Preface

Welcome to the world of Spring Security 4.2! We're certainly pleased that you have acquired the only published book fully devoted to Spring Security 4.2. Before we get started with the book, we would like to give you an overview of how the book is organized and how you can get the most out of it.

Once you have read this book, you should be familiar with key security concepts and understand how to solve the majority of the real-world problems that you will need to solve with Spring Security. Through this discovery, you will gain an in-depth understanding of Spring Security's architecture, which will allow you to handle any unexpected use cases the book does not cover.

The book is divided into the following four main sections:

• The first section (Chapter 1, Anatomy of an Unsafe Application and Chapter 2, Getting Started with Spring Security) provides an introduction to Spring Security and allows you to get started with Spring Security quickly
• The second section (Chapter 3, Custom Authentication, Chapter 4, JDBC-Based Authentication, Chapter 5, Authentication with Spring Data, Chapter 6, LDAP Directory Services, Chapter 7, Remember-Me Services, Chapter 8, Client Certificate Authentication with TLS, and Chapter 9, Opening up to OAuth 2) provides in-depth instructions for integrating with a number of different authentication technologies
• The third section (Chapter 10, Single Sign-On with the Central Authentication Service, Chapter 11, Fine-Grained Access Control, and Chapter 12, Access Control Lists) explains how Spring Security's authorization support works
• Finally, the last section (Chapters 13, Custom Authorization, Chapter 14, Session Management, Chapter 15, Additional Spring Security Features, and Chapter 16, Migration to Spring Security 4.2, Chapter 17, Microservice Security with OAuth 2 and JSON Web Tokens) provides information specialized topics and guides that help you perform very specific tasks

Security is a very interwoven concept, and so are many of the topics in the book. However, once you have read through the first three chapters, the rest of the chapters are fairly independent. This means that you can easily skip chapters and still understand what is happening. The goal is to provide a cookbook-style guide that when read in its entirety still helps you develope a clear understanding of Spring Security.

The book uses a simple Spring Web MVC-based application to illustrate how to solve real-world problems. The application is intended to be very simple and straightforward, and deliberately contains very little functionality—the goal of this application is to encourage you to focus on Spring Security concepts and not get tied up in the complexities of application development. You will have a much easier time following the book if you take the time to review the sample application source code and try to follow along with the exercises. Some tips on getting started are found in the Getting started with the JBCP calendar sample code section in Appendix, Additional Reference Material.