Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon

Comprehensive Review of 'Spring Security - Fourth Edition' by Erica Ayala

Save for later
View related Packt books & videos

article-image

We are pleased to share a comprehensive review of "​Spring Security - Fourth Edition", published by Packt, and written by the reviewer Erica Ayala. This review offers an in-depth exploration of the book's key themes and insights, providing readers with a thorough understanding of its value.

comprehensive-review-of-spring-security-fourth-edition-by-erica-ayala-img-0

Please find the review below:

Unlock access to the largest independent learning library in Tech for FREE!
Get unlimited access to 7500+ expert-authored eBooks and video courses covering every tech area you can think of.
Renews at €18.99/month. Cancel anytime

Besides testing, security and authentication is definitely my weakest point 😮‍💨, and since I'm generally bothered by not being good at things 😒, I've been actively trying lately to get better at it.

One of the ways I'm trying to achieve this is by purposely working on tasks in areas that I would like to improve in. Unfortunately, the project I'm currently working on is using a different tech stack than what I'm used to 🫤, and since I'd obviously like to get better working with my own tech stack as well, I decided to dive into "Spring Security". 😊

So one of the first things that the book covers that I found useful is the different authentication methods. This section helped me to prepare a Confluence document to go over with the dev team so we could make a decision on which authentication method to use for our project.

Another thing I found really useful was that the book explains the pros and cons of using 'SecurityContextHolder', 'UserDetailsService', and 'AuthenticationProvider'. It explains the use cases for each one (Yay! I'm learning about use cases! 😁🥳😅), like whether you're looking for simplicity or need more advanced features like remember-me services.

Technically, I'm already familiar with most of those things because I learned how to implement them when I was in bootcamp. But to be honest, the bootcamp was really in-depth up until we started learning about security, and then it was kinda just like "Here's some snippets of code. Put this in such-and-such class". 😕 So it's a good thing that the book also walks you through adding, configuring, and implementing a custom 'UserDetailsService'.

I also got a deep dive into OAuth 2 which previously, I honestly knew nothing about. 🥴😅 The book shows how to set up your own OAuth 2 application and explains the architecture behind it, which was great for a complete n00b like me. 🥴🤣😂

It also went into the advanced features of Spring Security, like protection against Cross-Site Request Forgery (CSRF) and other common vulnerabilities (which was great because the whole CSRF thing consistently kicks my ass every time I have to link a backend to a frontend for a full stack application 😭🤣😂💀☠️). So I was pretty grateful for this section.

The book also details how to configure security headers and goes into setting up security filter chains and using JWTs for securing endpoints. This part was especially helpful since JWT is what I'm most familiar with.

The section on password encoding was definitely helpful because I'm a dunce when it comes to that too. 🥴😅 Thankfully, the book guides you on how to use PasswordEncoders for different security needs.

Honestly, I think this book is a great resource for anyone who struggles with understanding Spring Security and I'd definitely recommend it! 👌🏽