Название: Pro Spring Security: Securing Spring Framework 6 and Boot 3-based Java Applications, 3rd Edition
Автор: Massimo Nardone, Carlo Scarioni
Издательство: Apress
Год: 2024
Страниц: 301
Язык: английский
Формат: pdf (true), epub (true)
Размер: 14.8 MB

Build and deploy secure Spring Framework and Spring Boot-based enterprise Java applications with the Spring Security Framework. This book explores a comprehensive set of functionalities to implement industry-standard authentication and authorization mechanisms for Java applications. Pro Spring Security, Third Edition has been updated to incorporate the changes in Spring Framework 6 and Spring Boot 3. It is an advanced tutorial and reference that guides you through the implementation of the security features for a Java web application by presenting consistent examples built from the ground up. This book also provides you with a broader look into Spring security by including up-to-date use cases such as building a security layer for RESTful web services and JSON Web Token applications.

The previous version of this book utilized Spring Security 5. Therefore, in this new edition of the book, it is very important to note the most important changes from version 5 to version 6. Spring Framework 6.0 was released on November 16, 2022. It came with a Java 17+ baseline and a move to Jakarta EE 9+ (in the Jakarta namespace), focusing on the recently released Jakarta EE 10 APIs such as Servlet 6.0 and JPA 3.1. Spring’s current version’s core building blocks of dependency injection and aspect-oriented programming widely apply to many business and infrastructure concerns. Certainly, application security can benefit from these core functionalities. Even in version 6, Spring Security is an application-level security framework built on top of the powerful Spring Framework that deals mainly with the core security concepts of authentication and authorization, which, also in version 6, are some of the fundamental functionalities of Spring Security.

Spring Security aims to be a full-featured security solution for your Java applications. Although its focus is on web applications and the Java programming language, you will see that it goes beyond these two domains. Because there are new things in the version, the baseline for Spring Boot 3 and Spring Security 6 is Java 17.

What You Will Learn:
Explore the scope of security and how to use the Spring Security Framework
Master Spring security architecture and design
Secure the web tier in Spring
Work with alternative authentication providers
Take advantage of business objects and logic security
Extend Spring security with other frameworks and languages
Secure the service layer
Secure the application with JSON Web Token

Who This Book Is For:
This book is written mainly for Java developers who use Spring in their work and need to add security to their applications in a way that leverages Spring’s proven concepts and techniques. The book will also be helpful to developers who want to add web-layer security to their applications, even if those applications are not fully Spring-powered at their core. The book assumes you have knowledge of Java and some of its tools and libraries, such as Servlet, Maven, OAuth 2.0, and JWT. It also assumes that you know what you want to use security for and in what context you want to use it. This means, for example, we won’t explain protocols like LDAP in depth; instead, we’ll concentrate on showing you how to integrate Spring Security with an LDAP user store. An in-depth knowledge of Spring is not essential because many of the concepts are introduced as we go along, but the more you understand about Spring, the more likely you are to get out of this book.