You're reading from Spring Security Effectively secure your web apps, RESTful services, cloud apps, and microservice architectures

Product type Paperback

Published in Jun 2024

Publisher Packt

ISBN-13 9781835460504

Length 596 pages

Edition 4th Edition

Languages

Java

Tools

Spring

Concepts

Web Security

Author (1):

Badr Nasslahsen

View More author details

Table of Contents (28) Chapters

Preface

1. Part 1: Fundamentals of Application Security

2. Chapter 1: Anatomy of an Unsafe Application FREE CHAPTER

3. Chapter 2: Getting Started with Spring Security

4. Chapter 3: Custom Authentication

5. Part 2: Authentication Techniques

6. Chapter 4: JDBC-based Authentication

7. Chapter 5: Authentication with Spring Data

8. Chapter 6: LDAP Directory Services

9. Chapter 7: Remember-me Services

10. Chapter 8: Client Certificate Authentication with TLS

11. Part 3: Exploring OAuth 2 and SAML 2

12. Chapter 9: Opening up to OAuth 2

13. Chapter 10: SAML 2 Support

14. Part 4: Enhancing Authorization Mechanisms

15. Chapter 11: Fine-Grained Access Control

16. Chapter 12: Access Control Lists

17. Chapter 13: Custom Authorization

18. Part 5: Advanced Security Features and Deployment Optimization

19. Chapter 14: Session Management

20. Chapter 15: Additional Spring Security Features

21. Chapter 16: Migration to Spring Security 6

22. Chapter 17: Microservice Security with OAuth 2 and JSON Web Tokens

23. Chapter 18: Single Sign-On with the Central Authentication Service

24. Chapter 19: Build GraalVM Native Images

25. Index

Why subscribe?

26. Other Books You May Enjoy

Appendix – Additional Reference Material

Exploit Protection

In Spring Security 5.8, the default CsrfTokenRequestHandler responsible for providing the CsrfToken to the application is CsrfTokenRequestAttributeHandler. The default setting for the field csrfRequestAttributeName is null, leading to the loading of the CSRF token on every request.

Examples of situations where reading the session should be deemed unnecessary include endpoints explicitly marked with permitAll(), such as static assets, static HTML pages, and single-page applications hosted under the same domain/server.

In Spring Security 6, csrfRequestAttributeName now defaults to _csrf. If you had configured the following solely for the purpose of transitioning to version 6.0, you can now safely remove it:

requestHandler.setCsrfRequestAttributeName("_csrf");

Now that we have explored how to define the CsrfToken, we will explore how to protect against CSRF attacks.

Protecting against CSRF attacks

In Spring Security 5.8, the default CsrfTokenRequestHandler...

The rest of the chapter is locked

Tech Concepts

Programming languages

Tech Tools

Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.

Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.

50+ new titles added per month and exclusive early access to books as they are being written.

You're reading from Spring Security Effectively secure your web apps, RESTful services, cloud apps, and microservice architectures

Table of Contents (28) Chapters

Exploit Protection

Protecting against CSRF attacks

Authors (1)

Personalised recommendations for you

You're reading from Spring Security Effectively secure your web apps, RESTful services, cloud apps, and microservice architectures

Table of Contents (28) Chapters

Exploit Protection

Protecting against CSRF attacks

Authors (1)

Personalised recommendations for you

Create a Free Account To Continue Reading

Sign in to activate your 7-day free access