Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Spring Security
Spring Security

Spring Security: Secure your web applications, RESTful services, and microservice architectures , Third Edition

Arrow left icon
Profile Icon Mick Knutson Profile Icon Mularien Profile Icon Robert Winch
Arrow right icon
$35.99 $51.99
Full star icon Full star icon Full star icon Full star icon Half star icon 4.5 (4 Ratings)
eBook Nov 2017 542 pages 3rd Edition
eBook
$35.99 $51.99
Paperback
$64.99
Subscription
Free Trial
Renews at $19.99p/m
Arrow left icon
Profile Icon Mick Knutson Profile Icon Mularien Profile Icon Robert Winch
Arrow right icon
$35.99 $51.99
Full star icon Full star icon Full star icon Full star icon Half star icon 4.5 (4 Ratings)
eBook Nov 2017 542 pages 3rd Edition
eBook
$35.99 $51.99
Paperback
$64.99
Subscription
Free Trial
Renews at $19.99p/m
eBook
$35.99 $51.99
Paperback
$64.99
Subscription
Free Trial
Renews at $19.99p/m

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Table of content icon View table of contents Preview book icon Preview Book

Spring Security

Getting Started with Spring Security

In this chapter, we'll apply a minimal Spring Security configuration to start addressing our first finding—inadvertent privilege escalation due to a lack of 
URL protection, and general authentication from the security audit discussed in Chapter 1, Anatomy of an Unsafe Application. We will then build on the basic configuration to provide a customized experience for our users. This chapter is intended to get you up and running with Spring Security and to provide a foundation for any other security-related tasks you will need to perform.

During the course of this chapter, we will cover the following topics:

  • Implementing a basic level of security on the JBCP calendar application, using the automatic configuration option in Spring Security
  • Learning how to customize both the login and logout experience
  • Configuring Spring Security...

Hello Spring Security

Although Spring Security can be extremely difficult to configure, the creators of the product have been thoughtful and have provided us with a very simple mechanism to enable much of the software's functionality with a strong baseline. From this baseline, additional configuration will allow for a fine level of detailed control over the security behavior of the application.

We'll start with our unsecured calendar application from Chapter 1, Anatomy of an Unsafe Application, and turn it into a site that's secured with a rudimentary username and password authentication. This authentication serves merely to illustrate the steps involved in enabling Spring Security for our web application; you'll see that there are some obvious flaws in this approach that will lead us to make further configuration refinements.

...

A little bit of polish

Stop at this point and think about what we've just built. You may have noticed some obvious issues that will require some additional work and knowledge of the Spring Security product before our application is production-ready. Try to make a list of the changes that you think are required before this security implementation is ready to roll out on the public-facing website.

Applying the Hello World Spring Security implementation was blindingly fast and has provided us with a login page, username, and password-based authentication, as well as the automatic interception of URLs in our calendar application. However, there are gaps between what the automatic configuration setup provides and what our end goal is, which are listed as follows:

  • While the login page is helpful, it's completely generic and doesn't look like the rest of our JBCP calendar...

Summary

In this chapter, we have applied a very basic Spring Security configuration, explained how to customize the user's login and logout experience, and demonstrated how to display basic information, such as a username, in our web application.

In the next chapter, we will discuss how authentication in Spring Security works and how we can customize it to our needs.

Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • Architect solutions that leverage the power of Spring Security while being loosely coupled
  • Implement existing user stores, user sign up, authentication, and supporting AJAX requests
  • Integrate with popular Cloud services such as Zookeeper, Eureka, and Consul, along with advanced techniques, including OAuth, JSON Web Token's (JWS), Hashing, and encryption algorithms

Description

Knowing that experienced hackers are itching to test your skills makes security one of the most difficult and high-pressured concerns of creating an application. The complexity of properly securing an application is compounded when you must also integrate this factor with existing code, new technologies, and other frameworks. Use this book to easily secure your Java application with the tried and trusted Spring Security framework, a powerful and highly customizable authentication and access-control framework. The book starts by integrating a variety of authentication mechanisms. It then demonstrates how to properly restrict access to your application. It also covers tips on integrating with some of the more popular web frameworks. An example of how Spring Security defends against session fixation, moves into concurrency control, and how you can utilize session management for administrative functions is also included. It concludes with advanced security scenarios for RESTful webservices and microservices, detailing the issues surrounding stateless authentication, and demonstrates a concise, step-by-step approach to solving those issues. And, by the end of the book, readers can rest assured that integrating version 4.2 of Spring Security will be a seamless endeavor from start to finish.

Who is this book for?

This book is intended for Java Web and/or RESTful webservice developers and assumes a basic understanding of creating Java 8, Java Web and/or RESTful webservice applications, XML, and the Spring Framework. You are not expected to have any previous experience with Spring Security.

What you will learn

  • Understand common security vulnerabilities and how to resolve them
  • Perform initial penetration testing to uncover common security vulnerabilities
  • Utilize existing corporate infrastructure such as LDAP, Active Directory, Kerberos, OpenID, and OAuth
  • Integrate with popular frameworks such as Spring, Spring-Boot, Spring-Data, jQuery, and AngularJS
  • Deep understanding of the security challenges with RESTful webservices and microservice architectures
  • Integrate Spring with other security infrastructure components like LDAP, Apache Directory server and SAML

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Nov 28, 2017
Length: 542 pages
Edition : 3rd
Language : English
ISBN-13 : 9781787126466
Category :
Languages :
Concepts :
Tools :

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Product Details

Publication date : Nov 28, 2017
Length: 542 pages
Edition : 3rd
Language : English
ISBN-13 : 9781787126466
Category :
Languages :
Concepts :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total $ 162.97
Spring Security
$64.99
Learning Spring Boot 2.0
$48.99
Spring 5 Design Patterns
$48.99
Total $ 162.97 Stars icon
Banner background image

Table of Contents

18 Chapters
Anatomy of an Unsafe Application Chevron down icon Chevron up icon
Getting Started with Spring Security Chevron down icon Chevron up icon
Custom Authentication Chevron down icon Chevron up icon
JDBC-Based Authentication Chevron down icon Chevron up icon
Authentication with Spring Data Chevron down icon Chevron up icon
LDAP Directory Services Chevron down icon Chevron up icon
Remember-Me Services Chevron down icon Chevron up icon
Client Certificate Authentication with TLS Chevron down icon Chevron up icon
Opening up to OAuth 2 Chevron down icon Chevron up icon
Single Sign-On with the Central Authentication Service Chevron down icon Chevron up icon
Fine-Grained Access Control Chevron down icon Chevron up icon
Access Control Lists Chevron down icon Chevron up icon
Custom Authorization Chevron down icon Chevron up icon
Session Management Chevron down icon Chevron up icon
Additional Spring Security Features Chevron down icon Chevron up icon
Migration to Spring Security 4.2 Chevron down icon Chevron up icon
Microservice Security with OAuth 2 and JSON Web Tokens Chevron down icon Chevron up icon
Additional Reference Material Chevron down icon Chevron up icon

Customer reviews

Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.5
(4 Ratings)
5 star 50%
4 star 50%
3 star 0%
2 star 0%
1 star 0%
Jeovany Tenorio Hernandez Mar 02, 2020
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Excelente libro, supero todas mis expectativas
Amazon Verified review Amazon
Dmitry Jun 11, 2020
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This book has a nice introduction. The code can be compiled with maven after some small modifications and googling. The knowledge can be transformed to the Spring Security 5.*
Amazon Verified review Amazon
Daniel Jun 24, 2019
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
Es un buen libro, llega al fondo de los asuntos de Spring Security y ese puede ser su punto débil. Terminas de leerlo, analizándolo un poco y notas que se te escapa una visión global de Security, y que después de todo, en la práctica, no hacía falta llegar tan al detalle de las configuraciones posibles y de las tripas de security y lo que realmente vale no queda del todo claro. Pero es una obra de calidad
Amazon Verified review Amazon
Vishu May 21, 2018
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
A very good introduction to security using Spring, covers a variety of methods and models. I would highly recommend it to anyone using Spring.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.