• Complain

Laurentiu Spilca - Spring Security in Action MEAP V06

Here you can read online Laurentiu Spilca - Spring Security in Action MEAP V06 full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2020, publisher: Manning Publications Co., genre: Computer. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:

Romance novel Science fiction Adventure Detective Science History Home and family Prose Art Politics Computer Non-fiction Religion Business Children Humor

Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.

Laurentiu Spilca Spring Security in Action MEAP V06
  • Book:
    Spring Security in Action MEAP V06
  • Author:
  • Publisher:
    Manning Publications Co.
  • Genre:
  • Year:
    2020
  • Rating:
    3 / 5
  • Favourites:
    Add to favourites
  • Your mark:
    • 60
    • 1
    • 2
    • 3
    • 4
    • 5

Spring Security in Action MEAP V06: summary, description and annotation

We offer to read an annotation, description, summary or preface (depends on what the author of the book "Spring Security in Action MEAP V06" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.

Laurentiu Spilca: author's other books


Who wrote Spring Security in Action MEAP V06? Find out the surname, the name of the author of the book and a list of all author's works by series.

Spring Security in Action MEAP V06 — read online for free the complete book (whole text) full work

Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Spring Security in Action MEAP V06" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.

Light

Font size:

Reset

Interval:

Bookmark:

Make

MEAP Edition Manning Early Access Program Spring Security in Action - photo 1

MEAP Edition

Manning Early Access Program

Spring Security in Action

Version 6

Copyright 2020 Manning Publications

Manning Publications Co. We welcome reader comments about anything in the manuscript - other than typos and other simple mistakes.

These will be cleaned up during production of the book by copyeditors and proofreaders.

https://livebook.manning.com/book/spring-security-in-action/discussion

For more information on this and other Manning titles go to

www.manning.com

welcome

Thank you for purchasing the MEAP of Spring Security in Action. Youve already made a significant step forward by understanding the importance of security in software applications. I hope you will find plenty of things that will help you secure your Spring applications. Thanks to your help, the book will become a great learning resource for a lot of people when its finished.

Spring framework is the leading choice for developing enterprise applications. For applications developed with the Spring framework, Spring Security is the first choice for establishing application-level security. An increasing number of developers understand how important security is and what the repercussions could be when it hasnt been given the proper attention. Most people participating in the development of a software system today are aware of OWASP and at least OWASPs top ten vulnerabilities.

This book is about using Spring Security in Spring applications. To get the most out of this book, you should already know how to use the Spring framework and Spring Boot for application development.

By the end of the book, you will have covered the following topics:

How Spring Security works and its application in different scenarios, from using it with the standard servlet-based applications to reactive applications

Usability of Spring Security according to your applications architecture, from small applications to using OAuth2 and OpenID Connect in bigger systems

Various ways to apply, and best practices for applying, configurations in Spring Security

Writing unit tests for the functionality related to Spring Security

What to take into consideration when deploying your applications in an orchestrated environment

I have used Spring and Spring Security for some years already, with a variety of systems from the technical perspective to the business domain. However, as you might already be aware, this subject's complexity makes touching all the cases a challenging task. This is why your feedback is invaluable and will significantly help in the improvement of this book.

Thank you again for your interest and for purchasing the MEAP!

- Laurentiu Spilca

1 Security today

This chapter covers

What Spring Security is and what you can solve by using it

What security is for a software application

Why software security is essential and why you should care

Common vulnerabilities that youll encounter at the application level

Today more and more developers are becoming aware of security. Its not, unfortunately, a common practice to take responsibility for security from the beginning of the development of a software application. This attitude should change, and everyone involved in developing a software system should learn to consider it from the start.

Generally, as developers, we start by learning that the purpose of an application is to solve business cases. This purpose refers to something where data could be processed somehow, persisted, and eventually displayed to the user in a specific way as specified by some requirements. This overview of software development, which is somehow imposed from the early ages of development, has the unfortunate disadvantage of hiding practices that are also part of the process. While the application works correctly from the users perspective, and in the end, it does what the user expects in terms of functionalities, there are lots of aspects hidden in the final result.

Non-functional software qualities such as performance, scalability, availability, and (of course) security, as well as others, may have an impact over time, from short to long term. If not taken into consideration early on, these qualities can affect in terms of profitability the owners of the application dramatically. Moreover, they could trigger failures in other systems as well (for example, by the unwilling participation in a distributed denial of service (DDoS) attack). The hidden aspect of non-functional requirements (the fact that its much more challenging to see if theyre missing or incomplete) makes them, however, more dangerous.

Figure 11 A user mainly thinks about the functional requirements Sometimes - photo 2

Figure 1.1 A user mainly thinks about the functional requirements. Sometimes you might see them aware also of performance which is non-functional, but its quite unusual unfortunately that they care about security. Non-functional requirements tend to be more transparent than functional ones.

There are multiple non-functional aspects to consider when working on a software system. In practice, all of these are important, and they need to be treated responsibly in the process of software development. In this book, well focus on one of them: security. Youll learn how to protect your application step by step using Spring Security.

But before starting, Id like to make you aware of the following: depending on how much experience you have, you might or not find this chapter cumbersome. Dont worry too much if you dont understand absolutely all the aspects at the moment. For now, with this chapter, I want to show you a big picture of the security-related concepts. Throughout the book, well work on practical examples, and where appropriate, Ill refer back to the description I give in this chapter. Where applicable, Ill also provide you more details. Here and there, youll find references to other materials (books, articles, documentation) that are useful for you to read further on specific subjects.

1.1 Spring Security - the what and the why

In this section, well discuss the relationship between Spring Security and Spring. It is important, first of all, to understand the link between the two before starting to use them.

If wed go to the official website, https://spring.io/projects/spring-security, they describe Spring Security as a powerful and highly customizable framework for authentication and access control. I would simply say it is a framework that enormously simplifies baking security for Spring applications.

Spring Security is the primary choice for implementing application-level security in Spring applications. Generally, its purpose is to offer you a highly customizable way of implementing authentication, authorization, and protection against common attacks. Spring Security is open-source software released under the Apache 2.0 license. You can access the source code of the project on GitHub at https://github.com/spring-projects/spring-security/ , and I highly recommend that you contribute to the project as well.

Note You can use Spring Security for both standard web servlets as well as reactive applications. To use it, you need at least Java 8, although the examples in this book use Java 11, which is the latest long term supported version.

I can guess that if you opened this book, you work on Spring applications, and you are interested in securing them. Spring Security is most probably the best choice for your cases. It anyway became the de-facto choice in implementing the application-level security for Spring applications. Spring Security, however, doesnt automatically secure your application. Its not some kind of magic that guarantees a vulnerability-free app. Developers need to understand how to configure and customize Spring Security around the needs of the application. How to do this depends on many factors, from the functional requirements to the architecture.

Next page
Light

Font size:

Reset

Interval:

Bookmark:

Make

Similar books «Spring Security in Action MEAP V06»

Look at similar books to Spring Security in Action MEAP V06. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.


Reviews about «Spring Security in Action MEAP V06»

Discussion, reviews of the book Spring Security in Action MEAP V06 and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.