Book Image

Learning Spring Boot 2.0 - Second Edition

By : Greg L. Turnquist, Greg L. Turnquist
Book Image

Learning Spring Boot 2.0 - Second Edition

By: Greg L. Turnquist, Greg L. Turnquist

Overview of this book

Spring Boot provides a variety of features that address today's business needs along with today's scalable requirements. In this book, you will learn how to leverage powerful databases and Spring Boot's state-of-the-art WebFlux framework. This practical guide will help you get up and running with all the latest features of Spring Boot, especially the new Reactor-based toolkit. The book starts off by helping you build a simple app, then shows you how to bundle and deploy it to the cloud. From here, we take you through reactive programming, showing you how to interact with controllers and templates and handle data access. Once you're done, you can start writing unit tests, slice tests, embedded container tests, and even autoconfiguration tests. We go into detail about developer tools, AMQP messaging, WebSockets, security, and deployment. You will learn how to secure your application using both routes and method-based rules. By the end of the book, you'll have built a social media platform from which to apply the lessons you have learned to any problem. If you want a good understanding of building scalable applications using the core functionality of Spring Boot, this is the book for you.
Table of Contents (11 chapters)

Securing the images microservice

Having secured the frontend and also embedded a session ID in every gateway call to the backend, we can shift our focus to securing those backend services.

Let's start with the images service. First of all, we need to configure session management by creating SessionConfig as follows:

    public class SessionConfig { 

This preceding code can be described as follows:

  • @EnableMongoWebSession activates the Reactor-based Spring Session MongoDB

Next, we can lock things down by creating a SecurityConfiguration class like this:

    public class SecurityConfiguration { 
      SecurityWebFilterChain springWebFilterChain() { 
        return HttpSecurity.http() 
                new WebSessionSecurityContextRepository...