Book Image

Hands-On Spring Security 5 for Reactive Applications

By : Tomcy John
Book Image

Hands-On Spring Security 5 for Reactive Applications

By: Tomcy John

Overview of this book

Spring Security enables developers to seamlessly integrate authorization, authentication, and a range of security features for complex enterprise applications. This book provides a hands-on approach to developing reactive applications using Spring and will help you get up and running in no time. Complete with step-by-step explanations, practical examples, and self-assessment questions, the book begins by explaining the essential concepts of reactive programming, Spring Framework, and Spring Security. You’ll then learn about a variety of authentication mechanisms and how to integrate them easily with a Spring MVC application. You’ll also understand how to achieve authorization in a Spring WebFlux application using Spring Security. Furthermore, the book will take you through the configuration required to implement OAuth2 for securing REST APIs, and guide you in integrating security in microservices and serverless applications. Finally, you’ll be able to augment add-ons that will enhance any Spring Security module. By the end of the book, you’ll be equipped to integrate Spring Security into your Java enterprise applications proficiently.
Table of Contents (15 chapters)
Title Page
Copyright and Credits
Packt Upsell

Modern application architecture

Frontends of most modern applications are not built using server-side web application frameworks, such as Spring MVC, Java Server Faces (JSF), and so on. Infact, many are built using full-fledged client-side frameworks, such as React (to be full-fledged, it has to be combined with other libraries), Angular, and so on. The previous statement doesn't mean in any way that there is no place for such server-side web application frameworks. According to the application you are building, there are specific places for each of these frameworks.


When using client-side frameworks, the client code (HTML, JS, CSS, and so on) in general is not secured. However, the data required to render these dynamic pages is secured behind a RESTful endpoint.

To secure a RESTful backend, the JWT is used to exchange claims between the server and the client. The JWT enables the stateless exchange of tokens between the two parties and takes away the burden of session management (no more...