Swipe to navigate through the chapters of this book
Security is critical in any application with access to live information – even public information. Security means controlling access to features and information; unless Annie is specifically granted access to Frank’s information, Frank’s data should be safe and, from Annie’s perspective, invisible. Naturally, Spring has a powerful and capable security project – called, of all things, Spring Security – that allows you to control nearly every aspect of application security.
Please log in to get access to this content
Even public information needs to be controlled – see how sources like Wikipedia have to constantly combat users including their own biases as sources of truth.
Fun thing discovered while researching the origin of Spring Security: “Acegi” is a made-up word using the first, third, fifth, seventh, and ninth letters of the Latin alphabet. Your authors do not know why people think computer programmers are weird.
Also note that it uses the properties of the top-level build.gradle from Chapter 2, so the Java version and Spring versions are inherited.
Your authors aren’t sure exactly how much “ado” we’ve had so far, or how to measure “ado” or in what unit, but by golly, we’re done with the “ado.”
InMemoryUserDetailsManager is provided as a developer-friendly way to “manage users” so that developers can focus on the actual security mechanisms without having to worry about having to configure how to track users. It’s in-memory only, so it isn’t useful outside of the context of testing or early development.
OAuth is an open standard for authorizing access to a web site or application without supplying passwords and is commonly used by Google, Facebook, Twitter, and many more.
- Spring Security
Joseph B. Ottinger
- Sequence number
- Chapter number
- Chapter 10