Book Image

Hands-On Spring Security 5 for Reactive Applications

By : Tomcy John
Book Image

Hands-On Spring Security 5 for Reactive Applications

By: Tomcy John

Overview of this book

Spring Security enables developers to seamlessly integrate authorization, authentication, and a range of security features for complex enterprise applications. This book provides a hands-on approach to developing reactive applications using Spring and will help you get up and running in no time. Complete with step-by-step explanations, practical examples, and self-assessment questions, the book begins by explaining the essential concepts of reactive programming, Spring Framework, and Spring Security. You’ll then learn about a variety of authentication mechanisms and how to integrate them easily with a Spring MVC application. You’ll also understand how to achieve authorization in a Spring WebFlux application using Spring Security. Furthermore, the book will take you through the configuration required to implement OAuth2 for securing REST APIs, and guide you in integrating security in microservices and serverless applications. Finally, you’ll be able to augment add-ons that will enhance any Spring Security module. By the end of the book, you’ll be equipped to integrate Spring Security into your Java enterprise applications proficiently.
Table of Contents (15 chapters)
Title Page
Copyright and Credits
Packt Upsell

Advanced REST API security

REST APIs can be secured by another mechanism in your web application, OAuth.

OAuth is an authorization framework that allows other applications with the right credentials access to partial/limited user profile details stored on platforms such as Google and Facebook. The authentication part is delegated to these services and if successful, appropriate grants are given to the calling client/application, which can be used to get access to secured resources (in our case RESTful APIs).

We have seen OAuth security using a public authentication provider in Chapter 3Authentication Using CAS and JAAS (in the OAuth 2 and OpenID connect section). However, we need not use these public providers; you have the choice of using your own. We will cover one such example in this chapter, where we will be using our own authentication provider and securing our Spring Boot-based reactive REST endpoints.

Before getting into the example, we need to understand a bit more about OAuth, and...