The new Certification Class of Learn Spring Security is out:

>> CHECK OUT THE COURSE

Spring Security - Behind the Scenes

The Security with Spring Tutorial discusses how to introduce security into an MVC project, the Maven dependencies for Spring Security, Login and Logout and some more advanced topics. It also deals with Security for REST – how to Authenticate against a REST API and how to consume the API with RestTemplate.

1. >> The Registration Series

2. >> The Authentication Series

3. >> Core Spring Security

 

4. >> Spring Security with REST

 

>> Other Spring Tutorials

=> How to build REST Services with Spring

=> How to Build the Persistence Layer of an application with Spring and Hibernate, JPA, Spring Data, etc

=> Common Exceptions in Spring with examples – why they occur and how to solve them quickly

 

The entire tutorial in based on this github project. Watch and fork it at will – the project can be used as a starting point for a more full fledged implementation.

Go deeper into Spring Security with the course:

>> LEARN SPRING SECURITY

Sort by:   newest | oldest | most voted
Beodeo Van den Schwarz
Guest
Beodeo Van den Schwarz

great website! but could you check the link behind “Spring Security – security none… etc”? Seems to point at the wrong page.

Eugen Paraschiv
Guest

Yet it did – nice catch – thanks (fixed now).

Juan Mendoza
Guest
Hi Euge, I read the book “REST services withspring”, and it’s very good to start with the concept of spring security, but I don’t found how did the autentication that I want, maybe you can give me some advice. I want that the first time that the user try to use some API that needed autentication, it should send the user and password and the aplication goes to deliver to they a token. After that, always that the user use some other operation (API), it needed send to the aplication the token that was delivered with the initial response. ¿Exist… Read more »
Eugen Paraschiv
Guest
Hey Juan, There are a few things to keep in mind here. What you are describing is exactly the concept of the cookie – which is the standard way to handle authentication for a standard web application. Now – if you are securing a REST Service (as opposed to – the standard Spring MVC web app), then it depends how much you care about the RESTful nature of your solution. If you want to be RESTful – then the cookie solution will not do well – because you will be relying on the STATE of the server, whereas for REST… Read more »
Juan Mendoza
Guest

Thank Euge,

That article show me how configure the behavior to work with the cookie,but in fact i was looking for the way to do mi API as RESTfull, because the use of cookie in movile aplication, in some occasion maybe can be dificult. In this way if I send the tooken to the client, and this send me it I don’t need use a cookie.

independently of this, do you know some way to do that?, of maybe is necesary make a my own AutenticationManager?

Thanks!

Eugen Paraschiv
Guest

So – how is the token you’re thinking of any different than a cookie? As far as I can see – the token is the cookie. Now – sure, you can do a custom token if you would like to – and yes, in that case you will have to get a bit deeper into the Spring Security configuration – but why reinvent the cookie mechanism?

sonoerin
Guest

Thank you for the great tutorials Eugen, they really help me understand these topics better. I wonder if you consider putting a Spring Security tutorial for using custom roles? For example, instead of USER & ADMIN, what if I wanted a hierarchical approach with customer roles like this (top-down): ADMIN, OWNER, MANAGER, RECEPTIONIST, VISITOR.

I have seen old Spring Security code snippets about custom role names. But I have yet to see one that shows from configuration, to database seeding, to authentication.

Thanks again for the great help you provide.

Eugen Paraschiv
Guest

Hey Sonoerin – yes, a more complex Role-Privilege model is actually implemented in my REST project on github. Thanks for the suggestion, I might write about that sometime soon. Cheers,
Eugen.

Enma
Guest

nice tutorial Eugen..but i wonder perhpas u got project on github about dynamic url for spring security..

joxers
Guest

how to create user management UI ?

Eugen Paraschiv
Guest

Hey Joxers,
That’s something I do have on my TODO list to write about, but it may be further out, perhaps a couple of months. Cheers,
Eugen.

wpDiscuz