Build and deploy secure Spring Framework and Spring Boot-based enterprise Java applications with the Spring Security Framework. This book explores a comprehensive set of functionalities to implement industry-standard authentication and authorization mechanisms for Java applications.

Pro Spring Security, Third Edition has been updated to incorporate the changes in Spring Framework 6 and Spring Boot 3. It is an advanced tutorial and reference that guides you through the implementation of the security features for a Java web application by presenting consistent examples built from the ground up.

This book also provides you with a broader look into Spring security by including up-to-date use cases such as building a security layer for RESTful web services and JSON Web Token applications.

What You Will Learn

• Explore the scope of security and how to use the Spring Security Framework
• Master Spring security architecture and design
• Secure the web tier in Spring
• Work with alternative authentication providers
• Take advantage of business objects and logic security
• Extend Spring security with other frameworks and languages
• Secure the service layer
• Secure the application with JSON Web Token

Who This Book Is For

Experienced Spring and Java developers with prior experience in building Spring Framework or Boot-based applications

Table of Contents

Chapter 1: The Scope of Security

Chapter 2: Introducing Spring Security

Chapter 3: Setting up the Scene

Chapter 4: Spring Security Architecture and Design

Chapter 5: Web Security

Chapter 6: Configuring Alternative Authentication Providers

Chapter 7: Business Object Security with ACLs

Chapter 8: Open Authorization 2.0 (OAuth 2.0) and Spring Security

Chapter 9: JSON Web Token (JWT) Authentication

About the Authors

Massimo Nardone has more than 27 years of experience in information and cybersecurity for IT/OT/IoT/IIoT, web/mobile development, cloud, and IT architecture. His true IT passions are security and Android. He has been programming and teaching how to program with Android, Perl, PHP, Java, VB, Python, C/C++, and MySQL for more than 27 years. He holds an MSc degree in computing science from the University of Salerno, Italy. Throughout his working career, he has held various positions, starting as a programming developer, then security teacher, PCI QSA, auditor, assessor, lead IT/OT/SCADA/SCADA/ cloud architect, CISO, BISO, executive, program director, and OT/IoT/IIoT security competence leader.

In his last working engagement, he worked as a seasoned cyber and information security executive, CISO and OT, IoT and IIoT Security competence Leader, helping many clients to develop and implement Cyber, Information, OT, and IoT security activities. His technical skills include security, OT/IoT/IIoT, Android, cloud, Java, MySQL, Drupal, Cobol, Perl, web and mobile development, MongoDB, D3, Joomla!, Couchbase, C/C++, WebGL, Python, Pro Rails, Django CMS, Jekyll, and Scratch. He has served as a visiting lecturer and exercises supervisor at the Helsinki University of Technology (Aalto University) Networking Laboratory. He stays current with industry and security trends and is a board member of the ISACA Finland chapter, ISF, the Nordic CISO Forum, and the Android Global Forum. He holds four international patents (PKI, SIP, SAML, and Proxy areas). He currently works as a cybersecurity freelancer for IT/OT and IoT. Massimo has reviewed more than 55 IT books for different publishers and has coauthored Pro JPA 2 in Java EE 8 (Apress, 2018), Beginning EJB in Java EE 8 (Apress, 2018), and Pro Android Games (Apress, 2015).