Spring Security 3.x Cookbook

Table of Contents

Spring Security 3.x Cookbook

Credits

About the Author

About the Reviewers

www.PacktPub.com

Support files, eBooks, discount offers and more

Why Subscribe?

Free Access for Packt account holders

Preface

Introduction

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the example code

Errata

Piracy

Questions

1. Basic Security

Introduction

JAAS-based security authentication on JSPs

Getting ready

How to do it...

How it works...

See also

JAAS-based security authentication on servlet

Getting ready

How to do it...

How it works...

See also

Container-based basic authentication on servlet

Getting ready

How to do it...

How it works...

See also

Form-based authentication on servlet

Getting ready

How to do it...

How it works...

See also

Form-based authentication with open LDAP and servlet

Getting ready

How to do it...

How it works...

See also

Hashing/Digest authentication on servlet

Getting ready

How to do it....

How it works...

See also

Basic authentication for JAX-WS and JAX-RS

Getting ready

How to do it...

How it works...

See also

Enabling and disabling the file listing

How to do it...

See also

2. Spring Security with Struts 2

Introduction

Integrating Struts 2 with Spring Security

Getting ready

How to do it...

How it works...

See also

Struts 2 application with basic Spring Security

Getting ready

How to do it...

How it works...

See also

Using Struts 2 with digest/hashing-based Spring Security

Getting ready

How to do it...

How it works...

See also

Using Spring Security logout with Struts 2

Getting ready

How to do it...

How it works...

There's more...

See also

Authenticating databases with Struts 2 and Spring Security

Getting ready

How to do it...

How it works...

There's more...

See also

Getting the logged-in user info in Struts 2 with Spring Security

Getting ready

How to do it...

How it works...

There's more...

See also

Displaying custom error messages in Struts 2 for authentication failure

Getting ready

How to do it...

How it works...

See also

Authenticating with ApacheDS with Spring Security and Struts 2 application

Getting ready

How to do it...

How it works...

See also

3. Spring Security with JSF

Introduction

Integrating JSF with Spring Security

Getting ready

How to do it...

How it works...

See also

JSF with form-based Spring Security

Getting ready

How to do it...

How it works...

See also

JSF and form-based authentication using Spring Security to display logged-in user

Getting ready

How do it...

How it works...

See also

Using JSF with digest/hashing-based Spring Security

Getting ready

How to do it...

How it works...

See also

Logging out with JSF using Spring Security

Getting ready

How to do it...

How it works...

See also

Authenticating database with Spring Security and JSF

Getting ready

How to do it...

How it works...

See also

ApacheDS authentication with JSF and Spring Security

Getting ready

How to do it...

How it works...

See also

Authentication error message with JSF and Spring Security

Getting ready

How to do it...

How it works...

See also

4. Spring Security with Grails

Introduction

Spring Security authentication with Groovy Grails setup

Getting ready

How to do it…

How it works…

See also

Spring Security with Grails to secure Grails controller

Getting ready

How to do it…

How it works…

See also

Spring Security authentication with Groovy Grails logout scenario

Getting ready

How to do it…

How it works…

See also

Spring Security with Groovy Grails Basic authentication

Getting ready

How to do it…

How it works…

See also

Spring Security with Groovy Grails Digest authentication

Getting ready

How to do it…

How it works...

See also

Spring Security with Groovy Grails multiple authentication

Getting ready

How to do it…

How it works…

See also

Spring Security with Groovy Grails LDAP authentication

Getting ready

How to do it…

How it works…

See also

5. Spring Security with GWT

Introduction

Spring Security with GWT authentication using Spring Security Beans

Getting ready

How to do it...

How it works...

See also

Form-based authentication with GWT and Spring Security

Getting ready

How to do it...

How it works...

See also

Basic authentication with GWT and Spring Security

Getting ready

How to do it...

How it works..

See also

Digest authentication with GWT and Spring Security

Getting ready

How to do it...

How it works...

See also

Database authentication with GWT and Spring Security

Getting ready

How to do it...

How it works...

See also

LDAP authentication with GWT and Spring Security

Getting ready

How to do it...

How it works...

There's more...

6. Spring Security with Vaadin

Introduction

Spring Security with Vaadin – basic authentication

Getting ready

How to do it...

How it works...

See also

Spring Security with Vaadin – Spring form-based authentication

Getting ready

How to do it...

How it works...

See also

Spring Security with Vaadin – customized JSP form-based authentication

Getting ready

How to do it...

How it works...

See also

Spring Security with Vaadin – using Vaadin form

Getting ready

How to do it...

How it works...

7. Spring Security with Wicket

Introduction

Setting up a database

Setting up the Wicket application

Spring Security with Wicket – basic database authentication

Getting ready

How to do it...

How it works...

See also

Spring Security with Wicket – Spring form-based database authentication

Getting ready

How to do it...

How it works...

See also

Spring Security with Wicket – customized JSP form-based database authentication

Getting ready

How to do it...

How it works...

See also

Spring authentication with Wicket authorization

Getting ready

How to do it...

How it works...

See also

Multitenancy using Wicket and Spring Security

Getting ready

How to do it...

How it works...

8. Spring Security with ORM and NoSQL DB

Introduction

Setting up the Spring Hibernate application

Spring Security with Hibernate using @preAuthorize annotation

Getting ready

How to do it...

How it works...

See also

Spring Security with Hibernate using authentication provider with @preAuthorize annotation

Getting ready

How to do it...

How it works...

See also

Spring Security with Hibernate using UserDetailsService with Derby database

Getting ready

How to do it...

How it works...

See also

Spring Security with MongoDB

Getting ready

How to do it...

How it works...

See also

9. Spring Security with Spring Social

Introduction

Spring Security with Spring Social to access Facebook

Getting ready

How to do it...

How it works...

See also

Spring Security with Spring Social to access Twitter

Getting ready

How to do it...

How it works...

See also

Spring Security with multiple authentication providers

Getting ready

How to do it...

How it works...

See also

Spring Security with OAuth

Getting ready

How to do it...

How it works...

See also

10. Spring Security with Spring Web Services

Introduction

Applying Spring Security on RESTful web services

Getting ready

How to do it...

How it works...

See also

Spring Security for Spring RESTful web service using the cURL tool

Getting ready

How to do it...

How it works...

See also

Integrating Spring Security with Apache CXF RESTful web service

Getting ready

How to do it...

How it works...

See also

Integrating Spring Security with Apache CXF SOAP based web service

Getting ready

How to do it...

How it works...

See also

Integrating Spring Security with Apache Camel

Getting ready

How to do it...

How it works...

See also

11. More on Spring Security

Introduction

Spring Security with multiple authentication providers

Getting ready

How to do it...

How it works...

See also

Spring Security with multiple input authentications

Getting ready

How to do it...

How it works...

See also

Spring Security with Captcha integration

Getting ready

How to do it...

How it works...

See also

Spring Security with JAAS

Getting ready

How to do it...

How it works...

See also

Index

Spring Security 3.x Cookbook

Spring Security 3.x Cookbook

Copyright © 2013 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

First published: November 2013

Production Reference: 1171113

Published by Packt Publishing Ltd

Livery Place

35 Livery Street

Birmingham B3 2PB, UK

ISBN 978-1-78216-752-5

www.packtpub.com

Cover Image by Aniket Sawant (<aniket_sawant_photography@hotmail.com>)

Credits

Author

Anjana Mankale

Reviewers

Laurent Frisée

Michael Waluk

Acquisition Editor

Kevin Colaco

Lead Technical Editor

Balaji Naidu

Technical Editors

Aman Preet Singh

Chandni Maishery

Shali Sasidharan

Tarunveer Shetty

Project Coordinator

Wendell Palmar

Proofreader

Bernadette Watkins

Indexer

Priya Subramani

Graphics

Ronak Dhruv

Production Coordinator

Aparna Bhagat

Cover Work

Aparna Bhagat

About the Author

Anjana Mankale is a Tech Lead with 7 years of experience in developing web applications.

She has developed applications for healthcare, e-commerce portals, media portals, and content management systems using Spring and Struts 2. She is extensively involved in application design and implementation. She has worked on Amazon cloud and Spring web services and has recently been involved in deploying and designing a cloud-based multitenant application.

Anjana is passionate about blogging (http://jtechspace.blogspot.in/) where she shares her write-ups and technical code that she has worked on.

I would like thank Mr. Dharanidhara Mishra who is a Senior Solution Architect and has been guiding me on application security.

I would also like to thank my husband, Raghavendra S., for his complete support and encouragement by intimating on the timelines.

Lastly I would like to thank my parents and in-laws for their encouragement in completing this book.

About the Reviewers

Laurent Frisée is a freelance consultant with 13 years of experience working for well known as well as less well known companies. He has been a Java developer for the last 10 years and has been involved in the architecture development of the software most of this time. In recent years, he has focused on Java persistence-related problems and is looking forward to working with new technologies (like GWT) or enterprise solutions (like ESB).

Michael Waluk has over 20 years of experience developing secure, scalable software-as-a-service web applications. He has leveraged Spring Security since it was open-sourced as Acegi Security in 2004, securing both large and small enterprise projects with it and extending most of its features. Today, millions of people are using these applications to do business securely.

www.PacktPub.com

Support files, eBooks, discount offers and more

You might want to visit www.PacktPub.com for support files and downloads related to your book.

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at for more details.

At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.

http://PacktLib.PacktPub.com

Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can access, read and search across Packt's entire library of books. 

Why Subscribe?

Fully searchable across every book published by Packt

Copy and paste, print and bookmark content

On demand and accessible via web browser

Free Access for Packt account holders

If you have an account with Packt at www.PacktPub.com, you can use this to access PacktLib today and view nine entirely free books. Simply use your login credentials for immediate access.

Preface

Introduction

Spring Security is a security layer that comes with Spring framework. Spring framework is an active open source project which has made further development of the application easier. It provides various layers to handle different scenarios and challenges that we face during the design and implementation life cycle of the project.

The Spring Security layer of Spring framework is very loosely coupled with the Spring framework, hence it can be easily integrated with other applications.

In this book we will be integrating Spring Security with other frameworks and we will also demonstrate it with coded examples.

What this book covers

Chapter 1, Basic Security, covers the basics of security in a J2ee application. It introduces to the reader the various mechanisms of applying security to authenticate and authorize the users to the application. It also explains container management security.

Chapter 2, Spring Security with Struts 2, provides steps to integrate Spring Security in a Struts 2 application. It demonstrates database authentication and LDAP authentication and authorization with other security mechanism offered by Spring framework.

Chapter 3, Spring Security with JSF, explains all the aspects of Spring Security with a JSF application. It shows how to make the JSF application communicate with Spring Security using listeners.

Chapter 4, Spring Security with Grails, demonstrates how the grails application can seamlessly integrate with Spring Security. We have also shown how Spring Security UI offers screens to create users and roles. We have demonstrated the use of Spring Security tags in GSP pages.

Chapter 5, Spring Security with GWT, focuses on the GWT framework. The GWT framework is integrated with GWT and Spring Security can be used to authenticate and authorize users accessing the GWT application.

Chapter 6, Spring Security with Vaadin, puts forward various options for integrating Spring Security with the Vaadin framework. We have created a sample product catalog application to demonstrate Spring Security integration with the Vaadin framework.

Chapter 7, Spring Security with Wicket, demonstrates the integration of the wicket framework with Spring Security. Wicket itself has an authentication and authorization framework inbuilt, but the challenge was to make wicket use an external framework for authentication and authorization.

Chapter 8, Spring Security with ORM and NoSQL DB, explains Hibernate and MongoDB in authentication and authorization using Spring Security API classes.

Chapter 9, Spring Security with Spring Social, introduces Spring Social, which is a framework developed by Spring Source to provide integration to social networking sites. Spring Social intern uses Spring Security to do the authentication and authorization. The chapter demonstrates how Spring Social and Spring Security integrate with each other by demonstrating a Facebook login application.

Chapter 10, Spring Security with WebServices, explains various options to secure RESTFUL and