Spring Boot - Security

Version: 2.0 - Date: 04.2021

Ivor Online

The author is letting you choose the price you pay for this book!

Pick Your Price...

PDF

390

Pages

About

About the Book

This is third Book in the series

1. Spring Boot - Quick Start

2. Spring Boot - Accessories

3. Spring Boot - Security

4. Spring Boot - Database

Content

Intention of this Book is to quickly get you started with Spring Boot security like: Authentication, Authorization, Roles, Authorities, Credentials, Login Form, Username, Password, CSRF, CORS, Remember Me, 2FA, JWT.

Standalone Tutorials

The core of this Book are standalone tutorials that explain different functionalities of Spring Boot.

Each tutorial contains minimum amount of code needed to explain specific functionality.

And also minimum amount of encompassing text that explains related theory and different parts of the code.

This approach allows students to grasp presented concepts in a very fast and efficient manner.

Full code, which can also be downloaded from GitHub, prevents any time being wasted trying to make the code work.

Simple examples allow for full understanding of the functionality without any unnecessary distractions.

Theoretical Background

Where needed tutorials are preceded by chapters focusing on theoretical background.

This way reader can fully understand functionalities explained in the subsequent chapters.

But such chapters are in minority and of secondary importance because the main focus is on practical applications.

Demo Application

Book contains demo Application that show how to combine some of the security features covered in previous tutorials by focusing on JWT and Database Authentication.

Share this book

Feedback

Email the author

Price

Pick Your Price...

Minimum price

$10.00

$20.00

You pay

$20.00

Author earns

$16.00

Author

About the Author

Ivor Online

WHY TUTORIALS?

"Things are only as complicated as they are badly explained"

Proper documentation is essential to avoid struggle and frustration when working with simple things that only seem complicated by not being properly documented and explained.

WHAT KIND OF TUTORIALS?

"Working example is worth thousand words"

Just like the picture is worth thousand words the same goes for the working example. Documentation in the form of working examples is proved to be the fastest and the most effective way of transferring knowledge. Sometimes an example is all you need to get the things done. And if there are some accompanying comments that explain what is going on even better. This approach is used in this book. This results in fast learning and the ability to apply tutorials when you need them in the spirit of Just In Time Support.

I wish you rapid learning!

www.ivoronline.com

Table of Contents

1. Theory
- 1.1 Authentication
- - 1.1.1 Identity/Principal
  - 1.1.2 Credentials vs Principal
  - 1.1.3 UserDetails Object
  - 1.1.4 Authentication Object
  - 1.1.5 Session Object
- 1.2 Authorization
- - 1.2.1 Authorities vs Roles
2. Main Terms
- 2.1 Define Users
- - 2.1.1 Default User
  - 2.1.2 application.properties
  - 2.1.3 application.properties - Profiles with Authorities
  - 2.1.4 WebSecurityConfig - configure()
  - 2.1.5 WebSecurityConfig - userDetailsService()
  - 2.1.6 MyUserDetailsService - Hard Coded Users
  - 2.1.7 MyUserDetailsService - Database
  - 2.1.8 MyUserDetailsService - Database - Profiles with Authorities
- 2.2 Add Authorities to Endpoints
- - 2.2.1 @Secured - Roles
  - 2.2.2 @PreAuthorize - Roles & Authorities
  - 2.2.3 @PreAuthorize - Custom Methods
  - 2.2.4 @PreAuthorize - Custom Methods - Books
  - 2.2.5 antMatchers() - Select Endpoints
  - 2.2.6 antMatchers() - Add Authorities
  - 2.2.7 antMatchers() - Only check if Authenticated
- 2.3 Read Credentials
- - 2.3.1 Automatic - Login Form - Default
  - 2.3.2 Automatic - Login Form - Custom
  - 2.3.3 Automatic - Authorization Header
  - 2.3.4 Manual - Controller - Headers
  - 2.3.5 Manual - Controller - Authorization Header
  - 2.3.6 Manual - Controller - HTTP Request Parameters
  - 2.3.7 Manual - Controller - Login Form
  - 2.3.8 Manual - Controller - JSON
  - 2.3.9 Manual - Filter - Headers
  - 2.3.10 Manual - Filter - Authorization Header
  - 2.3.11 Manual - Filter - HTTP Request Parameters
- 2.4 Authentication
- - 2.4.1 Automatic - Login Form - Default - application.properties
  - 2.4.2 Automatic - Login Form - Default - configure(Auth...)
  - 2.4.3 Automatic - Login Form - Default - userDetailsService()
  - 2.4.4 Automatic - Login Form - Default - MyUserDetailsService
  - 2.4.5 Manual - authenticationManagerBean() - configure(Auth...)
  - 2.4.6 Manual - authenticationManagerBean() - userDetailsService()
  - 2.4.7 Manual - authenticationManagerBean() - MyUserDetailsService
  - 2.4.8 Manual - MyAuthenticationManager - userDetailsService()
  - 2.4.9 Manual - MyAuthenticationManager - MyUserDetailsService
  - 2.4.10 Events - Log to Console
- 2.5 Password Encoders
- - 2.5.1 No Operation
  - 2.5.2 LDAP
  - 2.5.3 Sha256
  - 2.5.4 BCrypt
3. Additional Terms
- 3.1 Remember Me
- - 3.1.1 Login Form - Default
  - 3.1.2 Login Form - Custom
  - 3.1.3 Login Form - Default - DB - PostgreSQL
  - 3.1.4 Login Form - Default - DB - H2
- 3.2 CSRF (Cross-Site Request Forgery)
- - 3.2.1 Theory - Normal User Interaction
  - 3.2.2 CSRF Attack - Theory
  - 3.2.3 CSRF Attack - Application
  - 3.2.4 CSRF Token - Theory
  - 3.2.5 CSRF Token - Application
- 3.3 CORS (Cross Origin Resource Sharing)
- - 3.3.1 Application - Source
  - 3.3.2 Application - Destination
  - 3.3.3 CORS - Disabled
  - 3.3.4 CORS - Enabled - Annotations
  - 3.3.5 CORS - Enabled - API
- 3.4 2FA (2 Factor Authentication)
- - 3.4.1 Step 1: Copy Project
  - 3.4.2 Step 2: Register
  - 3.4.3 Step 3: Enter Code
  - 3.4.4 Step 4: Restrict Access
- 3.5 JWT (JSON Web Token)
- - 3.5.1 Step 1 - Get Token
  - 3.5.2 Step 2 - Send Token - As Request Parameter - Get Claims
  - 3.5.3 Step 3 - Send Token - In Authorization Header - Get Claims
  - 3.5.4 Step 4 - Send Token - In Authorization Header - Get Username
  - 3.5.5 Step 5 - Filter
  - 3.5.6 Step 6 - Authenticate
4. Demo Applications
- 4.1 JWT Authorities from DB
- - 4.1.1 Step 1 - DB Authorities
  - 4.1.2 Step 2 - JWT
5. Appendix
- 5.1 IntelliJ
- - 5.1.1 Install
  - 5.1.2 Create Project
  - 5.1.3 Run Application
- 5.2 JWT
- - 5.2.1 Introduction
  - 5.2.2 Structure
  - 5.2.3 Usage
  - 5.2.4 Encode/Decode
- 5.3 Google Chrome
- - 5.3.1 Disable Password Warning Popup
  - 5.3.2 Authorization Header - Encode with Web Page
6. Summary
- 6.1 Define Users
- - 6.1.1 Default User
  - 6.1.2 application.properties
  - 6.1.3 application.properties - Profiles with Authorities
  - 6.1.4 WebSecurityConfig - configure()
  - 6.1.5 WebSecurityConfig - userDetailsService()
  - 6.1.6 MyUserDetailsService - Hard Coded Users
  - 6.1.7 MyUserDetailsService - Database
- 6.2 Add Authorities to Endpoints
- - 6.2.1 Annotations
  - 6.2.2 Annotations - Custom Method
  - 6.2.3 antMatchers()
- 6.3 Password Encoders
- 6.4 Authentication Classes & Objects
- - 6.4.1 MyAuthenticationManager
  - 6.4.2 MyUserDetailsService
  - 6.4.3 WebSecurityConfig
  - 6.4.4 MyController

Get the free sample chapters

Click the buttons to get the free sample in PDF or EPUB, or read the sample online here

Download Sample PDF Download Sample EPUB

The Leanpub 60 Day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.

You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!

So, there's no reason not to click the Add to Cart button, is there?

See full terms...

Earn $8 on a $10 Purchase, and $16 on a $20 Purchase

We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.

(Yes, some authors have already earned much more than that on Leanpub.)

In fact, authors have earned over $14 million writing, publishing and selling on Leanpub.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub