Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases now! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required
Arrow left icon
All Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletters
Free Learning
Arrow right icon
Home > Security > Web Security > Spring Security - Fourth Edition
Spring Security - Fourth Edition
Spring Security - Fourth Edition

Spring Security: Effectively secure your web apps, RESTful services, cloud apps, and microservice architectures , Fourth Edition

Profile Icon Badr Nasslahsen
By Badr Nasslahsen
₹799.99 ₹2,382.99
Book Jun 2024 596 pages 4th Edition
eBook
₹799.99 ₹2,382.99
Print
₹2,978.99
Subscription
Free Trial
Renews at ₹800p/m
Profile Icon Badr Nasslahsen
By Badr Nasslahsen
₹799.99 ₹2,382.99
Book Jun 2024 596 pages 4th Edition
eBook
₹799.99 ₹2,382.99
Print
₹2,978.99
Subscription
Free Trial
Renews at ₹800p/m
eBook
₹799.99 ₹2,382.99
Print
₹2,978.99
Subscription
Free Trial
Renews at ₹800p/m

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Table of content icon View table of contents Preview book icon Preview Book

Spring Security - Fourth Edition

Part 1: Fundamentals of Application Security

This part delves into the foundational aspects of application security, laying the groundwork for understanding potential vulnerabilities. We embark on a comprehensive exploration of application security using Spring Security. This part introduces you to the process of conducting a security audit on a hypothetical calendar application. Through this audit, we uncover common security vulnerabilities and lay the groundwork for implementing robust security measures.

Building upon this foundation, this part guides you through the installation and configuration of Spring Security. We start with a basic "Hello World" example, gradually customizing Spring Security to suit the specific needs of our application.

We will also delve deeper into the authentication process within Spring Security. By customizing key components of the authentication infrastructure, we address real-world authentication challenges and gain a comprehensive understanding of Spring Security’s authentication mechanisms. Through practical examples and hands-on exercises, we learn how to integrate custom authentication solutions seamlessly into our applications.

This part has the following chapters:

Left arrow icon

Page 1 of 1

Right arrow icon
Download code icon Download Code

Key benefits

  • Architect solutions that leverage Spring Security while remaining loosely coupled
  • Implement authentication and authorization with SAML2, OAuth 2, hashing, and encryption algorithms
  • Integrate Spring Security with technologies such as microservices, Kubernetes, the cloud, and GraalVM native images
  • Purchase of the print or Kindle book includes a free PDF eBook

Description

Knowing that experienced hackers are constantly on the prowl to attack your apps can make security one of the most challenging concerns of creating an app. The complexity of properly securing an app is compounded when you must also integrate this factor with legacy code, new technologies, and other frameworks. This book will help you easily secure your Java apps with Spring Security, a trusted and highly customizable authentication and access control framework. The book starts by showing you how to implement different authentication mechanisms before demonstrating how to properly restrict access to your app. You’ll then cover tips for integrating Spring Security with popular web frameworks such as Thymeleaf. The book also features an example of how Spring Security defends against session fixation, moves into concurrency control, and how you can use session management for administrative functions. This fourth edition aligns with Java 17/21 and Spring Security 6, covering advanced security scenarios for RESTful web services and microservices. This ensures you gain a complete understanding of the issues surrounding stateless authentication and discover a concise approach to solving those issues. By the end of this book, you’ll be able to integrate Spring Security 6 with GraalVM native images seamlessly, from start to finish.

What you will learn

  • Understand common security vulnerabilities and how to resolve them
  • Implement authentication and authorization and learn how to map users to roles
  • Integrate Spring Security with LDAP, Kerberos, SAML 2, OpenID, and OAuth
  • Get to grips with the security challenges of RESTful web services and microservices
  • Configure Spring Security to use Spring Data for authentication
  • Integrate Spring Security with Spring Boot, Spring Data, and web applications
  • Protect against common vulnerabilities like XSS, CSRF, and Clickjacking

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Jun 28, 2024
Length 596 pages
Edition : 4th Edition
Language : English
ISBN-13 : 9781835460504
Category :
Security
Languages :
Java
Concepts :
Web Security
Tools :
Spring

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want

Product Details

Publication date : Jun 28, 2024
Length 596 pages
Edition : 4th Edition
Language : English
ISBN-13 : 9781835460504
Category :
Security
Languages :
Java
Concepts :
Web Security
Tools :
Spring

Packt Subscriptions

See our plans and pricing
Modal Close icon
₹800 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
START FREE TRIAL
BUY NOW
₹4500 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just ₹400 each
Feature tick icon Exclusive print discounts
START FREE TRIAL
BUY NOW
₹5000 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just ₹400 each
Feature tick icon Exclusive print discounts
START FREE TRIAL
BUY NOW

Table of Contents

28 Chapters
Preface Chevron down icon Chevron up icon
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Code in Action
Conventions used
Get in touch
Share Your Thoughts
1. Part 1: Fundamentals of Application Security Chevron down icon Chevron up icon
Part 1: Fundamentals of Application Security
2. Chapter 1: Anatomy of an Unsafe Application Chevron down icon Chevron up icon
Chapter 1: Anatomy of an Unsafe Application
Exploring software architecture styles
Understanding security audit
Addressing the security audit findings
Technical requirements
Summary
3. Chapter 2: Getting Started with Spring Security Chevron down icon Chevron up icon
Chapter 2: Getting Started with Spring Security
Hello Spring Security
A little bit of polish
Summary
4. Chapter 3: Custom Authentication Chevron down icon Chevron up icon
Chapter 3: Custom Authentication
Authentication architecture in Spring Security
Exploring the JBCP calendar architecture
Logging in new users using SecurityContextHolder
Creating a custom UserDetailsService object
Creating a custom AuthenticationProvider object
Which authentication method should you use?
Summary
5. Part 2: Authentication Techniques Chevron down icon Chevron up icon
Part 2: Authentication Techniques
6. Chapter 4: JDBC-based Authentication Chevron down icon Chevron up icon
Chapter 4: JDBC-based Authentication
Installing the required dependencies
Using the H2 database
The default user schema of Spring Security
Exploring UserDetailsManager interface
Support for a custom schema
Configuring secure passwords
Exploring the PasswordEncoder interface
Using salt in Spring Security
Trying out salted passwords
Summary
7. Chapter 5: Authentication with Spring Data Chevron down icon Chevron up icon
Chapter 5: Authentication with Spring Data
Spring Data JPA
Refactoring from SQL to ORM
Application services
The UserDetailsService object
Document database implementation with MongoDB
Summary
8. Chapter 6: LDAP Directory Services Chevron down icon Chevron up icon
Chapter 6: LDAP Directory Services
Understanding LDAP
Understanding how Spring LDAP authentication works
Determining roles with Jxplorer
Configuring the UserDetailsContextMapper object
Updating AccountController to use LdapUserDetailsService
Explicit LDAP bean configuration
Integrating with Microsoft Active Directory via LDAP
Summary
9. Chapter 7: Remember-me Services Chevron down icon Chevron up icon
Chapter 7: Remember-me Services
What is remember-me?
SHA-256 Algorithm
Is remember-me secure?
Configuring the persistent-based remember-me feature
The remember-me architecture
Custom cookie and HTTP parameter names
Summary
10. Chapter 8: Client Certificate Authentication with TLS Chevron down icon Chevron up icon
Chapter 8: Client Certificate Authentication with TLS
How does client certificate authentication work?
Configuring client certificate authentication using Spring beans
Summary
11. Part 3: Exploring OAuth 2 and SAML 2 Chevron down icon Chevron up icon
Part 3: Exploring OAuth 2 and SAML 2
12. Chapter 9: Opening up to OAuth 2 Chevron down icon Chevron up icon
Chapter 9: Opening up to OAuth 2
The Promising World of OAuth 2
Additional OAuth 2 providers
Is OAuth 2 secure?
Summary
13. Chapter 10: SAML 2 Support Chevron down icon Chevron up icon
Chapter 10: SAML 2 Support
What is SAML?
SAML 2.0 Login with Spring Security
Overriding SAML Spring Boot Auto Configuration
Performing Single Logout
Summary
14. Part 4: Enhancing Authorization Mechanisms Chevron down icon Chevron up icon
Part 4: Enhancing Authorization Mechanisms
15. Chapter 11: Fine-Grained Access Control Chevron down icon Chevron up icon
Chapter 11: Fine-Grained Access Control
Integrating Spring Expression Language (SpEL)
Conditional rendering with the Thymeleaf Spring Security tag library
JSR-250 compliant standardized rules
Summary
16. Chapter 12: Access Control Lists Chevron down icon Chevron up icon
Chapter 12: Access Control Lists
The conceptual module of an ACL
ACLs in Spring Security
Basic configuration of Spring Security ACL support
Advanced ACL topics
Considerations for a typical ACL deployment
Summary
17. Chapter 13: Custom Authorization Chevron down icon Chevron up icon
Chapter 13: Custom Authorization
Authorizing the Requests
Handling of Invocations
Modifying AccessDecisionManager and AccessDecisionVoter
Legacy Authorization Components
Dynamically defining access control to URLs
Creating a custom expression
Summary
18. Part 5: Advanced Security Features and Deployment Optimization Chevron down icon Chevron up icon
Part 5: Advanced Security Features and Deployment Optimization
19. Chapter 14: Session Management Chevron down icon Chevron up icon
Chapter 14: Session Management
Configuring session fixation protection
Restricting the number of concurrent sessions per user
Configuring expired session redirect
Common problems with concurrency control
Other benefits of concurrent session control
Displaying active sessions for a user
Summary
20. Chapter 15: Additional Spring Security Features Chevron down icon Chevron up icon
Chapter 15: Additional Spring Security Features
Security vulnerabilities
Cross-Site Scripting
Cross-Site Request Forgery
Security HTTP response headers
Testing Spring Security Applications
Reactive Applications Support
Summary
21. Chapter 16: Migration to Spring Security 6 Chevron down icon Chevron up icon
Chapter 16: Migration to Spring Security 6
Exploit Protection
Configuration Migrations
Applying the migration steps from Spring Security 5.x to Spring Security 6.x
Summary
22. Chapter 17: Microservice Security with OAuth 2 and JSON Web Tokens Chevron down icon Chevron up icon
Chapter 17: Microservice Security with OAuth 2 and JSON Web Tokens
What are microservices?
Service-oriented architectures
Microservice security
The OAuth 2 specification
JSON Web Tokens
JWT Authentication in Spring Security
OAuth 2 support in Spring Security
Summary
23. Chapter 18: Single Sign-On with the Central Authentication Service Chevron down icon Chevron up icon
Chapter 18: Single Sign-On with the Central Authentication Service
Introducing the Central Authentication Service
High-level CAS authentication flow
Spring Security and CAS
Configuring basic CAS integration
Single Logout
Clustered environments
Using proxy tickets
Customizing the CAS server
Getting the UserDetails object from a CAS assertion
Additional CAS capabilities
Summary
24. Chapter 19: Build GraalVM Native Images Chevron down icon Chevron up icon
Chapter 19: Build GraalVM Native Images
Introducing GraalVM
GraalVM images using Buildpacks
Building a native image using Native Build Tools
Method Security in GraalVM Native Image
Summary
25. Index Chevron down icon Chevron up icon
Index
Why subscribe?
26. Other Books You May Enjoy Chevron down icon Chevron up icon
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts
Download a free PDF copy of this book
Appendix – Additional Reference Material Chevron down icon Chevron up icon
Appendix – Additional Reference Material
Build tools
Getting started with the JBCP calendar sample code
Generating a server certificate
Supplementary materials

Recommendations for you

Left arrow icon
Python for Security and Networking
Python for Security and Networking
Read more
Jun 2023 586 pages
Full star icon 4.5
ebook
eBook
  • ebook eBook ₹799.99
  • print Print ₹3,723.99
₹799.99 ₹2,978.99
₹3,723.99
CompTIA Security+ SY0-701 Certification Guide
CompTIA Security+ SY0-701 Certification Guide
Read more
Jan 2024 622 pages
print
Print
  • print Print ₹3,351.99
₹3,351.99
Mastering Reverse Engineering
Mastering Reverse Engineering
Read more
Oct 2018 436 pages
ebook
eBook
  • ebook eBook ₹799.99
  • print Print ₹3,649.99
₹799.99 ₹2,919.99
₹3,649.99
Cybersecurity Architecture Fundamentals
Cybersecurity Architecture Fundamentals
Read more
Jul 2023 3h 3m
video Video
₹8,192.99
Risk Management Excellence - NIST 800-37 Framework Training
Risk Management Excellence - NIST 800-37 Framework Training
Read more
Feb 2024 1h 58m
video Video
₹4,840.99
Practical Cyber Hacking Skills for Beginners
Practical Cyber Hacking Skills for Beginners
Read more
Dec 2022 8h 23m
video Video
₹8,192.99
Mastering Microsoft Defender for Office 365
Mastering Microsoft Defender for Office 365
Read more
Sep 2024 426 pages
ebook
eBook
  • ebook eBook ₹799.99
  • print Print ₹3,351.99
₹799.99 ₹2,680.99
₹3,351.99
IT Audit Field Manual
IT Audit Field Manual
Read more
Sep 2024 336 pages
ebook
eBook
  • ebook eBook ₹799.99
  • print Print ₹2,978.99
₹799.99 ₹2,382.99
₹2,978.99
Cryptography Algorithms
Cryptography Algorithms
Read more
Aug 2024 410 pages
ebook
eBook
  • ebook eBook ₹799.99
  • print Print ₹2,792.98
₹799.99 ₹2,978.99
₹2,792.98 ₹3,723.99
Hack the Cybersecurity Interview
Hack the Cybersecurity Interview
Read more
Aug 2024 344 pages
ebook
eBook
  • ebook eBook ₹799.99
  • print Print ₹3,351.99
₹799.99 ₹2,680.99
₹3,351.99
Right arrow icon

About the author

Profile icon Badr Nasslahsen
Badr Nasslahsen
LinkedIn icon Github icon
Badr Nasslahsen is a lead security and cloud architect with over 17 years of experience. He holds an executive master's degree from Ecole Centrale Paris and an engineering degree from Telecom SudParis. He is an Oracle Certified Java SE 11 Professional, CISSP, TOGAF, CKA, and Scrum Master. Badr has extensive experience with public cloud providers such as AWS, Azure, GCP, Oracle, and IBM. He is also the author of the springdoc-openapi project.
Read more
See other products by Badr Nasslahsen
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.