New England Software Symposium
March 9 - 11, 2007 - Boston, MA
View the event details here ».
Enterprise Security with Spring
Spring Security (formerly known as 'Acegi') enables self-contained, consistent, and extensible solutions for securing your applications. Version 2.0 provides major enhancements including a domain-specific XML namespace, convention-based defaulting, and annotation support. This provides a significantly simpler experience for developers while still supporting the same degree of flexibility.
Spring Security's interceptor-based approach is non-invasive even when extended to accommodate domain-specific requirements. The two main security processes (authentication and authorization) are decoupled in order to provide flexibility across a wide variety of providers and strategies. This presentation will include an overview of Spring Security's pluggable authentication process and how it accommodates a wide range of possibilities including Database, LDAP, Single Sign On, and even an in-memory option for development and testing. We will then proceed to cover authorization where you will see its consistent approach for securing web requests and method invocations. Throughout the session, we will walk through a sample application that demonstrates Spring Security's core features.
About Mark Fisher
Mark Fisher is an engineer within the SpringSource division of VMware and lead of the Spring Integration project. He is also a committer on the core Spring Framework and the Spring BlazeDS Integration project. Mark has provided consulting services for clients across numerous industries, and he has trained hundreds of developers how to use the Spring Framework and related projects effectively. Mark speaks regularly at conferences and user groups in America and Europe.More About Mark »