Book Image

Learning Spring Boot 3.0 - Third Edition

By : Greg L. Turnquist
Book Image

Learning Spring Boot 3.0 - Third Edition

By: Greg L. Turnquist

Overview of this book

Spring Boot 3 brings more than just the powerful ability to build secure web apps on top of a rock-solid database. It delivers new options for testing, deployment, Docker support, and native images for GraalVM, along with ways to squeeze out more efficient usage of existing resources. This third edition of the bestseller starts off by helping you build a simple app, and then shows you how to secure, test, bundle, and deploy it to production. Next, you’ll familiarize yourself with the ability to go “native” and release using GraalVM. As you advance, you’ll explore reactive programming and get a taste of scalable web controllers and data operations. The book goes into detail about GraalVM native images and deployment, teaching you how to secure your application using both routes and method-based rules and enabling you to apply the lessons you’ve learned to any problem. If you want to gain a thorough understanding of building robust applications using the core functionality of Spring Boot, then this is the book for you. By the end of this Spring Boot book, you’ll be able to build an entire suite of web applications using Spring Boot and deploy them to any platform you need.
Table of Contents (17 chapters)
1
Part 1: The Basics of Spring Boot
3
Part 2: Creating an Application with Spring Boot
8
Part 3: Releasing an Application with Spring Boot
12
Part 4: Scaling an Application with Spring Boot

Securing web routes and HTTP verbs

Locking down an application and only allowing authorized users to access it is a big step forward. But, it’s seldom enough.

We must actually confine who can do what. So far, the process we’ve applied where people must prove their identity as part of a closed list of users is known as authentication.

But, the next piece of security that must be applied to any real application is what’s called authorization, that is, what a user is allowed to do.

Spring Security makes this super simple to apply. The first step in customizing our security policy is to add one more bean definition to our SecurityConfig class created earlier in this chapter under the Creating our own users with a custom security policy section.

Up to this point, Spring Boot has had an autoconfigured policy in place. In fact, it may be simpler to show what Spring Boot has inside its own SpringBootWebSecurityConfiguration:

@Bean
SecurityFilterChain defaultSecurityFilterChain...