Spring Security - Fourth Edition: Effectively secure your web apps, RESTful services, cloud apps, and microservice architectures

Nasslahsen, Badr

  • 出版商: Packt Publishing
  • 出版日期: 2024-06-28
  • 售價: $1,810
  • 貴賓價: 9.5$1,720
  • 語言: 英文
  • 頁數: 596
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 183546050X
  • ISBN-13: 9781835460504
  • 相關分類: Java 相關技術資訊安全
  • 海外代購書籍(需單獨結帳)

相關主題

商品描述

Leverage the power of Spring Security 6 to protect your modern Java applications from hackers

Key Features

- Architect solutions that leverage Spring Security while remaining loosely coupled

- Implement authentication and authorization with SAML2, OAuth 2, hashing, and encryption algorithms

- Integrate Spring Security with technologies such as microservices, Kubernetes, the cloud, and GraalVM native images

- Purchase of the print or Kindle book includes a free PDF eBook

Book Description

Knowing that experienced hackers are constantly on the prowl to attack your apps can make security one of the most challenging concerns of creating an app. The complexity of properly securing an app is compounded when you must also integrate this factor with legacy code, new technologies, and other frameworks. This book will help you easily secure your Java apps with Spring Security, a trusted and highly customizable authentication and access control framework.

The book starts by showing you how to implement different authentication mechanisms before demonstrating how to properly restrict access to your app. You'll then cover tips for integrating Spring Security with popular web frameworks such as Thymeleaf. The book also features an example of how Spring Security defends against session fixation, moves into concurrency control, and how you can use session management for administrative functions. This fourth edition aligns with Java 17/21 and Spring Security 6, covering advanced security scenarios for RESTful web services and microservices. This ensures you gain a complete understanding of the issues surrounding stateless authentication and discover a concise approach to solving those issues.

By the end of this book, you'll be able to integrate Spring Security 6 with GraalVM native images seamlessly, from start to finish.

What you will learn

- Understand common security vulnerabilities and how to resolve them

- Implement authentication and authorization and learn how to map users to roles

- Integrate Spring Security with LDAP, Kerberos, SAML 2, OpenID, and OAuth

- Get to grips with the security challenges of RESTful web services and microservices

- Configure Spring Security to use Spring Data for authentication

- Integrate Spring Security with Spring Boot, Spring Data, and web applications

- Protect against common vulnerabilities like XSS, CSRF, and Clickjacking

Who this book is for

If you're a Java web developer or an architect with fundamental knowledge of Java 17/21, web services, and the Spring Framework, this book is for you. No previous experience with Spring Security is needed to get started with this book.

Table of Contents

- Anatomy of an Unsafe Application

- Getting Started with Spring Security

- Custom Authentication

- JDBC-based Authentication

- Authentication with Spring Data

- LDAP Directory Services

- Remember-me Services

- Client Certificate Authentication with TLS

- Opening up to OAuth 2

- SAML 2 Support

- Fine-Grained Access Control

- Access Control Lists

- Custom Authorization

- Session Management

- Additional Spring Security Features

- Migration to Spring Security 6

- Microservice Security with OAuth 2 and JSON Web Tokens

- Single Sign-On with the Central Authentication Service

- Build GraalVM Native Images

- Appendix - Additional Reference Material

商品描述(中文翻譯)

利用 Spring Security 6 的力量來保護您的現代 Java 應用程式免受駭客攻擊

主要特點
- 設計利用 Spring Security 的解決方案,同時保持鬆散耦合
- 使用 SAML2、OAuth 2、雜湊和加密演算法實現身份驗證和授權
- 將 Spring Security 與微服務、Kubernetes、雲端和 GraalVM 原生映像等技術整合
- 購買印刷版或 Kindle 版書籍可獲得免費 PDF 電子書

書籍描述
知道經驗豐富的駭客隨時可能攻擊您的應用程式,會使安全性成為開發應用程式時最具挑戰性的問題之一。當您還必須將這一因素與舊有代碼、新技術和其他框架整合時,正確保護應用程式的複雜性會加劇。本書將幫助您輕鬆地使用 Spring Security 來保護您的 Java 應用程式,這是一個值得信賴且高度可自定義的身份驗證和訪問控制框架。

本書首先展示如何實現不同的身份驗證機制,然後演示如何正確限制對應用程式的訪問。接著,您將學習如何將 Spring Security 與流行的網頁框架(如 Thymeleaf)整合。本書還提供了 Spring Security 如何防範會話固定攻擊的範例,並深入探討並發控制,以及如何使用會話管理進行管理功能。本第四版與 Java 17/21 和 Spring Security 6 對齊,涵蓋 RESTful 網路服務和微服務的進階安全場景。這確保您能全面理解無狀態身份驗證所面臨的問題,並發現解決這些問題的簡明方法。

在本書結束時,您將能夠從頭到尾無縫整合 Spring Security 6 與 GraalVM 原生映像。

您將學到的內容
- 了解常見的安全漏洞及其解決方法
- 實現身份驗證和授權,並學習如何將用戶映射到角色
- 將 Spring Security 與 LDAP、Kerberos、SAML 2、OpenID 和 OAuth 整合
- 理解 RESTful 網路服務和微服務的安全挑戰
- 配置 Spring Security 使用 Spring Data 進行身份驗證
- 將 Spring Security 與 Spring Boot、Spring Data 和網頁應用程式整合
- 防範常見漏洞,如 XSS、CSRF 和 Clickjacking

本書適合對象
如果您是 Java 網頁開發人員或具備 Java 17/21、網路服務和 Spring Framework 基本知識的架構師,本書適合您。開始閱讀本書不需要先前的 Spring Security 經驗。

目錄
- 不安全應用程式的解剖
- 開始使用 Spring Security
- 自定義身份驗證
- 基於 JDBC 的身份驗證
- 使用 Spring Data 的身份驗證
- LDAP 目錄服務
- 記住我服務
- 使用 TLS 的客戶端證書身份驗證
- 開放 OAuth 2
- SAML 2 支援
- 精細的訪問控制
- 訪問控制列表
- 自定義授權
- 會話管理
- 其他 Spring Security 功能
- 遷移到 Spring Security 6
- 使用 OAuth 2 和 JSON Web Tokens 的微服務安全
- 使用中央身份驗證服務的單一登入
- 建立 GraalVM 原生映像
- 附錄 - 其他參考資料