Pro Spring Security: Securing Spring Framework 6 and Boot 3-Based Java Applications

Build and deploy secure Spring Framework and Spring Boot-based enterprise Java applications with the Spring Security Framework. This book explores a comprehensive set of functionalities to implement industry-standard authentication and authorization mechanisms for Java applications.
Pro Spring Security, Third Edition has been updated to incorporate the changes in Spring Framework 6 and Spring Boot 3. It is an advanced tutorial and reference that guides you through the implementation of the security features for a Java web application by presenting consistent examples built from the ground up.
This book also provides you with a broader look into Spring security by including up-to-date use cases such as building a security layer for RESTful web services and JSON Web Token applications.
What You Will Learn

• Explore the scope of security and how to use the Spring Security Framework
• Master Spring security architecture and design
• Secure the web tier in Spring
• Work with alternative authentication providers
• Take advantage of business objects and logic security
• Extend Spring security with other frameworks and languages
• Secure the service layer
• Secure the application with JSON Web Token

Who This Book Is For
Experienced Spring and Java developers with prior experience in building Spring Framework or Boot-based applications

使用Spring Security Framework來建立和部署安全的基於Spring Framework和Spring Boot的企業級Java應用程式。本書探討了一套全面的功能，用於實現Java應用程式的行業標準身份驗證和授權機制。

《Pro Spring Security, Third Edition》已更新以納入Spring Framework 6和Spring Boot 3的變化。這是一本高級教程和參考資料，通過從頭開始構建一致的示例，引導您實現Java Web應用程式的安全功能。

本書還通過包括構建RESTful Web服務和JSON Web Token應用程式的安全層等最新用例，為您提供了對Spring安全的更廣泛的了解。

您將學到什麼：
- 探索安全範圍以及如何使用Spring Security Framework
- 掌握Spring安全架構和設計
- 保護Spring的Web層
- 使用替代身份驗證提供者
- 利用業務對象和邏輯安全性
- 使用其他框架和語言擴展Spring安全性
- 保護服務層
- 使用JSON Web Token保護應用程式

本書適合對於使用Spring Framework或Boot構建應用程式具有經驗的Spring和Java開發人員。

Massimo Nardone has more than 27 years of experience in information and cybersecurity for IT/OT/IoT/IIoT, web/mobile development, cloud, and IT architecture. His true IT passions are security and Android. He has been programming and teaching how to program with Android, Perl, PHP, Java, VB, Python, C/C++, and MySQL for more than 27 years. He holds an M.Sc. degree in computing science from the University of Salerno, Italy. Throughout his working career, he has held various positions starting as programming developer, then security teacher, PCI QSA, Auditor, Assessor, Lead IT/OT/SCADA/SCADA/Cloud Architect, CISO, BISO, Executive, Program Director, OT/IoT/IIoT Security Competence Leader, etc.
In his last working engagement, he worked as a seasoned Cyber and Information Security Executive, CISO and OT, IoT and IIoT Security competence Leader helping many clients to develop and implement Cyber, Information, OT, IoT Security activities.

His technical skills include Security, OT/IoT/IIoT, Android, Cloud, Java, MySQL, Drupal, Cobol, Perl, web and mobile development, MongoDB, D3, Joomla!, Couchbase, C/C++, WebGL, Python, Pro Rails, Django CMS, Jekyll, and Scratch. He has served as a visiting lecturer and supervisor for exercises at the Networking Laboratory of the Helsinki University of Technology (Aalto University).

He stays current to industry and security trends, attending events, being part of a board such as the ISACA Finland Chapter Board, ISF, Nordic CISO Forum, Android Global Forum, etc.

He holds four international patents (PKI, SIP, SAML, and Proxy areas). He currently works as a Cyber Security Freelancer for IT/OT and IoT. He has reviewed more than 55 IT books for different publishers and has coauthored Pro JPA 2 in Java EE 8 (Apress, 2018), Beginning EJB in Java EE 8 (Apress, 2018), and Pro Android Games (Apress, 2015).
Carlo Scarioni is a passionate software developer, motivated by learning and applying innovative and interesting software development tools, techniques, and methodologies. He has worked for more than 18 years in the field and moved across multiple languages, paradigms, and subject areas. He also has many years of experience working with Java and its ecosystem. He has been in love with Spring since the beginning and he is fascinated by how Spring allows building complex applications out of discrete, focused modules and by the clever use of decorators to add cross-cutting functionalities. In the last few years he has been working mostly with data engineering solutions. He has been creating solutions around the use of modern data stack components in cloud environments, while at the same time developing software using technologies such as Spark, Python, and others.

Massimo Nardone在資訊和網路安全、IT/OT/IoT/IIoT、網頁/行動開發、雲端和IT架構方面擁有超過27年的經驗。他對安全和Android有著真正的熱情。他已經有超過27年的編程和教授如何使用Android、Perl、PHP、Java、VB、Python、C/C++和MySQL編程的經驗。他擁有義大利薩萊諾大學計算科學碩士學位。在他的職業生涯中，他擔任過多個職位，從編程開發人員開始，然後是安全教師、PCI QSA、審計員、評估員、IT/OT/SCADA/SCADA/雲端架構師、CISO、BISO、執行官、計劃總監、OT/IoT/IIoT安全能力領導者等等。

在他最後一份工作中，他擔任經驗豐富的網絡和信息安全執行官、CISO和OT、IoT和IIoT安全能力領導者，幫助許多客戶開發和實施網絡、信息、OT和IoT安全活動。

他的技術技能包括安全、OT/IoT/IIoT、Android、雲端、Java、MySQL、Drupal、Cobol、Perl、網頁和行動開發、MongoDB、D3、Joomla！、Couchbase、C/C++、WebGL、Python、Pro Rails、Django CMS、Jekyll和Scratch。他曾擔任赫爾辛基理工大學（阿爾托大學）網絡實驗室的客座講師和指導者。

他緊跟行業和安全趨勢，參加各種活動，並擔任ISACA芬蘭分會董事會、ISF、北歐CISO論壇、Android全球論壇等組織的成員。

他擁有四項國際專利（PKI、SIP、SAML和代理領域）。他目前擔任IT/OT和IoT的網絡安全自由工作者。他已經為不同的出版商審閱了55本IT書籍，並與他人合著了《Pro JPA 2 in Java EE 8》（Apress，2018）、《Beginning EJB in Java EE 8》（Apress，2018）和《Pro Android Games》（Apress，2015）。

Carlo Scarioni是一位充滿熱情的軟體開發人員，他熱衷於學習和應用創新和有趣的軟體開發工具、技術和方法論。他在這個領域已經工作了超過18年，並跨越了多種語言、範式和主題領域。他也有多年的Java和其生態系統的工作經驗。他從一開始就喜歡Spring，並對Spring如何允許將複雜應用程序建立為離散、專注的模塊，以及如何巧妙地使用裝飾器添加橫切功能感到著迷。在過去幾年中，他主要從事數據工程解決方案的工作。他在雲端環境中創建了使用現代數據堆棧組件的解決方案，同時使用Spark、Python等技術開發軟體。