Spring Security in Action, Second Edition

Don't let security be an afterthought. Spring Security in Action, Second Edition is your vital companion to robust, secure applications that are protected right from the first line of code.Spring Security in Action, Second Edition is a revised version of the bestselling original, fully updated for Spring Boot 3 and Oauth2/OpenID Connect. In Spring Security in Action, Second Edition you will learn essential security skills including how to: Implement and customize authentication and authorization Set up all components of an OAuth2/OpenID Connect system Utilize CRSF and CORS configurations Secure Spring reactive applications Write tests for security configurations Whether you're a beginner or a pro, Spring Security in Action, Second Edition teaches you how to secure your Java applications from the ground up. Author Laurentiu Spilca distills his years of experience as a skilled Java and Spring developer into an indispensable guide to everything securityfrom authentication and authorization, to testing security configurations. This new edition covers the latest patterns for application-level security in Spring apps, demonstrating how Spring Security simplifies every step of the security process. Foreword by Joe Grandja. About the technology Spring Security makes it much, much easier to secure enterprise-scale Java applications. This powerful framework integrates with Spring apps end to end, with ';secure by design' principles and ready-to-use features that help you implement robust authorization and authentication and protect against data theft and intrusions. And like everything else in the Spring ecosystem, it's free, open source, and backed by the awesome team at VMWare. About the book Spring Security in Action, Second Edition updates this bestselling guide to Spring Security to include deep coverage of OAuth2/OpenID Connect and security configuration using the new SecurityFilterChain. The crystal clear explanations and relevant examples, teach you how to build your own authorization server, configure secure endpoints, and prevent cross-site scripting and request forgery attacks. What's inside Custom authentication and authorization CRSF and CORS configurations Secure Spring reactive applications Write tests for security configurations About the reader For experienced Java and Spring developers. About the author Laurentiu Spilca is a skilled Java and Spring developer and an experienced technology instructor. He is also the author of Manning's Spring Start Here and Troubleshooting Java. Table of Contents PART 1 1 Security today 2 Hello, Spring Security PART 2 3 Managing users 4 Managing passwords 5 A web app's security begins with filters 6 Implementing authentications PART 3 7 Configuring endpoint-level authorization: Restricting access 8 Configuring endpoint-level authorization: Applying restrictions 9 Configuring CSRF protection 10 Configuring CORS 11 Implementing authorization at the method level 12 Implementing filtering at the method level PART 4 13 What are OAuth 2 and OpenID Connect? 14 Implementing an OAuth 2 authorization server 15 Implementing an OAuth 2 resource server 16 Implementing an OAuth 2 client PART 5 17 Implementing security in reactive applications PART 6 18 Testing security configurations