Sign In Start Free Trial
Account

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Spring Security
  • Table Of Contents Toc
  • Feedback & Rating feedback
Spring Security

Spring Security

By : Badr Nasslahsen
5 (4)
close
close
Spring Security

Spring Security

5 (4)
By: Badr Nasslahsen

Overview of this book

With experienced hackers constantly targeting apps, properly securing them becomes challenging when you integrate this factor with legacy code, new technologies, and other frameworks. Written by a Lead Cloud and Security Architect as well as CISSP, this book helps you easily secure your Java apps with Spring Security, a trusted and highly customizable authentication and access control framework. The book shows you how to implement different authentication mechanisms and properly restrict access to your app. You’ll learn to integrate Spring Security with popular web frameworks like Thymeleaf and Microservice and Cloud services like Zookeeper and Eureka, along with architecting solutions that leverage its full power while staying loosely coupled. You’ll also see how Spring Security defends against session fixation, moves into concurrency control, and how you can use session management for administrative functions. This fourth edition aligns with Java 17/21 and Spring Security 6, covering advanced security scenarios for RESTful web services and microservices. This ensures you fully understand the issues surrounding stateless authentication and discover a concise approach to solving those issues. By the end of this book, you’ll be able to integrate Spring Security 6 with GraalVM native images seamlessly, from start to finish.
Table of Contents (28 chapters)
close
close
Free Chapter
1
Part 1: Fundamentals of Application Security
5
Part 2: Authentication Techniques
11
Part 3: Exploring OAuth 2 and SAML 2
14
Part 4: Enhancing Authorization Mechanisms
18
Part 5: Advanced Security Features and Deployment Optimization

Common problems with concurrency control

There are a few common reasons that logging in with the same user does not trigger a logout event. The first occurs when using the custom UserDetails (as we did in Chapter 3, Custom Authentication) while the equals and hashCode methods are not properly implemented. This occurs because the default SessionRegistry implementation uses an in-memory map to store UserDetails. In order to resolve this, you must ensure that you have properly implemented the hashCode and equals methods.

The second problem occurs when restarting the application container while the user sessions are persisted to a disk. When the container has started back up, the users who were already logged in with a valid session are logged in. However, the in-memory map of SessionRegistry that is used to determine if the user is already logged in will be empty. This means that Spring Security will report that the user is not logged in, even though the user is. To solve this problem...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
bookmark search playlist download font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected

Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Confirmation

Modal Close icon
claim successful

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY