I received Spring Security 3.x Cookbook as an eBook from Packt Publishing about a month ago. This was fortunate as I had prior to this point been struggling implementing Spring Security into our new Spring MVC sample developer’s web application at work (ultimately to become our standard Maven Archetype for new web development).The requirements at work insisted on Spring Security seamlessly meshing with our campus Shibboleth 2 Single Sign-On process. This is a bit like logging in without signing in – and not one of the core principles of Spring Security out of the box (generally concerned with classic Authentication via web form submission). It was therefore useful to see the information on Multiple Authentication in Chapter 11 (as I built a JPA example similar to Chapter 11 in this book).This book (as cookbook code format) immediately helped with understanding code syntax, formatting, location and common usage. Packt commonly uses headings like (Getting Ready, How to Do It, How It Works, There’s more and See Also) – but admittingly I was searching for code fragments that were similar to my needs – so it was the code (the How to Do It paragraphs) that I appreciated/needed the most.Also of note, many Maven related examples in the book and downloaded sample applications. Of note in the downloaded source (which may easily be the most valuable resource of this book, as the author produced an incredible amount of great code): * Useful examples of Maven POM dependency configurations * Nice to see hibernate configuration examples with classic persistence.xml settings (in contrast to Springs Pet Clinics XML based persistence layer API). * DAO objects, Glassfish JDBC configuration examples. * Nice interface and implementation services. * Example MVC controllers using Spring Security (very useful to see worked out examples). Again, largely XML based configuration versus annotation based. At the day job, we use a ton of annotation spring security objects as we needed a lot of overriding of core spring security API.Although some amount of examples utilize JDBC wired up with GlassFish (Chapter 7, 8, 9 and 11), and the commercial support for GlassFish has been halted by Oracle, the community version is still very active and working through these examples are largely unaffected by this issue.Chapter 1 of the Spring Security Cookbook dives into the topic of security with Java Authentication and Authorization Service (JAAS) - which I hadn't any experience with (typically using a framework of one type of another over the years to obtain these common services). The point I want to make here was this chapter didn't help me with the Spring Integration issues I has having – but did introduce me to some related and legacy core java services – and it was interesting reading. Having not known about these services to begin with, I admit I was a bit lost immediately and had me wondering what up, so to speak. Very interesting code in Chapter 11 examines implementing JAAS with Spring Security.Also, in review of many of the following chapters, (Spring Security with Struts, JSF, Grails, GWT, Vaadin, Wicket) I wanted to note that my development was classic JSP, Web 3.0 servlets and Spring MVC Core services through a standard Maven Eclipse project.Fortunately, the code fragments in the book of each of these frameworks required similar solutions to some of the problems I was having (and many were MVC based anyway) – and were useful. Even if the frameworks being discussed were not of particularly of interest to me (for my current job).Chapter 10 – Spring Security with Spring Web Services is a technology that I will be searching for solutions in about 2 months – as we begin to implement our ESB, as securing our Web services will be a hot topic for some time (very useful to see the cxf-servlet.xml example and generated Apache CXF WSDL here).To summarize, as there are a ton of issues I could write about (Java based configuration versus XML based configuration – both in the Spring MVC and Spring Security worlds for example), I wanted to close with an acknowledgment and recognition of the tremendous amount of work it took to build out all of the samples and code in Spring Security 3.x Cookbook – just wanted to say nice work!

First, I would like to thank Packt Publishing, for offering me this eBook.Here is my review about this book :It’s a great recipe of good practices, the reader can learn trough simple steps.It's a great way to learn spring security in combination with various frameworks, especially with spring social.I particulary appreciated the part where the author implements his own oauth access.Additionaly, you can download examples of code, given by the author, to complete your practice.At the end, it’s a great book to improve skills in security, and Spring Security developments.

This book has an interesting approach to the cookbook theme - most recipes describe integrating the Spring Security framework with a specific web framework. If you're just starting out with Spring Security, or applying it to a new framework, this book will save you a lot of time - well worth the book's price. These include Struts 2, JSF, Grails, GWT, Vaadin, Wicket and web services (REST and SOAP).There are also recipes on using it with Hibernate, MongoDB, JAAS, Captcha, multiple authentication providers, LDAP and Spring Social (OAuth, Facebook, Twitter). It doesn't go into extending Spring to do things like locking users out or counting invalid authentication attempts, etc. but covers basic authentication and authorization in the various use cases. There's probably room for another cookbook on extension recipes.I found this very useful for the Spring Social recipes, but if you're securing a new project this could save you days of work.

Yep, it's OK. I bought it mainly for the Grails info. Basic and a bit thin. It should have twice as much material and be twice as expensive.Really we need a book with a good solid grounding in Spring Security Core and UI for Grails. This isn't quite it.