[NEW] Spring Security 6 Zero to Master along with JWT,OAUTH2

Spring Security 6 , SpringBoot 3 Security, CORs, CSRF, JWT, OAUTH2, OpenID Connect, KeyCloak

4.62 (6071 reviews)
Udemy
platform
English
language
Other
category
instructor
[NEW] Spring Security 6 Zero to Master along with JWT,OAUTH2
39,362
students
15 hours
content
Mar 2024
last update
$94.99
regular price

What you will learn

Spring Security framework details and it features.

How to adapt security for a Java web application using Spring Security

What is CSRF, CORS, JWT, OAUTH2

Applying authorization rules using roles, authorities inside a web application using Spring Security

Method level security in web/non-web applications

Description

'Spring Security Zero to Master' course will help in understanding the Spring Security Architecture, important packages, interfaces, classes inside it which handles authentication and authorization requests in the web applications. It also covers most common security related topics like CORs, CSRF, JWT, OAUTH2, password management, method level security, user, roles & authorities management inside web applications.

Below are the important topics that this course covers,

  1. Spring Security framework details and it features

  2. How to adapt security for a Java web application using Spring Security

  3. Password Management in Spring Security with PasswordEncoders

  4. Deep dive about encoding, encryption and hashing

  5. What is CSRF, CORS and how to address them

  6. What is Authentication and Authorization. How they are different from each other.

  7. Securing endpoint URLs inside web applications using Ant, MVC & Regex Matchers

  8. Filters in Spring Security and how to write own custom filters

  9. Deep dive about JWT (JSON Web Tokens) and the role of them inside Authentication & Authorization

  10. Deep dive about OAUTH2 and various grant type flows inside OAUTH2.

  11. Deep dive about OpenID Connect & how it is related to OAUTH2

  12. Applying authorization rules using roles, authorities inside a web application using Spring Security

  13. Method level security in web/non-web applications

  14. Social Login integrations into web applications

  15. Set up of Authorization Server using KeyCloak


The pre-requisite for the course is basic knowledge of Java, Spring and interest to learn.

Content

Getting Started

Course Introduction
Course content
What is Security & Why it is important
Creating a simple Spring security project
Understanding on how multiple requests work with out credentials
Spring Security Internal flow and Architecture
Summary of the Section

Changing the default security configurations

Understanding about UI part of the project
Creating backend services needed for the application
Testing the backend services with default configurations
Checking the default configuration inside the spring security library
Modifying the code as per our custom requirements
Denying all the requests
Permit all the requests
Summary of the Section

Defining & Managing Users

Configuring users using inMemoryAuthentication
Configuring users using InMemoryUserDetailsManager
Understanding User Management interfaces and Classes
Deep Dive of UserDetails Interface
Deep Dive of UserDetailsService Interface
Deep Dive of UserDetailsManager Interface
Deep Dive of UserDetailsManager Implementations
Creating MySQL Database in AWS
Creating Users inside the DB as per JdbcUserDetailsManager class
Using JdbcUserDetailsManager to perform authentication
Creating our own custom implementation of UserDetailsService
Summary of the section

Password Management with PasswordEncoders

How our passwords validated in Spring Security by default
Encoding Vs Encryption Vs Hashing
How Our passwords will be validated with hashing by Spring Security
Definition of the PasswordEncoder
Deepdive into NoOpPasswordEncoder
Deepdive into StandardPasswordEncoder
Deepdive into Bcrypt and Scrypt PasswordEncoders
Deepdive into Pbkdf2PasswordEncoder
Implementing and enhancing our application to use Bcrypt password encoder
Details about Spring Security Crypto package
Summary of the section

Understanding Authentication Provider and Implementing it

Role of AuthenticationProvider in the Spring Security flow
Scenarios where we need to implement Authentucation Provider
Understanding Authentication Provider definition
Understanding Authentication & Principal Interfaces
Implementing and Customizing the Authentication Provider inside our application
Summary of the Section

Understanding CORs & CSRF

Setting up the EazyBank UI project
Understanding the UI project and walkthrough of the Angular code
Understanding the backend project and walkthrough of the latest code
Testing the EazyBank application with both UI and Backend applications up
Deep dive into CORS (CROSS-ORIGIN RESOURCE SHARING)
Making code changes to resolve CORS issue
Deep dive into CSRF (CROSS-SITE REQUEST FORGERY)
Resolving CSRF error by disabling it in Spring Security
Resolving CFRF error by generating a CSRF token
Making Spring Security changes to make CSRF not applicable for Contact page
Summary of the Section

Understanding & Implementing Authorization

Authentication Vs Authorization
Spring Security Internal flow for AUTHN & AUTHZ
How Authorities stored in Spring Security
Configuring Authorities in Spring Security
Authority Vs Role
Configuring Roles in Spring Security
Deep dive of Ant, MVC, Regex matchers for applying restrictions on the paths
Summary of the Section

Filters in Spring Security

Introduction to Filters in Spring Security and the sample use cases
Inbuilt Filters provided by Spring Security and validating them inside our app
Implementing our own custom filter in Spring Security
Adding a custom filter using addFilterBefore() method
Adding a custom filter using addFilterAfter() method
Adding a custom filter using addFilterAt() method
Details about GenericFilterBean and OncePerRequestFilter
Summary of the Section

Token based Authentication using JSON Web Token (JWT)

Introduction to Tokens in Authentication flow
Advantages of Token based Authentication
Exploring the JSESSIONID & CSRF Tokens inside our application
Deep dive about JWT Tokens
Making project configuration to use JWT tokens
Configuring filters to generate and validate JWT tokens
Making changes on the client side for JWT token based authentication
Validating the JWT changes made by running the applications
Validating the JWT token expiration scenario
Summary of the Section

Method Level Security

Introduction to method level security in Spring Security
Details about method invocation authorization in method level security
Implementing method level security using preauthorize and postauthorize
Details about filtering authorization in method level security
Implementing method level security using prefilter and postfilter
Summary of the section

Deep dive of OAUTH2

Problems that OAUTH2 framework trying to solve
Introduction to OAUTH2
Different Components involved in OAUTH2 flow
Authorization code grant type flow in OAUTH2
Implicit grant type flow in OAUTH2
Resource owner credentials grant type flow in OAUTH2
Client credentials grant type flow in OAUTH2
Refresh token grant type flow in OAUTH2
How resource server validates the tokens issued by Auth server
Summary of the Section

Implementing OAUTH2 using spring security

Registering the client details with the GitHub to use it's OAUTH2 Auth server
Building a sample spring application that uses GitHub Auth server during OAUTH2
Running and verifying the sample application using GitHub OAUTH2

Thank You and Congratulations

Thank You and Congratulations

Reviews

Piotr
November 18, 2023
This course is really great. I learned a lot from this and I do have even pdf resources that I can access quickly to recall the informations. What is really important too is, that whenever I have a problem I can just ask on the Q&A section and I have a quick and resonable answer. Thanks! Piotr G.
Jack
November 7, 2023
This course is excellent! The instructor Madan does a fantastic job of explaining the concepts in detail while keeping the explanations concise. He supports every concept with up-to-date examples, and the PDF slides of the lectures he provides are very helpful. I appreciate that he took the time to update the course Github repository with the latest Spring 7 code. I would definitely purchase one of his courses again.
David
November 6, 2023
great course with really good explanation. All we wanted to know about spring security without asking. Maybe more details on filter and how to handle authentication failure, how to block login after x failures for x minutes...
Akash
November 5, 2023
Very good and informative course with clear presentation. Highly recommended to learn spring security in depth with super clarity.
Kelly
November 4, 2023
The instructor's explanations of the concepts was very clear, and the examples provided some good opportunities to put those concepts into practice. Appreciate the fact that you build on to a single app for the majority of the course, so that you have a good example to refer to afterward. Thank you!
Shikhar
November 2, 2023
In the last section, the instructor did not cover the logout part of the security API because of this I was not able to find the issue and also asked a question. I think the instructor should cover every aspect of it.
Sudheep
November 1, 2023
Instructor is well versed with the course content and tried to address every thing from a beginner point of view.
Kunal
October 31, 2023
great explanation and great instructor. One of the best spring courses on Udemy. This course explains other parts of spring too in a good way apart from security.
Ah
October 29, 2023
Fantastic material and delivery, talented instructor! Minus half star is because - there are not tests, i.e. in enterprise app development test are must. - in Security configuration there are lots of depreciated code from Spring 5, while title says it is Spring 6, please update the code. Thank you for the course.
Venkateshwara
October 28, 2023
Very well explained about spring security, no other course in the market can compete with this training. Well appreciating the trainer for his knowledge and the way of explaining things more better and in easy manner.
Ritesh
August 5, 2023
Loved the course...as always instructor is highly engaging..pdfs are good for reference...course is well structured
philippe
July 31, 2023
Excellent cours. J'ai trouvé que les explications étaient vraiment très claires et avec une très bonne granularité (ce cours explique suffisamment en détail pour que ce soit compréhensible mais sait ne pas se perdre dans les détails). Globalement tous les chapitres sont bien traités. Toutefois j'ai trouvé qu'il y avait des longueurs au début, notamment l'explication de l'authentification. A contrario j'aurai aimé que le chapitre sur l'autorisation soit un peu plus détaillé. L'auteur, sans expliquer avec assez de détail, nous dit qu'il faut implémenter l'interface X sans qu'on sache, dans Spring, à quoi elle correspond. A cette occasion l'auteur aurai pu lire avec nous la documentation Spring sécurité (en nous l'expliquant) et nous montrer comment on arrivait à trouver que dans notre cas il fallait implémenter cette interface X. Cela m'amène à ma dernière remarque. J'aurai bien aimé que l'auteur nous montre où il trouvait telle ou telle information dans la documentation surtout quand ces informations sont un peu parachutées. Ceci étant dit, après ce cours, j'ai cherché certaines informations dans la dite doc. Alors qu'avant j'étais incapable de la comprendre, j'ai réussi à la comprendre et en extraire les informations qui m'étaient nécessaires (bon pas sur de tout comprendre non plus mais je comprends la doc déjà beaucoup beaucoup mieux). Globalement je recommande vraiment ce cours et je remercie son auteur !
Swadeep
July 30, 2023
An excellent course in Spring Security, the trainer is really very well explaining the concept and very engaging, I have learnt a lot. Thank you very much. It will definitely helpful in my work.
Ariel
July 30, 2023
This course is a highly comprehensive guide to Spring Security and the best practices for securing modern web applications. The explanations of each topic were presented very clearly. For those reasons, I highly recommend this course.
Quane92
July 29, 2023
Fantastic course to start your Spring Security journey. I have to admit, this course has literally everything I needed to understand how to work with Spring Security module. If you're just starting out, this is THE place you're looking for, trust me, I've searched through web for some free vids, tutorials, blogs etc., and they are either too vague, or outdated.

Charts

Price

[NEW] Spring Security 6 Zero to Master along with JWT,OAUTH2 - Price chart

Rating

[NEW] Spring Security 6 Zero to Master along with JWT,OAUTH2 - Ratings chart

Enrollment distribution

[NEW] Spring Security 6 Zero to Master along with JWT,OAUTH2 - Distribution chart

Related Topics

3485044
udemy ID
9/8/2020
course created date
12/19/2020
course indexed date
Bot
course submited by