Home > Categories > Programming > Spring Security in Action, Second Edition
Spring Security in Action, Second Edition
📥 Download PDF

Spring Security in Action, Second Edition

by Laurențiu Spilcă

Programming

Book Details

Book Title

Spring Security in Action, Second Edition

Author

Laurențiu Spilcă

Publisher

.Manning Publications Co

Publication Date

2024

ISBN

9781633437975

Number of Pages

708

Language

English

Format

PDF

File Size

5.11MB

Subject

Computers > Programming Languages

Table of Contents

  • Praise for the first edition
  • Spring Security in Action
  • Copyright
  • Contents
  • Front Matter
  • Part 1. Say hello to Spring Security
  • Chapter 1: Security today
  • 1.1 Discovering Spring Security
  • 1.2 What is software security?
  • 1.3 Why is security important?
  • 1.4 What will you learn in this book?
  • Summary
  • Chapter 2: Hello, Spring Security
  • 2.1 Starting your first project
  • 2.2 The big picture of Spring Security class design
  • 2.3 Overriding default configurations
  • Summary
  • Part 2. Configuring authentication
  • Chapter 3: Managing users
  • 3.1 Implementing authentication in Spring Security
  • 3.2 Describing the user
  • 3.3 Instructing Spring Security on how to manage users
  • Summary
  • Chapter 4: Managing passwords
  • 4.1 Using password encoders
  • 4.2 Taking advantage of the Spring Security Crypto module
  • Summary
  • Chapter 5: A web app’s security begins with filters
  • 5.1 Implementing filters in the Spring Security architecture
  • 5.2 Adding a filter before an existing one in the chain
  • 5.3 Adding a filter after an existing one in the chain
  • 5.4 Adding a filter at the location of another in the chain
  • 5.5 Filter implementations provided by Spring Security
  • Summary
  • Chapter 6: Implementing authentications
  • 6.1 Understanding the AuthenticationProvider
  • 6.2 Using the SecurityContext
  • 6.3 Understanding HTTP Basic and form-based login authentications
  • Summary
  • Part 3. Configuring authorization
  • Chapter 7: Configuring endpoint-level authorization: Restricting access
  • 7.1 Restricting access based on authorities and roles
  • Summary
  • Chapter 8: Configuring endpoint-level authorization: Applying restrictions
  • 8.1 Using the requestMatchers() method to select endpoints
  • 8.2 Selecting requests to apply authorization restrictions
  • 8.3 Using regular expressions with request matchers
  • Summary
  • Chapter 9: Configuring CSRF protection
  • 9.1 How CSRF protection works in Spring Security
  • 9.2 Using CSRF protection in practical scenarios
  • 9.3 Customizing CSRF protection
  • Summary
  • Chapter 10: Configuring CORS
  • 10.1 How does CORS work?
  • 10.2 Applying CORS policies with the @CrossOrigin annotation
  • 10.3 Applying CORS using a CorsConfigurer
  • Summary
  • Chapter 11: Implementing authorization at the method level
  • 11.1 Enabling method security
  • 11.2 Applying preauthorization rules
  • 11.3 Applying postauthorization rules
  • 11.4 Implementing permissions for methods
  • Summary
  • Chapter 12: Implementing filtering at the method level
  • 12.1 Applying prefiltering for method authorization
  • 12.2 Applying postfiltering for method authorization
  • 12.3 Using filtering in Spring Data repositories
  • Summary
  • Part 4. Implementing OAuth 2 and OpenID Connect
  • Chapter 13: What are OAuth 2 and OpenID Connect?
  • 13.1 The big picture of OAuth 2 and OpenID Connect
  • 13.2 Using various token implementations
  • 13.3 Obtaining tokens through various grant types
  • 13.4 What OpenID Connect brings to OAuth 2
  • 13.5 The sins of OAuth 2
  • Summary
  • Chapter 14: Implementing an OAuth 2 authorization server
  • 14.1 Implementing basic authentication using JSON web tokens
  • 14.2 Running the authorization code grant type
  • 14.3 Running the client credentials grant type
  • 14.4 Using opaque tokens and introspection
  • 14.5 Revoking tokens
  • Summary
  • Chapter 15: Implementing an OAuth 2 resource server
  • 15.1 Configuring JWT validation
  • 15.2 Using customized JWTs
  • 15.3 Configuring token validation through introspection
  • 15.4 Implementing multitenant systems
  • Summary
  • Chapter 16: Implementing an OAuth 2 client
  • 16.1 Implementing OAuth 2 login
  • 16.2 Implementing an OAuth 2 client
  • Summary
  • Part 5. Going reactive
  • Chapter 17: Implementing security in reactive applications
  • 17.1 What are reactive apps?
  • 17.2 User management in reactive apps
  • 17.3 Configuring authorization rules in reactive apps
  • 17.4 Creating a reactive OAuth 2 resource server
  • Summary
  • Part 6. Testing security configurations
  • Chapter 18: Testing security configurations
  • 18.1 Using mock users for tests
  • 18.2 Testing with users from a UserDetailsService
  • 18.3 Using custom Authentication objects for testing
  • 18.4 Testing method security
  • 18.5 Testing authentication
  • 18.6 Testing CSRF configurations
  • 18.7 Testing CORS configurations
  • 18.8 Testing reactive Spring Security implementations
  • Summary
  • Appendix A: Links to official documentation
  • Appendix B: Further reading
  • Index