Securing Spring Data REST APIs
If you got a text from an unlisted number asking for your credit card, would you give it out? Actually, we do this with customer data all the time in our REST APIs. Learn how Spring Security simplifies OAuth 2.0 and helps close these security gaps.
What you'll learn
REST APIs need to be good data stewards. To achieve that, it is fundamental to know who is asking you for data and whether their request is authorized. Spring Security is here to help. In this course, Securing Spring Data REST APIs, you will gain the ability to authenticate and authorize REST APIs in Spring. First, you will learn where HTTP Basic is helpful and not so helpful. Next, you will discover OAuth 2.0 and Bearer Token Authentication using JWTs and Opaque tokens, and how to map these to granted authorities. Finally, you will explore how to manage token ingress and egress using CORS, BFF, API Gateway, and other patterns. When you are finished with this course, you will have the skills and knowledge of Spring Security needed to secure REST APIs.
Table of contents
- Broken Ziplines and OWASP 1m
- Carol Meets Spring Security 1m
- A New Year's Resolutions REST API 1m
- Hello Spring Security for REST APIs 1m
- Did We Lock Ourselves Out? 1m
- UserDetailsService and REST APIs 1m
- Using InMemoryUserDetailsManager 2m
- Introducing JdbcUserDetailsManager 1m
- Integrating JdbcUserDetailsManager with Spring Data 3m
- Adding Roles via Spring Data 1m
- Integrating JdbcUserDetailsManager with Spring Data, Part II 3m
- Evaluating UserDetailsService Implementation Needs 1m
- Creating a Custom Implementation 4m
- How Secure Is This? 3m
- Understanding Bearer Token Authentication 2m
- Setting up JWT with Spring Boot 2m
- Retrieving JWT Claims in Controllers 2m
- Demo: Retrieving JWT Claims in Controllers 2m
- Using @PostAuthorize for Direct Object References 1m
- Demo: Using @PostAuthorize for Direct Object References 2m
- Evaluating OAuth 2.0 Scopes 3m
- Using @PreAuthorize for OAuth 2.0 Scopes 1m
- Demo: Using @PreAuthorize for OAuth 2.0 Scopes 1m
- Testing JWT with Spring Security and @SpringBootTest 2m
- Demo: Testing JWT with Spring Security and @SpringBootTest 1m
- Demo: Converting Claims to a Custom Java Type 2m
- Demo: Mapping Scopes to Custom Roles 4m
- Visualizing the Full Spring Security JWT API 2m
- Adding Custom JWT Validation 1m
- Resolving the AuthenticationManager at Request Time 2m
- Using AuthenticationManagerResolver to Improve Startup 3m
- Resolving Authentication by Token Type 2m
- Resolving Authentication by JWT Claim 2m
- Dynamically Resolving Authentication by JWT Claim 4m
- Resolving Authentication by Request Material 3m
- Resolving Authentication via Federation 3m
About the author
Like many software craftsmen, Josh eats, sleeps, and dreams in code. He codes for fun, and his kids code for fun! Right now, Josh works as a full-time committer on Spring Security and loves every minute. Hailing from Salt Lake City, Utah, Josh loves to hike and be in the outdoors when he's not hacking away at some new Java library. He also loves to juggle, especially on every third Saturday in June. Application Security holds a special place in his heart, a place diametrically opposed to and cos... more