چه کسانی این کتاب را می‌خوانند

دانشجوعلاقه‌مند یادگیری
کتابخوان حرفه‌ایلذت مطالعه
نویسندهالهام‌گیری

Spring Security in Action, 2nd Edition (Final Release)

Laurentiu Spilca

قیمت نهایی

۴۴٬۰۰۰ تومان۴۹٬۰۰۰ تومان۱۰٪ تخفیف
  • تخفیف زمان‌دار−۵٬۰۰۰ تومان

۵٬۰۰۰ تومان صرفه‌جویی نسبت به قیمت اصلی

نسخه اصلی و اورجینال

بلافاصله پس از خرید، فایل کتاب روی دستگاه شما آمادهٔ دانلود است.

تحویل فوری
پرداخت امن
ضمانت فایل
پشتیبانی

مشخصات کتاب

نویسنده
Laurentiu Spilca
سال انتشار
۲۰۲۴
فرمت
PDF
زبان
انگلیسی
حجم فایل
۱۱٫۸ مگابایت
شابک
9781633437975، 1633437973

دربارهٔ کتاب

Don't let security be an afterthought. Spring Security in Action, Second Edition is your vital companion to robust, secure applications that are protected right from the first line of code. Spring Security in Action, Second Edition is a revised version of the bestselling original, fully updated for Spring Boot 3 and Oauth2/OpenID Connect. In Spring Security in Action, Second Edition you will learn essential security skills including how to: • Implement and customize authentication and authorization • Set up all components of an OAuth2/OpenID Connect system • Utilize CRSF and CORS configurations • Secure Spring reactive applications • Write tests for security configurations Whether you’re a beginner or a pro, Spring Security in Action, Second Edition teaches you how to secure your Java applications from the ground up. Author Laurentiu Spilca distills his years of experience as a skilled Java and Spring developer into an indispensable guide to everything security—from authentication and authorization, to testing security configurations. This new edition covers the latest patterns for application-level security in Spring apps, demonstrating how Spring Security simplifies every step of the security process. Foreword by Joe Grandja. About the technology Spring Security makes it much, much easier to secure enterprise-scale Java applications. This powerful framework integrates with Spring apps end to end, with “secure by design” principles and ready-to-use features that help you implement robust authorization and authentication and protect against data theft and intrusions. And like everything else in the Spring ecosystem, it’s free, open source, and backed by the awesome team at VMWare. About the book Spring Security in Action, Second Edition updates this bestselling guide to Spring Security to include deep coverage of OAuth2/OpenID Connect and security configuration using the new SecurityFilterChain. The crystal clear explanations and relevant examples, teach you how to build your own authorization server, configure secure endpoints, and prevent cross-site scripting and request forgery attacks. What's inside • Custom authentication and authorization • CRSF and CORS configurations • Secure Spring reactive applications • Write tests for security configurations About the reader For experienced Java and Spring developers. About the author Laurentiu Spilca is a skilled Java and Spring developer and an experienced technology instructor. He is also the author of Manning’s Spring Start Here and Troubleshooting Java. Praise for the first edition brief contents contents foreword preface acknowledgments about this book Who should read this book? How this book is organized: A roadmap About the code liveBook discussion forum about the author about the cover illustration Part 1 1 Security today 1.1 Discovering Spring Security 1.2 What is software security? 1.3 Why is security important? 1.4 What will you learn in this book? 2 Hello, Spring Security 2.1 Starting your first project 2.2 The big picture of Spring Security class design 2.3 Overriding default configurations 2.3.1 Customizing user details management 2.3.2 Applying authorization at the endpoint level 2.3.3 Configuring in different ways 2.3.4 Defining custom authentication logic 2.3.5 Using multiple configuration classes Part 2 3 Managing users 3.1 Implementing authentication in Spring Security 3.2 Describing the user 3.2.1 Describing users with the UserDetails contract 3.2.2 Detailing on the GrantedAuthority contract 3.2.3 Writing a minimal implementation of UserDetails 3.2.4 Using a builder to create instances of the UserDetails type 3.2.5 Combining multiple responsibilities related to the user 3.3 Instructing Spring Security on how to manage users 3.3.1 Understanding the UserDetailsService contract 3.3.2 Implementing the UserDetailsService contract 3.3.3 Implementing the UserDetailsManager contract 4 Managing passwords 4.1 Using password encoders 4.1.1 The PasswordEncoder contract 4.1.2 Implementing your PasswordEncoder 4.1.3 Choosing from the provided PasswordEncoder implementations 4.1.4 Multiple encoding strategies with DelegatingPasswordEncoder 4.2 Taking advantage of the Spring Security Crypto module 4.2.1 Using key generators 4.2.2 Encrypting and decrypting secrets using encryptors 5 A web app’s security begins with filters 5.1 Implementing filters in the Spring Security architecture 5.2 Adding a filter before an existing one in the chain 5.3 Adding a filter after an existing one in the chain 5.4 Adding a filter at the location of another in the chain 5.5 Filter implementations provided by Spring Security 6 Implementing authentications 6.1 Understanding the AuthenticationProvider 6.1.1 Representing the request during authentication 6.1.2 Implementing custom authentication logic 6.1.3 Applying custom authentication logic 6.2 Using the SecurityContext 6.2.1 Using a holding strategy for the security context 6.2.2 Using a holding strategy for asynchronous calls 6.2.3 Using a holding strategy for standalone applications 6.2.4 Forwarding the security context with DelegatingSecurityContextRunnable 6.2.5 Forwarding the security context with DelegatingSecurityContextExecutorService 6.3 Understanding HTTP Basic and form-based login authentications 6.3.1 Using and configuring HTTP Basic 6.3.2 Implementing authentication with form-based login Part 3 7 Configuring endpoint-level 7.1 Restricting access based on authorities and roles 7.1.1 Restricting access for all endpoints based on user authorities 7.1.2 Restricting access for all endpoints based on user roles 7.1.3 Restricting access to all endpoints 8 Configuring endpoint-level authorization: Applying restrictions 8.1 Using the requestMatchers() method to select endpoints 8.2 Selecting requests to apply authorization restrictions 8.3 Using regular expressions with request matchers 9 Configuring CSRF protection 9.1 How CSRF protection works in Spring Security 9.2 Using CSRF protection in practical scenarios 9.3 Customizing CSRF protection 10 Configuring CORS 10.1 How does CORS work? 10.2 Applying CORS policies with the @CrossOrigin annotation 10.3 Applying CORS using a CorsConfigurer 11 Implementing authorization at the method level 11.1 Enabling method security 11.1.1 Understanding call authorization 11.1.2 Enabling method security in your project 11.2 Applying preauthorization rules 11.3 Applying postauthorization rules 11.4 Implementing permissions for methods 12 Implementing filtering at the method level 12.1 Applying prefiltering for method authorization 12.2 Applying postfiltering for method authorization 12.3 Using filtering in Spring Data repositories Part 4 13 What are OAuth 2 13.1 The big picture of OAuth 2 and OpenID Connect 13.2 Using various token implementations 13.2.1 Using opaque tokens 13.2.2 Using non-opaque tokens 13.3 Obtaining tokens through various grant types 13.3.1 Getting a token using the authorization code grant type 13.3.2 Applying PKCE protection to the authorization code grant type 13.3.3 Getting a token with the client credentials grant type 13.3.4 Using refresh tokens to get new access tokens 13.4 What OpenID Connect brings to OAuth 2 13.5 The sins of OAuth 2 14 Implementing an OAuth 2 authorization server 14.1 Implementing basic authentication using JSON web tokens 14.2 Running the authorization code grant type 14.3 Running the client credentials grant type 14.4 Using opaque tokens and introspection 14.5 Revoking tokens 15 Implementing an OAuth 2 resource server 15.1 Configuring JWT validation 15.2 Using customized JWTs 15.3 Configuring token validation through introspection 15.4 Implementing multitenant systems 16 Implementing an 16.1 Implementing OAuth 2 login 16.1.1 Implementing authentication with a common provider 16.1.2 Giving the user more possibilities 16.1.3 Using a custom authorization server 16.1.4 Adding flexibility to your configurations 16.1.5 Managing authorization for an OAuth 2 login 16.2 Implementing an OAuth 2 client Part 5 17 Implementing security 17.1 What are reactive apps? 17.2 User management in reactive apps 17.3 Configuring authorization rules in reactive apps 17.3.1 Applying authorization at the endpoint layer in reactive apps 17.3.2 Using method security in reactive apps 17.4 Creating a reactive OAuth 2 resource server Part 6 18 Testing security 18.1 Using mock users for tests 18.2 Testing with users from a UserDetailsService 18.3 Using custom Authentication objects for testing 18.4 Testing method security 18.5 Testing authentication 18.6 Testing CSRF configurations 18.7 Testing CORS configurations 18.8 Testing reactive Spring Security implementations A Links to official B Further reading index Don't let security be an afterthought. Spring Security in Action, Second Edition is your vital companion to robust, secure applications that are protected right from the first line of code. Spring Security in Action, Second Edition is a revised version of the bestselling original, fully updated for Spring Boot 3 and Oauth2/OpenID Connect. In Spring Security in Action, Second Edition you will learn essential security skills including how to: Implement and customize authentication and authorization Set up all components of an OAuth2/OpenID Connect system Utilize CRSF and CORS configurations Secure Spring reactive applications Write tests for security configurations Whether you’re a beginner or a pro, Spring Security in Action, Second Edition teaches you how to secure your Java applications from the ground up. Author Laurențiu Spilcă distills his years of experience as a skilled Java and Spring developer into an indispensable guide to everything security—from authentication and authorization, to testing security configurations. This new edition covers the latest patterns for application-level security in Spring apps, demonstrating how Spring Security simplifies every step of the security process. About the technologySpring Security makes it much, much easier to secure enterprise-scale Java applications. This powerful framework integrates with Spring apps end to end, with “secure by design” principles and ready-to-use features that help you implement robust authorization and authentication and protect against data theft and intrusions. And like everything else in the Spring ecosystem, it’s free, open source, and backed by the awesome team at VMWare. About the readerFor experienced Java and Spring developers. About the authorLaurențiu Spilcă is a skilled Java and Spring developer and an experienced technology instructor. He is also the author of Manning Design and develop Spring applications that are secure right from the start. In Spring Security in Action, Second Edition you will learn essential security skills including how Spring Security in Action, Second Edition is a revised version of the bestselling original, fully updated for Spring Boot 3 and Oauth2/OpenID Connect. This new edition covers the latest patterns for application-level security in Spring apps, demonstrating how Spring Security simplifies every step of the security process. Code samples and useful real-world examples give you hands-on experience of protecting your apps from common threats such as injection attacks and poor monitoring. About the technology Spring Security is essential for any Java developer looking to master authentication and authorization in Spring apps. By adopting "secure by design" principles with Spring Security's out-of-the-box features, you can protect your apps from data theft and unauthorized intrusions. About the book Spring Security in Action, Second Edition reveals the Spring Security techniques and tools you need to defend your apps against attack. In this book, author Lauren?iu Spilca, a skilled Java and Spring developer, will teach you how to build your own authorization server, manage system users, configure secure endpoints, and prevent cross-site scripting and request forgery attacks. This new second edition delves into the OAuth 2/OpenID Connect stack and details SecurityFilterChain for security configuration. Don't let security be an afterthought. Start protecting your apps from the first line of code! About the reader For experienced Java and Spring developers. About the author Laurentiu Spilca is a skilled Java and Spring developer and an experienced technology instructor. He is also the author of Mannings Spring Start Here and Troubleshooting Java.

قیمت نهایی

۴۴٬۰۰۰ تومان