Getting Started
Course Introduction
Course content
What is Security & Why it is important
Creating a simple Spring security project
Understanding on how multiple requests work with out credentials
Spring Security Internal flow and Architecture
Summary of the Section
Changing the default security configurations
Understanding about UI part of the project
Creating backend services needed for the application
Testing the backend services with default configurations
Checking the default configuration inside the spring security library
Modifying the code as per our custom requirements
Denying all the requests
Permit all the requests
Summary of the Section
Defining & Managing Users
Configuring users using inMemoryAuthentication
Configuring users using InMemoryUserDetailsManager
Understanding User Management interfaces and Classes
Deep Dive of UserDetails Interface
Deep Dive of UserDetailsService Interface
Deep Dive of UserDetailsManager Interface
Deep Dive of UserDetailsManager Implementations
Creating MySQL Database in AWS
Creating Users inside the DB as per JdbcUserDetailsManager class
Using JdbcUserDetailsManager to perform authentication
Creating our own custom implementation of UserDetailsService
Summary of the section
Password Management with PasswordEncoders
How our passwords validated in Spring Security by default
Encoding Vs Encryption Vs Hashing
How Our passwords will be validated with hashing by Spring Security
Definition of the PasswordEncoder
Deepdive into NoOpPasswordEncoder
Deepdive into StandardPasswordEncoder
Deepdive into Bcrypt and Scrypt PasswordEncoders
Deepdive into Pbkdf2PasswordEncoder
Implementing and enhancing our application to use Bcrypt password encoder
Details about Spring Security Crypto package
Summary of the section
Understanding Authentication Provider and Implementing it
Role of AuthenticationProvider in the Spring Security flow
Scenarios where we need to implement Authentucation Provider
Understanding Authentication Provider definition
Understanding Authentication & Principal Interfaces
Implementing and Customizing the Authentication Provider inside our application
Summary of the Section
Understanding CORs & CSRF
Setting up the EazyBank UI project
Understanding the UI project and walkthrough of the Angular code
Understanding the backend project and walkthrough of the latest code
Testing the EazyBank application with both UI and Backend applications up
Deep dive into CORS (CROSS-ORIGIN RESOURCE SHARING)
Making code changes to resolve CORS issue
Deep dive into CSRF (CROSS-SITE REQUEST FORGERY)
Resolving CSRF error by disabling it in Spring Security
Resolving CFRF error by generating a CSRF token
Making Spring Security changes to make CSRF not applicable for Contact page
Summary of the Section
Understanding & Implementing Authorization
Authentication Vs Authorization
Spring Security Internal flow for AUTHN & AUTHZ
How Authorities stored in Spring Security
Configuring Authorities in Spring Security
Authority Vs Role
Configuring Roles in Spring Security
Deep dive of Ant, MVC, Regex matchers for applying restrictions on the paths
Summary of the Section
Filters in Spring Security
Introduction to Filters in Spring Security and the sample use cases
Inbuilt Filters provided by Spring Security and validating them inside our app
Implementing our own custom filter in Spring Security
Adding a custom filter using addFilterBefore() method
Adding a custom filter using addFilterAfter() method
Adding a custom filter using addFilterAt() method
Details about GenericFilterBean and OncePerRequestFilter
Summary of the Section
Token based Authentication using JSON Web Token (JWT)
Introduction to Tokens in Authentication flow
Advantages of Token based Authentication
Exploring the JSESSIONID & CSRF Tokens inside our application
Deep dive about JWT Tokens
Making project configuration to use JWT tokens
Configuring filters to generate and validate JWT tokens
Making changes on the client side for JWT token based authentication
Validating the JWT changes made by running the applications
Validating the JWT token expiration scenario
Summary of the Section
Method Level Security
Introduction to method level security in Spring Security
Details about method invocation authorization in method level security
Implementing method level security using preauthorize and postauthorize
Details about filtering authorization in method level security
Implementing method level security using prefilter and postfilter
Summary of the section
Deep dive of OAUTH2
Problems that OAUTH2 framework trying to solve
Introduction to OAUTH2
Different Components involved in OAUTH2 flow
Authorization code grant type flow in OAUTH2
Implicit grant type flow in OAUTH2
Resource owner credentials grant type flow in OAUTH2
Client credentials grant type flow in OAUTH2
Refresh token grant type flow in OAUTH2
How resource server validates the tokens issued by Auth server
Summary of the Section
Implementing OAUTH2 using spring security
Registering the client details with the GitHub to use it's OAUTH2 Auth server
Building a sample spring application that uses GitHub Auth server during OAUTH2
Running and verifying the sample application using GitHub OAUTH2
Thank You and Congratulations
Thank You and Congratulations