Instant Spring Security Starter [Instant]
|Print & eBook also available on:|
- Learn something new in an Instant! A short, fast, focused guide delivering immediate results
- Learn basic login/password and two-phase authentication
- Secure access all the way from frontend to backend
- Learn about the available security models, SPEL, and pragmatic considerations
Table of ContentsSpring Security Starter
- Spring Security Starter
- So, what is Spring Security?
- Quick start – getting the basics right
- Understanding the big picture
- Adding the Spring Security layer
- Step 1 – adding the correct dependencies to your project
- Step 2 – firing up Spring Security using a filter in web.xml
- Step 3 – setting up the security context
- Step 4 – getting the basic web security configuration
- Step 5 – login page
- Top 11 features you need to know about
- Password encoders
- Logging out
- Securing web resources
- HTTPS versus HTTP
- Basic access control
- Expression-based access control
- Web filters
- One-time password and two-phase authentication
- Logged-in user in the backend
- Securing methods
- The power of SPEL
- Writing tests
- Exposing secured RESTful services
- Single-page applications
- Straight approach
- Basic Authentication
- Dealing with the ugly login dialog
- What else you may want to know
- Internet authentication – because login/password is so 80s
- OpenID 2.0
- OAuth 2.0
- People and places you should get to know
- Official sites
- Articles, tutorials, and blogs
Download the code and support files for this book.
Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.
Sorry, there are currently no downloads available for this title.
What you will learn from this book
- Understand two-phase authentication
- Secure methods in the backend
- Write integration tests with access control
- Secure the backend for REST services and single-page applications
When it comes to security, you need a proven but easy to understand solution. Spring Security is a highly customizable authentication and access-control JVM framework with a 10 year history. It has most of the answers to your security questions ready out of the box, while still allowing you to customize and configure everything you need.
Instant Spring Security Starter will help you get started with Spring Security in one evening of reading and one day of programming. Focusing only on the aspects of Spring Security that are most useful in practice, this book explains the architectural concepts of the framework in a simple and straightforward manner.
You will start off by learning the big picture and how to set up Spring Security, which will give you a better understanding of the fundamentals of the framework. You will be introduced to the authentication and authorization flows and the different possible models of security. The book will then teach you how to secure methods and web resources with business rules and will discuss the reasons for using two-phase authentication. You will also learn about aspects that you need to watch out for, and how to deal with them in integration tests. Furthermore, we will also cover the common pitfalls, mistakes, and open Single Sign-on solutions. By the end of the book, you will have learned how to use Spring Security effectively, and the book will also show you a few advanced but very popular solutions to modern problems.
Get to grips with a new technology, understand what it is and what it can do for you, and then get to work with the most important features and tasks. A concise guide written in an easy-to-follow format following the Starter guide approach.
Who this book is for
This book is for people who have not used Spring Security before and want to learn how to use it effectively in a short amount of time. It is assumed that readers know both Java and HTTP protocol at the level of basic web programming. The reader should also be familiar with Inversion-of-Control/Dependency Injection, preferably with the Spring framework itself.