
From this lecture you will learn:
• How to communicate during this course
• Where to ask questions
• How to ask questions
• Communication channels
Why I Created This Bot
The Challenge: From Passive Learning to Real Mastery
The Solution – Learn IT Bot
Inside the Learn IT Bot – Key Features
Adaptive Difficulty & Endless Practice
Live Demo of the Learn IT AI Bot
Why It Matters – From Learning to Real-World Readiness
In this lesson, I’ll show you how my students get exclusive, free, no sign-up access to a one-of-a-kind AI Bot I personally built to help you deeply learn the material, reinforce your knowledge, and gain a real advantage in interviews, real-world work and career growth.
Introduction to OAuth and JWT
How OAuth and JWT works
How JWT are signed and verified
What is an Identity Provider
OAuth VS OAuth 2.0
What is an OpenID Connect
OIDC VS OAuth
Identity Provider & User Management
Introduction of Auth0
Configuration plan overview
Live demo
Create an Auth0 account and tenant
Register a new application
Configure the application settings
Grant Types
Open ID Connect settings
Configure test users
Configure API permissions
Setting up a Spring Boot project
Adding OAuth2 dependencies
Spring Boot Starters
spring-boot-starter-oauth2-client
spring-boot-starter-oauth2-resource-server
Demo of OpenID connect client flow
Logout from the app and identity provider
Demo of machine to machine flow
Configuration of the OAuth server
Spring Boot configurations and properties
Testing of Spring Boot Endpoints, OAuth/OpenID Connect, and Configuration
spring-boot-starter-test
How to test a @Controller
@SpringBootTest
@AutoConfigureMockMvc
MockMvc
Naming conventions, coding style recommendations
PropertyOverrideInitializer and ApplicationContextInitializer
@WebMvcTest
@MockitoBean
RestTemplateBuilder
@LocalServerPort
SpringBootTest.WebEnvironment.RANDOM_PORT
TestRestTemplate
Integration test with Spring Boot
@DynamicPropertySource
Understanding Brute-Force Attacks
What Is a Denial of Service (DoS) Attack
Why Spring Security Doesn’t Protect Against DoS and Brute-Force by Default
Understanding Rate Limiting and Its Real-World Applications
Approaches to Rate Limiting: Strategies and Algorithms
Overview of Popular Java Libraries for Rate Limiting
Demo: real-life code examples
Best Practices for Rate Limiting: Protecting Against DDoS and Brute Force Attacks
What is Resilience and Why It Matters
Real-Life Failures & Why Resilience Is Needed
Introduce Common Resilience Patterns
Circuit Breaker Pattern Explained
Introducing Resilience4j: Practical Fault Tolerance for Modern Java
Practical Demo - Code Examples
Configure Resilience4j Library in Sprig Boot project
Circuit Breaker Pattern - Implementation & Demo
What the Retry pattern is and why it’s important in resilient systems
Common scenarios where retries are useful, especially in distributed applications
A clear explanation of the Retry mechanism, using real-life analogies
Smart Retry Strategies: Backoff, Limits, and Exception Filtering
Live code walkthrough and demo of the retry pattern in action
RetryEventListener
How to use Circuit Breaker together with Retry
What is the Time Limiter Pattern and Why It Matters
Real-World Scenarios Where Time Limits Prevent Failures
Introduction to Resilience4j TimeLimiter Module
Using CompletableFuture with TimeLimiter
Live Code Demo and Testing the Time Limiter in Action
Rate Limiting Recap: Why It Matters and What It Solves
Why Use Resilience4j for Rate Limiting in Modern Applications
Differences Between Bucket4j and Resilience4j: When and Why to Use Each
How Token-Based Limiting Works in Resilience4j
Live Demo: Rate Limiting in Action with Real API Endpoints
Introduction to the Bulkhead Pattern: What It Is and Why It Matters
Real-World Scenarios Where Bulkheads Prevent Cascading Failures
Types of Bulkheads: Thread Pool vs. Semaphore Isolation
How Resilience4j Implements Bulkhead Control
Live Code Walkthrough and Demo
Best Practices for Applying Bulkheads in Microservices
Introduction to Microservice Architectural Patterns
Overview of the following patterns: API Gateway, Service Discovery, Strangler Fig, Sidecar, Saga, CQRS, Event Sourcing, Backend for Frontend
Overview of API Gateway Pattern: What, Why, and When to Use
API Gateway: Key Advantages
API Gateway: Common Limitations
Typical Use Cases and Scenarios for API Gateway
How API Gateway Enhances Security
How API Gateway Enhances System Resilience
Creating a Project with Spring Cloud Gateway
Configuring Routing and Request Forwarding
Code Examples: Live Demonstration
What is Load Balancing: Definition and Purpose
Why Load Balancers Matter in Distributed Systems
When to Use a Load Balancer and Typical Scenarios
Relationship Between Load Balancer and API Gateway
Core Load Balancing Strategies Explained (Round Robin, Random, Least Connections, Weighted, Sticky Sessions, etc.)
Pros and Cons of Each Strategy
Overview of Spring Cloud LoadBalancer
Health Checks and Resilience: Avoiding faulty instances, retries, circuit breakers
Common Pitfalls and Anti-patterns: What to avoid when implementing load balancing
Adding Spring Cloud LoadBalancer dependency in pom.xml
Configuring LoadBalancer via application.properties
Implementing different load balancing strategies
Random load balancing strategy in action
Creating and applying a custom load balancing strategy
Enabling and demonstrating load balancing with health checks
Introduction and overview
Authentication
Authorization
Authentication VS Authorization
Technologies that support Spring Security Integration
Advantages
Spring Security Features
Spring Security Modules
High level Spring Security Authentication & Authorization architecture
First Spring Security Project
Spring Security Dependencies
Spring Security Configuration
InMemoryUserDetailsManager bean
PasswordEncoder bean
SecurityFilterChain bean
CSRF
anonymous() VS permitAll()
AuthenticationFailureHandler
LogoutSuccessHandler
Login with the custom login form in Spring Security
Login with the default login form
First Spring Security Project
Spring Security Dependencies
Spring Security Configuration
InMemoryUserDetailsManager bean
PasswordEncoder bean
SecurityFilterChain bean
CSRF
anonymous() VS permitAll()
AuthenticationFailureHandler
LogoutSuccessHandler
Login with the custom login form in Spring Security
Login with the default login form
Remember Me feature in Spring Security
RememberMeConfigurer Overview
Coding exercise with Remember Me
Security at method level
Spring Expression Language
@PreAuthorize
@PostAuthorize
@Secured
@EnableMethodSecurity
Spring Security Architecture
Authentication Filter
Spring Security Context
Authentication Manager
Authentication Provider
User Details Service
Password Encoder
Business need in implementing custom Authentication Provider
Code examples of custom Authentication Provider
Where start learning
Spring Framework VS Spring Boot
What is Spring Boot
Features of Spring Boot
Opinionated development approach
When to use Spring Boot
When not to use Spring Boot
Advantages & Disadvantages
Spring Initializr Web Tool
Spring Boot project generation
Spring Tools for Eclipse IDE
Simple MVC controller in Spring Boot
Practical exercise
What are starters
Why do we need starters
Advantages of using starters
List of spring boot starters
Practical exercises
How to add spring boot starter
Web starter
REST API Development in Spring Boot
Test starter
Data JPA Starter
Configuration of H2 Database in Spring Boot
Configuration of MySQL Database in Spring Boot
Security starter
Application properties: Overview
Precedence order of properties
Overriding properties
Default Spring Boot properties
List of Spring Boot properties
Practical examples
Changing the port number
SSL/TLS configuration in Spring Boot
Generation of self-signed certificate for TLS
Changing of context path of the application
Configuration of logging level
@ConfigurationProperties annotation
What is Spring Boot Actuator
JMX Beans
Features and benefits of Spring Boot Actuator
Predefined endpoints
Adding dependency for Spring Boot Starter Actuator
How to expose all available endpoints
How to exclude specific endpoints
Change base path
Fetch application metrics
Best practices of working with Actuator
Your microservices are deployed. Your APIs are live. But will they survive?
Modern applications don’t fail because of bugs - they fail because they can’t handle traffic spikes, dependency timeouts, or unexpected downtime in connected services. That’s why top engineers today are turning to resilience patterns - to build systems that don’t just run, but endure.
In this hands-on course, you’ll master the core resilience patterns that protect real-world systems - including circuit breakers, retries, time limiters, rate limiters, bulkheads, and load balancing - all using Spring Boot, Resilience4j, and Spring Cloud.
You won’t just learn how to implement them - you’ll understand when, why, and where to use each pattern, with real coding demos, architectural reasoning, and battle-tested practices.
What You’ll Build:
Secure, production-ready microservices
Fault-tolerant APIs that gracefully recover from failures
Scalable backends that handle real-world traffic and instability
Rate-limited endpoints that protect your services from abuse
Load-balanced systems with automatic instance failover
Why This Course?
This isn’t theory. This is real-world engineering.
You’ll work with:
Resilience4j, the industry-standard lightweight fault tolerance library
Spring Cloud Gateway for routing and edge protection
Spring Security & OAuth2 to protect your APIs
Spring Boot Actuator to monitor and measure application health
We go beyond simple REST apps and teach you how to survive in today’s cloud-native, distributed architecture world.
Who This Is For:
Software Engineers building or maintaining microservices
Backend engineers preparing for real production deployments
Spring Boot developers wanting to upgrade their architecture skills
Software architects and tech leads focused on uptime, performance, and reliability
Anyone working with distributed systems who wants to prevent cascading failures
By the end of this course, you won’t just know what resilience is - you’ll know how to build it into everything you write.
Enroll now and start building microservices that can take a hit - and keep running.