Packt+ | Advance your knowledge in tech

0

All Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Free Learning

Spring Security

You're reading from Spring Security Secure your web applications, RESTful services, and microservice architectures

Product type Paperback

Published in Nov 2017

Publisher Packt

ISBN-13 9781787129511

Length 542 pages

Edition 3rd Edition

Languages

Java

Tools

Spring

Concepts

Cybersecurity

Authors (3):

Mick Knutson

Robert Winch

Mularien

View More author details

Table of Contents (25) Chapters

Title Page

Credits

About the Authors

About the Reviewers

www.Packtpub.com

Customer Feedback

Preface

1. Anatomy of an Unsafe Application FREE CHAPTER

2. Getting Started with Spring Security

3. Custom Authentication

4. JDBC-Based Authentication

5. Authentication with Spring Data

6. LDAP Directory Services

7. Remember-Me Services

8. Client Certificate Authentication with TLS

9. Opening up to OAuth 2

10. Single Sign-On with the Central Authentication Service

11. Fine-Grained Access Control

12. Access Control Lists

13. Custom Authorization

14. Session Management

15. Additional Spring Security Features

16. Migration to Spring Security 4.2

17. Microservice Security with OAuth 2 and JSON Web Tokens

18. Additional Reference Material

Getting started with the JBCP calendar sample code

Chapter 13. Custom Authorization

In this chapter, we will write some custom implementations for Spring Security's key authorization APIs. Once we have done this, we will use the understanding of the custom implementations to understand how Spring Security's authorization architecture works.

Throughout this chapter, we will cover the following topics:

Gaining an understanding of how authorization works
Writing a custom SecurityMetaDataSource backed by a database instead of antMatchers() methods
Creating a custom SpEL expression
Implementing a custom PermissionEvaluator object that allows our permissions to be encapsulated

The rest of the chapter is locked

Register for a free Packt account to unlock a world of extra content!

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at £13.99/month. Cancel anytime

Authors (3)

Mick Knutson

Mick Knutson

With nearly two decades of experience working in the IT industry in various roles as Enterprise technology consultant, Java Architect, project leader, Engineer, Designer and Developer, Mr. Knutson has gained a wide variety of experience in disciplines including JavaEE, Web Services, Mobile Computing and Enterprise Integration Solutions. Over the course of his career, Mr. Knutson has enjoyed long lasting partnerships with many of the most recognizable names in the Health Care, Financial, Banking, Insurance, Manufacturing, Telecommunications, Utilities, Product Distribution, Industrial and Electronics industries employing industry standard full software life cycle methodologies including the Rational Unified Process (RUP), Agile, SCRUM, and Extreme Programming (XP). Mr. Knutson has also undertaken speaking engagements, training seminars, white paper and book publishing engagements world-wide.

See other products by Mick Knutson

Robert Winch

Robert Winch

Robert Winch is currently a senior software engineer at VMware and is the project lead of the Spring Security framework. In the past, he has worked as a software architect at Cerner, the largest provider of electronic medical systems in the US, securing healthcare applications. Throughout his career, he has developed hands-on experience integrating Spring Security with an array of security standards (that is, LDAP, SAML, CAS, OAuth, and so on). Before he was employed at Cerner, he worked as an independent web contractor in proteomics research at Loyola University Chicago and on the Globus Toolkit at Argonne National Laboratory.

See other products by Robert Winch

Mularien

Mularien

Peter Mularien is an experienced software architect and engineer, and the author of the book Spring Security 3, Packt Publishing. Peter currently works for a large financial services company and has over 12 years consulting and product experience in Java, Spring, Oracle, and many other enterprise technologies. He is also the reviewer of this book.

See other products by Mularien

Other recommended products

Related to this chapter

Hands-On Spring Security 5 for Reactive Applications

Hands-On Spring Security 5 for Reactive Applications

Security is one of the most vital concerns for any organization. The complexity of an application is compounded when you need to integrate security with existing code, new technology, and other frameworks. This book will show you how to effectively write Java code that is robust and easy to maintain.

Jul 2018 8h 56m

OAuth 2.0 Cookbook

OAuth 2.0 Cookbook

OAuth 2.0 is a standard protocol for authorization and focuses on client development simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and so on. This book also provides useful recipes for solving real-life problems using Spring Security and creating Android applications.

Oct 2017 14h 0m

Spring Boot 2.0 Projects

Spring Boot 2.0 Projects

Spring is one of the best tools to develop web, enterprise, and cloud ready software in the market. The goal of Spring Boot is to provide a set of tools for building Spring applications that run production-grade based applications. This book will teach you features of Spring Boot 2.0 by building interesting real-world projects.

Jul 2018 11h 12m

Spring 5.0 Cookbook

Spring 5.0 Cookbook

The upcoming version of the Spring Framework has a lot to offer, above and beyond the platform upgrade to Java 9, and this book will show you all you need to know to overcome the common to advanced problems you might face while developing in Spring 5.0.

Sep 2017 22h 20m

Spring 5.0 Projects

Spring 5.0 Projects

Spring makes it simple to create RESTful applications, interact with social services, communicate with modern databases, secure your system, and make your code modular and easy to test. This book will show you how to build various projects in Spring 5.0, using its various features as well as third party tools.

Feb 2019 14h 44m

Mastering Spring 5

Mastering Spring 5

Spring 5.1 is the latest new release of the widely used Spring framework and consists a myriad of exciting new features that has changed the way the framework is used. Mastering Spring 5 shows you this evolution - from solving the problems of developing testable applications to building distributed applications on the cloud.

Jul 2019 19h 56m

Learning Spring 5.0

Learning Spring 5.0

Spring is the most widely used framework for Java programming and with its latest update to 5.0, the framework is undergoing massive changes. Built to work with both Java 8 and Java 9, This book will teach you to simplify the way you write code, while still being able to create robust, enterprise applications using Spring 5.0.

Jun 2017 14h 4m

Spring Boot 2 Fundamentals

Spring Boot 2 Fundamentals

Through the Spring Boot Fundamentals book, you will learn how the Spring Framework works and how it helps you to get the job done. You will be able to build a new application from scratch for desktops and mobiles. Your application will persist data in a relational database and provide users a rich user experience using HTML or a RESTful API for JavaScript.

Nov 2018 9h 36m

Mastering Spring 5.0

Mastering Spring 5.0

Spring 5.0 is due to arrive with a myriad of new and exciting features that will change the way we've used the framework so far. This book will show you this evolution—from solving the problems of testable applications to building distributed applications on the Cloud.

Jun 2017 16h 32m

Keycloak - Identity and Access Management for Modern Applications

Keycloak - Identity and Access Management for Modern Applications

This book is your guide to learning how to install, configure, and manage Keycloak optimally for securing your applications. With the help of easy-to-follow examples, you will gain a complete understanding of Keycloak's various features and how to enable authentication and authorization in applications using it.

Jun 2021 12h 4m

Learning Spring Boot 2.0

Learning Spring Boot 2.0

Spring Boot provides a variety of features that address today's business needs with a powerful database and state of the art MVC framework. This practical guide will help you get up and running with all the latest features of Spring Boot.

Nov 2017 12h 20m

Hands-On High Performance with Spring 5

Hands-On High Performance with Spring 5

Spring 5.0 brings major advancements in the rich APIs provided by the Spring framework and thus creates a need for developers to master its tools and techniques to achieve high-performing applications. This book will help you improve the speed of your code and optimize the performance of your apps.

Jun 2018 13h 36m

Personalised recommendations for you

Based on your interests and search pattern

Cloud Security Handbook

Cloud Security Handbook

This book provides complete coverage of every cloud security aspect—from initial design to ongoing maintenance. Packed with best practices, it helps you smoothly transition to the public cloud, while keeping your environments secure and compliant.

Apr 2025 16h 4m

CompTIA CySA+ (CS0-003) Certification Guide

CompTIA CySA+ (CS0-003) Certification Guide

Prepare for CompTIA CySA+ (CS0-003) exam with this study guide—covering security ops, incident response, and vulnerability management in depth to level up your cybersecurity career. Includes exam-style questions, 2 practice tests, and flashcards.

Apr 2025 24h 44m

Cyber Security Kill Chain - Tactics and Strategies

Cyber Security Kill Chain - Tactics and Strategies

Learn how the cyber kill chain, a structured model that outlines the stages of a cyberattack, guides you through understanding threat actor behaviors and bolstering their ability to defend against evolving cyber threats.

May 2025 10h 16m