About the Book
Learn how to secure your Java applications from hackers using Spring Security 4.2
Key Features
Architect solutions that leverage the power of Spring Security while being loosely coupled
Implement existing user stores, user sign up, authentication, and supporting AJAX requests
Integrate with popular Cloud services such as Zookeeper, Eureka, and Consul, along with advanced techniques, including OAuth, JSON Web Token's (JWS), Hashing, and encryption algorithms
Book DescriptionKnowing that experienced hackers are itching to test your skills makes security one of the most difficult and high-pressured concerns of creating an application. The complexity of properly securing an application is compounded when you must also integrate this factor with existing code, new technologies, and other frameworks. Use this book to easily secure your Java application with the tried and trusted Spring Security framework, a powerful and highly customizable authentication and access-control framework.
The book starts by integrating a variety of authentication mechanisms. It then demonstrates how to properly restrict access to your application. It also covers tips on integrating with some of the more popular web frameworks. An example of how Spring Security defends against session fixation, moves into concurrency control, and how you can utilize session management for administrative functions is also included.
It concludes with advanced security scenarios for RESTful webservices and microservices, detailing the issues surrounding stateless authentication, and demonstrates a concise, step-by-step approach to solving those issues. And, by the end of the book, readers can rest assured that integrating version 4.2 of Spring Security will be a seamless endeavor from start to finish.What you will learn
Understand common security vulnerabilities and how to resolve them
Perform initial penetration testing to uncover common security vulnerabilities
Utilize existing corporate infrastructure such as LDAP, Active Directory, Kerberos, OpenID, and OAuth
Integrate with popular frameworks such as Spring, Spring-Boot, Spring-Data, jQuery, and AngularJS
Deep understanding of the security challenges with RESTful webservices and microservice architectures
Integrate Spring with other security infrastructure components like LDAP, Apache Directory server and SAML
Who this book is forThis book is intended for Java Web and/or RESTful webservice developers and assumes a basic understanding of creating Java 8, Java Web and/or RESTful webservice applications, XML, and the Spring Framework. You are not expected to have any previous experience with Spring Security.
Table of Contents:
Table of Contents
Anatomy of an Unsafe Application
Getting Started with Spring Security
Custom Authentication
JDBC-based Authentication
Authentication with Spring-Data
LDAP Directory Services
Remember-me Services
Client Certificate Authentication with TLS
Opening up to OpenID
Single Sign-on with Central Authentication Service
Fine-grained Access Control
Access Control Lists
Custom Authorization
Session Management
Additional Spring Security Features
Microservice security with OAuth2 and JSON Web Tokens
Migration to Spring Security 4.2
About the Author :
With nearly two decades of experience working in the IT industry in various roles as Enterprise technology consultant, Java Architect, project leader, Engineer, Designer and Developer, Mr. Knutson has gained a wide variety of experience in disciplines including JavaEE, Web Services, Mobile Computing and Enterprise Integration Solutions.
Over the course of his career, Mr. Knutson has enjoyed long lasting partnerships with many of the most recognizable names in the Health Care, Financial, Banking, Insurance, Manufacturing, Telecommunications, Utilities, Product Distribution, Industrial and Electronics industries employing industry standard full software life cycle methodologies including the Rational Unified Process (RUP), Agile, SCRUM, and Extreme Programming (XP).
Mr. Knutson has also undertaken speaking engagements, training seminars, white paper and book publishing engagements world-wide. Robert Winch is currently a senior software engineer at VMware and is the project lead of the Spring Security framework. In the past, he has worked as a software architect at Cerner, the largest provider of electronic medical systems in the US, securing healthcare applications. Throughout his career, he has developed hands-on experience integrating Spring Security with an array of security standards (that is, LDAP, SAML, CAS, OAuth, and so on). Before he was employed at Cerner, he worked as an independent web contractor in proteomics research at Loyola University Chicago and on the Globus Toolkit at Argonne National Laboratory. Peter Mularien is an experienced software architect and engineer, and the author of the book Spring Security 3, Packt Publishing. Peter currently works for a large financial services company and has over 12 years consulting and product experience in Java, Spring, Oracle, and many other enterprise technologies. He is also the reviewer of this book.
