
Paths
Spring Framework: Securing Spring Applications
Spring Security is a powerful and highly customizable authentication and access-control framework. It is the de-facto standard for securing Spring-based applications. Spring... Read more
In this path, you will learn the techniques applied in securing Spring applications. Some of the topics will include: Securing Applications Against Common Security Threats with Spring Security Configuring Spring Security to Authenticate Application Users Configuring OAuth Authentication for Spring Applications Configuring Spring Security to authorize user actions while logged into a Spring application Securing a Spring Data Rest API
Pre-requisites
Java Maven
Beginner
In this section, you will be introduced to the fundamentals of securing data in Spring.
Spring Framework: Securing Spring Applications against Common Security Threats
1h 39m
Description
Spring Security protects your application from many common security threats right out of the box, in fact the increased adoption of such frameworks has resulted in significant declines in occurrences of many of these threats. In this course, Spring Framework: Securing Spring Applications against Common Security Threats, you’ll learn about these threats and how Spring Security protects your application against them. First, you will learn how to configure Spring Security with Spring Boot to get security up and running from the very get-go of your project, so that it can evolve alongside your architecture. Next, you’ll discover some of the various authentication strategies supported by Spring Security, their pros and cons, and how to implement them for single-page and multi-page applications. Finally, you’ll learn how to deal with secret and exception management in your application. When you’re finished with this course, you’ll have the skills and knowledge of Spring Security needed to effectively secure your application against common security threats.
Table of contents
- Course Overview
- What Is Spring Security?
- Configuring Spring Security with Spring Boot
- Configuring Authentication in Your Application
- How Spring Security Protects You against Common Security Threats
- Correctly Configuring HTTPS
- Adding Authentication to Single-page Web Applications
- Managing Secrets
- Handling Exceptions
Intermediate
This section further explores Spring Data by diving into subjects such as authenticating users with Spring Security, configuring Spring Security for the different environments, OAuth2 login and authorizing users.
Spring Framework: Authenticating Users with Spring Security
4h 48m
Description
This course covers all of the fundamentals of Spring Security. It covers securing your app, user storage in memory and in a database, authentication against ldap and authorization against a database, updated hashing algorithms for password storage, customizing the UI, method level security as well as method level permissions, and new techniques for accessing the current logged in user.
Table of contents
- Course Overview
- Configuring an Application to Use Spring Security
- Securing Your Spring MVC Application
- Configuring Spring Security to Use a Database
- Authenticating Users Against LDAP
- Customizing the Spring Security Object
- Creating a Custom Login Page for Spring Security
- Creating a Custom Registration Process for Spring Security
- Handling a Forgotten Password in Spring Security
- Securing Methods in Spring Security
- Securing UI Elements Using Spring Security
Spring Security: Authentication / Authorization - Building Effective Layers of Defense
3h 31m
Description
Getting security wrong can have major repercussions for you, your organization, and your users. In this course, Spring Security: Authentication / Authorization - Building Effective Layers of Defense, you will learn what's under the covers, the architecture and components, and how they can be configured to provide a Defense-in-Depth solution to contain and limit the impact of any security breaches. First, you will explore how to configure Spring Security within Spring Boot and add multi-factor authorization using basic, digest, HTTPS, 2FA, additional security questions, and email verification. Next, you will learn the effects of configuring security incorrectly and how to secure your secrets and users credentials. Finally, you will discover how to outsource authorization with Oauth2 social login and how to add authorization to your pages, URLs, methods, and domain objects with security configuration, expressions, and annotations. When you are finished with this course, you will have a foundational knowledge of how to effectively configure Authentication and Authorization with Spring Security that will help you as you move forward to building more robust security solutions for your applications.
Table of contents
- Course Overview
- Introduction: Why Spring Security?
- Diving Under the Hood of Spring Security Authentication
- Dealing with Common Security Threats
- Securing User Credentials
- Adding Additional Layers for Authentication
- Persisting Access with Remember-Me
- Outsourcing Authentication with OpenID / OAuth2
- Layering Authorization with Spring Security
Effective Oauth2 with Spring Security and Spring Boot
3h 11m
Description
Securing your application with Oauth2, OIDC and JWT doesn't have to be difficult. In this course, Effective Oauth2 with Spring Security and Spring Boot, you will gain the ability to effectively leverage the framework to quickly and effectively do the heavy lifting for you. First, you will learn the essentials of Oauth2, OpenID Connect and JSON Web Token standards so you can correctly leverage Spring Security to add social sing-in to you existing application. Next, you will discover options on how to implement an Authorization Server so that you can completely decouple user authentication from you application code. Finally, you will explore more advanced topics on how to tailor the framework to your unique security requirements and the various patterns you can leverage to secure distributed systems such as microservices. When you are finished with this course, you will have the skills and knowledge of Oauth2 support in Spring Security needed to leverage Oauth2, OIDC and JWT in modern distributed applications.
Table of contents
- Course Overview
- Spring Security Oauth2: The New Direction
- Server-side Applications: Single Sign-in with Oauth2
- Delegating Authentication to an Authorization Server
- Oauth2 in a Client-side Single Page Application
- Oauth2 for Machine-to-machine Authorization
- Enhancing with Customizations, Validation, and Exception Handling
- Layering Scoped-based Authorization
Advanced
Finish learning about Spring Security by learning about differentiating between how authentication and authorization work in a Spring Data Rest API versus a traditional web application, configure a Spring Data Rest API project for authentication by bringing in the correct dependencies and implementing the correct configuration class with appropriate annotations, demonstrate how to use Spring Security pointing at a user/password database to secure an API among other features of the Spring Data Rest API.
Securing Spring Data REST APIs
1h 41m
Description
REST APIs need to be good data stewards. To achieve that, it is fundamental to know who is asking you for data and whether their request is authorized. Spring Security is here to help. In this course, Securing Spring Data REST APIs, you will gain the ability to authenticate and authorize REST APIs in Spring. First, you will learn where HTTP Basic is helpful and not so helpful. Next, you will discover OAuth 2.0 and Bearer Token Authentication using JWTs and Opaque tokens, and how to map these to granted authorities. Finally, you will explore how to manage token ingress and egress using CORS, BFF, API Gateway, and other patterns. When you are finished with this course, you will have the skills and knowledge of Spring Security needed to secure REST APIs.
Table of contents
- Course Overview
- Authorizing REST API Requests with HTTP BASIC
- Authorizing REST API Requests with JWT
- Authorizing REST API Requests with Opaque Tokens
- Securing a Multi-tenant REST API
- Securing Ingress and Egress