Monday, February 11, 2013

"Spring Security 3.1" from Packt

It's almost 3 years since I reviewed "Spring Security 3" from Packt Publishing. How time flies!

Now they just published the updated version, Spring Security 3.1 and asked me again for the review. So, I devoted some time to it, and browsed through the new version of this book.

This time, I used the e-book version (in EPUB format). But, even though it is readable in this format, the source code samples got wrapped in many places, make it more difficult to understand, and the diagrams were partially clipped - well, at least on my reader. Obviously, this is a problem of many technical books, reading them on the kindle-like device is less comfortable. Fortunately, having access to e-book you can also open PDF version, to check things like source code on bigger screen.

Generally, the book is a continuation of the previous edition, which I reviewed in the past. The book has been seriously "refactored", but you can easily spot the core taken from the first edition. The big amount of changes come, I think, from the fact that the primary author has changed: the book is now signed by Robert Winch, the official leader of the Spring Security project.

The final effect is really good - the first edition was already good, and the second is even better - I think the re-arrangement of some chapters and rewriting some of them, made them easier to understand. In my review of the first edition I also listed some things which could be improved - and i noticed some of them were really done in the second edition; some of them didn't, for example I still think it would't harm if some attacks, like XSS, were briefly explained when they are mentioned for the first time, instead of only providing a link to OWASP - in the book which has more than 300 pages adding one paragraph with the description of given attack would cost nothing, and these are kind of things which you'd rather know too much about than too little. However, even if there are some wrinkles left that could be iron out, I must say I haven't found any serious issues with this book.

So, overall, it's a really good guide to Spring Security, if you're planning to start using this framework, it's definitely worth reading!