Spring Security Core: Beginner to Guru

Spring Security Core: Beginner to Guru

by John Thompson
Released September 2020
Publisher(s): Packt Publishing
ISBN: 9781800560000

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Video description

Increasing cases of online security breaches have made it important for every organization to ensure that their applications are secure. With this video course, you'll explore Spring Security techniques that'll help you in authenticating and authorizing users, and protecting your applications from hazardous security breaches.

The course begins with an introduction to Spring Security, enabling you to understand its importance in securing framework applications. You’ll leverage the auto-configuration capabilities of Spring Boot to secure a web application using HTTP basic authentication. Next, you’ll learn how to replace and customize the default Spring Boot auto-configuration with the help of a series of exercises. Moving ahead, you’ll discover the unique security aspects in a Spring Boot web application that mimics a robust monolithic application with web pages and RESTful endpoints. Later, you’ll follow a Test-Driven Development (TDD) approach to understand the features of Spring Security. With the help of interesting examples, you’ll also be able to write a failing test using JUnit 5, Mockito, and Spring MockMVC.

By the end of this video course, you’ll have developed the skills you need to use Spring Security to secure your framework applications

What You Will Learn

  • Set up an environment on your local machine for Spring Security
  • Secure applications using Spring Security
  • Protect your application against common web security vulnerabilities
  • Authenticate application users and authorize user actions
  • Test user access with the Test-Driven Development (TDD) approach
  • Unlock accounts automatically after a period of time

Audience

If you are a Spring framework application developer who wants to secure enterprise and Java framework applications with Spring Security, then this video course is for you. A good understanding of Java, Spring Framework 5, JUnit, Mockito, and web applications is recommended before getting started with this course. Knowledge of HTTP, Apache Maven, and SQL will also be beneficial.

About The Author

John Thompson: John Thompson has been in the IT industry for over 20 years. Today, he specializes mainly in Java, the most successful and widely known programming language in use today. He also specializes in the Spring Framework, which the most popular open-source application framework for building enterprise-class applications on the Java platform. Just some of the organizations he worked with include Visa, Kohls, Federal Home Loan Bank, and Belk Department Stores. Through the courses he is providing, he hopes to leverage his years of experience to accelerate your learning of the Spring Framework. The Spring Framework is a big framework. The environment for enterprise Java is even bigger. If you're new to Java, you have a lot to learn.

Table of contents

  1. Chapter 1 : Introduction
    1. Introduction
    2. What Will You Build in Your Spring Security Course?
    3. Getting the Most Out of Your Course!
    4. Setting up Your Development Environment
  2. Chapter 2 : Introduction to Spring Security
    1. Introduction
    2. Application Security 101
    3. Introducing Spring Security
    4. Open Web Application Security Project (OWASP) Common Web Vulnerabilities
    5. Cross-Site Scripting (XSS)
    6. Cross-Site Request Forgery (CSRF)
  3. Chapter 3 : HTTP Basic Auth
    1. Introduction
    2. Overview of HTTP Basic Authentication
    3. SFG Brewery Code Review
    4. Spring Security Default Basic Auth
    5. Customizing Username and Password
    6. Testing Spring Security with JUnit 5
    7. Testing HTTP Basic Auth
    8. Spring Security Filter Chain
  4. Chapter 4 : Spring Security Java Configuration
    1. Introduction
    2. Permit All with URL Pattern Matching
    3. HTTP Method Matching
    4. Spring Model-View-Controller (MVC) Path Matchers
  5. Chapter 5 : In-Memory Authentication Provider
    1. Introduction
    2. Spring Security Authentication Process
    3. User Details Service
    4. In-Memory Authentication Fluent API
    5. Assignment - Add User
  6. Chapter 6 : Password Security
    1. Introduction
    2. Password Encoding
    3. Message-Digest Algorithm (MD5) Hash and Password Salt
    4. NoOpPasswordEncoder
    5. LdapPasswordEncoder
    6. Secured Hash Algorithm 256 (SHA-256) Password Encoder
    7. BCryptPasswordEncoder
    8. Delegating Password Encoder
    9. Custom Delegating Password Encoder
    10. Assignment - Add Custom Bcrypt Encoder
  7. Chapter 7 : Custom Authentication Filter
    1. Introduction
    2. Custom Authentication Filter Overview
    3. Delete Beer by the ID MockMvc Test
    4. Custom Authentication Filter
    5. Spring Security Configuration
    6. Debugging Spring Security
    7. Custom doFilter Method
    8. Custom Failure Handler
  8. Chapter 8 : Database Authentication
    1. Introduction
    2. Database Authentication Overview
    3. Java Persistence API (JPA) Entities
    4. Project Lombok Configuration
    5. Spring Data Java Persistence API (JPA) Repositories
    6. Assignment - Bootstrap User Data
    7. Hypersonic 2 (H2) Database Console Access
    8. User Details Service
    9. Spring Security Configuration
    10. 8.10Spring Boot Test Context
  9. Chapter 9 : User Roles
    1. Introduction
    2. Authorization in Spring Security
    3. Configuring User Roles
    4. Verify Role in Filter - Delete
    5. Assignment - Limit List Breweries to Customer
    6. Allow Multiple Roles
    7. Refactor JUnit 5 Tests
    8. Assignment - Use Multiple Roles
    9. Introduction to Method Security
    10. Security Expression Based Syntax
    11. Assignment - Use Method Expression
  10. Chapter 10 : User Authorities
    1. Introduction
    2. Overview Database Refactoring
    3. Update Java Persistence API (JPA) Configuration
    4. Defining Roles for Beer Operations
    5. Assignment - Define Roles for Customer Operations
    6. Update Spring Security for RESTful Beer API
    7. Assignment - Update Remaining Controllers
    8. Custom Authorization Annotations
    9. Assignment - Update to Use Custom Auth Annotations
  11. Chapter 11 : Multi-tenancy Security
    1. Introduction
    2. Multi-tenancy Overview
    3. Order Controller Code Review
    4. Define Roles for Beer Orders
    5. Update Java Persistence API (JPA) User
    6. User Customer Java Persistence API (JPA) Mapping
    7. Refactor Bootstrap Data
    8. Test-driven development (TDD) - Write Failing Tests
    9. Custom Authentication Manager
    10. Secure Read Order
    11. Using Authentication Principle
    12. Spring Security with Spring Data Java Persistence API (JPA)
  12. Chapter 12 : Cross-Site Request Forgery (CSRF) Protection with Spring Security
    1. Enable Cross-Site Request Forgery (CSRF) Protection in Spring Security
    2. Cross-Site Request Forgery (CSRF) with Spring MockMvc
    3. Update Customer Forms with Cross-Site Request Forgery (CSRF)
    4. Assignment - Update Beer Form with Cross-Site Request Forgery (CSRF)
  13. Chapter 13 : Login Form
    1. Tag Library Overview
    2. Add Login Form to Index Page
    3. Add Logout Action
    4. Update Java Configuration for Login Form
    5. Login and Logout Messages
    6. Show Elements by User Permission
  14. Chapter 14 : Remember Me
    1. Remember Me Overview
    2. Simple Hash-Based Token Remember Me
    3. Persistent Token Remember Me
  15. Chapter 15 : User Lockout Using Spring Security Events
    1. Overview of Spring Security Authentication Events
    2. Configuration of Spring Security Event Publisher
    3. Logging Off Authentication Success Events
    4. Persistence of Authentication Success Events
    5. Locking User Account After Failed Attempts
    6. Account Locked Message
    7. Automatically Unlocking Accounts After a Period of Time
  16. Chapter 16 : Two-factor Authentication (2FA)
    1. Two-factor Authentication (2FA) Overview
    2. Google Authenticator with Spring Security
    3. Configure User Entity for Two-factor Authentication (2FA)
    4. Configure Two-factor Authentication (2FA) Registration Controller
    5. Configure Google Secret Persistence
    6. Generate Quick Response Code (QR Code) for Google Authenticator
    7. Verify Two-factor Authentication (2FA) Opt-In
    8. Two-factor Authentication (2FA) Verification UI
    9. Spring Security Two-factor Authentication (2FA) Filter
    10. Spring Security Two-factor Authentication (2FA) Failure Handler
    11. Exclude Static Resources from Filter
    12. Java Configuration and Two-factor Authentication (2FA) Demo
    13. Two-factor Authentication (2FA) Retrospective
  17. Chapter 17 : Cross-Origin Resource Sharing (CORS)
    1. Overview of Cross-Origin Resource Sharing (CORS)
    2. Disable Spring Security for Testing
    3. Spring Model-View-Controller (MVC) Cross-Origin Resource Sharing (CORS) Configuration
    4. Spring Model-View-Controller (MVC) Cross-Origin Resource Sharing (CORS) Annotation Config
    5. Spring Security Cross-Origin Resource Sharing (CORS) Configuration

Product information

  • Title: Spring Security Core: Beginner to Guru
  • Author(s): John Thompson
  • Release date: September 2020
  • Publisher(s): Packt Publishing
  • ISBN: 9781800560000