Java Reference
In-Depth Information
The different components of the Spring Security framework are the following:
• The security interceptor acts as the gateway that intercepts requests for resources.
It delegates security enforcement responsibilities to the core components. If a web
resource is being protected, then the Spring Security interceptor is provided in the
form of a servlet filter. Method invocation interceptors are implemented as
• The authentication manager verifies a user's identity. It is a pluggable component
with a clearly defined service provider interface (SPI). So, it is possible to integrate
virtually any authentication mechanism. Spring Security comes with several con-
crete authentication manager implementations covering most common needs.
• The access decision manager is another pluggable component responsible for
authorization. It allows authenticated requests to access system resources based
on certain roles.
Spring Security is based on the core Spring Framework. So, it has all the benefits of
the Spring IOC container available with the security subsystem.
Authentication and Authorization with Spring Security
Spring Security's support for web application security starts with a servlet filter. The filter
intercepts incoming web requests and delegates to the authentication manager. To install
the Spring Security gateway, you will need to install the special servlet filter class
FilterToBeanProxy in web.xml , as shown in Listing 6-1.
Listing 6-1. web.xml Fragment
Search WWH ::

Custom Search