Spring Security
3.9 (52 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
632 students enrolled
Wishlisted Wishlist

Please confirm that you want to add Spring Security to your Wishlist.

Add to Wishlist

Spring Security

An empirical approach to securing your web applications
3.9 (52 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
632 students enrolled
Created by Packt Publishing
Last updated 12/2014
Current price: $10 Original price: $85 Discount: 88% off
5 hours left at this price!
30-Day Money-Back Guarantee
  • 2 hours on-demand video
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
What Will I Learn?
  • Implement the basic security for a web application starting with authentication and authorization techniques
  • Dig deeper into the process of registration, from raw JDBC to the implementation of a more mature and production-ready Hibernate/JPA implementation
  • Discuss and learn how to implement Remember Me for a web application along with the benefits that it brings, and also learn about the standard Cookie implementation and the harder-to-attack persistence-backed implementation
  • Integrate and set up Spring Security to talk to LDAP
  • Map both the users and the authorities/roles and finish with some advanced scenarios
  • Explore practical usages of Spring Expressions, from securing full pages by their URL to securing elements within a page and finally securing business functionality in the Service Layer
  • Implement the security of a REST API and learn how to set up both basic and advanced authentication processes.
  • Learn how to utilize Spring Security for higher levels of security scenarios including the Access Control Lists for all domain entities in the application
  • Learn how to spot potential design flaws that can make an application vulnerable and how to address these concerns by using and adapting the highly flexible Spring Security framework to your own environment and security need.
View Curriculum
  • Viewers should be acquainted with basic Java and XML and should have knowledge of the Spring framework.

This video course will help you secure your web application with the use of highly practical examples. You will also learn how to implement security checks, thus enabling you to create a staunch authentication mechanism that will prevent spoofing. Integrate with LDAP and progress on to more advanced security techniques such as Remember Me or the powerful ACL mechanism.

These pragmatic videos will help you learn how to implement various techniques for securing your web application through the use of simple to advanced use cases that follow the development of a web application using practical, step-by-step examples.

Each video section shows different ways to empower Spring Security for the web. The authentication techniques comprising of login, registration, and logout are implemented in this course. Moreover, the Remember Me functionality is added to the web app in addition to integration with a production-ready LDAP server. Further on, the authorization method is used and discussed in detail with simple roles, before moving on to the more flexible Spring expressions and finally the extremely powerful Access Control Lists mechanism, which allow security rules per object.

Ultimately, this video course is meant to help you hit the ground running with proper security for your web applications. The primary goal of the course is to be efficient, utilitarian, and immediately applicable for a web application.

About the Author Eugen Paraschiv is a Senior Software Engineer living in Bucharest, Romania, and has more than six years of experience developing and securing a wide range of web applications and systems. His current work is focused on security, REST, and machine learning. He has hands-on experience with Spring Security on several large systems and with a variety of security standards (SSO/CAS, LDAP, UAA, OAuth, and so on).

Who is the target audience?
  • This video course is for Java developers who are looking to build new web applications or secure existing ones by removing as much boilerplate as possible through practical solutions.
Compare to Other Spring Framework Courses
Curriculum For This Course
26 Lectures
Spring Security Setup
6 Lectures 30:13

Introduction of the full course showing how to best work with the materials and the application, where to find references for each section, and how to work with the Spring configuration.

Introduction to the Course

Enable Spring Security in the web application. Add the maven dependencies, enable security in webxml, and show the application working and now protected by a login process.

The Spring Security Setup and Form-based Authentication

Migrate from an auto generated login form to a custom form, and show how to implement a basic but a functional logout process directing the user back to the login page.

Authentication – Log in and Log Out

Secure an entire URL tree with some custom authorities, define these authorities for some of the predefined users, and show how the operation can now be performed by these users.

Authorization – URL

Set up security expressions in the configuration, secure the pages with these expressions, and form better expressions by combining primitive expressions with operators.

Authorization – Security Expressions

Add and configure support for security expressions in the JSP page, secure part of an example page, and learn how different users see the page differently based on their authorities.

Authorization – in Page
3 Lectures 14:59

Introduce the registration mechanism, and show how it integrates into Spring Security and works on the frontend.

The Registration Process with an In-memory Authentication Provider

Show how to move the registration process from the in-memory provider to a new JDBC-backed provider and discuss how this will affect the newly registered users survive a server restart.

The Registration Process with a JDBC-backed Authentication Provider

Show how to replace the old JDBC provider with a production-ready mechanism using JPA and Spring Data—both authentication and registration. Implement the custom logic for user retrieval and registration of new users.

The Registration and Authentication Process with JPA
The Remember Me Authentication
4 Lectures 14:09

Discuss and set up the token-based Remember Me mechanism—how it helps the user stay logged in even after the session expires.

Preview 03:22

Go into detail about the Remember Me cookie and additional configuration options available in Spring Security for the mechanism; discuss how security is improved and why.

The Remember Me Mechanism with a Cookie - Advanced Analysis

Show how to set up and replace the previous token mechanism with a more secure Remember Me mechanism based on persistence; discuss how the mechanism works and why it's more secure.

The Remember Me Mechanism with Persistence

Leverage an advanced Spring Security expression, isFullyAuthenticated, to secure more sensitive pages in the web application—these should still require full authentication credentials before allowing access.

The Remember Me Mechanism with More Advanced Scenarios
Spring Security with LDAP
3 Lectures 13:31

Discuss and show how to introduce LDAP as a security provider; and show how to have a setup process adding the core-required authentication data so that users can log in.

Authentication with LDAP

Illustrate how we can add the authorization data in LDAP—the custom LDAP structure, and the mapping and interaction between Spring Security and the embedded LDAP Server for authorization.

Preview 04:14

Finally, move to a production-like usecase, a full-fledged LDAP Server, set up externally and holding all the authentication and authorization data with no anonymous access. Show how to integrate Spring Security with this server and perform both authentication and authorization.

Authentication and Authorization with an External LDAP Server
Authorization with Spring Expressions
3 Lectures 16:16

Introduce security expressions and show how to configure the security of a URL path in the Spring Security XML configuration; show an advanced example of using such expressions.

Authorization With Expressions - URL

Introduce the concept of in-page authorization and conditionally show page elements based on security expressions.

Authorization With Expressions - in Page

Discuss the method-level security that supports expressions. We'll start with the less flexible @Secured annotation and then move over to the @PreAuthorize annotation. Secure the API of the application itself, independent of page security.

Preview 05:46
REST Authentication and Authorization
3 Lectures 19:35

Introduce the REST Service implemented with Spring MVC, JPA, and Spring Data; show how a setup process should be implemented and persist new users and new authorities during this process.

The REST Service and Its Setup

Show how to set up and configure the Basic Authentication a mechanism within the Spring Security namespace configuration; write live integration tests against the deployed API to verify both the forbidden and valid accesses.

Preview 05:24

Finally, move the REST Service to the Digest authentication mechanism; show how to set this up with Spring Security, show the advanced usage of the namespace support, and write the live integration tests against the live API to verify its correctness.

REST with Digest Authentication
Spring Security ACL
4 Lectures 21:20

Introduce the concepts of Access Control Lists, why ACL is necessary for nontrivial scenarios, how it differs from the standard authorization, and what kind of support Spring Security has for ACL.

Introduction to Domain Object Security and ACL

Focus on the complex database structure required to set up the ACL in a project; discuss the exact relations between tables and how Spring is going to use these to map its ACL artifacts.

The ACL Data Structure

Enable and configure ACL for the security configuration of the project—use ACL expressions to secure parts of the API and illustrate how this works in practice in the sample application.

The ACL Setup and Configuration with Spring Security

Show the advanced options that ACL allows and the standard authorization solution does not. Implement a granular authorization rule for a target entity and show this rule being enforced by consuming the live API.

Preview 04:49
About the Instructor
Packt Publishing
3.9 Average rating
8,197 Reviews
58,878 Students
687 Courses
Tech Knowledge in Motion

Packt has been committed to developer learning since 2004. A lot has changed in software since then - but Packt has remained responsive to these changes, continuing to look forward at the trends and tools defining the way we work and live. And how to put them to work.

With an extensive library of content - more than 4000 books and video courses -Packt's mission is to help developers stay relevant in a rapidly changing world. From new web frameworks and programming languages, to cutting edge data analytics, and DevOps, Packt takes software professionals in every field to what's important to them now.

From skills that will help you to develop and future proof your career to immediate solutions to every day tech challenges, Packt is a go-to resource to make you a better, smarter developer.

Packt Udemy courses continue this tradition, bringing you comprehensive yet concise video courses straight from the experts.