Skip to content
Andrei Mladin edited this page Mar 13, 2014 · 53 revisions

Modules

Core - spring-security-core.jar

  • Contains core authentication and access-contol classes and interfaces, remoting support and basic provisioning APIs
  • Required by any application which uses Spring Security
  • Supports standalone applications, remote clients, method (service layer) security and JDBC user provisioning

Web - spring-security-web.jar

  • Contains filters and related web-security infrastructure code
  • You'll need it if you require Spring Security web authentication services and URL-based access-control.

LDAP

  • LDAP authentication and provisioning code.
  • Required if you need to use LDAP authentication or manage LDAP user entries

ACL

  • Specialized domain object ACL implementation
  • Used to apply security to specific domain object instances within your application

CAS

  • Spring Security's CAS client integration
  • If you want to use Spring Security web authentication with a CAS single sign-on server

web.xml configuration

Security Filter

<filter>

   <filter-name>springSecurityFilterChain</filter-name>

   <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

</filter>

<filter-mapping>

   <filter-name>springSecurityFilterChain</filter-name>

   <url-pattern>/*</url-pattern>

</filter-mapping>

  • DelegatingFilterProxy is a Spring Framework class which delegates to a filter implementation (to an internal infrastructure bean created by the namespace to handle web security)

<http> configuration

Authentication

Authorization

Roles & Permissions

Role hierarchy

Clone this wiki locally