Search icon Close icon
Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Checkout

Change country

Modal Close icon
Country selected Country selected
country flag United States
Country selected
country flag Great Britain
Country selected
country flag India
Country selected
country flag Germany
Country selected
country flag France
Country selected
country flag Canada
Country selected
country flag Russia
Country selected
country flag Spain
Country selected
country flag Brazil
Country selected
country flag Australia
Country selected
country flag Singapore
Country selected
country flag Hungary
Country selected
country flag Ukraine
Country selected
country flag Luxembourg
Country selected
country flag Estonia
Country selected
country flag Lithuania
Country selected
country flag South Korea
Country selected
country flag Turkey
Country selected
country flag Switzerland
Country selected
country flag Colombia
Country selected
country flag Taiwan
Country selected
country flag Chile
Country selected
country flag Norway
Country selected
country flag Ecuador
Country selected
country flag Indonesia
Country selected
country flag New Zealand
Country selected
country flag Cyprus
Country selected
country flag Denmark
Country selected
country flag Finland
Country selected
country flag Poland
Country selected
country flag Malta
Country selected
country flag Czechia
Country selected
country flag Austria
Country selected
country flag Sweden
Country selected
country flag Italy
Country selected
country flag Egypt
Country selected
country flag Belgium
Country selected
country flag Portugal
Country selected
country flag Slovenia
Country selected
country flag Ireland
Country selected
country flag Romania
Country selected
country flag Greece
Country selected
country flag Argentina
Country selected
country flag Netherlands
Country selected
country flag Bulgaria
Country selected
country flag Latvia
Country selected
country flag South Africa
Country selected
country flag Malaysia
Country selected
country flag Japan
Country selected
country flag Slovakia
Country selected
country flag Philippines
Country selected
country flag Mexico
Country selected
country flag Thailand
Country selected
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletter Hub
Free Learning
Arrow right icon
timer SALE ENDS IN
0 Days
:
00 Hours
:
00 Minutes
:
00 Seconds
Arrow up icon
GO TO TOP
Spring Security

You're reading from   Spring Security Secure your web applications, RESTful services, and microservice architectures

Arrow left icon
Product type Paperback
Published in Nov 2017
Publisher Packt
ISBN-13 9781787129511
Length 542 pages
Edition 3rd Edition
Languages
Tools
Concepts
Arrow right icon
Authors (3):
Arrow left icon
Robert Winch Robert Winch
Author Profile Icon Robert Winch
Robert Winch
Robert Winch is currently a senior software engineer at VMware and is the project lead of the Spring Security framework. In the past, he has worked as a software architect at Cerner, the largest provider of electronic medical systems in the US, securing healthcare applications. Throughout his career, he has developed hands-on experience integrating Spring Security with an array of security standards (that is, LDAP, SAML, CAS, OAuth, and so on). Before he was employed at Cerner, he worked as an independent web contractor in proteomics research at Loyola University Chicago and on the Globus Toolkit at Argonne National Laboratory.
Read more
See other products by Robert Winch
Peter Mularien Peter Mularien
Author Profile Icon Peter Mularien
Peter Mularien
Peter Mularien is an experienced software architect and engineer, and the author of the book Spring Security 3, Packt Publishing. Peter currently works for a large financial services company and has over 12 years consulting and product experience in Java, Spring, Oracle, and many other enterprise technologies. He is also the reviewer of this book.
Read more
See other products by Peter Mularien
Mick Knutson Mick Knutson
Author Profile Icon Mick Knutson
Mick Knutson
With nearly two decades of experience working in the IT industry in various roles as Enterprise technology consultant, Java Architect, project leader, Engineer, Designer and Developer, Mr. Knutson has gained a wide variety of experience in disciplines including JavaEE, Web Services, Mobile Computing and Enterprise Integration Solutions.nnOver the course of his career, Mr. Knutson has enjoyed long lasting partnerships with many of the most recognizable names in the Health Care, Financial, Banking, Insurance, Manufacturing, Telecommunications, Utilities, Product Distribution, Industrial and Electronics industries employing industry standard full software life cycle methodologies including the Rational Unified Process (RUP), Agile, SCRUM, and Extreme Programming (XP).nnMr. Knutson has also undertaken speaking engagements, training seminars, white paper and book publishing engagements world-wide.
Read more
See other products by Mick Knutson
Arrow right icon
View More author details
Toc

Table of Contents (19) Chapters Close

Preface 1. Anatomy of an Unsafe Application FREE CHAPTER 2. Getting Started with Spring Security 3. Custom Authentication 4. JDBC-Based Authentication 5. Authentication with Spring Data 6. LDAP Directory Services 7. Remember-Me Services 8. Client Certificate Authentication with TLS 9. Opening up to OAuth 2 10. Single Sign-On with the Central Authentication Service 11. Fine-Grained Access Control 12. Access Control Lists 13. Custom Authorization 14. Session Management 15. Additional Spring Security Features 16. Migration to Spring Security 4.2 17. Microservice Security with OAuth 2 and JSON Web Tokens 18. Additional Reference Material

Configuring session fixation protection

As we are using the security namespace style of configuration, session fixation protection is already configured on our behalf. If we wanted to explicitly configure it to mirror the default settings, we would do the following:

    http.sessionManagement()
    .sessionFixation().migrateSession();

Session fixation protection is a feature of the framework that you most likely won't even notice unless you try to act as a malicious user. We'll show you how to simulate a session-stealing attack; before we do, it's important to understand what session fixation does and the type of attack it prevents.

Understanding session fixation attacks

Session fixation is a type of attack whereby...

lock icon The rest of the chapter is locked
arrow left Previous Section
Section 2 of 8
Next Section arrow right
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $19.99/month. Cancel anytime

Authors (3)

Left arrow icon
Profile icon Mick Knutson
Mick Knutson
With nearly two decades of experience working in the IT industry in various roles as Enterprise technology consultant, Java Architect, project leader, Engineer, Designer and Developer, Mr. Knutson has gained a wide variety of experience in disciplines including JavaEE, Web Services, Mobile Computing and Enterprise Integration Solutions. Over the course of his career, Mr. Knutson has enjoyed long lasting partnerships with many of the most recognizable names in the Health Care, Financial, Banking, Insurance, Manufacturing, Telecommunications, Utilities, Product Distribution, Industrial and Electronics industries employing industry standard full software life cycle methodologies including the Rational Unified Process (RUP), Agile, SCRUM, and Extreme Programming (XP). Mr. Knutson has also undertaken speaking engagements, training seminars, white paper and book publishing engagements world-wide.
Read more
See other products by Mick Knutson
Profile icon Robert Winch
Robert Winch
Robert Winch is currently a senior software engineer at VMware and is the project lead of the Spring Security framework. In the past, he has worked as a software architect at Cerner, the largest provider of electronic medical systems in the US, securing healthcare applications. Throughout his career, he has developed hands-on experience integrating Spring Security with an array of security standards (that is, LDAP, SAML, CAS, OAuth, and so on). Before he was employed at Cerner, he worked as an independent web contractor in proteomics research at Loyola University Chicago and on the Globus Toolkit at Argonne National Laboratory.
Read more
See other products by Robert Winch
Profile icon Mularien
Mularien
Peter Mularien is an experienced software architect and engineer, and the author of the book Spring Security 3, Packt Publishing. Peter currently works for a large financial services company and has over 12 years consulting and product experience in Java, Spring, Oracle, and many other enterprise technologies. He is also the reviewer of this book.
Read more
See other products by Mularien
Right arrow icon

Other recommended products

Related to this chapter
Left arrow icon
Hands-On Spring Security 5 for Reactive Applications
Hands-On Spring Security 5 for Reactive Applications
Read more
Security is one of the most vital concerns for any organization. The complexity of an application is compounded when you need to integrate security with existing code, new technology, and other frameworks. This book will show you how to effectively write Java code that is robust and easy to maintain.
Read more
Jul 2018 8h 56m
OAuth 2.0 Cookbook
OAuth 2.0 Cookbook
Read more
OAuth 2.0 is a standard protocol for authorization and focuses on client development simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and so on. This book also provides useful recipes for solving real-life problems using Spring Security and creating Android applications.
Read more
Oct 2017 14h 0m
Spring Boot 2.0 Projects
Spring Boot 2.0 Projects
Read more
Spring is one of the best tools to develop web, enterprise, and cloud ready software in the market. The goal of Spring Boot is to provide a set of tools for building Spring applications that run production-grade based applications. This book will teach you features of Spring Boot 2.0 by building interesting real-world projects.
Read more
Jul 2018 11h 12m
Spring 5.0 Cookbook
Spring 5.0 Cookbook
Read more
The upcoming version of the Spring Framework has a lot to offer, above and beyond the platform upgrade to Java 9, and this book will show you all you need to know to overcome the common to advanced problems you might face while developing in Spring 5.0.
Read more
Sep 2017 22h 20m
Spring 5.0 Projects
Spring 5.0 Projects
Read more
Spring makes it simple to create RESTful applications, interact with social services, communicate with modern databases, secure your system, and make your code modular and easy to test. This book will show you how to build various projects in Spring 5.0, using its various features as well as third party tools.
Read more
Feb 2019 14h 44m
Mastering Spring 5
Mastering Spring 5
Read more
Spring 5.1 is the latest new release of the widely used Spring framework and consists a myriad of exciting new features that has changed the way the framework is used. Mastering Spring 5 shows you this evolution - from solving the problems of developing testable applications to building distributed applications on the cloud.
Read more
Jul 2019 19h 56m
Learning Spring 5.0
Learning Spring 5.0
Read more
Spring is the most widely used framework for Java programming and with its latest update to 5.0, the framework is undergoing massive changes. Built to work with both Java 8 and Java 9, This book will teach you to simplify the way you write code, while still being able to create robust, enterprise applications using Spring 5.0.
Read more
Jun 2017 14h 4m
Spring Boot 2 Fundamentals
Spring Boot 2 Fundamentals
Read more
Through the Spring Boot Fundamentals book, you will learn how the Spring Framework works and how it helps you to get the job done. You will be able to build a new application from scratch for desktops and mobiles. Your application will persist data in a relational database and provide users a rich user experience using HTML or a RESTful API for JavaScript.
Read more
Nov 2018 9h 36m
Mastering Spring 5.0
Mastering Spring 5.0
Read more
Spring 5.0 is due to arrive with a myriad of new and exciting features that will change the way we've used the framework so far. This book will show you this evolution—from solving the problems of testable applications to building distributed applications on the Cloud.
Read more
Jun 2017 16h 32m
Keycloak - Identity and Access Management for Modern Applications
Keycloak - Identity and Access Management for Modern Applications
Read more
This book is your guide to learning how to install, configure, and manage Keycloak optimally for securing your applications. With the help of easy-to-follow examples, you will gain a complete understanding of Keycloak's various features and how to enable authentication and authorization in applications using it.
Read more
Jun 2021 12h 4m
Learning Spring Boot 2.0
Learning Spring Boot 2.0
Read more
Spring Boot provides a variety of features that address today's business needs with a powerful database and state of the art MVC framework. This practical guide will help you get up and running with all the latest features of Spring Boot.
Read more
Nov 2017 12h 20m
Hands-On High Performance with Spring 5
Hands-On High Performance with Spring 5
Read more
Spring 5.0 brings major advancements in the rich APIs provided by the Spring framework and thus creates a need for developers to master its tools and techniques to achieve high-performing applications. This book will help you improve the speed of your code and optimize the performance of your apps.
Read more
Jun 2018 13h 36m
Right arrow icon

Personalised recommendations for you

Based on your interests and search pattern
Left arrow icon
The Aspiring CIO and CISO
The Aspiring CIO and CISO
Read more
This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.
Read more
Jun 2024 8h 32m
Malware Development for Ethical Hackers
Malware Development for Ethical Hackers
Read more
This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.
Read more
Jun 2024 13h 0m
API Security for White Hat Hackers
API Security for White Hat Hackers
Read more
API Security for White Hat Hackers is a comprehensive guide that simplifies API security by showing you how to identify and fix vulnerabilities. From emerging threats to best practices, this book helps you defend and safeguard your APIs.
Read more
Jun 2024 13h 56m
Securing Cloud PCs and Azure Virtual Desktop
Securing Cloud PCs and Azure Virtual Desktop
Read more
This book covers the fundamentals of Windows 365 and Azure Virtual Desktop, addressing endpoint security challenges. You'll also explore advanced security measures for virtual environments.
Read more
Jun 2024 13h 12m
Cybersecurity Strategies and Best Practices
Cybersecurity Strategies and Best Practices
Read more
This book offers real-world case studies, holistic approaches, and practical guidance to boost your cybersecurity expertise. You'll learn how to align security strategies with business objectives and stay ahead of the evolving threat landscape.
Read more
May 2024 8h 24m
PowerShell for Penetration Testing
PowerShell for Penetration Testing
Read more
Designed for security professionals and aspiring pentesters, this book equips you with the skills and knowledge to exploit vulnerabilities, gain access, and navigate post-exploitation scenarios across diverse platforms.
Read more
May 2024 9h 56m
Securing Industrial Control Systems and Safety Instrumented Systems
Securing Industrial Control Systems and Safety Instrumented Systems
Read more
The book provides a solid understanding of SIS cybersecurity challenges and artifacts required to ensure the safety of mission-critical systems. It also serves as a strong foundation for anyone looking to boost their industrial security skill set.
Read more
Aug 2024 8h 32m
Incident Response for Windows
Incident Response for Windows
Read more
This exhaustive book helps you detect, respond to, and prevent cyberattacks on Windows-based systems by equipping you with the knowledge and tools needed to safeguard your organization's critical assets based on the actual threat landscape.
Read more
Aug 2024 8h 8m
CCSP (ISC)2 Certified Cloud Security Professional Exam Guide
CCSP (ISC)2 Certified Cloud Security Professional Exam Guide
Read more
Explore all aspects of cloud security to pass the CCSP exam and boost your career with this guide packed with use cases, mock exam questions, and tips. You'll be able to apply your new-found knowledge not only to pass the exam but also at work.
Read more
Jun 2024 18h 40m
Cryptography Algorithms
Cryptography Algorithms
Read more
Uncover history, principles, and cutting-edge insights in this new edition. Learn how algorithms defend against attacks and stay current with trends like IoT and quantum cryptography. Elevate your cybersecurity expertise with this essential resource.
Read more
Aug 2024 13h 40m
Right arrow icon