I used JAAS to authenticate to Active directory through LDAP. I had a little trouble getting it going and couldn't get Kerberos working. Does the "Spring Security 3" book have examples of Active Directory integration? Do you discuss the pros and cons of using LDAP and Kerberos and how they work together? Does Spring allow me to use LDAPv3 and force TLS?
The nuances of Authentication vs. Authorization are a bit confusing if you try to implement without a clear understanding of each. If it adds some conceptual clarity and gives a little practical example this book is worth it's weight in gold.
Well, you'll be happy to know that we cover all of these questions in the book, with the exception of the more detailed question about LDAPv3/TLS. We actually hit on Active Directory in two chapters, first in the end of the LDAP chapter, where we connect to MSAD via LDAP, and second in our chapter entirely devoted to the Spring Security Kerberos Extension, where we use AD's Kerberos compliance to wire Spring Security 3 to it as a Kerberos provider. I think this covers both of your scenarios, although keep in mind that even today, the Spring Security Kerberos Extension is not finalized (the book covers up to 1.0M2, which is the current official release).
Although I can't promise you'll be rich if you buy this book, in terms of coverage of high level concepts such as authentication and authorization, you'll be very pleased - this was one area that I have seen newcomers to Spring Security struggle with a lot, and as such, I wanted to make sure that readers had both a practical understanding (through an example-driven approach) as well as a conceptual understanding (required for long-term success) of all the topics that we covered. I think we've done a great job in both these areas, and I do hope you end up finding the book helpful for all of these reasons.
Author, Spring Security 3 (the Book), Packt Publishing, 2010
Joined: Mar 21, 2008
Thank you for your reply. I will pick up a copy of your book. I really like the idea of having that knowledge condensed and at my fingertips. I'm glad you covered these higher level concepts.
I specifically look forward to reading about the Spring Security Kerberos Extension. I'm trying to teach myself to code securely. I understand Spring Security is only one layer, but it will be nice to use a comprehensive authentication and authorization layer. I'm starting to drink the Spring Kool-Aid across the board.