What do you think?
Rate this book
Spring Security in Action
Spring Security in Action shows you how to prevent cross-site scripting and request forgery attacks before they do damage. You’ll start with the basics, simulating password upgrades and adding multiple types of authorization. As your skills grow, you'll adapt Spring Security to new architectures and create advanced OAuth2 configurations. By the time you're done, you'll have a customized Spring Security configuration that protects against threats both common and extraordinary.Summary While creating secure applications is critically important, it can also be tedious and time-consuming to stitch together the required collection of tools. For Java developers, the powerful Spring Security framework makes it easy for you to bake security into your software from the very beginning. Filled with code samples and practical examples, Spring Security in Action teaches you how to secure your apps from the most common threats, ranging from injection attacks to lackluster monitoring. In it, you'll learn how to manage system users, configure secure endpoints, and use OAuth2 and OpenID Connect for authentication and authorization. Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications. About the technology Security is non-negotiable. You rely on Spring applications to transmit data, verify credentials, and prevent attacks. Adopting "secure by design" principles will protect your network from data theft and unauthorized intrusions. About the book Spring Security in Action shows you how to prevent cross-site scripting and request forgery attacks before they do damage. You’ll start with the basics, simulating password upgrades and adding multiple types of authorization. As your skills grow, you'll adapt Spring Security to new architectures and create advanced OAuth2 configurations. By the time you're done, you'll have a customized Spring Security configuration that protects against threats both common and extraordinary. What's inside Encoding passwords and authenticating users Securing endpoints Automating security testing Setting up a standalone authorization server About the reader For experienced Java and Spring developers. About the author Laurentiu Spilca is a dedicated development lead and trainer at Endava, with over ten years of Java experience. Table of Contents PART 1 - FIRST STEPS 1 Security Today 2 Hello Spring Security PART 2 - IMPLEMENTATION 3 Managing users 4 Dealing with passwords 5 Implementing authentication 6 A small secured web application 7 Configuring Restricting access 8 Configuring Applying restrictions 9 Implementing filters 10 Applying CSRF protection and CORS 11 A separation of responsibilities 12 How does OAuth 2 work? 13 OAuth 2: Implementing the authorization server 14 OAuth 2: Implementing the resource server 15 OAuth 2: Using JWT and cryptogr
559 pages, Kindle Edition
Published October 1, 2020
21 people are currently reading
118 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 6 of 6 reviews
March 27, 2022
Overall, a pleasant read, information is neatly presented, together with diagrams and good explanations.
Unfortunately, this book is already outdated, as the Security Oauth2 Authorization is deprecated and is no longer maintained, being replaced with Spring's Authorization Server. This was the reason to buy this book, as the Oauth2 flow is a bit more complicated and the author's breakdown is welcomed. The new implementation is pretty dissimilar, so only the basic principles from the author's book helped me in this regard.
Otherwise, I'd say that except for the explanations of the Spring Security Filter Chain and a few other points, the information presented is pretty trivial and can be easily accessed via Spring Security docs / youtube official channel.
Recommend only if you prefer the structured aspect of a book, but again, I would pay attention to the deprecated Auth server implementation.
Unfortunately, this book is already outdated, as the Security Oauth2 Authorization is deprecated and is no longer maintained, being replaced with Spring's Authorization Server. This was the reason to buy this book, as the Oauth2 flow is a bit more complicated and the author's breakdown is welcomed. The new implementation is pretty dissimilar, so only the basic principles from the author's book helped me in this regard.
Otherwise, I'd say that except for the explanations of the Spring Security Filter Chain and a few other points, the information presented is pretty trivial and can be easily accessed via Spring Security docs / youtube official channel.
Recommend only if you prefer the structured aspect of a book, but again, I would pay attention to the deprecated Auth server implementation.
January 30, 2021
For sure it's the best book about spring security... Comprehensive and really useful tanks mr laurentiu
May 23, 2025
A good book to read for Spring Security. There is a new edition of this book, and the codes presented in this book are deprecated, but the information provided in the book is very relevant. This book presents the architecture of Spring Security, including Authentication Filters, AuthenticationManager, AuthenticationProvider, AuthenticationToken, and many more concepts in an understandable way. Before reading the book, I got confused whenever I needed to look at any Spring Security configuration or create one. But now, I am confident enough to handle any Spring Security requirements. If you also need to understand Spring Security and apply it precisely, then I highly recommend that you read the latest edition of this book.
partially-read
September 22, 2022Read very very quickly and not thoroughly, just to get knowledge. So can't evaluate it, but in general, I found a couple of useful ideas. So, maybe will reread it in the future when needed
May 31, 2024
Excellent text on Spring Security, the 2nd Edition release in Feb 24 covers Spring Security 6 along with Auth and Resource Server implementation. Easy to digest and covers in good details.
November 28, 2020
Great for beginners to get a vast overview of the security concepts, especially in spring framework
Displaying 1 - 6 of 6 reviews