Book Image

Hands-On Spring Security 5 for Reactive Applications

By : Tomcy John
Book Image

Hands-On Spring Security 5 for Reactive Applications

By: Tomcy John

Overview of this book

Spring Security enables developers to seamlessly integrate authorization, authentication, and a range of security features for complex enterprise applications. This book provides a hands-on approach to developing reactive applications using Spring and will help you get up and running in no time. Complete with step-by-step explanations, practical examples, and self-assessment questions, the book begins by explaining the essential concepts of reactive programming, Spring Framework, and Spring Security. You’ll then learn about a variety of authentication mechanisms and how to integrate them easily with a Spring MVC application. You’ll also understand how to achieve authorization in a Spring WebFlux application using Spring Security. Furthermore, the book will take you through the configuration required to implement OAuth2 for securing REST APIs, and guide you in integrating security in microservices and serverless applications. Finally, you’ll be able to augment add-ons that will enhance any Spring Security module. By the end of the book, you’ll be equipped to integrate Spring Security into your Java enterprise applications proficiently.
Table of Contents (15 chapters)
Title Page
Copyright and Credits
Packt Upsell



Central Authentication Service (CAS)

is a single-sign-on/single-sign-off protocol for the web. It permits a user to access multiple applications while providing their credentials (such as userid and password) only once to a central CAS Server application.

– CAS Protocol Specification

CAS is an open source, platform-independent, central single sign-on (SSO) service supporting a variety of well-known protocols. Spring Security has first-class support for CAS, and the implementation is quite simple for an enterprise having a central CAS server. CAS is based on Spring Framework, and the architecture is quite simple, as shown in the following diagram:

Figure 1: CAS architecture (figure adapted from

The CAS server is a Java servlet-based application built on Spring Framework (Spring MVC and Spring Web Flow). It authenticates and grants access to CAS-enabled services.

Upon the successful login of the user, an SSO session is created, and the server issues a ticket-granting...