Spring Security - Third Edition: Secure your web applications, RESTful services, and microservice architectures

Mick Knutson, Robert Winch, Peter Mularien

  • 出版商: Packt Publishing
  • 出版日期: 2017-11-28
  • 售價: $2,130
  • 貴賓價: 9.5$2,024
  • 語言: 英文
  • 頁數: 542
  • 裝訂: Paperback
  • ISBN: 1787129519
  • ISBN-13: 9781787129511
  • 相關分類: Java 相關技術資訊安全
  • 海外代購書籍(需單獨結帳)

買這商品的人也買了...

商品描述

Learn how to secure your Java applications from hackers using Spring Security 4.2

About This Book

  • Architect solutions that leverage the full power of Spring Security while remaining loosely coupled.
  • Implement various scenarios such as supporting existing user stores, user sign up, authentication, and supporting AJAX requests,
  • Integrate with popular Microservice and Cloud services such as Zookeeper, Eureka, and Consul, along with advanced techniques, including OAuth, JSON Web Token's (JWS), Hashing, and encryption algorithms

Who This Book Is For

This book is intended for Java Web and/or RESTful webservice developers and assumes a basic understanding of creating Java 8, Java Web and/or RESTful webservice applications, XML, and the Spring Framework. You are not expected to have any previous experience with Spring Security.

What You Will Learn

  • Understand common security vulnerabilities and how to resolve them
  • Learn to perform initial penetration testing to uncover common security vulnerabilities
  • Implement authentication and authorization
  • Learn to utilize existing corporate infrastructure such as LDAP, Active Directory, Kerberos, CAS, OpenID, and OAuth
  • Integrate with popular frameworks such as Spring, Spring-Boot, Spring-Data, JSF, Vaaden, jQuery, and AngularJS.
  • Gain deep understanding of the security challenges with RESTful webservices and microservice architectures
  • Integrate Spring with other security infrastructure components like LDAP, Apache Directory server and SAML

In Detail

Knowing that experienced hackers are itching to test your skills makes security one of the most difficult and high-pressured concerns of creating an application. The complexity of properly securing an application is compounded when you must also integrate this factor with existing code, new technologies, and other frameworks. Use this book to easily secure your Java application with the tried and trusted Spring Security framework, a powerful and highly customizable authentication and access-control framework.

The book starts by integrating a variety of authentication mechanisms. It then demonstrates how to properly restrict access to your application. It also covers tips on integrating with some of the more popular web frameworks. An example of how Spring Security defends against session fixation, moves into concurrency control, and how you can utilize session management for administrative functions is also included.

It concludes with advanced security scenarios for RESTful webservices and microservices, detailing the issues surrounding stateless authentication, and demonstrates a concise, step-by-step approach to solving those issues. And, by the end of the book, readers can rest assured that integrating version 4.2 of Spring Security will be a seamless endeavor from start to finish.

Style and approach

This practical step-by-step tutorial has plenty of example code coupled with the necessary screenshots and clear narration so that grasping content is made easier and quicker.

商品描述(中文翻譯)

學習如何使用Spring Security 4.2來保護您的Java應用程式免受駭客攻擊

關於本書
- 設計解決方案,充分利用Spring Security的強大功能,同時保持鬆散耦合。
- 實現各種場景,例如支援現有使用者存儲、使用者註冊、身份驗證以及支援AJAX請求。
- 整合流行的微服務和雲服務,如Zookeeper、Eureka和Consul,以及包括OAuth、JSON Web Token(JWS)、雜湊和加密演算法在內的高級技術。

本書適合對Java Web和/或RESTful Web服務開發有基本了解的讀者,並假設您具備創建Java 8、Java Web和/或RESTful Web服務應用程式、XML和Spring Framework的基本知識。您不需要具備任何Spring Security的先前經驗。

您將學到什麼
- 了解常見的安全漏洞及其解決方法。
- 學習進行初始滲透測試,以發現常見的安全漏洞。
- 實現身份驗證和授權。
- 學習利用現有的企業基礎設施,如LDAP、Active Directory、Kerberos、CAS、OpenID和OAuth。
- 整合流行的框架,如Spring、Spring-Boot、Spring-Data、JSF、Vaaden、jQuery和AngularJS。
- 深入了解RESTful Web服務和微服務架構的安全挑戰。
- 將Spring與其他安全基礎組件(如LDAP、Apache Directory Server和SAML)整合。

詳細內容
知道有經驗的駭客渴望測試您的技能,使安全成為創建應用程式中最困難且壓力最大的問題之一。當您必須將此因素與現有代碼、新技術和其他框架整合時,正確保護應用程式的複雜性更加複雜。使用這本書,輕鬆地使用經過驗證和可靠的Spring Security框架來保護您的Java應用程式,這是一個功能強大且高度可自定義的身份驗證和訪問控制框架。

本書首先整合了各種身份驗證機制。然後演示如何正確限制對應用程式的訪問。它還提供了與一些較流行的Web框架整合的提示。書中還包括了Spring Security如何防禦會話固定攻擊、並進入並發控制,以及如何利用會話管理進行管理功能的示例。

最後,本書還介紹了RESTful Web服務和微服務的高級安全場景,詳細說明了無狀態身份驗證周圍的問題,並演示了一種簡潔、逐步解決這些問題的方法。通過本書,讀者可以放心地從頭到尾無縫地整合Spring Security 4.2。

風格和方法
這本實用的逐步教程提供了大量的範例代碼,並配有必要的屏幕截圖和清晰的敘述,以便更輕鬆、更快地理解內容。