Spring Security 3

Secure your web applications against malicious intruders with this easy to follow practical guide
Preview in Mapt

Spring Security 3

Peter Mularien

Secure your web applications against malicious intruders with this easy to follow practical guide
Mapt Subscription
FREE
$29.99/m after trial
eBook
$21.00
RRP $29.99
Save 29%
Print + eBook
$49.99
RRP $49.99
What do I get with a Mapt Pro subscription?
  • Unlimited access to all Packt’s 5,000+ eBooks and Videos
  • Early Access content, Progress Tracking, and Assessments
  • 1 Free eBook or Video to download and keep every month after trial
What do I get with an eBook?
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with Print & eBook?
  • Get a paperback copy of the book delivered to you
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with a Video?
  • Download this Video course in MP4 format
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
$0.00
$21.00
$49.99
$29.99p/m after trial
RRP $29.99
RRP $49.99
Subscription
eBook
Print + eBook
Start 30 Day Trial

Frequently bought together


Spring Security 3 Book Cover
Spring Security 3
$ 29.99
$ 21.00
Spring Security 3.x Cookbook Book Cover
Spring Security 3.x Cookbook
$ 29.99
$ 21.00
Buy 2 for $35.00
Save $24.98
Add to Cart
Subscribe and access every Packt eBook & Video.
 
  • 5,000+ eBooks & Videos
  • 50+ New titles a month
  • 1 Free eBook/Video to keep every month
Start Free Trial
 

Book Details

ISBN 139781847199744
Paperback396 pages

Book Description

Security is of critical importance to all web applications. Vulnerable applications are easy prey for hackers. This book is the perfect tool for Java developers looking to repel attacks against their web applications using the proven Spring Security library to achieve this.

A comprehensive guide to Spring Security 3. You will learn through real world business scenarios how to guard against the latest threats. You will also learn to combine Spring Security 3 with external security providers such as LDAP, OpenID, CAS, Kerberos, and Active Directory.

The book starts by giving an overview of security concepts and techniques, as well as setup and configuration. The book then gets you working with a JSP based web application that implements a simple e-commerce website. At this point you will progressively enhance the application giving you hands on experience implementing features of Spring Security 3 in real world business scenarios.

The second half of the book is devoted to common integration scenarios that you will come accross every day. At this stage you will be in a position to solve specific, complex integration problems. The book will end by showing migration from Spring Security 2 to 3.

Table of Contents

Chapter 1: Anatomy of an Unsafe Application
Security audit
About the sample application
Reviewing the audit results
Using Spring Security 3 to address security concerns
Summary
Chapter 2: Getting Started with Spring Security
Core security concepts
Securing our application in three easy steps
Security is complicated: The architecture of secured web requests
Summary
Chapter 3: Enhancing the User Experience
Customizing the login page
Understanding logout functionality
Remember me
Implementing password change management
Summary
Chapter 4: Securing Credential Storage
Database-backed authentication with Spring Security
Advanced configuration of JdbcDaoImpl
Configuring secure passwords
Moving remember me to the database
Securing your site with SSL
Summary
Chapter 5: Fine-Grained Access Control
Re-thinking application functionality and security
Methods of Fine-Grained authorization
Securing the business tier
Advanced method security
Summary
Chapter 6: Advanced Configuration and Extension
Writing a custom security filter
Writing a custom AuthenticationProvider
Session management and concurrency
Understanding and configuring exception handling
Configuring Spring Security infrastructure beans manually
Advanced Spring Security bean-based configuration
Authentication event handling
Building a custom implementation of an SpEL expression handler
Summary
Chapter 7: Access Control Lists
Using Access Control Lists for business object security
Basic configuration of Spring Security ACL support
Advanced ACL topics
Considerations for a typical ACL deployment
Summary
Chapter 8: Opening up to OpenID
The promising world of OpenID
Enabling OpenID authentication with Spring Security
The OpenID user registration problem
Attribute Exchange
Is OpenID secure?
Summary
Chapter 9: LDAP Directory Services
Understanding LDAP
Configuring basic LDAP integration
Understanding how Spring LDAP authentication works
Advanced LDAP configuration
Integrating with an external LDAP server
Explicit LDAP bean configuration
Summary
Chapter 10: Single Sign On with Central Authentication Service
Introducing Central Authentication Service
Configuring basic CAS integration
Advanced CAS configuration
Summary
Chapter 11: Client Certificate Authentication
How Client Certificate authentication works
Setting up a Client Certificate authentication infrastructure
Configuring Client Certificate authentication in Spring Security
Configuring Client Certificate authentication using Spring Beans
Considerations when implementing Client Certificate authentication
Summary
Chapter 12: Spring Security Extensions
Spring Security Extensions
A primer on Kerberos and SPNEGO authentication
Kerberos authentication in Spring Security
Configuring LDAP UserDetailsService with Kerberos
Using form login with Kerberos
Summary
Chapter 13: Migration to Spring Security 3
Migrating from Spring Security 2
Enhancements in Spring Security 3
Changes to configuration in Spring Security 3
Changes to packages and classes
Summary

What You Will Learn

  • Recognize design flaws that will make your applications unsafe.
  • Implement basic authorization and credential storage.
  • Move seamlessly from Spring Security 2 to Spring Security 3.
  • Provide Enterprise adaptability with LDAP, Active Directory, and NTLM.
  • Push the Boundaries of Spring Security 3 through Extension and Customization.
  • Integrate in-house applications and popular Java frameworks with Spring Security 3.
  • Plan the configuration of Spring Security 3 to accommodate the authentication and authorization requirements of your application.

Authors

Table of Contents

Chapter 1: Anatomy of an Unsafe Application
Security audit
About the sample application
Reviewing the audit results
Using Spring Security 3 to address security concerns
Summary
Chapter 2: Getting Started with Spring Security
Core security concepts
Securing our application in three easy steps
Security is complicated: The architecture of secured web requests
Summary
Chapter 3: Enhancing the User Experience
Customizing the login page
Understanding logout functionality
Remember me
Implementing password change management
Summary
Chapter 4: Securing Credential Storage
Database-backed authentication with Spring Security
Advanced configuration of JdbcDaoImpl
Configuring secure passwords
Moving remember me to the database
Securing your site with SSL
Summary
Chapter 5: Fine-Grained Access Control
Re-thinking application functionality and security
Methods of Fine-Grained authorization
Securing the business tier
Advanced method security
Summary
Chapter 6: Advanced Configuration and Extension
Writing a custom security filter
Writing a custom AuthenticationProvider
Session management and concurrency
Understanding and configuring exception handling
Configuring Spring Security infrastructure beans manually
Advanced Spring Security bean-based configuration
Authentication event handling
Building a custom implementation of an SpEL expression handler
Summary
Chapter 7: Access Control Lists
Using Access Control Lists for business object security
Basic configuration of Spring Security ACL support
Advanced ACL topics
Considerations for a typical ACL deployment
Summary
Chapter 8: Opening up to OpenID
The promising world of OpenID
Enabling OpenID authentication with Spring Security
The OpenID user registration problem
Attribute Exchange
Is OpenID secure?
Summary
Chapter 9: LDAP Directory Services
Understanding LDAP
Configuring basic LDAP integration
Understanding how Spring LDAP authentication works
Advanced LDAP configuration
Integrating with an external LDAP server
Explicit LDAP bean configuration
Summary
Chapter 10: Single Sign On with Central Authentication Service
Introducing Central Authentication Service
Configuring basic CAS integration
Advanced CAS configuration
Summary
Chapter 11: Client Certificate Authentication
How Client Certificate authentication works
Setting up a Client Certificate authentication infrastructure
Configuring Client Certificate authentication in Spring Security
Configuring Client Certificate authentication using Spring Beans
Considerations when implementing Client Certificate authentication
Summary
Chapter 12: Spring Security Extensions
Spring Security Extensions
A primer on Kerberos and SPNEGO authentication
Kerberos authentication in Spring Security
Configuring LDAP UserDetailsService with Kerberos
Using form login with Kerberos
Summary
Chapter 13: Migration to Spring Security 3
Migrating from Spring Security 2
Enhancements in Spring Security 3
Changes to configuration in Spring Security 3
Changes to packages and classes
Summary

Book Details

ISBN 139781847199744
Paperback396 pages
Read More

Read More Reviews

Recommended for You

Mastering Web Application Development with AngularJS Book Cover
Mastering Web Application Development with AngularJS
$ 26.99
$ 5.40
Responsive Web Design with HTML5 and CSS3 Book Cover
Responsive Web Design with HTML5 and CSS3
$ 23.99
$ 4.80
Learning jQuery, Third Edition Book Cover
Learning jQuery, Third Edition
$ 23.99
$ 16.80
Twitter Bootstrap Web Development How-To Book Cover
Twitter Bootstrap Web Development How-To
$ 12.99
$ 9.10
Git: Version Control for Everyone Book Cover
Git: Version Control for Everyone
$ 23.99
$ 16.80
jQuery UI 1.7: The User Interface Library for jQuery  Book Cover
jQuery UI 1.7: The User Interface Library for jQuery
$ 26.99
$ 18.90