Title Page Copyright and Credits Hands-On Spring Security 5 for Reactive Applications Dedication Packt Upsell Why subscribe? PacktPub.com Contributors About the author About the reviewer Packt is searching for authors like you Preface Who this book is for What this book covers To get the most out of this book Download the example code files Download the color images Conventions used Get in touch Reviews Overview of Spring 5 and Spring Security 5 How examples are structured New-generation application requirements Reactive programming Reactive applications Reactive Manifesto Responsive Resilient Elastic Message-driven Spring Framework Reactive Landscape in Java Reactive Streams and Reactive Streams Specifications Non-blocking Backpressure Reactive Extensions RxJava Reactive Streams and RxJava JDK 9 additions Important interfaces The Publisher Interface The Subscriber Interface The Subscription interface The Processor interface Spring Framework and reactive applications Modules in Reactor Reactive types in Reactor Core The Flux reative type The Mono reactive type Data stream types Reactor and RxJava Reactive Web Application Spring WebFlux Reactive Spring Web WebClient WebSockets Application security Spring Security Spring Security terminologies Spring Security's core features Authentication Authorization Spring Security 5's new features Working of Spring Security Servlet Filter Filter Chain Security Interceptor (DelegatingFilterProxy) Core Spring Security modules Summary Deep Diving into Spring Security Authentication Setting up AuthenticationManager AuthenticationProvider Custom AuthenticationProvider Multiple AuthenticationProvider Sample application Base project setup Step 1—Create a Maven project in IntelliJ IDEA Step 2—pom.xml changes Step 3—MySQL database schema setup Step 4—Setting up MySQL database properties in your project Step 5—Spring application configuration Step 6—Web application configuration Step 7—Spring MVC setup Step 8—Controller setup Step 9—JSP creation Spring Security setup Step 1—Spring Security configuration setup Step 2—Spring Security setup for a web application Running the application In-memory user storage Run as Spring Boot Authorization Web URL Method invocation Domain instance Other Spring Security capabilities Summary Authentication Using SAML, LDAP, and OAuth/OIDC Security Assertion Markup Language Setting up an SSO provider Setting up the project The pom.xml file setup The application.yml file setup The Spring Security configuration files The resources folder setup Running and testing the application Lightweight Directory Access Protocol Set up dependencies in the pom.xml file Spring Security configuration LDAP server setup Setting up users in the LDAP server Running the application Seeing the application in action on a browser OAuth2 and OpenID Connect Setting up a project Bootstrap Spring project using Spring Initializr Inclusion of OAuth libraries in pom.xml Setting up provider details in application.properties Provider setup Default application change The HomeController class The home.jsp file Spring Boot main application class change Running the application Summary Authentication Using CAS and JAAS CAS CAS server setup Git clone Adding additional dependencies Setting up the resources folder in the project Creating the application.properties file Creating a local SSL keystore Creating the .crt file to be used by the client Exporting the .crt file to Java and the JRE cacert keystore Building a CAS server project and running it Registering a client with the CAS server JSON service configuration Additional application.properties file changes CAS client setup Bootstrap Spring project using Spring Initializr Including CAS libraries in pom.xml Changing the application.properties file Additional bean configuration ServiceProperties bean AuthenticationEntryPoint bean TicketValidator bean CasAuthenticationProvider bean Setting up Spring Security Creating the CasAuthenticationFilter bean Setting up the controller Running the application Java Authentication and Authorization Service Setting up a project Setting up Maven project Setting up LoginModule Setting up a custom principal Setting up a custom AuthorityGranter Configuration files Application configuration Spring MVC configuration Spring Security configuration Controllers Setting up pages Running the application Kerberos Custom AuthenticationEntryPoint Multiple AuthenticationEntryPoint PasswordEncoder Salt Custom filters Summary Integrating with Spring WebFlux Spring MVC versus WebFlux When to choose what? Reactive support in Spring 5 Reactive in Spring MVC Spring WebFlux HandlerFunction RouterFunction Spring WebFlux server support Reactive WebClient Reactive WebTestClient Reactive WebSocket Spring WebFlux authentication architecture Spring WebFlux authorization Sample project WebFlux project setup Maven setup Configuration class The SpringWebFluxConfig class Repository Handler and router Bootstrap application Running the application Adding security Configuration classes The UserDetailsService bean The SpringSecurityFilterChain bean Running the application CURL Browser WebClient Maven setup Creating a WebClient instance Handling errors Sending requests and retrieving responses Running and testing the application Unit testing (WebTestClient) Maven dependency Test class Spring Data Maven dependency MongoDB configuration Setting up a model Implementing a repository Implementing a controller Running the application Authorization Method security Customization Writing custom filters Using WebFilter Using HandlerFilterFunction Summary REST API Security Important concepts REST JSON Web Token (JWT) Structure of a token Header Payload Signature Modern application architecture SOFEA Reactive REST API Simple REST API security Spring Security configuration Authentication success handler Custom WebFilter namely JWTAuthWebFilter New controller classes Running the application and testing Advanced REST API security OAuth2 roles Resource owner Resource server Client Authorization server Authorization grant types Authorization code flow Implicit flow Client credentials Resource owner password credentials Access Token and Refresh Token Spring Security OAuth project OAuth2 and Spring WebFlux Spring Boot and OAuth2 Sample project Authorization server Maven dependencies Spring Boot run class Spring Security config Authorization server config Application properties Resource server Maven dependencies Spring Boot run class Resource server config Spring Security config Spring MVC config class Controller class Application properties Client application Maven dependencies Spring Boot class OAuth client config Spring Security config Controller classes Templates Application properties Running the project Summary Spring Security Add-Ons Remember-me authentication Creating a new table in MySQL database Spring Security configuration The custom login page Running the application and testing Session management CSRF CSP CSP using Spring Security Channel security CORS Support The Crypto module Password encoding Encryption Key generation Secret management Starting by unsealing Vault The Spring Boot project The Maven dependency HTTP Data Integrity Validator What is HDIV? The Bootstrap project Maven dependencies Spring Security configuration Spring MVC configuration HDIV configuration The Model class The Controller class Pages Running the application Custom DSL Summary Other Books You May Enjoy Leave a review - let other readers know what you think