Pro Spring Security
Published on 17. June 2013
XX, 340 pages
978-1-4302-4819-4 (ISBN)
Description
Security is a key element in the development of any non-trivial application. The Spring Security Framework provides a comprehensive set of functionalities to implement industry-standard authentication and authorization mechanisms for Java applications. Pro Spring Security will be a reference and advanced tutorial that will do the following: Guides you through the implementation of the security features for a Java web application by presenting consistent examples built from the ground-up. Demonstrates the different authentication and authorization methods to secure enterprise-level applications by using the Spring Security Framework. Provides you with a broader look into Spring security by including up-to-date use cases such as building a security layer for RESTful web services and Grails applications.
More details
Other editions
New editions
Carlo Scarioni | Massimo Nardone
Pro Spring Security
Securing Spring Framework 5 and Boot 2-based Java Applications
E-Book
11/2019
2nd Edition
APress
€56.99
Available for download
Additional editions
Content
- Cover
- Title Page
- Copyright Page
- Contents at a Glance
- Table of Contents
- About the Author
- About the Technical Reviewer
- CHAPTER 1 The Scope of Security
- The Network Security Layer
- The Operating System Layer
- The Application Layer
- Authentication
- Authorization
- ACLs
- Authentication and Authorization: General Concepts
- What to Secure
- More Security Concerns
- Java Options for Security
- Summary
- CHAPTER 2 Introducing Spring Security
- What Is Spring Security?
- Where Does Spring Security Fit In?
- Spring Security and Spring
- Spring Framework: A Quick Overview
- Dependency Injection
- Aspect Oriented Programming (AOP)
- An Initial Spring Security Secured Application
- Adding Spring Security (and Spring Core Itself ) to the Project
- Spring Security Source
- Configuring the Web Project To Be Aware of Spring Security
- Understanding the Simple Application
- Summary
- CHAPTER 3 Spring Security Architecture and Design
- What Components Make Up Spring Security?
- The 10,000-Foot View
- The 1,000-Foot View
- The 100-Foot View
- The Security Interceptor
- The XML Namespace
- The Filters and Filter Chain
- ConfigAttribute
- The Authentication Object
- SecurityContext and SecurityContextHolder
- AuthenticationProvider
- AccessDecisionManager
- AffirmativeBased
- ConsensusBased
- UnanimousBased
- AccessDecisionVoter
- UserDetailsService and AuthenticationUserDetailsService
- UserDetails
- ACL
- JSP Taglib
- Good Design and Patterns in Spring Security
- Strategy Pattern
- Decorator Pattern
- SRP
- DI
- Summary
- CHAPTER 4 Web Security
- Introducing the Simple Example Application
- The Special URLs
- Custom Login Form
- Basic HTTP Authentication
- Digest Authentication
- Remember-Me Authentication
- Allowing Remember-Me Access to Selected Parts of the Application
- Logging Out
- The Session (javax.servlet.http.HttpSession) and the SecurityContext
- Beyond Simple User Roles: Using Spring Expression Language to Secure the Web Layer
- Extend with Your Own Expressions
- Switching to a Different User
- Session Management
- Using Different Pattern Matchers for Matching Requests
- Forcing the Request to HTTPS
- Using the JSP Taglib
- Role Hierarchies
- Summary
- CHAPTER 5 Securing the Service Layer
- The Limitations of Web-Level Security
- What Is Business Service-Level Security?
- Setting Up the Example for the Chapter
- How the Described Actions Happen Under the Hood
- Creating a Business Layer in Your Application
- @RolesAllowed Annotation
- Securing the Application Using SpEL Expressions
- Securing the Data Returned from a Method
- Filtering Collections Sent and Returned from Methods
- Security Defined in XML
- Security Without a Web Layer
- Using AspectJ AOP instead of Spring AOP
- Summary
- CHAPTER 6 Configuring Alternative Authentication Providers
- Database-Provided Authentication
- Creating the Basic Tables
- Using Groups
- Using Existing Schemas
- LDAP Authentication
- Installing and Configuring LDAP
- Other Attributes and Elements in the LDAP Spring Security Namespace
- Authenticating with OpenID
- Setting Up OpenID Authentication
- OpenID Authentication Flow
- Spring Security OpenID Namespace
- X.509 Authentication
- JAAS Authentication
- Central Authentication Service (CAS) Authentication
- Integrating CAS with a Different Authentication Provider
- Summary
- CHAPTER 7 Business Object Security with ACLs
- The Security Example Application
- Accessing Secured Objects
- Filtering Returned Objects
- Securing the View Layer with ACLs
- The Cost of ACLs
- Summary
- CHAPTER 8 Customizing and Extending Spring Security
- Spring Security Extension Points
- Plug into the Spring Security Event System
- Authorization-Related Events
- Authentication-Related Events
- Session-Related Events
- Your Own AuthenticationProvider and UserDetailsService
- Password Encryption
- New Voters in AccessDecisionManager
- Nonvoter AccessDecisionManager Implementations
- New Expression Root and SpEL
- Non-JDBC AclService
- Custom Security Filter
- Handling Errors and Entry Points
- Changing the Security Interceptor
- Spring Security Extensions Project
- Summary
- CHAPTER 9 Integrating Spring Security with Other Frameworks and Languages
- Spring Security with Struts 2
- Spring Security with Spring Web Flow
- SpEL-Based Security with Spring Web Flow
- Spring Security in Other JVM Languages
- Spring Security and Ruby (JRuby)
- Web-Layer Security in Rails
- Spring Security, Groovy, and Grails
- Using Grails to Secure the Web Layer with URL Rules
- Using Grails Security at the Method Level
- Spring Security and Scala
- Summary
- Index
