Spring Security: Authentication / Authorization - Building Effective Layers of Defense

Spring Security is one of the most popular frameworks for securing Java applications. In this course, you will learn what makes it so powerful by configuring it with Spring Boot and adding multi-factor Authentication and Authorization to pages
Course info
Rating
(79)
Level
Intermediate
Updated
Jan 1, 2019
Duration
3h 31m
Table of contents
Course Overview
Introduction: Why Spring Security?
Diving Under the Hood of Spring Security Authentication
Dealing with Common Security Threats
Securing User Credentials
Adding Additional Layers for Authentication
Persisting Access with Remember-Me
Outsourcing Authentication with OpenID / OAuth2
Layering Authorization with Spring Security
Description
Course info
Rating
(79)
Level
Intermediate
Updated
Jan 1, 2019
Duration
3h 31m
Description

Getting security wrong can have major repercussions for you, your organization, and your users. In this course, Spring Security: Authentication / Authorization - Building Effective Layers of Defense, you will learn what's under the covers, the architecture and components, and how they can be configured to provide a Defense-in-Depth solution to contain and limit the impact of any security breaches. First, you will explore how to configure Spring Security within Spring Boot and add multi-factor authorization using basic, digest, HTTPS, 2FA, additional security questions, and email verification. Next, you will learn the effects of configuring security incorrectly and how to secure your secrets and users credentials. Finally, you will discover how to outsource authorization with Oauth2 social login and how to add authorization to your pages, URLs, methods, and domain objects with security configuration, expressions, and annotations. When you are finished with this course, you will have a foundational knowledge of how to effectively configure Authentication and Authorization with Spring Security that will help you as you move forward to building more robust security solutions for your applications.

About the author
About the author

Wojciech is a Technical Lead and Scrum Master. He has over 15 years' experience in software development working in a variety of industries from financial services and online gaming. He has extensive experience with anything Java, Spring framework, Microservices and has a passion for developing secure and scalable applications.

More from the author
Microservices Security
Intermediate
3h 6m
Apr 23, 2020
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone. My name is Wojciech Lesniak, and welcome to my course, Spring Security: Authentication and Authorization - Building Effective Layers of Defense. I have been using Spring now, back before it was even called Spring Security. Getting security wrong can have significant repercussions, especially to your users. Hence, in this course, we will take a peek under the covers of Spring Security at the moving parts, which will allow you to more effectively mold the framework around your security requirements. Some of the major topics that we will cover include multi-factor authentication; user sign-in, additional security challenges, two-factor authentication, email verification, and enforcing HTTPS, authorization in your pages, URLs, methods, and domain objects; dealing with common security threats and how Spring Security protects you against them right out of the box; securing secrets and user credentials; social sign-in, outsourcing authentication with Spring Security OAuth2. By the end of this course, you will have a deeper understanding of the Spring Security framework, allowing you to tailor it to your security requirements, as well as allowing you to more easily debug issues when they inevitably arise. Before beginning the course, you should be familiar with Java and the Spring framework. I hope you will join me on this journey to learn how to build secure applications with the Spring Security Authentication and Authorization: Building Effective Layers of Defense course at Pluralsight.