Spring Security Fourth Edition

This is the code repository for Spring Security - Fourth Edition, published by Packt.

Effectively secure your web apps, RESTful services, cloud apps, and microservice architectures

Knowing that experienced hackers are constantly on the prowl to attack your apps can make security one of the most challenging concerns of creating an app. The complexity of properly securing an app is compounded when you must also integrate this factor with legacy code, new technologies, and other frameworks. This book will help you easily secure your Java apps with Spring Security, a trusted and highly customizable authentication and access control framework.

This book covers the following exciting features:

• Understand common security vulnerabilities and how to resolve them
• Implement authentication and authorization and learn how to map users to roles
• Get to grips with the security challenges of RESTful web services and microservices
• Configure Spring Security to use Spring Data for authentication
• Integrate Spring Security with Spring Boot, Spring Data, and web applications
• Protect against common vulnerabilities like XSS, CSRF, and Clickjacking

If you feel this book is for you, get your copy today!

All of the code is organized into folders. For example, Chapter02.

The code will look like the following:

//src/main/java/com/packtpub/springsecurity/configuration/
SecurityConfig.java
@Bean
public SecurityFilterChain filterChain(HttpSecurity http,
       PersistentTokenRepository persistentTokenRepository,
RememberMeServices rememberMeServices) throws Exception {
    http.authorizeHttpRequests( authz -> authz
                .requestMatchers("/webjars/**").permitAll()
…
    // Remember Me
    http.rememberMe(httpSecurityRememberMeConfigurer -> 
httpSecurityRememberMeConfigurer
          .key("jbcpCalendar")
          .rememberMeServices(rememberMeServices)
          .tokenRepository(persistentTokenRepository));
    return http.build();
}

Following is what you need for this book:

If you’re a Java web developer or an architect with fundamental knowledge of Java 17/21, web services, and the Spring Framework, this book is for you. No previous experience with Spring Security is needed to get started with this book.

With the following software and hardware list you can run all code files present in the book (Chapter 1-19).

• Pact Publishing Book Home
• Jim Bob CP Calendar Application for Spring Security 6
• The code tested with Java 17 And Java 21
• This code supports both Gradle and Maven
• Thymeleaf has been used as the view templating engine

1. Anatomy of an Unsafe Application

2. Getting Started with Spring Security

3. Custom Authentication

4. JDBC-Based Authentication

5. Authentication with Spring-Data

6. LDAP Directory Services

7. Remember-Me Services

8. Client Certificate Authentication with TLS

9. Opening up to OAuth 2

10. SAML 2 Support

11. Fine-grained Access Control

12. Access Control Lists

13. Custom Authorization

14. Session Management

15. Additional Spring Security Features

16. Migration to Spring Security 6

17. Microservice Security with OAuth 2 and JSON Web Tokens

18. Single Sign-On with the Central Authentication Service

19. Build GraalVM native images

• Modern API Development with Spring 6 and Spring Boot 3 [Packt] [Amazon]

• Learning Spring Boot 3.0 - Third Edition [Packt] [Amazon]

Badr Nasslahsen is a lead security and cloud architect with over 17 years of experience. He holds an executive master’s degree from Ecole Centrale Paris and an engineering degree from Telecom SudParis. He is an Oracle Certified Java SE 11 Professional, CISSP, TOGAF, CKA, and Scrum master. Badr has extensive experience in public cloud providers: AWS, Azure, GCP, Oracle, and IBM. He is also the author of the springdoc-openapi project.