Every enterprise application requires security in one form or another. The problem domain of the application, its intended user base, and importance to the core business are all major influences on the type of security required. For example, there is a major difference in the security requirements of an Internet banking application from those of an internal telephone directory application. This wide range of security requirements between applications has proven a major challenge in the development of generic security frameworks. In this chapter we will explore the major options available for securing Spring-based applications and examine the recommended security framework, Acegi Security System for Spring.
Developers have a wide range of choices in how to implement security within enterprise applications. Let's start by reviewing the typical requirements of such applications and three major security platforms commonly used with Spring.
Although Spring provides a highly flexible framework, most of its users leverage its capabilities to deliver robust, multi-tier enterprise applications. Such applications are usually data-centric, have multiple concurrent users, and are of significant importance to the core business. Hence most enterprise applications must provide a robust approach to security.
Let's briefly recap some of the key terms used when discussing computer security. The term ...