In this chapter of Mastering Spring MVC 4, we’ll learn how to secure our web application and also how to cope with the security challenges of modern, distributed web applications.

This is a parts chapter:

  1. First, we will set up basic HTTP authentication in a minute
  2. Then, we will design a form-based authentication for the web pages, keeping the basic authentication for the REST API
  3. We will allow the users to signup via the Twitter OAuth API
  4. Then, we will leverage Spring Session to make sure our application can scale using a distributed session mechanism
  5. Last, we will configure Tomcat to use secured connection through SSL

Safe and sound

At the end of this chapter you will be a security expert. We will protect our REST API with basic auth, which is secure as well as easy to interact with.

We will also design a gorgeous login page for our web application:

Going social

My favorite part in this chapter is when we use Spring Social to allow users to log-in using their twitter account!

Infinite scaling

We will use Spring Session to put our users’ sessions into Redis with little configuration.

This will allow us to add more servers to handle high traffic without worrying about sticky sessions.


In the end, we will see how to use SSL with tomcat.

I hope you will find the content of this chapter interesting, let me know your thoughts in the comments!