Wednesday, 20 May 2015

Online Course: Spring Security Fundamental

Just completes this course. Very nice introductory course for spring security, talks about role and permission based authentication and authorization as well as various login mechanism (default, http-basics, form-login) and other cool features such as permission evaluator, ldap server, https channels.

Link: http://www.pluralsight.com/courses/spring-security-fundamentals

Notes: For some reasons the <form-login> section described in the course does not work with the latest spring security 4.0.1.RELEASE:

Firstly for the example in the course to work with spring security 4.0.1.RELEASE, use-expressions="false" must be included in the <http auto-config="true"> in the security-config.xml for the <intercept-url> which does not use expressions (it seems that spring security 4.0.1.RELEASE <http auto-config="true"> has default use-expressions="true")

Secondly, j_spring_security_check does not work with spring security 4.0.1. RELEASE, it always bounced back to the same login pages and j_spring_security_check issues 302 error messages, furthermore, the latest spring security has the csrf default to true in the <http>.

The examples in the course worked after I switch to spring security 3.2.6.RELEASE instead.

No comments:

Post a Comment