'
Anatomy of an Unsafe Application
The JBCP calendar application architecture
Using Spring Security 3.1 to address security concerns
Getting Started with Spring Security
Logging in new users using SecurityContextHolder

Creating a custom UserDetailsService object
Creating a custom AuthenticationProvider object
Which authentication method to use
Using Spring Security's default JDBC authentication
Configuring embedded LDAP integration
Configuring an LDAP server reference
Understanding how Spring LDAP authentication works
Authenticating user credentials
Determining user role membership
Mapping additional attributes of UserDetails
Configuring basic password comparison
LDAP password encoding and storage
Configuring UserDetailsContextMapper
Viewing additional user details
Using an alternate password attribute
Using LDAP as UserDetailsService
Configuring LdapUserDetailsService
Integrating with an external LDAP server
Explicit LDAP bean configuration
Configuring LdapAuthenticationProvider
Integrating with Microsoft Active Directory via LDAP
The token-based remember-me feature
Restricting the remember-me feature to an IP address
Client Certificate Authentication
How client certificate authentication works
Setting up client certificate authentication infrastructure
Configuring client certificate authentication in Spring Security
Configuring client certificate authentication using Spring Beans
Considerations when implementing Client Certificate authentication
Enabling OpenID authentication with Spring Security
Additional required dependencies
The OpenID user registration problem
Implementing user registration with OpenID
Automatic redirection to the OpenID Provider
Single Sign-on with Central Authentication Service
Introducing Central Authentication Service
Configuring basic CAS integration
Proxy ticket authentication for stateless services
Getting UserDetails from a CAS assertion
Spring Expression Language (SpEL) integration
Using access control lists for business object security
Basic configuration of Spring Security ACL support
Custom ACL permission declaration
Mutable ACLs and authorization
Considerations for a typical ACL deployment
Should I use Spring Security ACL
Configuring to use a UnanimousBased access decision manager
Customizing request authorization
Creating a custom PermissionEvaluator
Configuring session fixation protection
Restricting the number of concurrent sessions per user
How Spring Security uses the HttpSession
Integrating with Other Frameworks
Integrating with Java Server Faces (JSF)
Google Web Toolkit (GWT) integration
Migration to Spring Security 3.1
Migrating from Spring Security 2
Enhancements in Spring Security 3
Changes to configuration in Spring Security 3
Changes to CustomAfterInvocationProvider
Changes to packages and classes