You're reading from Spring Security Effectively secure your web apps, RESTful services, cloud apps, and microservice architectures

Product type Paperback

Published in Jun 2024

Publisher Packt

ISBN-13 9781835460504

Length 596 pages

Edition 4th Edition

Languages

Java

Tools

Spring

Concepts

Web Security

Author (1):

Badr Nasslahsen

View More author details

Table of Contents (28) Chapters

Preface

1. Part 1: Fundamentals of Application Security FREE CHAPTER

2. Chapter 1: Anatomy of an Unsafe Application

3. Chapter 2: Getting Started with Spring Security

4. Chapter 3: Custom Authentication

5. Part 2: Authentication Techniques

6. Chapter 4: JDBC-based Authentication

7. Chapter 5: Authentication with Spring Data

8. Chapter 6: LDAP Directory Services

9. Chapter 7: Remember-me Services

10. Chapter 8: Client Certificate Authentication with TLS

11. Part 3: Exploring OAuth 2 and SAML 2

12. Chapter 9: Opening up to OAuth 2

13. Chapter 10: SAML 2 Support

14. Part 4: Enhancing Authorization Mechanisms

15. Chapter 11: Fine-Grained Access Control

16. Chapter 12: Access Control Lists

17. Chapter 13: Custom Authorization

18. Part 5: Advanced Security Features and Deployment Optimization

19. Chapter 14: Session Management

20. Chapter 15: Additional Spring Security Features

21. Chapter 16: Migration to Spring Security 6

22. Chapter 17: Microservice Security with OAuth 2 and JSON Web Tokens

23. Chapter 18: Single Sign-On with the Central Authentication Service

24. Chapter 19: Build GraalVM Native Images

25. Index

Why subscribe?

26. Other Books You May Enjoy

Appendix – Additional Reference Material

Understanding how Spring LDAP authentication works

We saw that we were able to log in using a user-defined in the LDAP directory. But what exactly happens when a user issues a login request for a user in LDAP? There are the following three basic steps to the LDAP authentication process:

Authenticate the credentials supplied by the user against the LDAP directory.
Determine the GrantedAuthority object that the user has, based on their information in LDAP.
Pre-load information from the LDAP entry for the user into a custom UserDetails object for further use by the application.

Authenticating user credentials

For the first step, authentication against the LDAP directory, a custom authentication provider is wired into AuthenticationManager. The o.s.s.ldap.authentication.LdapAuthenticationProvider interface takes the user’s provided credentials and verifies them against the LDAP directory, as illustrated in the following diagram: