Numerous businesses are acquiring computational capabilities from online cloud service platforms and embracing a primary reliance on the cloud for the development of most applications. This shift has prompted a transformation in the design of applications.

Figure 1.1 – Monolithic versus layered versus SOA versus microservices

The selection of the most suitable application architecture is contingent upon your specific business requirements. We will explore four architectural options designed to facilitate digital transformation and tailored to meet general business needs

Monolithic architecture

A traditional architecture where the entire application is constructed as a unified and closely integrated entity.

While it is easy to develop and deploy initially, scaling and maintaining it can pose challenges as the project expands.

N-Tier architecture (layered architecture)

N-tier architecture, also...

It’s early in the morning at your job as a software developer for the Jim Bob Circle Pants Online Calendar (JBCPCalendar.com), and you’re halfway through your first cup of coffee when you get the following email from your supervisor:

Figure 1.2 – The email from the supervisor

What? You didn’t think about security when you designed the application? In fact, at this point, you are not even sure what a security audit is. Sounds like you’ll have a lot to learn from the security auditors! Later in this chapter, we will review what an audit is, along with the results of an audit. First, let’s spend a bit of time examining the application that’s under review.

Exploring the example application

Although we’ll be working through a contrived scenario as we progress through this book, the design of the application and the changes that we’ll make to it are drawn from the...

In this section, we will meticulously examine the outcomes of our security audit, shedding light on the vulnerabilities and areas of concern within our application’s security landscape. We’ll dissect the audit results and embark on a journey to explore various effective strategies and patterns to secure and mitigate these identified risks. This chapter serves as a roadmap for enhancing the robustness of our application’s security, ensuring it stays resilient against potential threats and vulnerabilities.

Authentication

Authentication is one of two key security concepts that you must internalize when developing secure applications (the other being authorization). Authentication identifies who is attempting to request a resource. You may be familiar with authentication in your daily online and offline life, in very different contexts, as follows:

• Credential-based authentication: When you log in to your web-based...

We have endeavored to make the application as easy to run as possible by focusing on some basic tools and technologies that almost every Spring developer would have on their development machine. Nevertheless, we have provided the Getting started section as supplementary information in the Getting started with the JBCP calendar sample code section in the Appendix, Additional Reference Material.

The primary method for integrating with the sample code is providing projects that are compatible with Gradle and Maven. Since many IDEs have rich integration with Gradle and Maven, users should be able to import the code into any IDE that supports either Gradle or Maven. As many developers use Gradle and Maven, we felt this was the most straightforward method of packaging the examples. Whatever development environment you are familiar with, hopefully, you will find a way to work through the examples in this book.

Many IDEs provide Gradle or Maven tooling that can...

In this chapter, we have reviewed the common points of risk in an unsecured web application and the basic architecture of our example application. We began by scrutinizing the audit results, highlighting the areas of concern and potential vulnerabilities. The chapter then branched into key security concepts, including authentication, authorization, and database credential security. We also discussed the strategies for securing the application based on the spring framework.

In the next chapter, we’ll explore how to get Spring Security set up quickly and get a basic understanding of how it works.