggable authentication process and how it accommodates a wide range of possibilities including Database, LDAP, Single Sign On, and even an in-memory option for development and testing. We will then proceed to cover authorization where you will see its consistent approach for securing web requests and method invocations. Throughout the session, we will walk through a sample application that demonstrates Spring Security's core features.

About Ramnivas Laddad

Ramnivas Laddad is a well-known expert in enterprise Java, especially in the area of AOP and Spring. He is a Spring Framework and Cloud Foundry committer. Ramnivas is also the author of AspectJ in Action, the best-selling book on AOP and AspectJ that has been lauded by industry experts for its presentation of practical and innovative AOP applications to solve real-world problems. He has spoken at many leading industry events including JavaOne, JavaPolis, No Fluff Just Stuff, SpringOne, and O'Reilly OSCON. In recent years, Ramnivas has become a Scala fan. Ramnivas lives in the Silicon Valley.

More About Ramnivas »