Spring Book – Chapter 15 – Web Application Security with Spring

The flow of request throgh the various Spring Security filters is depited in the Figure 15-5 below.

Figure 15-5. Flow of request through Spring Security filters

Figure 15-5. Flow of request through Spring Security filters

It is very important to note that the filters in the Spring Security should be configured according to a set order as specified by the framework. However, if you would like to customer any of the filters or introduce a custom filter, Spring Security does allow this by ding appropriate configuration in the configuration file. If you are using any filter based frameworks like SiteMesh for decorating pages or Apache Wicket for handling requests, you need to make sure that Spring Security related filter comes first in the execution. Figure 15-6 below shows the Spring Security filters arranged in order of execution.

Figure 15-6. Spring Security Filter Chain order

Figure 15-6. Spring Security Filter Chain order

In Figure 15-6 above the third filter in the Spring Security execution namely “SecurityContextPersistenceFilter” is very important and works as shown in Figure 15-7 below.

fig15-07

Figure 15-7. Working of Third Filter in Spring Security Filter Chain

SiteMesh is a Java web application framework by OpenSymphony which can be mainly used for web page layout and decoration.

Apache Wicket is a typical component based Java web application MVC-based framework very much similar to JSF and ApacheTapestry.

Page Visitors: 8934

The following two tabs change content below.
Tomcy John

Tomcy John

Blogger & Author at javacodebook
He is an Enterprise Java Specialist holding a degree in Engineering (B-Tech) with over 10 years of experience in several industries. He's currently working as Principal Architect at Emirates Group IT since 2005. Prior to this he has worked with Oracle Corporation and Ernst & Young. His main specialization is on various web technologies and acts as chief mentor and Architect to facilitate incorporating Spring as Corporate Standard in the organization.
Tomcy John

Latest posts by Tomcy John (see all)

Leave a Reply

Your email address will not be published. Required fields are marked *