Mick Knutson - Spring Security
Here you can read online Mick Knutson - Spring Security full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2017, publisher: Packt Publishing, genre: Computer. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:
Romance novel
Science fiction
Adventure
Detective
Science
History
Home and family
Prose
Art
Politics
Computer
Non-fiction
Religion
Business
Children
Humor
Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.
- Book:Spring Security
- Author:
- Publisher:Packt Publishing
- Genre:
- Year:2017
- Rating:5 / 5
- Favourites:Add to favourites
- Your mark:
Spring Security: summary, description and annotation
We offer to read an annotation, description, summary or preface (depends on what the author of the book "Spring Security" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.
Learn how to secure your Java applications from hackers using Spring Security 4.2
About This Book- Architect solutions that leverage the full power of Spring Security while remaining loosely coupled.
- Implement various scenarios such as supporting existing user stores, user sign up, authentication, and supporting AJAX requests,
- Integrate with popular Microservice and Cloud services such as Zookeeper, Eureka, and Consul, along with advanced techniques, including OAuth, JSON Web Tokens (JWS), Hashing, and encryption algorithms
This book is intended for Java Web and/or RESTful webservice developers and assumes a basic understanding of creating Java 8, Java Web and/or RESTful webservice applications, XML, and the Spring Framework. You are not expected to have any previous experience with Spring Security.
What You Will Learn- Understand common security vulnerabilities and how to resolve them
- Learn to perform initial penetration testing to uncover common security vulnerabilities
- Implement authentication and authorization
- Learn to utilize existing corporate infrastructure such as LDAP, Active Directory, Kerberos, CAS, OpenID, and OAuth
- Integrate with popular frameworks such as Spring, Spring-Boot, Spring-Data, JSF, Vaaden, jQuery, and AngularJS.
- Gain deep understanding of the security challenges with RESTful webservices and microservice architectures
- Integrate Spring with other security infrastructure components like LDAP, Apache Directory server and SAML
Knowing that experienced hackers are itching to test your skills makes security one of the most difficult and high-pressured concerns of creating an application. The complexity of properly securing an application is compounded when you must also integrate this factor with existing code, new technologies, and other frameworks. Use this book to easily secure your Java application with the tried and trusted Spring Security framework, a powerful and highly customizable authentication and access-control framework.
The book starts by integrating a variety of authentication mechanisms. It then demonstrates how to properly restrict access to your application. It also covers tips on integrating with some of the more popular web frameworks. An example of how Spring Security defends against session fixation, moves into concurrency control, and how you can utilize session management for administrative functions is also included.
It concludes with advanced security scenarios for RESTful webservices and microservices, detailing the issues surrounding stateless authentication, and demonstrates a concise, step-by-step approach to solving those issues. And, by the end of the book, readers can rest assured that integrating version 4.2 of Spring Security will be a seamless endeavor from start to finish.
Style and approachThis practical step-by-step tutorial has plenty of example code coupled with the necessary screenshots and clear narration so that grasping content is made easier and quicker.
Mick Knutson: author's other books
Who wrote Spring Security? Find out the surname, the name of the author of the book and a list of all author's works by series.
Spring Security — read online for free the complete book (whole text) full work
Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Spring Security" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.
Font size:
Interval:
Bookmark:
Welcome to the world of Spring Security 4.2! We're certainly pleased that you have acquired the only published book fully devoted to Spring Security 4.2. Before we get started with the book, we would like to give you an overview of how the book is organized and how you can get the most out of it.
Once you have read this book, you should be familiar with key security concepts and understand how to solve the majority of the real-world problems that you will need to solve with Spring Security. Through this discovery, you will gain an in-depth understanding of Spring Security's architecture, which will allow you to handle any unexpected use cases the book does not cover.
The book is divided into the following four main sections:
- The first section (, Getting Started with Spring Security) provides an introduction to Spring Security and allows you to get started with Spring Security quickly
- The second section (, Opening up to OAuth 2) provides in-depth instructions for integrating with a number of different authentication technologies
- The third section (, Access Control Lists) explains how Spring Security's authorization support works
- Finally, the last section (, Microservice Security with OAuth 2 and JSON Web Tokens) provides information specialized topics and guides that help you perform very specific tasks
Security is a very interwoven concept, and so are many of the topics in the book. However, once you have read through the first three chapters, the rest of the chapters are fairly independent. This means that you can easily skip chapters and still understand what is happening. The goal is to provide a cookbook-style guide that when read in its entirety still helps you develope a clear understanding of Spring Security.
The book uses a simple Spring Web MVC-based application to illustrate how to solve real-world problems. The application is intended to be very simple and straightforward, and deliberately contains very little functionality-the goal of this application is to encourage you to focus on Spring Security concepts and not get tied up in the complexities of application development. You will have a much easier time following the book if you take the time to review the sample application source code and try to follow along with the exercises. Some tips on getting started are found in the Getting started with the JBCP calendar sample code section in Appendix, Additional Reference Material.
, Anatomy of an Unsafe Application, covers a hypothetical security audit of our calendar application, illustrating common issues that can be resolved through the proper application of Spring Security. You will learn about some basic security terminology and review some prerequisites for getting the sample application up and running.
, Getting Started with Spring Security, demonstrates the "Hello World" installation of Spring Security. After the chapter walks the reader through some of the most common customizations of Spring Security.
, Custom Authentication, incrementally explains Spring Security's authentication architecture by customizing key pieces of the authentication infrastructure to address real-world problems. Through these customizations, you will gain an understanding of how Spring Security authentication works and how you can integrate with existing and new authentication mechanisms.
, JDBC-Based Authentication, covers authenticating against a database using Spring Security's built-in JDBC support. We then discuss how we can secure our passwords using Spring Security's new cryptography module.
, Authentication with Spring Data , covers authenticating against a database using Spring Security's integration with Spring Data JPA and Spring Data MongoDB.
, LDAP Directory Services , provides a guide to application integration with an LDAP directory server.
, Remember-Me Services , demonstrates the use of the remember-me feature in Spring Security and how to configure it. We also explore additional considerations to bear in mind when using it.
, Client Certificate Authentication with TLS , makes X.509 certificate-based authentication a clear alternative for certain business scenarios, where managed certificates can add an additional layer of security to our application.
, Opening up to OAuth 2, covers OAuth 2-enabled login and user attribute exchange, as well as a high-level overview of the logical flow of the OAuth 2 protocol, including Spring OAuth 2 and Spring social integration.
, Single Sign-on with Central Authentication Service, shows how integrating with Central Authentication Service (CAS) can provide Single Sign-On and single logout support to your Spring Security-enabled applications. It also demonstrates how you can use CAS proxy ticket support with stateless services.
, Fine-Grained Access Control, covers in-page authorization checking (partial page rendering) and business-layer security using Spring Security's method security capabilities.
, Access Control Lists, covers the concepts and basic implementation of business object-level security using the Spring Security ACL module-a powerful module with a very flexible applicability to challenging business security problems.
, Custom Authorization, explains how Spring Security's authorization works by writing custom implementations of key parts of Spring Security's authorization infrastructure.
, Session Management, discusses how Spring Security manages and secures user sessions. The chapter starts by explaining session fixation attacks and how Spring Security defends against them. It then discusses how you can manage logged-in users and restrict the number of concurrent sessions a single user has. Finally, we describe how Spring Security associates a user to HttpSession and how to customize this behavior.
, Additional Spring Security Features, covers other Spring Security features, including common security vulnerabilities such as Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), synchronizer tokens, and Clickjacking, and how to protect against them.
, Migration to Spring Security 4.2, provides a migration path from Spring Security 3, including notable configuration changes, class and package migrations, and important new features. It also highlights the new features that can be found in Spring Security 4.2 and provides references to examples of the features in the book.
, Microservice Security with OAuth 2 and JSON Web Tokens, looks at microservice-based architectures and how OAuth 2 with JWT play a role in securing microservices in a Spring-based application.
Appendix, Additional Reference Material, contains some reference material that is not directly related to Spring Security, but is still relevant to the topics covered in this book. Most importantly, it contains a section that assists in running the sample code included with the book.
The following list contains the software required in order to run the sample applications included with the book. Some chapters have the following additional requirements that are outlined in the respective chapters:
- Java Development Kit 1.8 can be downloaded from Oracle's website at http://www.oracle.com/technetwork/java/javase/downloads/index.html
- IntelliJ IDEA 2017+ can be downloaded from https://www.jetbrains.com/idea/
- Spring Tool Suite 3.9.1.RELEASE+ can be downloaded from https://spring.io/tools/sts
If you are a Java Web and/or RESTful web service developer and have a basic understanding of creating Java 8, Java Web and/or RESTful web service applications, XML, and the Spring Framework, this book is for you. You are not expected to have any previous experience with Spring Security.
Font size:
Interval:
Bookmark:
Similar books «Spring Security»
Look at similar books to Spring Security. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.
Discussion, reviews of the book Spring Security and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.