O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Spring Security

Video Description

8+ Hours of Video Instruction

Overview

In Spring Security LiveLessons, learn from Spring experts Rob Winch, Spring Security project lead, and Josh Long, Spring developer advocate. Rob and Josh will teach you how to leverage both built-in and custom authentication and authorization in Spring Security. They also discuss the common exploits and how Spring Security can defend against them, how to easily test a Spring Security application, and how to properly design your code.

About the Instructor

Josh Long is an open-source contributor, frequent worldwide conference speaker, Java Champion, author or co-author of five books and a frequent video trainer with several best-selling videos. You can find him on Twitter as @starbuxman.

Rob Winch is the project lead for Spring Security, Spring Session, and Spring LDAP projects. He is a committer on the core Spring Framework, contributor to Spring Boot, author, and international speaker. In the past he has worked in the healthcare industry, bioinformatics research, high-performance computing, and as a web consultant. When he is not sitting in front of a computer he enjoys playing the guitar. You can find him on Twitter as @rob_winch.

Skill Level

Beginner/Intermediate

Learn How To
  • Leverage both built-in and custom authentication
  • Leverage both built-in and custom authorization
  • Use Spring Security to defend against common exploits
  • Easily test a Spring Security application
  • Properly design your code
Who Should Take This Course
  • Developers who know they need to address security upfront but struggle with how to do so
  • Developers who know they don’t know enough about security and would happily embrace industry-proven solutions to take the shortcut to production
  • Developers who want to level up their security practices and bring them to the modern ag
Course Requirements
  • Experience programming with Java, Spring, and Spring Boot
  • Previous Web application development experience
About Pearson Video Training

Pearson publishes expert-led video tutorials covering a wide selection of technology topics designed to teach you the skills you need to succeed. These professional and personal technology videos feature world-leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, Pearson IT Certification, Prentice Hall, Sams, and Que Topics include IT Certification, Network Security, Cisco Technology, Programming, Web Development, Mobile Development, and more. Learn more about Pearson Video training at http://www.informit.com/video.

Table of Contents

  1. Introduction
    1. Spring Security: Introduction 00:01:07
  2. Lesson 1: Boot Camp
    1. Learning objectives 00:00:42
    2. 1.1 Things You’ll Need: Java 8, an IDE, Maven, Spring Boot CLI 00:05:23
    3. 1.2 Dependency Injection 00:09:26
    4. 1.3 SpEL 00:06:32
    5. 1.4 Portable Service Abstractions 00:07:29
    6. 1.5 AOP 00:08:07
    7. 1.6 How Servlet Filter Works 00:07:45
    8. 1.7 Auto Config 00:07:05
  3. Lesson 2: Hello Spring Security
    1. Learning objectives 00:00:13
    2. 2.1 Creating Hello Security 00:01:16
    3. 2.2 What You Get Out of the Box 00:03:05
    4. 2.3 How it Works 00:02:51
    5. 2.4 What Spring Security Provides 00:02:15
  4. Lesson 3: Authentication 101
    1. Learning objectives 00:00:17
    2. 3.1 What is Authentication? 00:03:36
    3. 3.2 In Memory Authentication 00:11:59
    4. 3.3 JDBC-Based Authentication 00:08:23
    5. 3.4 LDAP-Based Authentication 00:15:59
    6. 3.5 Login and Logout 00:16:29
    7. 3.6 Custom AuthenticationProviders 00:10:53
    8. 3.7 Custom UserDetailsServices 00:11:37
    9. 3.8 Password Encoding and Migration 00:14:55
    10. 3.9 Audit Events 00:02:57
  5. Lesson 4: Web Based Authorization
    1. Learning objectives 00:00:34
    2. 4.1 What is Authorization? 00:01:11
    3. 4.2 Setting Up Our Sample Application 00:07:41
    4. 4.3 Configuring Web-Based Authorization 00:15:15
    5. 4.4 Understanding Web-Based Authorization 00:05:18
    6. 4.5 Actuator 00:07:59
  6. Lesson 5: Protection Against Common Attacks
    1. Learning objectives 00:00:17
    2. 5.1 Cache Control 00:03:46
    3. 5.2 HTTPS 00:10:24
    4. 5.3 XSS 00:10:48
    5. 5.4 Content Sniffing 00:04:46
    6. 5.5 CSRF Protection 00:08:22
    7. 5.6 Session Fixation 00:02:49
    8. 5.7 Click Jacking 00:05:03
    9. 5.8 CSP 00:03:50
    10. 5.9 RFD Attacks 00:05:02
    11. 5.10 HttpFirewall 00:05:06
  7. Lesson 6: Method Security
    1. Learning objectives 00:00:29
    2. 6.1 Why Method Security? 00:01:26
    3. 6.2 Creating Our Insecure Application 00:12:28
    4. 6.3 Integrating with Spring Security 00:06:38
    5. 6.4 JSR 250 Annotations 00:06:11
    6. 6.5 @Secured 00:01:37
    7. 6.6 @PreAuthorize/@PostAuthorize 00:05:51
    8. 6.7 Spring Data integration 00:11:48
  8. Lesson 7: OAuth2
    1. Learning objectives 00:00:19
    2. 7.1 Introduction 00:01:06
    3. 7.2 Authenticating with OAuth2 00:14:11
    4. 7.3 Resource Server 00:06:12
    5. 7.4 WebClient Integration 00:11:56
    6. 7.5 Authorization Code Flow 00:02:39
  9. Lesson 8: Testing
    1. Learning objectives 00:00:19
    2. 8.1 Test Method Security 00:21:23
    3. 8.2 Test Web Security with MockMvc 00:12:51
    4. 8.3 Test Web Security with HtmlUnit Integration 00:05:57
  10. Summary
    1. Spring Security: Summary 00:00:34