Welcome to Manning India!

We are pleased to be able to offer regional eBook pricing for Indian residents.
All eBook prices are discounted 40% or more!
Spring Security in Action
Laurentiu Spilca
  • MEAP began December 2019
  • Publication in Fall 2020 (estimated)
  • ISBN 9781617297731
  • 450 pages (estimated)
  • printed in black & white

If you want to get a thorough understanding of software security, and how it can be applied in a Spring application, this book is for you!

Matt Greene
While creating secure applications is critically important, it can also be tedious and time-consuming to stitch together the required collection of tools. For Java developers, the powerful Spring Security framework makes it easy for you to bake security into your software from the very beginning. Filled with code samples and practical examples, Spring Security in Action teaches you how to secure your apps from the most common threats, ranging from injection attacks to lackluster monitoring. In it, you’ll learn how to manage system users, configure secure endpoints, and use OAuth2 and OpenID Connect for authentication and authorization.
Table of Contents detailed table of contents

Part 1 First Steps

1 Security Today

1.1 What is Spring Security and what can you solve with it?

1.1.1 How does Spring Security fit in a Spring ecosystem?

1.1.2 The path to learning Spring Security

1.2 What is software security?

1.3 Why is security important?

1.4 Common security vulnerabilities in web applications

1.4.1 Vulnerabilities in authentication and authorization

1.4.2 What is session fixation?

1.4.3 What is cross-site scripting (XSS)?

1.4.4 What is cross-site request forgery (CSRF)?

1.4.5 Understanding injection vulnerabilities in web applications

1.4.6 Dealing with the exposure of sensitive data

1.4.7 What is the lack of method access control?

1.4.8 Using dependencies with known vulnerabilities

1.5 Security applied in various architectures

1.5.1 Designing a one-piece web application

1.5.2 Designing security for a backend/frontend separation

1.5.3 Understanding the OAuth2 flow

1.5.4 Using third-party authorization servers with OpenID Connect

1.5.5 Using static keys, cryptographic signatures, and IP whitelisting to secure requests

1.6 What will you learn in this book?

1.7 Summary

2 Hello Spring Security

2.1 Starting with the first project

2.2 Which are the default configurations?

2.3 Overriding the default configurations

2.3.1 Overriding the UserDetailsService component

2.3.2 Overriding the endpoint authorization configuration

2.3.3 Setting the configuration in different ways

2.3.4 Overriding the AuthenticationProvider implementation

2.3.5 Using multiple configuration classes in your project

2.4 Summary

Part 2: Implementation

3 Managing users and passwords

3.1 Working with the authentication in Spring Security architecture

3.2 Describing the user

3.2.1 Demystifying the definition of the UserDetails contract

3.2.2 Detailing on the GrantedAuthority contract

3.2.3 Writing the minimal implementation of the UserDetails

3.2.4 Using a builder to create instances of the UserDetails type

3.3 Instructing Spring Security on how to manage the users

3.3.1 Understanding the UserDetailsService contract

3.3.2 Implementing the UserDetailsService contract

3.3.3 Implementing the UserDetailsManager contract

3.4 Understanding the PasswordEncoder contract

3.4.1 The definition of the PasswordEncoder contract

3.4.2 Implementing the PasswordEncoder contract

3.4.3 How to choose from the provided implementations for PasswordEncoder

3.4.4 Having multiple encoding strategies with DelegatingPasswordEncoder

3.5 More about the Spring Security Crypto Module

3.5.1 Using key generators

3.5.2 Using encryptors for encryption and decryption operations

3.6 Summary

4 Implementing authentication

4.1 Understanding the AuthenticationProvider

4.2 Using the SecurityContext

4.2.1 Using the MODE_THREADLOCAL holding strategy for the security context

4.2.2 Using the MODE_INHERITABLETHREADLOCAL holding strategy for asynchronous calls

4.2.3 Using the MODE_GLOBAL holding strategy for standalone applications

4.2.4 Forwarding the security context with a DelegatingSecurityContextRunnable

4.2.5 Forwarding the security context with a DelegatingSecurityContextExecutorService

4.3 Understanding HTTP Basic and Form Login authentication methods

4.3.1 Using and configuring HTTP Basic

4.3.2 Implementing the authentication with the Form Login method

4.4 Hands-On - The smallest secured web application

4.4.1 Writing the setup and configuration of the project

4.4.2 Implementing user management

4.4.3 Implementing the custom authentication logic

4.4.4 Implementing the main page

4.4.5 Running and testing the application

4.5 Summary

5 Hands-On: A small secured web application

6 Configuring authorization

7 Implementing filters

8 Hands-On: Implementing authorization

9 OAuth2 - How does it work?

10 OAuth2 - Splitting the responsibilities

11 Hands-On: Implementing OAuth2

12 Global Method Security

13 Integration with Spring Data

14 Spring Security for reactive applications

15 Spring Security Testing

Part 3: Beyond Spring Security in applications

16 Spring Security and orchestration in containers


Appendix A: A Creating the Spring Boot project

A.1 Creating a project from start.spring.io

A.2 Creating a project with the Spring Tool Suite (STS)

About the Technology

Your applications, along with the data they manage, are one of your organization’s most valuable assets. No company wants their applications easily cracked by malicious attackers or left vulnerable by avoidable errors.The specialized Spring Security framework reduces the time and manpower required to create reliable authorization, authentication, and other security features for your Java enterprise software. Thanks to Spring Security, you can easily bake security into your applications, from design right through to implementation.

About the book

Spring Security in Action shows you how to use Spring Security to create applications you can be confident will withstand even the most dedicated attacks. Starting with essential “secure by design” principles, you’ll learn common software vulnerabilities and how to avoid them right from the design stage. Through hands-on projects, including a web application and a microservices architecture, you’ll learn to manage system users, configure secure endpoints, and use, OAuth2 and OpenID Connect for authentication and authorization. As you go, you’ll learn how to adapt Spring Security to different architectures, such as configuring Spring Security for Reactive applications and container-based applications orchestrated with Kubernetes. When you’re done, you’ll have a complete understanding of how to use Spring Security to protect your Java enterprise applications from common threats and attacks.

What's inside

  • The principles of secure by design
  • The architecture of Spring Security
  • Spring Security contracts for password encoding, cryptography, and authentication
  • Applying Spring Security to different architecture styles

About the reader

For experienced Java developers, with knowledge of other Spring tools such as Spring Boot.

About the author

Laurentiu Spilca is a dedicated development lead and trainer at Endava, where he leads the development of a project in the financial market of European Nordic countries. He has over ten years experience as a Java developer and technology teacher.

Manning Early Access Program (MEAP) Read chapters as they are written, get the finished eBook as soon as it’s ready, and receive the pBook long before it's in bookstores.
MEAP combo $59.99 pBook + eBook + liveBook
MEAP eBook $47.99 pdf + ePub + kindle + liveBook
Prices displayed in rupees will be charged in USD when you check out.

placing your order...

Don't refresh or navigate away from the page.

FREE domestic shipping on three or more pBooks