Web Development
Reader small image

You're reading from  Full Stack Development with Spring Boot 3 and React - Fourth Edition

Product typeBook
Published inOct 2023
PublisherPackt
ISBN-139781805122463
Edition4th Edition
Concepts
Full Stack Web Development
Right arrow
Author (1)
Juha Hinkula
Juha Hinkula
author image
Juha Hinkula

Juha Hinkula is a software development lecturer at Haaga-Helia University of Applied Sciences in Finland. He received an MSc degree in Computer Science from the University of Helsinki and he has over 17 years of industry experience in software development. Over the past few years, he has focused on modern full stack development. He is also a passionate mobile developer with Android-native technology, and also uses React Native.
Read more about Juha Hinkula

Right arrow

Securing Your Backend

This chapter explains how to secure your Spring Boot backend. Securing your backend is a crucial part of code development. It is essential for protecting sensitive data, complying with regulations, and preventing unauthorized access. The backend often handles the user authentication and authorization process. Securing these aspects properly ensures that only authorized users can access the application and perform specific actions. We will use the database application that we created in the previous chapter as a starting point.

In this chapter, we will cover the following topics:

  • Understanding Spring Security
  • Securing your backend with a JSON Web Token
  • Role-based security
  • Using OAuth2 with Spring Boot

Technical requirements

The Spring Boot application that we created in the previous chapters is required.

The following GitHub link will also be required: https://github.com/PacktPublishing/Full-Stack-Development-with-Spring-Boot-3-and-React-Fourth-Edition/tree/main/Chapter05.

Understanding Spring Security

Spring Security (https://spring.io/projects/spring-security) provides security services for Java-based web applications. The Spring Security project was started in 2003 and was previously named Acegi Security System for Spring.

By default, Spring Security enables the following features:

  • An AuthenticationManager bean with an in-memory single user. The username is user and the password is printed to the console output.
  • Ignored paths for common static resource locations, such as /css and /images. HTTP basic authentication for all other endpoints.
  • Security events published to Spring’s ApplicationEventPublisher interface.
  • Common low-level features turned on by default, including HTTP Strict Transport Security (HSTS), cross-site scripting (XSS), and cross-site request forgery (CSRF).
  • A default autogenerated login page.

You can include Spring Security in your application by adding the following highlighted...

Securing your backend with a JSON Web Token

In the previous section, we covered how to use basic authentication with a RESTful web service. Basic authentication doesn’t provide a way to handle tokens or manage sessions. When a user logs in, the credentials are sent with each request, which can cause session management challenges and potential security risks. This method is not usable when we develop our own frontend with React, so we are going to use JSON Web Token (JWT) authentication instead (https://jwt.io/). This will also give you an idea of how you can configure Spring Security in more detail.

The other option for securing your RESTful web service is OAuth 2. OAuth2 (https://oauth.net/2/) is the industry standard for authorization and it can be used quite easily in Spring Boot applications. There is a section later on in the chapter that will give you a basic idea about how to use it in your applications.

JWTs are commonly used in RESTful APIs for...

Before you begin: Join our book community on Discord

Give your feedback straight to the author himself and chat to other early readers on our Discord server (find the "full-stack-dev-spring-boot-3-react-4e" channel under EARLY ACCESS SUBSCRIPTION).

https://packt.link/EarlyAccess

Qr code Description automatically generated

This chapter explains how to secure your Spring Boot backend. Securing your backend is a crucial part of code development. Securing your backend is essential to protect sensitive data, comply with regulations and prevent unauthorized access. The backend often handles user authentication and authorization process. Securing these aspects properly ensures that only authorized users can access the application and perform specific actions. We will use the database application that we created in the previous chapter as a starting point.In this chapter, we will cover the following topics:

  • Understanding Spring Security
  • Securing your backend with a JSON Web Token (JWT)

Technical requirements

The Spring Boot application that we created in the previous chapters is required.The following GitHub link will also be required: https://github.com/PacktPublishing/Full-Stack-Development-with-Spring-Boot-3-and-React-Fourth-Edition/tree/main/Chapter05

Understanding Spring Security

Spring Security (https://spring.io/projects/spring-security) provides security services for Java-based web applications. The Spring Security project was started in 2003 and was previously named Acegi Security System for Spring.By default, Spring Security enables the following features:

  • An AuthenticationManager bean with an in-memory single user. The username is user, and the password is printed to the console output.
  • Ignored paths for common static resource locations, such as /css and /images. HTTP basic security for all other endpoints.
  • Security events published to Spring's ApplicationEventPublisher interface.
  • Common low-level features are on by default HTTP Strict Transport Security (HSTS), cross-site scripting (XSS), cross-site request forgery (CSRF), and so forth).
  • Default autogenerated login page.

You can include Spring Security in your application by adding the following dependencies to the build.gradle file. The first dependency is for the application...

Securing your backend using a JWT

In the previous section, we covered how to use basic authentication with a RESTful web service. This method cannot be used when we develop our own frontend with React, so we are going to use JWT authentication instead (https://jwt.io/). A JWT is commonly used in RESTful APIs for authentication and authorization purposes. A JWT is a compact way to implement authentication in modern web applications. A JWT is really small in size and can therefore be sent in the URL, in the POST parameter, or inside the header. It also contains all the necessary information about the user such as username and role.A JWT contains three different parts, separated by dots: xxxxx.yyyyy.zzzzz. These parts are broken up as follows:

  • The first part (xxxxx) is the header that defines the type of token and the hashing algorithm.
  • The second part (yyyyy) is the payload that, typically, in the case of authentication, contains user information.
  • The third part (zzzzz) is the signature...

Summary

In this chapter, we focused was on making our Spring Boot backend more secure. We started by adding extra protection using Spring Security. As we get ready to create the frontend using React in the next chapters, we decided to use a method called JWT authentication. JWT is commonly used to secure RESTful APIs and it is a lightweight authentication method suitable for our needs.In the next chapter, we will learn the basics of testing in Spring Boot application.

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 7 of 23
Next Chapter
You have been reading a chapter from
Full Stack Development with Spring Boot 3 and React - Fourth Edition
Published in: Oct 2023Publisher: PacktISBN-13: 9781805122463
© 2023 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at €14.99/month. Cancel anytime

Author (1)

author image
Juha Hinkula

Juha Hinkula is a software development lecturer at Haaga-Helia University of Applied Sciences in Finland. He received an MSc degree in Computer Science from the University of Helsinki and he has over 17 years of industry experience in software development. Over the past few years, he has focused on modern full stack development. He is also a passionate mobile developer with Android-native technology, and also uses React Native.
Read more about Juha Hinkula

Personalised recommendations for you

Based on your interests and search pattern

Modernizing Drupal 10 Theme Development

Modernizing Drupal 10 Theme Development

Modernizing Drupal 10 Theme Development covers everything a frontend developer or a Drupal developer needs to know about the Drupal 10 theme layer. Using real-world examples, this book will help you to build up from an empty theme to a fast, responsive, maintainable, and accessible Drupal website in both monolithic and decoupled ways.

BookAug 2023360 pages4
Full Stack Development with Spring Boot 3 and React

Full Stack Development with Spring Boot 3 and React

Full Stack Development with Spring Boot 3 and React contains a wealth of practical guidance for picking up full stack development. The step-by-step exploration of everything from dependency injection, ORM with Hibernate, and JWTs to RESTful APIs, UI styling, and TypeScript will help you to develop the Spring Boot and React skills you need.

BookOct 2023454 pages5
Modern API Development with Spring 6 and Spring Boot 3

Modern API Development with Spring 6 and Spring Boot 3

This practical guide teaches inexperienced Java programmers and web developers how to design, develop, test, and deploy highly scalable and maintainable APIs using REST, gRPC, GraphQL, and reactive programming paradigms with Java and Spring Boot. Complete with real-world examples, it will guide you to build enterprise-level APIs and services.

BookSep 2023494 pages1
Hands-On Web Scraping with Python

Hands-On Web Scraping with Python

This book guides you to discover and extract quality data from the web using Python libraries such as requests, lxml, pyquery, scrapy, and to use effective scraping techniques. It’ll help you master the fundamentals and advanced concepts of web scraping and apply your skills to real-world data extraction tasks, with analysis and visualization.

BookOct 2023324 pages
Mastering Blazor WebAssembly

Mastering Blazor WebAssembly

Mastering Blazor WebAssembly is a comprehensive, practical guide that’ll help you to develop advanced web applications. By combining real-world experience with the thorough knowledge needed to build Blazor apps in a masterful fashion, this book enables you to efficiently manage cross-platform mobile development with .NET MAUI and Blazor.

BookAug 2023370 pages4
Mastering Blazor WebAssembly

Mastering Blazor WebAssembly

Mastering Blazor WebAssembly is a comprehensive, practical guide that’ll help you to develop advanced web applications. By combining real-world experience with the thorough knowledge needed to build Blazor apps in a masterful fashion, this book enables you to efficiently manage cross-platform mobile development with .NET MAUI and Blazor.

BookAug 2023370 pages3
Full Stack Web Development with Remix

Full Stack Web Development with Remix

Unlock the power of the web platform and cutting-edge technologies for your React applications using Remix to take advantage of the full stack to create a great user experience. This book is a complete resource covering the conventions, levers, and primitives of Remix and illustrates concepts through a real-world project.

BookNov 2023318 pages
Real-World Svelte

Real-World Svelte

This book is a must-have guide to unlocking Svelte's true potential. You’ll learn about advanced component development, efficient coding, and powerful UI patterns using actions. With a focus on state management, custom stores, and renderless components, this book equips you to build exceptional web apps with lightning-fast performance.

BookDec 2023282 pages3
Building Micro Frontends with React 18

Building Micro Frontends with React 18

This book is a step-by-step guide to building production-grade, highly scalable, and performant web apps using multi-SPA and micro apps patterns, where you’ll learn to deal with complexities related to micro frontends. The book is a full life cycle guide to building, deploying, and managing micro frontends in a cloud-native environment.

BookOct 2023218 pages
Drupal 10 Masterclass

Drupal 10 Masterclass

This all-in-one guide helps you get up and running with building Drupal applications using the latest Drupal 10 features. You’ll develop a complete practical understanding of Drupal frontend, backend, architecture, content management, themes, and modules to deliver a rich user experience by creating custom Drupal apps.

BookDec 2023310 pages
Full-Stack Flask and React

Full-Stack Flask and React

This book teaches you how to build simple yet efficient production-ready web applications. Starting with an introduction to React, this book will equip you with deeper knowledge of Flask and React technology stacks to undertake web application development with confidence.

BookOct 2023408 pages5
Full-Stack Flask and React

Full-Stack Flask and React

This book teaches you how to build simple yet efficient production-ready web applications. Starting with an introduction to React, this book will equip you with deeper knowledge of Flask and React technology stacks to undertake web application development with confidence.

BookOct 2023408 pages2