Welcome to Manning India!

We are pleased to be able to offer regional eBook pricing for Indian residents.
All eBook prices are discounted 40% or more!
Spring Security in Action
Laurentiu Spilca
  • MEAP began December 2019
  • Publication in Fall 2020 (estimated)
  • ISBN 9781617297731
  • 450 pages (estimated)
  • printed in black & white

If you want to get a thorough understanding of software security, and how it can be applied in a Spring application, this book is for you!

Matt Greene
While creating secure applications is critically important, it can also be tedious and time-consuming to stitch together the required collection of tools. For Java developers, the powerful Spring Security framework makes it easy for you to bake security into your software from the very beginning. Filled with code samples and practical examples, Spring Security in Action teaches you how to secure your apps from the most common threats, ranging from injection attacks to lackluster monitoring. In it, you’ll learn how to manage system users, configure secure endpoints, and use OAuth2 and OpenID Connect for authentication and authorization.
Table of Contents detailed table of contents


1 Security Today

1.1 What is Spring Security and what can you solve with it?

1.1.1 How does Spring Security fit in a Spring ecosystem?

1.1.2 The path to learning Spring Security

1.2 What is software security?

1.3 Why is security important?

1.4 Common security vulnerabilities in web applications

1.4.1 Vulnerabilities in authentication and authorization

1.4.2 What is session fixation?

1.4.3 What is cross-site scripting (XSS)?

1.4.4 What is cross-site request forgery (CSRF)?

1.4.5 Understanding injection vulnerabilities in web applications

1.4.6 Dealing with the exposure of sensitive data

1.4.7 What is the lack of method access control?

1.4.8 Using dependencies with known vulnerabilities

1.5 Security applied in various architectures

1.5.1 Designing a one-piece web application

1.5.2 Designing security for a backend/frontend separation

1.5.3 Understanding the OAuth2 flow

1.5.4 Using third-party authorization servers with OpenID Connect

1.5.5 Using static keys, cryptographic signatures, and IP whitelisting to secure requests

1.6 What will you learn in this book?

1.7 Summary

2 Hello Spring Security

2.1 Starting with the first project

2.2 Which are the default configurations?

2.3 Overriding the default configurations

2.3.1 Overriding the UserDetailsService component

2.3.2 Overriding the endpoint authorization configuration

2.3.3 Setting the configuration in different ways

2.3.4 Overriding the AuthenticationProvider implementation

2.3.5 Using multiple configuration classes in your project

2.4 Summary


3 Managing users and passwords

4 Implementing authentication

5 Configuring authorization on endpoints

6 OAuth2 - How does it work?

7 OAuth2 - Splitting the responsibilities

8 Global Method Security

9 Integration with Spring Data

10 Spring Security for reactive applications

11 Spring Security Testing


12 Spring Security and orchestration in containers


Appendix A: A How to create a Spring Boot project

A.1 Creating a project from start.spring.io

A.2 Creating a project with the Spring Tool suite

About the Technology

Your applications, along with the data they manage, are one of your organization’s most valuable assets. No company wants their applications easily cracked by malicious attackers or left vulnerable by avoidable errors.The specialized Spring Security framework reduces the time and manpower required to create reliable authorization, authentication, and other security features for your Java enterprise software. Thanks to Spring Security, you can easily bake security into your applications, from design right through to implementation.

About the book

Spring Security in Action shows you how to use Spring Security to create applications you can be confident will withstand even the most dedicated attacks. Starting with essential “secure by design” principles, you’ll learn common software vulnerabilities and how to avoid them right from the design stage. Through hands-on projects, including a web application and a microservices architecture, you’ll learn to manage system users, configure secure endpoints, and use, OAuth2 and OpenID Connect for authentication and authorization. As you go, you’ll learn how to adapt Spring Security to different architectures, such as configuring Spring Security for Reactive applications and container-based applications orchestrated with Kubernetes. When you’re done, you’ll have a complete understanding of how to use Spring Security to protect your Java enterprise applications from common threats and attacks.

What's inside

  • The principles of secure by design
  • The architecture of Spring Security
  • Spring Security contracts for password encoding, cryptography, and authentication
  • Applying Spring Security to different architecture styles

About the reader

For experienced Java developers, with knowledge of other Spring tools such as Spring Boot.

About the author

Laurentiu Spilca is a dedicated development lead and trainer at Endava, where he leads the development of a project in the financial market of European Nordic countries. He has over ten years experience as a Java developer and technology teacher.

Manning Early Access Program (MEAP) Read chapters as they are written, get the finished eBook as soon as it’s ready, and receive the pBook long before it's in bookstores.
MEAP combo $59.99 pBook + eBook + liveBook
MEAP eBook $47.99 pdf + ePub + kindle + liveBook
Prices displayed in rupees will be charged in USD when you check out.

placing your order...

Don't refresh or navigate away from the page.

FREE domestic shipping on three or more pBooks