aspose file tools*
The moose likes Spring and the fly likes [Spring 3 Security] Integration with AJAX frameworks Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Frameworks » Spring
Bookmark "[Spring 3 Security] Integration with AJAX frameworks" Watch "[Spring 3 Security] Integration with AJAX frameworks" New topic
Author

[Spring 3 Security] Integration with AJAX frameworks

Vikas Kapoor
Ranch Hand

Joined: Aug 16, 2007
Posts: 1374
Hello Peter,

I would like to know if your book covers security integration with various AJAX frameworks. I quickly go through the TOC but could not spot it. Actually, in my current project we are facing some issue regarding integration of security 2.4 and DWR. so I wonder if your book covers this.

Thank you for writing book. It surely takes lots of effort.

Is review from moderator available yet?

Thank you.
Peter Mularien
Author
Ranch Hand

Joined: Sep 06, 2007
Posts: 84
Hello Vikas,

Unfortunately you are correct in that we don't specifically cover security of AJAX frameworks using Spring Security in the book. Typically, security of AJAX methods is handled through some more advanced configuration (or even customization), depending on how your AJAX calls are implemented - if they are simple REST or JSON/XML URL requests, Spring Sec can of course handle these just like any other URL - the challenge being correctly handling unauthenticated users and ensuring that they get authenticated. Typically this would happen through a combination of custom access denied handling (AuthenticationEntryPoint) and possibly custom Javascript to recognize when a "user is unauthenticated" request comes back from the server.

Actually, I did have coverage of AJAX techniques in the original outline for the book, but as I started exploring what I would need to cover, and the depth I would need to cover it (since many people really don't understand how AJAX works in the first place), it seemed like it would distract from the focus of the book, which was on the framework features and design itself. I would hope that if you were to read the book, you would have a better understanding of how to wire up AJAX in a secure fashion, even if it's not explicitly covered in the step-by-step approach that works effectively throughout the other examples in the book.

Maybe I should write a "Integrating Spring Security 3" book next

Best,
Peter


Author, Spring Security 3 (the Book), Packt Publishing, 2010
SCJP, OCP
Vikas Kapoor
Ranch Hand

Joined: Aug 16, 2007
Posts: 1374
Thanks Peter!
 
wood burning stoves
 
subject: [Spring 3 Security] Integration with AJAX frameworks