Spring Security 3.x Cookbook

Secure your Java applications against online threats by learning the powerful mechanisms of Spring Security. Presented as a cookbook full of recipes, this book covers a wide range of vulnerabilities and scenarios.

Spring Security 3.x Cookbook

Cookbook
Anjana Mankale

Secure your Java applications against online threats by learning the powerful mechanisms of Spring Security. Presented as a cookbook full of recipes, this book covers a wide range of vulnerabilities and scenarios.
$29.99
$49.99
RRP $29.99
RRP $49.99
eBook
Print + eBook
$12.99 p/month

Want this title & more? Subscribe to PacktLib

Enjoy full and instant access to over 2000 books and videos – you’ll find everything you need to stay ahead of the curve and make sure you can always get the job done.
+ Collection
Free sample

Book Details

ISBN 139781782167525
Paperback300 pages

About This Book

  • Learn about all the mandatory security measures for modern day applications using Spring Security
  • Investigate different approaches to application level authentication and authorization
  • Master how to mount security on applications used by developers and organizations

Who This Book Is For

This book is for all Spring-based application developers as well as Java web developers who wish to implement robust security mechanisms into web application development using Spring Security.

Readers are assumed to have a working knowledge of Java web application development, a basic understanding of the Spring framework, and some knowledge of the fundamentals of the Spring Security framework architecture. Working knowledge of other web frameworks such as Grails and so on would be an added advantage to exploit the whole breadth of recipes provided in this book, but this is not mandatory.

Table of Contents

Chapter 1: Basic Security
Introduction
JAAS-based security authentication on JSPs
JAAS-based security authentication on servlet
Container-based basic authentication on servlet
Form-based authentication on servlet
Form-based authentication with open LDAP and servlet
Hashing/Digest authentication on servlet
Basic authentication for JAX-WS and JAX-RS
Enabling and disabling the file listing
Chapter 2: Spring Security with Struts 2
Introduction
Integrating Struts 2 with Spring Security
Struts 2 application with basic Spring Security
Using Struts 2 with digest/hashing-based Spring Security
Using Spring Security logout with Struts 2
Authenticating databases with Struts 2 and Spring Security
Getting the logged-in user info in Struts 2 with Spring Security
Displaying custom error messages in Struts 2 for authentication failure
Authenticating with ApacheDS with Spring Security and Struts 2 application
Chapter 3: Spring Security with JSF
Introduction
Integrating JSF with Spring Security
JSF with form-based Spring Security
JSF and form-based authentication using Spring Security to display logged-in user
Using JSF with digest/hashing-based Spring Security
Logging out with JSF using Spring Security
Authenticating database with Spring Security and JSF
ApacheDS authentication with JSF and Spring Security
Authentication error message with JSF and Spring Security
Chapter 4: Spring Security with Grails
Introduction
Spring Security authentication with Groovy Grails setup
Spring Security with Grails to secure Grails controller
Spring Security authentication with Groovy Grails logout scenario
Spring Security with Groovy Grails Basic authentication
Spring Security with Groovy Grails Digest authentication
Spring Security with Groovy Grails multiple authentication
Spring Security with Groovy Grails LDAP authentication
Chapter 5: Spring Security with GWT
Introduction
Spring Security with GWT authentication using Spring Security Beans
Form-based authentication with GWT and Spring Security
Basic authentication with GWT and Spring Security
Digest authentication with GWT and Spring Security
Database authentication with GWT and Spring Security
LDAP authentication with GWT and Spring Security
Chapter 6: Spring Security with Vaadin
Introduction
Spring Security with Vaadin – basic authentication
Spring Security with Vaadin – Spring form-based authentication
Spring Security with Vaadin – customized JSP form-based authentication
Spring Security with Vaadin – using Vaadin form
Chapter 7: Spring Security with Wicket
Introduction
Spring Security with Wicket – basic database authentication
Spring Security with Wicket – Spring form-based database authentication
Spring Security with Wicket – customized JSP form-based database authentication
Spring authentication with Wicket authorization
Multitenancy using Wicket and Spring Security
Chapter 8: Spring Security with ORM and NoSQL DB
Introduction
Spring Security with Hibernate using @preAuthorize annotation
Spring Security with Hibernate using authentication provider with @preAuthorize annotation
Spring Security with Hibernate using UserDetailsService with Derby database
Spring Security with MongoDB
Chapter 9: Spring Security with Spring Social
Introduction
Spring Security with Spring Social to access Facebook
Spring Security with Spring Social to access Twitter
Spring Security with multiple authentication providers
Spring Security with OAuth
Chapter 10: Spring Security with Spring Web Services
Introduction
Applying Spring Security on RESTful web services
Spring Security for Spring RESTful web service using the cURL tool
Integrating Spring Security with Apache CXF RESTful web service
Integrating Spring Security with Apache CXF SOAP based web service
Integrating Spring Security with Apache Camel
Chapter 11: More on Spring Security
Introduction
Spring Security with multiple authentication providers
Spring Security with multiple input authentications
Spring Security with Captcha integration
Spring Security with JAAS

What You Will Learn

  • Implement Form-based, HTTP Basic, Client, and Digest authentications
  • Bring in Groovy on Grails with Form-based Spring Security
  • Integrate Spring Security with Vaadin
  • Combine Spring Security with ORM and NoSQLDB
  • Use Spring Security in Spring-Social (Facebook and Twitter)
  • Learn about Spring Security for SOAP
  • Authenticate RESTful services with Spring Security

In Detail

Web applications are exposed to a variety of threats and vulnerabilities at the authentication, authorization, service, and domain object levels. Spring Security can help secure these applications against those threats.

Spring Security is a popular application security solution for Java applications. It is widely used to secure standalone web applications, portlets, and increasingly REST applications. It is a powerful and highly customizable authentication and access-control framework. It is the de-facto standard for securing Spring-based applications and it is currently used to secure numerous demanding environments including government agencies, military applications, and central banks.

"Spring Security 3.x Cookbook" is a repository of recipes to help you successfully secure web applications against threats and vulnerabilities at the authentication and session level layers using the Spring Security framework. We will not only explore Spring-based web applications, but also Java-based and Grails-based applications that can use Spring Security as their security framework. Apart from conventional web applications, we will also look at securing portlets, RESTful web service applications, and other non-web applications.

This book will also take you through how to integrate Spring Security with other popular web frameworks/technologies such as Vaadin, EJB, and GWT. In addition to testing and debugging the implemented security measures, this book will also delve into finer aspects of Spring Security implementation such as how it deals with concurrency, multitenancy, and customization, and we will even show you how to disable it.

This book gives you an overview of Spring Security and its implementation with various frameworks. It starts with container-based authentication before taking you on a tour of the main features of Spring Security. It demonstrates security concepts like BASIC, FORM, and DIGEST authentication and shows you how to integrate the Spring Security framework with various frameworks like JSF, struts2, Vaadin, and more.

The book also demonstrates how to utilize container managed security without JAAS. Then, we move on to setting up a struts2 application before showing you how to integrate Spring Security with other frameworks like JSF, Groovy, Wicket, GWT, and Vaadin respectively.

This book will serve as a highly practical guide and will give you confidence when it comes to applying security to your applications. It’s packed with simple examples which show off each concept of Spring Security and which help you learn how it can be integrated with various frameworks.

Authors

Table of Contents

Chapter 1: Basic Security
Introduction
JAAS-based security authentication on JSPs
JAAS-based security authentication on servlet
Container-based basic authentication on servlet
Form-based authentication on servlet
Form-based authentication with open LDAP and servlet
Hashing/Digest authentication on servlet
Basic authentication for JAX-WS and JAX-RS
Enabling and disabling the file listing
Chapter 2: Spring Security with Struts 2
Introduction
Integrating Struts 2 with Spring Security
Struts 2 application with basic Spring Security
Using Struts 2 with digest/hashing-based Spring Security
Using Spring Security logout with Struts 2
Authenticating databases with Struts 2 and Spring Security
Getting the logged-in user info in Struts 2 with Spring Security
Displaying custom error messages in Struts 2 for authentication failure
Authenticating with ApacheDS with Spring Security and Struts 2 application
Chapter 3: Spring Security with JSF
Introduction
Integrating JSF with Spring Security
JSF with form-based Spring Security
JSF and form-based authentication using Spring Security to display logged-in user
Using JSF with digest/hashing-based Spring Security
Logging out with JSF using Spring Security
Authenticating database with Spring Security and JSF
ApacheDS authentication with JSF and Spring Security
Authentication error message with JSF and Spring Security
Chapter 4: Spring Security with Grails
Introduction
Spring Security authentication with Groovy Grails setup
Spring Security with Grails to secure Grails controller
Spring Security authentication with Groovy Grails logout scenario
Spring Security with Groovy Grails Basic authentication
Spring Security with Groovy Grails Digest authentication
Spring Security with Groovy Grails multiple authentication
Spring Security with Groovy Grails LDAP authentication
Chapter 5: Spring Security with GWT
Introduction
Spring Security with GWT authentication using Spring Security Beans
Form-based authentication with GWT and Spring Security
Basic authentication with GWT and Spring Security
Digest authentication with GWT and Spring Security
Database authentication with GWT and Spring Security
LDAP authentication with GWT and Spring Security
Chapter 6: Spring Security with Vaadin
Introduction
Spring Security with Vaadin – basic authentication
Spring Security with Vaadin – Spring form-based authentication
Spring Security with Vaadin – customized JSP form-based authentication
Spring Security with Vaadin – using Vaadin form
Chapter 7: Spring Security with Wicket
Introduction
Spring Security with Wicket – basic database authentication
Spring Security with Wicket – Spring form-based database authentication
Spring Security with Wicket – customized JSP form-based database authentication
Spring authentication with Wicket authorization
Multitenancy using Wicket and Spring Security
Chapter 8: Spring Security with ORM and NoSQL DB
Introduction
Spring Security with Hibernate using @preAuthorize annotation
Spring Security with Hibernate using authentication provider with @preAuthorize annotation
Spring Security with Hibernate using UserDetailsService with Derby database
Spring Security with MongoDB
Chapter 9: Spring Security with Spring Social
Introduction
Spring Security with Spring Social to access Facebook
Spring Security with Spring Social to access Twitter
Spring Security with multiple authentication providers
Spring Security with OAuth
Chapter 10: Spring Security with Spring Web Services
Introduction
Applying Spring Security on RESTful web services
Spring Security for Spring RESTful web service using the cURL tool
Integrating Spring Security with Apache CXF RESTful web service
Integrating Spring Security with Apache CXF SOAP based web service
Integrating Spring Security with Apache Camel
Chapter 11: More on Spring Security
Introduction
Spring Security with multiple authentication providers
Spring Security with multiple input authentications
Spring Security with Captcha integration
Spring Security with JAAS

Book Details

ISBN 139781782167525
Paperback300 pages
Read More