Bookmark & Share Subscribe to Feed
uGBOO | Feeding you the latest news, press releases and articles!

OAuth 2.0 Cookbook: Protect your web applications using Spring Security


Key Features

  • Interact with public OAuth 2.0 protected APIs such as Facebook, LinkedIn and Google.
  • Use Spring Security and Spring Security OAuth2 to implement your own OAuth 2.0 provider
  • Learn how to implement OAuth 2.0 native mobile clients for Android applications

Book Description

OAuth 2.0 is a standard protocol for authorization and focuses on client development simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and so on. This book also provides useful recipes for solving real-life problems using Spring Security and creating Android applications.

The book starts by presenting you how to interact with some public OAuth 2.0 protected APIs such as Facebook, LinkedIn and Google. You will also be able to implement your own OAuth 2.0 provider with Spring Security OAuth2. Next, the book will cover practical scenarios regarding some important OAuth 2.0 profiles such as Dynamic Client Registration, Token Introspection and how to revoke issued access tokens. You will then be introduced to the usage of JWT, OpenID Connect, and how to safely implement native mobile OAuth 2.0 Clients.

By the end of this book, you will be able to ensure that both the server and client are protected against common vulnerabilities.

What you will learn

  • Use Redis and relational databases to store issued access tokens and refresh tokens
  • Access resources protected by the OAuth2 Provider using Spring Security
  • Implement a web application that dynamically registers itself to the Authorization Server
  • Improve the safety of your mobile client using dynamic client registration
  • Protect your Android client with Proof Key for Code Exchange
  • Protect the Authorization Server from invalid redirection

About the Author

Adolfo Eloy Nascimento is a software engineer at Elo7, he has a Bachelors degree in Computer Science, and has been working with software development since 1999. In around 2003, he started working with web development implementing applications using ASP, PHP4/5, JavaScript, and Java (sometimes he still does some maintenance for a Ruby on Rails application). He started using OAuth 2.0 two years ago, when designing applications using microservice architectures, as well as modeling and interacting with public APIs.

As a tech enthusiast, Adolfo also likes to read and learn about programming languages and new technologies. He also believes that besides creating new applications, it is also important to share the knowledge he has acquired, which is what he does by writing for his personal blog, writing articles for Java Magazine in Brazil, and also writing tech books.

Table of Contents

  1. OAuth 2.0 foundations
  2. Implementing Your Own OAuth 2.0 Provider
  3. Using an API protected with OAuth 2.0
  4. Working with OAuth 2.0 profiles
  5. Self contained tokens with JWT
  6. OpenID Connect for authentication
  7. Implementing Mobile Clients
  8. Avoiding common vulnerabilities

For MORE INFO & REVIEWS please click here!

Spring Security – Third Edition: Secure your web applications, RESTful services, and microservice architectures


Learn how to secure your Java applications from hackers using Spring Security 4.2

About This Book

  • Architect solutions that leverage the full power of Spring Security while remaining loosely coupled.
  • Implement various scenarios such as supporting existing user stores, user sign up, authentication, and supporting AJAX requests,
  • Integrate with popular Microservice and Cloud services such as Zookeeper, Eureka, and Consul, along with advanced techniques, including OAuth, JSON Web Token’s (JWS), Hashing, and encryption algorithms

Who This Book Is For

This book is intended for Java Web and/or RESTful webservice developers and assumes a basic understanding of creating Java 8, Java Web and/or RESTful webservice applications, XML, and the Spring Framework. You are not expected to have any previous experience with Spring Security.

What You Will Learn

  • Understand common security vulnerabilities and how to resolve them
  • Learn to perform initial penetration testing to uncover common security vulnerabilities
  • Implement authentication and authorization
  • Learn to utilize existing corporate infrastructure such as LDAP, Active Directory, Kerberos, CAS, OpenID, and OAuth
  • Integrate with popular frameworks such as Spring, Spring-Boot, Spring-Data, JSF, Vaaden, jQuery, and AngularJS.
  • Gain deep understanding of the security challenges with RESTful webservices and microservice architectures
  • Integrate Spring with other security infrastructure components like LDAP, Apache Directory server and SAML

In Detail

Knowing that experienced hackers are itching to test your skills makes security one of the most difficult and high-pressured concerns of creating an application. The complexity of properly securing an application is compounded when you must also integrate this factor with existing code, new technologies, and other frameworks. Use this book to easily secure your Java application with the tried and trusted Spring Security framework, a powerful and highly customizable authentication and access-control framework.

The book starts by integrating a variety of authentication mechanisms. It then demonstrates how to properly restrict access to your application. It also covers tips on integrating with some of the more popular web frameworks. An example of how Spring Security defends against session fixation, moves into concurrency control, and how you can utilize session management for administrative functions is also included.

It concludes with advanced security scenarios for RESTful webservices and microservices, detailing the issues surrounding stateless authentication, and demonstrates a concise, step-by-step approach to solving those issues. And, by the end of the book, readers can rest assured that integrating version 4.2 of Spring Security will be a seamless endeavor from start to finish.

Style and approach

This practical step-by-step tutorial has plenty of example code coupled with the necessary screenshots and clear narration so that grasping content is made easier and quicker.

For MORE INFO & REVIEWS please click here!

Pivotal Certified Spring Web Application Developer Exam: A Study Guide


Prepare for the Pivotal Certified Spring Web Application Developer exam and learn about Spring MVC DispatcherServlet configuration, Spring MVC programming model essentials, Spring MVC views and form processing, Spring Web Flow essentials, and Spring Web Flow actions and configuration. The Pivotal Certified Spring Web Application Developer Exam: A Study Guide is the ideal preparation for the exam and after reading and using it, you’ll be able to pass and become a certified Spring Web Developer.

When you become a Pivotal Certified Spring Web Application Developer, you’ll receive one of the most valuable credentials available in enterprise Java. Achieving this certification demonstrates your ability to apply Spring’s web projects to develop real-world Java web applications and validates your familiarity with Spring Web.

Product Features

  • Pivotal Certified Spring Web Application Developer Exam A Study Guide

For MORE INFO & REVIEWS please click here!

Spring Boot and Single-Page Applications: Integrate Your Microservice Securely with Your Single-Page Application


Introduction price of $2.99 – Limited Time

Learn to integrate your Spring Boot application with a single-page application securely in an actionable and hands-on approach within just a few hours!

In this custom tailored learning plan you get a head start and learn 4 commonly used ways to integrate your Spring Boot backend with your single-page application and secure it.

In just a few hours, you will know how to implement 4 different types of integration and are ready to make better decisions when applying these principles in your context. You’ve been there and done that already while other developers are still wading through hundreds of pages of a fluffy compendium and still having no clue of how to solve the problem.

You learn best by coding. The way I love learning too.

What you will build:
We’ll put a single-page application written in Angular 4 and Typescript as an Admin UI on top of the microservice built in my book “Spring Boot: How To Get Started and Build a Microservice”. However, you don’t need to know it. We will extend it with a single operation which teaches how to implement Pagination and integrate it with a single-page application securely in 4 different ways.

The focus is on the integration and security on the side of Spring Boot.

What you will learn:

  • How to secure your API in Spring Boot 1.5.x
  • How to use pagination for huge lists in your API
  • How to protect your API with basic auth
  • How to use Cross-Origin Resource Sharing (CORS) with Spring Boot
  • How to implement JSON Web Tokens (JWT) in Spring Security
  • How to use stateful authentication for your API and UI
  • How to protect your application against Cross-Site-Request-Forgery (CSRF)
  • How to make better decission when to use which integration type

This book is for you when

  • you have a basic understanding of Spring Boot and want to add a UI on top
  • when you are new to single-page applications with Spring backends
  • you read my Spring Boot starting book and want to continue learning

It is NOT for you if

  • you like reading fluffy compendiums
  • you have not worked with Spring Boot (learn Spring Boot with my other book and come back)
  • you don’t know the Java language at all

And if you have questions, do not hesitate and contact me using the email address at the end of the book. I am glad to help out.

For MORE INFO & REVIEWS please click here!

Learning Spring Application Development


Develop dynamic, feature-rich, and robust Spring-based applications using the Spring Framework

About This Book

  • Build and deploy Spring-powered, production-grade applications and services with minimal fuss
  • Discover the key Spring framework-related technology standards such as Spring core, Spring-AOP, Spring data access frameworks, and Spring testing to develop robust Java applications easily and rapidly
  • A hands-on guide enriched with plenty of diagrams, and Java programs to give you a better understanding of how to design, develop, and test your Spring-based application

Who This Book Is For

This book is intended for those who are interested in learning the core features of the Spring Framework. Prior knowledge of Java programming and web development concepts with basic XML knowledge is expected.

In Detail

With this practical guide, you will learn best practices through real-world projects and follow a simple, practical approach to developing high performance and enterprise-grade Java applications with Spring.

Starting with the architecture of the Spring Framework and setting up the key components of the Spring application development environment, you will learn the configuration of Spring Container and how to manage Spring beans using XML and annotations.

Following this, you will explore how to implement the request handling layer using Spring annotated controllers. Other highlights include learning how to build the Java DAO implementation layer by leveraging the Data Access Object design pattern, securing your applications against malicious intruders, and exploring the Spring Mail Application Programming interface to send and receive e-mails.

For MORE INFO please click here!

Getting started with Spring Framework: a hands-on guide to begin developing applications using Spring Framework


Getting started with Spring Framework is a hands-on guide to begin developing applications using Spring Framework. This book is meant for Java developers with little or no knowledge of Spring Framework. All the examples shown in this book use Spring 4.

  
You can download the examples (consisting of 60 sample projects) described in this book from the following Google Code project: code.google.com/p/getting-started-with-spring-framework-2edition/

Chapter 1 – Introduction to Spring Framework
Chapter 2 – Spring Framework basics
Chapter 3 – Configuring beans
Chapter 4 – Dependency injection
Chapter 5 – Customizing beans and bean definitions
Chapter 6 – Annotation-driven development with Spring
Chapter 7 – Database interaction using Spring
Chapter 8 – Messaging, emailing, asynchronous method execution, and caching using Spring
Chapter 9 – Aspect-oriented programming
Chapter 10 – Spring Web MVC basics
Chapter 11 – Validation and data binding in Spring Web MVC
Chapter 12 – Developing RESTful web services using Spring Web MVC
Chapter 13 – More Spring Web MVC – internationalization, file upload and asynchronous request processing
Chapter 14 – Securing applications using Spring Security

This book covers:
– Specifying configuration metadata using XML and annotations
– Programmatically configuring Spring container and beans
– Configuring different types of bean properties
– Bean lifecycle interfaces
– Customizing beans using BeanPostProcessors and BeanFactoryPostProcessors
– Bean definition inheritance
– JSR 250’s and 330’s annotations for dependency injection
– Validation using JSR 303 (Bean Validation API) annotations and Spring’s Validator interface
– SpEL (Spring Expression Language)
– Caching using Spring’s cache abstraction
– Sending and receiving JMS messages using Spring
– Aspect-oriented programming support in Spring
– Sending emails using Spring
– Asynchronously executing methods using Spring
– Task scheduling
– Database interaction using JDBC and Hibernate
– Programmatic and declarative transaction management
– Spring Web MVC
– Developing RESTful Web Services using Spring
– Spring Security

The book shows a simple internet banking application that is developed incrementally in each chapter of the book and covers the topics mentioned above.
You can post your feedback and questions to the authors in the following Google Groups forum:groups.google.com/forum/#!forum/getting-started-with-spring-framework

For MORE INFO please click here!