Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Spring Security
  • Table Of Contents Toc
  • Feedback & Rating feedback
Spring Security

Spring Security

By : Badr Nasslahsen
5 (4)
Buy this Book
close
close
Spring Security

Spring Security

5 (4)
By: Badr Nasslahsen
Buy this Book

Overview of this book

With experienced hackers constantly targeting apps, properly securing them becomes challenging when you integrate this factor with legacy code, new technologies, and other frameworks. Written by a Lead Cloud and Security Architect as well as CISSP, this book helps you easily secure your Java apps with Spring Security, a trusted and highly customizable authentication and access control framework. The book shows you how to implement different authentication mechanisms and properly restrict access to your app. You’ll learn to integrate Spring Security with popular web frameworks like Thymeleaf and Microservice and Cloud services like Zookeeper and Eureka, along with architecting solutions that leverage its full power while staying loosely coupled. You’ll also see how Spring Security defends against session fixation, moves into concurrency control, and how you can use session management for administrative functions. This fourth edition aligns with Java 17/21 and Spring Security 6, covering advanced security scenarios for RESTful web services and microservices. This ensures you fully understand the issues surrounding stateless authentication and discover a concise approach to solving those issues. By the end of this book, you’ll be able to integrate Spring Security 6 with GraalVM native images seamlessly, from start to finish.
Table of Contents (28 chapters)
close
close
close
Preface
chevron up
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Code in Action
Conventions used
Get in touch
Share Your Thoughts
Download a free PDF copy of this book
Free Chapter
1
Part 1: Fundamentals of Application Security
Part 1: Fundamentals of Application Security
2
Chapter 1: Anatomy of an Unsafe Application
Chapter 1: Anatomy of an Unsafe Application
Exploring software architecture styles
Understanding security audit
Addressing the security audit findings
Technical requirements
Summary
3
Chapter 2: Getting Started with Spring Security
Chapter 2: Getting Started with Spring Security
Hello Spring Security
A little bit of polish
Summary
4
Chapter 3: Custom Authentication
Chapter 3: Custom Authentication
Authentication architecture in Spring Security
Exploring the JBCP calendar architecture
Logging in new users using SecurityContextHolder
Creating a custom UserDetailsService object
Creating a custom AuthenticationProvider object
Which authentication method should you use?
Summary
5
Part 2: Authentication Techniques
Part 2: Authentication Techniques
6
Chapter 4: JDBC-based Authentication
Chapter 4: JDBC-based Authentication
Installing the required dependencies
Using the H2 database
The default user schema of Spring Security
Exploring UserDetailsManager interface
Support for a custom schema
Configuring secure passwords
Exploring the PasswordEncoder interface
Using salt in Spring Security
Trying out salted passwords
Summary
7
Chapter 5: Authentication with Spring Data
Chapter 5: Authentication with Spring Data
Spring Data JPA
Refactoring from SQL to ORM
Application services
The UserDetailsService object
Document database implementation with MongoDB
Summary
8
Chapter 6: LDAP Directory Services
Chapter 6: LDAP Directory Services
Understanding LDAP
Understanding how Spring LDAP authentication works
Determining roles with Jxplorer
Configuring the UserDetailsContextMapper object
Updating AccountController to use LdapUserDetailsService
Explicit LDAP bean configuration
Integrating with Microsoft Active Directory via LDAP
Summary
9
Chapter 7: Remember-me Services
Chapter 7: Remember-me Services
What is remember-me?
SHA-256 Algorithm
Is remember-me secure?
Configuring the persistent-based remember-me feature
The remember-me architecture
Custom cookie and HTTP parameter names
Summary
10
Chapter 8: Client Certificate Authentication with TLS
Chapter 8: Client Certificate Authentication with TLS
How does client certificate authentication work?
Configuring client certificate authentication using Spring beans
Summary
11
Part 3: Exploring OAuth 2 and SAML 2
Part 3: Exploring OAuth 2 and SAML 2
12
Chapter 9: Opening up to OAuth 2
Chapter 9: Opening up to OAuth 2
The Promising World of OAuth 2
Additional OAuth 2 providers
Is OAuth 2 secure?
Summary
13
Chapter 10: SAML 2 Support
Chapter 10: SAML 2 Support
What is SAML?
SAML 2.0 Login with Spring Security
Overriding SAML Spring Boot Auto Configuration
Performing Single Logout
Summary
14
Part 4: Enhancing Authorization Mechanisms
Part 4: Enhancing Authorization Mechanisms
15
Chapter 11: Fine-Grained Access Control
Chapter 11: Fine-Grained Access Control
Integrating Spring Expression Language (SpEL)
Conditional rendering with the Thymeleaf Spring Security tag library
JSR-250 compliant standardized rules
Summary
16
Chapter 12: Access Control Lists
Chapter 12: Access Control Lists
The conceptual module of an ACL
ACLs in Spring Security
Basic configuration of Spring Security ACL support
Advanced ACL topics
Considerations for a typical ACL deployment
Summary
17
Chapter 13: Custom Authorization
Chapter 13: Custom Authorization
Authorizing the Requests
Handling of Invocations
Modifying AccessDecisionManager and AccessDecisionVoter
Legacy Authorization Components
Dynamically defining access control to URLs
Creating a custom expression
Summary
18
Part 5: Advanced Security Features and Deployment Optimization
Part 5: Advanced Security Features and Deployment Optimization
19
Chapter 14: Session Management
Chapter 14: Session Management
Configuring session fixation protection
Restricting the number of concurrent sessions per user
Configuring expired session redirect
Common problems with concurrency control
Other benefits of concurrent session control
Displaying active sessions for a user
Summary
20
Chapter 15: Additional Spring Security Features
Chapter 15: Additional Spring Security Features
Security vulnerabilities
Cross-Site Scripting
Cross-Site Request Forgery
Security HTTP response headers
Testing Spring Security Applications
Reactive Applications Support
Summary
21
Chapter 16: Migration to Spring Security 6
Chapter 16: Migration to Spring Security 6
Exploit Protection
Configuration Migrations
Applying the migration steps from Spring Security 5.x to Spring Security 6.x
Summary
22
Chapter 17: Microservice Security with OAuth 2 and JSON Web Tokens
Chapter 17: Microservice Security with OAuth 2 and JSON Web Tokens
What are microservices?
Service-oriented architectures
Microservice security
The OAuth 2 specification
JSON Web Tokens
JWT Authentication in Spring Security
OAuth 2 support in Spring Security
Summary
23
Chapter 18: Single Sign-On with the Central Authentication Service
Chapter 18: Single Sign-On with the Central Authentication Service
Introducing the Central Authentication Service
High-level CAS authentication flow
Spring Security and CAS
Configuring basic CAS integration
Single Logout
Clustered environments
Using proxy tickets
Customizing the CAS server
Getting the UserDetails object from a CAS assertion
Additional CAS capabilities
Summary
24
Chapter 19: Build GraalVM Native Images
Chapter 19: Build GraalVM Native Images
Introducing GraalVM
GraalVM images using Buildpacks
Building a native image using Native Build Tools
Method Security in GraalVM Native Image
Summary
25
Index
Index
Why subscribe?
26
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts
Download a free PDF copy of this book
Appendix – Additional Reference Material
Appendix – Additional Reference Material
Build tools
Getting started with the JBCP calendar sample code
Generating a server certificate
Supplementary materials

To get the most out of this book

The primary method for integrating with the sample code is providing Gradle- and Maven-compatible projects. Since many Integrated Development Environments (IDEs). have rich integration with Gradle and Maven, users should be able to import the code into any IDE that supports either Gradle or Maven. As many developers use Gradle and Maven, we felt this was the most straightforward method of packaging the examples. Whatever development environment you are familiar with, hopefully, you will find a way to work through the examples in this book.

Many IDEs provide Gradle or Maven tooling that can automatically download the Spring and Spring Security 6 Javadoc and source code for you. However, there may be times when this is not possible. In such cases, you’ll want to download the full releases of both Spring 6 and Spring Security 6. The Javadoc and source code are top notch. If you get confused or want more information, the samples can provide an additional level of support or reassurance for your learning.

To run the sample application, you will need an IDE such as IntelliJ IDEA or Eclipse and build it with Gradle or Maven, which don’t have strict hardware requirements. However, these are some general recommendations to ensure a smooth development experience:

  1. System Requirements:
    • A modern computer with at least 4GB of RAM (8GB or more is recommended).
    • A multi-core processor for faster build and development.
  2. Operating System:
    • Spring applications can be developed on Windows, macOS, or Linux. Choose the one that you are most comfortable with.
  3. Disk Space:
    • You will need disk space for your project files, dependencies, and any databases you might use. At least 10GB of free disk space is advisable.
  4. Network Connection:
    • A stable internet connection may be needed for downloading dependencies, plugins, and libraries during project setup.

Software/hardware covered in the book

Operating system requirements

IntelliJ IDEA and Eclipse are both popular choices for Spring development

Windows, macOS, or Linux

JDK versions: 17 or 21

Spring- Security 6.

Spring- Boot 3.

Thymeleaf 6.

If you are using the digital version of this book, we advise you to type the code yourself or access the code from the book’s GitHub repository (a link is available in the next section). Doing so will help you avoid any potential errors related to the copying and pasting of code.

From Chapter 3, Custom Authentication onwards, the book shifts its emphasis to delve deeper into Spring Security, particularly in conjunction with the Spring Boot framework.

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
Next Section
bookmark search playlist download
font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY