更新时间:2021-07-02 23:10:56
封面
版权信息
Credits
About the Authors
About the Reviewers
www.Packtpub.com
Why subscribe?
Customer Feedback
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example code
Errata
Piracy
Questions
Anatomy of an Unsafe Application
Security audit
About the sample application
The JBCP calendar application architecture
Application technology
Reviewing the audit results
Authentication
Authorization
Database credential security
Sensitive information
Transport-level protection
Using Spring Security 4.2 to address security concerns
Why Spring Security?
Summary
Getting Started with Spring Security
Hello Spring Security
Importing the sample application
Updating your dependencies
Using Spring 4.3 and Spring Security 4.2
Implementing a Spring Security XML configuration file
Updating your web.xml file
The ContextLoaderListener class
ContextLoaderListener versus DispatcherServlet
The springSecurityFilterChain filter
The DelegatingFilterProxy class
The FilterChainProxy class
Running a secured application
Common problems
A little bit of polish
Customizing login
Configuring logout
The page isn't redirecting properly
Basic role-based authorization
Expression-based authorization
Conditionally displaying authentication information
Customizing behavior after login
Custom Authentication
JBCP calendar architecture
The CalendarUser object
The Event object
The CalendarService interface
The UserContext interface
The SpringSecurityUserContext interface
Logging in new users using SecurityContextHolder
Managing users in Spring Security
Logging in a new user to an application
Updating SignupController
Creating a custom UserDetailsService object
The CalendarUserDetailsService class
Configuring UserDetailsService
Removing references to UserDetailsManager
The CalendarUserDetails object
The SpringSecurityUserContext simplifications
Displaying custom user attributes
Creating a custom AuthenticationProvider object
CalendarUserAuthenticationProvider
Configuring the CalendarUserAuthenticationProvider object
Authenticating with different parameters
The DomainUsernamePasswordAuthenticationToken class
Updating CalendarUserAuthenticationProvider
Adding domain to the login page
The DomainUsernamePasswordAuthenticationFilter class
Updating our configuration
Which authentication method to use?
JDBC-Based Authentication
Required dependencies
Using the H2 database
Provided JDBC scripts
Configuring the H2 embedded database
Configuring a JDBC UserDetailsManager implementation
The default user schema of Spring Security
Defining users
Defining user authorities
The UserDetailsManager interface
Group-based access control
Configuring group-based access control
Configuring JdbcUserDetailsManager to use groups
Utilizing GBAC JDBC scripts
The group-based schema
