Pro Spring Security: Securing Spring Framework 6 and Boot 3-Based Java Applications
暫譯: Pro Spring Security:保護基於 Spring Framework 6 和 Boot 3 的 Java 應用程式
Nardone, Massimo, Scarioni, Carlo
商品描述
Pro Spring Security, Third Edition has been updated to incorporate the changes in Spring Framework 6 and Spring Boot 3. It is an advanced tutorial and reference that guides you through the implementation of the security features for a Java web application by presenting consistent examples built from the ground up.
This book also provides you with a broader look into Spring security by including up-to-date use cases such as building a security layer for RESTful web services and JSON Web Token applications.
What You Will Learn
- Explore the scope of security and how to use the Spring Security Framework
- Master Spring security architecture and design
- Secure the web tier in Spring
- Work with alternative authentication providers
- Take advantage of business objects and logic security
- Extend Spring security with other frameworks and languages
- Secure the service layer
- Secure the application with JSON Web Token
Who This Book Is For
Experienced Spring and Java developers with prior experience in building Spring Framework or Boot-based applications
商品描述(中文翻譯)
使用 Spring Security Framework 建立和部署安全的基於 Spring Framework 和 Spring Boot 的企業 Java 應用程式。本書探討了一套全面的功能,以實現 Java 應用程式的行業標準身份驗證和授權機制。
Pro Spring Security, 第三版已更新以納入 Spring Framework 6 和 Spring Boot 3 的變更。這是一本進階的教程和參考書,通過從頭開始構建一致的範例,指導您實現 Java 網頁應用程式的安全功能。
本書還提供了對 Spring Security 更廣泛的了解,包括最新的使用案例,例如為 RESTful 網路服務和 JSON Web Token 應用程式建立安全層。
您將學到什麼
- 探索安全的範疇以及如何使用 Spring Security Framework
- 掌握 Spring 安全架構和設計
- 保護 Spring 的網頁層
- 與替代身份驗證提供者合作
- 利用業務物件和邏輯安全
- 使用其他框架和語言擴展 Spring Security
- 保護服務層
- 使用 JSON Web Token 保護應用程式
本書適合誰
具有構建基於 Spring Framework 或 Spring Boot 應用程式經驗的資深 Spring 和 Java 開發人員
作者簡介
In his last working engagement, he worked as a seasoned Cyber and Information Security Executive, CISO and OT, IoT and IIoT Security competence Leader helping many clients to develop and implement Cyber, Information, OT, IoT Security activities.
His technical skills include Security, OT/IoT/IIoT, Android, Cloud, Java, MySQL, Drupal, Cobol, Perl, web and mobile development, MongoDB, D3, Joomla!, Couchbase, C/C++, WebGL, Python, Pro Rails, Django CMS, Jekyll, and Scratch. He has served as a visiting lecturer and supervisor for exercises at the Networking Laboratory of the Helsinki University of Technology (Aalto University).
He stays current to industry and security trends, attending events, being part of a board such as the ISACA Finland Chapter Board, ISF, Nordic CISO Forum, Android Global Forum, etc.
He holds four international patents (PKI, SIP, SAML, and Proxy areas). He currently works as a Cyber Security Freelancer for IT/OT and IoT. He has reviewed more than 55 IT books for different publishers and has coauthored Pro JPA 2 in Java EE 8 (Apress, 2018), Beginning EJB in Java EE 8 (Apress, 2018), and Pro Android Games (Apress, 2015).Carlo Scarioni is a passionate software developer, motivated by learning and applying innovative and interesting software development tools, techniques, and methodologies. He has worked for more than 18 years in the field and moved across multiple languages, paradigms, and subject areas. He also has many years of experience working with Java and its ecosystem. He has been in love with Spring since the beginning and he is fascinated by how Spring allows building complex applications out of discrete, focused modules and by the clever use of decorators to add cross-cutting functionalities. In the last few years he has been working mostly with data engineering solutions. He has been creating solutions around the use of modern data stack components in cloud environments, while at the same time developing software using technologies such as Spark, Python, and others.
作者簡介(中文翻譯)
Massimo Nardone 擁有超過 27 年的資訊與網路安全經驗,涵蓋 IT/OT/IoT/IIoT、網頁/行動開發、雲端及 IT 架構。他真正的 IT 熱情在於安全性和 Android。他已經編程並教授如何使用 Android、Perl、PHP、Java、VB、Python、C/C++ 和 MySQL 進行編程超過 27 年。他擁有義大利薩萊諾大學的計算科學碩士學位。在他的職業生涯中,他擔任過多個職位,從程式開發人員開始,然後是安全教師、PCI QSA、審計員、評估員、IT/OT/SCADA/雲端架構負責人、CISO、BISO、執行官、計畫總監、OT/IoT/IIoT 安全能力領導者等。
在他最近的工作中,他擔任資深的網路與資訊安全執行官、CISO 及 OT、IoT 和 IIoT 安全能力領導者,幫助許多客戶開發和實施網路、資訊、OT、IoT 安全活動。
他的技術技能包括安全性、OT/IoT/IIoT、Android、雲端、Java、MySQL、Drupal、Cobol、Perl、網頁和行動開發、MongoDB、D3、Joomla!、Couchbase、C/C++、WebGL、Python、Pro Rails、Django CMS、Jekyll 和 Scratch。他曾擔任赫爾辛基科技大學(阿爾托大學)網路實驗室的客座講師和實習指導老師。
他持續關注行業和安全趨勢,參加各種活動,並成為 ISACA 芬蘭分會董事會、ISF、北歐 CISO 論壇、Android 全球論壇等組織的成員。
他擁有四項國際專利(PKI、SIP、SAML 和 Proxy 領域)。他目前擔任 IT/OT 和 IoT 的網路安全自由工作者。他為不同的出版商審閱了超過 55 本 IT 書籍,並共同撰寫了 Pro JPA 2 in Java EE 8(Apress,2018)、Beginning EJB in Java EE 8(Apress,2018)和 Pro Android Games(Apress,2015)。Carlo Scarioni 是一位充滿熱情的軟體開發人員,熱衷於學習和應用創新且有趣的軟體開發工具、技術和方法論。他在這個領域工作超過 18 年,並跨越多種語言、範式和主題領域。他在 Java 及其生態系統方面也有多年經驗。他從一開始就愛上了 Spring,並對 Spring 如何通過離散、專注的模組構建複雜應用程序以及巧妙使用裝飾器來添加橫切功能感到著迷。在過去幾年中,他主要從事數據工程解決方案的工作。他一直在創建圍繞在雲端環境中使用現代數據堆棧組件的解決方案,同時使用 Spark、Python 等技術開發軟體。
