Book Image

Learning Spring Boot 2.0 - Second Edition

By : Greg L. Turnquist, Greg L. Turnquist
Book Image

Learning Spring Boot 2.0 - Second Edition

By: Greg L. Turnquist, Greg L. Turnquist

Overview of this book

Spring Boot provides a variety of features that address today's business needs along with today's scalable requirements. In this book, you will learn how to leverage powerful databases and Spring Boot's state-of-the-art WebFlux framework. This practical guide will help you get up and running with all the latest features of Spring Boot, especially the new Reactor-based toolkit. The book starts off by helping you build a simple app, then shows you how to bundle and deploy it to the cloud. From here, we take you through reactive programming, showing you how to interact with controllers and templates and handle data access. Once you're done, you can start writing unit tests, slice tests, embedded container tests, and even autoconfiguration tests. We go into detail about developer tools, AMQP messaging, WebSockets, security, and deployment. You will learn how to secure your application using both routes and method-based rules. By the end of the book, you'll have built a social media platform from which to apply the lessons you have learned to any problem. If you want a good understanding of building scalable applications using the core functionality of Spring Boot, this is the book for you.
Table of Contents (11 chapters)

Securing Your App with Spring Boot

It's not real until it's secured.
Greg L. Turnquist @gregturn

In the previous chapter, you learned how to turn our application into a fully asynchronous, message-based app using WebSockets.

Security is hard. Even among the experts. Rob Winch, the lead for Spring Security, has stated in multiple forums, "Do not implement security on your own." A classic example is when someone wrote a utility to crack password-protected Microsoft Word documents. It had an intentional delay so that it didn't operate in subsecond time. Get it? The author of the tool didn't want to show how easy it was to break a Word document.

Suffice it to say, there are lots of attack vectors. Especially on the web. The fact that our applications partially run in a remote location (the browser) on someone else's machine leaves little...