Teach on Udemy

Turn what you know into an opportunity and reach millions around the world.

Learn More

Your cart is empty.

Keep shopping

Spring Security with ReactJS, OAuth2, JWT, MFA | Spring Boot

Name: Spring Security with ReactJS, OAuth2, JWT, MFA | Spring Boot
Rating: 4.5 (484 reviews)

Full Stack Secure Project Using Spring Boot, Spring Security 7 Multi-Factor Authentication, Password Security, JWT, AWS

Bestseller

Role Play

Created byFaisal Memon (EmbarkX), EmbarkX Official

Last updated 3/2026

English

What you'll learn

BUILD A SECURE NOTES APPLICATION: Design, develop, and deploy a FULL STACK secure notes application using Spring Boot, React, and Tailwind CSS.
MASTER SPRING SECURITY CONCEPTS: Gain hands-on with JWT, OAuth2, and multi-factor authentication to secure your apps.
GO FULL STACK: With React For Beginners Sections included, you also learn how to implement Security in Full Stack Web Applications
BE SPRING SECURITY PRO : Learn the fundamentals and advanced concepts of Spring Security, including authentication providers, role-based authorization.
MASTER ADVANCED SPRING SECURITY CONCEPTS: Learn authentication providers, role-based authorization, and custom filters.
INTEGRATE FRONT END AND BACKEND: Handle CORS, CSRF, and JWT in React and Spring Boot for robust security.
LEARN USER MANAGEMENT: Implement secure password practices and manage user roles effectively.
IMPLEMENT OAUTH2 AUTHENTICATION: Add GitHub and Google sign-ins for seamless third-party authentication.
BUILD SECURE API'S: Build secure APIs with Spring Boot, following best practices.
DEPLOY ON AWS SECURELY: Deploy Spring Boot apps on AWS, following cloud deployment best practices.
BUILD AUDIT FUNCTIONALITY: Add auditing to Spring Boot apps to track user actions.
MASTER PASSWORD SECURITY: Use password encoders for security and implement password reset features.
MANAGE USER ROLES: Effectively manage user roles and permissions in your applications.

Course content

35 sections • 253 lectures • 34h 51m total length

Course Introduction4:36
Master spring security 6 with reactjs, oauth2, and jwt through a structured hands-on course with downloadable code and deployment guidance, engage with the community.
Application Demo | What are we going to build23:15
Explore building a secure notes app with Spring Security, JWT, and OAuth integration via Google and GitHub, featuring admin controls, password resets, two-factor authentication, and audit logs.
Course Materials and Free Access to Premium Notes For Interview Preparation10:40
Access a public, lecture-wise repository with source code, commits, and printable notes to support interview prep and deepen understanding of Spring Security and OAuth2.
Complete Roadmap to Level Up Your Career as a Java Developer5:04
Installing JDK on Windows8:58
Install the Java development kit on Windows by downloading the 64-bit installer from Oracle. Verify with java -version in PowerShell and adjust path if needed.
Installing JDK on Mac4:34
Install and verify JDK 21 on macOS by downloading the DMG installer from Oracle, selecting the arm64 or x64 version, and verifying with the java - version command.
Installing JDK on Linux / Ubuntu2:53
Install the Java Development Kit on Ubuntu by downloading the Oracle JDK 21 Debian package, running sudo dpkg -i, resolving a blocking process, and verifying the Java version.
Installing and Setting up Intellij Idea8:44
Install and set up IntelliJ IDEA, choosing the community edition for learning, verify system requirements, download the correct installer for Windows or Mac, and configure initial preferences and plugins.
Configure Intellij for Better Experience2:16
Introduction to Spring Security11:42
NEW - Spring Boot 4 Update0:31
Setting up Spring Boot Project4:14
Create a new Spring Boot project via start.spring.io, configure Maven with group and artifact, add web, import into IntelliJ, and run a simple hello REST controller at /hello.
Spring Security Framework to the Rescue | Importance & Benefits8:10
Jetbrains Toolbox3:51
Surprise!10:05
Compare IntelliJ IDEA community and ultimate editions, including spring boot project creation and spring cloud support, and access six months of ultimate for free with coupon code embark X.

Principal and Authentication Object2:29
Understanding Filters and Filter Chain | Deep Dive9:35
Explore how filters intercept and modify requests and responses, and how a filter chain in Spring Boot and Spring Security handles authentication, authorization, and pre- and post-processing.
How Spring Security Works with Spring Boot10:21
Learn how Spring security handles authentication and authorization in a Spring Boot app, exploring authentication filters, authentication manager, providers, user details service, password encoder, and security context.
Getting Started with Spring Security4:06
Configure spring security in a Spring Boot app by adding starter security dependencies with start.spring.io, enabling auto configuration and a login flow for secured endpoints.
Understanding the default behavior for Spring Security in Spring Boot Project6:48
Discover how Spring Security authenticates every endpoint by default in a Spring Boot project with form-based, built-in login and logout forms, plus development console password.
Understanding What Happened3:15
Explore how spring security auto configuration works behind the scenes by inspecting logs, including the user detail service auto configuration and the in-memory user details manager.
Configure Static Username and Password4:07
Configure static credentials in spring security by setting spring.security.user.name and spring.security.user.password in application.properties for development, bypassing the login form, while noting this is not secure for production.
Spring Security - Behind the Scenes26:50
More with Form Based Authentication0:48
Explore form-based authentication by hitting the hello endpoint, logging out at /logout, and noting the default login page generated by the logout page generating web filter and the login redirection.
Form Based Authentication via Postman6:06
Filters that you should be aware of8:07
JSession ID in Action4:18
Explore how Jsession ID and Spring Security manage sessions in the browser by inspecting cookies, loading a page, and observing session continuity across requests.

Introducing Basic Authentication with Spring Security2:47
Defining our own custom configuration5:19
Switch from form-based to basic authentication by creating a custom security config that backs off the default Spring Security filter chain and enforces authentication for all requests.
Testing Basic Authentication1:28
Restart the application to verify basic authentication prompts a browser alert instead of a login form, with form-based login disabled; access the hello endpoint, enter credentials, and view authenticated data.
Basic Authentication vs Form Based6:19
Demonstrates basic authentication using an authorization header and session cookies, versus form-based authentication with an html login form, csrf protection, payload data, and redirect-based access control.
Making Basic Authentication Stateless2:18
Convert a stateful session-based API to stateless by configuring the session creation policy to stateless, removing cookies, and achieving stateless authentication in Spring Security.
Basic Authentication in Postman4:04
Base64 Encoding | Concept + Demo1:42
Permitting Certain Requests6:50
Denying Certain Requests5:30

Structuring Thoughts3:02
Structure the secure nodes project by outlining simple CRUD endpoints for notes (create, read, update, delete) and exploring authentication concepts to build a secure base.
Setting up the Structure of Notes4:50
Set up the notes model in a Spring Boot project using JPA and Lombok, with id, content as a large object, and ownerUsername, and configure dependencies in pom.xml.
Setting up Repositories and Service Layer6:14
Setting Up Notes Controller9:16
Implement a notes controller at /api/notes in Spring Boot, providing CRUD endpoints that associate notes with the currently authenticated user.
Installing MySQL on Windows14:52
Installing MySQL on Mac12:12
Install MySQL on your Mac by downloading the MySQL community server for macOS (ARM or x86 DMG) and then install MySQL workbench to connect and manage the database.
Installing MySQL on Linux15:56
Install and secure MySQL server on ubuntu using apt, start the service, log into the MySQL shell, and connect with MySQL Workbench to manage databases.
MySQL Interface8:08
Setting Up MySQL Database and Configure App To Work With It7:00
Testing API in Postman12:34
Updating Security Configurations1:26

Introduction to Authentication Providers5:47
Learn how Spring Security uses authentication providers to process login requests, verify credentials against databases or external services, and issue authentication tokens with user authorities.
Different Authentication Providers5:24
AuthenticationProvider Interface6:52
Explore how the authentication provider interface powers Spring Security's authentication flow. Learn about the authenticate and supports methods, the authentication object, credential verification, and loading user details for authorization.
What is In Memory Authentication4:39
Implement in-memory authentication by storing credentials in application memory for quick setup during development and testing. Hardcode users and roles to bypass a database, enabling fast prototyping.
Configuring Multiple Users InMemory | From One to Multiple Users6:23
Testing Changes4:03

Introduction to Core Classes & Interfaces for User Management2:11
User and UserDetails10:16
Explore the user details interface in spring security as a standardized representation of a user and how the user class implements it with username, password, authorities, and status flags.
UserDetails, UserDetailsService and UserDetailsManager10:24
Reviewing Usage of InMemoryUserDetailsManager2:38
Understanding the schema and getting it created6:19
Move from in-memory to database backed authentication using JDBC user details manager with a MySQL schema, creating users and authorities tables and configuring MySQL connectivity.
Making use of core classes to Authenticate users1:39
Testing and Reviewing the Current Flow6:23
Custom User Model - Why and How5:40
Learn why and how to use a custom user model in a Spring Boot app to extend user information, meet domain specific needs, and enable custom authentication.
Defining Our Own User Model and Repository8:20
Define a custom user model and a role system with an app role enum. Create a role class, a user class, and a user repository; add bean validation dependency.
Defining UserDetailsServiceImpl and UserDetailsImpl13:05
Creating RoleRepository1:06
Create a role repository to manage roles and users, using the role entity with a long id and a find by role name method returning an optional role.
Observing the Changes and Getting Users Created9:34
Behind the Scenes Again2:57
Reveal the behind the scenes login flow: from the username password authentication filter to the DAO authentication provider and user details service using a MySQL repository.

Introduction to Role Based Authorization6:21
Inbuilt classes and interfaces For Authorization3:02
Explore spring security's inbuilt authorization tools by learning the granted authority interface and its simple granted authority implementation, which define and represent user roles and authorities.
Understanding Custom Role Creation and Management3:26
Explain how to create and manage custom roles with a role model, map roles to users, and use simple granted authority in user details for spring security and database persistence.
Implementing Admin Controller12:46
Implement an admin controller in spring boot to expose admin-only endpoints for listing all users, updating user roles, and retrieving individual user details via a DTO.
Restricting Admin Actions1:52
Implement authorization to restrict admin actions in a spring security 6 setup, allowing only admins to access admin APIs via URL based restrictions or method level security.
Managing Access with Annotations1:45
Learn to manage access in Spring Boot with method level security using Spring Security annotations such as pre authorize, secured, pre filter, and post filter, including an admin check.
Method Level Security10:08
Explore method level security in Spring Security by applying access rules directly to methods using pre-authorize and secured annotations. Learn owner checks, post authorize, and pre filter for ownership-based access.
Enabling Method Level Security7:41
URL Based Restrictions3:44
Configure url based restrictions with spring security using a security filter chain and request matchers to open api/auth and images publicly, restrict /admin to admins, and require authentication elsewhere.
URL Based Restrictions | Hands On4:03
Security For Our Application1:43
Clean up the security configuration by exposing the public endpoint and removing unnecessary settings. Choose annotation-based controller level security with pre authorized on the admin controller, and disable method-level security.
Method Level Security vs RequestMatchers Approach9:44

Introduction to Password Security and Password Encoders4:39
Secure password practices protect user data by encoding passwords in the database and preventing unauthorized access, ensuring password security matters for compliance, trust, and robust authentication.
Introduction to Hashing and Salting5:16
Learn how hashing converts a message into a distinct, one-way value using algorithms like bcrypt. Explore how salt adds randomness to each hash, boosting security for passwords and data transmission.
PasswordEncoder Interface and its Implementations4:29
Explore the spring security password encoder interface, encoding raw passwords and validating matches, with upgradeEncoding; review implementations like Argon2, BCrypt, and Pbkdf2.
Different Inbuilt Password Encoders3:19
Explore inbuilt password encoders in Spring Security, including bcrypt password encoder, Pbkdf2 password encoder, script password encoder, Argon2 password encoder, and no op encoder, with bcrypt most recommended for production.
Encoding Passwords in our application6:37
Encode passwords with a bcrypt password encoder in the security config, store encoded values in the database, and verify them using matches to secure authentication.

Introduction to Custom Filters8:11
Default Filter Chain13:31
Explore how Spring Security's default filter chain processes authentication, authorization, and CSRF protection in a defined order, managed by the filter chain proxy and virtual filter chain.
Filter Lifecycle4:16
Explore the servlet filter lifecycle from init for initialization, through doFilter for request processing, to destroy for cleanup, all managed by the servlet container via the filter interface.
Inbuilt Classes for Filter Implementation4:28
Creating Your First Custom Filter9:21
Create a custom logging filter in Spring Security and attach it to the filter chain, logging each request URI and response status before the authentication filter.
Request Validation with Custom Filters7:25
Advanced Custom Filter Scenarios8:39
Explore advanced custom filter scenarios in Spring Security by combining multiple filters with correct order, implementing conditional filters based on request attributes, and enabling dynamic filter configurations via application properties.
Custom Filters in Our Project2:03
Comment and disable the custom filters after learning to insert them before or after a filter in the chain, then delete the related files to keep the project clean.

What is CSRF?9:52
Explain cross-site request forgery (CSRF), how authenticated sessions are exploited by malicious sites, and common impact scenarios like bank transfer attacks and unauthorized changes.
What is CSRF Protection?5:33
Learn how csrf protection uses a server-stored token linked to the user session to block unauthorized state-changing requests via hidden fields or headers.
Default CSRF Mechanism in Spring Security8:57
Configuring CSRF Protection in Spring Security9:15
Configure CSRF protection in Spring Security with a cookie CSRF token repository and expose a CSRF token API endpoint for front-end apps like React or Angular.
Customize CSRF Protection When Necessary2:50

Requirements

Knowledge of Java and Spring Boot is expected.

Description

MASTER SPRING SECURITY 7 WITH REACT: BUILD SECURE FULL STACK REAL-WORLD APPLICATIONS USING SPRING FRAMEWORK + SPRING BOOT!

UPDATED TO SPRING FRAMEWORK 7 AND SPRING BOOT 4

Thought of Building Full Stack Application Using Spring Security, React, Tailwind CSS with PRODUCTION GRADE FEATURES?
You are at right place.

Build secure projects using Spring Boot, Spring Security 7, OAuth2, CORS and JWT. Gain hands-on skills with Spring Boot Security

Unlock the Power of Spring Security and become a skilled Java Developer! Dive into the world of Spring Security and React to build secure, scalable, and production-grade applications. Whether you're new to Spring or looking to enhance your skills, this course provides a comprehensive path to mastering security in web development.

Transform Your Development Skills with hands-on experience in creating a secure "Secure Notes" application. Learn how to integrate Spring Security with React, implement JWT for authentication, and explore advanced topics like OAuth2 and multi-factor authentication. This course covers everything you need to know, from authentication providers to deploying on AWS, making you proficient in full-stack web development.

This course is 23+ HOURS of expert instruction, practical exercises, and real-world projects. Designed for developers eager to secure their applications, this course offers a deep dive into Spring Security, React integration, and the latest security practices.

Learn the essentials of secure web development and progress to advanced concepts with hands-on projects and practical applications.

THIS COURSE COVERS:

Introduction to Spring Security
Basic Authentication & Custom Security Configurations
In-Memory Authentication Provider
User Management & Role-Based Authorization
Password Security & Encoders
Custom Filters & CSRF Protection
JWT Authentication & Authorization
Sign-In and Sign-Up Functionality
JavaScript & React Basics
Tailwind CSS for Front-End Development
CORS & CSRF with React and Spring Boot
Notes Functionality & Auditing
OAuth2: GitHub & Google Sign-In
Multi-Factor Authentication
Deploying on AWS

[NEW UPDATE] React For Beginner Section Highlights

Introduction to React
Getting Started with JSX
Components, Props, and State
React Hooks: useEffect, useRef, and useContext
Custom Hooks in React
Working with APIs
React Hook Forms

By the end of this course, you'll be equipped to build and deploy secure applications using Spring Boot and React. Perfect for developers looking to advance their skills and create secure, production-ready applications. Enroll now to elevate your Spring Security expertise!

GUARANTEE

This course is backed by a 30-day money-back guarantee.

OUTCOME OF THIS COURSE

By the end of this course, you will:

Understand Spring Security fundamentals and advanced concepts.
Build and deploy a secure "Secure Notes" application.
Master JWT and OAuth2 for authentication and authorization.
Integrate React and Spring Boot for full-stack development.
Deploy applications on AWS with confidence.
Effectively manage user roles and permissions.

WHO IS THIS COURSE FOR?

Beginners: Start your journey with hands-on guidance in Spring Security.
Aspiring Full Stack Developers: Gain skills to build secure, full-stack applications.
Java Developers: Enhance your expertise with real-world, production-grade applications.
Backend Developers: Implement advanced backend features using Spring Security.
Microservices Enthusiasts: Prepare for future microservices development with Spring Boot.
Job Seekers: Acquire skills essential for job interviews and career advancement.
Web Developers: Enhance your skills in secure web development with Spring Boot.

SO ARE YOU READY TO GET STARTED?

What are you waiting for? Press the BUY NOW button and begin your journey to mastering Spring Security. See you inside the course!

Who this course is for:

Aspiring Full Stack Developers: If you're looking to become a well-rounded full-stack developer, this course will equip you with the skills to build secure applications using Spring Boot and React.
Java Developers: Enhance your expertise by learning how to implement advanced security features and build real-world, production-grade applications with Spring Security.
Backend Developers: Those focused on server-side development will benefit from in-depth knowledge of Spring Security, JWT, OAuth2, and authentication techniques.
Security Enthusiasts: Individuals interested in learning how to secure web applications and understand modern security practices.
Job Seekers and Career Changers: Professionals preparing for job interviews in web development and security roles, seeking to add valuable skills to their resume.
Beginners Eager to Learn: Motivated learners with basic programming knowledge who are eager to dive into Spring Security and React development.

Spring Security with ReactJS, OAuth2, JWT, MFA | Spring Boot

What you'll learn

Explore related topics

Course content

Getting Started with the Course | Spring Security with Spring Boot15 lectures • 1hr 50min

Getting Started with Spring Security12 lectures • 1hr 27min

Basic Authentication with Spring Security & Modifying Default Security Config9 lectures • 36min

Secure Notes Project | Getting Started11 lectures • 1hr 36min

Authentication Providers | In Memory Authentication Provider6 lectures • 33min

User Management with Spring Security13 lectures • 1hr 21min

Role Based Authorization12 lectures • 1hr 6min

Password Security and Management With Password Encoders5 lectures • 24min

Custom Filters in Spring Security8 lectures • 58min

CSRF | CSRF Protection in Spring Security and Spring Boot5 lectures • 36min

Requirements

Description

Who this course is for: