Spring Security

Spring Security

This training offers participants an overview of the framework. You will learn how to build secured enterprise J2EE application using Spring Security framework.

Duration
24 hours
Course type
Online
Language
English
Article
JVA-013
Duration
24 hours
Location
Online
Language
English
Code
JVA-013
Training for 7-8 or more people? Customize trainings for your specific needs
Spring Security
Duration
24 hours
Location
Online
Language
English
Code
JVA-013
€ 450 *
Training for 7-8 or more people? Customize trainings for your specific needs

Description

Spring Security is the most popular framework for user authentication and restricting access to Enterprise applications. This course deals with authentication and authorization mechanisms (and their application in real practice).


This course covers the following:

  1. Theoretical foundations of restricting access to Enterprise applications
  2. Spring Security Abstractions
  3. X509 authentication, SSL certificates
  4. Setting Spring Security configuration in practice
  5. Using Spring Security to restrict access to various parts of the application
  6. Using JWT tokens, OAuth protocol
  7. Using Spring authorization server and Keycloak server
  8. Developing resource servers


Plus the course includes several practical tasks.

certificate
After completing the course, a certificate
is issued on the Luxoft Training form

Objectives

Teach trainees how to solve various tasks of authentication and access control for Enterprise Applications using Spring Security.

Target Audience

Java developers with experience of over 1 year (experience in Spring + Spring Boot)

Prerequisites

• Experience in working with Java SE >= 8

• Experience of working with Spring Framework and Spring Boot or passed through the JVA-010 Spring Framework 5 for Application Development course"TYPE"TEXT";}

Roadmap

1. Introduction to Spring Security

  • Security Tasks
  • Identification, Authentication, Authorization
  • Examples of Spring Security Configuration
  • Hands-on Lab “Spring Security Overview”
  • Spring Security Capabilities


2. Authentication

  • HTTP Basic Authentication
  • Hands-on Lab “Setting HTTP Basic Authentication”
  • Deny-by-Default / Allow-by-Default
  • Main Abstractions of Spring Security
  • Hands-on Lab “Adding the User Storage”
  • Integration with Web, Authentication in a Web Application
  • Servlets API, DelegatingFilterProxy, FilterChain, Spring Security Filters
  • Form-based Authentication
  • Tokens vs. Session Key
  • CORS, CSRF, CSRF Token, XSS
  • Hands-on Lab “Login Form”
  • Anonymous Authentication
  • Hands-on Lab “Adding Anonymous Authentication”
  • Remember-Me Authentication
  • Persistent Tokens
  • Hash-based Tokens
  • JWT
  • Hands-on Lab “Hash-based Tokens”
  • X509 Authentication
  • Hands-on Lab “Authentication with X509 Certificates”


3. Authorization

  • Spring Security Authorization Abstractions
  • URL-based Authorization
  • Method-based Authorization
  • @Secured, @Pre/@Post Annotations
  • Domain Objects Security (ACL)
  • Hands-on Lab “ACL and Method-based Authorization”


4. OAuth 2.0

  • OAuth 2.0 Roles
  • Access and Refresh Tokens
  • Grant Type: Authorization Code
  • Grant Type: Password
  • Grant Type: Client Credentials
  • Grant Type: Implicit
  • Spring authorization server
  • Keycloak authorization server
  • Implementing resource servers
  • Lab: creating resource server, using authorization server
Still have questions?
Connect with us