Getting Started with Spring Security 3.2

@rob_winch

About me

spring security31 book

Agenda

What is spring.io?

spring io

What is Spring Security?

New in Spring Security 3.2

CSRF Protection

POST /sample/110 HTTP/1.1
Host: localhost:8080
Content-Type: application/x-www-form-urlencoded
Cookie: JSESSIONID=8B00C27E0962E363CBAC814F19E51C1D

_method=delete&_csrf=7d281f9f-55d9-4663-88f8-42827f3d2c12

Security HTTP Response Headers

HTTP/1.1 200 OK
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

Learn More. Stay Connected.

#