Pro Spring Security

Massimo Nardone has more than 27 years of experience in information and cybersecurity for IT/OT/IoT/IIoT, web/mobile development, cloud, and IT architecture. His true IT passions are security and Android. He has been programming and teaching how to program with Android, Perl, PHP, Java, VB, Python, C/C++, and MySQL for more than 27 years. He holds an M.Sc. degree in computing science from the University of Salerno, Italy. Throughout his working career, he has held various positions starting as programming developer, then security teacher, PCI QSA, Auditor, Assessor, Lead IT/OT/SCADA/SCADA/Cloud Architect, CISO, BISO, Executive, Program Director, OT/IoT/IIoT Security Competence Leader, etc. In his last working engagement, he worked as a seasoned Cyber and Information Security Executive, CISO and OT, IoT and IIoT Security competence Leader helping many clients to develop and implement Cyber, Information, OT, IoT Security activities. His technical skills include Security, OT/IoT/IIoT, Android, Cloud, Java, MySQL, Drupal, Cobol, Perl, web and mobile development, MongoDB, D3, Joomla!, Couchbase, C/C++, WebGL, Python, Pro Rails, Django CMS, Jekyll, and Scratch. He has served as a visiting lecturer and supervisor for exercises at the Networking Laboratory of the Helsinki University of Technology (Aalto University). He stays current to industry and security trends, attending events, being part of a board such as the ISACA Finland Chapter Board, ISF, Nordic CISO Forum, Android Global Forum, etc. He holds four international patents (PKI, SIP, SAML, and Proxy areas). He currently works as a Cyber Security Freelancer for IT/OT and IoT. He has reviewed more than 55 IT books for different publishers and has coauthored Pro JPA 2 in Java EE 8 (Apress, 2018), Beginning EJB in Java EE 8 (Apress, 2018), and Pro Android Games (Apress, 2015). Carlo Scarioni is a passionate software developer, motivated by learning and applying innovative and interesting software development tools, techniques, and methodologies. He has worked for more than 18 years in the field and moved across multiple languages, paradigms, and subject areas. He also has many years of experience working with Java and its ecosystem. He has been in love with Spring since the beginning and he is fascinated by how Spring allows building complex applications out of discrete, focused modules and by the clever use of decorators to add cross-cutting functionalities. In the last few years he has been working mostly with data engineering solutions. He has been creating solutions around the use of modern data stack components in cloud environments, while at the same time developing software using technologies such as Spark, Python, and others.

1. The Scope of Security.- 2. Introducing Spring Security.- 3. Set Up the Scene.- 4. Spring Security Architecture and Design.- 5. Web Security.- 6. Configuring Alternative Authentication Providers.- 7. Business Objects Security with ACLs.- 8. Customizing and Extending Spring Security.- 9. JSON Web Token (JWT) Authentication.- Appendix A: References.