Effective OAuth2 with Spring Security 5 and Spring Boot
Securing your application with OAuth2, OIDC and JWT in your application can seem like a daunting task. In this course you will learn how to leverage Spring Security with Spring Boot to quickly and effectively do all the heavy lifting for you.
What you'll learn
Securing your application with OAuth2, OIDC and JWT doesn't have to be difficult. In this course, Effective OAuth2 with Spring Security 5 and Spring Boot, you will gain the ability to effectively leverage the framework to quickly and effectively do the heavy lifting for you. First, you will learn the essentials of OAuth2, OpenID Connect and JSON Web Token standards so you can correctly leverage Spring Security to add social sing-in to you existing application. Next, you will discover options on how to implement an Authorization Server so that you can completely decouple user authentication from you application code. Finally, you will explore more advanced topics on how to tailor the framework to your unique security requirements and the various patterns you can leverage to secure distributed systems such as microservices. When you are finished with this course, you will have the skills and knowledge of OAuth2 support in Spring Security needed to leverage OAuth2, OIDC and JWT in modern distributed applications.
Table of contents
- Introduction 2m
- Version Check 0m
- The Challenges with Authentication/Authorization in Modern Applications 4m
- Why Tokens? 5m
- Introducing JSON Web Tokens (JWT) 3m
- A Journey into OAuth2 2m
- Autherization Code Grant 4m
- OAuth2 Is Not Authentication 1m
- Why We Need OpenID Connect 3m
- What Makes OIDC Great for Authentication? 6m
- OIDC Authorization Code Grant Flow 2m
- Spring Security 5 the New Direction 2m
- Introduction 1m
- Registering the Client with Facebook and Google 2m
- Sign-in with Google and Facebook 4m
- A Peek under the Covers at the Architecture 8m
- Spring Boot Auto-configuration of OAuth2 8m
- OAuth2 Login Page 2m
- Automatically Registering Users: AuthenticationSuccessHandler 2m
- Retrieving claims form the Authenticated Principal 5m
- Mapping Claims to Authorities: GrantedAuthoritiesMapper 2m
- The Principal Problem 2m
- Customizing OAuth2 User Types: CustomUserTypesOAuth2UserService 3m
- Customizing the OAuth2User with a Custom OAuth2UserService 1m
- Module Summary 0m
- Options for Identity Management 1m
- Spring OAuth2 Authorization Server 4m
- Authenticating the Resource Owner 8m
- Outsourcing User Authentication to Our Custom Authorization Server 2m
- A Peek under the Covers of Our Authorization Server 6m
- Introducing Keycloak an out-of-the-box Solution for an Authorization Server 2m
- Installing and Configuring Keycloak 3m
- Outsourcing Client Authentication to Keycloak 3m
- Introducing Identity as a Service (IDaaS) and Module Wrap Up 1m
- The Challenges for OAuth2 and Public Clients 5m
- The New Architecture of Our SPA 1m
- Configuring Our Public Client in Keycloak 2m
- Securing the Resource Servers 3m
- Retrieving Claims of the Authenticated Principal 3m
- Cross-origin Resource Sharing (CORS) 2m
- Enabling Cross-origin Requests in Spring Security 3m
- Module Wrap up and What's Next 1m
- Module Introduction 2m
- Security Challenges with Tokens in Distributed Systems 3m
- Introducing the Client Credentials Grant 1m
- Rethinking the Architecuture 3m
- WebClient vs. RestTemplate 1m
- Token Relay with WebClient 4m
- ServletOAuth2AuthorizedClientExchangeFilterFunction 6m
- Token Relay with RestTemplate 1m
- Configuring Client Credentials in Keycloak 1m
- Client Credentials with WebClient 4m
- Client Credentials Token Refresh Workaround 1m
- Client Credentials Grant via RestTemplate 3m
- Module Wrap Up 1m
- Module Introduction 1m
- Searching for More Security Vulnerabilities 2m
- Scopes vs. Roles vs. Authorities 3m
- Adding Scopes and Roles to Keycloak 3m
- Authorization at the URL 4m
- Mapping Roles and Scopes from Your Token into the Principal 3m
- Securing Your Methods 3m
- HTTPs and Further Learning Oportinitues 1m
- Course Complete and What's Next 3m
About the author
Wojciech is a Technical Lead and Scrum Master. He has over 15 years' experience in software development working in a variety of industries from financial services and online gaming. He has extensive experience with anything Java, Spring framework, Microservices and has a passion for developing secure and scalable applications.