Spring Security with ACEGI

Spring offers developers a simpler, more robust method for configuring applications. These benefits extend to security through the ACEGI framework. ACEGI makes the otherwise daunting task of securing your application logical and straightforward. More importantly, through its support for single sign-on provision through Yale's CAS system and its ability to provide instance-level authorization, Spring extends the common security model of most J2EE apps beyond what they are traditionally capable of.

In this session, we'll explore:

• configuring ACEGI to authorize against an in-memory user list, a database, and a JAAS login module
• page level authorization
• method level authorization
• instance level authorization
• forcing HTTPS connections to secured sites
• impersonation using the RunAsManager

About Stuart Halloway

Stuart Halloway is a founder and President of Cognitect, Inc. (www.cognitect.com). He is a Clojure committer, and a developer of the Datomic database.

Stuart has spoken at a variety of industry events, including StrangeLoop, Clojure/conj, EuroClojure, ClojureWest, SpeakerConf, QCon, GOTO, OSCON, RailsConf, RubyConf, JavaOne, and NFJS.

Stuart has written a number of books and technical articles. Of these, he is most proud of Programming Clojure.

Learn more about Stu's presentations on his wiki.

More About Stuart »