In this chapter, we showed you what Spring Security is, how it works, and how to integrate it into your flows. You learned that Spring Security is a part of the Spring portfolio and a very flexible and easy-to-use security framework that you can use for all your security needs. This is true not only for web applications, but also for your rich-client applications which are based on Spring.
We explained how to configure Spring Security, the different types of AccessDecisionManagers
, and how to write your own AccessDecisionVoter
.
The chapter ended with a small example, which showed you how to use Spring Security in your own projects. All you have to do for this is:
1. Set up Spring Security. This includes your
web.xml
file and your application context configuration file. Think about whichAccessDecisionManager
you want to use and is suitable for your use case. By default, anAffirmativeBased
manager will be used.2. Add the
secured
element to your flow definition and include all roles...