Spring Security is a lightweight security framework that provides authentication and authorization support in order to secure Spring-based applications. It comes bundled with popular security algorithm implementations. I would cover a series of different topic related to spring security in my upcoming blogs. We will go through the setup process first, then analyze when and where […]
Application SecurityGrailsTechnology
Some applications require to store and show last login of the user which is quite common. With this feature a user can verify the last login date and time upon successful login. I would like to explain this through a use case – One of the administrative application on Grails required to hold last login […]
Spring Security has a nice feature of request caching. When user try to access secured resource without logging in into the system, spring security caches that request and redirect the user to the login page. After successful authentication it redirects user to that cached request. This works for both Ajax and non-ajax requests. To restrict […]
In a recent project we were required to move our static content files to some CDN because servers were getting millions of hits every hour and many of the resources on the main page were static (like JS/CSS/etc). I hope most of the people understand CDN already. So, I’m not covering any information on CDN […]
Sometimes we need to access details of current logged in user but that will be an additional database query. To save that query we can use principal object of Spring security which provides details of logged in user . But by default principal object have few fields like id, username and password. If we need […]
What if our use case is to perform any custom task for login and logout while keeping the beauty of spring security intact. My use case was to make a third party SOAP API call to perform login/logout sending user’s detail as parameter. Override Login Write own Authentication Provider class that extends AbstractUserDetailsAuthenticationProvider and override authenticate method. […]
Restricting concurrent sessions for a single user is a very common requirement for any software tool which requires licensing based on number of users. You can read about how we can manage (or allow) concurrent sessions with Grails 2 using Spring security plugin in this awesome concise blog here. let us see how we can […]
In my recent project, I want to implement permission based framework with spring security grails plugin. What does permission based framework mean? We can create a ROLE at run time based on the permission given to the user. Most of the times, we use Spring security in a way where we pre-define the roles to […]
We were trying to implement SSL-based login and registration (i.e. HTTPS) in an e-commerce web application which was otherwise using the non-secure protocol (i.e. HTTP) for the entire website. Instead of moving the entire web application to SSL, which would have increased response times, we thought it would be best if only the authentication part […]
