Showing posts from March, 2012

Spring Security ACL

ACL Spring Security tutorial By Andrei Tudose and Ovidiu Gheorghies In this article we show how to implement a simple yet meaningful Spring Security based web application using PostgreSQL as a database backend. The learning curve for effective Spring Security usage was pretty steep for us, and we now write the article we wish we would have had in front of our eyes from the very beginning. As die-hard fans of PostgreSQL for its ease of use, scalability and extensibility, we faced a few perks now and then, but having learned how to deal with them, we are now happy to share.

Most web applications use security to separate those who have to right to perform an action from those who don’t. In its simplest form, this may mean that registered users may post messages, unregistered users may only read them, while administrators can exercise their free will into editing, deleting, banning or generally annoying people. For more complex and realistic applications, one cannot simply u…