Book Image

Hands-On Spring Security 5 for Reactive Applications

By : Tomcy John
Book Image

Hands-On Spring Security 5 for Reactive Applications

By: Tomcy John

Overview of this book

Spring Security enables developers to seamlessly integrate authorization, authentication, and a range of security features for complex enterprise applications. This book provides a hands-on approach to developing reactive applications using Spring and will help you get up and running in no time. Complete with step-by-step explanations, practical examples, and self-assessment questions, the book begins by explaining the essential concepts of reactive programming, Spring Framework, and Spring Security. You’ll then learn about a variety of authentication mechanisms and how to integrate them easily with a Spring MVC application. You’ll also understand how to achieve authorization in a Spring WebFlux application using Spring Security. Furthermore, the book will take you through the configuration required to implement OAuth2 for securing REST APIs, and guide you in integrating security in microservices and serverless applications. Finally, you’ll be able to augment add-ons that will enhance any Spring Security module. By the end of the book, you’ll be equipped to integrate Spring Security into your Java enterprise applications proficiently.
Table of Contents (15 chapters)
Title Page
Copyright and Credits
Dedication
Packt Upsell
Contributors
Preface
Index

Authorization


Once the user is validated in terms of who they claim to be, the next aspect, what the user has access to, needs to be ascertained. This process of making sure what the user is allowed to do within the application is called authorization.

In line with authentication architecture, as seen earlier, authorization also has a manager, AccessDecisionManager. Spring Security has three built-in implementations for this: AffirmativeBased, ConsensusBased, and UnanimousBasedAccessDecisionManager works by delegating to a chain of AccessDecisionVoter. Authorization-related Spring Security classes/interfaces are shown in the following diagram:

Figure 12: Spring Security Authorization classes/interfaces

 

 

In Spring Security, authorization to a secured resource is granted by invoking voters and then tallying the votes received. The three built-in implementations tally the votes received in different manners:

  • AffirmativeBased: If at least one voter votes, the user is given access to the secured...