Book Image

Hands-On Spring Security 5 for Reactive Applications

By : Tomcy John
Book Image

Hands-On Spring Security 5 for Reactive Applications

By: Tomcy John

Overview of this book

Spring Security enables developers to seamlessly integrate authorization, authentication, and a range of security features for complex enterprise applications. This book provides a hands-on approach to developing reactive applications using Spring and will help you get up and running in no time. Complete with step-by-step explanations, practical examples, and self-assessment questions, the book begins by explaining the essential concepts of reactive programming, Spring Framework, and Spring Security. You’ll then learn about a variety of authentication mechanisms and how to integrate them easily with a Spring MVC application. You’ll also understand how to achieve authorization in a Spring WebFlux application using Spring Security. Furthermore, the book will take you through the configuration required to implement OAuth2 for securing REST APIs, and guide you in integrating security in microservices and serverless applications. Finally, you’ll be able to augment add-ons that will enhance any Spring Security module. By the end of the book, you’ll be equipped to integrate Spring Security into your Java enterprise applications proficiently.
Table of Contents (15 chapters)
Title Page
Copyright and Credits
Packt Upsell

Channel security

In addition to authentication and authorization, Spring Security can also be used to check for any additional property presence for each request reaching the server. It can check for protocol (transport type, HTTP, or HTTPS), presence of certain HTTP headers, and more. SSL is now the de facto standard for any web application (or website) to comply with, and many search engines (such as Google, for example) even penalize you if your website is not HTTPS. SSL is made use of in securing the channel on which data flows from client to server and vice versa.

Spring Security can be configured to explicitly check for URL patterns and explicitly redirect the user to HTTPS if they are coming with the HTTP protocol.

This can be easily done by configuring the appropriate URL pattern in your Spring Security configuration, as shown here:


When users access the /httpsRequired/** URL pattern...