File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Spring and the fly likes Spring 3 Security Book Approach Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Spring
Bookmark "Spring 3 Security Book Approach" Watch "Spring 3 Security Book Approach" New topic

Spring 3 Security Book Approach

Mark Reyes
Ranch Hand

Joined: Jul 09, 2007
Posts: 426
Hi Peter,

I just recently learned about spring framework and still trying to understand some nitty gritty details.
I am using it in my sample application right now.

Often, when I hear about web-app security, its the job of the architect to deal with it.

I basically perform some simple security aspects such as DB Validation/restrict access to certain urls.
Other than that, I must admit that my knowledge about security is a little shallow.

My question would be, can a beginner like me can catch up with the examples in the book?
I mainly use Tomcat as the Web Server, does this book has preference to others(Apache/Websphere/JBOSS)?


Sean Clark ---> I love this place!!!
Me ------> I definitely love this place!!!
Peter Mularien
Ranch Hand

Joined: Sep 06, 2007
Posts: 84
Hello Mark,

Definitely! Actually, for convenience and out of its familiarity to most developers, we use Tomcat for all the examples in this book. The application is a (purposely) very simple "e-commerce" site (see this thread for a more detailed explanation of the design choices), and we start with conceptual building blocks (what is authentication? what is authorization?) as well as technical building blocks (how does a servlet filter chain work?) as we progressively secure the example site.

I certainly intended for this book to be very accessible to beginners (although we assume you know something about Spring, we don't use any advanced features of it), and I haven't (yet) had any feedback from readers that it's not - in fact, quite the opposite, all the feedback I've personally received thus far has been very positive

Based on the needs you list for your application (URL restriction, database validation), it sounds like Spring Security would replace a lot of your code with (most likely) a much simpler out of the box solution - if you're using Spring already, you should definitely check it out

I hope that answers your question!


Author, Spring Security 3 (the Book), Packt Publishing, 2010
I agree. Here's the link:
subject: Spring 3 Security Book Approach
It's not a secret anymore!