This 2-day course offers hands-on experience with the major features of Spring Security, which includes configuration, authentication, authorization, password handling, testing, protecting against security threats, and the OAuth2 support to secure applications. On completion, participants will have a foundation for securing enterprise and microservices applications.

starstarstarstarstar

* Actual course outline may vary depending on offering center. Contact your sales representative for more information.

Learning Objectives

By the end of the course, you should be able to meet the following objectives:
Use Spring Security in Spring and Spring Boot applications
Configure the Spring Security filter chain
Protect HTTP endpoints with expression-based access control and the AuthorizationManager API
Protect method execution
Use different authentication mechanisms
Handle passwords in an efficient way
Integrate Spring Security with Junit 5 and MockMVC to test HTTP and method security
Protect against common vulnerabilities and threats
Understand what OAuth2 is
Use and configure the Spring Authorization Server
Implement a resource server and client

1

  • SECURITY INTRODUCTION

  • Need for security

    Basic security concepts

    Common security vulnerabilities

2

  • SPRING SECURITY BASICS

  • Introduction to Spring Security

    High-level architecture

    Overview of SecurityContext

    Spring Security with Spring Boot

3

  • CUSTOMIZING AUTHENTICATION

  • Building blocks for authentication

    Authentication mechanisms based on user name and password

    Other authentication mechanisms

    Authentication events

4

  • SECURING WEB APPLICATIONS

  • Configuring authorization

    Using AccessDecisionsManager for authorization

    Using AuthorizationManager for authorization

    Bypassing security

5

  • METHOD SECURITY

  • Method security architecture

    Declarative method security with annotations

6

  • SECURITY TESTING

  • Spring Security Testing Support

    Security mock annotations and meta-annotations

    Using MockMvc to test security

7

  • HANDLING PASSWORDS

  • Password hashing

    Upgrading passwords

8

  • (OPTIONAL) PROTECTING AGAINST COMMON VULNERABILITIES

  • Hardening web applications with security headers

    Preventing cross-site request forgery

    Encrypting data in transit

9

  • OAUTH2 AND OIDC CONCEPTS

  • Need for OAuth

    Overview of OAuth2 and OIDC

    OAuth2 grant types

    Types of tokens

    Spring Security OAuth2 support and OAuth2 login

10

  • SPRING AUTHORIZATION SERVER

  • Introduction to Authorization Server

    Spring Authorization Server endpoints

    Spring Authorization Server configuration

11

  • PROTECTING AND ACCESSING RESOURCES WITH OAUTH2

  • Resource server

    Using JWT tokens

    Using opaque tokens

    Configuring an OAuth2 client

Audience

Application developers who want to increase their understanding of Spring Security with hands-on experience and build secure Spring and Spring Boot applications.

Language

English

Prerequisites

Developer experience building applications with Spring Boot, experience using an IDE (Eclipse, Spring Tools, IntelliJ, or VS Code), and experience using build tools such as Maven or Gradle.

$1,850

Length: 2.0 days (16 hours)

Level:

Not Your Location? Change

Course Schedule:

To request a custom delivery, please chat with an expert.

Loading...