JavaOne 2008: Spring Security Session

Moscone Center, San Francisco, CA, USA

Ben Alex educates the JavaOne audience on Spring Security. The enterprise application security landscape is rapidly shifting. Today’s enterprise application security requirements increasingly reflect an interconnected world of service-oriented architecture (SOA); web services; component-based web frameworks; and sophisticated rich client types, including Web 2.0. Beyond these technology evolutions, new business requirements are emerging, including IP protection, single sign-on, federated identity, and robust nonrepudiation models. This session presents practical solutions for addressing today’s complex enterprise security requirements. It takes attendees on a step-by-step journey that starts with the simple security requirements of a login form with web tier authorization and grows to include each of the requirements specified above. This is an intensely demonstration-oriented session, with considerable live coding. It gives you practical, useful architectural advice and implementation tips, whether you are building a Web 2.0 Google Web Toolkit (GWT) application, web services endpoint, major batch application, or perhaps all three at once. The session also introduces and demonstrates how to implement important security standards, including Java™ Authentication and Authorization Service (JAAS), WS-Security, and RFC-defined Basic and Digest authentication. Attendees will also learn how to use JSR 250 annotations to provide objects with flexible, portable, and powerful authorization capabilities. The demonstrations feature Spring Security, an open-source security framework that builds upon the standards mentioned above and is used in numerous banking, government, and military installations.