Book Image

Hands-On Spring Security 5 for Reactive Applications

By : Tomcy John
Book Image

Hands-On Spring Security 5 for Reactive Applications

By: Tomcy John

Overview of this book

Spring Security enables developers to seamlessly integrate authorization, authentication, and a range of security features for complex enterprise applications. This book provides a hands-on approach to developing reactive applications using Spring and will help you get up and running in no time. Complete with step-by-step explanations, practical examples, and self-assessment questions, the book begins by explaining the essential concepts of reactive programming, Spring Framework, and Spring Security. You’ll then learn about a variety of authentication mechanisms and how to integrate them easily with a Spring MVC application. You’ll also understand how to achieve authorization in a Spring WebFlux application using Spring Security. Furthermore, the book will take you through the configuration required to implement OAuth2 for securing REST APIs, and guide you in integrating security in microservices and serverless applications. Finally, you’ll be able to augment add-ons that will enhance any Spring Security module. By the end of the book, you’ll be equipped to integrate Spring Security into your Java enterprise applications proficiently.
Table of Contents (15 chapters)
Title Page
Copyright and Credits
Packt Upsell

Secret management

In an application, we need to handle a variety of secret/secure data in the form of API keys, other application passwords, and more. Often, for an application deployed and running in a production environment, keeping these in plain text can result in security breaches. With automation up for grabs quite cheaply nowadays, for modern applications, storing such data securely with access control and secure storage is a must.

Encryption is something that has been widely embraced, but for decryption, a key needs to be circulated, and this circulation of the key is usually a big problem. If a person decides to take the key outside of the organization, there can be serious problems.

Vault from HashiCorp is a very strong contender as a solution to this issue, and helps in managing these secrets easily with very rigid controls. It provides APIs that give access based on set policies. It also has the capability to provide access control, and it also comes with encryption functionality...