Until now we've working with filters belonging to Spring Security project. However we can also add our own custom filters which must only follow some basic rules.
Spring Security is based on filter chain. Every filter can be invoked for appropriate request and executed to provide supplementary layer of protection. But one important thing must be respected - filters order.
Through our last articles we could discover that Spring Security can be configured in two ways: the first one using standard Spring beans mechanism. The second one is specific for Spring Security because it uses its own XML schema definition (XSD). In this article we'll focus on the second method.
Session consistency is important part which is not overlooked by Spring Security. Thanks to special filter, SessionManagementFilter, the project allows to control better sessions.
Spring Security project provides solutions for a lot of web dangers. One of them is CSRF.
The article about basic security filter in Spring Security introduces us to particularity of handle remember-me authentication. This time, we'll focus on this aspect more in details.
The first article from this category covers the subject of Spring Security ACL features. But we can still use Spring Security without the roles management. And to do it correctly, we should be familiar with a concept calling security chain.
Using Spring Security is like the blessing. Everything is coded and you only need to implement it correctly. But always is good to know what we are implementing. This is the main purpose of this article, to understand how one of particular Spring Security modes, ACL, works.