Programming Clients for Secure Web API Authorization and Authentication
Author: Ryan Boyd
Publisher: "O'Reilly Media, Inc."
Whether you develop web applications or mobile apps, the OAuth 2.0 protocol will save a lot of headaches. This concise introduction shows you how OAuth provides a single authorization technology across numerous APIs on the Web, so you can securely access users’ data—such as user profiles, photos, videos, and contact lists—to improve their experience of your application. Through code examples, step-by-step instructions, and use-case examples, you’ll learn how to apply OAuth 2.0 to your server-side web application, client-side app, or mobile app. Find out what it takes to access social graphs, store data in a user’s online filesystem, and perform many other tasks. Understand OAuth 2.0’s role in authentication and authorization Learn how OAuth’s Authorization Code flow helps you integrate data from different business applications Discover why native mobile apps use OAuth differently than mobile web apps Use OpenID Connect and eliminate the need to build your own authentication system
Build production-grade reactive applications and microservices with Spring Boot
Author: Mohamed Shazin Sadakath
Publisher: Packt Publishing Ltd
Develop diverse real-life projects including most aspects of Spring Boot Key Features Run production-grade based applications using the Spring WebFlux framework Learn to develop high performance, asynchronous applications with Spring Boot Create robust microservice-based applications with Kotlin using Spring Boot Book Description Spring is one of the best tools available on the market for developing web, enterprise, and cloud-ready software. The goal of Spring Boot is to provide a set of tools for quickly building Spring applications that are easy to configure, and that make it easy to create and run production-grade Spring-based applications. Spring Boot 2.0 Projects will get you acquainted with important features of the latest version of this application-building tool and will cover basic, as well as advanced topics. The book starts off by teaching you how to create a web application using Spring Boot, followed by creating a Spring Boot-based simple blog management system that uses Elasticsearch as the data store. As you make your way through the chapters, you’ll build a RESTful web services application using Kotlin and the Spring WebFlux framework. Spring WebFlux is a new framework that helps in creating a reactive application in a functional way. Toward the end of the book, you will build a taxi-hailing API with reactive microservices using Spring Boot and a Twitter clone with a Spring Boot backend. Finally, you’ll learn how to build an asynchronous email formatter. What you will learn Learn the fundamental features of Spring Boot 2.0 Customize Spring Boot 2.0 applications Build a basic web application Use Redis to build a taxi-hailing API Create a simple blog management system and a Twitter clone Develop a reactive RESTful web service with Kotlin using Spring Boot Who this book is for This book is for competent Spring developers who wish to understand how to develop complex yet scalable applications with Spring Boot. You must have a good knowledge of Java programming and be familiar with the basics of Spring.
The comprehensive Wrox guide for creating Java web applications for the enterprise This guide shows Java software developers and software engineers how to build complex web applications in an enterprise environment. You'll begin with an introduction to the Java Enterprise Edition and the basic web application, then set up a development application server environment, learn about the tools used in the development process, and explore numerous Java technologies and practices. The book covers industry-standard tools and technologies, specific technologies, and underlying programming concepts. Java is an essential programming language used worldwide for both Android app development and enterprise-level corporate solutions As a step-by-step guide or a general reference, this book provides an all-in-one Java development solution Explains Java Enterprise Edition 7 and the basic web application, how to set up a development application server environment, which tools are needed during the development process, and how to apply various Java technologies Covers new language features in Java 8, such as Lambda Expressions, and the new Java 8 Date & Time API introduced as part of JSR 310, replacing the legacy Date and Calendar APIs Demonstrates the new, fully-duplex WebSocket web connection technology and its support in Java EE 7, allowing the reader to create rich, truly interactive web applications that can push updated data to the client automatically Instructs the reader in the configuration and use of Log4j 2.0, Spring Framework 4 (including Spring Web MVC), Hibernate Validator, RabbitMQ, Hibernate ORM, Spring Data, Hibernate Search, and Spring Security Covers application logging, JSR 340 Servlet API 3.1, JSR 245 JavaServer Pages (JSP) 2.3 (including custom tag libraries), JSR 341 Expression Language 3.0, JSR 356 WebSocket API 1.0, JSR 303/349 Bean Validation 1.1, JSR 317/338 Java Persistence API (JPA) 2.1, full-text searching with JPA, RESTful and SOAP web services, Advanced Message Queuing Protocol (AMQP), and OAuth Professional Java for Web Applications is the complete Wrox guide for software developers who are familiar with Java and who are ready to build high-level enterprise Java web applications.
This is a practical and fast-paced guide that gives you all the information you need to start implementing secure OAuth 2.0 implementations in your web applications.OAuth 2.0 Identity and Access Management Patterns is intended for software developers, software architects, and enthusiasts working with the OAuth 2.0 framework. In order to learn and understand the OAuth 2.0 grant flow, it is assumed that you have some basic knowledge of HTTP communication. For the practical examples, basic knowledge of HTML templating, programming languages, and executing commands in the command line terminal is assumed.
Robust Web Architecture with Node, HTML5, and Modern JS Libraries
Author: Eric Elliott
Publisher: "O'Reilly Media, Inc."
Secure your web applications, RESTful services, and microservice architectures
Author: Mick Knutson
Publisher: Packt Publishing Ltd
Learn how to secure your Java applications from hackers using Spring Security 4.2 About This Book Architect solutions that leverage the full power of Spring Security while remaining loosely coupled. Implement various scenarios such as supporting existing user stores, user sign up, authentication, and supporting AJAX requests, Integrate with popular Microservice and Cloud services such as Zookeeper, Eureka, and Consul, along with advanced techniques, including OAuth, JSON Web Token's (JWS), Hashing, and encryption algorithms Who This Book Is For This book is intended for Java Web and/or RESTful webservice developers and assumes a basic understanding of creating Java 8, Java Web and/or RESTful webservice applications, XML, and the Spring Framework. You are not expected to have any previous experience with Spring Security. What You Will Learn Understand common security vulnerabilities and how to resolve them Learn to perform initial penetration testing to uncover common security vulnerabilities Implement authentication and authorization Learn to utilize existing corporate infrastructure such as LDAP, Active Directory, Kerberos, CAS, OpenID, and OAuth Integrate with popular frameworks such as Spring, Spring-Boot, Spring-Data, JSF, Vaaden, jQuery, and AngularJS. Gain deep understanding of the security challenges with RESTful webservices and microservice architectures Integrate Spring with other security infrastructure components like LDAP, Apache Directory server and SAML In Detail Knowing that experienced hackers are itching to test your skills makes security one of the most difficult and high-pressured concerns of creating an application. The complexity of properly securing an application is compounded when you must also integrate this factor with existing code, new technologies, and other frameworks. Use this book to easily secure your Java application with the tried and trusted Spring Security framework, a powerful and highly customizable authentication and access-control framework. The book starts by integrating a variety of authentication mechanisms. It then demonstrates how to properly restrict access to your application. It also covers tips on integrating with some of the more popular web frameworks. An example of how Spring Security defends against session fixation, moves into concurrency control, and how you can utilize session management for administrative functions is also included. It concludes with advanced security scenarios for RESTful webservices and microservices, detailing the issues surrounding stateless authentication, and demonstrates a concise, step-by-step approach to solving those issues. And, by the end of the book, readers can rest assured that integrating version 4.2 of Spring Security will be a seamless endeavor from start to finish. Style and approach This practical step-by-step tutorial has plenty of example code coupled with the necessary screenshots and clear narration so that grasping content is made easier and quicker.
Build advanced authentication solutions for any cloud or web environment Active Directory has been transformed to reflect the cloud revolution, modern protocols, and today’s newest SaaS paradigms. This is an authoritative, deep-dive guide to building Active Directory authentication solutions for these new environments. Author Vittorio Bertocci drove these technologies from initial concept to general availability, playing key roles in everything from technical design to documentation. In this book, he delivers comprehensive guidance for building complete solutions. For each app type, Bertocci presents high-level scenarios and quick implementation steps, illuminates key concepts in greater depth, and helps you refine your solution to improve performance and reliability. He helps you make sense of highly abstract architectural diagrams and nitty-gritty protocol and implementation details. This is the book for people motivated to become experts. Active Directory Program Manager Vittorio Bertocci shows you how to: Address authentication challenges in the cloud or on-premises Systematically protect apps with Azure AD and AD Federation Services Power sign-in flows with OpenID Connect, Azure AD, and AD libraries Make the most of OpenID Connect’s middleware and supporting classes Work with the Azure AD representation of apps and their relationships Provide fine-grained app access control via roles, groups, and permissions Consume and expose Web APIs protected by Azure AD Understand new authentication protocols without reading complex spec documents
Covers Microsoft Graph, Office 365 applications, SharePoint Add-ins, Office 365 Groups, and more
Author: Paolo Pialorsi
Publisher: Microsoft Press
Leverage Office 365 data and services in powerful custom solutions Learn how to develop custom solutions that access and interact with Office 365 data from your own apps on practically any mobile, web, or desktop platform. Paolo Pialorsi offers practical, code-rich coverage of every key aspect of Office 365 development, walking you through building a complete start-to-finish solution. You’ll learn how to use the new Microsoft Graph API to integrate users’ mail, calendars, contacts, groups, files, folders, and more. Leveraging Microsoft APIs at the REST level, you’ll discover how to create Office 365 solutions for Windows Universal, iOS, or Android devices and target nearly any other modern platform. Top Microsoft developer Paolo Pialorsi shows you how to Understand the Office 365 ecosystem from functional and developer perspectives Set up your Office 365 development environment Develop Office 365 applications, Office Add-ins, and SharePoint Add-ins Invoke Microsoft Graph API endpoints from any platform via bare HTTP requests Authenticate users against online tenants with Microsoft Azure Active Directory Use Mail services to manage Microsoft Exchange Online mailboxes Browse, create, update, and manage Office 365 Groups Use File services to consume and manage files on Microsoft OneDrive for Business Make the most of the Microsoft Graph SDK for .NET Manage common tasks via the SharePoint REST API Create and publish Office 365 applications and add-ins In addition, this book is part of the Current Book Service from Microsoft Press. Books in this program will receive periodic updates to address significant software changes for 12 to 18 months following the original publication date via a free Web Edition. Learn more at https://www.microsoftpressstore.com/cbs.
Full-Stack Web Development with .NET Core and Angular
Author: Valerio De Sanctis
Publisher: Packt Publishing Ltd
Develop a simple, yet fully-functional modern web application using ASP.NET Core MVC, Entity Framework and Angular 5. About This Book Based on the best-selling book ASP.NET Core and Angular 2 Easily build a complete single page application with two of the most impressive frameworks in modern development, ASP.NET Core and Angular Bring together the capabilities and features of both Angular 5 and ASP.NET Core 2 for full stack development Discover a comprehensive approach to building your next web project-From managing data, to application design, through to SEO optimization and security Who This Book Is For This book is for seasoned ASP.NET developers who already know about ASP.NET Core and Angular in general, but want to know more about them and/or understand how to blend them together to craft a production-ready SPA. What You Will Learn Use ASP.NET Core to its full extent to create a versatile backend layer based on RESTful APIs Consume backend APIs with the brand new Angular 5 HttpClient and use RxJS Observers to feed the frontend UI asynchronously Implement an authentication and authorization layer using ASP.NET Identity to support user login with integrated and third-party OAuth 2 providers Configure a web application in order to accept user-defined data and persist it into the database using server-side APIs Secure your application against threats and vulnerabilities in a time efficient way Connect different aspects of the ASP. NET Core framework ecosystem and make them interact with each other for a Full-Stack web development experience In Detail Become fluent in both frontend and backend web development by combining the impressive capabilities of ASP.NET Core 2 and Angular 5 from project setup right through the deployment phase. Full-stack web development means being able to work on both the frontend and backend portions of an application. The frontend is the part that users will see or interact with, while the backend is the underlying engine, that handles the logical flow: server configuration, data storage and retrieval, database interactions, user authentication, and more. Use the ASP.NET Core MVC framework to implement the backend with API calls and server-side routing. Learn how to put the frontend together using top-notch Angular 5 features such as two-way binding, Observables, and Dependency Injection, build the Data Model with Entity Framework Core, style the frontend with CSS/LESS for a responsive and mobile-friendly UI, handle user input with Forms and Validators, explore different authentication techniques, including the support for third-party OAuth2 providers such as Facebook, and deploy the application using Windows Server, SQL Server, and the IIS/Kestrel reverse proxy. Style and approach More than just a technical manual, this guide takes you through the most important technical facets of developing with these two hugely popular frameworks and then demonstrates how to put those skills into practice. It's a book that recognizes that what's really important is the end product.