Book Image

Hands-On Spring Security 5 for Reactive Applications

By : Tomcy John
Book Image

Hands-On Spring Security 5 for Reactive Applications

By: Tomcy John

Overview of this book

Spring Security enables developers to seamlessly integrate authorization, authentication, and a range of security features for complex enterprise applications. This book provides a hands-on approach to developing reactive applications using Spring and will help you get up and running in no time. Complete with step-by-step explanations, practical examples, and self-assessment questions, the book begins by explaining the essential concepts of reactive programming, Spring Framework, and Spring Security. You’ll then learn about a variety of authentication mechanisms and how to integrate them easily with a Spring MVC application. You’ll also understand how to achieve authorization in a Spring WebFlux application using Spring Security. Furthermore, the book will take you through the configuration required to implement OAuth2 for securing REST APIs, and guide you in integrating security in microservices and serverless applications. Finally, you’ll be able to augment add-ons that will enhance any Spring Security module. By the end of the book, you’ll be equipped to integrate Spring Security into your Java enterprise applications proficiently.
Table of Contents (15 chapters)
Title Page
Copyright and Credits
Packt Upsell

Simple REST API security

We will use the example that we created in Chapter 5Integrating with Spring WebFlux (spring-boot-spring-webflux) and expand on it by doing the following:

  • Bringing the JWT support to the already existing Spring WebFlux application secured using basic authentication.
  • Creating a new controller (path /auth/**) that will have new endpoints, using which you can authenticate the user.
  • Using basic authentication or the auth REST endpoint, we will generate the JWT on the server and send it as a response to the client. Subsequent calls from the client to access secured REST APIs can be achieved by using the JWT supplied as a HTTP header (authorization, bearer token).

We won't be able to go into each and every detail of this project (we have a more important topic that we need to cover in this chapter within the stipulated page count). However, while going through the example, important code snippets will be listed down and explained in detail to some extent.

Spring Security configuration...