Hands-On Spring Security 5.x

Name: Hands-On Spring Security 5.x
Rating: 3.4 (26 reviews)

A hands-on guide to secure and prevent your web apps and RESTful services from being hacked using Spring Security 5.1.1

Created byPackt Publishing

Last updated 9/2019

English

What you'll learn

Get to know Spring Security and its concepts
Explore Spring Security Advanced configuration tips
Distinguish between Authorization and Authentication
Implement a custom Authentication mechanism
Integrate OAuth2 mechanism with your application to make it more secure
Define roles with Spring Security Authorization
Prevent common attacks such as CORS and CSRF with proper spring-security configuration

Course content

5 sections • 23 lectures • 1h 16m total length

The Course Overview1:53
This video provides an overview of the entire course.
Creating Spring Boot App3:59
In this video, we will learn to create Spring boot app
Look at the dependencies needed
Define App Runner
Understand @SpringBootApplication
Adding Support of Spring Security3:15
In this video, we will be learning about how to add support of spring-security
AddSecurity Support for Application
Understand @EnableWebSecurity
Extend WebSecurityConfigurerAdapter
Configuring Spring Security for Rest Endpoints4:09
In this video, we will look at Configuring Spring Security for rest endpoints
Create /time endpoint
Create /secretTime endpoint
Secure public endpoint
Configuring Spring Security for Static Resources2:54
In this video, we will look at Configuring Spring Security for static resources
Expose static files
Add security rules for static files

Create MVC Flow for Your Application4:18
In this video, we will create a MVC flow for our application.
Create an MVC application
Define views
Expose views as the MVC controller
Integrating with MVC Flow3:52
In this video, we will integrate our application with MVC flow.
Integrate web security with MVC flow
Configure WebSecurityConfig for MVC
Testing2:40
In this video, we will test our application.
Define mock UserDetailsService
Define a simple user/password
Test our logic with MVC
Creating CustomAuthenticationProvider3:49
In this video, we will create a CustomAuthenticationProvider.
Create the custom authentication mechanism
Define the CustomAuthenticationProvider
Define a 3rd party authentication client
Configuring Spring to Use Custom Authentication Mechanism2:41
In this video, we will configure Spring to use custom authentication mechanism.
Plug the CustomAuthenticationProvider to Spring security flow
Test our custom authentication logic

OAuth 2 Explanation4:32
In this video, we will learn Oauth 2 explanation
Understanding how OAuth 2 is working
What parameters OAuth 2 client needs to have configured
Create a notifications bounded context
Configuring OAuth 2 with Spring2:49
In this video, we will learn to configure OAuth2 with Spring
Creating application.yml with OAuth 2 Config
Using Facebook as token provider
Understanding all parameters
Exploring OAuth 2 Spring Application Workflow3:45
In this video, we will explore OAuth 2 Spring application workflow
Configuring WebSecurityConfigurerAdapter to use OAuth2 provider
Injecting AuthorizationCodeResourceDetails and ResourceServerProperties
Creating facebookOauth2Filter that performs issuing tokens
Testing Application Secured by OAuth 22:10
In this video, we will be testing application secured by OAuth 2
Solving the problem of communication between Bounded Contexts
Creating login html form that uses OAuth 2 auth provider
Testing token issuing

Understanding Difference between Authentication and Authorization3:05
In this video, we will learn about difference between Authentication and Authorization
What an Authentication is?
What an Authorization is?
What a Role is?
Defining Access Roles in Our Application3:46
In this video, we will define access roles in our application
Creating Authorization provider with roles
Adding USER role
Adding ADMIN role
Guarding Access with Annotations for Reactive API3:09
In this video, we will guard access with Annotations for reactive API
Creating Reactive Rest Controller
Creating endpoint available only for ADMIN role
Guarding access to users with role using Annotation
Guarding Access Programmatically for Servlet API2:44
In this video, we will guard access programmatically for servlet API
Creating Reactive GET ALL Controller
Using servlet API HttpServletRequest
Guarding access to users with role using Servlet API
Testing3:19
In this video, we will perform testing of the logic
Testing USER role
Testing ADMIN role

CORS and How to Prevent It4:49
In this video, we will explore CORS and how to prevent it
What a CORS is?
How to enable/disable it?
Configuring in Spring Security
CSRF and How to Prevent It2:22
In this video, we will learn CSRF and how to prevent it
What a CSRF token is?
How to configure spring security to use CSRF
Implement Custom CSRF Token Repository4:29
In this video, we learn to implement custom CSRF token repository
Testing using Spring Security Mock Test
Examining behaviour with CSRF enabled
Examining behaviour without CSRF enabled
Testing Our Application to Assert That It Is Secure2:09
In this video, we will learn to test our application to assert that is secure
Testing CORS application from client
Using JS call that connects to CORS protected application

Requirements

No previous experience with Spring Security is assumed.

Description

Securing your application from hackers is the most high-pressure concerns for developers. In this course, you’ll learn how to protect your Java application from malicious attacks and users with the Spring Security framework.

You’ll integrate Spring Security into your application using the Spring frameworks through practical, hands-on examples. You’ll see how to secure your web application, integrate authentication and authorization mechanisms, and restrict access to your application. You’ll discover how to integrate it with popular frameworks such as Spring Web MVC, Spring-Boot, Spring-Data, Servlet API injection, and more.

We’ll cover the security challenges with Reactive web apps built for the cloud, RESTful web services, and microservice architectures with the Spring framework. You’ll also implement techniques for protection against attacks such as session fixation, clickjacking, cross-site request forgery, and more.

By the end of the course, you’ll understand common security vulnerabilities and be able to prevent them with Spring Security, with an empirical approach to securing your web applications.

About the Author

Tomasz Lelek is a Software Engineer who programs mostly in Java and Scala. He has worked with Spring Applications and Microservices for the past 5 years. He is passionate about nearly everything associated with software development and believes we should always try to consider different solutions and approaches before solving a problem.

Recently, he was a speaker at conferences in Poland: Confitura and JDD (Java Developers Day), and at Krakow’s Scala User Group. He has also conducted a live coding session at Geecon Conference. He is a co-founder of initlearn, an e-learning platform that was built with the Spring Framework and Java Language. He has also written articles about everything related to the Java and Spring world

Who this course is for:

This course is for Java and Kotlin developers who can build applications using Java and Spring Framework and now want to secure their applications.

Hands-On Spring Security 5.x

What you'll learn

Explore related topics

Course content

Starting Application Guarded by Spring Security5 lectures • 16min

Create Custom Authentication and Integrate It with Spring MVC5 lectures • 17min

Using OAuth 2 with Spring Boot Microservice4 lectures • 13min

Custom Authorization with Servlet API and Reactive API5 lectures • 16min

Preventing Common Attacks with Spring Security4 lectures • 14min

Requirements

Description

Who this course is for: