Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts
Sunday, 9 December 2012
Securing your Tomcat app with SSL and Spring Security
If you've seen my last blog, you'll know that I listed ten things that you can do with Spring Security. However, before you start using Spring Security in earnest one of the first things you really must do is to ensure that your web app uses the right transport protocol, which in this case is HTTPS - after all there's no point in having a secure web site if you're going to broadcast your user's passwords all over the internet in plain text. To setup SSL there are three basic steps...
Saturday, 24 November 2012
Ten Things You Can Do With Spring Security
One
You can specify the authorisation provider of your choice in your Spring XML config file. You do this by configuring an authentication-manager as defined in Spring’s http://www.springframework.org/schema/security/spring-security-3.1.xsd schema. The simplified authentication-manager element definition looks something like this:<xs:element name="authentication-manager">
<xs:complexType>
<xs:choice minOccurs="0" maxOccurs="unbounded">
<xs:element name="authentication-provider">
<xs:complexType>
<xs:choice minOccurs="0" maxOccurs="unbounded">
<xs:element ref="security:any-user-service"/>
<xs:element name="password-encoder">...</xs:element>
</xs:choice>
<xs:attributeGroup ref="security:ap.attlist"/>
</xs:complexType>
</xs:element>
<!-- This is BIG -->
<xs:element name="ldap-authentication-provider">...</xs:element>
</xs:choice>
<xs:attributeGroup ref="security:authman.attlist"/>
</xs:complexType>
</xs:element>
This means that, for example, you can use any number of authentication providers including basic authentication and JDBC authentication as shown in the snippet below:
Subscribe to:
Posts (Atom)
