Skip to main content
SpringerLink
Log in
Apress

Pro Spring Security

Securing Spring Framework 6 and Boot 3-based Java Applications

  • Book
  • © 2024
  • Latest edition

Overview

Authors:
  1. Massimo Nardone

    1. HELSINKI, Finland

    View author publications

    You can also search for this author in PubMed   Google Scholar

  2. Carlo Scarioni

    1. Surbiton, UK

    View author publications

    You can also search for this author in PubMed   Google Scholar

  • Updates a unique and pragmatic book on Spring security
  • Updated for Spring Boot 3 and Spring Framework 6
  • Written by a Spring certified developer expert

  • 2705 Accesses

This is a preview of subscription content, log in via an institution to check access.

Access this book

Log in via an institution
eBook USD 16.99 USD 39.99
Discount applied Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book USD 16.99 USD 54.99
Discount applied Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Other ways to access

Licence this eBook for your library

Institutional subscriptions

Table of contents (9 chapters)

  1. Front Matter

    Pages i-xviii
    Download chapter PDF

  2. The Scope of Security

    • Massimo Nardone, Carlo Scarioni
    Pages 1-19

  3. Introducing Spring Security

    • Massimo Nardone, Carlo Scarioni
    Pages 21-44

  4. Setting up the Scene

    • Massimo Nardone, Carlo Scarioni
    Pages 45-74

  5. Spring Security Architecture and Design

    • Massimo Nardone, Carlo Scarioni
    Pages 75-119

  6. Web Security

    • Massimo Nardone, Carlo Scarioni
    Pages 121-167

  7. Configuring Alternative Authentication Providers

    • Massimo Nardone, Carlo Scarioni
    Pages 169-204

  8. Business Object Security with ACLs

    • Massimo Nardone, Carlo Scarioni
    Pages 205-210

  9. Open Authorization 2.0 (OAuth 2.0) and Spring Security

    • Massimo Nardone, Carlo Scarioni
    Pages 211-238

  10. JSON Web Token (JWT) Authentication

    • Massimo Nardone, Carlo Scarioni
    Pages 239-279

  11. Back Matter

    Pages 281-289
    Download chapter PDF
Back to top

Keywords

About this book

Build and deploy secure Spring Framework and Spring Boot-based enterprise Java applications with the Spring Security Framework. This book explores a comprehensive set of functionalities to implement industry-standard authentication and authorization mechanisms for Java applications.


Pro Spring Security, Third Edition has been updated to incorporate the changes in Spring Framework 6 and Spring Boot 3. It is an advanced tutorial and reference that guides you through the implementation of the security features for a Java web application by presenting consistent examples built from the ground up.

This book also provides you with a broader look into Spring security by including up-to-date use cases such as building a security layer for RESTful web services and JSON Web Token applications.


What You Will Learn
  • Explore the scope of security and how to use the Spring Security Framework
  • Master Spring security architecture and design 
  • Secure the web tier in Spring 
  • Work with alternative authentication providers
  • Take advantage of business objects and logic security
  • Extend Spring security with other frameworks and languages
  • Secure the service layer
  • Secure the application with JSON Web Token



Who This Book Is For


Experienced Spring and Java developers with prior experience in building Spring Framework or Boot-based applications

Authors and Affiliations

  • HELSINKI, Finland

    Massimo Nardone

  • Surbiton, UK

    Carlo Scarioni

About the authors

Massimo Nardone has more than 27 years of experience in information and cybersecurity for IT/OT/IoT/IIoT, web/mobile development, cloud, and IT architecture. His true IT passions are security and Android. He has been programming and teaching how to program with Android, Perl, PHP, Java, VB, Python, C/C++, and MySQL for more than 27 years. He holds an M.Sc. degree in computing science from the University of Salerno, Italy. Throughout his working career, he has held various positions starting as programming developer, then security teacher, PCI QSA, Auditor, Assessor, Lead IT/OT/SCADA/SCADA/Cloud Architect, CISO, BISO, Executive, Program Director, OT/IoT/IIoT Security Competence Leader, etc.


In his last working engagement, he worked as a seasoned Cyber and Information Security Executive, CISO and OT, IoT and IIoT Security competence Leader helping many clients to develop and implement Cyber, Information, OT, IoT Security activities.

His technical skills include Security, OT/IoT/IIoT, Android, Cloud, Java, MySQL, Drupal, Cobol, Perl, web and mobile development, MongoDB, D3, Joomla!, Couchbase, C/C++, WebGL, Python, Pro Rails, Django CMS, Jekyll, and Scratch. He has served as a visiting lecturer and supervisor for exercises at the Networking Laboratory of the Helsinki University of Technology (Aalto University).

He stays current to industry and security trends, attending events, being part of a board such as the ISACA Finland Chapter Board, ISF, Nordic CISO Forum, Android Global Forum, etc.

He holds four international patents (PKI, SIP, SAML, and Proxy areas). He currently works as a Cyber Security Freelancer for IT/OT and IoT. He has reviewed more than 55 IT books for different publishers and has coauthored Pro JPA 2 in Java EE 8 (Apress, 2018), Beginning EJB in Java EE 8 (Apress, 2018), and Pro Android Games (Apress, 2015).


Carlo Scarioni is a passionate software developer, motivated by learning and applying innovative and interesting software development tools, techniques, and methodologies. He has worked for more than 18 years in the field and moved across multiple languages, paradigms, and subject areas. He also has many years of experience working with Java and its ecosystem. He has been in love with Spring since the beginning and he is fascinated by how Spring allows building complex applications out of discrete, focused modules and by the clever use of decorators to add cross-cutting functionalities. In the last few years he has been working mostly with data engineering solutions. He has been creating solutions around the use of modern data stack components in cloud environments, while at the same time developing software using technologies such as Spark, Python, and others.

Bibliographic Information

Publish with us

Policies and ethics

Back to top

Search

Navigation