Book Image

Spring 5.0 Cookbook

By : Sherwin John C. Tragura
Book Image

Spring 5.0 Cookbook

By: Sherwin John C. Tragura

Overview of this book

The Spring framework has been the go-to framework for Java developers for quite some time. It enhances modularity, provides more readable code, and enables the developer to focus on developing the application while the underlying framework takes care of transaction APIs, remote APIs, JMX APIs, and JMS APIs. The upcoming version of the Spring Framework has a lot to offer, above and beyond the platform upgrade to Java 9, and this book will show you all you need to know to overcome common to advanced problems you might face. Each recipe will showcase some old and new issues and solutions, right from configuring Spring 5.0 container to testing its components. Most importantly, the book will highlight concurrent processes, asynchronous MVC and reactive programming using Reactor Core APIs. Aside from the core components, this book will also include integration of third-party technologies that are mostly needed in building enterprise applications. By the end of the book, the reader will not only be well versed with the essential concepts of Spring, but will also have mastered its latest features in a solution-oriented manner.

Related Content you might be interested in

Current Title:

Small book image
Spring 5.0 Cookbook
Sherwin John C. Tragura
Sep, 2017 | 670 pages
Small book image
Hands-On High Performance with Spring 5
Chintan Mehta | Dinesh Radadiya | Pritesh Shah | Subhash Shah | Prashant Goswami
Jun, 2018 | 408 pages
Small book image
Hands-On Spring Security 5 for Reactive Applications
Tomcy John
Jul, 2018 | 268 pages
Small book image
Learning Spring 5.0
Tejaswini Mandar Jog
Jun, 2017 | 422 pages
Table of Contents (20 chapters)
Title Page
Title Page
Credits
Credits
About the Author
About the Author
About the Reviewer
About the Reviewer
www.PacktPub.com
www.PacktPub.com
Customer Feedback
Customer Feedback
Preface
Preface
Free Chapter
1
Getting Started with Spring
Getting Started with Spring
Installing Java Development Kit 1.8
Installing Tomcat 9 and configuring HTTP/2
Installing STS Eclipse 3.8 IDE
Creating Eclipse projects using Maven
Creating Spring STS Eclipse projects using Gradle
Deploying Spring projects using Maven
Deploying Spring projects using Gradle
Installing the MySQL 5.7 database server
Installing the MongoDB 3.2 database server
2
Learning Dependency Injection (DI)
Learning Dependency Injection (DI)
Implementing a Spring container using XML
Implementing a Spring container using JavaConfig
Managing beans in an XML-based container
Managing beans in the JavaConfig container
Creating Singleton and Prototype beans
Defining eager and lazy spring beans
Creating an inner bean
Injecting Collections and Properties
Creating a Spring MVC using an XML-based approach
Creating a Spring MVC using the JavaConfig approach
Generating multiple ApplicationContexts
Using ResourceBundleMessageSource for Views
3
Implementing MVC Design Patterns
Implementing MVC Design Patterns
Creating the simple @Controller
Creating a simple @Controller with method-level URL mapping
Designing a simple form @Controller
Creating a multi-action @Controller
Form validation and parameter type conversion
Creating request- and session-scoped beans
Implementing page redirection and Flash-scoped beans
Creating database connection pooling
Implementing the DAO layer using the Spring JDBC Framework
Creating a service layer in an MVC application
4
Securing Spring MVC Applications
Securing Spring MVC Applications
Configuring Spring Security 4.2.2
Mapping sessions to channels and ports
Customizing the authentication process
Implementing authentication filters, login success, and failure handlers
Creating user details
Generating encrypted passwords
Applying Security to MVC methods
Creating roles and permissions from the database
Managing and storing sessions
Solving Cross-Site Request Forgery (CSRF) and session fixation attacks
Solving Cross-Site Scripting (XSS) and clickjacking attacks
Creating interceptors for login data validation
5
Cross-Cutting the MVC
Cross-Cutting the MVC
Logging and auditing service methods
Managing DAO transactions
Monitoring services and request handlers
Validating parameters and arguments
Managing exceptions
Implementing the caching mechanism
Intercepting request transactions
Implementing user authentication
Accessing with restrictions
Controlling concurrent user access
Implementing a mini-workflow using AOP
6
Functional Programming
Functional Programming
Implementing lambda expressions using anonymous inner classes
Implementing lambda expression using @FunctionInterface
Applying the built-in functional interfaces
Applying method and constructor references
Using the Stream API
Applying streams to collections
Applying streams to NIO 2.0
Using parallel streams
7
Reactive Programming
Reactive Programming
Applying the observer design pattern using Reactive Streams
Creating Mono<T> and Flux<T> publishers
Implementing the Subscriber<T> interface
Applying backpressure to Mono<T> and Flux<T>
Managing task executions using Schedulers
Creating concurrent and parallel emissions
Managing continuous data emission
Implementing Stream manipulation and transformation
Testing Reactive data transactions
Implementing Reactive events using RxJava 2.x
8
Reactive Web Applications
Reactive Web Applications
Configuring the TaskExecutor
Implementing @Async services
Creating asynchronous controllers
Creating @Scheduled services
Using Future<T> and CallableFuture<T>
Using Mono<T> and Flux<T> publishers for services
Creating Mono<T> and Flux<T> HTTP response
Integrating RxJava 2.0
Using FreeMarker to render Publisher<T> stream
Using Thymeleaf to render a Publisher<T> stream
Applying security on TaskExecutors
9
Spring Boot 2.0
Spring Boot 2.0
Building a non-reactive Spring MVC application
Configuring Logging
Adding JDBC Connectivity
Building a reactive Spring MVC application
Configuring Spring Security 5.x
Using reactive view resolvers
Using RouterFunction and HandlerFunction
Implementing Spring Data with JPA
Implementing REST services using @RestController and Spring REST
Applying Spring Cache
10
The Microservices
The Microservices
Exposing RESTful services in Spring 5
Using the actuator REST endpoints
Building a client-side application with RestTemplate, AsyncRestTemplate and, WebClient
Configuring the Eureka server for service registration
Implementing the Eureka service discovery and client-side load balancing
Applying resiliency to client applications
Consuming endpoints using a declarative method
Using Docker for deployment
11
Batch and Message-Driven Processes
Batch and Message-Driven Processes
Building synchronous batch processes
Implementing batch processes with a database
Constructing asynchronous batch processes
Building synchronous interprocess communication using AMQP
Creating asynchronous send-receive communication
Creating an event-driven asynchronous communication using AMQP
Creating stream communication with Spring Cloud Stream
Implementing batch processes using Spring Cloud Task
12
Other Spring 5 Features
Other Spring 5 Features
Using Hibernate 5 object-relational mapping
Applying Hazelcast distributed caching
Building client-server communications with WebSocket
Implementing Reactive WebSocket communication
Implementing asynchronous Spring Data JPA properties
Implementing Reactive Spring Data JPA repositories
Using Spring Data MongoDB
Building applications for big data storage
Building a Spring 5 application using Kotlin
13
Testing Spring 5 Components
Testing Spring 5 Components
Creating tests for Spring MVC components
Building standalone controller tests
Creating tests for DAO and service layers
Creating tests on secured applications
Creating tests using Spring Boot 2.0
Creating tests for Spring Data JPA
Building tests for blocking, asynchronous and reactive RESTful services
Building tests for Kotlin components

Solving Cross-Site Scripting (XSS) and clickjacking attacks

The difference between cross-site scripting attacks and CRSF or session fixation is the presence of an injected third-party JavaScript or malicious script in XSS, whose objective is to sniff form transactions and perform exploits. Clickjacking is another attack which uses X-Frame-Options to inject exploits on a specific part of a page through frames.

Aside from properly escaping or encoding HTML properties, outgoing header variables must be sanitized to avoid XSS and clickjacking attacks. This recipe will highlight how Spring Security 4.2.2 can help shield all the outgoing headers from malicious attacks.

Getting started

Using the same ch04, this recipe will highlight how to control response headers to avoid XSS attacks during form transactions.

How to do it...

To prevent XSS attacks in our form transactions:

  1. Let's create a new security model that enables header filtering or sanitation, which is inherent to the Spring Security 4.2.2 framework...
Previous Section
End of Section 12
Next Section