A personal practice to cover Spring Security Based on this book
- Security Today
- Hello Spring Securiy
- Managing users
- Dealing with passwords
- Implementing authentication
- Hands-on:A small secured web application
- Configuring authorization: Restricting access
- Configuring authorization: Applying restrictions
- Implementing filters
- Applying CSRF protection and CORS
- Hands on: A separation of responsibilities
- How does OAuth2 work?
- OAuth2: Implementing the authorization server
- OAuth2: Implementing the resource server
- OAuth2: Using JWT and cryptographic signatures
- Global method security:Pre- and postauthorizations
- Global method security:Pre- and postfiltering
- Hands-on:An OAuth 2 application
- Spring Security for reactive apps
- Spring Security testing
- Spring Security: The what and the why
- What is software security?
- Why is security important?
- Common security vulnerabilities in web applications
- Security applied in various architectures
- What will you learn in this book?
- Starting with the first project
- Which are the default configurations?
- Overriding default configurations
- Implementing authentication in Spring Security
- Describing the user
- Instructing Spring Security on how to manage users
- Understanding the PasswordEncoder contract
- More about the Spring Security Crypto module
- Understanding the AuthenticationProvider
- Using the SecurityContext
- Understanding HTTP Basic and form-based login authentications
- Project requirements and setup
- Implementing user management
- Implementing custom authentication logic
- Implementing the main page
- Running and testing the application
- Restricting access based on authorities and roles
- Using matcher methods to select endpoints
- Selecting requests for authorization using MVC matchers
- Selecting requests for authorization using Ant matchers
- Selecting requests for authorization using regex matchers
- Implementing filters in the Spring Security architecture
- Adding a filter before an existing one in the chain
- Adding a filter after an existing one in the chain
- Adding a filter at the location of another in the chain
- Filter implementations provided by Spring Security
- Applying cross-site request forgery (CSRF) protection in applications
- Using cross-origin resource sharing
- The scenario and requirements of the example
- Implementing and using tokens
- Implementing the authentication server
- Implementing the business logic server
- The OAuth 2 framework
- The components of the OAuth 2 authentication architecture
- Implementation choices with OAuth 2
- The sins of OAuth 2
- Implementing a simple single sign-on application
- Writing your own authorization server implementation
- Defining user management
- Registering clients with the authorization server
- Using the password grant type
- Using the authorization code grant type
- Using the client credentials grant type
- Using the refresh token grant type
- Implementing a resource server
- Checking the token remotely
- Implementing blackboarding with a JdbcTokenStore
- A short comparison of approaches
- Using tokens signed with symmetric keys with JWT
- Using tokens signed with asymmetric keys with JWT
- Adding custom details to the JWT
- Enabling global method security
- Applying preauthorization for authorities and roles
- Applying postauthorization
- Implementing permissions for methods
- Applying prefiltering for method authorization
- Applying postfiltering for method authorization
- Using filtering in Spring Data repositories
- The application scenario
- Configuring Keycloak as an authorization server
- Implementing the resource server
- Testing the application
- What are reactive apps?
- User management in reactive apps
- Configuring authorization rules in reactive apps
- Reactive apps and OAuth 2
- Using mock users for tests
- Testing with users from a UserDetailsService
- Using custom Authentication objects for testing
- Testing method security
- Testing authentication
- Testing CSRF configurations
- Testing CORS configurations
- Testing reactive Spring Security implementations