Video description
Increasing cases of online security breaches have made it important for every organization to ensure that their applications are secure. With this video course, you'll explore Spring Security techniques that'll help you in authenticating and authorizing users, and protecting your applications from hazardous security breaches.
The course begins with an introduction to Spring Security, enabling you to understand its importance in securing framework applications. You’ll leverage the auto-configuration capabilities of Spring Boot to secure a web application using HTTP basic authentication. Next, you’ll learn how to replace and customize the default Spring Boot auto-configuration with the help of a series of exercises. Moving ahead, you’ll discover the unique security aspects in a Spring Boot web application that mimics a robust monolithic application with web pages and RESTful endpoints. Later, you’ll follow a Test-Driven Development (TDD) approach to understand the features of Spring Security. With the help of interesting examples, you’ll also be able to write a failing test using JUnit 5, Mockito, and Spring MockMVC.
By the end of this video course, you’ll have developed the skills you need to use Spring Security to secure your framework applications
What You Will Learn
- Set up an environment on your local machine for Spring Security
- Secure applications using Spring Security
- Protect your application against common web security vulnerabilities
- Authenticate application users and authorize user actions
- Test user access with the Test-Driven Development (TDD) approach
- Unlock accounts automatically after a period of time
Audience
If you are a Spring framework application developer who wants to secure enterprise and Java framework applications with Spring Security, then this video course is for you. A good understanding of Java, Spring Framework 5, JUnit, Mockito, and web applications is recommended before getting started with this course. Knowledge of HTTP, Apache Maven, and SQL will also be beneficial.
About The Author
John Thompson: John Thompson has been in the IT industry for over 20 years. Today, he specializes mainly in Java, the most successful and widely known programming language in use today. He also specializes in the Spring Framework, which the most popular open-source application framework for building enterprise-class applications on the Java platform. Just some of the organizations he worked with include Visa, Kohls, Federal Home Loan Bank, and Belk Department Stores. Through the courses he is providing, he hopes to leverage his years of experience to accelerate your learning of the Spring Framework. The Spring Framework is a big framework. The environment for enterprise Java is even bigger. If you're new to Java, you have a lot to learn.
Table of contents
- Chapter 1 : Introduction
- Chapter 2 : Introduction to Spring Security
- Chapter 3 : HTTP Basic Auth
- Chapter 4 : Spring Security Java Configuration
- Chapter 5 : In-Memory Authentication Provider
-
Chapter 6 : Password Security
- Introduction
- Password Encoding
- Message-Digest Algorithm (MD5) Hash and Password Salt
- NoOpPasswordEncoder
- LdapPasswordEncoder
- Secured Hash Algorithm 256 (SHA-256) Password Encoder
- BCryptPasswordEncoder
- Delegating Password Encoder
- Custom Delegating Password Encoder
- Assignment - Add Custom Bcrypt Encoder
- Chapter 7 : Custom Authentication Filter
-
Chapter 8 : Database Authentication
- Introduction
- Database Authentication Overview
- Java Persistence API (JPA) Entities
- Project Lombok Configuration
- Spring Data Java Persistence API (JPA) Repositories
- Assignment - Bootstrap User Data
- Hypersonic 2 (H2) Database Console Access
- User Details Service
- Spring Security Configuration
- 8.10Spring Boot Test Context
-
Chapter 9 : User Roles
- Introduction
- Authorization in Spring Security
- Configuring User Roles
- Verify Role in Filter - Delete
- Assignment - Limit List Breweries to Customer
- Allow Multiple Roles
- Refactor JUnit 5 Tests
- Assignment - Use Multiple Roles
- Introduction to Method Security
- Security Expression Based Syntax
- Assignment - Use Method Expression
-
Chapter 10 : User Authorities
- Introduction
- Overview Database Refactoring
- Update Java Persistence API (JPA) Configuration
- Defining Roles for Beer Operations
- Assignment - Define Roles for Customer Operations
- Update Spring Security for RESTful Beer API
- Assignment - Update Remaining Controllers
- Custom Authorization Annotations
- Assignment - Update to Use Custom Auth Annotations
-
Chapter 11 : Multi-tenancy Security
- Introduction
- Multi-tenancy Overview
- Order Controller Code Review
- Define Roles for Beer Orders
- Update Java Persistence API (JPA) User
- User Customer Java Persistence API (JPA) Mapping
- Refactor Bootstrap Data
- Test-driven development (TDD) - Write Failing Tests
- Custom Authentication Manager
- Secure Read Order
- Using Authentication Principle
- Spring Security with Spring Data Java Persistence API (JPA)
- Chapter 12 : Cross-Site Request Forgery (CSRF) Protection with Spring Security
- Chapter 13 : Login Form
- Chapter 14 : Remember Me
-
Chapter 15 : User Lockout Using Spring Security Events
- Overview of Spring Security Authentication Events
- Configuration of Spring Security Event Publisher
- Logging Off Authentication Success Events
- Persistence of Authentication Success Events
- Locking User Account After Failed Attempts
- Account Locked Message
- Automatically Unlocking Accounts After a Period of Time
-
Chapter 16 : Two-factor Authentication (2FA)
- Two-factor Authentication (2FA) Overview
- Google Authenticator with Spring Security
- Configure User Entity for Two-factor Authentication (2FA)
- Configure Two-factor Authentication (2FA) Registration Controller
- Configure Google Secret Persistence
- Generate Quick Response Code (QR Code) for Google Authenticator
- Verify Two-factor Authentication (2FA) Opt-In
- Two-factor Authentication (2FA) Verification UI
- Spring Security Two-factor Authentication (2FA) Filter
- Spring Security Two-factor Authentication (2FA) Failure Handler
- Exclude Static Resources from Filter
- Java Configuration and Two-factor Authentication (2FA) Demo
- Two-factor Authentication (2FA) Retrospective
-
Chapter 17 : Cross-Origin Resource Sharing (CORS)
- Overview of Cross-Origin Resource Sharing (CORS)
- Disable Spring Security for Testing
- Spring Model-View-Controller (MVC) Cross-Origin Resource Sharing (CORS) Configuration
- Spring Model-View-Controller (MVC) Cross-Origin Resource Sharing (CORS) Annotation Config
- Spring Security Cross-Origin Resource Sharing (CORS) Configuration
Product information
- Title: Spring Security Core: Beginner to Guru
- Author(s):
- Release date: September 2020
- Publisher(s): Packt Publishing
- ISBN: 9781800560000
You might also like
video
Spring Boot Fundamentals
Spring is one of the most widely used frameworks in the industry. Whether you are an …
video
Spring and Spring Boot Fundamentals, 3E
What is this learning path about, and why is it important? For many developers, Spring is …
book
Hands-On Microservices with Spring Boot and Spring Cloud
Apply microservices patterns to build resilient and scalable distributed systems Key Features Understand the challenges of …
video
Apache Maven: Beginner to Guru
Take your Java application development skills to the next level by mastering Apache Maven concepts About …