Statistics
6
Views
0
Downloads
0
Donations
Author:Massimo Nardone
Ensure robust web security for your Java applications in just a few days. This recipe-driven, practical pocketbook provides a straightforward guide to quickly developing and deploying secure enterprise applications using the Spring 6 Framework, Spring Boot 3, and the H2 database. The book is organized into problems and corresponding recipes, offering solutions for both small and large challenges. First, you will learn how to install all essential development tools, such as IntelliJ IDEA, JDK v17, and Maven. Then you will dive into recipes on using Spring Security 6 with JSP tags and Thymeleaf and integrating security features through Spring Boot 3 Initializr. Finally, you'll be equipped to build your own Spring Boot project using Spring Security, Spring Data JDBC, and the H2 database. This recipes guide is ideal for readers who want to get up and running with only the essential security features in a fraction of time. Its simplified approach offers immediate results for securing Java applications. What You Will Learn • Set up and configure Spring Security 6 installation tools • Explore the basics of integrating Spring Security 6 with JSP tags, Thymeleaf, and Spring Boot 3 Initializr • Build and deploy a secure Spring Boot application using Spring Data JDBC and the H2 database Who This Book Is For Beginners in Spring Security 6, Boot 3 Initializr, and H2 DB, and assumes you have some basic web development and security experience. It is suitable for busy readers who are seeking a simple, focused approach for immediate results. For more comprehensive coverage, detailed explanations, and advanced topics, we recommend Pro Spring Security: Securing Spring Framework 6 and Boot 3-based Java Applications.
Tags
Support Statistics
¥.00 ·
0times
Text Preview (First 20 pages)
Registered users can read the full content for free
Register as a Gaohf Library member to read the complete e-book online for free and enjoy a better reading experience.
Page
1
I POCKET GUIDES Spring Security 6 Recipes Essential Techniques for Quick and Secure Java Applications Massimo Nardone Apress
Page
2
Apress Pocket Guides
Page
3
Apress Pocket Guides present concise summaries of cutting-edge developments and working practices throughout the tech industry. Shorter in length, books in this series aims to deliver quick-to-read guides that are easy to absorb, perfect for the time-poor professional. This series covers the full spectrum of topics relevant to the modern industry, from security, AI, machine learning, cloud computing, web development, product design, to programming techniques and business topics too. Typical topics might include: • A concise guide to a particular topic, method, function or framework • Professional best practices and industry trends • A snapshot of a hot or emerging topic • Industry case studies • Concise presentations of core concepts suited for students and those interested in entering the tech industry • Short reference guides outlining ‘need-to-know’ concepts and practices. More information about this series at https://link.springer.com/ bookseries/17385 .
Page
4
Spring Security 6 Recipes Essential Techniques for Quick and Secure Java Applications Massimo Nardone Apress®
Page
5
Spring Security 6 Recipes: Essential Techniques for Quick and Secure Java Applications Massimo Nardone Helsinki, Finland ISBN-13 (pbk): 979-8-8688-1296-5 ISBN-13 (electronic): 979-8-8688-1297-2 https://doi.org/10.1007/979-8-8688-1297-2 Copyright © 2025 by Massimo Nardone This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. Trademarked names, logos, and images may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, logo, or image we use the names, logos, and images only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights. While the advice and information in this book are believed to be true and accurate at the date of publication, neither the authors nor the editors nor the publisher can accept any legal responsibility for any errors or omissions that may be made. The publisher makes no warranty, express or implied, with respect to the material contained herein. Managing Director, Apress Media LLC: Welmoed Spahr Acquisitions Editor: Melissa Duffy Development Editor: Laura Berendson Editorial Project Manager: Gryffin Winkler Cover designed by eStudioCalamar Distributed to the book trade worldwide by Springer Science+Business Media New York, 1 New York Plaza, Suite 4600, New York, NY 10004-1562, USA. Phone 1-800-SPRINGER, fax (201) 348-4505, e-mail orders-ny@springer-sbm.com, or visit www.springeronline.com. Apress Media, LLC is a California LLC and the sole member (owner) is Springer Science + Business Media Finance Inc (SSBM Finance Inc). SSBM Finance Inc is a Delaware corporation. For information on translations, please e-mail booktranslations@springernature.com; for reprint, paperback, or audio rights, please e-mail bookpermissions@springernature.com. Apress titles may be purchased in bulk for academic, corporate, or promotional use. eBook versions and licenses are also available for most titles. For more information, reference our Print and eBook Bulk Sales web page at http://www.apress.com/bulk-sales. Any source code or other supplementary material referenced by the author in this book is available to readers on GitHub. For more detailed information, please visit https://www.apress.com/gp/services/source-code. If disposing of this product, please recycle the paper
Page
6
This book is dedicated to the memory of my loving late father Giuseppe. Your support, your education, your values made me the man I am now. You will be loved and missed forever. I also would like to dedicate this book to my children Luna, Leo and Neve. Your love and support mean everything to me. —Massimo
Page
7
Table of Contents About the Author ..........................................................................xiii About the Technical Reviewer ........................................................xv Acknowledgments .......................................................................xvii Introduction ................................................................................. xix Chapter 1: Development Tools ..........................................................1 What Is Spring Security 6? 1 Problem.................................................................................................4 Solution.................................................................................................4 Problem.................................................................................................6 Solution.................................................................................................6 Problem.................................................................................................7 Solution.................................................................................................7 Problem.................................................................................................8 Solution.................................................................................................8 Problem...............................................................................................11 Solution...............................................................................................11 Problem...............................................................................................12 Solution...............................................................................................12 Problem...............................................................................................14 vii
Page
8
TABLE OF CONTENTS Solution...............................................................................................14 Problem...............................................................................................16 Solution...............................................................................................16 Problem...............................................................................................18 Solution...............................................................................................18 Problem...............................................................................................19 Solution...............................................................................................20 Problem...............................................................................................20 Solution...............................................................................................21 Problem...............................................................................................22 Solution...............................................................................................22 Problem...............................................................................................23 Solution...............................................................................................23 Summary............................................................................................. 24 C hapter 2: Java Web Application with Spring Security, JSP Tags, and Thymeleaf............................................................... 25 Problem...............................................................................................26 Solution...............................................................................................26 Problem...............................................................................................29 Solution...............................................................................................30 Problem...............................................................................................31 Solution...............................................................................................31 Problem...............................................................................................33 Solution...............................................................................................33 Problem...............................................................................................35 Solution...............................................................................................35 viii
Page
9
TABLE OF CONTENTS Problem...............................................................................................40 Solution...............................................................................................40 Problem...............................................................................................41 Solution...............................................................................................41 Problem...............................................................................................41 Solution...............................................................................................41 Problem...............................................................................................42 Solution...............................................................................................43 Problem...............................................................................................43 Solution...............................................................................................43 Problem...............................................................................................47 Solution...............................................................................................48 Problem...............................................................................................48 Solution...............................................................................................49 Problem...............................................................................................51 Solution...............................................................................................51 Summary............................................................................................. 57 C hapter 3: Java Web Application and Spring Boot 3 Initializr....... 59 Problem...............................................................................................63 Solution...............................................................................................63 Problem...............................................................................................66 Solution...............................................................................................67 Problem...............................................................................................69 Solution...............................................................................................69 Problem...............................................................................................70 Solution...............................................................................................71 ix
Page
10
TABLE OF CONTENTS Problem...............................................................................................72 Solution...............................................................................................72 Problem...............................................................................................76 Solution...............................................................................................76 Problem...............................................................................................76 Solution...............................................................................................77 Problem...............................................................................................81 Solution...............................................................................................81 Problem...............................................................................................86 Solution...............................................................................................86 Summary............................................................................................. 98 C hapter 4: Spring Data JDBC and H2 Database ............................99 Problem............................................................................................. 100 Solution............................................................................................. 100 Problem............................................................................................. 102 Solution............................................................................................. 103 Problem............................................................................................. 103 Solution............................................................................................. 103 Problem............................................................................................. 106 Solution............................................................................................. 107 Problem............................................................................................. 108 Solution............................................................................................. 108 Problem............................................................................................. 109 Solution............................................................................................. 109 Problem............................................................................................. 113 Solution............................................................................................. 113 x
Page
11
TABLE OF CONTENTS Problem............................................................................................. 119 Solution............................................................................................. 119 Problem............................................................................................. 121 Solution............................................................................................. 121 Summary............................................................................................122 xi
Page
12
About the Author Massimo Nardone has more than 29 years of experience in information and cybersecurity for IT/OT/IoT/IIoT, web/mobile development, cloud, and IT architecture. His true IT passions are security and Android. He holds an MSc in computing science from the University of Salerno, Italy. Throughout his working career, he has held various positions, starting as a programming developer and then security teacher, PCI QSA, auditor, assessor, lead IT/ OT/SCADA/cloud architect, CISO, BISO, executive, program director, OT/IoT/IIoT security competence leader, VP of OT security, etc. In his last working engagement, he worked as a seasoned cyber and information security executive, CISO, and OT, IoT, and IIoT security competence leader, helping many clients to develop and implement cyber, information, OT, and IoT security activities. He is currently working as Vice President of OT security for SSH Communications Security. He is author of three books such as Secure RESTful APIs, Spring Security 6 Recipes and Cybersecurity in the Gaming Industry. Plus, he is a coauthor of numerous Apress books, including Pro Spring Security, Pro JPA 2 in Java EE 8, and Pro Android Games, and has reviewed more than 75 titles. xiii
Page
13
About the Technical Reviewer Mario Faliero is a telecommunications engineer and entrepreneur. He has more than ten years of experience with radio 1 frequency hardware engineering. Mario has extensive experience in numerical coding, using scripting languages (MATLAB, Python) and compiled languages (C/C++, Java). He has been responsible for the development of electromagnetic assessment tools for space and commercial applications. Mario received his master’s degree from the University of Siena. xv
Page
14
Acknowledgments Many thanks go to my wonderful children, Luna, Leo, and Neve, for supporting me all the time. You are and will always be the most beautiful reason of my life. I want to thank my beloved late father Giuseppe and my mother Maria, who always supported me and loved me so much. I will love and miss both of you forever. My beloved brothers, Roberto and Mario, for your endless love and for being the best brothers in the world. Brunaldo and Kaisa for bringing joy and happiness to Luna and Leo. Thanks a lot to Melissa Duffy for giving me the opportunity to work as writer on this book, to Shobana Srinivasan for doing such a great job during the editorial process and supporting me all the time, and of course Mario Faliero, the technical reviewer of this book, for helping me to make the book better. —Massimo xvii
Page
15
Introduction This book is for Spring Security beginners with a Spring Security 6 and Boot 3-based Java Application Problem-Solution Approach to secure the web tier. It will be a practical pocket guide to help the developers understand how to develop and deploy secure Spring Framework 6 and Spring Boot 3-based Enterprise Java applications with the Spring Security Framework. It will be structured as a problem and recipes, so for each small or big need there will be a solution provided. This book is about Spring Framework 6 and Spring Boot 3. It is a tutorial and reference that guides you through the implementation of the security features for a Java Web Application by presenting consistent solutions to security issues with Spring. This book explores a comprehensive set of functionalities to implement industry-standard authentication and authorization mechanisms for Java applications, providing examples on how to develop customized Spring Security login/logout, Spring Security and two-factor authentication, etc. To get the most out of this book, we recommend having the Spring Security source code checked out on your computer and working through the examples alongside both the book’s content and the Spring Security codebase. This hands-on approach will not only help you grasp each concept as it’s introduced but also teach valuable programming techniques and best practices. Whenever possible, this method of studying software is highly effective. If the source code is available, make sure to explore it—sometimes, a few lines of code can convey more than a thousand words. xix
Page
16
INTRODUCTION In this book, we focus on introducing Spring Boot 3, analyzing the Spring Framework, and building Java Web Applications using Spring Security v6 and Java 23. Spring Security v6 supports a wide range of authentication mechanisms, and this book will look into Spring Security 6 integration with H2 DB, JWT, OAuth2.0, etc. Prerequisites The examples in this book are all built with Java 17+ and Maven 3.9.9. Spring Security 6 was the version used throughout the book. Tomcat Web Server v11 was used for the different web applications in the book, mainly through its Maven plug in, and the laptop used was a ThinkPad Yoga 360 with 8GB of RAM. All the projects were developed using the IntelliJ IDEA Ultimate 2024.2.4. You are free to use your own tools and operating system. Because everything is Java based, you should be able to compile your programs on any platform without problems. Downloading theCode The code for the examples given in this book is available via the Download Source Code button located at https://github.com/Apress/Spring- Security-6-Recipes . xx
Page
17
CHAPTER 1 Development Tools This pocketbook is in a problem-solution format, intended for Spring Security beginners with a Spring Security 6 and H2 DB-based Java Application Problem-Solution Approach to secure the web tier. It is a practical pocket guide to help you understand how to develop and deploy secure Spring Framework 6 and Spring Boot 3-based Enterprise Java applications with the Spring Security Framework and H2 DB. The chapters of the book have a problem-solution structure, so for each small or big need there will be a solution provided. In this book, we will explore the comprehensive set of functionalities to implement industry-standard authentication and authorization mechanisms for Java applications, providing examples on how to develop customized Spring Security with JSP tags and Thymeleaf, Boot Initializr, Data JDBC, etc. What Is Spring Security 6? Spring Security 6 is the latest version of the Spring Security Framework, designed to provide comprehensive security features for Java applications, particularly those built on the Spring ecosystem. It focuses on authentication, authorization, and protection against common security vulnerabilities, such as Cross-Site Request Forgery (CSRF) and session fixation attacks. © Massimo Nardone 2025 1 M. Nardone, Spring Security 6 Recipes, Apress Pocket Guides, https://doi.org/10.1007/979-8-8688-1297-2_1
Page
18
CHAPTER 1 DEVELOPMENT TOOLS Here’s an overview of what’s new and essential about Spring and what the key features of Spring Security 6 are: 1. Java 17 and Spring Framework 6+ Compatibility • Spring Security 6 requires Java 17+ and is built to be compatible with Spring Framework 6 and Spring Boot 3. This enables developers to use the latest language features and performance improvements in Java 17. 2. Focus on Modern Security Practices • The shift toward Zero Trust Security principles, where every request is authenticated and authorized independently, is supported in Spring Security. 3. Authorization with a Centralized Authorization Manager • Spring Security 6 introduces the AuthorizationManager API as a centralized way to manage and configure access control across your application. This provides a unified way to apply authorization rules across different layers and endpoints. 4. OAuth 2.1 Support • With OAuth 2.0 being widely adopted, Spring Security 6 includes updated support for OAuth 2.1. 5. Security Filter Chain Customization • The configuration process for security filters has been streamlined with the SecurityFilterChain bean. This allows more flexible and modular configurations of security rules. 2
Page
19
CHAPTER 1 DEVELOPMENT TOOLS 6. New Authorization and Access Policies • Expanded support for custom authorization rules allows developers to define specific access policies for different types of requests and roles with annotations like @PreAuthorize and @PostAuthorize, along with the new AuthorizationManager, so you can define custom rules for each endpoint or service more intuitively. 7. Enhanced Security Context Management • Improvements to the SecurityContextHolder make it easier to manage user authentication details throughout the application. • The updated SecurityContext API allows more robust handling of security contexts in reactive applications, making Spring Security 6 well suited for both traditional and reactive programming models. 8. Built-In Support for Servlet and Reactive Stacks • Reactive Security: Spring Security 6 is compatible with reactive programming in Spring WebFlux, allowing for efficient, nonblocking security mechanisms for real-time applications. • Servlet Stack: Traditional Spring MVC applications can still use all features, while Spring WebFlux users can benefit from nonblocking reactive support. 3
Page
20
CHAPTER 1 DEVELOPMENT TOOLS 9. Improved CSRF Protection • CSRF protection mechanisms have been enhanced and simplified, with more secure defaults for managing CSRF tokens and a simplified API for enabling/disabling CSRF protections as needed. 10. Easier Configuration for Password Encoding • Spring Security 6 improves password management by offering more built-in options for password encoding with modern hashing algorithms such as bcrypt. Problem Where does Spring Security fit in and where and why would you use Spring Security? Solution Spring Security is a powerful, versatile framework specifically suited for securing Java applications, particularly those using Spring. Here are some key scenarios where it shines: 1. Web Security: Protects against common vulnerabilities like S (XSS), CSRF, and clickjacking. Cross-Site cripting 2. URL Security: Provides tools for securing URLs, resource access, and enforcing HTTPS. 3. JVM Languages: Works best with Java, Groovy, or Kotlin; it’s not compatible with non-JVM languages. 4
Comments 0
Loading comments...
Reply to Comment
Edit Comment