January 2011 Meeting

Security is a complicated subject but securing a web application doesn’t have to be. This presentation will cover an intro to Spring Security 3, a Java EE framework that provides advanced authentication, authorization and other security features for enterprise applications. As time permits, we will work with Spring Security 3 to secure an unsafe web application using Spring Expression Language (SpEL), add a custom login page, implement basic logout functionality, examine securing credential storage by comparing in-memory store vs. database-backed authentication store, and configure a "salted" password encoding Authentication Provider.