
Explore securing applications with Spring Security, implement JSON Web Token authentication, and practice unit and integration testing with JUnit 5.
Build a user management module by creating entities, repositories, services, controller, with unit and integration tests, handle exceptions, test with postman, secure the app with Spring Security 5 and JWT.
Configure the development environment and create a Spring Boot JSON Web Token project with Java 17 and Maven, then add web, jpa, mysql driver, validation, and dev tools.
create a role entity with id and name fields, mapped to table roles, with generated id and name constraints (length 40, not null, unique), plus constructors, getters, setters, and toString.
Define a role repository interface, annotate it with the spring framework repository, import the role type from the main package, and set the primary key as integer.
Demonstrates testing a role repository by configuring a real MySQL test database, creating admin, editor, and user roles, saving them, and asserting three roles are stored.
Define a user entity mapped to the database with id, first name, last name, email, password, and a many-to-many roles relation via a users_roles join table, with Jakarta validation annotations.
Create a new user repository interface in the repository package, extend a JPA repository, and add a custom method find by email to locate a user for the security configuration.
Set up a Spring Data JPA test for a user repository with @DataJpaTest, configure Hibernate tables and foreign keys, and validate save, find all, update, delete, and find by email.
Create a user service class in the service package with repository injection to list, save, find by id, delete, and find by email, including duplicate email checks and custom exceptions.
Explore unit testing the user service with Mockito and a mocked repository, covering list all, save, get, and delete, plus duplicate email and not found exceptions.
Define a new rest controller for users with endpoints under /api/v1/users to list, get by id, save, update, and delete, backed by a user service and proper response entities.
Test the user rest controller using spring web mvc tests, mock services, and object mapper to verify list all, get, save, update, and delete endpoints under api/v1/users.
Build a rest exception handler with controller advice to handle duplicate email, user not found, and validation exceptions, returning an http response with timestamp, status code, and message.
Demonstrates end-to-end API testing with Postman: set up database with foreign key checks, run a Spring Boot app, validate user creation, duplicates, listing, retrieval, update, and deletion.
Learn how Spring Security uses filters—authentication filter, authentication manager, and authentication provider—to validate users and set the security context, and grasp JWT’s header, payload, and signature secured by a secret.
Learn how to secure a Spring application with Spring Security and JWT by configuring user details, token provider, verifier, authorization filter, forbidden entrypoint, access denied handler, and security config.
Develop and verify JSON Web Tokens with a TokenVerifier class in Spring Security 6, extracting subject and authorities to build a secure UsernamePasswordAuthenticationToken and populate the security context.
Build a jwt authorization filter in Spring Security 6, process options requests, permit login and register endpoints, extract Bearer tokens from headers, verify with a token verifier, and chain filters.
implement a JSON web token forbidden entry point in spring security 6 to return a custom 403 response with a timestamp and login to access this resource.
Configure a Spring Security setup via a security configuration class injecting the user details service and JWT filters, with bcrypt encoding and stateless, role-based access for public login and register.
Create an authentication request with email and password and Jakarta validation rules, and a json web token class with token and expiration date for the authentication controller.
Update the user service by implementing a register method that validates duplicate email, sets user details and role, encodes the password, and saves the user; also encodes in edit mode.
Implement a rest controller to handle login and registration, inject authentication manager, token provider, and user service, authenticate users, and generate a json web token returned in header and body.
Handle the bad credentials exception in the login API by returning a custom 401 unauthorized response from the RestExceptionHandler, signaling bad credentials for access to protected resources.
Test the Spring Security JWT workflow from login to accessing protected resources, validating encoded passwords, role-based access, and registration flows.
Configure email signing and add an email service to send registration confirmations in a spring app. Update application properties, include JavaMailSender, and wire email dispatch in user registration flow.
Implement a password reset workflow with a reset token entity, repository, and service to generate, validate expiration, and reset encoded passwords via two APIs: request and reset.
A refresh token enables obtaining a new access token without re-authenticating; when the access token expires, the client uses the refresh token to fetch tokens and continue accessing protected resource.
Create a refresh token entity and repository using JPA, map it to a user, and initialize expiration with security constants, while providing getters, setters, and a find-by-token method.
Create a refresh token service class with an injected refresh token repository, implementing generate, validate, find by token, and revoke methods, including expiration checks and exception handling.
Update the authentication controller to issue and refresh JWTs, add refresh token handling, and implement revoke token endpoint using authorization headers in a Spring Security 6 application.
test refresh token workflows in a Spring Boot app using Postman, login, bearer tokens, and jwt; validate refresh, revoke, and token expiry for protected resources.
Are your applications truly secure? In today’s digital world, robust security is no longer optional—it's essential. This course, *Advanced App Security: Spring Security 6, JWT, and Testing*, will equip you with the knowledge and hands-on experience to protect your applications against modern threats.
By the end of this course, you’ll master:
- **Spring Security 6 & JWT**: Implement cutting-edge tools for authentication and authorization.
- **Authentication & Authorization**: Control access and secure sensitive operations effectively.
- **Unit and Integration Testing**: Discover the only course that not only teaches you to implement best security practices but also shows you how to validate each application component through unit and integration tests, ensuring flawless protection.
- **Password Encryption**: Protect user credentials using advanced encryption techniques.
- **RESTful APIs**: Secure APIs for seamless communication between clients and servers.
- **Validation & User Management**: Handle data integrity and user interactions securely.
- **Exception Management**: Safeguard your app with resilient error-handling strategies.
- **Email Notifications & Password Reset**: Enhance user experience with essential features.
- **Refresh Tokens**: Ensure continuous and secure sessions for your users.
Join this course and gain the confidence to build secure applications, safeguard critical data, and create a trustworthy user experience. Invest in your skills today to stay ahead in the ever-evolving field of cybersecurity.