0

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Free Learning

Spring Security

You're reading from Spring Security Secure your web applications, RESTful services, and microservice architectures

Product type Paperback

Published in Nov 2017

Publisher Packt

ISBN-13 9781787129511

Length 542 pages

Edition 3rd Edition

Languages

Java

Tools

Spring

Concepts

Cybersecurity

Authors (3):

Robert Winch

Peter Mularien

Mick Knutson

View More author details

Table of Contents (19) Chapters

Preface

1. Anatomy of an Unsafe Application FREE CHAPTER

2. Getting Started with Spring Security

3. Custom Authentication

4. JDBC-Based Authentication

5. Authentication with Spring Data

6. LDAP Directory Services

7. Remember-Me Services

8. Client Certificate Authentication with TLS

9. Opening up to OAuth 2

10. Single Sign-On with the Central Authentication Service

11. Fine-Grained Access Control

12. Access Control Lists

13. Custom Authorization

14. Session Management

15. Additional Spring Security Features

16. Migration to Spring Security 4.2

17. Microservice Security with OAuth 2 and JSON Web Tokens

18. Additional Reference Material

Getting started with the JBCP calendar sample code

Anatomy of an Unsafe Application

Security is arguably one of the most critical architectural components of any  web-based application written in the 21^st century. In an era where malware, criminals, and rogue employees are always present and actively testing software  for exploits, smart and comprehensive use of security is a key element to any project for which you'll be responsible.

This book is written to follow a pattern of development that, we feel, provides a useful premise for tackling a complex subject—taking a web-based application with a Spring 4.2 foundation, and understanding the core concepts and strategies for securing it with Spring Security 4.2. We complement this approach by providing sample code for each chapter in the form of complete web applications.

Whether you're already using Spring Security or are interested in taking your basic use of the software to the next level of complexity, you'll find something to help you in this book. During the course of this chapter, we will cover the following topics:

The results of a fictional security audit
Some common security problems of web-based applications
Several core software security terms and concepts

If you are already familiar with basic security terminology, you may skip to  Chapter 2, Getting Started with Spring Security, where we start using the basic functionality of the framework.

You have been reading a chapter from

Spring Security - Third Edition

Published in: Nov 2017

Publisher: Packt

ISBN-13: 9781787129511

© 2017 Packt Publishing Limited All Rights Reserved

Register for a free Packt account to unlock a world of extra content!

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at €18.99/month. Cancel anytime

Authors (3)

Mick Knutson

Mick Knutson

Mick Knutson has over 25 years of experience in the IT industry. As a passionate and experienced enterprise technology consultant, Java architect, and software developer, he looks forward to using his unique professional experience to help students learn about software development in an effective, practical, and convenient manner. Mick's real-world expertise comes from providing individuals and mid-to-large-size businesses with advanced software consulting and training. He has collaborated with many notable clients and partners including VMware, Spring Source, FuseSource, Global Knowledge, and Knowledge United. His technical expertise includes OOA/OOD/OOP, Java, Java EE, Spring Security, Oracle, Enterprise Integration, and Message-Oriented Middleware (MOM). As a veteran of the IT industry, Mick is determined to help as many people as possible and show that anyone can become a software developer. He has spoken around the world at training seminars, luncheons, book publishing engagements, and white paper engagements. He has authored several technical books and articles on Spring Security, Java EE 6, HTTP, and VisualVM. He is also a featured blogger at DZone, where he is part of the curated Most Valuable Blogger (MVB) group. Having lived and breathed software development for over two decades, Mick enjoys translating complex technical concepts into plain English for different audiences. Whether he is helping an experienced software professional or someone who is new to the field, he can simplify even the most intricate IT concepts. Mick's mission is to use his seasoned professional experience to help anyone who wants to learn about software development. As an expert and professional, Mick designs his training courses to make the learning experience as enriching, seamless, and convenient as possible so that you can master software development in the shortest amount of time. Learn from an expert. Mick warmly looks forward to helping you learn software development in the right way so that you can maximize both your money and your time. You can also refer to his following books: Spring Security Third Edition Distributed Configuration with Spring Cloud Config Java EE6 Cookbook HTTP Reference Card (DZone) VisualVM Reference Card (DZone) You can also refer to his video on BASELogic available on YouTube. You can also connect with him on the following social media sites: LinkedIn (mickknutson) Twitter (mickknutson) GitHub (mickknutson) Bitbucket (mickknutson) Udemy video series (MickKnutson) Facebook (BASELogic) Google+ (BASElogic)

See other products by Mick Knutson

Mularien

Mularien

Peter Mularien is an experienced software architect and engineer, and the author of the book Spring Security 3, Packt Publishing. Peter currently works for a large financial services company and has over 12 years consulting and product experience in Java, Spring, Oracle, and many other enterprise technologies. He is also the reviewer of this book.

See other products by Mularien

Robert Winch

Robert Winch

Robert Winch is currently a senior software engineer at VMware and is the project lead of the Spring Security framework. In the past, he has worked as a software architect at Cerner, the largest provider of electronic medical systems in the US, securing healthcare applications. Throughout his career, he has developed hands-on experience integrating Spring Security with an array of security standards (that is, LDAP, SAML, CAS, OAuth, and so on). Before he was employed at Cerner, he worked as an independent web contractor in proteomics research at Loyola University Chicago and on the Globus Toolkit at Argonne National Laboratory.

See other products by Robert Winch

Other recommended products

Related to this chapter

Hands-On Spring Security 5 for Reactive Applications

Hands-On Spring Security 5 for Reactive Applications

Security is one of the most vital concerns for any organization. The complexity of an application is compounded when you need to integrate security with existing code, new technology, and other frameworks. This book will show you how to effectively write Java code that is robust and easy to maintain.

Jul 2018 8h 56m

Hands-On Spring Security 5 for Reactive Applications

Hands-On Spring Security 5 for Reactive Applications

Security is one of the most vital concerns for any organization. The complexity of an application is compounded when you need to integrate security with existing code, new technology, and other frameworks. This book will show you how to effectively write Java code that is robust and easy to maintain.

Jul 2018 8h 56m

OAuth 2.0 Cookbook

OAuth 2.0 Cookbook

OAuth 2.0 is a standard protocol for authorization and focuses on client development simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and so on. This book also provides useful recipes for solving real-life problems using Spring Security and creating Android applications.

Oct 2017 14h 0m

OAuth 2.0 Cookbook

OAuth 2.0 Cookbook

OAuth 2.0 is a standard protocol for authorization and focuses on client development simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and so on. This book also provides useful recipes for solving real-life problems using Spring Security and creating Android applications.

Oct 2017 14h 0m

OAuth 2.0 Cookbook

OAuth 2.0 Cookbook

OAuth 2.0 is a standard protocol for authorization and focuses on client development simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and so on. This book also provides useful recipes for solving real-life problems using Spring Security and creating Android applications.

Oct 2017 14h 0m

Spring Boot 2.0 Projects

Spring Boot 2.0 Projects

Spring is one of the best tools to develop web, enterprise, and cloud ready software in the market. The goal of Spring Boot is to provide a set of tools for building Spring applications that run production-grade based applications. This book will teach you features of Spring Boot 2.0 by building interesting real-world projects.

Jul 2018 11h 12m

Spring Boot 2.0 Projects

Spring Boot 2.0 Projects

Spring is one of the best tools to develop web, enterprise, and cloud ready software in the market. The goal of Spring Boot is to provide a set of tools for building Spring applications that run production-grade based applications. This book will teach you features of Spring Boot 2.0 by building interesting real-world projects.

Jul 2018 11h 12m

Spring 5.0 Cookbook

Spring 5.0 Cookbook

The upcoming version of the Spring Framework has a lot to offer, above and beyond the platform upgrade to Java 9, and this book will show you all you need to know to overcome the common to advanced problems you might face while developing in Spring 5.0.

Sep 2017 22h 20m

Spring 5.0 Cookbook

Spring 5.0 Cookbook

The upcoming version of the Spring Framework has a lot to offer, above and beyond the platform upgrade to Java 9, and this book will show you all you need to know to overcome the common to advanced problems you might face while developing in Spring 5.0.

Sep 2017 22h 20m

Spring 5.0 Projects

Spring 5.0 Projects

Spring makes it simple to create RESTful applications, interact with social services, communicate with modern databases, secure your system, and make your code modular and easy to test. This book will show you how to build various projects in Spring 5.0, using its various features as well as third party tools.

Feb 2019 14h 44m

Spring 5.0 Projects

Spring 5.0 Projects

Spring makes it simple to create RESTful applications, interact with social services, communicate with modern databases, secure your system, and make your code modular and easy to test. This book will show you how to build various projects in Spring 5.0, using its various features as well as third party tools.

Feb 2019 14h 44m

Mastering Spring 5

Mastering Spring 5

Spring 5.1 is the latest new release of the widely used Spring framework and consists a myriad of exciting new features that has changed the way the framework is used. Mastering Spring 5 shows you this evolution - from solving the problems of developing testable applications to building distributed applications on the cloud.

Jul 2019 19h 56m

Personalised recommendations for you

Based on your interests and search pattern

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m