Don't let security be an afterthought. Spring Security in Action, Second Edition is your vital companion to robust, secure applications that are protected right from the first line of code.

Spring Security in Action, Second Edition is a revised version of the bestselling original, fully updated for Spring Boot 3 and Oauth2/OpenID Connect.

In Spring Security in Action, Second Edition you will learn essential security skills including how to:

• Implement and customize authentication and authorization
• Set up all components of an OAuth2/OpenID Connect system
• Utilize CRSF and CORS configurations
• Secure Spring reactive applications
• Write tests for security configurations

Whether you’re a beginner or a pro, Spring Security in Action, Second Edition teaches you how to secure your Java applications from the ground up. Author Laurentiu Spilca distills his years of experience as a skilled Java and Spring developer into an indispensable guide to everything security—from authentication and authorization, to testing security configurations. This new edition covers the latest patterns for application-level security in Spring apps, demonstrating how Spring Security simplifies every step of the security process.

Foreword by Joe Grandja.

Purchase of the print book includes a free eBook in PDF and ePub formats from Manning Publications.

About the technology

Spring Security makes it much, much easier to secure enterprise-scale Java applications. This powerful framework integrates with Spring apps end to end, with “secure by design” principles and ready-to-use features that help you implement robust authorization and authentication and protect against data theft and intrusions. And like everything else in the Spring ecosystem, it’s free, open source, and backed by the awesome team at VMWare.

About the book

Spring Security in Action, Second Edition updates this bestselling guide to Spring Security to include deep coverage of OAuth2/OpenID Connect and security configuration using the new SecurityFilterChain. The crystal clear explanations and relevant examples, teach you how to build your own authorization server, configure secure endpoints, and prevent cross-site scripting and request forgery attacks.

What's inside

• Custom authentication and authorization
• CRSF and CORS configurations
• Secure Spring reactive applications
• Write tests for security configurations

About the reader

For experienced Java and Spring developers.

About the author

Laurentiu Spilca is a skilled Java and Spring developer and an experienced technology instructor. He is also the author of Manning’s Spring Start Here and Troubleshooting Java.

Table of Contents

PART 1
1 Security today
2 Hello, Spring Security
PART 2
3 Managing users
4 Managing passwords
5 A web app’s security begins with filters
6 Implementing authentications
PART 3
7 Configuring endpoint-level authorization: Restricting access
8 Configuring endpoint-level authorization: Applying restrictions
9 Configuring CSRF protection
10 Configuring CORS
11 Implementing authorization at the method level
12 Implementing filtering at the method level
PART 4
13 What are OAuth 2 and OpenID Connect?
14 Implementing an OAuth 2 authorization server
15 Implementing an OAuth 2 resource server
16 Implementing an OAuth 2 client
PART 5
17 Implementing security in reactive applications
PART 6
18 Testing security configurations