book

Spring Boot: Up and Running

Name: Spring Boot: Up and Running
Author: Mark Heckler
ISBN: 9781492076988

by Mark Heckler

February 2021

Intermediate to advanced

325 pages

8h 15m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Preface
WelcomeConventions Used in This BookUsing Code ExamplesO’Reilly Online LearningHow to Contact UsAcknowledgments
1. Spring Boot in a Nutshell
Spring Boot’s Three Foundational FeaturesStarters for Simplified Dependency ManagementExecutable JARs for Simplified DeploymentAutoconfigurationSummary
2. Choosing Your Tools and Getting Started
Maven or Gradle?Apache MavenGradleChoosing Between Maven and GradleJava or Kotlin?JavaKotlinChoosing Between Java and KotlinChoosing a Version of Spring BootThe Spring InitializrStraight Outta CommandlineStaying In Integrated Development Environments (IDEs)Cruising Down main()Summary
3. Creating Your First Spring Boot REST API
The Hows and Whys of APIsWhat Is REST, and Why Does It Matter?Your API, HTTP Verb StyleBack to the InitializrCreating a Simple DomainGET-ting@RestController in a NutshellPOST-ingPUT-tingDELETE-ingAnd MoreTrust, but VerifySummary
4. Adding Database Access to Your Spring Boot App
Priming Autoconfig for Database AccessWhat Do We Hope to Gain?Adding a Database DependencyAdding CodeSaving and Retrieving DataA Bit of PolishingSummary
5. Configuring and Inspecting Your Spring Boot App
Application Configuration@Value@ConfigurationPropertiesPotential Third-Party OptionAutoconfiguration ReportActuatorGetting Actuator to Open UpBecoming More Environmentally Aware Using ActuatorTurning Up the Volume on Logging with ActuatorSummary
6. Really Digging into Data
Defining EntitiesTemplate SupportRepository Support@BeforeCreating a Template-Based Service Using RedisInitializing the ProjectDeveloping the Redis ServiceConverting from Template to RepositoryCreating a Repository-Based Service Using the Java Persistence API (JPA)Initializing the ProjectDeveloping the JPA (MySQL) ServiceLoading DataCreating a Repository-Based Service Using a NoSQL Document DatabaseInitializing the ProjectDeveloping the MongoDB ServiceCreating a Repository-Based Service Using a NoSQL Graph DatabaseInitializing the ProjectDeveloping the Neo4j ServiceSummary
7. Creating Applications Using Spring MVC
Spring MVC: What Does It Mean?End User Interactions Using Template EnginesInitializing the ProjectDeveloping the Aircraft Positions ApplicationPassing MessagesPowering Up PlaneFinderExtending the Aircraft Positions ApplicationCreating Conversations with WebSocketWhat Is WebSocket?Refactoring the Aircraft Positions ApplicationSummary
8. Reactive Programming with Project Reactor and Spring WebFlux
Introduction to Reactive ProgrammingProject ReactorTomcat versus NettyReactive Data AccessR2DBC with H2Reactive ThymeleafRSocket for Fully Reactive Interprocess CommunicationWhat Is RSocket?Putting RSocket to WorkSummary
9. Testing Spring Boot Applications for Increased Production Readiness
Unit TestingIntroducing @SpringBootTestImportant Unit Tests for the Aircraft Positions ApplicationRefactoring for Better TestingTesting SlicesSummary

10. Securing Your Spring Boot Application
Authentication and AuthorizationAuthenticationAuthorizationSpring Security in a NutshellThe HTTP FirewallSecurity Filter ChainsRequest and Response HeadersImplementing Forms-Based Authentication and Authorization with Spring SecurityAdding Spring Security DependenciesAdding AuthenticationAuthorizationImplementing OpenID Connect and OAuth2 for Authentication and AuthorizationAircraft Positions Client ApplicationPlaneFinder Resource ServerSummary
11. Deploying Your Spring Boot Application
Revisiting the Spring Boot Executable JARBuilding a “Fully Executable” Spring Boot JARWhat Does It Mean?Exploding JARsDeploying Spring Boot Applications to ContainersCreating a Container Image from an IDECreating a Container Image from the Command LineVerifying the Image ExistsRunning the Containerized ApplicationUtilities for Examining Spring Boot Application Container ImagesPackDiveSummary
12. Going Deeper with Reactive
When Reactive?Testing Reactive ApplicationsBut First, RefactoringAnd Now, the TestingDiagnosing and Debugging Reactive ApplicationsHooks.onOperatorDebug()CheckpointsReactorDebugAgent.init()Summary
Index
About the Author

Content preview from Spring Boot: Up and Running

Chapter 10. Securing Your Spring Boot Application

Understanding the concepts of authentication and authorization are critical to building secure applications, providing the foundations for user verification and access control. Spring Security combines options for authentication and authorization with other mechanisms like the HTTP Firewall, filter chains, extensive use of IETF and the World Wide Web Consortium (W3C) standards and options for exchanges, and more to help lock down applications. Adopting a secure out-of-the-box mindset, Spring Security leverages Boot’s powerful autoconfiguration to evaluate developer inputs and available dependencies to deliver maximal security for Spring Boot applications with minimal effort.

This chapter introduces and explains core aspects of security and how they apply to applications. I demonstrate multiple ways to incorporate Spring Security into Spring Boot apps to strengthen an application’s security posture, closing dangerous gaps in coverage and reducing attack surface area.

Code Checkout Checkup

Please check out branch chapter10begin from the code repository to begin.

Authentication and Authorization

Often used together, the terms authentication and authorization are related but separate concerns.

authentication: An act, process, or method of showing something (such as an identity, a piece of art, or a financial transaction) to be real, true, or genuine; the act or process of authenticating something.
authorization: 1: the act of ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781492076971Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design