Spring Security in Action

  • 8h 17m
  • Laurenţiu Spilcă
  • Manning Publications
  • 2020

Spring Security in Action shows you how to prevent cross-site scripting and request forgery attacks before they do damage. You’ll start with the basics, simulating password upgrades and adding multiple types of authorization. As your skills grow, you'll adapt Spring Security to new architectures and create advanced OAuth2 configurations. By the time you're done, you'll have a customized Spring Security configuration that protects against threats both common and extraordinary.

Summary

While creating secure applications is critically important, it can also be tedious and time-consuming to stitch together the required collection of tools. For Java developers, the powerful Spring Security framework makes it easy for you to bake security into your software from the very beginning. Filled with code samples and practical examples, Spring Security in Action teaches you how to secure your apps from the most common threats, ranging from injection attacks to lackluster monitoring. In it, you'll learn how to manage system users, configure secure endpoints, and use OAuth2 and OpenID Connect for authentication and authorization.

About the technology

Security is non-negotiable. You rely on Spring applications to transmit data, verify credentials, and prevent attacks. Adopting "secure by design" principles will protect your network from data theft and unauthorized intrusions.

About the book

Spring Security in Action shows you how to prevent cross-site scripting and request forgery attacks before they do damage. You’ll start with the basics, simulating password upgrades and adding multiple types of authorization. As your skills grow, you'll adapt Spring Security to new architectures and create advanced OAuth2 configurations. By the time you're done, you'll have a customized Spring Security configuration that protects against threats both common and extraordinary.

What's inside

  • Encoding passwords and authenticating users
  • Securing endpoints
  • Automating security testing
  • Setting up a standalone authorization server

About the reader

For experienced Java and Spring developers.

About the Author

Laurentiu Spilca is a dedicated development lead and trainer at Endava, with over ten years of Java experience.

In this Book

  • Foreword
  • About This Book
  • Security Today
  • Hello Spring Security
  • Managing Users
  • Dealing with Passwords
  • Implementing Authentication
  • Hands-On—A Small Secured Web Application
  • Configuring Authorization—Restricting Access
  • Configuring Authorization—Applying Restrictions
  • Implementing Filters
  • Applying CSRF Protection and CORS
  • Hands-On—A Separation of Responsibilities
  • How Does OAuth 2 Work?
  • OAuth 2—Implementing the Authorization Server
  • OAuth 2—Implementing the Resource Server
  • OAuth 2—Using JWT and Cryptographic Signatures
  • Global Method Security—Pre- and Postauthorizations
  • Global Method Security—Pre- and Postfiltering
  • Hands-On—An OAuth 2 Application
  • Spring Security for Reactive Apps
  • Spring Security Testing
SHOW MORE
FREE ACCESS