Preface

• Who this book is for
• What this book covers
• To get the most out of this book
• Download the example code files
• Code in Action
• Conventions used
• Get in touch
• Share Your Thoughts

1. Part 1: Fundamentals of Application Security

2. Chapter 1: Anatomy of an Unsafe Application FREE CHAPTER

• Exploring software architecture styles
• Understanding security audit
• Addressing the security audit findings
• Technical requirements
• Summary

3. Chapter 2: Getting Started with Spring Security

• Hello Spring Security
• A little bit of polish
• Summary

4. Chapter 3: Custom Authentication

• Authentication architecture in Spring Security
• Exploring the JBCP calendar architecture
• Logging in new users using SecurityContextHolder
• Creating a custom UserDetailsService object
• Creating a custom AuthenticationProvider object
• Which authentication method should you use?
• Summary

5. Part 2: Authentication Techniques

6. Chapter 4: JDBC-based Authentication

• Installing the required dependencies
• Using the H2 database
• The default user schema of Spring Security
• Exploring UserDetailsManager interface
• Support for a custom schema
• Configuring secure passwords
• Exploring the PasswordEncoder interface
• Using salt in Spring Security
• Trying out salted passwords
• Summary

7. Chapter 5: Authentication with Spring Data

• Spring Data JPA
• Refactoring from SQL to ORM
• Application services
• The UserDetailsService object
• Document database implementation with MongoDB
• Summary

8. Chapter 6: LDAP Directory Services

• Understanding LDAP
• Understanding how Spring LDAP authentication works
• Determining roles with Jxplorer
• Configuring the UserDetailsContextMapper object
• Updating AccountController to use LdapUserDetailsService
• Explicit LDAP bean configuration
• Integrating with Microsoft Active Directory via LDAP
• Summary

9. Chapter 7: Remember-me Services

• What is remember-me?
• SHA-256 Algorithm
• Is remember-me secure?
• Configuring the persistent-based remember-me feature
• The remember-me architecture
• Custom cookie and HTTP parameter names
• Summary

10. Chapter 8: Client Certificate Authentication with TLS

• How does client certificate authentication work?
• Configuring client certificate authentication using Spring beans
• Summary

11. Part 3: Exploring OAuth 2 and SAML 2

12. Chapter 9: Opening up to OAuth 2

• The Promising World of OAuth 2
• Additional OAuth 2 providers
• Is OAuth 2 secure?
• Summary

13. Chapter 10: SAML 2 Support

• What is SAML?
• SAML 2.0 Login with Spring Security
• Overriding SAML Spring Boot Auto Configuration
• Performing Single Logout
• Summary

14. Part 4: Enhancing Authorization Mechanisms

15. Chapter 11: Fine-Grained Access Control

• Integrating Spring Expression Language (SpEL)
• Conditional rendering with the Thymeleaf Spring Security tag library
• JSR-250 compliant standardized rules
• Summary

16. Chapter 12: Access Control Lists

• The conceptual module of an ACL
• ACLs in Spring Security
• Basic configuration of Spring Security ACL support
• Advanced ACL topics
• Considerations for a typical ACL deployment
• Summary

17. Chapter 13: Custom Authorization

• Authorizing the Requests
• Handling of Invocations
• Modifying AccessDecisionManager and AccessDecisionVoter
• Legacy Authorization Components
• Dynamically defining access control to URLs
• Creating a custom expression
• Summary

18. Part 5: Advanced Security Features and Deployment Optimization

19. Chapter 14: Session Management

• Configuring session fixation protection
• Restricting the number of concurrent sessions per user
• Configuring expired session redirect
• Common problems with concurrency control
• Other benefits of concurrent session control
• Displaying active sessions for a user
• Summary

20. Chapter 15: Additional Spring Security Features

• Security vulnerabilities
• Cross-Site Scripting
• Cross-Site Request Forgery
• Security HTTP response headers
• Testing Spring Security Applications
• Reactive Applications Support
• Summary

21. Chapter 16: Migration to Spring Security 6

• Exploit Protection
• Configuration Migrations
• Applying the migration steps from Spring Security 5.x to Spring Security 6.x
• Summary

22. Chapter 17: Microservice Security with OAuth 2 and JSON Web Tokens

• What are microservices?
• Service-oriented architectures
• Microservice security
• The OAuth 2 specification
• JSON Web Tokens
• JWT Authentication in Spring Security
• OAuth 2 support in Spring Security
• Summary

23. Chapter 18: Single Sign-On with the Central Authentication Service

• Introducing the Central Authentication Service
• High-level CAS authentication flow
• Spring Security and CAS
• Configuring basic CAS integration
• Single Logout
• Clustered environments
• Using proxy tickets
• Customizing the CAS server
• Getting the UserDetails object from a CAS assertion
• Additional CAS capabilities
• Summary

24. Chapter 19: Build GraalVM Native Images

• Introducing GraalVM
• GraalVM images using Buildpacks
• Building a native image using Native Build Tools
• Method Security in GraalVM Native Image
• Summary

25. Index

• Why subscribe?

26. Other Books You May Enjoy

• Packt is searching for authors like you
• Share Your Thoughts
• Download a free PDF copy of this book

Appendix – Additional Reference Material

• Build tools
• Getting started with the JBCP calendar sample code
• Generating a server certificate
• Supplementary materials