In this chapter, we have gone into the details of the complex, yet powerful Spring Python Security architecture, and seen how flexible and configurable it is. We looked at the challenges of coding security into an application and came up with a list of requirements for a useful security solution. Throughout the chapter, we saw how Spring Python Security met those requirements.
We developed a simple application, and then applied simple, hard-coded testable security. Later on, we saw how it was possible to easily swap this out with a SQL-driven solution thanks to Spring Python's IoC container. We also explored configuring an LDAP solution.
We finished be seeing how to easily add our own custom security extensions that easily plug in to Spring Python Security.
We also frankly observed that using Spring Python Security takes some careful configuration. Hopefully this book has lowered the bar to make it more accessible.
In this chapter, we covered:
- Security problems software developers have to deal with and effectively coding solutions is very challenging
- There are many requirements involved with building a security framework, and Spring Python meets them all
- We wrapped an unsecured application with a simple solution that cleanly protects the app by delegating to a security controller
- The concept of authenticating who the user is, and determining what they are authorized to do
- Testing the security of our application is possible, practical, and necessary
- We configured a SQL-based security system, including adapting to a custom user/role schema
- We configured an LDAP-based security system
- We explored making our application support multiple user communities or migrating from one security system to another with no downtime
- We looked at how to code our own security extension for systems not yet supported out-of-the-box by Spring Python Security
In the next chapter, we will explore ways to connect systems together over remote links using the Spring way.