Spring Security in Action shows you how to prevent cross-site scripting and request forgery attacks before they do damage. You’ll start with the basics, simulating password upgrades and adding multiple types of authorization. As your skills grow, you'll adapt Spring Security to new architectures and create advanced OAuth2 configurations. By the time you're done, you'll have a customized Spring Security configuration that protects against threats both common and extraordinary. Summary While creating secure applications is critically important, it can also be tedious and time-consuming to stitch together the required collection of tools. For Java developers, the powerful Spring Security framework makes it easy for you to bake security into your software from the very beginning. Filled with code samples and practical examples, Spring Security in Action teaches you how to secure your apps from the most common threats, ranging from injection attacks to lackluster monitoring. In it, you'll learn how to manage system users, configure secure endpoints, and use OAuth2 and OpenID Connect for authentication and authorization. Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications. About the technology Security is non-negotiable. You rely on Spring applications to transmit data, verify credentials, and prevent attacks. Adopting "secure by design" principles will protect your network from data theft and unauthorized intrusions. About the book Spring Security in Action shows you how to prevent cross-site scripting and request forgery attacks before they do damage. You’ll start with the basics, simulating password upgrades and adding multiple types of authorization. As your skills grow, you'll adapt Spring Security to new architectures and create advanced OAuth2 configurations. By the time you're done, you'll have a customized Spring Security configuration that protects against threats both common and extraordinary. What's inside Encoding passwords and authenticating users Securing endpoints Automating security testing Setting up a standalone authorization server About the reader For experienced Java and Spring developers. About the author Laurentiu Spilca is a dedicated development lead and trainer at Endava, with over ten years of Java experience. Table of Contents PART 1 - FIRST STEPS 1 Security Today 2 Hello Spring Security PART 2 - IMPLEMENTATION 3 Managing users 4 Dealing with passwords 5 Implementing authentication 6 Hands-on: A small secured web application 7 Configuring authorization: Restricting access 8 Configuring authorization: Applying restrictions 9 Implementing filters 10 Applying CSRF protection and CORS 11 Hands-on: A separation of responsibilities 12 How does OAuth 2 work? 13 OAuth 2: Implementing the authorization server 14 OAuth 2: Implementing the resource server 15 OAuth 2: Using JWT and cryptographic signatures 16 Global method security: Pre- and postauthorizations 17 Global method security: Pre- and postfiltering 18 Hands-on: An OAuth 2 application 19 Spring Security for reactive apps 20 Spring Security testing

Security is a key element in the development of any non-trivial application. The Spring Security Framework provides a comprehensive set of functionalities to implement industry-standard authentication and authorization mechanisms for Java applications. Pro Spring Security will be a reference and advanced tutorial that will do the following: Guides you through the implementation of the security features for a Java web application by presenting consistent examples built from the ground-up. Demonstrates the different authentication and authorization methods to secure enterprise-level applications by using the Spring Security Framework. Provides you with a broader look into Spring security by including up-to-date use cases such as building a security layer for RESTful web services and Grails applications.

Build and deploy secure Spring Framework and Spring Boot-based enterprise Java applications with the Spring Security Framework. This book explores a comprehensive set of functionalities to implement industry-standard authentication and authorization mechanisms for Java applications. Pro Spring Security, Second Edition has been updated to incorporate the changes in Spring Framework 5 and Spring Boot 2. It is an advanced tutorial and reference that guides you through the implementation of the security features for a Java web application by presenting consistent examples built from the ground up. This book also provides you with a broader look into Spring security by including up-to-date use cases such as building a security layer for RESTful web services and Grails applications. What You Will LearnExplore the scope of security and how to use the Spring Security FrameworkMaster Spring security architecture and design Secure the web tier in Spring Work with alternative authentication providersTake advantage of business objects and logic securityExtend Spring security with other frameworks and languagesSecure the service layer Who This Book Is ForExperienced Spring and Java developers with prior experience in building Spring Framework or Boot-based applications.

Secure your Java applications by integrating the Spring Security framework in your code Key Features Provide authentication, authorization and other security features for Java applications. Learn how to secure microservices, cloud, and serverless applications easily Understand the code behind the implementation of various security features Book Description Security is one of the most vital concerns for any organization. The complexity of an application is compounded when you need to integrate security with existing code, new technology, and other frameworks. This book will show you how to effectively write Java code that is robust and easy to maintain. Hands-On Spring Security 5 for Reactive Applications starts with the essential concepts of reactive programming, Spring Framework, and Spring Security. You will then learn about a variety of authentication mechanisms and how to integrate them easily with the Spring MVC application. You will also understand how to achieve authorization in a Spring WebFlux application using Spring Security.You will be able to explore the security confgurations required to achieve OAuth2 for securing REST APIs and integrate security in microservices and serverless applications. This book will guide you in integrating add-ons that will add value to any Spring Security module. By the end of the book, you will be proficient at integrating Spring Security in your Java applications What you will learn Understand how Spring Framework and Reactive application programming are connected Implement easy security confgurations with Spring Security expressions Discover the relationship between OAuth2 and OpenID Connect Secure microservices and serverless applications with Spring Integrate add-ons, such as HDIV, Crypto Module, and CORS support Apply Spring Security 5 features to enhance your Java reactive applications Who this book is for If you are a Java developer who wants to improve application security, then this book is for you. A basic understanding of Spring, Spring Security framework, and reactive applications is required to make the most of the book.

Learn how to secure your Java applications from hackers using Spring Security 4.2 Key Features Architect solutions that leverage the power of Spring Security while being loosely coupled Implement existing user stores, user sign up, authentication, and supporting AJAX requests Integrate with popular Cloud services such as Zookeeper, Eureka, and Consul, along with advanced techniques, including OAuth, JSON Web Token's (JWS), Hashing, and encryption algorithms Book DescriptionKnowing that experienced hackers are itching to test your skills makes security one of the most difficult and high-pressured concerns of creating an application. The complexity of properly securing an application is compounded when you must also integrate this factor with existing code, new technologies, and other frameworks. Use this book to easily secure your Java application with the tried and trusted Spring Security framework, a powerful and highly customizable authentication and access-control framework. The book starts by integrating a variety of authentication mechanisms. It then demonstrates how to properly restrict access to your application. It also covers tips on integrating with some of the more popular web frameworks. An example of how Spring Security defends against session fixation, moves into concurrency control, and how you can utilize session management for administrative functions is also included. It concludes with advanced security scenarios for RESTful webservices and microservices, detailing the issues surrounding stateless authentication, and demonstrates a concise, step-by-step approach to solving those issues. And, by the end of the book, readers can rest assured that integrating version 4.2 of Spring Security will be a seamless endeavor from start to finish.What you will learn Understand common security vulnerabilities and how to resolve them Perform initial penetration testing to uncover common security vulnerabilities Utilize existing corporate infrastructure such as LDAP, Active Directory, Kerberos, OpenID, and OAuth Integrate with popular frameworks such as Spring, Spring-Boot, Spring-Data, jQuery, and AngularJS Deep understanding of the security challenges with RESTful webservices and microservice architectures Integrate Spring with other security infrastructure components like LDAP, Apache Directory server and SAML Who this book is for This book is intended for Java Web and/or RESTful webservice developers and assumes a basic understanding of creating Java 8, Java Web and/or RESTful webservice applications, XML, and the Spring Framework. You are not expected to have any previous experience with Spring Security.

The book starts by teaching the basic fundamentals of Spring Security 3 such as setup and configuration. Later it looks at more advanced topics showing the reader how to solve complex real world security issues. This book is for Java developers who build web projects and applications. The book assumes basic familiarity with Java, XML and the Spring Framework. Newcomers to Spring Security will still be able to utilize all aspects of this book.

"Spring Start Here teaches Java developers how to build applications using Spring framework. Informative graphics, relevant examples, and author Laurenţiu Spilcă's clear and lively writing make it easy to pick up the skills you need. You'll discover how to plan, write, and test applications. And by concentrating on the most important features, this no-nonsense book gives you a firm foundation for exploring Spring's rich ecosystem"--Back cover.

Leverage the power of Spring Security 6 to protect your modern Java applications from hackers Key Features Architect solutions that leverage Spring Security while remaining loosely coupled Implement authentication and authorization with SAML2, OAuth 2, hashing, and encryption algorithms Integrate Spring Security with technologies such as microservices, Kubernetes, the cloud, and GraalVM native images Purchase of the print or Kindle book includes a free PDF eBook Book DescriptionWith experienced hackers constantly targeting apps, properly securing them becomes challenging when you integrate this factor with legacy code, new technologies, and other frameworks. Written by a Lead Cloud and Security Architect as well as CISSP, this book helps you easily secure your Java apps with Spring Security, a trusted and highly customizable authentication and access control framework. The book shows you how to implement different authentication mechanisms and properly restrict access to your app. You’ll learn to integrate Spring Security with popular web frameworks like Thymeleaf and Microservice and Cloud services like Zookeeper and Eureka, along with architecting solutions that leverage its full power while staying loosely coupled. You’ll also see how Spring Security defends against session fixation, moves into concurrency control, and how you can use session management for administrative functions. This fourth edition aligns with Java 17/21 and Spring Security 6, covering advanced security scenarios for RESTful web services and microservices. This ensures you fully understand the issues surrounding stateless authentication and discover a concise approach to solving those issues. By the end of this book, you’ll be able to integrate Spring Security 6 with GraalVM native images seamlessly, from start to finish.What you will learn Understand common security vulnerabilities and how to resolve them Implement authentication and authorization and learn how to map users to roles Integrate Spring Security with LDAP, Kerberos, SAML 2, OpenID, and OAuth Get to grips with the security challenges of RESTful web services and microservices Configure Spring Security to use Spring Data for authentication Integrate Spring Security with Spring Boot, Spring Data, and web applications Protect against common vulnerabilities like XSS, CSRF, and Clickjacking Who this book is for If you’re a Java web developer or an architect with fundamental knowledge of Java 17/21, web services, and the Spring Framework, this book is for you. No previous experience with Spring Security is needed to get started with this book.

Spring Boot 2.3 is the hottest ticket in town... ...when it comes to Java development. Learn the latest features that can scale your apps including: * Web and Data access * Developer tools and test support * Operational features * Docker container baking * Bottleneck discovery with BlockHound * Messaging * Security * More! Written cover-to-cover using Project Reactor, your apps will scale like never before. Grab your copy today and learn to build top-notch, scalable solutions with modern tactics. Greg L. Turnquist works on the Spring team as a principal developer at VMware. He is a committer to Spring HATEOAS, Spring Data, Spring Boot, R2DBC, and Spring Session for MongoDB. He also wrote Packt's best-selling title, Learning Spring Boot 2.0 2nd Edition. He co-founded the Nashville Java User Group in 2010 and hasn't met a Java app (yet) that he doesn't like. Follow him on Twitter @gregturn and subscribe for all his Spring Boot videos at YouTube.com/GregTurnquist.

Efficiently integrate OAuth 2.0 to protect your mobile, desktop, Cloud applications and APIs using Spring Security technologies. About This Book Interact with public OAuth 2.0 protected APIs such as Facebook, LinkedIn and Google. Use Spring Security and Spring Security OAuth2 to implement your own OAuth 2.0 provider Learn how to implement OAuth 2.0 native mobile clients for Android applications Who This Book Is For This book targets software engineers and security experts who are looking to develop their skills in API security and OAuth 2.0. Prior programming knowledge and a basic understanding of developing web applications are necessary. As this book's recipes mostly use Spring Security and Spring Security OAuth2, some prior experience with Spring Framework will be helpful. What You Will Learn Use Redis and relational databases to store issued access tokens and refresh tokens Access resources protected by the OAuth2 Provider using Spring Security Implement a web application that dynamically registers itself to the Authorization Server Improve the safety of your mobile client using dynamic client registration Protect your Android client with Proof Key for Code Exchange Protect the Authorization Server from COMPUTERS / Cloud Computing redirection In Detail OAuth 2.0 is a standard protocol for authorization and focuses on client development simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and so on. This book also provides useful recipes for solving real-life problems using Spring Security and creating Android applications. The book starts by presenting you how to interact with some public OAuth 2.0 protected APIs such as Facebook, LinkedIn and Google. You will also be able to implement your own OAuth 2.0 provider with Spring Security OAuth2. Next, the book will cover practical scenarios regarding some important OAuth 2.0 profiles such as Dynamic Client Registration, Token Introspection and how to revoke issued access tokens. You will then be introduced to the usage of JWT, OpenID Connect, and how to safely implement native mobile OAuth 2.0 Clients. By the end of this book, you will be able to ensure that both the server and client are protected against common vulnerabilities. Style and approach With the help of real-world examples, this book provides step by step recipes for troubleshooting and extending your API security. The book also helps you with accessing and securing data on mobile, desktop, and cloud apps with OAuth 2.0.