Spring Security 7: From Internals to Production
Twenty-four chapters covering Spring Security 7 from filter chain internals to production-grade implementations. Goes well beyond the documentation happy path to cover JWT token internals, OAuth2 and OIDC mechanics, building a custom authorization server, method security, reactive security with WebFlux, and zero-trust microservices.
What you'll learn
The Spring Security filter chain and how each filter participates
JWT internals, token validation, and custom claims
OAuth2 and OIDC protocol mechanics, not just annotations
Building a custom authorization server from scratch with Spring
Protecting REST APIs as an OAuth2 resource server
Method security with SpEL and domain object security with ACLs
Reactive security model with WebFlux and reactive OAuth2
Zero-trust service-to-service authentication in microservices
Testing Spring Security configurations without fighting the framework
Table of Contents
Internals and Core
- 01 Spring Security 7 Internals
- 02 CineTrack's Security Blueprint
- 03 JWT & Token Mastery
- 04 Session Management & CSRF
- 05 HTTP Hardening: Headers, Firewall, and Crypto
Authentication
- 06 Multi-Factor Authentication
- 07 Passwordless Authentication: WebAuthn & Passkeys
- 08 Enterprise Authentication: LDAP, X.509, and Kerberos
- 09 SAML 2.0
OAuth2 and OIDC
- 10 OAuth2 & OIDC Protocol Internals
- 11 Resource Server: Protecting CineTrack's APIs
- 12 OAuth2 Client: CineTrack as a Consumer
- 13 Building CineTrack's Own IdP from Scratch
- 14 Customizing Tokens and Claims
- 15 OIDC, Social Login & Dynamic Client Registration
- 16 Advanced Authorization Server Flows
Authorization
- 17 Method Security & SpEL
- 18 Domain Object Security: ACL
- 19 Policy-Based Authorization & Authorization Events
Reactive and Distributed
- 20 WebFlux Security: The Reactive Model
- 21 Reactive OAuth2: Resource Server, Client & Authorization Server
- 22 Zero-Trust Microservices
Quality
- 23 Testing Spring Security
- 24 Observability, Audit Logging & Secrets