Book Image

Hands-On Spring Security 5 for Reactive Applications

By : Tomcy John
Book Image

Hands-On Spring Security 5 for Reactive Applications

By: Tomcy John

Overview of this book

Spring Security enables developers to seamlessly integrate authorization, authentication, and a range of security features for complex enterprise applications. This book provides a hands-on approach to developing reactive applications using Spring and will help you get up and running in no time. Complete with step-by-step explanations, practical examples, and self-assessment questions, the book begins by explaining the essential concepts of reactive programming, Spring Framework, and Spring Security. You’ll then learn about a variety of authentication mechanisms and how to integrate them easily with a Spring MVC application. You’ll also understand how to achieve authorization in a Spring WebFlux application using Spring Security. Furthermore, the book will take you through the configuration required to implement OAuth2 for securing REST APIs, and guide you in integrating security in microservices and serverless applications. Finally, you’ll be able to augment add-ons that will enhance any Spring Security module. By the end of the book, you’ll be equipped to integrate Spring Security into your Java enterprise applications proficiently.
Table of Contents (15 chapters)
Title Page
Copyright and Credits
Packt Upsell

Chapter 2. Deep Diving into Spring Security

This is a hands-on book, but our first chapter was theoretical (as it should be) because it was an introductory chapter.

In this chapter, we will dive deeply into the technical capabilities of Spring Security, specifically authentication and authorization, using code. However, before we get into the coding, we will give a brief explanation of the theory. We are doing this because it is important to understand the concepts before diving into coding.

The two most important aspects of security are as follows:

  • Find the identity of the user
  • Find what resources this user has access to

authentication is the mechanism by which you find out who a user is, and authorization is the mechanism that allows an application to find out what the user can do with the application:

Figure 01: Fundamental aspects of security—Authentication and Authorization

In this chapter we will cover the following:

  • Authentication
  • Authentication mechanisms
  • Authorization