Customer Reviews

8
2.8 out of 5 stars
Spring Security 3
Format: Kindle EditionChange
Price:$14.50
Your rating(Clear)Rate this item


There was a problem filtering reviews right now. Please try again later.

11 of 12 people found the following review helpful
on March 10, 2011
Format: PaperbackVerified Purchase
I can not begin to tell you how much time I have wasted with this book. If you already know spring security this is a good book, but then again you already know spring security so why bother!

Each chapter contains several different example that attempt to demonstrate how to do handle some aspect of security. Unfortantly the listing in the book for each example are incomplete. Its really hard to figure out how all the "knitting" is done! The source code is really bad. All the examples for each chapter are mashed together across many different files. Some how you are supposed to read all the comments to figure out which piece of code go with which examples. The indirection is madding. Its very hard to figure out which pieces go where.

I think you would be better off using the spring security tutorial, forums and google.

Hopeful someone will write an easy to use "cookbook" with complete recipes that are described in a linear manner.

I think what few reviews have been written so far where done as a favor to the author
66 commentsWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
4 of 5 people found the following review helpful
on July 7, 2010
Format: PaperbackVerified Purchase
Mularien has a comfortable writing style and the book is a lot less dry than several other Spring
books I've read.

The first topics covered are a Authorization/Authentication, XML configuration, the login/logout process and the overall architecture of secured web requests. You are then walked through configuring Spring Security for an example "pet store" web application, which starts off using an "in-memory" user credential store (configured via XML). Next, you progressively face-lift the example for more real-world usage, where your first stop is hooking up an actual database for storing user credentials. For simplicity, Mularien uses an HSQL embedded database, where enough setup/configuration information is provided to ensure success. Following his configuration examples, I was able to point Spring Security to a local MySQL instance instead and everything worked just fine.

Out-of-the box, JDBC-based user management is covered next, where Spring Security's simplified "namespace" configuration tags are used. You then slowly progress towards using your own custom/legacy schema with database-resident authentication. Also covered are secure user passwords, password encryption types, SALT usage/configuration (for extra password security), SSL use/setup via Tomcat and securing portions of your web app via Spring Security's "requires-channel" feature.

Fine-grained access control and authorization is next, with plenty of good coverage on Annotations and AOP expressions. There's also an explanation on JSR-250 compliant annotations vs. Spring Security's annotation set and the differences between them.

From there, Mularien goes on to advanced configuration and extension of Spring Security. You're walked through writing and wiring-up a custom security filter, writing a custom AuthenitcationProvider, Session management/concurrency, exception handling, authentication event handling and most importantly, how to manually configure Spring Infrastructure beans for performing security tasks outside the scope of Spring Security's configuration "namespace" tags.

He also goes on to cover Access Control Lists, LDAP integration, Single-Signon (via CAS), Client Certificate Authentication (as well has how to create your own key pairs), Open ID and Kerberos.

Lastly, roughly 8 pages are devoted to migration from Spring Security v2.x to v3.x. I started out with Spring 3, so this info wasn't useful to me; regardless, I read through this chapter and think it would be helpful to those migrating.
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
1 of 1 people found the following review helpful
on August 17, 2012
Format: Paperback
As of August 2012, there are two major learning resources for Spring Security: this book and the reference documentation. While reference documentation is pretty solid, it should be used exactly for "refering". It's useful for providing detailed information about Spring Security facilities, but it isn't the best place for getting the "big picture". And that's what is this book good at.

Let me tell you, that Spring Security is imho one of the most complicated and complex Java frameworks that is nowadays around. It is almost impossible to use it after first google hit: tutorials or forums are simply not enough to get you started with this beast. Hell no!
This book excels in explaining what is Spring Security from scratch. It covers important security principles and demonstrates some use cases on sample application. You will learn how Spring Security handles authentication, authorization, about very important security chain based on filters, about method intercepting and pre/post authorization, customizing login/logout pages, remember me support, about password encryption and much more. The second part of the book is dedicated to 3rd party services such as OpenID, LDAP, SSO and there is also chapter about SS2 to SS3 migration. For hard-core developers there is also part about how to wire all the required dependencies yourself.

I've read some negative comments about the sample code. The truth is, that formatiing is terrible and is hard to read even from paperback. I don't want to think how messy must Kindle version be. That's why I am giving one star down from my rating. You also have to accept the fact, that you need to download the sample code for this book and play with it. This is NOT step-by-step tutorial for creating application! The book only shows important pieces of code, not whole code at once! The sooner you'll get this, the more nerves you will eventually save.

Overall verdict would be: Go for this book and take your time. Security is hard! When you're solving real-world problems refer to this book, reference manual and internet forums.
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
2 of 3 people found the following review helpful
on November 7, 2010
Format: Paperback
Spring Security 3 is a pretty decent book if you want to get started with Spring Security or want to know more of the internals or exotic features it has to offer.

The book starts with a brief explanation of the different parts of secutiry and after that explains how these are implemented/used in Spring Security. During the different chapters in the book they explain the different features of Spring Security with the use of a consistent sample (application) and security review. During the samples the issues of the security review are being solved, it is also explained why you should solve them and why they are a risk.

The sample application is being secured in a couple of chapters, each of the chapters explains a part of Spring Security. It starts simple and progresses to the more exotic features of the framework, however it doesn't stop there. There is also a lot of explaining going on what is happening internally in the framework, which classes are used and why. In short you basically get an in depth explanation of the Spring Security namespace.

Another great thing about the book is that it covers, in quite some detail, some of the less well documented features of Spring Security. Spring Security has the notion of groups, which is pretty much unmentioned in the reference guide, this book explains it in quite a clear and concise way. Another feature explained quite well is the use of ACL, often asked in the forums and still undocumented in the reference guide. So this book also fills in those gaps. Next to those features it also explains how to use OpenID, SSO, Client Certificates and how to configure them (again in quite some detail).

So in short if you want to know how Spring Security 3 works internally, what the namespace actually does, how those undocumented features work, this book is a must read. I would say this book is a must read for all the Spring Security users out there.
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
2 of 3 people found the following review helpful
on December 17, 2011
Format: Paperback
By chapter 2, the reader is lambasted with the names of dozens of classes and how all those classes connect together through abstract descriptions. This would be fine if the reader has 100% total-recall, but for most people, by the time they read chapter 3, all those names would be hazy, especially if all they're interested in is "getting things done." This book is written in such a way that you need to read at least half the book (and constantly reference previous chapters) before you acquire enough information about Spring to write anything practical or useful. The book delves into details of Spring implementation before demonstrating a simple concrete example. The examples that the book does provide are scant, typically small excerpts that don't work as-is. A user that's relatively new to Spring would be stuck on very basic tasks such as which spring jars should be included with his project, or why the provided xml example would throw an exception such "unable to locate spring namespace handler." (what's a namespace handler? if you don't know it, too bad).

This book is quickly digestible only for users with solid spring experience and background, and for those users, this book is probably marginally useful as they can probably get things up and running quicker by going to the website and looking at the online documentation instead of reading this book.
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
1 of 2 people found the following review helpful
on March 6, 2011
Format: PaperbackVerified Purchase
Luke Taylor (Spring Security Project Lead) wrote in his Forward to this book: "Spring Security... is a 'hands-on' framework where people are encouraged to customize or extend the code to fulfill requirements that go beyond the basic out of the box options. Most things are possible, but sometimes an in-depth understanding of the internals is needed to satisfy a requirement, and that understanding mainly comes with experience".

This book is on-surface kind of book. It doesn't help at all toward developing an in-depth understanding of the internals of Spring Security.

Maybe the author should have taken clues from Spring Recipes: A Problem-Solution Approach, on how to present information rather than filling up pages with bigger fonts, meaningless diagrams and incomplete information. Though the original price of this book is same as above mentioned book, the content and usefulness of this book is negligible in comparison.

On page 319, in the chapter on CAS, author writes: "we will look at support for SAML within Spring Security itself in a later chapter". I think he simply forgot to add that 'later chapter'.
11 commentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
0 of 1 people found the following review helpful
on February 10, 2014
Format: Kindle EditionVerified Purchase
The author does a poor job of explaining the topics. You will end up more confused and wasted your time going through this book. You can get better information online.
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
1 of 5 people found the following review helpful
on March 23, 2011
Format: Paperback
Spends too much time ranting about the google-able security concepts than actually teaching concepts in Spring Source Security that you can use. Although the author touches upon few customization concepts, I find better examples over web than this book.
If you have limited knowledge and you don't want to spend your limited time on the internet then better avoid this book.
22 commentsWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
     
 
Customers who viewed this also viewed
Spring Security 3.1
Spring Security 3.1 by Robert Winch
$18.49
 
     

Send us feedback

How can we make Amazon Customer Reviews better for you?
Let us know here.

Your Recently Viewed Items and Featured Recommendations 
 

After viewing product detail pages, look here to find an easy way to navigate back to pages you are interested in.