Spring Security - Third Edition

Learn how to secure your Java applications from hackers using Spring Security 4.2
Preview in Mapt

Spring Security - Third Edition

Mick Knutson, Robert Winch, Peter Mularien

Learn how to secure your Java applications from hackers using Spring Security 4.2
Mapt Subscription
FREE
$29.99/m after trial
eBook
$28.00
RRP $39.99
Save 29%
Print + eBook
$49.99
RRP $49.99
What do I get with a Mapt Pro subscription?
  • Unlimited access to all Packt’s 5,000+ eBooks and Videos
  • Early Access content, Progress Tracking, and Assessments
  • 1 Free eBook or Video to download and keep every month after trial
What do I get with an eBook?
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with Print & eBook?
  • Get a paperback copy of the book delivered to you
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with a Video?
  • Download this Video course in MP4 format
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
$0.00
$28.00
$49.99
$29.99 p/m after trial
RRP $39.99
RRP $49.99
Subscription
eBook
Print + eBook
Start 14 Day Trial

Frequently bought together


Spring Security - Third Edition Book Cover
Spring Security - Third Edition
$ 39.99
$ 28.00
Spring 5 Design Patterns Book Cover
Spring 5 Design Patterns
$ 35.99
$ 25.20
Buy 2 for $35.00
Save $40.98
Add to Cart

Book Details

ISBN 139781787129511
Paperback542 pages

Book Description

Knowing that experienced hackers are itching to test your skills makes security one of the most difficult and high-pressured concerns of creating an application. The complexity of properly securing an application is compounded when you must also integrate this factor with existing code, new technologies, and other frameworks. Use this book to easily secure your Java application with the tried and trusted Spring Security framework, a powerful and highly customizable authentication and access-control framework.

The book starts by integrating a variety of authentication mechanisms. It then demonstrates how to properly restrict access to your application. It also covers tips on integrating with some of the more popular web frameworks. An example of how Spring Security defends against session fixation, moves into concurrency control, and how you can utilize session management for administrative functions is also included.

It concludes with advanced security scenarios for RESTful webservices and microservices, detailing the issues surrounding stateless authentication, and demonstrates a concise, step-by-step approach to solving those issues. And, by the end of the book, readers can rest assured that integrating version 4.2 of Spring Security will be a seamless endeavor from start to finish.

Table of Contents

Chapter 1: Anatomy of an Unsafe Application
Security audit
Application technology
Authentication
Authorization
Summary
Chapter 2: Getting Started with Spring Security
Hello Spring Security
A little bit of polish
Summary
Chapter 3: Custom Authentication
JBCP calendar architecture
Logging in new users using SecurityContextHolder
Creating a custom UserDetailsService object
Creating a custom AuthenticationProvider object
Which authentication method to use?
Summary
Chapter 4: JDBC-Based Authentication
Required dependencies
Using the H2 database
The default user schema of Spring Security
The UserDetailsManager interface
Support for a custom schema
Configuring secure passwords
The PasswordEncoder method
Using salt in Spring Security
Trying out the salted passwords
Summary
Chapter 5: Authentication with Spring Data
Spring Data JPA
Refactoring from SQL to ORM
Application services
The UserDetailsService object
Document database implementation with MongoDB
Summary
Chapter 6: LDAP Directory Services
Understanding LDAP
Understanding how Spring LDAP authentication works
Determining roles with Apache Directory Studio
Configuring the UserDetailsContextMapper object
Updating AccountController to use LdapUserDetailsService
Explicit LDAP bean configuration
Integrating with Microsoft Active Directory via LDAP
Summary
Chapter 7: Remember-Me Services
What is remember-me?
MD5
Is remember-me secure?
Configuring the persistent-based remember-me feature
The remember-me architecture
Custom cookie and HTTP parameter names
Summary
Chapter 8: Client Certificate Authentication with TLS
How does client certificate authentication work?
Configuring client certificate authentication using Spring beans
Summary
Chapter 9: Opening up to OAuth 2
The promising world of OAuth 2
Configuring OAuth 2 support in Spring Security
Executing the OAuth 2 provider connection workflow
Additional OAuth 2 providers
Is OAuth 2 secure?
Chapter 10: Single Sign-On with the Central Authentication Service
Introducing the Central Authentication Service
High-level CAS authentication flow
Spring Security and CAS
Configuring basic CAS integration
Single logout
Clustered environments
Using proxy tickets
Customizing the CAS server
Getting the UserDetails object from a CAS assertion
Additional CAS capabilities
Summary
Chapter 11: Fine-Grained Access Control
Gradle dependencies
Conditional rendering with the Thymeleaf Spring Security tag library
Interface-based proxies
JSR-250 compliant standardized rules
Summary
Chapter 12: Access Control Lists
The conceptual module of ACL
Access control lists in Spring Security
Basic configuration of Spring Security ACL support
Summary
Chapter 13: Custom Authorization
Authorizing the requests
Dynamically defining access control to URLs
Creating a custom expression
Summary
Chapter 14: Session Management
Configuring session fixation protection
Restricting the number of concurrent sessions per user
Configuring expired session redirect
Common problems with concurrency control
Other benefits of concurrent session control
Displaying active sessions for a user
Summary
Chapter 15: Additional Spring Security Features
Security vulnerabilities
Cross-Site Scripting 
Cross-Site Request Forgery
Security HTTP response headers
Summary
Chapter 16: Migration to Spring Security 4.2
Introduction
Sample migration
Deprecations
Summary
Chapter 17: Microservice Security with OAuth 2 and JSON Web Tokens
What are microservices?
Service-oriented architectures
Microservice security
The OAuth 2 specification
JSON Web Tokens 
OAuth 2 support in Spring Security
Microservices client
Summary
Chapter 18: Additional Reference Material
Getting started with the JBCP calendar sample code

What You Will Learn

  • Understand common security vulnerabilities and how to resolve them
  • Learn to perform initial penetration testing to uncover common security vulnerabilities
  • Implement authentication and authorization
  • Learn to utilize existing corporate infrastructure such as LDAP, Active Directory, Kerberos, CAS, OpenID, and OAuth
  • Integrate with popular frameworks such as Spring, Spring-Boot, Spring-Data, JSF, Vaaden, jQuery, and AngularJS.
  • Gain deep understanding of the security challenges with RESTful webservices and microservice architectures
  • Integrate Spring with other security infrastructure components like LDAP, Apache Directory server and SAML

Authors

Table of Contents

Chapter 1: Anatomy of an Unsafe Application
Security audit
Application technology
Authentication
Authorization
Summary
Chapter 2: Getting Started with Spring Security
Hello Spring Security
A little bit of polish
Summary
Chapter 3: Custom Authentication
JBCP calendar architecture
Logging in new users using SecurityContextHolder
Creating a custom UserDetailsService object
Creating a custom AuthenticationProvider object
Which authentication method to use?
Summary
Chapter 4: JDBC-Based Authentication
Required dependencies
Using the H2 database
The default user schema of Spring Security
The UserDetailsManager interface
Support for a custom schema
Configuring secure passwords
The PasswordEncoder method
Using salt in Spring Security
Trying out the salted passwords
Summary
Chapter 5: Authentication with Spring Data
Spring Data JPA
Refactoring from SQL to ORM
Application services
The UserDetailsService object
Document database implementation with MongoDB
Summary
Chapter 6: LDAP Directory Services
Understanding LDAP
Understanding how Spring LDAP authentication works
Determining roles with Apache Directory Studio
Configuring the UserDetailsContextMapper object
Updating AccountController to use LdapUserDetailsService
Explicit LDAP bean configuration
Integrating with Microsoft Active Directory via LDAP
Summary
Chapter 7: Remember-Me Services
What is remember-me?
MD5
Is remember-me secure?
Configuring the persistent-based remember-me feature
The remember-me architecture
Custom cookie and HTTP parameter names
Summary
Chapter 8: Client Certificate Authentication with TLS
How does client certificate authentication work?
Configuring client certificate authentication using Spring beans
Summary
Chapter 9: Opening up to OAuth 2
The promising world of OAuth 2
Configuring OAuth 2 support in Spring Security
Executing the OAuth 2 provider connection workflow
Additional OAuth 2 providers
Is OAuth 2 secure?
Chapter 10: Single Sign-On with the Central Authentication Service
Introducing the Central Authentication Service
High-level CAS authentication flow
Spring Security and CAS
Configuring basic CAS integration
Single logout
Clustered environments
Using proxy tickets
Customizing the CAS server
Getting the UserDetails object from a CAS assertion
Additional CAS capabilities
Summary
Chapter 11: Fine-Grained Access Control
Gradle dependencies
Conditional rendering with the Thymeleaf Spring Security tag library
Interface-based proxies
JSR-250 compliant standardized rules
Summary
Chapter 12: Access Control Lists
The conceptual module of ACL
Access control lists in Spring Security
Basic configuration of Spring Security ACL support
Summary
Chapter 13: Custom Authorization
Authorizing the requests
Dynamically defining access control to URLs
Creating a custom expression
Summary
Chapter 14: Session Management
Configuring session fixation protection
Restricting the number of concurrent sessions per user
Configuring expired session redirect
Common problems with concurrency control
Other benefits of concurrent session control
Displaying active sessions for a user
Summary
Chapter 15: Additional Spring Security Features
Security vulnerabilities
Cross-Site Scripting 
Cross-Site Request Forgery
Security HTTP response headers
Summary
Chapter 16: Migration to Spring Security 4.2
Introduction
Sample migration
Deprecations
Summary
Chapter 17: Microservice Security with OAuth 2 and JSON Web Tokens
What are microservices?
Service-oriented architectures
Microservice security
The OAuth 2 specification
JSON Web Tokens 
OAuth 2 support in Spring Security
Microservices client
Summary
Chapter 18: Additional Reference Material
Getting started with the JBCP calendar sample code

Book Details

ISBN 139781787129511
Paperback542 pages
Read More

Read More Reviews

Recommended for You

Spring 5 Design Patterns Book Cover
Spring 5 Design Patterns
$ 35.99
$ 25.20
Building Web Apps with Spring 5 and Angular 4 Book Cover
Building Web Apps with Spring 5 and Angular 4
$ 39.99
$ 28.00
Reactive Programming in Spring 5.0 Book Cover
Reactive Programming in Spring 5.0
$ 39.99
$ 28.00
Spring Boot Cookbook - Second Edition Book Cover
Spring Boot Cookbook - Second Edition
$ 35.99
$ 25.20
Learning Pentaho Data Integration 8 CE - Third Edition Book Cover
Learning Pentaho Data Integration 8 CE - Third Edition
$ 39.99
$ 28.00
C# 7.1 and .NET Core 2.0 – Modern Cross-Platform Development - Third Edition Book Cover
C# 7.1 and .NET Core 2.0 – Modern Cross-Platform Development - Third Edition
$ 31.99
$ 22.40