Spring Book – Chapter 15 – Web Application Security with Spring

Spring Security Concepts

In this section we will discover some of the key Spring Security concepts in detail. We will cover the following key concepts:

  • Spring Security Filters, also known as Security Interceptors
  • Authentication
  • Authorization
    • Web URL Authorization
    • Method invocation authorization

Security Interceptor

Security Interceptor can be considered as a latch or a gateway to your application’s secured resources or items. Along with authentication and authorization it does other security related tasks by delegating the responsibilities to appropriate managers as shown in Figure 15-1 below.

Figure 15-1. Security Interceptor and its associated managers

Figure 15-1. Security Interceptor and its associated managers

The security interceptor comes in between the caller and the secured resource or item doing the appropriate security checks. Figure 15-2 below shows a typical security interceptor in action.

Figure 15-2. Spring's Security Interceptor in action

Figure 15-2. Spring’s Security Interceptor in action

Security Interceptor goes through various security checks using predefined Spring Security Servlet Filters.

A servlet filter is a Java object that intercepts requests to a servlet, JSP, or static file in a web application. The servlet filter has the chance to modify the request before passing it along to the underlying resource and can capture and modify the response before sending it back to the client. It can be specified declaratively using the web application deployment descriptor (web.xml) and can be inserted into existing web applications without altering the existing code. Figure 15-3 below shows how a servlet filter works.

Figure 15-3. Working of a typical Servlet Filter

Figure 15-3. Working of a typical Servlet Filter

Page Visitors: 7991

The following two tabs change content below.
Tomcy John

Tomcy John

Blogger & Author at javacodebook
He is an Enterprise Java Specialist holding a degree in Engineering (B-Tech) with over 10 years of experience in several industries. He's currently working as Principal Architect at Emirates Group IT since 2005. Prior to this he has worked with Oracle Corporation and Ernst & Young. His main specialization is on various web technologies and acts as chief mentor and Architect to facilitate incorporating Spring as Corporate Standard in the organization.
Tomcy John

Latest posts by Tomcy John (see all)

Leave a Reply

Your email address will not be published. Required fields are marked *