Spring Security 3.1

Robert Winch, Peter Mularien

  • 出版商: Packt Publishing
  • 出版日期: 2012-12-28
  • 售價: $1,840
  • 貴賓價: 9.5$1,748
  • 語言: 英文
  • 頁數: 456
  • 裝訂: Paperback
  • ISBN: 1849518262
  • ISBN-13: 9781849518260
  • 相關分類: Java 相關技術資訊安全
  • 海外代購書籍(需單獨結帳)
    無現貨庫存(No stock available)



This book demonstrates how to secure your Java applications from hackers using Spring Security 3.1. With plenty of handholding, it takes you step by step through every stage, accompanied by sample code and useful screenshots.

  • Learn to leverage the power of Spring Security to keep intruders at bay through simple examples that illustrate real world problems
  • Each sample demonstrates key concepts allowing you to build your knowledge of the architecture in a practical and incremental way
  • Filled with samples that clearly illustrate how to integrate with the technologies and frameworks of your choice

In Detail

Knowing that experienced hackers are itching to test your skills makes security one of the most difficult and high-pressure concerns of creating an application. The complexity of properly securing an application is compounded when you must also integrate this factor with existing code, new technologies, and other frameworks. Use this book to easily secure your Java application with the tried and trusted Spring Security framework, a powerful and highly customizable authentication and access-control framework.

"Spring Security 3.1" is an incremental guide that will teach you how to protect your application from malicious users. You will learn how to cleanly integrate Spring Security into your application using the latest technologies and frameworks with the help of detailed examples.

This book is centred around a security audit of an insecure application and then modifying the sample to resolve the issues found in the audit.

The book starts by integrating a variety of authentication mechanisms. It then demonstrates how to properly restrict access to your application. It concludes with tips on integrating with some of the more popular web frameworks. An example of how Spring Security defends against session fixation, moves into concurrency control, and how you can utilize session management for administrative functions is also included.

"Spring Security 3.1" will ensure that integrating with Spring Security is seamless from start to finish.

What you will learn from this book

  • Understand common security vulnerabilities and how to resolve them
  • Implement authentication and authorization
  • Learn to utilize existing corporate infrastructure such as LDAP, Active Directory, Kerberos, and CAS
  • Integrate with popular frameworks such as Spring, JSF, GWT, Maven, and Spring Roo
  • Architect solutions that leverage the full power of Spring Security while remaining loosely coupled
  • Implement common scenarios such as supporting existing user stores, user sign up, and supporting AJAX requests


This practical step-by-step tutorial has plenty of example code coupled with the necessary screenshots and clear narration so that grasping content is made easier and quicker.

Who this book is written for

This book is intended for Java web developers and assumes a basic understanding of creating Java web applications, XML, and the Spring Framework. You are not assumed to have any previous experience with Spring Security.


本書展示了如何使用Spring Security 3.1來保護您的Java應用程序免受駭客的攻擊。通過豐富的示例代碼和有用的屏幕截圖,本書將帶領您逐步完成每個階段。

  • 通過簡單的示例學習如何利用Spring Security的強大功能來解決現實世界中的問題

  • 每個示例都演示了關鍵概念,讓您以實用和漸進的方式建立對架構的理解

  • 充滿了清晰的示例,清楚地演示了如何與您選擇的技術和框架集成


了解有經驗的駭客渴望測試您的技能,這使得安全成為創建應用程序最困難和高壓的問題之一。當您必須將此因素與現有代碼、新技術和其他框架集成時,正確保護應用程序的複雜性更加複雜。使用這本書,輕鬆地使用經過驗證和可靠的Spring Security框架來保護您的Java應用程序,這是一個功能強大且高度可自定義的身份驗證和訪問控制框架。

《Spring Security 3.1》是一本逐步指南,將教您如何保護應用程序免受惡意用戶的攻擊。借助詳細的示例,您將學習如何使用最新的技術和框架將Spring Security清晰地集成到您的應用程序中。


本書首先集成了各種身份驗證機制,然後演示了如何正確限制對應用程序的訪問。最後,提供了與一些流行的Web框架集成的技巧。書中還包括了Spring Security如何防止會話固定、並進行並發控制,以及如何利用會話管理進行管理功能的示例。

《Spring Security 3.1》將確保從頭到尾無縫集成Spring Security。


  • 了解常見的安全漏洞及其解決方法

  • 實施身份驗證和授權

  • 學習如何利用現有的企業基礎設施,如LDAP、Active Directory、Kerberos和CAS

  • 與Spring、JSF、GWT、Maven和Spring Roo等流行框架集成

  • 設計利用Spring Security的全部功能並保持鬆散耦合的解決方案

  • 實現常見場景,如支持現有用戶存儲、用戶註冊和支持AJAX請求




本書適用於Java Web開發人員,假設您具有創建Java Web應用程序、XML和Spring Framework的基本理解。不需要具備Spring Security的任何先前經驗。