Hands-On Spring Security 5 for Reactive Applications

By : John

3 (2)

Buy this Book

Hands-On Spring Security 5 for Reactive Applications

3 (2)

By: John

Buy this Book

Overview of this book

Spring Security enables developers to seamlessly integrate authorization, authentication, and a range of security features for complex enterprise applications. This book provides a hands-on approach to developing reactive applications using Spring and will help you get up and running in no time. Complete with step-by-step explanations, practical examples, and self-assessment questions, the book begins by explaining the essential concepts of reactive programming, Spring Framework, and Spring Security. You’ll then learn about a variety of authentication mechanisms and how to integrate them easily with a Spring MVC application. You’ll also understand how to achieve authorization in a Spring WebFlux application using Spring Security. Furthermore, the book will take you through the configuration required to implement OAuth2 for securing REST APIs, and guide you in integrating security in microservices and serverless applications. Finally, you’ll be able to augment add-ons that will enhance any Spring Security module. By the end of the book, you’ll be equipped to integrate Spring Security into your Java enterprise applications proficiently.

Preface

Who this book is for

What this book covers

To get the most out of this book

Get in touch

Free Chapter

Overview of Spring 5 and Spring Security 5

How examples are structured

New-generation application requirements

Reactive programming

Reactive applications

Spring Framework

Reactive Landscape in Java

Spring Framework and reactive applications

Application security

Spring Security

Spring Security's core features

Spring Security 5's new features

Working of Spring Security

Core Spring Security modules

Summary

Deep Diving into Spring Security

Authentication

Sample application

Authorization

Other Spring Security capabilities

Summary

Authentication Using SAML, LDAP, and OAuth/OIDC

Security Assertion Markup Language

Lightweight Directory Access Protocol

OAuth2 and OpenID Connect

Summary

Authentication Using CAS and JAAS

CAS

Java Authentication and Authorization Service

Kerberos

Custom AuthenticationEntryPoint

PasswordEncoder

Custom filters

Summary

Integrating with Spring WebFlux

Spring MVC versus WebFlux

Reactive support in Spring 5

Spring WebFlux

Spring WebFlux authentication architecture

Spring WebFlux authorization

Sample project

Customization

Summary

REST API Security

Important concepts

Modern application architecture

Reactive REST API

Simple REST API security

Advanced REST API security

Spring Security OAuth project

OAuth2 and Spring WebFlux

Spring Boot and OAuth2

Sample project

Summary

Spring Security Add-Ons

Remember-me authentication

Session management

CSRF

CSP

Channel security

CORS Support

The Crypto module

Secret management

HTTP Data Integrity Validator

Custom DSL

Summary

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

3 (2)

5 star

50%

4 star

3 star

2 star

1 star

50%

Java Authentication and Authorization Service

Java Authentication and Authorization Service (JAAS) (https://docs.oracle.com/javase/6/docs/technotes/guides/security/jaas/JAASRefGuide.html) implements a Java version of the standard Pluggable Authentication Module (PAM) framework. It was introduced as an optional package (extension) to the J2SDK (1.3) and then was integrated into the J2SDK 1.4.

JAAS is a standard library which provides your application with the following:

A representation of identity (principal) by providing credentials (username/password – subject).
A login service that will call back your application to gather credentials from user and then returns a subject after successful authentication.
A mechanism to grant necessary grants (authorization) to a user after successful authentication: