In part 1, we discussed the importance of security and how to create the Spring Boot project using Spring Security as a dependency. We also explored the essential components for authentication. Now we have a starting point.
Part 2 makes up the bulk of this book. In this part, we’ll dive into using Spring Security in application development. We’ll detail each of the Spring Security components and discuss different approaches you need to know when developing any real-world app. In part 2, you’ll find everything you need to learn about developing security features in apps with Spring Security, with plenty of example projects and two hands-on exercises. I’ll drive you through a path of knowledge with multiple subjects, from the basics to using OAuth 2, and from securing apps using imperative programming to applying security in reactive applications. And I’ll make sure what we discuss is well spiced with lessons I’ve learned in my experience with using Spring Security.
In chapters 3 and 4, you’ll learn to customize user management and how to deal with passwords. In many cases, applications rely on credentials to authenticate users. For this reason, discussing the management of user credentials opens the gate to further discussing authentication and authorization. We’ll continue with customizing the authentication logic in chapter 5. In chapters 6 through 11, we’ll discuss the components related to authorization. Throughout all these chapters, you’ll learn how to deal with basic elements like user details managers, password encoders, authentication providers, and filters. Knowing how to apply these components and properly understanding them enables you to solve the security requirements you’ll face in real-world scenarios.
Nowadays, many apps, and especially systems deployed in the cloud, implement authentication and authorization over the OAuth 2 specification. In chapters 12 through 15, you’ll learn how to implement authentication and authorization in your OAuth 2 apps, using Spring Security. In chapters 16 and 17, we’ll discuss applying authorization rules at the method level. This approach enables you to use what you learn about Spring Security in non-web apps. It also gives you more flexibility when applying restrictions in web apps. In chapter 19, you’ll learn to apply Spring Security to reactive apps. And, because there’s no development process without testing, in chapter 20, you’ll learn how to write integrations tests for your security implementations.
Throughout part 2, you’ll find chapters where we’ll use a different way to address the topic at hand. In each of these chapters, we’ll work on a requirement that helps to refresh what you’ve learned, understand how more of the subjects we discussed fit together, and also learn applications for new things. I call these the “Hands-On” chapters.