Simple play icon Course

Securing Spring Data REST APIs

by Josh Cummings

If you got a text from an unlisted number asking for your credit card, would you give it out? Actually, we do this with customer data all the time in our REST APIs. Learn how Spring Security simplifies OAuth 2.0 and helps close these security gaps.

What you'll learn

REST APIs need to be good data stewards. To achieve that, it is fundamental to know who is asking you for data and whether their request is authorized. Spring Security is here to help. In this course, Securing Spring Data REST APIs, you will gain the ability to authenticate and authorize REST APIs in Spring. First, you will learn where HTTP Basic is helpful and not so helpful. Next, you will discover OAuth 2.0 and Bearer Token Authentication using JWTs and Opaque tokens, and how to map these to granted authorities. Finally, you will explore how to manage token ingress and egress using CORS, BFF, API Gateway, and other patterns. When you are finished with this course, you will have the skills and knowledge of Spring Security needed to secure REST APIs.

Table of contents

Course Overview

About the author

Like many software craftsmen, Josh eats, sleeps, and dreams in code. He codes for fun, and his kids code for fun! Right now, Josh works as a full-time committer on Spring Security and loves every minute. Hailing from Salt Lake City, Utah, Josh loves to hike and be in the outdoors when he's not hacking away at some new Java library. He also loves to juggle, especially on every third Saturday in June. Application Security holds a special place in his heart, a place diametrically opposed to and cos... more

Ready to upskill? Get started