Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Spring Security
Spring Security

Spring Security: Secure your web applications, RESTful services, and microservice architectures , Third Edition

Arrow left icon
Profile Icon Mick Knutson Profile Icon Mularien Profile Icon Robert Winch
Arrow right icon
Free Trial
Full star icon Full star icon Full star icon Full star icon Half star icon 4.5 (4 Ratings)
Paperback Nov 2017 542 pages 3rd Edition
eBook
₱1856.99 ₱2653.99
Paperback
₱3316.99
Subscription
Free Trial
Arrow left icon
Profile Icon Mick Knutson Profile Icon Mularien Profile Icon Robert Winch
Arrow right icon
Free Trial
Full star icon Full star icon Full star icon Full star icon Half star icon 4.5 (4 Ratings)
Paperback Nov 2017 542 pages 3rd Edition
eBook
₱1856.99 ₱2653.99
Paperback
₱3316.99
Subscription
Free Trial
eBook
₱1856.99 ₱2653.99
Paperback
₱3316.99
Subscription
Free Trial

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing
Table of content icon View table of contents Preview book icon Preview Book

Spring Security

Getting Started with Spring Security

In this chapter, we'll apply a minimal Spring Security configuration to start addressing our first finding—inadvertent privilege escalation due to a lack of 
URL protection, and general authentication from the security audit discussed in Chapter 1, Anatomy of an Unsafe Application. We will then build on the basic configuration to provide a customized experience for our users. This chapter is intended to get you up and running with Spring Security and to provide a foundation for any other security-related tasks you will need to perform.

During the course of this chapter, we will cover the following topics:

  • Implementing a basic level of security on the JBCP calendar application, using the automatic configuration option in Spring Security
  • Learning how to customize both the login and logout experience
  • Configuring Spring Security...

Hello Spring Security

Although Spring Security can be extremely difficult to configure, the creators of the product have been thoughtful and have provided us with a very simple mechanism to enable much of the software's functionality with a strong baseline. From this baseline, additional configuration will allow for a fine level of detailed control over the security behavior of the application.

We'll start with our unsecured calendar application from Chapter 1, Anatomy of an Unsafe Application, and turn it into a site that's secured with a rudimentary username and password authentication. This authentication serves merely to illustrate the steps involved in enabling Spring Security for our web application; you'll see that there are some obvious flaws in this approach that will lead us to make further configuration refinements.

...

A little bit of polish

Stop at this point and think about what we've just built. You may have noticed some obvious issues that will require some additional work and knowledge of the Spring Security product before our application is production-ready. Try to make a list of the changes that you think are required before this security implementation is ready to roll out on the public-facing website.

Applying the Hello World Spring Security implementation was blindingly fast and has provided us with a login page, username, and password-based authentication, as well as the automatic interception of URLs in our calendar application. However, there are gaps between what the automatic configuration setup provides and what our end goal is, which are listed as follows:

  • While the login page is helpful, it's completely generic and doesn't look like the rest of our JBCP calendar...

Summary

In this chapter, we have applied a very basic Spring Security configuration, explained how to customize the user's login and logout experience, and demonstrated how to display basic information, such as a username, in our web application.

In the next chapter, we will discuss how authentication in Spring Security works and how we can customize it to our needs.

Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • Architect solutions that leverage the power of Spring Security while being loosely coupled
  • Implement existing user stores, user sign up, authentication, and supporting AJAX requests
  • Integrate with popular Cloud services such as Zookeeper, Eureka, and Consul, along with advanced techniques, including OAuth, JSON Web Token's (JWS), Hashing, and encryption algorithms

Description

Knowing that experienced hackers are itching to test your skills makes security one of the most difficult and high-pressured concerns of creating an application. The complexity of properly securing an application is compounded when you must also integrate this factor with existing code, new technologies, and other frameworks. Use this book to easily secure your Java application with the tried and trusted Spring Security framework, a powerful and highly customizable authentication and access-control framework. The book starts by integrating a variety of authentication mechanisms. It then demonstrates how to properly restrict access to your application. It also covers tips on integrating with some of the more popular web frameworks. An example of how Spring Security defends against session fixation, moves into concurrency control, and how you can utilize session management for administrative functions is also included. It concludes with advanced security scenarios for RESTful webservices and microservices, detailing the issues surrounding stateless authentication, and demonstrates a concise, step-by-step approach to solving those issues. And, by the end of the book, readers can rest assured that integrating version 4.2 of Spring Security will be a seamless endeavor from start to finish.

Who is this book for?

This book is intended for Java Web and/or RESTful webservice developers and assumes a basic understanding of creating Java 8, Java Web and/or RESTful webservice applications, XML, and the Spring Framework. You are not expected to have any previous experience with Spring Security.

What you will learn

  • Understand common security vulnerabilities and how to resolve them
  • Perform initial penetration testing to uncover common security vulnerabilities
  • Utilize existing corporate infrastructure such as LDAP, Active Directory, Kerberos, OpenID, and OAuth
  • Integrate with popular frameworks such as Spring, Spring-Boot, Spring-Data, jQuery, and AngularJS
  • Deep understanding of the security challenges with RESTful webservices and microservice architectures
  • Integrate Spring with other security infrastructure components like LDAP, Apache Directory server and SAML

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Nov 28, 2017
Length: 542 pages
Edition : 3rd
Language : English
ISBN-13 : 9781787129511
Category :
Languages :
Concepts :
Tools :

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing

Product Details

Publication date : Nov 28, 2017
Length: 542 pages
Edition : 3rd
Language : English
ISBN-13 : 9781787129511
Category :
Languages :
Concepts :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just ₱260 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just ₱260 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total 8,318.97
Spring Security
₱3316.99
Learning Spring Boot 2.0
₱2500.99
Spring 5 Design Patterns
₱2500.99
Total 8,318.97 Stars icon
Banner background image

Table of Contents

18 Chapters
Anatomy of an Unsafe Application Chevron down icon Chevron up icon
Getting Started with Spring Security Chevron down icon Chevron up icon
Custom Authentication Chevron down icon Chevron up icon
JDBC-Based Authentication Chevron down icon Chevron up icon
Authentication with Spring Data Chevron down icon Chevron up icon
LDAP Directory Services Chevron down icon Chevron up icon
Remember-Me Services Chevron down icon Chevron up icon
Client Certificate Authentication with TLS Chevron down icon Chevron up icon
Opening up to OAuth 2 Chevron down icon Chevron up icon
Single Sign-On with the Central Authentication Service Chevron down icon Chevron up icon
Fine-Grained Access Control Chevron down icon Chevron up icon
Access Control Lists Chevron down icon Chevron up icon
Custom Authorization Chevron down icon Chevron up icon
Session Management Chevron down icon Chevron up icon
Additional Spring Security Features Chevron down icon Chevron up icon
Migration to Spring Security 4.2 Chevron down icon Chevron up icon
Microservice Security with OAuth 2 and JSON Web Tokens Chevron down icon Chevron up icon
Additional Reference Material Chevron down icon Chevron up icon

Customer reviews

Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.5
(4 Ratings)
5 star 50%
4 star 50%
3 star 0%
2 star 0%
1 star 0%
Jeovany Tenorio Hernandez Mar 02, 2020
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Excelente libro, supero todas mis expectativas
Amazon Verified review Amazon
Dmitry Jun 11, 2020
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This book has a nice introduction. The code can be compiled with maven after some small modifications and googling. The knowledge can be transformed to the Spring Security 5.*
Amazon Verified review Amazon
Daniel Jun 24, 2019
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
Es un buen libro, llega al fondo de los asuntos de Spring Security y ese puede ser su punto débil. Terminas de leerlo, analizándolo un poco y notas que se te escapa una visión global de Security, y que después de todo, en la práctica, no hacía falta llegar tan al detalle de las configuraciones posibles y de las tripas de security y lo que realmente vale no queda del todo claro. Pero es una obra de calidad
Amazon Verified review Amazon
Vishu May 21, 2018
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
A very good introduction to security using Spring, covers a variety of methods and models. I would highly recommend it to anyone using Spring.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is included in a Packt subscription? Chevron down icon Chevron up icon

A subscription provides you with full access to view all Packt and licnesed content online, this includes exclusive access to Early Access titles. Depending on the tier chosen you can also earn credits and discounts to use for owning content

How can I cancel my subscription? Chevron down icon Chevron up icon

To cancel your subscription with us simply go to the account page - found in the top right of the page or at https://subscription.packtpub.com/my-account/subscription - From here you will see the ‘cancel subscription’ button in the grey box with your subscription information in.

What are credits? Chevron down icon Chevron up icon

Credits can be earned from reading 40 section of any title within the payment cycle - a month starting from the day of subscription payment. You also earn a Credit every month if you subscribe to our annual or 18 month plans. Credits can be used to buy books DRM free, the same way that you would pay for a book. Your credits can be found in the subscription homepage - subscription.packtpub.com - clicking on ‘the my’ library dropdown and selecting ‘credits’.

What happens if an Early Access Course is cancelled? Chevron down icon Chevron up icon

Projects are rarely cancelled, but sometimes it's unavoidable. If an Early Access course is cancelled or excessively delayed, you can exchange your purchase for another course. For further details, please contact us here.

Where can I send feedback about an Early Access title? Chevron down icon Chevron up icon

If you have any feedback about the product you're reading, or Early Access in general, then please fill out a contact form here and we'll make sure the feedback gets to the right team. 

Can I download the code files for Early Access titles? Chevron down icon Chevron up icon

We try to ensure that all books in Early Access have code available to use, download, and fork on GitHub. This helps us be more agile in the development of the book, and helps keep the often changing code base of new versions and new technologies as up to date as possible. Unfortunately, however, there will be rare cases when it is not possible for us to have downloadable code samples available until publication.

When we publish the book, the code files will also be available to download from the Packt website.

How accurate is the publication date? Chevron down icon Chevron up icon

The publication date is as accurate as we can be at any point in the project. Unfortunately, delays can happen. Often those delays are out of our control, such as changes to the technology code base or delays in the tech release. We do our best to give you an accurate estimate of the publication date at any given time, and as more chapters are delivered, the more accurate the delivery date will become.

How will I know when new chapters are ready? Chevron down icon Chevron up icon

We'll let you know every time there has been an update to a course that you've bought in Early Access. You'll get an email to let you know there has been a new chapter, or a change to a previous chapter. The new chapters are automatically added to your account, so you can also check back there any time you're ready and download or read them online.

I am a Packt subscriber, do I get Early Access? Chevron down icon Chevron up icon

Yes, all Early Access content is fully available through your subscription. You will need to have a paid for or active trial subscription in order to access all titles.

How is Early Access delivered? Chevron down icon Chevron up icon

Early Access is currently only available as a PDF or through our online reader. As we make changes or add new chapters, the files in your Packt account will be updated so you can download them again or view them online immediately.

How do I buy Early Access content? Chevron down icon Chevron up icon

Early Access is a way of us getting our content to you quicker, but the method of buying the Early Access course is still the same. Just find the course you want to buy, go through the check-out steps, and you’ll get a confirmation email from us with information and a link to the relevant Early Access courses.

What is Early Access? Chevron down icon Chevron up icon

Keeping up to date with the latest technology is difficult; new versions, new frameworks, new techniques. This feature gives you a head-start to our content, as it's being created. With Early Access you'll receive each chapter as it's written, and get regular updates throughout the product's development, as well as the final course as soon as it's ready.We created Early Access as a means of giving you the information you need, as soon as it's available. As we go through the process of developing a course, 99% of it can be ready but we can't publish until that last 1% falls in to place. Early Access helps to unlock the potential of our content early, to help you start your learning when you need it most. You not only get access to every chapter as it's delivered, edited, and updated, but you'll also get the finalized, DRM-free product to download in any format you want when it's published. As a member of Packt, you'll also be eligible for our exclusive offers, including a free course every day, and discounts on new and popular titles.