Sign In Start Free Trial
Account

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Spring Security
  • Table Of Contents Toc
  • Feedback & Rating feedback
Spring Security

Spring Security

By : Badr Nasslahsen
5 (4)
close
close
Spring Security

Spring Security

5 (4)
By: Badr Nasslahsen

Overview of this book

With experienced hackers constantly targeting apps, properly securing them becomes challenging when you integrate this factor with legacy code, new technologies, and other frameworks. Written by a Lead Cloud and Security Architect as well as CISSP, this book helps you easily secure your Java apps with Spring Security, a trusted and highly customizable authentication and access control framework. The book shows you how to implement different authentication mechanisms and properly restrict access to your app. You’ll learn to integrate Spring Security with popular web frameworks like Thymeleaf and Microservice and Cloud services like Zookeeper and Eureka, along with architecting solutions that leverage its full power while staying loosely coupled. You’ll also see how Spring Security defends against session fixation, moves into concurrency control, and how you can use session management for administrative functions. This fourth edition aligns with Java 17/21 and Spring Security 6, covering advanced security scenarios for RESTful web services and microservices. This ensures you fully understand the issues surrounding stateless authentication and discover a concise approach to solving those issues. By the end of this book, you’ll be able to integrate Spring Security 6 with GraalVM native images seamlessly, from start to finish.
Table of Contents (28 chapters)
close
close
Free Chapter
1
Part 1: Fundamentals of Application Security
5
Part 2: Authentication Techniques
11
Part 3: Exploring OAuth 2 and SAML 2
14
Part 4: Enhancing Authorization Mechanisms
18
Part 5: Advanced Security Features and Deployment Optimization

Additional CAS capabilities

CAS offers additional advanced configuration capabilities outside of those that are exposed through the Spring Security CAS wrappers. Some of these include the following capabilities:

  • Providing transparent SSO for users who are accessing multiple CAS- secured applications within a configurable time window on the CAS server.
  • Applications can force users to authenticate to CAS by setting the renew property to true on TicketValidator; you may want to conditionally set this property in some custom code in the event that the user attempts to access a highly secured area of the application.
  • A RESTful API for obtaining service tickets.
  • The Aperero CAS server can also act as an OAuth2 server. If you think about it, this makes sense, since CAS is very similar to OAuth2.
  • Providing OAuth support for the CAS server so that it can obtain access tokens to a delegate OAuth provider (that is, Google), or so the CAS server can be the OAuth server...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech

Create a Note

Modal Close icon
You need to login to use this feature.
notes
bookmark search playlist download font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected

Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Delete Note

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Edit Note

Modal Close icon
Write a note (max 255 characters)
Cancel
Update Note

Confirmation

Modal Close icon
claim successful

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY