Security in Spring Boot REST Web Service Applications
What you'll learn
- Comprehensive Security for Spring Boot REST web service applications: HTTPS, User management, Authentication, Role-based Authorization
- General principles of cyber security: Threats and defenses, Cryptography (encryption/decryption/hashing; symmetric/asymmetric), TLS, cypher suites
- Implementing user/security and business databases, JSON Web Tokens (JWTs) and SSL/TLS over HTTP (HTTPS) communication with web services
- Spring Security Framework: Architecture, Theory, practical examples: Configuration, filters, authentication and authorization
Requirements
- Intermediate Java programming and Spring Boot development knowledge
Description
A complete practical case study and tutorial featuring the Spring Security framework.
Filters and configuration
Authentication
JSON Web Tokens (JWT)
Role-based Authorization
In-depth theory
Also:
General Cybersecurity principles and concepts
Cryptography: Encryption, encoding and hashing
Symmetric and Asymmetric (public/private key) encryption
HTTP over SSL/TLS (HTTPS)
Digital Certificates & Public Key Infrastructure (PKI)
TLS Cipher Suites and handshakes
Case study of a Demo App with 2 Spring Boot REST web services, an Angular/Typescript UI client app and PostGreSQL database(s), which
Encrypts all communication between browser and server via HTTP over SSL/TLS (HTTPS)
Establishes trust via signed digital certificates (Public Key Infrastructure -- PKI)
Requires valid credentials to log in.
Custom example user/role/resource/action/authority database.
Limits access to resources in web service and client app according to roles / authorities of user account; detailed development of Authorization
Employs JSON Web Tokens (JWTs) as its authorization mechanism.
NOT WebMvc: Does NOT track sessions or JSESSONID cookies; does not output HMTL, login forms etc. (not JSP or Thymeleaf)
Rather, REpresentational State Transfer (REST): Exchanges JSON data payloads with clients
Assumes clients take care of all UI elements, HTML code, css, Javascript etc.
Course Structure
Part 0: Is this Course Right for Me?
Part 1: General Cyber Security Principles
Part 2: Introducing the Demo App and its Components
Part 3: Application Security elements BEFORE adding the Spring Security Framework
Part 4: The Spring Security Framework in our Demo App
Part 5: A Deeper Dive into Spring Security Architecture and Theory
Who this course is for:
- Web service developers/software engineers, architects, cyber security professionals
Instructor
Howard has 30+ years experience in the Information Technology field, with expertise in Java (Spring Boot webservices) relational database application development, and Spring Security. His past clients and employers include Kajeet (formerly Arterra Mobility), Oracle Corp, Bank of America, Kaiser, the New York Stock Exchange, Cardinal Health, Amgen and Union Bank.
He is the author of the Udemy courses "Introduction to Database application development with Spring Boot, Angular and Postgres" and "Security in Spring Boot REST Web Service Applications"
He holds a Bachelor of Arts degree in Music from the University of Southern California, where he played trumpet in the symphony orchestra and opera. Prior to that he played with the Jazz orchestra Bekummernis in Paris, France.