Spring Security Core: Beginner to Guru

Spring Security Core: Beginner to Guru

by John Thompson
Released September 2020
Publisher(s): Packt Publishing
ISBN: 9781800560000

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to live online training experiences, plus books, videos, and digital content from O’Reilly and nearly 200 trusted publishing partners.

Start your free trial

Video description

Understand how to protect Java framework applications by learning cutting-edge Spring Security techniques

About This Video

  • Gain a deep understanding of Spring Security
  • Explore the Spring Security toolset for authentication and authorization of users
  • Become familiar with the Test-Driven Development (TDD) approach

In Detail

Increasing cases of online security breaches have made it important for every organization to ensure that their applications are secure. With this video course, you'll explore Spring Security techniques that'll help you in authenticating and authorizing users, and protecting your applications from hazardous security breaches.

The course begins with an introduction to Spring Security, enabling you to understand its importance in securing framework applications. You’ll leverage the auto-configuration capabilities of Spring Boot to secure a web application using HTTP basic authentication. Next, you’ll learn how to replace and customize the default Spring Boot auto-configuration with the help of a series of exercises. Moving ahead, you’ll discover the unique security aspects in a Spring Boot web application that mimics a robust monolithic application with web pages and RESTful endpoints. Later, you’ll follow a Test-Driven Development (TDD) approach to understand the features of Spring Security. With the help of interesting examples, you’ll also be able to write a failing test using JUnit 5, Mockito, and Spring MockMVC

By the end of this video course, you’ll have developed the skills you need to use Spring Security to secure your framework applications.

Publisher resources

Download Example Code

Table of contents

  1. Chapter 1 : Introduction
    1. Introduction
    2. What Will You Build in Your Spring Security Course?
    3. Getting the Most Out of Your Course!
    4. Setting up Your Development Environment
  2. Chapter 2 : Introduction to Spring Security
    1. Introduction
    2. Application Security 101
    3. Introducing Spring Security
    4. Open Web Application Security Project (OWASP) Common Web Vulnerabilities
    5. Cross-Site Scripting (XSS)
    6. Cross-Site Request Forgery (CSRF)
  3. Chapter 3 : HTTP Basic Auth
    1. Introduction
    2. Overview of HTTP Basic Authentication
    3. SFG Brewery Code Review
    4. Spring Security Default Basic Auth
    5. Customizing Username and Password
    6. Testing Spring Security with JUnit 5
    7. Testing HTTP Basic Auth
    8. Spring Security Filter Chain
  4. Chapter 4 : Spring Security Java Configuration
    1. Introduction
    2. Permit All with URL Pattern Matching
    3. HTTP Method Matching
    4. Spring Model-View-Controller (MVC) Path Matchers
  5. Chapter 5 : In-Memory Authentication Provider
    1. Introduction
    2. Spring Security Authentication Process
    3. User Details Service
    4. In-Memory Authentication Fluent API
    5. Assignment - Add User
  6. Chapter 6 : Password Security
    1. Introduction
    2. Password Encoding
    3. Message-Digest Algorithm (MD5) Hash and Password Salt
    4. NoOpPasswordEncoder
    5. LdapPasswordEncoder
    6. Secured Hash Algorithm 256 (SHA-256) Password Encoder
    7. BCryptPasswordEncoder
    8. Delegating Password Encoder
    9. Custom Delegating Password Encoder
    10. Assignment - Add Custom Bcrypt Encoder
  7. Chapter 7 : Custom Authentication Filter
    1. Introduction
    2. Custom Authentication Filter Overview
    3. Delete Beer by the ID MockMvc Test
    4. Custom Authentication Filter
    5. Spring Security Configuration
    6. Debugging Spring Security
    7. Custom doFilter Method
    8. Custom Failure Handler
  8. Chapter 8 : Database Authentication
    1. Introduction
    2. Database Authentication Overview
    3. Java Persistence API (JPA) Entities
    4. Project Lombok Configuration
    5. Spring Data Java Persistence API (JPA) Repositories
    6. Assignment - Bootstrap User Data
    7. Hypersonic 2 (H2) Database Console Access
    8. User Details Service
    9. Spring Security Configuration
    10. 8.10Spring Boot Test Context
  9. Chapter 9 : User Roles
    1. Introduction
    2. Authorization in Spring Security
    3. Configuring User Roles
    4. Verify Role in Filter - Delete
    5. Assignment - Limit List Breweries to Customer
    6. Allow Multiple Roles
    7. Refactor JUnit 5 Tests
    8. Assignment - Use Multiple Roles
    9. Introduction to Method Security
    10. Security Expression Based Syntax
    11. Assignment - Use Method Expression
  10. Chapter 10 : User Authorities
    1. Introduction
    2. Overview Database Refactoring
    3. Update Java Persistence API (JPA) Configuration
    4. Defining Roles for Beer Operations
    5. Assignment - Define Roles for Customer Operations
    6. Update Spring Security for RESTful Beer API
    7. Assignment - Update Remaining Controllers
    8. Custom Authorization Annotations
    9. Assignment - Update to Use Custom Auth Annotations
  11. Chapter 11 : Multi-tenancy Security
    1. Introduction
    2. Multi-tenancy Overview
    3. Order Controller Code Review
    4. Define Roles for Beer Orders
    5. Update Java Persistence API (JPA) User
    6. User Customer Java Persistence API (JPA) Mapping
    7. Refactor Bootstrap Data
    8. Test-driven development (TDD) - Write Failing Tests
    9. Custom Authentication Manager
    10. Secure Read Order
    11. Using Authentication Principle
    12. Spring Security with Spring Data Java Persistence API (JPA)
  12. Chapter 12 : Cross-Site Request Forgery (CSRF) Protection with Spring Security
    1. Enable Cross-Site Request Forgery (CSRF) Protection in Spring Security
    2. Cross-Site Request Forgery (CSRF) with Spring MockMvc
    3. Update Customer Forms with Cross-Site Request Forgery (CSRF)
    4. Assignment - Update Beer Form with Cross-Site Request Forgery (CSRF)
  13. Chapter 13 : Login Form
    1. Tag Library Overview
    2. Add Login Form to Index Page
    3. Add Logout Action
    4. Update Java Configuration for Login Form
    5. Login and Logout Messages
    6. Show Elements by User Permission
  14. Chapter 14 : Remember Me
    1. Remember Me Overview
    2. Simple Hash-Based Token Remember Me
    3. Persistent Token Remember Me
  15. Chapter 15 : User Lockout Using Spring Security Events
    1. Overview of Spring Security Authentication Events
    2. Configuration of Spring Security Event Publisher
    3. Logging Off Authentication Success Events
    4. Persistence of Authentication Success Events
    5. Locking User Account After Failed Attempts
    6. Account Locked Message
    7. Automatically Unlocking Accounts After a Period of Time
  16. Chapter 16 : Two-factor Authentication (2FA)
    1. Two-factor Authentication (2FA) Overview
    2. Google Authenticator with Spring Security
    3. Configure User Entity for Two-factor Authentication (2FA)
    4. Configure Two-factor Authentication (2FA) Registration Controller
    5. Configure Google Secret Persistence
    6. Generate Quick Response Code (QR Code) for Google Authenticator
    7. Verify Two-factor Authentication (2FA) Opt-In
    8. Two-factor Authentication (2FA) Verification UI
    9. Spring Security Two-factor Authentication (2FA) Filter
    10. Spring Security Two-factor Authentication (2FA) Failure Handler
    11. Exclude Static Resources from Filter
    12. Java Configuration and Two-factor Authentication (2FA) Demo
    13. Two-factor Authentication (2FA) Retrospective
  17. Chapter 17 : Cross-Origin Resource Sharing (CORS)
    1. Overview of Cross-Origin Resource Sharing (CORS)
    2. Disable Spring Security for Testing
    3. Spring Model-View-Controller (MVC) Cross-Origin Resource Sharing (CORS) Configuration
    4. Spring Model-View-Controller (MVC) Cross-Origin Resource Sharing (CORS) Annotation Config
    5. Spring Security Cross-Origin Resource Sharing (CORS) Configuration

Product information

  • Title: Spring Security Core: Beginner to Guru
  • Author(s): John Thompson
  • Release date: September 2020
  • Publisher(s): Packt Publishing
  • ISBN: 9781800560000