Spring Security 3.x Cookbook

Spring Security 3.x Cookbook

By : Anjana Mankale

Buy this Book

Spring Security 3.x Cookbook

By: Anjana Mankale

Buy this Book

Overview of this book

Web applications are exposed to a variety of threats and vulnerabilities at the authentication, authorization, service, and domain object levels. Spring Security can help secure these applications against those threats. Spring Security is a popular application security solution for Java applications. It is widely used to secure standalone web applications, portlets, and increasingly REST applications. It is a powerful and highly customizable authentication and access-control framework. It is the de-facto standard for securing Spring-based applications and it is currently used to secure numerous demanding environments including government agencies, military applications, and central banks. "Spring Security 3.x Cookbook" is a repository of recipes to help you successfully secure web applications against threats and vulnerabilities at the authentication and session level layers using the Spring Security framework. We will not only explore Spring-based web applications, but also Java-based and Grails-based applications that can use Spring Security as their security framework. Apart from conventional web applications, we will also look at securing portlets, RESTful web service applications, and other non-web applications. This book will also take you through how to integrate Spring Security with other popular web frameworks/technologies such as Vaadin, EJB, and GWT. In addition to testing and debugging the implemented security measures, this book will also delve into finer aspects of Spring Security implementation such as how it deals with concurrency, multitenancy, and customization, and we will even show you how to disable it. This book gives you an overview of Spring Security and its implementation with various frameworks. It starts with container-based authentication before taking you on a tour of the main features of Spring Security. It demonstrates security concepts like BASIC, FORM, and DIGEST authentication and shows you how to integrate the Spring Security framework with various frameworks like JSF, struts2, Vaadin, and more. The book also demonstrates how to utilize container managed security without JAAS. Then, we move on to setting up a struts2 application before showing you how to integrate Spring Security with other frameworks like JSF, Groovy, Wicket, GWT, and Vaadin respectively. This book will serve as a highly practical guide and will give you confidence when it comes to applying security to your applications. It's packed with simple examples which show off each concept of Spring Security and which help you learn how it can be integrated with various frameworks.

Spring Security 3.x Cookbook

Credits

About the Author

About the Reviewers

www.PacktPub.com

Preface

Free Chapter

Basic Security

Introduction

JAAS-based security authentication on JSPs

JAAS-based security authentication on servlet

Container-based basic authentication on servlet

Form-based authentication on servlet

Form-based authentication with open LDAP and servlet

Hashing/Digest authentication on servlet

Basic authentication for JAX-WS and JAX-RS

Enabling and disabling the file listing

Spring Security with Struts 2

Introduction

Integrating Struts 2 with Spring Security

Struts 2 application with basic Spring Security

Using Struts 2 with digest/hashing-based Spring Security

Using Spring Security logout with Struts 2

Authenticating databases with Struts 2 and Spring Security

Getting the logged-in user info in Struts 2 with Spring Security

Displaying custom error messages in Struts 2 for authentication failure

Authenticating with ApacheDS with Spring Security and Struts 2 application

Spring Security with JSF

Introduction

Integrating JSF with Spring Security

JSF with form-based Spring Security

JSF and form-based authentication using Spring Security to display logged-in user

Using JSF with digest/hashing-based Spring Security

Logging out with JSF using Spring Security

Authenticating database with Spring Security and JSF

ApacheDS authentication with JSF and Spring Security

Authentication error message with JSF and Spring Security

Spring Security with Grails

Introduction

Spring Security authentication with Groovy Grails setup

Spring Security with Grails to secure Grails controller

Spring Security authentication with Groovy Grails logout scenario

Spring Security with Groovy Grails Basic authentication

Spring Security with Groovy Grails Digest authentication

Spring Security with Groovy Grails multiple authentication

Spring Security with Groovy Grails LDAP authentication

Spring Security with GWT

Introduction

Spring Security with GWT authentication using Spring Security Beans

Form-based authentication with GWT and Spring Security

Basic authentication with GWT and Spring Security

Digest authentication with GWT and Spring Security

Database authentication with GWT and Spring Security

LDAP authentication with GWT and Spring Security

Spring Security with Vaadin

Introduction

Spring Security with Vaadin – basic authentication

Spring Security with Vaadin – Spring form-based authentication

Spring Security with Vaadin – customized JSP form-based authentication

Spring Security with Vaadin – using Vaadin form

Spring Security with Wicket

Introduction

Spring Security with Wicket – basic database authentication

Spring Security with Wicket – Spring form-based database authentication

Spring Security with Wicket – customized JSP form-based database authentication

Spring authentication with Wicket authorization

Multitenancy using Wicket and Spring Security

Spring Security with ORM and NoSQL DB

Introduction

Spring Security with Hibernate using @preAuthorize annotation

Spring Security with Hibernate using authentication provider with @preAuthorize annotation

Spring Security with Hibernate using UserDetailsService with Derby database

Spring Security with MongoDB

Spring Security with Spring Social

Introduction

Spring Security with Spring Social to access Facebook

Spring Security with Spring Social to access Twitter

Spring Security with multiple authentication providers

Spring Security with OAuth

Spring Security with Spring Web Services

Introduction

Applying Spring Security on RESTful web services

Spring Security for Spring RESTful web service using the cURL tool

Integrating Spring Security with Apache CXF RESTful web service

Integrating Spring Security with Apache CXF SOAP based web service

Integrating Spring Security with Apache Camel

JAAS-based security authentication on servlet

The JAAS-based security authentication on servlet is an extension of JAAS-based security authentication for JSPs. In this section, we are demonstrating that we can even apply security on servlets.

Getting ready

Create a new Web Project in Eclipse
Create a package, com.packt.security.servlets
Create a Servlet with name ProtectedServlets

How to do it...

The following are the steps for JAAS-based security for servlet:

Create a servlet and name it ProtectedServlets:

public class ProtectedServlets extends HttpServlet {
  private static final long serialVersionUID = 1L;
    
  public ProtectedServlets() {
    super();
       
  }
  protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    PrintWriter out=response.getWriter();
    try
    {
      out.println("Hello User");
      out.println("Authtype:"+request.getAuthType());
      out.println("User Principal:"+request.getUserPrincipal());
      out.println("User role:"+request.isUserInRole("role1"));
    }
    catch (Exception e) {
      out.println("<b><font color='red'>failed authenticatation</font>-</b>"+e);

    }
  }

  protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    // TODO Auto-generated method stub
  }

}

Now, edit the web.xml file to secure the servlet:

<web-resource-collection>
<web-resource-name>Servlet Protection</web-resource-name>
<description>Declarative security tests</description>
<url-pattern>/ProtectedServlets</url-pattern>
<http-method>HEAD</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>

How it works...

Restart the server and access the URL: http://localhost:8080/jaas-jboss/ProtectedServlets.

You would get a login form, which will authenticate the user. The servlet is the protected resource, and anyone accessing the servlet will be asked to log in. The authentication is handled by JAAS API, which is application-server-specific. Each application server will have its own implementation of security.

Spring Security 3.x Cookbook

By : Anjana Mankale

Spring Security 3.x Cookbook

By: Anjana Mankale

Overview of this book

Related Content you might be interested in

Current Title:

Spring Security 3.x Cookbook

JAAS-based security authentication on servlet

Getting ready

How to do it...

How it works...

See also