Spring Security 3 (the Book), by Peter Mularien: Now Available (May 29, 2010) from Packt Publishing

About the Book
FAQs
Reviews
For Purchasers
About this Site

Why this Book?
What does it Cover?
Where to get it?

Why this Book?

I was inspired to write this book after my 5 Minute Guide to Spring Security tutorial became one of the top Google search results for "spring security tutorial". Packt and I joined up, and, almost one year later, here we are with a May 29, 2010 release date!

After spending a lot of time on the Spring Security community forums helping people, I realized that fundamentally many users of Spring Security (and Acegi before it) really do not understand how it's all put together from a high-level perspective. Furthermore, many users have the additional complexity of requiring integration with external authentication systems such as CAS, LDAP, or Active Directory, and fail to fully understand the integrations in a holistic way. These are the primary reasons why I wrote this book.

Why should you buy it?

You are implementing Spring Security 3 in a web-based application and want to understand how and why it works.
You are extending Spring Security 3 to incorporate your business needs for authentication, authorization, or custom integration.
You are a beginner to Spring Security 3 and would like an example-driven approach to learning to secure a web application from scratch.
You are integrating Spring Security 3 with an advanced security technology such as OpenID, CAS, LDAP, or Microsoft Active Directory.

I'm very proud of this book, and you should know that hours and hours of research went into it, to make it the most accurate, yet approachable, book on Spring Security 3 on the market. If you have any feedback, do write me at the email address in the "About this Site" section.

Best,

Peter Mularien, May 2010

What does it Cover?

In a nutshell, all of the following and more. You can see the full table of contents using the book preview feature on Amazon.

Overall Spring Security architecture, at both a high and low level
Implementation of all major Spring Security features, including:
- JDBC-backed authentication
- Method security with annotations and pointcuts
- Session fixation protection
- Concurrent session control
- Password hashing
- Access control lists (ACLs)
Integration of Spring Security with external authentication providers, including:
- OpenID
- LDAP
- CAS
- Client certificates (X.509)
- Kerberos
- Microsoft Active Directory
Full configuration of Spring Security using explicit Spring Bean declarations
Many custom coding samples, including custom servlet filters, custom AuthenticationProviders, exception handlers, and much more.

It's the only source for written, detailed documentation on many of these topics as they relate to Spring Security. If you value your time, the book is definitely a worthwhile investment! You may wish to read my blog post announcing the release of the book for additional information and commentary.

Where to get it?

You can purchase the book from the following online vendors:

My understanding is that Packt stocks physical books in some bookstores in the US and UK - please refer to their web site for more details on their distribution channels in your country.

FAQs

Why not use the Reference Manual or Blogs?

The Spring Security 3 reference manual, and accompanying Javadoc, are bar none the most accurate and comprehensive documentation available for the technology. Ben, Luke, and the entire Acegi team worked hard to deliver a top-notch user manual, with a very high level of quality for an open source project. This book is not a reference manual. It is intended to offer the reader a high level architectural view of "why and how things work", and then lead the user through a variety of common and uncommon configuration and customization scenarios. The material is covered to a depth that makes sense in a book, and which you're unlikely to see in a random blog post. This book will help you learn Spring Security.

I'm Using Acegi Security, or Spring Security 2 - Should I buy it?

We do have a section covering migration from Spring Security 2 to Spring Security 3 in a good level of detail, regarding configuration changes (major and minor) and class renaming and moves that occurred in the major version jump. Additionally, the overall architecture has not changed significantly since the days of Acegi security, so even Acegi 1.x users will find the overall architecture, high level component diagrams, and sections on integration with other systems valuable at a high level. I'd be interested in hearing from users of earlier versions of the technology as to what works for you and what doesn't!

Are there any Sample Chapters?

Packt has excerpted some of the content as articles on their web site. Although the articles have some minor editorial changes for formatting on the web site, and (IMO) don't look quite as crisply laid out as in the book, it gives you a good sense of the content, writing style, and depth of the book. There are currently a total of 3 published articles:

Configuring Secure Passwords (this is an excerpt of Chapter 4)
Migration to Spring Security 3 (this is the full content of Chapter 13)
Opening up to OpenID with Spring Security (this is the full content of Chapter 8)

Is there Source Code?

The source code for the book is available at the book's page on the Packt Publishing site. Note that an email address is required to download the code.

Reviews

All the reviews I'm aware of will be posted below. In order to remain in compliance with the owning sites' copyright policies, I will only excerpt a summary of the relevant reviews. Please do read the full reviews, as many of the reviewers highlight strengths and (mostly minor) weaknesses of the book.

grzegorzborkowski.blogspot.com (Aug 17, 2010): [T]he book is really good, and highly recommended to everybody who starts using Spring Security, or already knows it, but doesn't feel [like a] Spring Security expert yet.
books.dzone.com (Aug 3, 2010): This is an excellent book, well written, up-to-date, complete, with relevant examples and code.
amazon.com (July 7, 2010): An Excellent Treatise on Spring Security 3.

For Purchasers of the Book

Many purchasers of the book have written to me regarding questions, problems, or issues. Let me try to help you ensure that you get the best and most prompt response to your issue:

Problems with orders from Packtpub.com (or any other vendor): please contact the vendor directly to ensure they address any problems. Note that Packt in particular can have a 24-hour lag time to responses, as their order processing occurs largely overseas. If you haven't heard anything within 48 to 72 hours, let me know and I can attempt to help.
Problems with sample code: please do contact me (email address on the "About this Site" tab above) and I will try to help you out.
Problems with Spring Security: although I am certainly happy to help out, I would suggest that your question (provided it's not specific to the book or sample code) is best reviewed by the larger community of experts at the Spring Security Community Forums. The forums are routinely monitored by both myself and experts from SpringSource and the community, and are a great way to learn and expand your knowledge, or answer specific problems!

About this Site

This site is the "unofficial" site for the book, written and maintained by the author, Peter Mularien. Although Packt Publishing is aware of the site and has approved of it, Packt Publishing is not responsible for the content or maintenance of the site. All content on the site is the property of myself, the author.

If you're looking to contact the publisher, Packt Publishing, please visit their the book's page on the Packt Publishing site.

If you have questions about the content of the book, interview requests, reviews, feedback, etc, please contact me at info (shift-2) springsecuritybook.com.

All brand names and trademarks are copyright their respective owners.