This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Spring and the fly likes [Spring 3 Security] Integration with AJAX frameworks Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Frameworks » Spring
Bookmark "[Spring 3 Security] Integration with AJAX frameworks" Watch "[Spring 3 Security] Integration with AJAX frameworks" New topic
Author

[Spring 3 Security] Integration with AJAX frameworks

Vikas Kapoor
Ranch Hand

Joined: Aug 16, 2007
Posts: 1374
Hello Peter,

I would like to know if your book covers security integration with various AJAX frameworks. I quickly go through the TOC but could not spot it. Actually, in my current project we are facing some issue regarding integration of security 2.4 and DWR. so I wonder if your book covers this.

Thank you for writing book. It surely takes lots of effort.

Is review from moderator available yet?

Thank you.
Peter Mularien
Author
Ranch Hand

Joined: Sep 06, 2007
Posts: 84
Hello Vikas,

Unfortunately you are correct in that we don't specifically cover security of AJAX frameworks using Spring Security in the book. Typically, security of AJAX methods is handled through some more advanced configuration (or even customization), depending on how your AJAX calls are implemented - if they are simple REST or JSON/XML URL requests, Spring Sec can of course handle these just like any other URL - the challenge being correctly handling unauthenticated users and ensuring that they get authenticated. Typically this would happen through a combination of custom access denied handling (AuthenticationEntryPoint) and possibly custom Javascript to recognize when a "user is unauthenticated" request comes back from the server.

Actually, I did have coverage of AJAX techniques in the original outline for the book, but as I started exploring what I would need to cover, and the depth I would need to cover it (since many people really don't understand how AJAX works in the first place), it seemed like it would distract from the focus of the book, which was on the framework features and design itself. I would hope that if you were to read the book, you would have a better understanding of how to wire up AJAX in a secure fashion, even if it's not explicitly covered in the step-by-step approach that works effectively throughout the other examples in the book.

Maybe I should write a "Integrating Spring Security 3" book next

Best,
Peter


Author, Spring Security 3 (the Book), Packt Publishing, 2010
SCJP, OCP
Vikas Kapoor
Ranch Hand

Joined: Aug 16, 2007
Posts: 1374
Thanks Peter!
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: [Spring 3 Security] Integration with AJAX frameworks
 
Similar Threads
Spring in action - integration with other web frameworks
Strategies for AJAX adoption
To Authors: example application using different approaches
Wicket in Action: advanced topics
Will we ever see compatiblity between different component libraries?