Hands-On Spring Security 5 for Reactive Applications
Tomcy John更新时间:2021-07-23 19:00:11
最新章节:Leave a review - let other readers know what you think封面
Title Page
Copyright and Credits
Hands-On Spring Security 5 for Reactive Applications
Dedication
Packt Upsell
Why subscribe?
PacktPub.com
Contributors
About the author
About the reviewer
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Reviews
Overview of Spring 5 and Spring Security 5
How examples are structured
New-generation application requirements
Reactive programming
Reactive applications
Reactive Manifesto
Responsive
Resilient
Elastic
Message-driven
Spring Framework
Reactive Landscape in Java
Reactive Streams and Reactive Streams Specifications
Non-blocking
Backpressure
Reactive Extensions
RxJava
Reactive Streams and RxJava
JDK 9 additions
Important interfaces
The Publisher Interface
The Subscriber Interface
The Subscription interface
The Processor interface
Spring Framework and reactive applications
Modules in Reactor
Reactive types in Reactor Core
The Flux reative type
The Mono reactive type
Data stream types
Reactor and RxJava
Reactive Web Application
Spring WebFlux
Reactive Spring Web
WebClient
WebSockets
Application security
Spring Security
Spring Security terminologies
Spring Security's core features
Authentication
Authorization
Spring Security 5's new features
Working of Spring Security
Servlet Filter
Filter Chain
Security Interceptor (DelegatingFilterProxy)
Core Spring Security modules
Summary
Deep Diving into Spring Security
Authentication
Setting up AuthenticationManager
AuthenticationProvider
Custom AuthenticationProvider
Multiple AuthenticationProvider
Sample application
Base project setup
Step 1—Create a Maven project in IntelliJ IDEA
Step 2—pom.xml changes
Step 3—MySQL database schema setup
Step 4—Setting up MySQL database properties in your project
Step 5—Spring application configuration
Step 6—Web application configuration
Step 7—Spring MVC setup
Step 8—Controller setup
Step 9—JSP creation
Spring Security setup
Step 1—Spring Security configuration setup
Step 2—Spring Security setup for a web application
Running the application
In-memory user storage
Run as Spring Boot
Authorization
Web URL
Method invocation
Domain instance
Other Spring Security capabilities
Summary
Authentication Using SAML LDAP and OAuth/OIDC
Security Assertion Markup Language
Setting up an SSO provider
Setting up the project
The pom.xml file setup
The application.yml file setup
The Spring Security configuration files
The resources folder setup
Running and testing the application
Lightweight Directory Access Protocol
Set up dependencies in the pom.xml file
Spring Security configuration
LDAP server setup
Setting up users in the LDAP server
Running the application
Seeing the application in action on a browser
OAuth2 and OpenID Connect
Setting up a project
Bootstrap Spring project using Spring Initializr
Inclusion of OAuth libraries in pom.xml
Setting up provider details in application.properties
Provider setup
Default application change
The HomeController class
The home.jsp file
Spring Boot main application class change
Running the application
Summary
Authentication Using CAS and JAAS
CAS
CAS server setup
Git clone
Adding additional dependencies
Setting up the resources folder in the project
Creating the application.properties file
Creating a local SSL keystore
Creating the .crt file to be used by the client
Exporting the .crt file to Java and the JRE cacert keystore
Building a CAS server project and running it
Registering a client with the CAS server
JSON service configuration
Additional application.properties file changes
CAS client setup
Bootstrap Spring project using Spring Initializr
Including CAS libraries in pom.xml
Changing the application.properties file
Additional bean configuration
ServiceProperties bean
AuthenticationEntryPoint bean
TicketValidator bean
CasAuthenticationProvider bean
Setting up Spring Security
Creating the CasAuthenticationFilter bean
Setting up the controller
Running the application
Java Authentication and Authorization Service
Setting up a project
Setting up Maven project
Setting up LoginModule
Setting up a custom principal
Setting up a custom AuthorityGranter
Configuration files
Application configuration
Spring MVC configuration
Spring Security configuration
Controllers
Setting up pages
Running the application
Kerberos
Custom AuthenticationEntryPoint
Multiple AuthenticationEntryPoint
PasswordEncoder
Salt
Custom filters
Summary
Integrating with Spring WebFlux
Spring MVC versus WebFlux
When to choose what?
Reactive support in Spring 5
Reactive in Spring MVC
Spring WebFlux
HandlerFunction
RouterFunction
Spring WebFlux server support
Reactive WebClient
Reactive WebTestClient
Reactive WebSocket
Spring WebFlux authentication architecture
Spring WebFlux authorization
Sample project
WebFlux project setup
Maven setup
Configuration class
The SpringWebFluxConfig class
Repository
Handler and router
Bootstrap application
Running the application
Adding security
Configuration classes
The UserDetailsService bean
The SpringSecurityFilterChain bean
Running the application
CURL
Browser
WebClient
Maven setup
Creating a WebClient instance
Handling errors
Sending requests and retrieving responses
Running and testing the application
Unit testing (WebTestClient)
Maven dependency
Test class
Spring Data
Maven dependency
MongoDB configuration
Setting up a model
Implementing a repository
Implementing a controller
Running the application
Authorization
Method security
Customization
Writing custom filters
Using WebFilter
Using HandlerFilterFunction
Summary
REST API Security
Important concepts
REST
JSON Web Token (JWT)
Structure of a token
Header
Payload
Signature
Modern application architecture
SOFEA
Reactive REST API
Simple REST API security
Spring Security configuration
Authentication success handler
Custom WebFilter namely JWTAuthWebFilter
New controller classes
Running the application and testing
Advanced REST API security
OAuth2 roles
Resource owner
Resource server
Client
Authorization server
Authorization grant types
Authorization code flow
Implicit flow
Client credentials
Resource owner password credentials
Access Token and Refresh Token
Spring Security OAuth project
OAuth2 and Spring WebFlux
Spring Boot and OAuth2
Sample project
Authorization server
Maven dependencies
Spring Boot run class
Spring Security config
Authorization server config
Application properties
Resource server
Maven dependencies
Spring Boot run class
Resource server config
Spring Security config
Spring MVC config class
Controller class
Application properties
Client application
Maven dependencies
Spring Boot class
OAuth client config
Spring Security config
Controller classes
Templates
Application properties
Running the project
Summary
Spring Security Add-Ons
Remember-me authentication
Creating a new table in MySQL database
Spring Security configuration
The custom login page
Running the application and testing
Session management
CSRF
CSP
CSP using Spring Security
Channel security
CORS Support
The Crypto module
Password encoding
Encryption
Key generation
Secret management
Starting by unsealing Vault
The Spring Boot project
The Maven dependency
HTTP Data Integrity Validator
What is HDIV?
The Bootstrap project
Maven dependencies
Spring Security configuration
Spring MVC configuration
HDIV configuration
The Model class
The Controller class
Pages
Running the application
Custom DSL
Summary
Other Books You May Enjoy
Leave a review - let other readers know what you think
更新时间:2021-07-23 19:00:11