Hands-On Spring Security 5 for Reactive Applications: Learn effective ways to secure your apps with Spring and Spring WebFlux

This document was uploaded by one of our users. The uploader already confirmed that they had the permission to publish it. If you are author/publisher or own the copyright of this documents, please report to us by using this DMCA report form.

Simply click on the Download Book button.

Yes, Book downloads on Ebookily are 100% Free.

Sometimes the book is free on Amazon As well, so go ahead and hit "Search on Amazon"

Pack; 2018; ISBN: 978-1788995979; 268 стр. Learn effective ways to secure your apps with Spring and Spring WebFlux. Key Features - Provide authentication, authorization and other security features for Java applications. - Learn how to secure microservices, cloud, and serverless applications easily - Understand the code behind the implementation of various security features Book Description Security is one of the most vital concerns for any organization. The complexity of an application is compounded when you need to integrate security with existing code, new technology, and other frameworks. This book will show you how to effectively write Java code that is robust and easy to maintain. Hands-On Spring Security 5 for Reactive Applications starts with the essential concepts of reactive programming, Spring Framework, and Spring Security. You will then learn about a variety of authentication mechanisms and how to integrate them easily with the Spring MVC application. You will also understand how to achieve authorization in a Spring WebFlux application using Spring Security.You will be able to explore the security confgurations required to achieve OAuth2 for securing REST APIs and integrate security in microservices and serverless applications. This book will guide you in integrating add-ons that will add value to any Spring Security module. By the end of the book, you will be proficient at integrating Spring Security in your Java applications What you will learn - Understand how Spring Framework and Reactive application programming are connected - Implement easy security confgurations with Spring Security expressions - Discover the relationship between OAuth2 and OpenID Connect - Secure microservices and serverless applications with Spring - Integrate add-ons, such as HDIV, Crypto Module, and CORS support - Apply Spring Security 5 features to enhance your Java reactive applications Who this book is for If you are a Java developer who wants to improve application security, then this book is for you. A basic understanding of Spring, Spring Security framework, and reactive applications is required to make the most of the book.

Author(s): John Tomcy
Publisher: Packt
Year: 2018

Language: English

Cover
Title Page
Copyright and Credits
Dedication
Packt Upsell
Contributors
Table of Contents
Preface
Chapter 1: Overview of Spring 5 and Spring Security 5
How examples are structured
New-generation application requirements
Reactive programming
Reactive applications
Reactive Manifesto
Responsive
Resilient
Elastic
Message-driven
Spring Framework
Reactive Landscape in Java
Reactive Streams and Reactive Streams Specifications
Non-blocking
Backpressure
Reactive Extensions
RxJava
Reactive Streams and RxJava
JDK 9 additions
Important interfaces
The Publisher Interface
The Subscriber Interface
The Subscription interface
The Processor interface
Spring Framework and reactive applications
Modules in Reactor
Reactive types in Reactor Core
The Flux reative type
The Mono reactive type
Data stream types
Reactor and RxJava
Reactive Web Application
Spring WebFlux
Reactive Spring Web
WebClient
WebSockets
Application security
Spring Security
Spring Security terminologies
Spring Security's core features
Authentication
Authorization
Spring Security 5's new features
Working of Spring Security
Servlet Filter
Filter Chain
Security Interceptor (DelegatingFilterProxy)
Core Spring Security modules
Summary
Chapter 2: Deep Diving into Spring Security
Authentication
Setting up AuthenticationManager
AuthenticationProvider
Custom AuthenticationProvider
Multiple AuthenticationProvider
Sample application
Base project setup
Step 1—Create a Maven project in IntelliJ IDEA
Step 2—pom.xml changes
Step 3—MySQL database schema setup
Step 4—Setting up MySQL database properties in your project
Step 5—Spring application configuration
Step 6—Web application configuration
Step 7—Spring MVC setup
Step 8—Controller setup
Step 9—JSP creation
Spring Security setup
Step 1—Spring Security configuration setup
Step 2—Spring Security setup for a web application
Running the application
In-memory user storage
Run as Spring Boot
Authorization
Web URL
Method invocation
Domain instance
Other Spring Security capabilities
Summary
Chapter 3: Authentication Using SAML, LDAP, and OAuth/OIDC
Security Assertion Markup Language
Setting up an SSO provider
Setting up the project
The pom.xml file setup
The application.yml file setup
The Spring Security configuration files
The resources folder setup
Running and testing the application
Lightweight Directory Access Protocol
Set up dependencies in the pom.xml file
Spring Security configuration
LDAP server setup
Setting up users in the LDAP server
Running the application
Seeing the application in action on a browser
OAuth2 and OpenID Connect
Setting up a project
Bootstrap Spring project using Spring Initializr
Inclusion of OAuth libraries in pom.xml
Setting up provider details in application.properties
Provider setup
Default application change
The HomeController class
The home.jsp file
Spring Boot main application class change
Running the application
Summary
Chapter 4: Authentication Using CAS and JAAS
CAS
CAS server setup
Git clone
Adding additional dependencies
Setting up the resources folder in the project
Creating the application.properties file
Creating a local SSL keystore
Creating the .crt file to be used by the client
Exporting the .crt file to Java and the JRE cacert keystore
Building a CAS server project and running it
Registering a client with the CAS server
JSON service configuration
Additional application.properties file changes
CAS client setup
Bootstrap Spring project using Spring Initializr
Including CAS libraries in pom.xml
Changing the application.properties file
Additional bean configuration
ServiceProperties bean
AuthenticationEntryPoint bean
TicketValidator bean
CasAuthenticationProvider bean
Setting up Spring Security
Creating the CasAuthenticationFilter bean
Setting up the controller
Running the application
Java Authentication and Authorization Service
Setting up a project
Setting up Maven project
Setting up LoginModule
Setting up a custom principal
Setting up a custom AuthorityGranter
Configuration files
Application configuration
Spring MVC configuration
Spring Security configuration
Controllers
Setting up pages
Running the application
Kerberos
Custom AuthenticationEntryPoint
Multiple AuthenticationEntryPoint
PasswordEncoder
Salt
Custom filters
Summary
Chapter 5: Integrating with Spring WebFlux
Spring MVC versus WebFlux
When to choose what?
Reactive support in Spring 5
Reactive in Spring MVC
Spring WebFlux
HandlerFunction
RouterFunction
Spring WebFlux server support
Reactive WebClient
Reactive WebTestClient
Reactive WebSocket
Spring WebFlux authentication architecture
Spring WebFlux authorization
Sample project
WebFlux project setup
Maven setup
Configuration class
The SpringWebFluxConfig class
Repository
Handler and router
Bootstrap application
Running the application
Adding security
Configuration classes
The UserDetailsService bean
The SpringSecurityFilterChain bean
Running the application
CURL
Browser
WebClient
Maven setup
Creating a WebClient instance
Handling errors
Sending requests and retrieving responses
Running and testing the application
Unit testing (WebTestClient)
Maven dependency
Test class
Spring Data
Maven dependency
MongoDB configuration
Setting up a model
Implementing a repository
Implementing a controller
Running the application
Authorization
Method security
Customization
Writing custom filters
Using WebFilter
Using HandlerFilterFunction
Summary
Chapter 6: REST API Security
Important concepts
REST
JSON Web Token (JWT)
Structure of a token
Header
Payload
Signature
Modern application architecture
SOFEA
Reactive REST API
Simple REST API security
Spring Security configuration
Authentication success handler
Custom WebFilter namely JWTAuthWebFilter
New controller classes
Running the application and testing
Advanced REST API security
OAuth2 roles
Resource owner
Resource server
Client
Authorization server
Authorization grant types
Authorization code flow
Implicit flow
Client credentials
Resource owner password credentials
Access Token and Refresh Token
Spring Security OAuth project
OAuth2 and Spring WebFlux
Spring Boot and OAuth2
Sample project
Authorization server
Maven dependencies
Spring Boot run class
Spring Security config
Authorization server config
Application properties
Resource server
Maven dependencies
Spring Boot run class
Resource server config
Spring Security config
Spring MVC config class
Controller class
Application properties
Client application
Maven dependencies
Spring Boot class
OAuth client config
Spring Security config
Controller classes
Templates
Application properties
Running the project
Summary
Chapter 7
: Spring Security Add-Ons
Remember-me authentication
Creating a new table in MySQL database
Spring Security configuration
The custom login page
Running the application and testing
Session management
CSRF
CSP
CSP using Spring Security
Channel security
CORS Support
The Crypto module
Password encoding
Encryption
Key generation
Secret management
Starting by unsealing Vault
The Spring Boot project
The Maven dependency
HTTP Data Integrity Validator
What is HDIV?
The Bootstrap project
Maven dependencies
Spring Security configuration
Spring MVC configuration
HDIV configuration
The Model class
The Controller class
Pages
Running the application
Custom DSL
Summary
Other Books You May Enjoy
Index