Did you manage to get all the features you wanted
to explain in the e-commerce website used as an
example in your book. Or was there something you
would have liked to include, but didn't for one or
the other reason?
Great question. In fact, yes - if you look at the example application as a full e-commerce site (such as the excellent Java Pet Store application commonly used), you'll find it pretty pathetic. After a lot of debate (with myself), I ended up deciding that I'd make the application as simple as possible, so that I didn't confuse readers by adding functionality that was really feature-driven, and not directly tied to anything in Spring Security. The upside of this is that the book really focuses on a step-wise approach of adding security functionality to the site, using the site as a baseline template to which we bolt on different things. In some cases this really doesn't make sense (for example, using CAS authentication against a true e-commerce site would be nonsensical), but the consistency and reuse of the same site throughout the book allows us to focus on only those configuration elements that you are required to add to enable a particular type of integration or feature.
There's certainly a lot more I would have liked to include - as I say on the book's web site and in the introduction, the book is not a reference manual, and it doesn't cover everything in the framework - but it's not intended to be, it's intended to cover in an appropriate and clear level of detail many of the key architectural and conceptual elements required to implement Spring Security, and many of the key integration points that the framework has. Some may find it frustrating that I didn't cover a particular topic near and dear to them, and for this I apologize! My hope is that even if I don't cover something in particular (basic authentication being an example), I cover things similar enough to it that understanding the concepts, plus the implementation of similar features, will enable the reader to be far more productive than simply reading the (excellent) reference documentation that comes with Spring Security 3.
Hope that's not too long-winded an answer to your question!
Author, Spring Security 3 (the Book), Packt Publishing, 2010
Joined: Dec 16, 2003
long-winded...not at all, thanks for the explanation!