Spring Security Concepts
In this section we will discover some of the key Spring Security concepts in detail. We will cover the following key concepts:
- Spring Security Filters, also known as Security Interceptors
- Web URL Authorization
- Method invocation authorization
Security Interceptor can be considered as a latch or a gateway to your application’s secured resources or items. Along with authentication and authorization it does other security related tasks by delegating the responsibilities to appropriate managers as shown in Figure 15-1 below.
Figure 15-1. Security Interceptor and its associated managers
The security interceptor comes in between the caller and the secured resource or item doing the appropriate security checks. Figure 15-2 below shows a typical security interceptor in action.
Figure 15-2. Spring’s Security Interceptor in action
Security Interceptor goes through various security checks using predefined Spring Security Servlet Filters.
A servlet filter is a Java object that intercepts requests to a servlet, JSP, or static file in a web application. The servlet filter has the chance to modify the request before passing it along to the underlying resource and can capture and modify the response before sending it back to the client. It can be specified declaratively using the web application deployment descriptor (web.xml) and can be inserted into existing web applications without altering the existing code. Figure 15-3 below shows how a servlet filter works.
Figure 15-3. Working of a typical Servlet Filter
Page Visitors: 7991