<%@ include file="/WEB-INF/jsp/include.jsp" %>
Contacts Security Demo
Contacts Security Demo
Contacts demonstrates the following central Spring Security capabilities:
- Role-based security. Each principal is a member of certain roles,
which are used to restrict access to certain secure objects.
- Domain object instance security. The
Contact, the
main domain object in the application, has an access control list (ACL)
that indicates who is allowed read, administer and delete the object.
- Method invocation security. The
ContactManager service
layer bean has a number of secured (protected) and public (unprotected)
methods.
- Web request security. The
/secure URI path is protected
by Spring Security from principals not holding the
ROLE_USER granted authority.
- Security unaware application objects. None of the objects
are aware of the security being implemented by Spring Security. *
- Security taglib usage. All of the JSPs use Spring Security's
taglib to evaluate security information. *
- Fully declarative security. Every capability is configured in
the application context using standard Spring Security classes. *
- Database-sourced security data. All of the user, role and ACL
information is obtained from an in-memory JDBC-compliant database.
- Integrated form-based and BASIC authentication. Any BASIC
authentication header is detected and used for authentication. Normal
interactive form-based authentication is used by default.
- Remember-me services. Spring Security's pluggable remember-me
strategy is demonstrated, with a corresponding checkbox on the login form.
* As the application provides an "ACL Administration" use case, those
classes are necessarily aware of security. But no business use cases are.
Please excuse the lack of look 'n' feel polish in this application.
It is about security, after all! :-)
To demonstrate a public method on ContactManager,
here's a random Contact:
Get started by clicking "Manage"...
">Manage
">Debug
">Frames