Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Tree: e242aeff3e
Branches Tags
spring-security
/
samples
/
contacts
/
src
/
main
/
webapp
/
WEB-INF
/
jsp
/
hello.jsp

hello.jsp 2.5 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152 
  1. <%@ include file="/WEB-INF/jsp/include.jsp" %>
    2. 

  2. 

  3. <html>
    4. 

  4. <head><title>Contacts Security Demo</title></head>
    5. 

  5. <body>
    6. 

  6. <h1>Contacts Security Demo</h1>
    7. 

  7. <P>Contacts demonstrates the following central Spring Security capabilities:
    8. 

  8. <ul>
    9. 

  9. <li><b>Role-based security</b>. Each principal is a member of certain roles,
    10. 

  10.     which are used to restrict access to certain secure objects.</li>
    11. 

  11. <li><b>Domain object instance security</b>. The <code>Contact</code>, the
    12. 

  12.     main domain object in the application, has an access control list (ACL)
    13. 

  13.     that indicates who is allowed read, administer and delete the object.</li>
    14. 

  14. <li><b>Method invocation security</b>. The <code>ContactManager</code> service
    15. 

  15.    layer bean has a number of secured (protected) and public (unprotected)
    16. 

  16.    methods.</li>
    17. 

  17. <li><b>Web request security</b>. The <code>/secure</code> URI path is protected
    18. 

  18.    by Spring Security from principals not holding the
    19. 

  19.    <code>ROLE_USER</code> granted authority.</li>
    20. 

  20. <li><b>Security unaware application objects</b>. None of the objects
    21. 

  21.    are aware of the security being implemented by Spring Security. *</li>
    22. 

  22. <li><b>Security taglib usage</b>. All of the JSPs use Spring Security's
    23. 

  23.    taglib to evaluate security information. *</li>
    24. 

  24. <li><b>Fully declarative security</b>. Every capability is configured in
    25. 

  25.    the application context using standard Spring Security classes. *</li>
    26. 

  26. <li><b>Database-sourced security data</b>. All of the user, role and ACL
    27. 

  27.    information is obtained from an in-memory JDBC-compliant database.</li>
    28. 

  28. <li><b>Integrated form-based and BASIC authentication</b>. Any BASIC
    29. 

  29.    authentication header is detected and used for authentication. Normal
    30. 

  30.    interactive form-based authentication is used by default.</li>
    31. 

  31. <li><b>Remember-me services</b>. Spring Security's pluggable remember-me
    32. 

  32.    strategy is demonstrated, with a corresponding checkbox on the login form.</li>
    33. 

  33. </ul>
    34. 

  34. 

  35. * As the application provides an "ACL Administration" use case, those
    36. 

  36. classes are necessarily aware of security. But no business use cases are.
    37. 

  37. 

  38. <p>Please excuse the lack of look 'n' feel polish in this application.
    39. 

  39. It is about security, after all! :-)
    40. 

  40. 

  41. <p>To demonstrate a public method on <code>ContactManager</code>,
    42. 

  42. here's a random <code>Contact</code>:
    43. 

  43. <p>
    44. 

  44. <code>
    45. 

  45. <c:out value="${contact}"/>
    46. 

  46. </code>
    47. 

  47. <p>Get started by clicking "Manage"...
    48. 

  48. <p><A HREF="<c:url value="secure/index.htm"/>">Manage</a>
    49. 

  49. <a href="<c:url value="secure/debug.jsp"/>">Debug</a>
    50. 

  50. <a href="<c:url value="./frames.htm"/>">Frames</a>
    51. 

  51. </body>
    52. 

  52. </html>
    53.