Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Spring Security
  • Table Of Contents Toc
  • Feedback & Rating feedback
Spring Security

Spring Security

By : Mick Knutson, Robert Winch, Mularien
4.5 (4)
Buy this Book
close
close
Spring Security

Spring Security

4.5 (4)
By: Mick Knutson, Robert Winch, Mularien
Buy this Book

Overview of this book

Knowing that experienced hackers are itching to test your skills makes security one of the most difficult and high-pressured concerns of creating an application. The complexity of properly securing an application is compounded when you must also integrate this factor with existing code, new technologies, and other frameworks. Use this book to easily secure your Java application with the tried and trusted Spring Security framework, a powerful and highly customizable authentication and access-control framework. The book starts by integrating a variety of authentication mechanisms. It then demonstrates how to properly restrict access to your application. It also covers tips on integrating with some of the more popular web frameworks. An example of how Spring Security defends against session fixation, moves into concurrency control, and how you can utilize session management for administrative functions is also included. It concludes with advanced security scenarios for RESTful webservices and microservices, detailing the issues surrounding stateless authentication, and demonstrates a concise, step-by-step approach to solving those issues. And, by the end of the book, readers can rest assured that integrating version 4.2 of Spring Security will be a seamless endeavor from start to finish.
Table of Contents (19 chapters)
close
close
close
Preface
Icon
Preface
Icon
What this book covers
Icon
What you need for this book
Icon
Who this book is for
Icon
Conventions
Icon
Reader feedback
Icon
Customer support
Free Chapter
1
Anatomy of an Unsafe Application
Icon
Anatomy of an Unsafe Application
Icon
Security audit
Icon
Application technology
Icon
Authentication
Icon
Authorization
Icon
Summary
2
Getting Started with Spring Security
Icon
Getting Started with Spring Security
Icon
Hello Spring Security
Icon
A little bit of polish
Icon
Summary
3
Custom Authentication
Icon
Custom Authentication
Icon
JBCP calendar architecture
Icon
Logging in new users using SecurityContextHolder
Icon
Creating a custom UserDetailsService object
Icon
Creating a custom AuthenticationProvider object
Icon
Which authentication method to use?
Icon
Summary
4
JDBC-Based Authentication
Icon
JDBC-Based Authentication
Icon
Required dependencies
Icon
Using the H2 database
Icon
The default user schema of Spring Security
Icon
The UserDetailsManager interface
Icon
Support for a custom schema
Icon
Configuring secure passwords
Icon
The PasswordEncoder method
Icon
Using salt in Spring Security
Icon
Trying out the salted passwords
Icon
Summary
5
Authentication with Spring Data
Icon
Authentication with Spring Data
Icon
Spring Data JPA
Icon
Refactoring from SQL to ORM
Icon
Application services
Icon
The UserDetailsService object
Icon
Document database implementation with MongoDB
Icon
Summary
6
LDAP Directory Services
Icon
LDAP Directory Services
Icon
Understanding LDAP
Icon
Understanding how Spring LDAP authentication works
Icon
Determining roles with Apache Directory Studio
Icon
Configuring the UserDetailsContextMapper object
Icon
Updating AccountController to use LdapUserDetailsService
Icon
Explicit LDAP bean configuration
Icon
Integrating with Microsoft Active Directory via LDAP
Icon
Summary
7
Remember-Me Services
Icon
Remember-Me Services
Icon
What is remember-me?
Icon
MD5
Icon
Is remember-me secure?
Icon
Configuring the persistent-based remember-me feature
Icon
The remember-me architecture
Icon
Custom cookie and HTTP parameter names
Icon
Summary
8
Client Certificate Authentication with TLS
Icon
Client Certificate Authentication with TLS
Icon
How does client certificate authentication work?
Icon
Configuring client certificate authentication using Spring beans
Icon
Summary
9
Opening up to OAuth 2
Icon
Opening up to OAuth 2
Icon
The promising world of OAuth 2
Icon
Configuring OAuth 2 support in Spring Security
Icon
Executing the OAuth 2 provider connection workflow
Icon
Additional OAuth 2 providers
Icon
Is OAuth 2 secure?
10
Single Sign-On with the Central Authentication Service
chevron up
Icon
Single Sign-On with the Central Authentication Service
Icon
Introducing the Central Authentication Service
Icon
High-level CAS authentication flow
Icon
Spring Security and CAS
Icon
Configuring basic CAS integration
Icon
Single logout
Icon
Clustered environments
Icon
Using proxy tickets
Icon
Customizing the CAS server
Icon
Getting the UserDetails object from a CAS assertion
Icon
Additional CAS capabilities
Icon
Summary
11
Fine-Grained Access Control
Icon
Fine-Grained Access Control
Icon
Gradle dependencies
Icon
Conditional rendering with the Thymeleaf Spring Security tag library
Icon
Interface-based proxies
Icon
JSR-250 compliant standardized rules
Icon
Summary
12
Access Control Lists
Icon
Access Control Lists
Icon
The conceptual module of ACL
Icon
Access control lists in Spring Security
Icon
Basic configuration of Spring Security ACL support
Icon
Summary
13
Custom Authorization
Icon
Custom Authorization
Icon
Authorizing the requests
Icon
Dynamically defining access control to URLs
Icon
Creating a custom expression
Icon
Summary
14
Session Management
Icon
Session Management
Icon
Configuring session fixation protection
Icon
Restricting the number of concurrent sessions per user
Icon
Configuring expired session redirect
Icon
Common problems with concurrency control
Icon
Other benefits of concurrent session control
Icon
Displaying active sessions for a user
Icon
Summary
15
Additional Spring Security Features
Icon
Additional Spring Security Features
Icon
Security vulnerabilities
Icon
Cross-Site Scripting
Icon
Cross-Site Request Forgery
Icon
Security HTTP response headers
Icon
Summary
16
Migration to Spring Security 4.2
Icon
Migration to Spring Security 4.2
Icon
Introduction
Icon
Sample migration
Icon
Deprecations
Icon
Summary
17
Microservice Security with OAuth 2 and JSON Web Tokens
Icon
Microservice Security with OAuth 2 and JSON Web Tokens
Icon
What are microservices?
Icon
Service-oriented architectures
Icon
Microservice security
Icon
The OAuth 2 specification
Icon
JSON Web Tokens
Icon
OAuth 2 support in Spring Security
Icon
Microservices client
Icon
Summary
18
Additional Reference Material
Icon
Additional Reference Material
Icon
Getting started with the JBCP calendar sample code

Additional CAS capabilities

CAS offers additional advanced configuration capabilities outside of those that are exposed through the Spring Security CAS wrappers. Some of these include the following capabilities:

  • Providing transparent single sign-on for users who are accessing multiple CAS-secured applications within a configurable time window on the CAS server. Applications can force users to authenticate to CAS by setting the renew property to true on TicketValidator; you may want to conditionally set this property in custom code in the event where the user is attempting to access a highly secured area of the application.
  • The RESTful API for obtaining service tickets.
  • JA-SIG's CAS server can also act as an OAuth2 server. If you think about it, this makes sense, since CAS is very similar to OAuth2.
  • Providing OAuth support for the CAS server so that it can obtain access tokens...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
End of Section 11
Next Section

Create a Note

Modal Close icon
You need to login to use this feature.
notes
bookmark search playlist download
font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Delete Note

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Edit Note

Modal Close icon
Write a note (max 255 characters)
Cancel
Update Note

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY