Spring Boot - Security
Spring Boot - Security
Version: 2.0 - Date: 04.2021
About the Book
This is third Book in the series
Intention of this Book is to quickly get you started with Spring Boot security like: Authentication, Authorization, Roles, Authorities, Credentials, Login Form, Username, Password, CSRF, CORS, Remember Me, 2FA, JWT.
The core of this Book are standalone tutorials that explain different functionalities of Spring Boot.
Each tutorial contains minimum amount of code needed to explain specific functionality.
And also minimum amount of encompassing text that explains related theory and different parts of the code.
This approach allows students to grasp presented concepts in a very fast and efficient manner.
Full code, which can also be downloaded from GitHub, prevents any time being wasted trying to make the code work.
Simple examples allow for full understanding of the functionality without any unnecessary distractions.
Where needed tutorials are preceded by chapters focusing on theoretical background.
This way reader can fully understand functionalities explained in the subsequent chapters.
But such chapters are in minority and of secondary importance because the main focus is on practical applications.
Book contains demo Application that show how to combine some of the security features covered in previous tutorials by focusing on JWT and Database Authentication.
- 1. Theory
- 1.1 Authentication
- 1.1.1 Identity/Principal
- 1.1.2 Credentials vs Principal
- 1.1.3 UserDetails Object
- 1.1.4 Authentication Object
- 1.1.5 Session Object
- 1.2 Authorization
- 1.2.1 Authorities vs Roles
- 2. Main Terms
- 2.1 Define Users
- 2.1.1 Default User
- 2.1.2 application.properties
- 2.1.3 application.properties - Profiles with Authorities
- 2.1.4 WebSecurityConfig - configure()
- 2.1.5 WebSecurityConfig - userDetailsService()
- 2.1.6 MyUserDetailsService - Hard Coded Users
- 2.1.7 MyUserDetailsService - Database
- 2.1.8 MyUserDetailsService - Database - Profiles with Authorities
- 2.2 Add Authorities to Endpoints
- 2.2.1 @Secured - Roles
- 2.2.2 @PreAuthorize - Roles & Authorities
- 2.2.3 @PreAuthorize - Custom Methods
- 2.2.4 @PreAuthorize - Custom Methods - Books
- 2.2.5 antMatchers() - Select Endpoints
- 2.2.6 antMatchers() - Add Authorities
- 2.2.7 antMatchers() - Only check if Authenticated
- 2.3 Read Credentials
- 2.3.1 Automatic - Login Form - Default
- 2.3.2 Automatic - Login Form - Custom
- 2.3.3 Automatic - Authorization Header
- 2.3.4 Manual - Controller - Headers
- 2.3.5 Manual - Controller - Authorization Header
- 2.3.6 Manual - Controller - HTTP Request Parameters
- 2.3.7 Manual - Controller - Login Form
- 2.3.8 Manual - Controller - JSON
- 2.3.9 Manual - Filter - Headers
- 2.3.10 Manual - Filter - Authorization Header
- 2.3.11 Manual - Filter - HTTP Request Parameters
- 2.4 Authentication
- 2.4.1 Automatic - Login Form - Default - application.properties
- 2.4.2 Automatic - Login Form - Default - configure(Auth...)
- 2.4.3 Automatic - Login Form - Default - userDetailsService()
- 2.4.4 Automatic - Login Form - Default - MyUserDetailsService
- 2.4.5 Manual - authenticationManagerBean() - configure(Auth...)
- 2.4.6 Manual - authenticationManagerBean() - userDetailsService()
- 2.4.7 Manual - authenticationManagerBean() - MyUserDetailsService
- 2.4.8 Manual - MyAuthenticationManager - userDetailsService()
- 2.4.9 Manual - MyAuthenticationManager - MyUserDetailsService
- 2.4.10 Events - Log to Console
- 2.5 Password Encoders
- 2.5.1 No Operation
- 2.5.2 LDAP
- 2.5.3 Sha256
- 2.5.4 BCrypt
- 3. Additional Terms
- 3.1 Remember Me
- 3.1.1 Login Form - Default
- 3.1.2 Login Form - Custom
- 3.1.3 Login Form - Default - DB - PostgreSQL
- 3.1.4 Login Form - Default - DB - H2
- 3.2 CSRF (Cross-Site Request Forgery)
- 3.2.1 Theory - Normal User Interaction
- 3.2.2 CSRF Attack - Theory
- 3.2.3 CSRF Attack - Application
- 3.2.4 CSRF Token - Theory
- 3.2.5 CSRF Token - Application
- 3.3 CORS (Cross Origin Resource Sharing)
- 3.3.1 Application - Source
- 3.3.2 Application - Destination
- 3.3.3 CORS - Disabled
- 3.3.4 CORS - Enabled - Annotations
- 3.3.5 CORS - Enabled - API
- 3.4 2FA (2 Factor Authentication)
- 3.4.1 Step 1: Copy Project
- 3.4.2 Step 2: Register
- 3.4.3 Step 3: Enter Code
- 3.4.4 Step 4: Restrict Access
- 3.5 JWT (JSON Web Token)
- 3.5.1 Step 1 - Get Token
- 3.5.2 Step 2 - Send Token - As Request Parameter - Get Claims
- 3.5.3 Step 3 - Send Token - In Authorization Header - Get Claims
- 3.5.4 Step 4 - Send Token - In Authorization Header - Get Username
- 3.5.5 Step 5 - Filter
- 3.5.6 Step 6 - Authenticate
- 4. Demo Applications
- 4.1 JWT Authorities from DB
- 4.1.1 Step 1 - DB Authorities
- 4.1.2 Step 2 - JWT
- 5. Appendix
- 5.1 IntelliJ
- 5.1.1 Install
- 5.1.2 Create Project
- 5.1.3 Run Application
- 5.2 JWT
- 5.2.1 Introduction
- 5.2.2 Structure
- 5.2.3 Usage
- 5.2.4 Encode/Decode
- 5.3 Google Chrome
- 5.3.1 Disable Password Warning Popup
- 5.3.2 Authorization Header - Encode with Web Page
- 6. Summary
- 6.1 Define Users
- 6.1.1 Default User
- 6.1.2 application.properties
- 6.1.3 application.properties - Profiles with Authorities
- 6.1.4 WebSecurityConfig - configure()
- 6.1.5 WebSecurityConfig - userDetailsService()
- 6.1.6 MyUserDetailsService - Hard Coded Users
- 6.1.7 MyUserDetailsService - Database
- 6.2 Add Authorities to Endpoints
- 6.2.1 Annotations
- 6.2.2 Annotations - Custom Method
- 6.2.3 antMatchers()
- 6.3 Password Encoders
- 6.4 Authentication Classes & Objects
- 6.4.1 MyAuthenticationManager
- 6.4.2 MyUserDetailsService
- 6.4.3 WebSecurityConfig
- 6.4.4 MyController
The Leanpub 60-day 100% Happiness Guarantee
Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
See full terms
80% Royalties. Earn $16 on a $20 book.
We pay 80% royalties. That's not a typo: you earn $16 on a $20 sale. If we sell 5000 non-refunded copies of your book or course for $20, you'll earn $80,000.
(Yes, some authors have already earned much more than that on Leanpub.)
In fact, authors have earnedover $12 millionwriting, publishing and selling on Leanpub.
Learn more about writing on Leanpub
Free Updates. DRM Free.
If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).
Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.
Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.