6 Implementing additional security with Spring Security

 

This chapter covers

  • Configuring advanced security configurations, including securing passwords with Spring Cloud Vault, Remember Me, and Google reCAPTCHA
  • Enabling multi-factor authentication, including email verification and two-factor authentication with Google Authenticator
  • Implementing login with OAuth2 in a Spring Boot application
  • Securing Spring Boot Actuator endpoints with Spring Security

In chapter 5, we introduced you to Spring Security and provided an introduction to various Spring Security concepts. Further, we’ve explored several techniques for using Spring Security in a Spring Boot application. In this chapter, you’ll use the foundational concepts from the previous chapter and implement several advanced security features in your Spring Boot application using Spring Security. Some of these features include enabling HTTPS; storing passwords in HashiCorp Vault; and implementing Remember Me, reCAPTCHA, email verification, two-factor authentication, and more.

You can use Spring Security to implement several advanced application security features in a Spring Boot application. Some of these features are widely used in production applications, and implementing these in your Spring Boot application can certainly enhance application security. Let’s summarize the features you’ll implement in this chapter:

6.1 Enabling HTTPS in a Spring Boot application

6.1.1 Technique: Enabling HTTPS in a Spring Boot application

6.2 Securing secrets in Spring Cloud Vault

6.2.1 Technique: Managing application secrets with HashiCorp Vault in a Spring Boot application

6.3 Implementing user registration

6.3.1 Technique: Implementing user registration with Spring Security in a Spring Boot application

6.4 Implementing email verification at user registration

6.4.1 Technique: Validating user email addresses in a Spring Boot application

6.5 Controlling multiple incorrect login attempts

6.5.1 Technique: Controlling multiple incorrect login attempts in a Spring Boot application

6.6 Implementing a Remember Me feature

6.6.1 Technique: Enabling a Remember Me feature in a Spring Boot application with Spring Security

6.7 Implementing reCAPTCHA

6.8 Enabling two-factor authentication with Google Authenticator