Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Spring Security
  • Table Of Contents Toc
Spring Security

Spring Security - Third Edition

By : Mick Knutson, Robert Winch, Peter Mularien
4.5 (4)
Buy this Book
close
close
Spring Security

Spring Security

4.5 (4)
By: Mick Knutson, Robert Winch, Peter Mularien
Buy this Book

Overview of this book

Knowing that experienced hackers are itching to test your skills makes security one of the most difficult and high-pressured concerns of creating an application. The complexity of properly securing an application is compounded when you must also integrate this factor with existing code, new technologies, and other frameworks. Use this book to easily secure your Java application with the tried and trusted Spring Security framework, a powerful and highly customizable authentication and access-control framework. The book starts by integrating a variety of authentication mechanisms. It then demonstrates how to properly restrict access to your application. It also covers tips on integrating with some of the more popular web frameworks. An example of how Spring Security defends against session fixation, moves into concurrency control, and how you can utilize session management for administrative functions is also included. It concludes with advanced security scenarios for RESTful webservices and microservices, detailing the issues surrounding stateless authentication, and demonstrates a concise, step-by-step approach to solving those issues. And, by the end of the book, readers can rest assured that integrating version 4.2 of Spring Security will be a seamless endeavor from start to finish.
Table of Contents (19 chapters)
close
close
close
Preface
Icon
Preface
Icon
What this book covers
Icon
What you need for this book
Icon
Who this book is for
Icon
Conventions
Icon
Reader feedback
Icon
Customer support
Lock Free Chapter
1
Anatomy of an Unsafe Application
Icon
Anatomy of an Unsafe Application
Icon
Security audit
Icon
Application technology
Icon
Authentication
Icon
Authorization
Icon
Summary
2
Getting Started with Spring Security
Icon
Getting Started with Spring Security
Icon
Hello Spring Security
Icon
A little bit of polish
Icon
Summary
3
Custom Authentication
Icon
Custom Authentication
Icon
JBCP calendar architecture
Icon
Logging in new users using SecurityContextHolder
Icon
Creating a custom UserDetailsService object
Icon
Creating a custom AuthenticationProvider object
Icon
Which authentication method to use?
Icon
Summary
4
JDBC-Based Authentication
Icon
JDBC-Based Authentication
Icon
Required dependencies
Icon
Using the H2 database
Icon
The default user schema of Spring Security
Icon
The UserDetailsManager interface
Icon
Support for a custom schema
Icon
Configuring secure passwords
Icon
The PasswordEncoder method
Icon
Using salt in Spring Security
Icon
Trying out the salted passwords
Icon
Summary
5
Authentication with Spring Data
Icon
Authentication with Spring Data
Icon
Spring Data JPA
Icon
Refactoring from SQL to ORM
Icon
Application services
Icon
The UserDetailsService object
Icon
Document database implementation with MongoDB
Icon
Summary
6
LDAP Directory Services
Icon
LDAP Directory Services
Icon
Understanding LDAP
Icon
Understanding how Spring LDAP authentication works
Icon
Determining roles with Apache Directory Studio
Icon
Configuring the UserDetailsContextMapper object
Icon
Updating AccountController to use LdapUserDetailsService
Icon
Explicit LDAP bean configuration
Icon
Integrating with Microsoft Active Directory via LDAP
Icon
Summary
7
Remember-Me Services
Icon
Remember-Me Services
Icon
What is remember-me?
Icon
MD5
Icon
Is remember-me secure?
Icon
Configuring the persistent-based remember-me feature
Icon
The remember-me architecture
Icon
Custom cookie and HTTP parameter names
Icon
Summary
8
Client Certificate Authentication with TLS
Icon
Client Certificate Authentication with TLS
Icon
How does client certificate authentication work?
Icon
Configuring client certificate authentication using Spring beans
Icon
Summary
9
Opening up to OAuth 2
Icon
Opening up to OAuth 2
Icon
The promising world of OAuth 2
Icon
Configuring OAuth 2 support in Spring Security
Icon
Executing the OAuth 2 provider connection workflow
Icon
Additional OAuth 2 providers
Icon
Is OAuth 2 secure?
10
Single Sign-On with the Central Authentication Service
Icon
Single Sign-On with the Central Authentication Service
Icon
Introducing the Central Authentication Service
Icon
High-level CAS authentication flow
Icon
Spring Security and CAS
Icon
Configuring basic CAS integration
Icon
Single logout
Icon
Clustered environments
Icon
Using proxy tickets
Icon
Customizing the CAS server
Icon
Getting the UserDetails object from a CAS assertion
Icon
Additional CAS capabilities
Icon
Summary
11
Fine-Grained Access Control
Icon
Fine-Grained Access Control
Icon
Gradle dependencies
Icon
Conditional rendering with the Thymeleaf Spring Security tag library
Icon
Interface-based proxies
Icon
JSR-250 compliant standardized rules
Icon
Summary
12
Access Control Lists
Icon
Access Control Lists
Icon
The conceptual module of ACL
Icon
Access control lists in Spring Security
Icon
Basic configuration of Spring Security ACL support
Icon
Summary
13
Custom Authorization
chevron up
Icon
Custom Authorization
Icon
Authorizing the requests
Icon
Dynamically defining access control to URLs
Icon
Creating a custom expression
Icon
Summary
14
Session Management
Icon
Session Management
Icon
Configuring session fixation protection
Icon
Restricting the number of concurrent sessions per user
Icon
Configuring expired session redirect
Icon
Common problems with concurrency control
Icon
Other benefits of concurrent session control
Icon
Displaying active sessions for a user
Icon
Summary
15
Additional Spring Security Features
Icon
Additional Spring Security Features
Icon
Security vulnerabilities
Icon
Cross-Site Scripting
Icon
Cross-Site Request Forgery
Icon
Security HTTP response headers
Icon
Summary
16
Migration to Spring Security 4.2
Icon
Migration to Spring Security 4.2
Icon
Introduction
Icon
Sample migration
Icon
Deprecations
Icon
Summary
17
Microservice Security with OAuth 2 and JSON Web Tokens
Icon
Microservice Security with OAuth 2 and JSON Web Tokens
Icon
What are microservices?
Icon
Service-oriented architectures
Icon
Microservice security
Icon
The OAuth 2 specification
Icon
JSON Web Tokens
Icon
OAuth 2 support in Spring Security
Icon
Microservices client
Icon
Summary
18
Additional Reference Material
Icon
Additional Reference Material
Icon
Getting started with the JBCP calendar sample code

Dynamically defining access control to URLs

Spring Security provides several methods for mapping ConfigAttribute objects to a resource. For example, the antMatchers() method ensures it is simple for developers to restrict access to specific HTTP requests in their web application. Behind the scenes, an implementation of o.s.s.acess.SecurityMetadataSource is populated with these mappings and queried to determine what is required in order to be authorized to make any given HTTP request.

While the antMatchers() method is very simple, there may be times that it would be desirable to provide a custom mechanism for determining the URL mappings. An example of this might be if an application needs to be able to dynamically provide the access control rules. Let's demonstrate what it would take to move our URL authorization configuration into a database.

...
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Spring Security
End of Section 13
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist download Download options
font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon