Spring Security provides an extremely flexible alternative to the container-based security support provided out-of-the-box with BlazeDS. Spring BlazeDS Integration provides explicit integration support for incorporating Spring Security smoothly into your Flex/BlazeDS application. Spring Security provides a wealth of different configuration options, but rather than go into the many different combinations here, we'll leave most of that to the Spring Security documentation.
Here is a typical simple Spring Security starting configuration for use in conjunction with the explicit integration features provided by Spring BlazeDS integration:
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd"> <http entry-point-ref="preAuthenticatedEntryPoint" /> <beans:bean id="preAuthenticatedEntryPoint" class="org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint" /> <authentication-provider> <user-service> <user name="jeremy" password="atlanta" authorities="ROLE_USER, ROLE_ADMIN" /> <user name="keith" password="melbourne" authorities="ROLE_USER" /> </user-service> </authentication-provider> </beans:beans>
We will assume the above configuration is in place for the remainder of the examples in this chapter.