Video description
In Video Editions the narrator reads the book while the content, figures, code listings, diagrams, and text appear on the screen. Like an audiobook that you can also watch as a video.
Don't let security be an afterthought. Spring Security in Action, Second Edition is your vital companion to robust, secure applications that are protected right from the first line of code.
Spring Security in Action, Second Edition is a revised version of the bestselling original, fully updated for Spring Boot 3 and Oauth2/OpenID Connect.
In Spring Security in Action, Second Edition you will learn essential security skills including how to:
- Implement and customize authentication and authorization
- Set up all components of an OAuth2/OpenID Connect system
- Utilize CRSF and CORS configurations
- Secure Spring reactive applications
- Write tests for security configurations
Whether you’re a beginner or a pro, Spring Security in Action, Second Edition teaches you how to secure your Java applications from the ground up. Author Laurențiu Spilcă distills his years of experience as a skilled Java and Spring developer into an indispensable guide to everything security—from authentication and authorization, to testing security configurations. This new edition covers the latest patterns for application-level security in Spring apps, demonstrating how Spring Security simplifies every step of the security process.
About the Technology
Spring Security makes it much, much easier to secure enterprise-scale Java applications. This powerful framework integrates with Spring apps end to end, with “secure by design” principles and ready-to-use features that help you implement robust authorization and authentication and protect against data theft and intrusions. And like everything else in the Spring ecosystem, it’s free, open source, and backed by the awesome team at VMWare.
About the Book
Spring Security in Action, Second Edition updates this bestselling guide to Spring Security to include deep coverage of OAuth2/OpenID Connect and security configuration using the new SecurityFilterChain. The crystal clear explanations and relevant examples, teach you how to build your own authorization server, configure secure endpoints, and prevent cross-site scripting and request forgery attacks.
What's Inside
- Custom authentication and authorization
- CRSF and CORS configurations
- Secure Spring reactive applications
- Write tests for security configurations
About the Reader
For experienced Java and Spring developers.
About the Author
Laurențiu Spilcă is a skilled Java and Spring developer and an experienced technology instructor. He is also the author of Manning’s Spring Start Here and Troubleshooting Java.
Quotes
This go-to guide demystifies security and provides actionable code using the industry-leading Spring Security framework.
- Josh Long, Spring Developer Advocate
Easy to grasp theory backed up by usable code.
- Ana-Maria Mihalceanu, Developer Advocate
A welcome follow-on to the excellent first edition, incorporating numerous updates to Spring Security. Check out this book!
- Mark Heckler, Author of Spring Boot: Up & Running!
Laurențiu makes the complex simple—perfect for a book about security. A must-read!
- Thomas Vitale, Author of Cloud Native Spring in Action
Table of contents
- Part 1. Say hello to Spring Security
- Chapter 1. Security today
- Chapter 1. What is software security?
- Chapter 1. Why is security important?
- Chapter 1. What will you learn in this book?
- Chapter 1. Summary
- Chapter 2. Hello, Spring Security
- Chapter 2. The big picture of Spring Security class design
- Chapter 2. Overriding default configurations
- Chapter 2. Summary
- Part 2. Configuring authentication
- Chapter 3. Managing users
- Chapter 3. Describing the user
- Chapter 3. Instructing Spring Security on how to manage users
- Chapter 3. Summary
- Chapter 4. Managing passwords
- Chapter 4. Taking advantage of the Spring Security Crypto module
- Chapter 4. Summary
- Chapter 5. A web app’s security begins with filters
- Chapter 5. Adding a filter before an existing one in the chain
- Chapter 5. Adding a filter after an existing one in the chain
- Chapter 5. Adding a filter at the location of another in the chain
- Chapter 5. Filter implementations provided by Spring Security
- Chapter 5. Summary
- Chapter 6. Implementing authentications
- Chapter 6. Using the SecurityContext
- Chapter 6. Understanding HTTP Basic and form-based login authentications
- Chapter 6. Summary
- Part 3. Configuring authorization
- Chapter 7. Configuring endpoint-level authorization: Restricting access
- Chapter 7. Summary
- Chapter 8. Configuring endpoint-level authorization: Applying restrictions
- Chapter 8. Selecting requests to apply authorization restrictions
- Chapter 8. Using regular expressions with request matchers
- Chapter 8. Summary
- Chapter 9. Configuring CSRF protection
- Chapter 9. Using CSRF protection in practical scenarios
- Chapter 9. Customizing CSRF protection
- Chapter 9. Summary
- Chapter 10. Configuring CORS
- Chapter 10. Applying CORS policies with the @CrossOrigin annotation
- Chapter 10. Applying CORS using a CorsConfigurer
- Chapter 10. Summary
- Chapter 11. Implementing authorization at the method level
- Chapter 11. Applying preauthorization rules
- Chapter 11. Applying postauthorization rules
- Chapter 11. Implementing permissions for methods
- Chapter 11. Summary
- Chapter 12. Implementing filtering at the method level
- Chapter 12. Applying postfiltering for method authorization
- Chapter 12. Using filtering in Spring Data repositories
- Chapter 12. Summary
- Part 4. Implementing OAuth 2 and OpenID Connect
- Chapter 13. What are OAuth 2 and OpenID Connect?
- Chapter 13. Using various token implementations
- Chapter 13. Obtaining tokens through various grant types
- Chapter 13. What OpenID Connect brings to OAuth 2
- Chapter 13. The sins of OAuth 2
- Chapter 13. Summary
- Chapter 14. Implementing an OAuth 2 authorization server
- Chapter 14. Running the authorization code grant type
- Chapter 14. Running the client credentials grant type
- Chapter 14. Using opaque tokens and introspection
- Chapter 14. Revoking tokens
- Chapter 14. Summary
- Chapter 15. Implementing an OAuth 2 resource server
- Chapter 15. Using customized JWTs
- Chapter 15. Configuring token validation through introspection
- Chapter 15. Implementing multitenant systems
- Chapter 15. Summary
- Chapter 16. Implementing an OAuth 2 client
- Chapter 16. Implementing an OAuth 2 client
- Chapter 16. Summary
- Part 5. Going reactive
- Chapter 17. Implementing security in reactive applications
- Chapter 17. User management in reactive apps
- Chapter 17. Configuring authorization rules in reactive apps
- Chapter 17. Creating a reactive OAuth 2 resource server
- Chapter 17. Summary
- Part 6. Testing security configurations
- Chapter 18. Testing security configurations
- Chapter 18. Testing with users from a UserDetailsService
- Chapter 18. Using custom Authentication objects for testing
- Chapter 18. Testing method security
- Chapter 18. Testing authentication
- Chapter 18. Testing CSRF configurations
- Chapter 18. Testing CORS configurations
- Chapter 18. Testing reactive Spring Security implementations
- Chapter 18. Summary
Product information
- Title: Spring Security in Action, Second Edition, Video Edition
- Author(s):
- Release date: June 2024
- Publisher(s): Manning Publications
- ISBN: None
You might also like
book
Spring Security - Fourth Edition
Leverage the power of Spring Security 6 to protect your modern Java applications from hackers Key …
book
Pro Spring Security: Securing Spring Framework 6 and Boot 3-based Java Applications
Build and deploy secure Spring Framework and Spring Boot-based enterprise Java applications with the Spring Security …
video
Spring Security
8+ Hours of Video Instruction Overview In Spring Security LiveLessons, learn from Spring experts Rob Winch, …
book
Spring Security in Action
While creating secure applications is critically important, it can also be tedious and time-consuming to stitch …