Spring Framework: Securing Spring Applications

Paths

Spring Framework: Securing Spring Applications

Authors: Wojciech Lesniak, Bryan Hansen, Josh Cummings

Spring Security is a powerful and highly customizable authentication and access-control framework. It is the de-facto standard for securing Spring-based applications. Spring... Read more

In this path, you will learn the techniques applied in securing Spring applications. Some of the topics will include: Securing Applications Against Common Security Threats with Spring Security Configuring Spring Security to Authenticate Application Users Configuring OAuth Authentication for Spring Applications Configuring Spring Security to authorize user actions while logged into a Spring application Securing a Spring Data Rest API

Pre-requisites

Java Maven

Beginner

In this section, you will be introduced to the fundamentals of securing data in Spring.

Spring Framework: Securing Spring Applications against Common Security Threats

by Wojciech Lesniak

Sep 25, 2020 / 1h 39m

1h 39m

Start Course
Description

Spring Security protects your application from many common security threats right out of the box, in fact the increased adoption of such frameworks has resulted in significant declines in occurrences of many of these threats. In this course, Spring Framework: Securing Spring Applications against Common Security Threats, you’ll learn about these threats and how Spring Security protects your application against them. First, you will learn how to configure Spring Security with Spring Boot to get security up and running from the very get-go of your project, so that it can evolve alongside your architecture. Next, you’ll discover some of the various authentication strategies supported by Spring Security, their pros and cons, and how to implement them for single-page and multi-page applications. Finally, you’ll learn how to deal with secret and exception management in your application. When you’re finished with this course, you’ll have the skills and knowledge of Spring Security needed to effectively secure your application against common security threats.

Table of contents
  1. Course Overview
  2. What Is Spring Security?
  3. Configuring Spring Security with Spring Boot
  4. Configuring Authentication in Your Application
  5. How Spring Security Protects You against Common Security Threats
  6. Correctly Configuring HTTPS
  7. Adding Authentication to Single-page Web Applications
  8. Managing Secrets
  9. Handling Exceptions

Intermediate

This section further explores Spring Data by diving into subjects such as authenticating users with Spring Security, configuring Spring Security for the different environments, OAuth2 login and authorizing users.

Spring Framework: Authenticating Users with Spring Security

by Bryan Hansen

Sep 30, 2020 / 4h 48m

4h 48m

Start Course
Description

This course covers all of the fundamentals of Spring Security. It covers securing your app, user storage in memory and in a database, authentication against ldap and authorization against a database, updated hashing algorithms for password storage, customizing the UI, method level security as well as method level permissions, and new techniques for accessing the current logged in user.

Table of contents
  1. Course Overview
  2. Configuring an Application to Use Spring Security
  3. Securing Your Spring MVC Application
  4. Configuring Spring Security to Use a Database
  5. Authenticating Users Against LDAP
  6. Customizing the Spring Security Object
  7. Creating a Custom Login Page for Spring Security
  8. Creating a Custom Registration Process for Spring Security
  9. Handling a Forgotten Password in Spring Security
  10. Securing Methods in Spring Security
  11. Securing UI Elements Using Spring Security

Spring Security: Authentication / Authorization - Building Effective Layers of Defense

by Wojciech Lesniak

Jan 1, 2019 / 3h 31m

3h 31m

Start Course
Description

Getting security wrong can have major repercussions for you, your organization, and your users. In this course, Spring Security: Authentication / Authorization - Building Effective Layers of Defense, you will learn what's under the covers, the architecture and components, and how they can be configured to provide a Defense-in-Depth solution to contain and limit the impact of any security breaches. First, you will explore how to configure Spring Security within Spring Boot and add multi-factor authorization using basic, digest, HTTPS, 2FA, additional security questions, and email verification. Next, you will learn the effects of configuring security incorrectly and how to secure your secrets and users credentials. Finally, you will discover how to outsource authorization with Oauth2 social login and how to add authorization to your pages, URLs, methods, and domain objects with security configuration, expressions, and annotations. When you are finished with this course, you will have a foundational knowledge of how to effectively configure Authentication and Authorization with Spring Security that will help you as you move forward to building more robust security solutions for your applications.

Table of contents
  1. Course Overview
  2. Introduction: Why Spring Security?
  3. Diving Under the Hood of Spring Security Authentication
  4. Dealing with Common Security Threats
  5. Securing User Credentials
  6. Adding Additional Layers for Authentication
  7. Persisting Access with Remember-Me
  8. Outsourcing Authentication with OpenID / OAuth2
  9. Layering Authorization with Spring Security

Effective Oauth2 with Spring Security and Spring Boot

by Wojciech Lesniak

Sep 19, 2019 / 3h 11m

3h 11m

Start Course
Description

Securing your application with Oauth2, OIDC and JWT doesn't have to be difficult. In this course, Effective Oauth2 with Spring Security and Spring Boot, you will gain the ability to effectively leverage the framework to quickly and effectively do the heavy lifting for you. First, you will learn the essentials of Oauth2, OpenID Connect and JSON Web Token standards so you can correctly leverage Spring Security to add social sing-in to you existing application. Next, you will discover options on how to implement an Authorization Server so that you can completely decouple user authentication from you application code. Finally, you will explore more advanced topics on how to tailor the framework to your unique security requirements and the various patterns you can leverage to secure distributed systems such as microservices. When you are finished with this course, you will have the skills and knowledge of Oauth2 support in Spring Security needed to leverage Oauth2, OIDC and JWT in modern distributed applications.

Table of contents
  1. Course Overview
  2. Spring Security Oauth2: The New Direction
  3. Server-side Applications: Single Sign-in with Oauth2
  4. Delegating Authentication to an Authorization Server
  5. Oauth2 in a Client-side Single Page Application
  6. Oauth2 for Machine-to-machine Authorization
  7. Enhancing with Customizations, Validation, and Exception Handling
  8. Layering Scoped-based Authorization

Advanced

Finish learning about Spring Security by learning about differentiating between how authentication and authorization work in a Spring Data Rest API versus a traditional web application, configure a Spring Data Rest API project for authentication by bringing in the correct dependencies and implementing the correct configuration class with appropriate annotations, demonstrate how to use Spring Security pointing at a user/password database to secure an API among other features of the Spring Data Rest API.

Securing Spring Data REST APIs

by Josh Cummings

Feb 19, 2020 / 1h 41m

1h 41m

Start Course
Description

REST APIs need to be good data stewards. To achieve that, it is fundamental to know who is asking you for data and whether their request is authorized. Spring Security is here to help. In this course, Securing Spring Data REST APIs, you will gain the ability to authenticate and authorize REST APIs in Spring. First, you will learn where HTTP Basic is helpful and not so helpful. Next, you will discover OAuth 2.0 and Bearer Token Authentication using JWTs and Opaque tokens, and how to map these to granted authorities. Finally, you will explore how to manage token ingress and egress using CORS, BFF, API Gateway, and other patterns. When you are finished with this course, you will have the skills and knowledge of Spring Security needed to secure REST APIs.

Table of contents
  1. Course Overview
  2. Authorizing REST API Requests with HTTP BASIC
  3. Authorizing REST API Requests with JWT
  4. Authorizing REST API Requests with Opaque Tokens
  5. Securing a Multi-tenant REST API
  6. Securing Ingress and Egress
Offer Code *
Email * First name * Last name *
Company
Title
Phone
Country *

* Required field

Opt in for the latest promotions and events. You may unsubscribe at any time. Privacy Policy

By providing my phone number to Pluralsight and toggling this feature on, I agree and acknowledge that Pluralsight may use that number to contact me for marketing purposes, including using autodialed or pre-recorded calls and text messages. I understand that consent is not required as a condition of purchase from Pluralsight.

By activating this benefit, you agree to abide by Pluralsight's terms of use and privacy policy.

I agree, activate benefit