Spring Security

The Spring Security Training Course is designed to provide developers and IT professionals with comprehensive knowledge and practical skills in implementing security measures within Java applications using the Spring Security framework. This course covers essential concepts and advanced techniques to secure web applications effectively. The theory is supported via numerous code examples.
  • duration 24 hours
  • Language English
  • format Online
duration
24 hours
location
Online
Language
English
Code
JVA-013
price
€ 450 *

Available sessions

To be determined



Training for 7-8 or more people?
Customize trainings for your specific needs

Description

The Spring Security Training Course is designed to provide developers and IT professionals with comprehensive knowledge and practical skills in implementing security measures within Java applications using the Spring Security framework. This course covers essential concepts and advanced techniques to secure web applications effectively. The theory is supported via numerous code examples.

 

 This course covers the following:

1. Theoretical foundations of restricting access to Enterprise applications
2. Overview of the Spring Security framework, its architecture, and core components.
3. X509 authentication, SSL certificates
4. Setting Spring Security configuration in practice. Configuring security using XML and Java annotations, integrating with Spring Boot.
5. Securing Web Applications: Protecting web applications, including form-based login, session management, and CSRF protection.
6. Using Spring Security to restrict access to various parts of the application, i.e.
a. using URL-based authorization
b. securing service layer methods using annotations and AOP
c. Doman Objects Security (ACL)
7. Using JWT tokens, the OAuth protocol
8. Using Spring Authorization Server
9. Integrating Spring Security withKeycloak server
10. Developing resource servers

 

Plus, the course includes numerous practical tasks.

 

The trainee after the course:
• Will understand the fundamentals of enterprise application security
• Will know and use the implementations of security mechanisms provided by Spring Security
Will be acquainted with Spring Security abstractions for implementing their own security mechanisms.

After completing the course, a certificate is issued on the Luxoft Training form

Objectives

Learning Objectives:

  • Gain a thorough understanding of Spring Security's capabilities and features.
  • Learn to implement robust authentication and authorization mechanisms.
  • Acquire the skills to secure web applications against common security threats.
  • Understand how to integrate Spring Security with various authentication providers and protocols.
  • Develop the ability to customize and extend Spring Security to meet specific application requirements.


Target Audience

Java developers with experience of over 1 year (experience in Spring + Spring Boot)

Prerequisites

  • Experience in working with Java SE 8 or higher
  • Experience working with Spring Framework and Spring Boot or passed through the Spring Framework 5+ for Application Development course

Roadmap

1. Introduction to Spring Security – 2h (theory – 2h, practice – 1h)

a. Security Tasks

b. Identification, Authentication, Authorization

c. Examples of Spring Security Configuration

d. Hands-on Lab “Spring Security Overview”

e. Spring Security Capabilities

2. Authentication – 12h (theory – 8h, practice – 3h)

• HTTP Basic Authentication

• Hands-on Lab “Setting HTTP Basic Authentication”

• Deny-by-Default / Allow-by-Default

• Main Abstractions of Spring Security

• Hands-on Lab “Adding the User Storage”

• Integration with Web, Authentication in a Web Application

• Servlets API, DelegatingFilterProxy, FilterChain, Spring Security Filters

• Form-based Authentication

• Tokens vs. Session Key

• CORS, CSRF, CSRF Token, XSS

• Hands-on Lab “Login Form”

• Anonymous Authentication

• Hands-on Lab “Adding Anonymous Authentication”

• Remember-Me Authentication

• Persistent Tokens

• Hash-based Tokens

• JWT

• Hands-on Lab “Hash-based Tokens”

• X509 Authentication

• Hands-on Lab “Authentication with X509 Certificates”

3. Authorization – 4h (theory – 3h, practice – 2h)

• Spring Security Authorization Abstractions

• URL-based Authorization

• Method-based Authorization

• @Secured, @Pre/@Post Annotations

• Domain Objects Security (ACL)

• Hands-on Lab “ACL and Method-based Authorization”

4. OAuth 2.0 – 2h and Authorization servers (theory – 3h, practice – 2h)

• OAuth 2.0 Roles

• Access and Refresh Tokens

• Grant Type: Authorization Code

• Grant Type: Password

• Grant Type: Client Credentials

• Grant Type: Implicit

• Spring authorization server

• Keycloak authorization server

• Implementing resource servers

• Lab: creating resource server, using an authorization server

Total: theory – 16h, practice – 8h


Vladimir Sonkin
  • Trainer

Vladimir Sonkin

Java and Web Technologies Expert


Related courses

You may also be interested in

Discover more about professional growth and skills development

contact us