- Spring-security-config
- Web/HTTP Security
- Business Object (Method) Security
- AuthenticationManager
- AccessDecisionManager
- AuthenticationProviders
- UserDetailsService
-
Should configure springSecurityFilterChain in web.xml. it will process web security which are configured using the element.
-
http element show url sets which you would secure. And access attribute define these roles, user should have.
-
requires-channel point at URLs should request what protocal. HTTP or HTTPS
if access /secure/* with HTTP, firstly this request will be redirected with HTTPS -
How to set specific port access?
<port-mappings> <port-mapping http="9080" https="9443"/> </port-mappings>
- Session Control:
Need to add listener HttpSessionEventPublisher in web.xml
Add the following in our application context.
<session-management><concurrency-control max-sessions="1" /></session-management>
AccessDecisionManager:
The default strategy is to use an AffirmativeBased AccessDecisionManager with a RoleVoter and an AuthenticatedVoter.