ebook img

Spring Security PDF

530 Pages·2017·11.992 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Spring Security

Spring Security Third Edition Secure your web applications, RESTful services, and microservice architectures Mick Knutson Robert Winch Peter Mularien BIRMINGHAM - MUMBAI Spring Security Third Edition Copyright © 2017 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. First published: May 2010 Second edition: December 2012 Third edition: November 2017 Production reference: 1241117 Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK. ISBN 978-1-78712-951-1 www.packtpub.com Credits Authors Copy Editors Mick Knutson Pranjali Chury Robert Winch Safis Editing Peter Mularien Reviewers Project Coordinator Tejaswini Mandar Jog Vaidehi Sawant Jay Lee Commissioning Editor Proofreader Aaron Lazar Safis Editing Acquisition Editor Indexer Karan Sadawana Francy Puthiry Content Development Editor Graphics Zeeyan Pinheiro Jason Monteiro Technical Editor Production Coordinator Vibhuti Gawde Shantanu Zagade About the Authors Mick Knutson has over 25 years of experience in the IT industry. As a passionate and experienced enterprise technology consultant, Java architect, and software developer, he looks forward to using his unique professional experience to help students learn about software development in an effective, practical, and convenient manner. Mick's real-world expertise comes from providing individuals and mid-to-large-size businesses with advanced software consulting and training. He has collaborated with many notable clients and partners including VMware, Spring Source, FuseSource, Global Knowledge, and Knowledge United. His technical expertise includes OOA/OOD/OOP, Java, Java EE, Spring Security, Oracle, Enterprise Integration, and Message-Oriented Middleware (MOM). As a veteran of the IT industry, Mick is determined to help as many people as possible and show that anyone can become a software developer. He has spoken around the world at training seminars, luncheons, book publishing engagements, and white paper engagements. He has authored several technical books and articles on Spring Security, Java EE 6, HTTP, and VisualVM. He is also a featured blogger at DZone, where he is part of the curated Most Valuable Blogger (MVB) group. Having lived and breathed software development for over two decades, Mick enjoys translating complex technical concepts into plain English for different audiences. Whether he is helping an experienced software professional or someone who is new to the field, he can simplify even the most intricate IT concepts. Mick's mission is to use his seasoned professional experience to help anyone who wants to learn about software development. As an expert and professional, Mick designs his training courses to make the learning experience as enriching, seamless, and convenient as possible so that you can master software development in the shortest amount of time. Learn from an expert. Mick warmly looks forward to helping you learn software development in the right way so that you can maximize both your money and your time. You can also refer to his following books: Spring Security Third Edition Distributed Configuration with Spring Cloud Config Java EE6 Cookbook HTTP Reference Card (DZone) VisualVM Reference Card (DZone) You can also refer to his video on BASELogic available on YouTube. You can also connect with him on the following social media sites: LinkedIn (mickknutson) Twitter (mickknutson) GitHub (mickknutson) Bitbucket (mickknutson) Udemy video series (MickKnutson) Facebook (BASELogic) Google+ (BASElogic) I would like to thank all the randomly assembled molecules that I have collided with on my journey through the universe. Robert Winch is currently a senior software engineer at VMware and is the project lead of the Spring Security framework. In the past, he has worked as a software architect at Cerner, the largest provider of electronic medical systems in the US, securing healthcare applications. Throughout his career, he has developed hands-on experience integrating Spring Security with an array of security standards (that is, LDAP, SAML, CAS, OAuth, and so on). Before he was employed at Cerner, he worked as an independent web contractor in proteomics research at Loyola University Chicago and on the Globus Toolkit at Argonne National Laboratory. Peter Mularien is an experienced software architect and engineer and the author of the book Spring Security 3, Packt Publishing. Peter currently works for a large financial services company and has over 12 years of consulting and product experience in Java, Spring, Oracle, and many other enterprise technologies. He is also the reviewer of this book. About the Reviewers Tejaswini Mandar Jog is a passionate and enthusiastic Java trainer. She has over nine years of experience in the IT training field, specializing in Java, J2EE, Spring, and relevant technologies. She has worked with many renowned corporate companies on training and skill enhancement programs. She is also involved in the development of projects using Java, Spring, and Hibernate. She is the author of the books Learning Modular Java Programming, Learning Spring 5.0, and Reactive Programming With Java9. Thank you Mandar and Ojas for being with me as my biggest support. Jay Lee currently works at Pivotal as a senior platform architect. His job is to help big enterprise’s Cloud Native Journey with Spring, Spring Boot, Spring Cloud, and Cloud Foundry. Before joining Pivotal, he spent ten years at Oracle and worked with big enterprises for their large-scale Java distributed system and Middleware. He is authoring Microservices book (name should be decided) using Spring Boot, and Spring Cloud at the moment. www.Packtpub.com For support files and downloads related to your book, please visit www.PacktPub.com. Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details. At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks. https:/​/​www.​packtpub.​com/​mapt Get the most in-demand software skills with Mapt. Mapt gives you full access to all Packt books and video courses, as well as industry-leading tools to help you plan your personal development and advance your career. Why subscribe? Fully searchable across every book published by Packt Copy and paste, print, and bookmark content On demand and accessible via a web browser Customer Feedback Thanks for purchasing this Packt book. At Packt, quality is at the heart of our editorial process. To help us improve, please leave us an honest review on this book's Amazon page at https:/​/​www.​amazon.​in/​dp/​1787129519. If you'd like to join our team of regular reviewers, you can e-mail us at [email protected]. We award our regular reviewers with free eBooks and videos in exchange for their valuable feedback. Help us be relentless in improving our products! Table of Contents Preface 1 Chapter 1: Anatomy of an Unsafe Application 8 Security audit 9 About the sample application 9 The JBCP calendar application architecture 11 Application technology 13 Reviewing the audit results 13 Authentication 15 Authorization 18 Database credential security 21 Sensitive information 21 Transport-level protection 21 Using Spring Security 4.2 to address security concerns 22 Why Spring Security? 22 Summary 23 Chapter 2: Getting Started with Spring Security 24 Hello Spring Security 25 Importing the sample application 25 Updating your dependencies 25 Using Spring 4.3 and Spring Security 4.2 26 Implementing a Spring Security XML configuration file 27 Updating your web.xml file 29 The ContextLoaderListener class 29 ContextLoaderListener versus DispatcherServlet 30 The springSecurityFilterChain filter 31 The DelegatingFilterProxy class 32 The FilterChainProxy class 32 Running a secured application 33 Common problems 34 A little bit of polish 34 Customizing login 35 Configuring logout 39 The page isn't redirecting properly 40 Basic role-based authorization 41 Expression-based authorization 45 Conditionally displaying authentication information 46

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.