Just completes this course. Very nice introductory course for spring security, talks about role and permission based authentication and authorization as well as various login mechanism (default, http-basics, form-login) and other cool features such as permission evaluator, ldap server, https channels.
Link: http://www.pluralsight.com/courses/spring-security-fundamentals
Notes: For some reasons the <form-login> section described in the course does not work with the latest spring security 4.0.1.RELEASE:
Firstly for the example in the course to work with spring security 4.0.1.RELEASE, use-expressions="false" must be included in the <http auto-config="true"> in the security-config.xml for the <intercept-url> which does not use expressions (it seems that spring security 4.0.1.RELEASE <http auto-config="true"> has default use-expressions="true")
Secondly, j_spring_security_check does not work with spring security 4.0.1. RELEASE, it always bounced back to the same login pages and j_spring_security_check issues 302 error messages, furthermore, the latest spring security has the csrf default to true in the <http>.
The examples in the course worked after I switch to spring security 3.2.6.RELEASE instead.
No comments:
Post a Comment