Securing Spring Data REST APIs

If you got a text from an unlisted number asking for your credit card, would you give it out? Actually, we do this with customer data all the time in our REST APIs. Learn how Spring Security simplifies OAuth 2.0 and helps close these security gaps.
Course info
Rating
(27)
Level
Advanced
Updated
Feb 19, 2020
Duration
1h 41m
Table of contents
Course Overview
Authorizing REST API Requests with HTTP BASIC
Authorizing REST API Requests with JWT
Authorizing REST API Requests with Opaque Tokens
Securing a Multi-tenant REST API
Securing Ingress and Egress
Description
Course info
Rating
(27)
Level
Advanced
Updated
Feb 19, 2020
Duration
1h 41m
Description

REST APIs need to be good data stewards. To achieve that, it is fundamental to know who is asking you for data and whether their request is authorized. Spring Security is here to help. In this course, Securing Spring Data REST APIs, you will gain the ability to authenticate and authorize REST APIs in Spring. First, you will learn where HTTP Basic is helpful and not so helpful. Next, you will discover OAuth 2.0 and Bearer Token Authentication using JWTs and Opaque tokens, and how to map these to granted authorities. Finally, you will explore how to manage token ingress and egress using CORS, BFF, API Gateway, and other patterns. When you are finished with this course, you will have the skills and knowledge of Spring Security needed to secure REST APIs.

About the author
About the author

Like many software craftsmen, Josh eats, sleeps, and dreams in code. He codes for fun, and his kids code for fun! Right now, Josh works as a full-time committer on Spring Security and loves every minute.

More from the author
Securing Java Web Application Data
Intermediate
2h 40m
Jun 21, 2019
More courses by Josh Cummings
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
[Autogenerated] Hi, everyone. My name is Josh comings and welcome to my course. Securing spring date arrest AP eyes. I'm a spring secure to commit her over of'em Where what two is complex but securing your estate passion I have to be. In fact, spring security is poured over 5000 hours of engineering time and 70,000 lines of code toward simplifying and adapting or two into the spring security programming model. I should know. I've put nearly 1/3 of those hours in myself in this course. We're gonna apply that spring security muscle towards making your rest a P I more secure. Some of the major topics that will cover include authenticating with jots, aerobic tokens, designing scopes and mapping them to granted authorities supporting multi tenant rested P I's and exposing rest AP eyes to single page APS. By the end of this course, you'll know how to use spring security to protect your rest. AP Eyes with bare token authentication Before beginning the course, you should be familiar with spring securities fundamentals. It will also be helpful to be familiar with Spring, NBC Spring Data and Web client. From here, you should feel comfortable diving into Maura about Java Web publications Security with courses on the fundamentals of securing Java Web applications or creating an off to client with spring security. I hope you'll join me on this journey toe Learn rest a p I security with thes securing spring date arrested guys course at sight.