Spring Security 5: Authentication / Authorization - Building Effective Layers of Defense
Spring Security is one of the most popular frameworks for securing Java applications. In this course, you will learn what makes it so powerful by configuring it with Spring Boot and adding multi-factor Authentication and Authorization to pages
What you'll learn
Getting security wrong can have major repercussions for you, your organization, and your users. In this course, Spring Security 5: Authentication / Authorization - Building Effective Layers of Defense, you will learn what's under the covers, the architecture and components, and how they can be configured to provide a Defense-in-Depth solution to contain and limit the impact of any security breaches. First, you will explore how to configure Spring Security within Spring Boot and add multi-factor authorization using basic, digest, HTTPS, 2FA, additional security questions, and email verification. Next, you will learn the effects of configuring security incorrectly and how to secure your secrets and users credentials. Finally, you will discover how to outsource authorization with Oauth2 social login and how to add authorization to your pages, URLs, methods, and domain objects with security configuration, expressions, and annotations. When you are finished with this course, you will have a foundational knowledge of how to effectively configure Authentication and Authorization with Spring Security that will help you as you move forward to building more robust security solutions for your applications.
Table of contents
- Introduction 1m
- High-level View of Spring Security 4m
- The Architecture of the Spring Security Filter Chains 5m
- How Requests Are Authenticated 4m
- Authentication Architecture Recap 2m
- Spring Boots Default Spring Security Configuration 10m
- Configuring Basic Authentication 3m
- Configuring Digest Authentication 11m
- Penetration Testing the Web Application 5m
- Wrap Up 1m
- Module Introduction 1m
- A Peak under the Hood of Spring Security Authorization 5m
- Overview of Spring Expression Language 2m
- Working with the Authentication Object 4m
- Cleaning up the Security Configuration 1m
- Spring Security Tag Library 2m
- Securing Your URLs 8m
- Securing Your Methods 6m
- Securing Your Domain Objects with Spring Security ACL 13m
- Creating a Custom PermissionEvaluator to Secure Your Domain Objects 3m
- Wrap Up 1m
About the author
Wojciech is a Technical Lead and Scrum Master. He has over 15 years' experience in software development working in a variety of industries from financial services and online gaming. He has extensive experience with anything Java, Spring framework, Microservices and has a passion for developing secure and scalable applications.