فهرست مطالب

• Praise for the first edition
• Spring Security in Action
• Copyright
• Contents
• Front Matter
• Part 1. Say hello to Spring Security
• Chapter 1: Security today
• 1.1 Discovering Spring Security
• 1.2 What is software security?
• 1.3 Why is security important?
• 1.4 What will you learn in this book?
• Summary
• Chapter 2: Hello, Spring Security
• 2.1 Starting your first project
• 2.2 The big picture of Spring Security class design
• 2.3 Overriding default configurations
• Summary
• Part 2. Configuring authentication
• Chapter 3: Managing users
• 3.1 Implementing authentication in Spring Security
• 3.2 Describing the user
• 3.3 Instructing Spring Security on how to manage users
• Summary
• Chapter 4: Managing passwords
• 4.1 Using password encoders
• 4.2 Taking advantage of the Spring Security Crypto module
• Summary
• Chapter 5: A web app’s security begins with filters
• 5.1 Implementing filters in the Spring Security architecture
• 5.2 Adding a filter before an existing one in the chain
• 5.3 Adding a filter after an existing one in the chain
• 5.4 Adding a filter at the location of another in the chain
• 5.5 Filter implementations provided by Spring Security
• Summary
• Chapter 6: Implementing authentications
• 6.1 Understanding the AuthenticationProvider
• 6.2 Using the SecurityContext
• 6.3 Understanding HTTP Basic and form-based login authentications
• Summary
• Part 3. Configuring authorization
• Chapter 7: Configuring endpoint-level authorization: Restricting access
• 7.1 Restricting access based on authorities and roles
• Summary
• Chapter 8: Configuring endpoint-level authorization: Applying restrictions
• 8.1 Using the requestMatchers() method to select endpoints
• 8.2 Selecting requests to apply authorization restrictions
• 8.3 Using regular expressions with request matchers
• Summary
• Chapter 9: Configuring CSRF protection
• 9.1 How CSRF protection works in Spring Security
• 9.2 Using CSRF protection in practical scenarios
• 9.3 Customizing CSRF protection
• Summary
• Chapter 10: Configuring CORS
• 10.1 How does CORS work?
• 10.2 Applying CORS policies with the @CrossOrigin annotation
• 10.3 Applying CORS using a CorsConfigurer
• Summary
• Chapter 11: Implementing authorization at the method level
• 11.1 Enabling method security
• 11.2 Applying preauthorization rules
• 11.3 Applying postauthorization rules
• 11.4 Implementing permissions for methods
• Summary
• Chapter 12: Implementing filtering at the method level
• 12.1 Applying prefiltering for method authorization
• 12.2 Applying postfiltering for method authorization
• 12.3 Using filtering in Spring Data repositories
• Summary
• Part 4. Implementing OAuth 2 and OpenID Connect
• Chapter 13: What are OAuth 2 and OpenID Connect?
• 13.1 The big picture of OAuth 2 and OpenID Connect
• 13.2 Using various token implementations
• 13.3 Obtaining tokens through various grant types
• 13.4 What OpenID Connect brings to OAuth 2
• 13.5 The sins of OAuth 2
• Summary
• Chapter 14: Implementing an OAuth 2 authorization server
• 14.1 Implementing basic authentication using JSON web tokens
• 14.2 Running the authorization code grant type
• 14.3 Running the client credentials grant type
• 14.4 Using opaque tokens and introspection
• 14.5 Revoking tokens
• Summary
• Chapter 15: Implementing an OAuth 2 resource server
• 15.1 Configuring JWT validation
• 15.2 Using customized JWTs
• 15.3 Configuring token validation through introspection
• 15.4 Implementing multitenant systems
• Summary
• Chapter 16: Implementing an OAuth 2 client
• 16.1 Implementing OAuth 2 login
• 16.2 Implementing an OAuth 2 client
• Summary
• Part 5. Going reactive
• Chapter 17: Implementing security in reactive applications
• 17.1 What are reactive apps?
• 17.2 User management in reactive apps
• 17.3 Configuring authorization rules in reactive apps
• 17.4 Creating a reactive OAuth 2 resource server
• Summary
• Part 6. Testing security configurations
• Chapter 18: Testing security configurations
• 18.1 Using mock users for tests
• 18.2 Testing with users from a UserDetailsService
• 18.3 Using custom Authentication objects for testing
• 18.4 Testing method security
• 18.5 Testing authentication
• 18.6 Testing CSRF configurations
• 18.7 Testing CORS configurations
• 18.8 Testing reactive Spring Security implementations
• Summary
• Appendix A: Links to official documentation
• Appendix B: Further reading
• Index