Instant Spring Security Starter
暫譯: 即時 Spring Security 入門指南

Learn the fundamentals of web authentication and authorization using Spring Security

Overview

• Learn something new in an Instant! A short, fast, focused guide delivering immediate results
• Learn basic login/password and two-phase authentication
• Secure access all the way from frontend to backend
• Learn about the available security models, SPEL, and pragmatic considerations

In Detail

When it comes to security, you need a proven but easy to understand solution. Spring Security is a highly customizable authentication and access-control JVM framework with a 10 year history. It has most of the answers to your security questions ready out of the box, while still allowing you to customize and configure everything you need.

Instant Spring Security Starter will help you get started with Spring Security in one evening of reading and one day of programming. Focusing only on the aspects of Spring Security that are most useful in practice, this book explains the architectural concepts of the framework in a simple and straightforward manner.

You will start off by learning the big picture and how to set up Spring Security, which will give you a better understanding of the fundamentals of the framework. You will be introduced to the authentication and authorization flows and the different possible models of security. The book will then teach you how to secure methods and web resources with business rules and will discuss the reasons for using two-phase authentication. You will also learn about aspects that you need to watch out for, and how to deal with them in integration tests. Furthermore, we will also cover the common pitfalls, mistakes, and open Single Sign-on solutions. By the end of the book, you will have learned how to use Spring Security effectively, and the book will also show you a few advanced but very popular solutions to modern problems.

What you will learn from this book

• Understand two-phase authentication
• Secure methods in the backend
• Write integration tests with access control
• Secure the backend for REST services and single-page applications

Approach

Get to grips with a new technology, understand what it is and what it can do for you, and then get to work with the most important features and tasks. A concise guide written in an easy-to-follow format following the Starter guide approach.

Who this book is written for

This book is for people who have not used Spring Security before and want to learn how to use it effectively in a short amount of time. It is assumed that readers know both Java and HTTP protocol at the level of basic web programming. The reader should also be familiar with Inversion-of-Control/Dependency Injection, preferably with the Spring framework itself.