We are pleased to share a comprehensive review of "Spring Security - Fourth Edition", published by Packt, and written by the reviewer Erica Ayala. This review offers an in-depth exploration of the book's key themes and insights, providing readers with a thorough understanding of its value.
Please find the review below:
Unlock access to the largest independent learning library in Tech for FREE!
Get unlimited access to 7500+ expert-authored eBooks and video courses covering every tech area you can think of.
Renews at £16.99/month. Cancel anytime
Besides testing, security and authentication is definitely my weakest point 😮💨, and since I'm generally bothered by not being good at things 😒, I've been actively trying lately to get better at it.
One of the ways I'm trying to achieve this is by purposely working on tasks in areas that I would like to improve in. Unfortunately, the project I'm currently working on is using a different tech stack than what I'm used to 🫤, and since I'd obviously like to get better working with my own tech stack as well, I decided to dive into "Spring Security". 😊
So one of the first things that the book covers that I found useful is the different authentication methods. This section helped me to prepare a Confluence document to go over with the dev team so we could make a decision on which authentication method to use for our project.
Another thing I found really useful was that the book explains the pros and cons of using 'SecurityContextHolder', 'UserDetailsService', and 'AuthenticationProvider'. It explains the use cases for each one (Yay! I'm learning about use cases! 😁🥳😅), like whether you're looking for simplicity or need more advanced features like remember-me services.
Technically, I'm already familiar with most of those things because I learned how to implement them when I was in bootcamp. But to be honest, the bootcamp was really in-depth up until we started learning about security, and then it was kinda just like "Here's some snippets of code. Put this in such-and-such class". 😕 So it's a good thing that the book also walks you through adding, configuring, and implementing a custom 'UserDetailsService'.
I also got a deep dive into OAuth 2 which previously, I honestly knew nothing about. 🥴😅 The book shows how to set up your own OAuth 2 application and explains the architecture behind it, which was great for a complete n00b like me. 🥴🤣😂
It also went into the advanced features of Spring Security, like protection against Cross-Site Request Forgery (CSRF) and other common vulnerabilities (which was great because the whole CSRF thing consistently kicks my ass every time I have to link a backend to a frontend for a full stack application 😭🤣😂💀☠️). So I was pretty grateful for this section.
The book also details how to configure security headers and goes into setting up security filter chains and using JWTs for securing endpoints. This part was especially helpful since JWT is what I'm most familiar with.
The section on password encoding was definitely helpful because I'm a dunce when it comes to that too. 🥴😅 Thankfully, the book guides you on how to use PasswordEncoders for different security needs.
Honestly, I think this book is a great resource for anyone who struggles with understanding Spring Security and I'd definitely recommend it! 👌🏽
United States
United Kingdom
India
Germany
France
Canada
Russia
Spain
Brazil
Australia
Argentina
Austria
Belgium
Bulgaria
Chile
Colombia
Cyprus
Czechia
Denmark
Ecuador
Egypt
Estonia
Finland
Greece
Hungary
Indonesia
Ireland
Italy
Japan
Latvia
Lithuania
Luxembourg
Malaysia
Malta
Mexico
Netherlands
New Zealand
Norway
Philippines
Poland
Portugal
Romania
Singapore
Slovakia
Slovenia
South Africa
South Korea
Sweden
Switzerland
Taiwan
Thailand
Turkey
Ukraine
