چه کسانی این کتاب را می‌خوانند

دانشجوعلاقه‌مند یادگیری
کتابخوان حرفه‌ایلذت مطالعه
نویسندهالهام‌گیری

Spring Security in Action, Second Edition

Laurentiu Spilca

قیمت نهایی

۴۴٬۰۰۰ تومان۴۹٬۰۰۰ تومان۱۰٪ تخفیف
  • تخفیف زمان‌دار−۵٬۰۰۰ تومان

۵٬۰۰۰ تومان صرفه‌جویی نسبت به قیمت اصلی

نسخه اصلی و اورجینال

بلافاصله پس از خرید، فایل کتاب روی دستگاه شما آمادهٔ دانلود است.

تحویل فوری
پرداخت امن
ضمانت فایل
پشتیبانی

مشخصات کتاب

نویسنده
Laurentiu Spilca
سال انتشار
۲۰۲۴
فرمت
EPUB
زبان
انگلیسی
حجم فایل
۶٫۶ مگابایت
شابک
9781633437975، 1633437973

دربارهٔ کتاب

Design and develop Spring applications that are secure right from the start. In Spring Security in Action, Second Edition you will learn essential security skills including how to: Implement and customize authentication and authorization Set up all components of an OAuth 2/OpenID Connect system Utilize CRSF and CORS configurations Secure Spring reactive applications Write tests for security configurations Spring Security in Action, Second Edition is a revised version of the bestselling original, fully updated for Spring Boot 3 and Oauth2/OpenID Connect. This new edition covers the latest patterns for application-level security in Spring apps, demonstrating how Spring Security simplifies every step of the security process. Code samples and useful real-world examples give you hands-on experience of protecting your apps from common threats such as injection attacks and poor monitoring. About the technology Spring Security is essential for any Java developer looking to master authentication and authorization in Spring apps. By adopting "secure by design" principles with Spring Security's out-of-the-box features, you can protect your apps from data theft and unauthorized intrusions. About the book Spring Security in Action, Second Edition reveals the Spring Security techniques and tools you need to defend your apps against attack. In this book, author Lauren?iu Spilca, a skilled Java and Spring developer, will teach you how to build your own authorization server, manage system users, configure secure endpoints, and prevent cross-site scripting and request forgery attacks. This new second edition delves into the OAuth 2/OpenID Connect stack and details SecurityFilterChain for security configuration. Don't let security be an afterthought. Start protecting your apps from the first line of code! About the reader For experienced Java and Spring developers. About the author Laurentiu Spilca is a skilled Java and Spring developer and an experienced technology instructor. He is also the author of Manning’s Spring Start Here and Troubleshooting Java. Praise for the first edition Spring Security in Action Copyright contents front matter foreword preface acknowledgments about this book Who should read this book? How this book is organized: A roadmap About the code liveBook discussion forum about the author about the cover illustration Part 1. Say hello to Spring Security 1 Security today 1.1 Discovering Spring Security 1.2 What is software security? 1.3 Why is security important? 1.4 What will you learn in this book? Summary 2 Hello, Spring Security 2.1 Starting your first project 2.2 The big picture of Spring Security class design 2.3 Overriding default configurations 2.3.1 Customizing user details management 2.3.2 Applying authorization at the endpoint level 2.3.3 Configuring in different ways 2.3.4 Defining custom authentication logic 2.3.5 Using multiple configuration classes Summary Part 2. Configuring authentication 3 Managing users 3.1 Implementing authentication in Spring Security 3.2 Describing the user 3.2.1 Describing users with the UserDetails contract 3.2.2 Detailing on the GrantedAuthority contract 3.2.3 Writing a minimal implementation of UserDetails 3.2.4 Using a builder to create instances of the UserDetails type 3.2.5 Combining multiple responsibilities related to the user 3.3 Instructing Spring Security on how to manage users 3.3.1 Understanding the UserDetailsService contract 3.3.2 Implementing the UserDetailsService contract 3.3.3 Implementing the UserDetailsManager contract Summary 4 Managing passwords 4.1 Using password encoders 4.1.1 The PasswordEncoder contract 4.1.2 Implementing your PasswordEncoder 4.1.3 Choosing from the provided PasswordEncoder implementations 4.1.4 Multiple encoding strategies with DelegatingPasswordEncoder 4.2 Taking advantage of the Spring Security Crypto module 4.2.1 Using key generators 4.2.2 Encrypting and decrypting secrets using encryptors Summary 5 A web app’s security begins with filters 5.1 Implementing filters in the Spring Security architecture 5.2 Adding a filter before an existing one in the chain 5.3 Adding a filter after an existing one in the chain 5.4 Adding a filter at the location of another in the chain 5.5 Filter implementations provided by Spring Security Summary 6 Implementing authentications 6.1 Understanding the AuthenticationProvider 6.1.1 Representing the request during authentication 6.1.2 Implementing custom authentication logic 6.1.3 Applying custom authentication logic 6.2 Using the SecurityContext 6.2.1 Using a holding strategy for the security context 6.2.2 Using a holding strategy for asynchronous calls 6.2.3 Using a holding strategy for standalone applications 6.2.4 Forwarding the security context with DelegatingSecurityContextRunnable 6.2.5 Forwarding the security context with DelegatingSecurityContextExecutorService 6.3 Understanding HTTP Basic and form-based login authentications 6.3.1 Using and configuring HTTP Basic 6.3.2 Implementing authentication with form-based login Summary Part 3. Configuring authorization 7 Configuring endpoint-level authorization: Restricting access 7.1 Restricting access based on authorities and roles 7.1.1 Restricting access for all endpoints based on user authorities 7.1.2 Restricting access for all endpoints based on user roles 7.1.3 Restricting access to all endpoints Summary 8 Configuring endpoint-level authorization: Applying restrictions 8.1 Using the requestMatchers() method to select endpoints 8.2 Selecting requests to apply authorization restrictions 8.3 Using regular expressions with request matchers Summary 9 Configuring CSRF protection 9.1 How CSRF protection works in Spring Security 9.2 Using CSRF protection in practical scenarios 9.3 Customizing CSRF protection Summary 10 Configuring CORS 10.1 How does CORS work? 10.2 Applying CORS policies with the @CrossOrigin annotation 10.3 Applying CORS using a CorsConfigurer Summary 11 Implementing authorization at the method level 11.1 Enabling method security 11.1.1 Understanding call authorization 11.1.2 Enabling method security in your project 11.2 Applying preauthorization rules 11.3 Applying postauthorization rules 11.4 Implementing permissions for methods Summary 12 Implementing filtering at the method level 12.1 Applying prefiltering for method authorization 12.2 Applying postfiltering for method authorization 12.3 Using filtering in Spring Data repositories Summary Part 4. Implementing OAuth 2 and OpenID Connect 13 What are OAuth 2 and OpenID Connect? 13.1 The big picture of OAuth 2 and OpenID Connect 13.2 Using various token implementations 13.2.1 Using opaque tokens 13.2.2 Using non-opaque tokens 13.3 Obtaining tokens through various grant types 13.3.1 Getting a token using the authorization code grant type 13.3.2 Applying PKCE protection to the authorization code grant type 13.3.3 Getting a token with the client credentials grant type 13.3.4 Using refresh tokens to get new access tokens 13.4 What OpenID Connect brings to OAuth 2 13.5 The sins of OAuth 2 Summary 14 Implementing an OAuth 2 authorization server 14.1 Implementing basic authentication using JSON web tokens 14.2 Running the authorization code grant type 14.3 Running the client credentials grant type 14.4 Using opaque tokens and introspection 14.5 Revoking tokens Summary 15 Implementing an OAuth 2 resource server 15.1 Configuring JWT validation 15.2 Using customized JWTs 15.3 Configuring token validation through introspection 15.4 Implementing multitenant systems Summary 16 Implementing an OAuth 2 client 16.1 Implementing OAuth 2 login 16.1.1 Implementing authentication with a common provider 16.1.2 Giving the user more possibilities 16.1.3 Using a custom authorization server 16.1.4 Adding flexibility to your configurations 16.1.5 Managing authorization for an OAuth 2 login 16.2 Implementing an OAuth 2 client Summary Part 5. Going reactive 17 Implementing security in reactive applications 17.1 What are reactive apps? 17.2 User management in reactive apps 17.3 Configuring authorization rules in reactive apps 17.3.1 Applying authorization at the endpoint layer in reactive apps 17.3.2 Using method security in reactive apps 17.4 Creating a reactive OAuth 2 resource server Summary Part 6. Testing security configurations 18 Testing security configurations 18.1 Using mock users for tests 18.2 Testing with users from a UserDetailsService 18.3 Using custom Authentication objects for testing 18.4 Testing method security 18.5 Testing authentication 18.6 Testing CSRF configurations 18.7 Testing CORS configurations 18.8 Testing reactive Spring Security implementations Summary Appendix A. Links to official documentation Appendix B. Further reading For Spring Framework in general Spring in Action, Sixth Edition by Craig Walls (Manning, 2022) Spring Boot Up & Running by Mark Heckler (O’Reilly Media, 2022) Spring Start Here by Laurențiu Spilcă (Manning, 2021) To help you learn more about building your Java app’s persistence layer High-Performance Java Persistence by Vlad Mihalcea (self-published, 2019) Java Persistence with Spring Data and Hibernate, Third Edition by Cătălin Tudose (Manning, 2023) JUnit in Action, Third Edition by Cătălin Tudose (Manning, 2021) index

قیمت نهایی

۴۴٬۰۰۰ تومان