Chapter 19: Authentication

Learning Objectives

After completing this chapter, you should be able to do the following:

  1. Understand the basic concepts of authentication
  2. Use request filters to enable basic authentication in a Spring app
  3. Explain what two-way encryption is, and why it is not ideal for storing sensitive user data, such as passwords
  4. Explain what a one-way hash is, and why it presents greater security for storing sensitive user data
  5. Describe the characteristics of a good one-way hash function
  6. Write code that uses a provided hash function to hash sensitive data
  7. Describe how one-way hashes allow for passwords to be compared
  8. Describe the general authentication flow for a web app

Key Terminology

Introduction to Authentication

  1. cookies
  2. authorization
  3. authentication
  4. sessions

Hashing Password

  1. two-way encryption
  2. one-way encryption
  3. password hashing
  4. collision
  5. bcrypt
  6. MD5, SHA1
  7. hash function

Creating a User Model

  1. bcrypt
  2. query methods

Filtering Requests

  1. request filters
  2. whitelist
  3. code-based configuration