To be determined
The Spring Security Training Course is designed to provide developers and IT professionals with comprehensive knowledge and practical skills in implementing security measures within Java applications using the Spring Security framework. This course covers essential concepts and advanced techniques to secure web applications effectively. The theory is supported via numerous code examples.
This course covers the following:
1. Theoretical foundations of restricting access to Enterprise applications
2. Overview of the Spring Security framework, its architecture, and core components.
3. X509 authentication, SSL certificates
4. Setting Spring Security configuration in practice. Configuring security using XML and Java annotations, integrating with Spring Boot.
5. Securing Web Applications: Protecting web applications, including form-based login, session management, and CSRF protection.
6. Using Spring Security to restrict access to various parts of the application, i.e.
a. using URL-based authorization
b. securing service layer methods using annotations and AOP
c. Doman Objects Security (ACL)
7. Using JWT tokens, the OAuth protocol
8. Using Spring Authorization Server
9. Integrating Spring Security withKeycloak server
10. Developing resource servers
Plus, the course includes numerous practical tasks.
The trainee after the course:
• Will understand the fundamentals of enterprise application security
• Will know and use the implementations of security mechanisms provided by Spring Security
Will be acquainted with Spring Security abstractions for implementing their own security mechanisms.
Learning Objectives:
Java developers with experience of over 1 year (experience in Spring + Spring Boot)
1. Introduction to Spring Security – 2h (theory – 2h, practice – 1h)
a. Security Tasks
b. Identification, Authentication, Authorization
c. Examples of Spring Security Configuration
d. Hands-on Lab “Spring Security Overview”
e. Spring Security Capabilities
2. Authentication – 12h (theory – 8h, practice – 3h)
• HTTP Basic Authentication
• Hands-on Lab “Setting HTTP Basic Authentication”
• Deny-by-Default / Allow-by-Default
• Main Abstractions of Spring Security
• Hands-on Lab “Adding the User Storage”
• Integration with Web, Authentication in a Web Application
• Servlets API, DelegatingFilterProxy, FilterChain, Spring Security Filters
• Form-based Authentication
• Tokens vs. Session Key
• CORS, CSRF, CSRF Token, XSS
• Hands-on Lab “Login Form”
• Anonymous Authentication
• Hands-on Lab “Adding Anonymous Authentication”
• Remember-Me Authentication
• Persistent Tokens
• Hash-based Tokens
• JWT
• Hands-on Lab “Hash-based Tokens”
• X509 Authentication
• Hands-on Lab “Authentication with X509 Certificates”
3. Authorization – 4h (theory – 3h, practice – 2h)
• Spring Security Authorization Abstractions
• URL-based Authorization
• Method-based Authorization
• @Secured, @Pre/@Post Annotations
• Domain Objects Security (ACL)
• Hands-on Lab “ACL and Method-based Authorization”
4. OAuth 2.0 – 2h and Authorization servers (theory – 3h, practice – 2h)
• OAuth 2.0 Roles
• Access and Refresh Tokens
• Grant Type: Authorization Code
• Grant Type: Password
• Grant Type: Client Credentials
• Grant Type: Implicit
• Spring authorization server
• Keycloak authorization server
• Implementing resource servers
• Lab: creating resource server, using an authorization server
Total: theory – 16h, practice – 8h
Vladimir Sonkin
Java and Web Technologies Expert