Book Image

Hands-On Spring Security 5 for Reactive Applications

By : Tomcy John
Book Image

Hands-On Spring Security 5 for Reactive Applications

By: Tomcy John

Overview of this book

Spring Security enables developers to seamlessly integrate authorization, authentication, and a range of security features for complex enterprise applications. This book provides a hands-on approach to developing reactive applications using Spring and will help you get up and running in no time. Complete with step-by-step explanations, practical examples, and self-assessment questions, the book begins by explaining the essential concepts of reactive programming, Spring Framework, and Spring Security. You’ll then learn about a variety of authentication mechanisms and how to integrate them easily with a Spring MVC application. You’ll also understand how to achieve authorization in a Spring WebFlux application using Spring Security. Furthermore, the book will take you through the configuration required to implement OAuth2 for securing REST APIs, and guide you in integrating security in microservices and serverless applications. Finally, you’ll be able to augment add-ons that will enhance any Spring Security module. By the end of the book, you’ll be equipped to integrate Spring Security into your Java enterprise applications proficiently.

Related Content you might be interested in

Current Title:

Small book image
Hands-On Spring Security 5 for Reactive Applications
Tomcy John
Jul, 2018 | 268 pages
Small book image
Spring Security
ROBERT WILLIAM WINCH | Peter Mularien | Mick Knutson
Nov, 2017 | 542 pages
Small book image
Spring 5.0 Projects
Nilang Patel
Feb, 2019 | 442 pages
Small book image
OAuth 2.0 Cookbook
Adolfo Eloy Nascimento
Oct, 2017 | 420 pages
Table of Contents (15 chapters)
Title Page
Title Page
Copyright and Credits
Copyright and Credits
Dedication
Dedication
Packt Upsell
Packt Upsell
Contributors
Contributors
Preface
Preface
Free Chapter
1
Overview of Spring 5 and Spring Security 5
Overview of Spring 5 and Spring Security 5
How examples are structured
New-generation application requirements
Reactive programming
Reactive applications
Spring Framework
Reactive Landscape in Java
Spring Framework and reactive applications
Application security
Spring Security
Spring Security's core features
Spring Security 5's new features
Working of Spring Security
Core Spring Security modules
Summary
2
Deep Diving into Spring Security
Deep Diving into Spring Security
Authentication
Sample application
Authorization
Other Spring Security capabilities
Summary
3
Authentication Using SAML, LDAP, and OAuth/OIDC
Authentication Using SAML, LDAP, and OAuth/OIDC
Security Assertion Markup Language
Lightweight Directory Access Protocol
OAuth2 and OpenID Connect
Summary
4
Authentication Using CAS and JAAS
Authentication Using CAS and JAAS
CAS
Java Authentication and Authorization Service
Kerberos
Custom AuthenticationEntryPoint
PasswordEncoder
Custom filters
Summary
5
Integrating with Spring WebFlux
Integrating with Spring WebFlux
Spring MVC versus WebFlux
Reactive support in Spring 5
Spring WebFlux
Spring WebFlux authentication architecture
Spring WebFlux authorization
Sample project
Customization
Summary
6
REST API Security
REST API Security
Important concepts
Modern application architecture
Reactive REST API
Simple REST API security
Advanced REST API security
Spring Security OAuth project
OAuth2 and Spring WebFlux
Spring Boot and OAuth2
Sample project
Summary
7
Spring Security Add-Ons
Spring Security Add-Ons
Remember-me authentication
Session management
CSRF
CSP
Channel security
CORS Support
The Crypto module
Secret management
HTTP Data Integrity Validator
Custom DSL
Summary
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think
Index
Index

Spring Security

Spring Security is a powerful and highly customizable authentication and access-control framework. It is the de facto standard for securing Spring-based applications.

– Spring by Pivotal

Spring Security 5 is the new version of the framework and will be the main focus of this book. Spring Security enables you to take care of authentication and authorization of your application in all aspects. It also has top-level projects to deal specifically with a number of authentication mechanisms, such as LDAP, OAuth, and SAML. Spring Security also gives you enough mechanisms to deal with common security attacks, such as Session Fixation, Clickjacking, and Cross-Site Request Forgery. Moreover, it has very good integration with a number of Spring Framework projects, such as Spring MVC, Spring WebFlux, Spring Data, Spring Integration, and Spring Boot.

Spring Security terminologies

It's important to understand some of the most important Spring Security terminologies. Let's look at some of them:

  • Principal: Any user, device, or system (application) that would like to interact with your application.
  • Authentication: A process by which your application makes sure that the principal is who they claim to be.
  • Credentials: When a principal tries to interact with your application, the authentication process kicks in and challenges the principal to pass on some values. One such example is a username/password combination and these values are called credentials. The authentication process validates the principal's passed-in credentials against a data store and replies back with the appropriate result.
  • Authorization: After successful authentication, the principal is checked again for actions that it can perform on your application. This process of checking rights for a principal and then granting necessary permissions is called authorization.
  • Secured item/resource: The item or resource that is marked as secured and requires the principal (user) to successfully complete both authentication and authorization.
  • GrantedAuthority: A Spring Security object (org.springframework.security.core.GrantedAuthority interface) that contains/holds permissions/access-right details of a principal.
  • SecurityContext: A Spring Security object that holds a principal's authentication details.
Previous Section
End of Section 10
Next Section