To be determined
The Spring Security Training Course is designed to provide developers and IT professionals with comprehensive knowledge and practical skills in implementing security measures within Java applications using the Spring Security framework. This course covers essential concepts and advanced techniques to secure web applications effectively. The theory is supported via numerous code examples.
This course covers the following:
Plus, the course includes numerous practical tasks.
The trainee after the course:
Learning Objectives:
1. Introduction to Spring Security – 2h (theory – 2h, practice – 1h)
a. Security Tasks
b. Identification, Authentication, Authorization
c. Examples of Spring Security Configuration
d. Hands-on Lab “Spring Security Overview”
e. Spring Security Capabilities
2. Authentication – 12h (theory – 8h, practice – 3h)
• HTTP Basic Authentication
• Hands-on Lab “Setting HTTP Basic Authentication”
• Deny-by-Default / Allow-by-Default
• Main Abstractions of Spring Security
• Hands-on Lab “Adding the User Storage”
• Integration with Web, Authentication in a Web Application
• Servlets API, DelegatingFilterProxy, FilterChain, Spring Security Filters
• Form-based Authentication
• Tokens vs. Session Key
• CORS, CSRF, CSRF Token, XSS
• Hands-on Lab “Login Form”
• Anonymous Authentication
• Hands-on Lab “Adding Anonymous Authentication”
• Remember-Me Authentication
• Persistent Tokens
• Hash-based Tokens
• JWT
• Hands-on Lab “Hash-based Tokens”
• X509 Authentication
• Hands-on Lab “Authentication with X509 Certificates”
3. Authorization – 4h (theory – 3h, practice – 2h)
• Spring Security Authorization Abstractions
• URL-based Authorization
• Method-based Authorization
• @Secured, @Pre/@Post Annotations
• Domain Objects Security (ACL)
• Hands-on Lab “ACL and Method-based Authorization”
4. OAuth 2.0 – 2h and Authorization servers (theory – 3h, practice – 2h)
• OAuth 2.0 Roles
• Access and Refresh Tokens
• Grant Type: Authorization Code
• Grant Type: Password
• Grant Type: Client Credentials
• Spring authorization server
• Keycloak authorization server
• Implementing resource servers
• Lab: creating a resource server using an authorization server
Total: theory – 16h, practice – 8h
Vladimir Sonkin
Java and Web Technologies Expert