Popular Posts

Tuesday, January 31, 2012

Spring Security - Authentication & Authorization for web applications

Spring Security (or Acegi) is a powerful authentication and authorization framework for securing Spring-based applications.It provides option for web request level and at the method invocation level as well. Spring Security utilizes dependency injection (DI) and aspect oriented techniques effectively.

There are many useful links which provide helps, reference, tutorials etc. to getting started with Spring Security:

http://static.springsource.org/spring-security/site/start-here.html
http://www.mularien.com/blog/2008/07/07/5-minute-guide-to-spring-security/
http://www.gigaspaces.com/wiki/display/XAP71/Authenticating+against+a+database
http://teja.tejakantamneni.com/2008/08/spring-security-using-custom.html
http://blog.solidcraft.eu/2011/03/spring-security-by-example-set-up-and.html

You can customize it for pre-authenticated scenarios as well.

Common Spring Security (SS) interview questions:
1) What is spring security? How will you implement it in your project OR How will you secure your Spring application?
2) What are the main components or Architecture of SS?
3) What is difference between Spring Security 2.x & 3.0?
4) What are AuthenticationManager, ProviderManager, AuthenticationProviders & AccessDecisionManager?
5) What is PreAuthenticatedAuthenticationProvider?
6) What is Security namespace?
7) What is the element? How do you configure it?
8) How would you integrate security with LDAP or OpenId?
9) What are SecurityContextHolder, SecurityContext and Authentication Objects?
10) What is UserDetailsService?


Answers will follow soon.

No comments: