Ben Alex @ Singapore Java MeetUp

This month Singapore Java MeetUp was graciously hosted by Ivan from Standard Chartered. And as usual it was organized by Chris, despite his busy schedule and having 5 months old baby at home.

Ben Alex of SpringSource (previously Interface21) gave a talk on Spring Security 2.0 (currently Milestone 1). Which is not surprising as he is the creator of Spring Security aka Acegi. For those who do not know, Spring Security / Acegi is a security framework for Java application which provides powerful and configurable authentication and authorization functions. It makes our life as developer much easier, as security is one of the tough problems in application development. Of course by using Spring Security alone does not make our application secure, it just help us to secure it easier. It is still up to us to design and configure it properly.

Ben started with the basic introduction on authentication and authorization mechanism. Along the way he did a few demos that show a few different ways of access authorization, from URL filtering, programmatic role checking, to use of annotation on methods or class; and it all took only one or two line changes in the configuration files or source codes.

I believe the most welcome update from version 1.0 to 2.0 is the changes on how the xml configuration is done. Version 1.0 is already quite powerful and has most of the features needed for developing an application, but the configuration file is quite verbose where most of the times we need to declare every single configuration to the lowest level. With version 2.0 of Spring Security, in line with the rest of 2.x Spring portfolios, the configuration is simplified and allows convention over configuration. From the demonstration Ben showed a similarly configured application will have only 16 lines of configuration with Spring Security 2.0 and requires around 130 lines of configuration with Spring Security 1.0.

After the presentation, a bunch of us retired to Penny Black at Clarke Quay. We had a great time discussing different issues from open source licensing and business models to managing and running a company. Ben is such a fun person and very passionate about the issues that were thrown around the tables. I'm looking forward for another opportunity to hear him talk again.