Secure Your Spring-Based Applications
4.1 (4 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
77 students enrolled
Wishlisted Wishlist

Please confirm that you want to add Secure Your Spring-Based Applications to your Wishlist.

Add to Wishlist

Secure Your Spring-Based Applications

Secure your Java applications against hackers using Spring Security
4.1 (4 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
77 students enrolled
Created by Packt Publishing
Last updated 5/2017
Current price: $12 Original price: $125 Discount: 90% off
4 days left at this price!
30-Day Money-Back Guarantee
  • 4.5 hours on-demand video
  • 1 Supplemental Resource
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion

Training 5 or more people?

Get your team access to Udemy's top 2,000 courses anytime, anywhere.

Try Udemy for Business
What Will I Learn?
  • Explore the spring MVC application using java config
  • Explore Spring Security, its Architecture, and Components.
  • Implement Spring Security in the sample application. Configuring HttpSecurity, Form Logins, Request Authorization, Handling logouts, Authentication etc
  • Filter Chains and Core Security Filters
  • Basic, Digest and Remember Me authentications
  • HTTP Response headers Security and Session Management
  • Authorization Architecture
  • Secure Object Implementations and Expression based access control
View Curriculum
  • You are not assumed to have any previous experience with Spring Security.

Knowing that experienced hackers are itching to test your skills makes security one of the most difficult and high-pressure concerns of creating an application. That’s where Spring Security comes into the picture to simplify things for developers. A lot has changed since version 3 and with version 4.1 in place, there have been several changes and improvements to the Java Configuration, Web Application Security, Authorization, Crypto Module as well as to Testing, along with some that have been deprecated in the current release. This course is an incremental guide that will teach you how to protect your application from malicious users.

You will learn how to cleanly integrate Spring Security into your application using the latest technologies and frameworks with the help of detailed examples. The scenario created in the book revolves around a security audit of an insecure application and then modifying the sample to resolve the issues found in the audit. It starts by integrating a variety of authentication mechanisms and then demonstrates how to properly restrict access to your application. It concludes with tips on integrating with some of the more popular web frameworks. An example of how Spring Security defends against session fixation moves into concurrency control, and how you can utilize session management for administrative functions, is also included.

About the Author

Ankit Mishra is a Senior Software Engineer with extensive IT experience in mission-critical development projects and architecture designs. He has worked for giants such as Ericsson, Fidelity, and others.

He has more than four years' experience in managing and delivering Spring MVC and Spring Security projects, Cloud deployment, and PaaS cloud administration. Currently, he is working on Spring micro services, Spring Security, cloud deployment, and tuning.

  • Specialties: Red-Hat Certified engineer 
  • Functional domains: Retail and Banking
Who is the target audience?
  • This course is intended for Java web developers and assumes a basic understanding of creating Java web applications, XML, and the Spring Framework.
Compare to Other Spring Framework Courses
Curriculum For This Course
27 Lectures
Introduction to Spring Security
7 Lectures 53:12

This video provides an overview of the entire course.

Preview 03:50

The aim of this video is to make you acquainted with Spring Security and the advantages it provides. Cloning a Git repository of a Spring MVC application will also be covered.

What Is Spring Security and Advantage?

Introduction to the latest Spring Security Version. Understand the Spring MVC java configuration.

Introducing the Latest Spring Security Version

Understand Spring Security Modules and how to fetch Spring Security using maven, Run-Time environment.

Getting Spring Security and Core Modules

Theoretically understand, how a request is authenticated in Spring Security and how to fetch current user from authentication object.

Core Components

Practical demo/ Code demo of how Authentication works in Spring Security.

Authentication Basics

Deep dive into the spring security components, which filter the request and create an authentication object out of it.

Authentication in a Web Application
Architecture, Components, and Configuration
5 Lectures 55:43

In this video, we will do session fixation attack on applications. You will also learn to leverage the implicit login page and InMemoryUserDetailService.

Preview 16:06

Get introduced to HttpSecurity and learn to intercept incoming requests to an application.


Intercepting requests and selective restriction of access on Application. Adding HTTPS channel security.

Access Control in Spring Security

Develop a custom Form Login page and enable CSRF.

Form Login and CSRF

Deep dive into spring security components which filters the request and authorizes the requests.

Authorize Requests
Spring Security – Java Configuration
5 Lectures 01:10:22

In this video, you will be learning two types of authentication mechanism—Basic authentication and Digest authentication.

Preview 18:31

Introduction to the Remember-Me authentication mechanism and its implementation.

Remember-Me Authentication

Customize the access denied page and learn to gracefully log out from the application.

Handling Logouts

This video details the advance authentication concepts.

Authentication Manager, Provider Manager, and Authentication Providers

Till this video, only In-memory authentication was used. This video details different types of authentication supported by Spring Security and implementation.

Authentication Types
Spring Security – Advance Security Part 1
4 Lectures 31:48

In this video, we will learn all about Spring Security Filter chain, how filters are created, and the order in which they process the incoming requests.

Preview 13:56

Deep dive into core security filter, which always executes in spring security applications and create and register a custom filter.

Core Security Filters

Introduction and practical implementation of Method Security.

Method Security

Introduction and implementation of localization support of Spring Security.

Advance Security Part 2
6 Lectures 46:43

In this video, you will be learning how to create the custom user details service.

Preview 10:30

Introduction to password encoding mechanism and how to encode password in Spring Security.

Password Encoding

This video explains the significance of the HTTPresponse header and how User-agent interprets these. Italso explains the ways to customize HTTPresponse headers.

HTTPResponse Headers

This video explains the session management in spring security and the ways to customize.

Session Management

This video explains the authorization workflow in spring security.

Authorization Architecture

This video details common Spring EL expressions and different ways to use in web-security and method-security.

Expression Based Access Control
About the Instructor
Packt Publishing
3.9 Average rating
8,274 Reviews
59,171 Students
687 Courses
Tech Knowledge in Motion

Packt has been committed to developer learning since 2004. A lot has changed in software since then - but Packt has remained responsive to these changes, continuing to look forward at the trends and tools defining the way we work and live. And how to put them to work.

With an extensive library of content - more than 4000 books and video courses -Packt's mission is to help developers stay relevant in a rapidly changing world. From new web frameworks and programming languages, to cutting edge data analytics, and DevOps, Packt takes software professionals in every field to what's important to them now.

From skills that will help you to develop and future proof your career to immediate solutions to every day tech challenges, Packt is a go-to resource to make you a better, smarter developer.

Packt Udemy courses continue this tradition, bringing you comprehensive yet concise video courses straight from the experts.