Rating:
(7 reviews)
Author: Peter Mularien
ISBN : 1847199747
New from $47.49
Format: PDF
Download electronic versions of selected books Free Spring Security 3 [Paperback] from with Mediafire Link Download Link
Secure your web applications against malicious intruders with this easy to follow practical guide
- Make your web applications impenetrable.
- Implement authentication and authorization of users.
- Integrate Spring Security 3 with common external security providers.
- Packed full with concrete, simple, and concise examples.
In Detail
Security is of critical importance to all web applications. Vulnerable applications are easy prey for hackers. This book is the perfect tool for Java developers looking to repel attacks against their web applications using the proven Spring Security library to achieve this.
A comprehensive guide to Spring Security 3. You will learn through real world business scenarios how to guard against the latest threats. You will also learn to combine Spring Security 3 with external security providers such as LDAP, OpenID, CAS, Kerberos, and Active Directory.
The book starts by giving an overview of security concepts and techniques, as well as setup and configuration. The book then gets you working with a JSP based web application that implements a simple e-commerce website. At this point you will progressively enhance the application giving you hands on experience implementing features of Spring Security 3 in real world business scenarios.
The second half of the book is devoted to common integration scenarios that you will come accross every day. At this stage you will be in a position to solve specific, complex integration problems. The book will end by showing migration from Spring Security 2 to 3.
This practical guide will show you how to implement Spring Security 3 and protect your applications from being breached using a combination of real world, straightforward examples.
What you will learn from this book
- Recognize design flaws that will make your applications unsafe.
- Implement basic authorization and credential storage.
- Move seamlessly from Spring Security 2 to Spring Security 3.
- Provide Enterprise adaptability with LDAP, Active Directory, and Kerberos.
- Push the Boundaries of Spring Security 3 through Extension and Customization.
- Integrate in-house applications and popular Java frameworks with Spring Security 3.
- Plan the configuration of Spring Security 3 to accommodate the authentication and authorization requirements of your application.
Approach
The book starts by teaching the basic fundamentals of Spring Security 3 such as setup and configuration. Later it looks at more advanced topics showing the reader how to solve complex real world security issues.
Who this book is written for
This book is for Java developers who build web projects and applications. The book assumes basic familiarity with Java, XML and the Spring Framework. Newcomers to Spring Security will still be able to utilize all aspects of this book.
Books with free ebook downloads available Free Spring Security 3
- Paperback: 420 pages
- Publisher: Packt Publishing (May 26, 2010)
- Language: English
- ISBN-10: 1847199747
- ISBN-13: 978-1847199744
- Product Dimensions: 0.8 x 7.1 x 8.9 inches
- Shipping Weight: 1.8 pounds (View shipping rates and policies)
Free Spring Security 3
Mularien has a comfortable writing style and the book is a lot less dry than several other Spring
books I've read.
The first topics covered are a Authorization/Authentication, XML configuration, the login/logout process and the overall architecture of secured web requests. You are then walked through configuring Spring Security for an example "pet store" web application, which starts off using an "in-memory" user credential store (configured via XML). Next, you progressively face-lift the example for more real-world usage, where your first stop is hooking up an actual database for storing user credentials. For simplicity, Mularien uses an HSQL embedded database, where enough setup/configuration information is provided to ensure success. Following his configuration examples, I was able to point Spring Security to a local MySQL instance instead and everything worked just fine.
Out-of-the box, JDBC-based user management is covered next, where Spring Security's simplified "namespace" configuration tags are used. You then slowly progress towards using your own custom/legacy schema with database-resident authentication. Also covered are secure user passwords, password encryption types, SALT usage/configuration (for extra password security), SSL use/setup via Tomcat and securing portions of your web app via Spring Security's "requires-channel" feature.
Fine-grained access control and authorization is next, with plenty of good coverage on Annotations and AOP expressions. There's also an explanation on JSR-250 compliant annotations vs. Spring Security's annotation set and the differences between them.
From there, Mularien goes on to advanced configuration and extension of Spring Security.
As of August 2012, there are two major learning resources for Spring Security: this book and the reference documentation. While reference documentation is pretty solid, it should be used exactly for "refering". It's useful for providing detailed information about Spring Security facilities, but it isn't the best place for getting the "big picture". And that's what is this book good at.
Let me tell you, that Spring Security is imho one of the most complicated and complex Java frameworks that is nowadays around. It is almost impossible to use it after first google hit: tutorials or forums are simply not enough to get you started with this beast. Hell no!
This book excels in explaining what is Spring Security from scratch. It covers important security principles and demonstrates some use cases on sample application. You will learn how Spring Security handles authentication, authorization, about very important security chain based on filters, about method intercepting and pre/post authorization, customizing login/logout pages, remember me support, about password encryption and much more. The second part of the book is dedicated to 3rd party services such as OpenID, LDAP, SSO and there is also chapter about SS2 to SS3 migration. For hard-core developers there is also part about how to wire all the required dependencies yourself.
I've read some negative comments about the sample code. The truth is, that formatiing is terrible and is hard to read even from paperback. I don't want to think how messy must Kindle version be. That's why I am giving one star down from my rating. You also have to accept the fact, that you need to download the sample code for this book and play with it. This is NOT step-by-step tutorial for creating application!