Spring Security in Action, Second Edition, Video Edition

Video description

In Video Editions the narrator reads the book while the content, figures, code listings, diagrams, and text appear on the screen. Like an audiobook that you can also watch as a video.

Don't let security be an afterthought. Spring Security in Action, Second Edition is your vital companion to robust, secure applications that are protected right from the first line of code.

Spring Security in Action, Second Edition is a revised version of the bestselling original, fully updated for Spring Boot 3 and Oauth2/OpenID Connect.

In Spring Security in Action, Second Edition you will learn essential security skills including how to:

  • Implement and customize authentication and authorization
  • Set up all components of an OAuth2/OpenID Connect system
  • Utilize CRSF and CORS configurations
  • Secure Spring reactive applications
  • Write tests for security configurations

Whether you’re a beginner or a pro, Spring Security in Action, Second Edition teaches you how to secure your Java applications from the ground up. Author Laurențiu Spilcă distills his years of experience as a skilled Java and Spring developer into an indispensable guide to everything security—from authentication and authorization, to testing security configurations. This new edition covers the latest patterns for application-level security in Spring apps, demonstrating how Spring Security simplifies every step of the security process.

About the Technology
Spring Security makes it much, much easier to secure enterprise-scale Java applications. This powerful framework integrates with Spring apps end to end, with “secure by design” principles and ready-to-use features that help you implement robust authorization and authentication and protect against data theft and intrusions. And like everything else in the Spring ecosystem, it’s free, open source, and backed by the awesome team at VMWare.

About the Book
Spring Security in Action, Second Edition updates this bestselling guide to Spring Security to include deep coverage of OAuth2/OpenID Connect and security configuration using the new SecurityFilterChain. The crystal clear explanations and relevant examples, teach you how to build your own authorization server, configure secure endpoints, and prevent cross-site scripting and request forgery attacks.

What's Inside
  • Custom authentication and authorization
  • CRSF and CORS configurations
  • Secure Spring reactive applications
  • Write tests for security configurations


About the Reader
For experienced Java and Spring developers.

About the Author
Laurențiu Spilcă is a skilled Java and Spring developer and an experienced technology instructor. He is also the author of Manning’s Spring Start Here and Troubleshooting Java.

Quotes
This go-to guide demystifies security and provides actionable code using the industry-leading Spring Security framework.
- Josh Long, Spring Developer Advocate

Easy to grasp theory backed up by usable code.
- Ana-Maria Mihalceanu, Developer Advocate

A welcome follow-on to the excellent first edition, incorporating numerous updates to Spring Security. Check out this book!
- Mark Heckler, Author of Spring Boot: Up & Running!

Laurențiu makes the complex simple—perfect for a book about security. A must-read!
- Thomas Vitale, Author of Cloud Native Spring in Action

Table of contents

  1. Part 1. Say hello to Spring Security
  2. Chapter 1. Security today
  3. Chapter 1. What is software security?
  4. Chapter 1. Why is security important?
  5. Chapter 1. What will you learn in this book?
  6. Chapter 1. Summary
  7. Chapter 2. Hello, Spring Security
  8. Chapter 2. The big picture of Spring Security class design
  9. Chapter 2. Overriding default configurations
  10. Chapter 2. Summary
  11. Part 2. Configuring authentication
  12. Chapter 3. Managing users
  13. Chapter 3. Describing the user
  14. Chapter 3. Instructing Spring Security on how to manage users
  15. Chapter 3. Summary
  16. Chapter 4. Managing passwords
  17. Chapter 4. Taking advantage of the Spring Security Crypto module
  18. Chapter 4. Summary
  19. Chapter 5. A web app’s security begins with filters
  20. Chapter 5. Adding a filter before an existing one in the chain
  21. Chapter 5. Adding a filter after an existing one in the chain
  22. Chapter 5. Adding a filter at the location of another in the chain
  23. Chapter 5. Filter implementations provided by Spring Security
  24. Chapter 5. Summary
  25. Chapter 6. Implementing authentications
  26. Chapter 6. Using the SecurityContext
  27. Chapter 6. Understanding HTTP Basic and form-based login authentications
  28. Chapter 6. Summary
  29. Part 3. Configuring authorization
  30. Chapter 7. Configuring endpoint-level authorization: Restricting access
  31. Chapter 7. Summary
  32. Chapter 8. Configuring endpoint-level authorization: Applying restrictions
  33. Chapter 8. Selecting requests to apply authorization restrictions
  34. Chapter 8. Using regular expressions with request matchers
  35. Chapter 8. Summary
  36. Chapter 9. Configuring CSRF protection
  37. Chapter 9. Using CSRF protection in practical scenarios
  38. Chapter 9. Customizing CSRF protection
  39. Chapter 9. Summary
  40. Chapter 10. Configuring CORS
  41. Chapter 10. Applying CORS policies with the @CrossOrigin annotation
  42. Chapter 10. Applying CORS using a CorsConfigurer
  43. Chapter 10. Summary
  44. Chapter 11. Implementing authorization at the method level
  45. Chapter 11. Applying preauthorization rules
  46. Chapter 11. Applying postauthorization rules
  47. Chapter 11. Implementing permissions for methods
  48. Chapter 11. Summary
  49. Chapter 12. Implementing filtering at the method level
  50. Chapter 12. Applying postfiltering for method authorization
  51. Chapter 12. Using filtering in Spring Data repositories
  52. Chapter 12. Summary
  53. Part 4. Implementing OAuth 2 and OpenID Connect
  54. Chapter 13. What are OAuth 2 and OpenID Connect?
  55. Chapter 13. Using various token implementations
  56. Chapter 13. Obtaining tokens through various grant types
  57. Chapter 13. What OpenID Connect brings to OAuth 2
  58. Chapter 13. The sins of OAuth 2
  59. Chapter 13. Summary
  60. Chapter 14. Implementing an OAuth 2 authorization server
  61. Chapter 14. Running the authorization code grant type
  62. Chapter 14. Running the client credentials grant type
  63. Chapter 14. Using opaque tokens and introspection
  64. Chapter 14. Revoking tokens
  65. Chapter 14. Summary
  66. Chapter 15. Implementing an OAuth 2 resource server
  67. Chapter 15. Using customized JWTs
  68. Chapter 15. Configuring token validation through introspection
  69. Chapter 15. Implementing multitenant systems
  70. Chapter 15. Summary
  71. Chapter 16. Implementing an OAuth 2 client
  72. Chapter 16. Implementing an OAuth 2 client
  73. Chapter 16. Summary
  74. Part 5. Going reactive
  75. Chapter 17. Implementing security in reactive applications
  76. Chapter 17. User management in reactive apps
  77. Chapter 17. Configuring authorization rules in reactive apps
  78. Chapter 17. Creating a reactive OAuth 2 resource server
  79. Chapter 17. Summary
  80. Part 6. Testing security configurations
  81. Chapter 18. Testing security configurations
  82. Chapter 18. Testing with users from a UserDetailsService
  83. Chapter 18. Using custom Authentication objects for testing
  84. Chapter 18. Testing method security
  85. Chapter 18. Testing authentication
  86. Chapter 18. Testing CSRF configurations
  87. Chapter 18. Testing CORS configurations
  88. Chapter 18. Testing reactive Spring Security implementations
  89. Chapter 18. Summary

Product information

  • Title: Spring Security in Action, Second Edition, Video Edition
  • Author(s): Laurentiu Spilca
  • Release date: June 2024
  • Publisher(s): Manning Publications
  • ISBN: None