Spring Security

Spring Security

by Josh Long / Robert Winch
Released November 2018
Publisher(s): Pearson
ISBN: 0135415055

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Video description

8+ Hours of Video Instruction

Overview

In Spring Security LiveLessons, learn from Spring experts Rob Winch, Spring Security project lead, and Josh Long, Spring developer advocate. Rob and Josh will teach you how to leverage both built-in and custom authentication and authorization in Spring Security. They also discuss the common exploits and how Spring Security can defend against them, how to easily test a Spring Security application, and how to properly design your code.

About the Instructor

Josh Long is an open-source contributor, frequent worldwide conference speaker, Java Champion, author or co-author of five books and a frequent video trainer with several best-selling videos. You can find him on Twitter as @starbuxman.

Rob Winch is the project lead for Spring Security, Spring Session, and Spring LDAP projects. He is a committer on the core Spring Framework, contributor to Spring Boot, author, and international speaker. In the past he has worked in the healthcare industry, bioinformatics research, high-performance computing, and as a web consultant. When he is not sitting in front of a computer he enjoys playing the guitar. You can find him on Twitter as @rob_winch.

Skill Level

Beginner/Intermediate

Learn How To
  • Leverage both built-in and custom authentication
  • Leverage both built-in and custom authorization
  • Use Spring Security to defend against common exploits
  • Easily test a Spring Security application
  • Properly design your code
Who Should Take This Course
  • Developers who know they need to address security upfront but struggle with how to do so
  • Developers who know they don’t know enough about security and would happily embrace industry-proven solutions to take the shortcut to production
  • Developers who want to level up their security practices and bring them to the modern ag
Course Requirements
  • Experience programming with Java, Spring, and Spring Boot
  • Previous Web application development experience
About Pearson Video Training

Pearson publishes expert-led video tutorials covering a wide selection of technology topics designed to teach you the skills you need to succeed. These professional and personal technology videos feature world-leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, Pearson IT Certification, Prentice Hall, Sams, and Que Topics include IT Certification, Network Security, Cisco Technology, Programming, Web Development, Mobile Development, and more. Learn more about Pearson Video training at http://www.informit.com/video.

Table of contents

  1. Introduction
    1. Spring Security: Introduction
  2. Lesson 1: Boot Camp
    1. Learning objectives
    2. 1.1 Things You’ll Need: Java 8, an IDE, Maven, Spring Boot CLI
    3. 1.2 Dependency Injection
    4. 1.3 SpEL
    5. 1.4 Portable Service Abstractions
    6. 1.5 AOP
    7. 1.6 How Servlet Filter Works
    8. 1.7 Auto Config
  3. Lesson 2: Hello Spring Security
    1. Learning objectives
    2. 2.1 Creating Hello Security
    3. 2.2 What You Get Out of the Box
    4. 2.3 How it Works
    5. 2.4 What Spring Security Provides
  4. Lesson 3: Authentication 101
    1. Learning objectives
    2. 3.1 What is Authentication?
    3. 3.2 In Memory Authentication
    4. 3.3 JDBC-Based Authentication
    5. 3.4 LDAP-Based Authentication
    6. 3.5 Login and Logout
    7. 3.6 Custom AuthenticationProviders
    8. 3.7 Custom UserDetailsServices
    9. 3.8 Password Encoding and Migration
    10. 3.9 Audit Events
  5. Lesson 4: Web Based Authorization
    1. Learning objectives
    2. 4.1 What is Authorization?
    3. 4.2 Setting Up Our Sample Application
    4. 4.3 Configuring Web-Based Authorization
    5. 4.4 Understanding Web-Based Authorization
    6. 4.5 Actuator
  6. Lesson 5: Protection Against Common Attacks
    1. Learning objectives
    2. 5.1 Cache Control
    3. 5.2 HTTPS
    4. 5.3 XSS
    5. 5.4 Content Sniffing
    6. 5.5 CSRF Protection
    7. 5.6 Session Fixation
    8. 5.7 Click Jacking
    9. 5.8 CSP
    10. 5.9 RFD Attacks
    11. 5.10 HttpFirewall
  7. Lesson 6: Method Security
    1. Learning objectives
    2. 6.1 Why Method Security?
    3. 6.2 Creating Our Insecure Application
    4. 6.3 Integrating with Spring Security
    5. 6.4 JSR 250 Annotations
    6. 6.5 @Secured
    7. 6.6 @PreAuthorize/@PostAuthorize
    8. 6.7 Spring Data integration
  8. Lesson 7: OAuth2
    1. Learning objectives
    2. 7.1 Introduction
    3. 7.2 Authenticating with OAuth2
    4. 7.3 Resource Server
    5. 7.4 WebClient Integration
    6. 7.5 Authorization Code Flow
  9. Lesson 8: Testing
    1. Learning objectives
    2. 8.1 Test Method Security
    3. 8.2 Test Web Security with MockMvc
    4. 8.3 Test Web Security with HtmlUnit Integration
  10. Summary
    1. Spring Security: Summary

Product information

  • Title: Spring Security
  • Author(s): Josh Long / Robert Winch
  • Release date: November 2018
  • Publisher(s): Pearson
  • ISBN: 0135415055