I write this announcement with a lot of excitement and a great sigh of relief. It was about a year ago when I was approached by Packt Publishing, who was interested in my introduction to Spring Security, and somehow got the idea that I could write. They recognized that there was no published book focusing on Spring Security (as I have often noted myself), and wondered if I would be interested in writing a book on the subject. For me, the idea really clicked, and I jumped on the opportunity to write a book about a subject that I had already had some significant exposure to, and a desire to explore further.
Fast-forward one year, and the final 400+ page book is now available on Amazon or from other online sources, as both a printed book and eBook (eBook available from Packt). I’ve put together a web site with more information about the book at www.springsecuritybook.com – there, you’ll find a rough idea of what the book covers, what it is (and isn’t), and where you can buy it or get more information.
This has been an enormously interesting research project for me, and the culmination of hundreds (probably thousands) of hours of night and weekend work, completed in addition to a demanding full-time job and family.
In a quick list of bullet points, we cover:
- Overall Spring Security architecture, at both a high and low level
- Implementation of all major Spring Security features, including:
- JDBC-backed authentication
- Method security with annotations and pointcuts
- Session fixation protection
- Concurrent session control
- Password hashing
- Access control lists (ACLs)
- Integration of Spring Security with external authentication providers, including:
- Client certificates (X.509)
- Microsoft Active Directory
- Full configuration of Spring Security using explicit Spring Bean declarations
- Many custom coding samples, including custom servlet filters, custom AuthenticationProviders, exception handlers, and much more.
All of these topics are covered both at a high level (how and why do they work), and a low level (how to configure, how to code, how to implement). It’s a great mix of theory and practice that I hope will be very effective for readers looking to implement Spring Security, or those who are already using it, but might not understand how it works.
I’m very excited to see the book in print, and believe it will have a big impact on the ability of users new to Spring Security to approach the framework with a better understanding of how it works. Additionally, for those users who will be doing sophisticated integrations or customizations based on the framework, there’s enough undocumented material and nuts-and-bolts discussions in the book to make it interesting for you as well.
Since most of my readers are techies, I hope to post interesting quantiative bits that I’ve been tracking along the way as I’ve coded, researched, diagrammed, revised, and all out slogged my way through gobs of code. More to come on this topic!
Please contact me if you have questions, comments, suggestions, or just congratulations
Title: Spring Security 3
Publisher: Packt Publishing
Publication Date: May 29, 2010