Knowing that experienced hackers are itching to test your skills makes security one of the most difficult and high-pressure concerns of creating an application. That’s where Spring Security comes into the picture to simplify things for developers. A lot has changed since version 3 and with version 4.1 in place, there have been several changes and improvements to the Java Configuration, Web Application Security, Authorization, Crypto Module as well as to Testing, along with some that have been deprecated in the current release. This course is an incremental guide that will teach you how to protect your application from malicious users.
You will learn how to cleanly integrate Spring Security into your application using the latest technologies and frameworks with the help of detailed examples. The scenario created in the book revolves around a security audit of an insecure application and then modifying the sample to resolve the issues found in the audit. It starts by integrating a variety of authentication mechanisms and then demonstrates how to properly restrict access to your application. It concludes with tips on integrating with some of the more popular web frameworks. An example of how Spring Security defends against session fixation moves into concurrency control, and how you can utilize session management for administrative functions, is also included.
About the Author
Ankit Mishra is a Senior Software Engineer with extensive IT experience in mission-critical development projects and architecture designs. He has worked for giants such as Ericsson, Fidelity, and others.
He has more than four years' experience in managing and delivering Spring MVC and Spring Security projects, Cloud deployment, and PaaS cloud administration. Currently, he is working on Spring micro services, Spring Security, cloud deployment, and tuning.
The aim of this video is to make you acquainted with Spring Security and the advantages it provides. Cloning a Git repository of a Spring MVC application will also be covered.
Introduction to the latest Spring Security Version. Understand the Spring MVC java configuration.
Understand Spring Security Modules and how to fetch Spring Security using maven, Run-Time environment.
Theoretically understand, how a request is authenticated in Spring Security and how to fetch current user from authentication object.
Practical demo/ Code demo of how Authentication works in Spring Security.
Deep dive into the spring security components, which filter the request and create an authentication object out of it.
In this video, we will do session fixation attack on applications. You will also learn to leverage the implicit login page and InMemoryUserDetailService.
Get introduced to HttpSecurity and learn to intercept incoming requests to an application.
Intercepting requests and selective restriction of access on Application. Adding HTTPS channel security.
Develop a custom Form Login page and enable CSRF.
Deep dive into spring security components which filters the request and authorizes the requests.
In this video, you will be learning two types of authentication mechanism—Basic authentication and Digest authentication.
Introduction to the Remember-Me authentication mechanism and its implementation.
Customize the access denied page and learn to gracefully log out from the application.
This video details the advance authentication concepts.
Till this video, only In-memory authentication was used. This video details different types of authentication supported by Spring Security and implementation.
In this video, we will learn all about Spring Security Filter chain, how filters are created, and the order in which they process the incoming requests.
Deep dive into core security filter, which always executes in spring security applications and create and register a custom filter.
Introduction and practical implementation of Method Security.
Introduction and implementation of localization support of Spring Security.
In this video, you will be learning how to create the custom user details service.
Introduction to password encoding mechanism and how to encode password in Spring Security.
This video explains the significance of the HTTPresponse header and how User-agent interprets these. Italso explains the ways to customize HTTPresponse headers.
This video explains the session management in spring security and the ways to customize.
This video explains the authorization workflow in spring security.
This video details common Spring EL expressions and different ways to use in web-security and method-security.
Packt has been committed to developer learning since 2004. A lot has changed in software since then - but Packt has remained responsive to these changes, continuing to look forward at the trends and tools defining the way we work and live. And how to put them to work.
With an extensive library of content - more than 4000 books and video courses -Packt's mission is to help developers stay relevant in a rapidly changing world. From new web frameworks and programming languages, to cutting edge data analytics, and DevOps, Packt takes software professionals in every field to what's important to them now.
From skills that will help you to develop and future proof your career to immediate solutions to every day tech challenges, Packt is a go-to resource to make you a better, smarter developer.
Packt Udemy courses continue this tradition, bringing you comprehensive yet concise video courses straight from the experts.