Pro Spring security : securing Spring Framework 6 and Boot 3-based Java applications
معرفی کتاب «Pro Spring security : securing Spring Framework 6 and Boot 3-based Java applications» نوشتهٔ Wizards RPG Team، James Wyatt، Robert J. Schwalb، Bruce R. Cordell و Massimo Nardone; Carlo Scarioni، منتشرشده توسط نشر Apress L. P. در سال 2024. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.
Build and deploy secure Spring Framework and Spring Boot-based enterprise Java applications with the Spring Security Framework. This book explores a comprehensive set of functionalities to implement industry-standard authentication and authorization mechanisms for Java applications. Pro Spring Security, Third Edition has been updated to incorporate the changes in Spring Framework 6 and Spring Boot 3. It is an advanced tutorial and reference that guides you through the implementation of the security features for a Java web application by presenting consistent examples built from the ground up. This book also provides you with a broader look into Spring security by including up-to-date use cases such as building a security layer for RESTful web services and JSON Web Token applications. What You Will Learn Explore the scope of security and how to use the Spring Security Framework Master Spring security architecture and design Secure the web tier in Spring Work with alternative authentication providers Take advantage of business objects and logic security Extend Spring security with other frameworks and languages Secure the service layer Secure the application with JSON Web Token Who This Book Is For Experienced Spring and Java developers with prior experience in building Spring Framework or Boot-based applications Table of Contents 5 About the Authors 9 About the Technical Reviewer 11 Acknowledgments 12 Introduction 13 Chapter 1: The Scope of Security 17 The Network Security Layer 20 The Operating System Layer 21 The Application Layer 21 Authentication 22 Authorization 23 ACLs 25 Authentication and Authorization: General Concepts 25 What to Secure 30 Additional Security Concerns 31 Java Options for Security 33 Summary 35 Chapter 2: Introducing Spring Security 36 What Is Spring Security? 36 Where Does Spring Security Fit In? 38 Spring Security Overview 41 What Is Spring Boot? 43 Spring Framework 6: A Quick Overview 44 JDK 17+ and Jakarta EE 9+ Baseline 45 General Core Revision 45 Core Container 45 Data Access and Transactions 46 Spring Messaging 47 General Web Revision 47 Spring MVC 47 Spring WebFlux 47 Observability 48 Pattern Matching 48 Testing 49 Dependency Injection 49 Aspect-Oriented Programming 51 What’s New in Spring Security 6? 53 Summary 59 Chapter 3: Setting up the Scene 60 Setting up the Development Environment 60 Creating a New Java Web Application Project 67 Adding Spring Security 6 to the Java Project 72 Spring Security 6 Source 73 Configuring the Spring Security 6 Web Project 80 Summary 89 Chapter 4: Spring Security Architecture and Design 90 What Components Make up Spring Security? 90 The 10,000-Foot View 90 The 1,000-Foot View 91 The 100-Foot View 92 The Security Interceptor 93 The XML Namespace 102 The Filters and Filter Chain 109 The Authentication Object 115 SecurityContext and SecurityContextHolder 118 AuthenticationProvider 121 AccessDecisionManager 123 AffirmativeBased 124 ConsensusBased 125 UnanimousBased 125 AccessDecisionVoter 125 UserDetailsService and AuthenticationUserDetailsService 128 UserDetails 129 ACL 130 JSP Taglib 130 Good Design and Patterns in Spring Security 131 Strategy Pattern 132 Decorator Pattern 132 SRP 133 DI 133 Summary 133 Chapter 5: Web Security 135 Configuring the new Spring Security 6 Project 140 The Special URLs 156 Custom Login Form 157 Basic HTTP Authentication 164 Digest Authentication 166 Remember-Me Authentication 169 Logging Out 172 Session Management 175 Summary 181 Chapter 6: Configuring Alternative Authentication Providers 182 LDAP Authentication 198 Using an Embedded LDAP 199 X.509 Authentication 211 OAuth 2.0 213 JSON Web Token 214 Spring WebSocket 215 Java Authentication and Authorization Service 216 Central Authentication Service 216 Summary 217 Chapter 7: Business Object Security with ACLs 218 ACL Key Concepts 218 Summary 223 Chapter 8: Open Authorization 2.0 (OAuth 2.0) and Spring Security 224 An Introduction to OAuth 2.0 224 OAuth 2.0 Security 226 Integrating OAuth 2.0 with Spring Security 227 OAuth 2.0 Login 230 Summary 251 Chapter 9: JSON Web Token (JWT) Authentication 252 The REST API 252 Introduction to JSON Web Token 255 Summary 292 Index 293 Security is a key element in the development of any non-trivial application. The Spring Security Framework provides a comprehensive set of functionalities to implement industry-standard authentication and authorization mechanisms for Java applications. Pro Spring Security will be a reference and advanced tutorial that will do the following: Guides you through the implementation of the security features for a Java web application by presenting consistent examples built from the ground-up. Demonstrates the different authentication and authorization methods to secure enterprise-level applications by using the Spring Security Framework. Provides you with a broader look into Spring security by including up-to-date use cases such as building a security layer for RESTful web services and Grails applications. Spring Framework 6.0 was released on November 16, 2022. It came with a Java 17+ baseline and a move to Jakarta EE 9+ (in the Jakarta namespace), focusing on the recently released Jakarta EE 10 APIs such as Servlet 6.0 and JPA 3.1. Spring’s current version’s core building blocks of dependency injection and aspect-oriented programming widely apply to many business and infrastructure concerns. Certainly, application security can benefit from these core functionalities. Even in version 6, Spring Security is an application level security framework built on top of the powerful Spring Framework that deals mainly with the core security concepts of authentication and authorization, which, also in version 6, are some of the fundamental functionalities of Spring Security.
دانلود کتاب Pro Spring security : securing Spring Framework 6 and Boot 3-based Java applications