0

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Free Learning

Spring Security

You're reading from Spring Security Secure your web applications, RESTful services, and microservice architectures

Product type Paperback

Published in Nov 2017

Publisher Packt

ISBN-13 9781787129511

Length 542 pages

Edition 3rd Edition

Languages

Java

Tools

Spring

Concepts

Cybersecurity

Authors (3):

Robert Winch

Peter Mularien

Mick Knutson

View More author details

Table of Contents (19) Chapters

Preface

1. Anatomy of an Unsafe Application FREE CHAPTER

2. Getting Started with Spring Security

3. Custom Authentication

4. JDBC-Based Authentication

5. Authentication with Spring Data

6. LDAP Directory Services

7. Remember-Me Services

8. Client Certificate Authentication with TLS

9. Opening up to OAuth 2

10. Single Sign-On with the Central Authentication Service

11. Fine-Grained Access Control

12. Access Control Lists

13. Custom Authorization

14. Session Management

15. Additional Spring Security Features

16. Migration to Spring Security 4.2

17. Microservice Security with OAuth 2 and JSON Web Tokens

18. Additional Reference Material

Getting started with the JBCP calendar sample code

Conventions

In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning. Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "The next steps involve a series of updates to the web.xml file". A block of code is set as follows:

 //build.gradle:
    dependencies {
        compile "org.springframework.security:spring-security-  
        config:${springSecurityVersion}"
        compile "org.springframework.security:spring-security- 
        core:${springSecurityVersion}"
        compile "org.springframework.security:spring-security- 
        web:${springSecurityVersion}"
        ...
    }

When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:

 [default]
 exten => s,1,Dial(Zap/1|30)
 exten => s,2,Voicemail(u100)
 exten => s,102,Voicemail(b100)
 exten => i,1,Voicemail(s0)

Any command-line input or output is written as follows:

$ ./gradlew idea

New terms and important words are shown in bold.

Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: "In Microsoft Windows, you can view some of the ACL capabilities of a file by right-clicking on a file and examining its security properties (Properties | Security), as shown in the following screenshot".

Warnings or important notes appear like this.

Tips and tricks appear like this.

The rest of the chapter is locked

Register for a free Packt account to unlock a world of extra content!

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (3)

Mick Knutson

Mick Knutson

Mick Knutson has over 25 years of experience in the IT industry. As a passionate and experienced enterprise technology consultant, Java architect, and software developer, he looks forward to using his unique professional experience to help students learn about software development in an effective, practical, and convenient manner. Mick's real-world expertise comes from providing individuals and mid-to-large-size businesses with advanced software consulting and training. He has collaborated with many notable clients and partners including VMware, Spring Source, FuseSource, Global Knowledge, and Knowledge United. His technical expertise includes OOA/OOD/OOP, Java, Java EE, Spring Security, Oracle, Enterprise Integration, and Message-Oriented Middleware (MOM). As a veteran of the IT industry, Mick is determined to help as many people as possible and show that anyone can become a software developer. He has spoken around the world at training seminars, luncheons, book publishing engagements, and white paper engagements. He has authored several technical books and articles on Spring Security, Java EE 6, HTTP, and VisualVM. He is also a featured blogger at DZone, where he is part of the curated Most Valuable Blogger (MVB) group. Having lived and breathed software development for over two decades, Mick enjoys translating complex technical concepts into plain English for different audiences. Whether he is helping an experienced software professional or someone who is new to the field, he can simplify even the most intricate IT concepts. Mick's mission is to use his seasoned professional experience to help anyone who wants to learn about software development. As an expert and professional, Mick designs his training courses to make the learning experience as enriching, seamless, and convenient as possible so that you can master software development in the shortest amount of time. Learn from an expert. Mick warmly looks forward to helping you learn software development in the right way so that you can maximize both your money and your time. You can also refer to his following books: Spring Security Third Edition Distributed Configuration with Spring Cloud Config Java EE6 Cookbook HTTP Reference Card (DZone) VisualVM Reference Card (DZone) You can also refer to his video on BASELogic available on YouTube. You can also connect with him on the following social media sites: LinkedIn (mickknutson) Twitter (mickknutson) GitHub (mickknutson) Bitbucket (mickknutson) Udemy video series (MickKnutson) Facebook (BASELogic) Google+ (BASElogic)

See other products by Mick Knutson

Mularien

Mularien

Peter Mularien is an experienced software architect and engineer, and the author of the book Spring Security 3, Packt Publishing. Peter currently works for a large financial services company and has over 12 years consulting and product experience in Java, Spring, Oracle, and many other enterprise technologies. He is also the reviewer of this book.

See other products by Mularien

Robert Winch

Robert Winch

Robert Winch is currently a senior software engineer at VMware and is the project lead of the Spring Security framework. In the past, he has worked as a software architect at Cerner, the largest provider of electronic medical systems in the US, securing healthcare applications. Throughout his career, he has developed hands-on experience integrating Spring Security with an array of security standards (that is, LDAP, SAML, CAS, OAuth, and so on). Before he was employed at Cerner, he worked as an independent web contractor in proteomics research at Loyola University Chicago and on the Globus Toolkit at Argonne National Laboratory.

See other products by Robert Winch

Other recommended products

Related to this chapter

Hands-On Spring Security 5 for Reactive Applications

Hands-On Spring Security 5 for Reactive Applications

Security is one of the most vital concerns for any organization. The complexity of an application is compounded when you need to integrate security with existing code, new technology, and other frameworks. This book will show you how to effectively write Java code that is robust and easy to maintain.

Jul 2018 8h 56m

Hands-On Spring Security 5 for Reactive Applications

Hands-On Spring Security 5 for Reactive Applications

Security is one of the most vital concerns for any organization. The complexity of an application is compounded when you need to integrate security with existing code, new technology, and other frameworks. This book will show you how to effectively write Java code that is robust and easy to maintain.

Jul 2018 8h 56m

OAuth 2.0 Cookbook

OAuth 2.0 Cookbook

OAuth 2.0 is a standard protocol for authorization and focuses on client development simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and so on. This book also provides useful recipes for solving real-life problems using Spring Security and creating Android applications.

Oct 2017 14h 0m

OAuth 2.0 Cookbook

OAuth 2.0 Cookbook

OAuth 2.0 is a standard protocol for authorization and focuses on client development simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and so on. This book also provides useful recipes for solving real-life problems using Spring Security and creating Android applications.

Oct 2017 14h 0m

OAuth 2.0 Cookbook

OAuth 2.0 Cookbook

OAuth 2.0 is a standard protocol for authorization and focuses on client development simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and so on. This book also provides useful recipes for solving real-life problems using Spring Security and creating Android applications.

Oct 2017 14h 0m

Spring Boot 2.0 Projects

Spring Boot 2.0 Projects

Spring is one of the best tools to develop web, enterprise, and cloud ready software in the market. The goal of Spring Boot is to provide a set of tools for building Spring applications that run production-grade based applications. This book will teach you features of Spring Boot 2.0 by building interesting real-world projects.

Jul 2018 11h 12m

Spring Boot 2.0 Projects

Spring Boot 2.0 Projects

Spring is one of the best tools to develop web, enterprise, and cloud ready software in the market. The goal of Spring Boot is to provide a set of tools for building Spring applications that run production-grade based applications. This book will teach you features of Spring Boot 2.0 by building interesting real-world projects.

Jul 2018 11h 12m

Spring 5.0 Cookbook

Spring 5.0 Cookbook

The upcoming version of the Spring Framework has a lot to offer, above and beyond the platform upgrade to Java 9, and this book will show you all you need to know to overcome the common to advanced problems you might face while developing in Spring 5.0.

Sep 2017 22h 20m

Spring 5.0 Cookbook

Spring 5.0 Cookbook

The upcoming version of the Spring Framework has a lot to offer, above and beyond the platform upgrade to Java 9, and this book will show you all you need to know to overcome the common to advanced problems you might face while developing in Spring 5.0.

Sep 2017 22h 20m

Spring 5.0 Projects

Spring 5.0 Projects

Spring makes it simple to create RESTful applications, interact with social services, communicate with modern databases, secure your system, and make your code modular and easy to test. This book will show you how to build various projects in Spring 5.0, using its various features as well as third party tools.

Feb 2019 14h 44m

Spring 5.0 Projects

Spring 5.0 Projects

Spring makes it simple to create RESTful applications, interact with social services, communicate with modern databases, secure your system, and make your code modular and easy to test. This book will show you how to build various projects in Spring 5.0, using its various features as well as third party tools.

Feb 2019 14h 44m

Mastering Spring 5

Mastering Spring 5

Spring 5.1 is the latest new release of the widely used Spring framework and consists a myriad of exciting new features that has changed the way the framework is used. Mastering Spring 5 shows you this evolution - from solving the problems of developing testable applications to building distributed applications on the cloud.

Jul 2019 19h 56m

Personalised recommendations for you

Based on your interests and search pattern

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m