You are previewing Spring Security Essentials.
O'Reilly logo
Spring Security Essentials

Book Description

A fast-paced guide for securing your Spring applications effectively with the Spring Security framework

About This Book

  • Explore various security concepts using real-time examples of the Spring Security framework

  • Learn about the functionalities that implement industry standard authentication and authorization mechanisms to secure enterprise-level applications

  • Design and develop advanced Spring Security layers by following a step-by-step approach

  • Who This Book Is For

    If you are a developer who is familiar with Spring and you are looking to explore its security features, then this book is for you. All beginners and experienced users will benefit from this book since it is explores both the theory and practical usage in detail.

    What You Will Learn

  • See industry standard security implementations in action

  • Understand the principles of security servers, concepts, installation, and integration

  • Use Spring Extensions for various security mechanisms

  • Get to grips with the internals of the tools and servers involved in the security layer

  • Work through practical projects and working programs

  • Compare different security servers and techniques

  • Use the sample projects in practical, real-time applications

  • Get further readings and guidance on advanced security mechanisms

  • In Detail

    Spring Security is a framework that focuses on providing both authentication and authorization to Java applications. Like all Spring projects, the real power of Spring Security is how easily it can be extended to meet custom requirements. The popularity of the Spring framework is increasing and the security package of Spring addresses vast mechanisms of Security in a rich way. Due to an increasing number of applications for various business needs, the integration of multiple applications is becoming inevitable. The standard security procedures available across multiple implementations in Spring will protect vulnerable applications that are open to larger public and private audiences.

    Spring Security Essentials focuses on the need to master the security layer, which is an area not often explored by a Spring developer.

    At the beginning, we’ll introduce various industry standard security mechanisms and the practical ways to integrate with them. We will also teach you about some up-to-date use cases such as building a security layer for RESTful web services and applications.

    The IDEs used and security servers involved are briefly explained, including the steps to install them. Many sample projects are also provided to help you practice your newly developed skills. Step-by-step instructions will help you master the security layer integration with the Server, then implement the experience gained from this book in your own real-time application.

    Style and approach

    This practical guide is packed with detailed explanations of the underlying concepts, as well as screenshots and working examples that guarantee hands-on learning.

    Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at If you purchased this book elsewhere, you can visit and register to have the code file.

    Table of Contents

    1. Spring Security Essentials
      1. Table of Contents
      2. Spring Security Essentials
      3. Credits
      4. About the Author
      5. About the Reviewer
        1. Support files, eBooks, discount offers, and more
          1. Why subscribe?
          2. Free access for Packt account holders
      7. Preface
        1. What this book covers
        2. What you need for this book
        3. Who this book is for
        4. Conventions
        5. Reader feedback
        6. Customer support
          1. Downloading the example code
          2. Downloading the color images of this book
          3. Errata
          4. Piracy
          5. Questions
      8. 1. Getting Started with Spring Security
        1. Spring custom user realms
        2. Spring custom authorization constraints
        3. Spring method-based authorization
        4. Spring instance-based authorization
        5. Spring Security with SOAP web services
        6. Spring Security with RESTful web services
        7. Spring Security with JSF2.0
        8. Spring Security with Wicket
        9. Spring Security with JAAS
        10. Spring Security with SAML
        11. Spring Security with LDAP
        12. Summary
      9. 2. Spring Security with SAML
        1. The basics and structure of SAML 2.0
        2. SAML 2.0 assertions
        3. SAML 2.0 protocols
        4. SAML 2.0 bindings
        5. Maven Recap
        6. Gradle Recap
          1. Setting up Gradle with Eclipse
          2. The Spring Tool Suite
          3. Improving the samples
        7. SAML open source implementations
          1. The SAML 2.0 login flow
          2. The SAML 2.0 logout flow
          3. IDP selection and testing
        8. The Spring Security SAML dependency
        9. Spring Security with SAML classes
        10. Spring Security SAML internals
        11. Spring Security with SAML logout
          1. LogoutRequest issued by SP to IDP
        12. Summary
      10. 3. Spring Security with LDAP
        1. A quick overview of LDAP
        2. LDAP implementations
          1. ApacheDS
          2. OpenLDAP 2.4.42
          3. OpenDJ
        3. The 389 Directory Server (previously Fedora Directory Server)
          1. Apache Directory Server and Studio installation
          2. Apache DS Studio features
          3. Simple Java JNDI program to access LDAP
          4. Spring LDAP Template – step by step
          5. Simple LDAP search
          6. Add, modify, and delete LDAP user
          7. LDAP 1.3.1 features – Object Directory Mapping and LDIF parsing
        4. Summary
      11. 4. Spring Security with AOP
        1. AOP basics
        2. AOP terminologies
        3. Simple AOP examples
        4. AOP Alliance
          1. Spring AOP using AspectJ Annotations
          2. Securing UI invocation using Aspects
        5. Summary
      12. 5. Spring Security with ACL
        1. Spring ACL package and infrastructure classes
        2. ACL implementation example and XML configuration for ACL
        3. Summary
      13. 6. Spring Security with JSF
        1. Maven dependencies
          1. Configuration files and entries
          2. JSF form creation and integration
          3. Spring Security implementation and execution
        2. Summary
      14. 7. Spring Security with Apache Wicket
        1. Apache Wicket project with Spring Integration
          1. The spring-security.xml setup
          2. Execution of the Project
        2. Summary
      15. 8. Integrating Spring Security with SOAP Web Services
        1. Creating SOAP web service with security
        2. Client creation to consume the web service
        3. Executing the project
        4. Summary
      16. 9. Building a Security Layer for RESTful Web Services
        1. Creating a RESTful web service
        2. Spring Security configurations
        3. Executing the project
        4. Summary
      17. 10. Integrating Spring Security with JAAS
        1. JAAS package basics
        2. Spring Security JAAS package components
        3. Spring JAAS configurations
        4. Spring JAAS implementation
        5. Executing the project
        6. Summary
      18. Index