Hands-On Spring Security 5 for Reactive Applications电子书

Title Page

Copyright and Credits

Hands-On Spring Security 5 for Reactive Applications

Dedication

Packt Upsell

Why subscribe?

PacktPub.com

Contributors

About the author

About the reviewer

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the example code files

Download the color images

Conventions used

Get in touch

Reviews

Overview of Spring 5 and Spring Security 5

How examples are structured

New-generation application requirements

Reactive programming

Reactive applications

Reactive Manifesto

Responsive

Resilient

Elastic

Message-driven

Spring Framework

Reactive Landscape in Java

Reactive Streams and Reactive Streams Specifications

Non-blocking

Backpressure

Reactive Extensions

RxJava

Reactive Streams and RxJava

JDK 9 additions

Important interfaces

The Publisher Interface

The Subscriber Interface

The Subscription interface

The Processor interface

Spring Framework and reactive applications

Modules in Reactor

Reactive types in Reactor Core

The Flux reative type

The Mono reactive type

Data stream types

Reactor and RxJava

Reactive Web Application

Spring WebFlux

Reactive Spring Web

WebClient

WebSockets

Application security

Spring Security

Spring Security terminologies

Spring Security's core features

Authentication

Authorization

Spring Security 5's new features

Working of Spring Security

Servlet Filter

Filter Chain

Security Interceptor (DelegatingFilterProxy)

Core Spring Security modules

Summary

Deep Diving into Spring Security

Authentication

Setting up AuthenticationManager

AuthenticationProvider

Custom AuthenticationProvider

Multiple AuthenticationProvider

Sample application

Base project setup

Step 1—Create a Maven project in IntelliJ IDEA

Step 2—pom.xml changes

Step 3—MySQL database schema setup

Step 4—Setting up MySQL database properties in your project

Step 5—Spring application configuration

Step 6—Web application configuration

Step 7—Spring MVC setup

Step 8—Controller setup

Step 9—JSP creation

Spring Security setup

Step 1—Spring Security configuration setup

Step 2—Spring Security setup for a web application

Running the application

In-memory user storage

Run as Spring Boot

Authorization

Web URL

Method invocation

Domain instance

Other Spring Security capabilities

Summary

Authentication Using SAML, LDAP, and OAuth/OIDC

Security Assertion Markup Language

Setting up an SSO provider

Setting up the project

The pom.xml file setup

The application.yml file setup

The Spring Security configuration files

The resources folder setup

Running and testing the application

Lightweight Directory Access Protocol

Set up dependencies in the pom.xml file

Spring Security configuration

LDAP server setup

Setting up users in the LDAP server

Running the application

Seeing the application in action on a browser

OAuth2 and OpenID Connect

Setting up a project

Bootstrap Spring project using Spring Initializr

Inclusion of OAuth libraries in pom.xml

Setting up provider details in application.properties

Provider setup

Default application change

The HomeController class

The home.jsp file

Spring Boot main application class change

Running the application

Summary

Authentication Using CAS and JAAS

CAS

CAS server setup

Git clone

Adding additional dependencies

Setting up the resources folder in the project

Creating the application.properties file

Creating a local SSL keystore

Creating the .crt file to be used by the client

Exporting the .crt file to Java and the JRE cacert keystore

Building a CAS server project and running it

Registering a client with the CAS server

JSON service configuration

Additional application.properties file changes

CAS client setup

Bootstrap Spring project using Spring Initializr

Including CAS libraries in pom.xml

Changing the application.properties file

Additional bean configuration

ServiceProperties bean

AuthenticationEntryPoint bean

TicketValidator bean

CasAuthenticationProvider bean

Setting up Spring Security

Creating the CasAuthenticationFilter bean

Setting up the controller

Running the application

Java Authentication and Authorization Service

Setting up a project

Setting up Maven project

Setting up LoginModule

Setting up a custom principal

Setting up a custom AuthorityGranter

Configuration files

Application configuration

Spring MVC configuration

Spring Security configuration

Controllers

Setting up pages

Running the application

Kerberos

Custom AuthenticationEntryPoint

Multiple AuthenticationEntryPoint

PasswordEncoder

Salt

Custom filters

Summary

Integrating with Spring WebFlux

Spring MVC versus WebFlux

When to choose what?

Reactive support in Spring 5

Reactive in Spring MVC

Spring WebFlux

HandlerFunction

RouterFunction

Spring WebFlux server support

Reactive WebClient

Reactive WebTestClient

Reactive WebSocket

Spring WebFlux authentication architecture

Spring WebFlux authorization

Sample project

WebFlux project setup

Maven setup

Configuration class

The SpringWebFluxConfig class

Repository

Handler and router

Bootstrap application

Running the application

Adding security

Configuration classes

The UserDetailsService bean

The SpringSecurityFilterChain bean

Running the application

CURL

Browser

WebClient

Maven setup

Creating a WebClient instance

Handling errors

Sending requests and retrieving responses

Running and testing the application

Unit testing (WebTestClient)

Maven dependency

Test class

Spring Data

Maven dependency

MongoDB configuration

Setting up a model

Implementing a repository

Implementing a controller

Running the application

Authorization

Method security

Customization

Writing custom filters

Using WebFilter

Using HandlerFilterFunction

Summary

REST API Security

Important concepts

REST

JSON Web Token (JWT)

Structure of a token

Header

Payload

Signature

Modern application architecture

SOFEA

Reactive REST API

Simple REST API security

Spring Security configuration

Authentication success handler

Custom WebFilter namely JWTAuthWebFilter

New controller classes

Running the application and testing

Advanced REST API security

OAuth2 roles

Resource owner

Resource server

Client

Authorization server

Authorization grant types

Authorization code flow

Implicit flow

Client credentials

Resource owner password credentials

Access Token and Refresh Token

Spring Security OAuth project

OAuth2 and Spring WebFlux

Spring Boot and OAuth2

Sample project

Authorization server

Maven dependencies

Spring Boot run class

Spring Security config

Authorization server config

Application properties

Resource server

Maven dependencies

Spring Boot run class

Resource server config

Spring Security config

Spring MVC config class

Controller class

Application properties

Client application

Maven dependencies

Spring Boot class

OAuth client config

Spring Security config

Controller classes

Templates

Application properties

Running the project

Summary

Spring Security Add-Ons

Remember-me authentication

Creating a new table in MySQL database

Spring Security configuration

The custom login page

Running the application and testing

Session management

CSRF

CSP

CSP using Spring Security

Channel security

CORS Support

The Crypto module

Password encoding

Encryption

Key generation

Secret management

Starting by unsealing Vault

The Spring Boot project

The Maven dependency

HTTP Data Integrity Validator

What is HDIV?

The Bootstrap project

Maven dependencies

Spring Security configuration

Spring MVC configuration

HDIV configuration

The Model class

The Controller class

Pages

Running the application

Custom DSL

Summary

Other Books You May Enjoy

Leave a review - let other readers know what you think