Reputation: 8348
New to Java and Spring - what should I focus my learning efforts on to hit the ground running using Spring security?
I am working on a project in which we have to implement security in a Java EE enterprise environment. Just finished learning about JSPs and Servlets as well as Spring dependency Injection in java. What should I focus on next to hit the ground running regarding securing java applications in an enterprise environment?
Upvotes: 0
Views: 89
Answers (3)
Reputation: 43087
The documentation and comprehensive books might be better to be used later on.
I think the best next step to go on is to read the chapter 9 "Securing Spring" from the Manning Spring in Action book.
In this chapter there will be an introductory level description of spring security, this is from the beginning of the chapter:
"Spring Security provides a comprehensive security solution, handling authentication and authorization at both the web request level and at the method invocation level."
it also includes securing view-level elements. Spring Security also has support for ACL's, make sure to go through:
Upvotes: 0
Reputation: 30310
Consider first which security concerns you would implement without Spring Security. For example, will your authentication be basic authentication, OAuth, Remember Me, etc? Look into how you will maintain Access Control Lists for authorizations (if needed). Certificates. Encryption. And so on.
Then you want to look at the "Java way" of dealing with those things--servlet filters, JNDI with LDAP, and so on.
Then finally, look at how Spring Security makes dealing with the Java way of doing things easier.
Another option is to look simply at the table of contents of the Spring Security documentation, and examine what kinds of features they provide. Then work backwards to see what you need to think about. So for example, when you see Spring Security has OpenID support, then maybe that's your cue to go read up on what OpenID is and how it works independent of Spring or even Java.
I know this isn't terribly specific, but your question is pretty broad. Hope it helps.
Upvotes: 1
Related Questions
- Basics of Spring Security
- Tutorial about using Spring security for authorization
- spring security HttpSecurity
- Spring Security example
- Simple Spring Security requirement
- Spring MVC - Spring Security - Controllers General Architecture - Best practices
- Good video tutorial on spring security 3.0
- Is there any good e-material or web site to start up with spring and spring security?
- Questions to Determine Spring / Spring Security, etc Knowledge
- Spring Security basics