Don't let security be an afterthought. Spring Security in Action, Second Edition is your vital companion to robust, secure applications that are protected right from the first line of code.
Spring Security in Action, Second Edition is a revised version of the bestselling original, fully updated for Spring Boot 3 and Oauth2/OpenID Connect.
In Spring Security in Action, Second Edition you will learn essential security skills including how to:
- Implement and customize authentication and authorization
- Set up all components of an OAuth2/OpenID Connect system
- Utilize CRSF and CORS configurations
- Secure Spring reactive applications
- Write tests for security configurations
Whether you’re a beginner or a pro, Spring Security in Action, Second Edition teaches you how to secure your Java applications from the ground up. Author Laurentiu Spilca distills his years of experience as a skilled Java and Spring developer into an indispensable guide to everything security—from authentication and authorization, to testing security configurations. This new edition covers the latest patterns for application-level security in Spring apps, demonstrating how Spring Security simplifies every step of the security process.
Foreword by Joe Grandja.
Purchase of the print book includes a free eBook in PDF and ePub formats from Manning Publications.
About the technology
Spring Security makes it much, much easier to secure enterprise-scale Java applications. This powerful framework integrates with Spring apps end to end, with “secure by design” principles and ready-to-use features that help you implement robust authorization and authentication and protect against data theft and intrusions. And like everything else in the Spring ecosystem, it’s free, open source, and backed by the awesome team at VMWare.
About the book
Spring Security in Action, Second Edition updates this bestselling guide to Spring Security to include deep coverage of OAuth2/OpenID Connect and security configuration using the new SecurityFilterChain. The crystal clear explanations and relevant examples, teach you how to build your own authorization server, configure secure endpoints, and prevent cross-site scripting and request forgery attacks.
What's inside
- Custom authentication and authorization
- CRSF and CORS configurations
- Secure Spring reactive applications
- Write tests for security configurations
About the reader
For experienced Java and Spring developers.
About the author
Laurentiu Spilca is a skilled Java and Spring developer and an experienced technology instructor. He is also the author of Manning’s Spring Start Here and Troubleshooting Java.
Table of Contents
PART 1
1 Security today
2 Hello, Spring Security
PART 2
3 Managing users
4 Managing passwords
5 A web app’s security begins with filters
6 Implementing authentications
PART 3
7 Configuring endpoint-level authorization: Restricting access
8 Configuring endpoint-level authorization: Applying restrictions
9 Configuring CSRF protection
10 Configuring CORS
11 Implementing authorization at the method level
12 Implementing filtering at the method level
PART 4
13 What are OAuth 2 and OpenID Connect?
14 Implementing an OAuth 2 authorization server
15 Implementing an OAuth 2 resource server
16 Implementing an OAuth 2 client
PART 5
17 Implementing security in reactive applications
PART 6
18 Testing security configuratios
About the Author
Laurentiu Spilca is a skilled Java and Spring developer and an experienced technology instructor. He is the author of Manning’s Spring Start Here and Spring Security in Action.
Ebook License
End-User Warranty And License Agreement
1. Grant Of License
Manning Has Authorized The Download By You Of An Unrestricted Number Of Copies Of The Electronic Book (Ebook) In Any Of The Available Formats. Manning Grants You A Nonexclusive, Nontransferable License To Use The Ebook According To The Terms And Conditions Herein. This License Agreement Permits You To Install The Ebook On Any And All Your Devices For Your Personal Use Only.
2. Restrictions
You Shall Not: (1) Share, Resell, Rent, Assign, Timeshare, Distribute, Or Transfer All Or Part Of The Ebook Or Any Rights Granted Hereunder To Any Other Person; (2) Duplicate The Ebook, Except For A Single Backup Or Archival Copy; (3) Remove Any Proprietary Notices, Labels, Or Marks From The Ebook; (4) Transfer Or Sublicense Title To The Ebook To Any Other Party.
3. Intellectual Property Protection
The Ebook Is Owned By Manning And Is Protected By United States And International Copyright And Other Intellectual Property Laws. Manning Reserves All Rights In The Ebook Not Expressly Granted Herein. This License And Your Right To Use The Ebook Terminate Automatically If You Violate Any Part Of This Agreement. In The Event Of Termination, You Must Remove The Original And Any Copies Of The Ebook From All Your Devices.
4. Source Code Supplementary Material
Any Source Code Files Provided As A Supplement To The Book Are Freely Available To The Public For Download. Reuse Of The Code Is Permitted, In Whole Or In Part, Including The Creation Of Derivative Works, Provided That You Acknowledge That You Are Using It And Identify The Source: Title, Publisher And Year.
5. Limited Warranty
Manning Warrants That The Ebook Files, A Copy Of Which You Are Authorized To Download, Are Free From Defects In The Operational Sense That They Can Be Read By A Pdf Reader Or Epub Reader, Or Other. Except For This Express Limited Warranty, Manning Makes And You Receive No Warranties, Express, Implied, Statutory Or In Any Communication With You, And Manning Specifically Disclaims Any Other Warranty Including The Implied Warranty Of Merchantability Or Fitness Or A Particular Purpose. Manning Does Not Warrant That The Operation Of The Ebook Will Be Uninterrupted Or Error Free. If The Ebook Was Purchased In The United States, The Above Exclusions May Not Apply To You As Some States Do Not Allow The Exclusion Of Implied Warranties. In Addition To The Above Warranty Rights, You May Also Have Other Rights That Vary From State To State.
6. Limitation Of Liability
In No Event Will Manning Be Liable For Any Damages, Whether Arising For Tort Or Contract, Including Loss Of Data, Lost Profits, Or Other Special, Incidental, Consequential, Or Indirect Damages Arising Out Of The Use Or Inability To Use The Ebook.
7. General
This Agreement Constitutes The Entire Agreement Between You And Manning And Supersedes Any Prior Agreement Concerning The Ebook. This Agreement Is Governed By The Laws Of The State Of New York
