31,19 €
Mehr erfahren.
- Herausgeber: Packt Publishing
- Kategorie: Wissenschaft und neue Technologien
- Sprache: Englisch
A fast-paced guide for securing your Spring applications effectively with the Spring Security framework
About This Book
- Explore various security concepts using real-time examples of the Spring Security framework
- Learn about the functionalities that implement industry standard authentication and authorization mechanisms to secure enterprise-level applications
- Design and develop advanced Spring Security layers by following a step-by-step approach
Who This Book Is For
If you are a developer who is familiar with Spring and you are looking to explore its security features, then this book is for you. All beginners and experienced users will benefit from this book since it is explores both the theory and practical usage in detail.
What You Will Learn
- See industry standard security implementations in action
- Understand the principles of security servers, concepts, installation, and integration
- Use Spring Extensions for various security mechanisms
- Get to grips with the internals of the tools and servers involved in the security layer
- Work through practical projects and working programs
- Compare different security servers and techniques
- Use the sample projects in practical, real-time applications
- Get further readings and guidance on advanced security mechanisms
In Detail
Spring Security is a framework that focuses on providing both authentication and authorization to Java applications. Like all Spring projects, the real power of Spring Security is how easily it can be extended to meet custom requirements. The popularity of the Spring framework is increasing and the security package of Spring addresses vast mechanisms of Security in a rich way. Due to an increasing number of applications for various business needs, the integration of multiple applications is becoming inevitable. The standard security procedures available across multiple implementations in Spring will protect vulnerable applications that are open to larger public and private audiences.
Spring Security Essentials focuses on the need to master the security layer, which is an area not often explored by a Spring developer.
At the beginning, we'll introduce various industry standard security mechanisms and the practical ways to integrate with them. We will also teach you about some up-to-date use cases such as building a security layer for RESTful web services and applications.
The IDEs used and security servers involved are briefly explained, including the steps to install them. Many sample projects are also provided to help you practice your newly developed skills. Step-by-step instructions will help you master the security layer integration with the Server, then implement the experience gained from this book in your own real-time application.
Style and approach
This practical guide is packed with detailed explanations of the underlying concepts, as well as screenshots and working examples that guarantee hands-on learning.
Sie lesen das E-Book in den Legimi-Apps auf:
Seitenzahl: 106
Veröffentlichungsjahr: 2016
Ähnliche
Table of Contents
Spring Security Essentials
Spring Security Essentials
Copyright © 2016 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: January 2016
Production reference: 1060116
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78528-262-1
www.packtpub.com
Credits
Author
Nanda Nachimuthu
Reviewer
Vinoth Kumar Purushothaman
Commissioning Editor
Dipika Gaonkar
Acquisition Editor
Kevin Colaco
Content Development Editor
Preeti Singh
Technical Editor
Pranil Pathare
Copy Editor
Vibha Shukla
Project Coordinator
Shweta H Birwatkar
Proofreader
Safis Editing
Indexer
Mariammal Chettiyar
Production Coordinator
Conidon Miranda
Cover Work
Conidon Miranda
About the Author
Nanda Nachimuthu works as a principal architect with Emirates Airlines, Dubai. He grew up in a joint family set up and holds an engineering degree from Tamil Nadu Agricultural University and an advanced Internet programming certification from IIT Kharagpur.
He has 18 years of experience in IT, which includes 12 years as an architect in various technologies such as J2EE, SOA, ESB, Cloud, big data, and mobility. He has designed, architected, and delivered many national and large-scale commercial projects. He is also involved in design and development of various products in the insurance, finance, logistics, and life sciences domains.
His hobbies include travelling, painting, and literature. He is also involved in various pro bono consulting activities, where he finds a way to utilize his extra time and innovative ideas in order to become practical and useful for the society. He is the founder of JCOE.in, a portal that deals with the Java Center of Excellence (CoE) activities, which is useful for the Java community and companies.
First, I would like to thank my wife Rathi for pushing me to man up and complete the book. Next, I would like to thank my mom Maruthayee for her blessings, encouragement, and moral support. I cannot simply forget the cooperation of my daughter Shravanthi and son Shashank, who have always played and fought with me since the inception of this book, which turned out to be a great help for me to reduce some stress.
About the Reviewer
Vinoth Kumar Purushothaman, a graduate from University of Madras, specializes in architecture design. He has 18 years of experience in design and development of large-scale applications in banking, telecommunication, automobile, e-commerce, and life sciences using Java, J2EE, service-oriented architecture framework components and big data.
www.PacktPub.com
Support files, eBooks, discount offers, and more
For support files and downloads related to your book, please visit www.PacktPub.com.
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at <[email protected]> for more details.
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
https://www2.packtpub.com/books/subscription/packtlib
Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can search, access, and read Packt's entire library of books.
Why subscribe?
Free access for Packt account holders
If you have an account with Packt at www.PacktPub.com, you can use this to access PacktLib today and view 9 entirely free books. Simply use your login credentials for immediate access.
Preface
Spring Security Essentials focuses on the Spring Security framework. There are three essential aspects to application security: authentication, authorization, and access control list (ACL). We will be concentrating on these three aspects in this book. This book will teach the readers the functionalities required to implement industry-standard authentication and authorization mechanisms to secure enterprise-level applications using the Spring Security framework. It will help the readers to explore the Spring Security framework as a Java model and develop advanced techniques, including custom user realms, custom authorization constraints, method-based authorization, and instance-based authorization. It will also teach up-to-date use cases, such as building a security layer for RESTful web services and applications.
Spring Security Essentials focuses on the need to master the security layer, which is an area that is not often explored by a Spring developer. The IDEs that are used and the security servers that are involved are briefly explained in the book, including the steps to install them. Many sample projects are provided in order to help you practice your newly developed skills. Step-by-step instructions are provided to help you master the security layer integration with the server, and then implement the experience gained from this book in your real-time application.
What this book covers
Chapter 1, Getting Started with Spring Security, explores the various flavors of Spring Security implementations that are available in the Spring 4.0.3 framework, along with the Spring 3.2.3 module. We dive into each of the options in detail with the help of practical examples. I recommend you have a good understanding of the application development environment (ADE) for various technologies that we will address, such as LDAP, SAML, Wicket, and so on.
Chapter 2, Spring Security with SAML, covers the basics of the Spring 4.0 Web MVC creation and build tools, such as Maven and Gradle, as a recap and practice session. We create a web-based MVC project and explore the open source implementations of SAML 2.0 that are available as Identity providers.
You will learn about Spring 4.0 SAML Extensions in order to implement single sign-on and sign-off by connecting to the SSOCircle web-based authentication mechanism.
Chapter 3, Spring Security with LDAP, covers the basics of LDAP and the different implementations available. It covers the features of Apache Directory Server and the steps involved in installing ApacheDS and Studio with Spring Tool Suite. We will create a directory and the values for different departments and users.
Chapter 4, Spring Security with AOP, explains the basic terminologies of Aspect-Oriented Programming. We go through a few simple examples of Spring AOP and AspectJ. The use of annotation is explained using samples and we will implement AOP security for method-level and UI Component creation. You can extend the features and implementations that are described in this chapter in your real-time applications in order to avoid the complexities that are involved in cross-cutting concerns.
Chapter 5, Spring Security with ACL, introduces the basics of access control lists and the available classes and interfaces in the Spring ACL package. We will see a few working examples of the basic ACL implementation with various access privileges for a given principal.
Chapter 6, Spring Security with JSF, covers the JSF basics and required Spring Security configurations. We create a sample project from scratch and explain each artifact.
Chapter 7, Spring Security with Apache Wicket, starts with basic the Apache Wicket application structure and a sample project. We cover the configurations that are required from the Spring perspective and dependencies required in the Maven POM file. We make the security credentials settings in the Spring Security file and execute the sample application by entering different security credentials for different types of user.
Chapter 8, Integrating Spring Security with SOAP Web Services, covers the basics of the Spring Web Services package and the different types of SOAP Web service creation. We execute and test the authentication of the SOAP message as well.
Chapter 9, Building a Security Layer for RESTful Web Services, starts with basics of RESTful web services and their advantages. We develop a basic Spring implementation to configure the Security credentials entry points and success handlers. We also execute RESTful web services through the cURL command-line utility to check Spring Security authentication in action.
Chapter 10, Integrating Spring Security with JAAS, covers JAAS basics, Spring JAAS Security package components and developing a Spring JAAS implementation project and executing it.
What you need for this book
You need to have fair knowledge of Java, and knowing the basics of Spring is recommended.
Who this book is for
If you are a developer who is familiar with Spring and are looking to explore its security features, then this book is for you. All beginners and experienced users will benefit from this book as it explores both the theory and practical use in detail.
Conventions
In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.
Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "In these scenarios, we will have to set the security authorization constraints in a secured way in the web.xml file."
New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: "The user clicks on the Logout button and the instance executes the logout script."
Note
Warnings or important notes appear in a box like this.
Tip
Tips and tricks appear like this.
