Monday, 4 April 2016

Spring security

Before Christmas I started to upgrading a spring security in my company's application. It was my second experiment. This time it passed. First time I just changed paths of classes. Yep. Between version 2.0 and 3.x there  is a huge difference in class packages.
Secondly new version is safer than earlier. Csrf, HSTS and other header controlling browser flow and secure connection.
Configuration of my application is a little different than tutorial case. I have two ways of authority:
- by web login and password
- by URL token.
I have to create unsecured controller which authorised user by URL token and forward request to target page. Now when I know dependences of spring security, it is easy. However I spend two days.
This week I tied to make rule hierarchy and  However as I got to know it isn't possible
Anyway main idea is the same.

No comments:

Post a Comment