Spring Security

Spring Security

This training offers participants an overview of the framework. You will learn how to build secured enterprise J2EE application using Spring Security framework.

Czas trwania
24 hours
Typ kursu
Online
Język
English
Czas trwania
24 hours
Lokalizacja
Online
Język
English
Kod
JVA-013
Szkolenie dla #uczestników# lub większej liczby osób? Dostosuj treningi dla Twoich konkretnych potrzeb
Spring Security
Czas trwania
24 hours
Lokalizacja
Online
Język
English
Kod
JVA-013
€ 450 *
Szkolenie dla #uczestników# lub większej liczby osób? Dostosuj treningi dla Twoich konkretnych potrzeb

Opis

Spring Security is the most popular framework for user authentication and restricting access to Enterprise applications. This course deals with authentication and authorization mechanisms (and their application in real practice).


This course covers the following:

  1. Theoretical foundations of restricting access to Enterprise applications
  2. Spring Security Abstractions
  3. X509 authentication, SSL certificates
  4. Setting Spring Security configuration in practice
  5. Using Spring Security to restrict access to various parts of the application
  6. Using JWT tokens, OAuth protocol
  7. Using Spring authorization server and Keycloak server
  8. Developing resource servers


Plus the course includes several practical tasks.

certificate
Po ukończeniu kursu na formularzu Luxoft Training
wydawany jest certyfikat

Cele

Teach trainees how to solve various tasks of authentication and access control for Enterprise Applications using Spring Security.

Grupa docelowa

Java developers with experience of over 1 year (experience in Spring + Spring Boot)

Warunki wstępne

• Experience in working with Java SE >= 8

• Experience of working with Spring Framework and Spring Boot or passed through the JVA-010 Spring Framework 5 for Application Development course"TYPE"TEXT";}

Plan działania

1. Introduction to Spring Security

  • Security Tasks
  • Identification, Authentication, Authorization
  • Examples of Spring Security Configuration
  • Hands-on Lab “Spring Security Overview”
  • Spring Security Capabilities


2. Authentication

  • HTTP Basic Authentication
  • Hands-on Lab “Setting HTTP Basic Authentication”
  • Deny-by-Default / Allow-by-Default
  • Main Abstractions of Spring Security
  • Hands-on Lab “Adding the User Storage”
  • Integration with Web, Authentication in a Web Application
  • Servlets API, DelegatingFilterProxy, FilterChain, Spring Security Filters
  • Form-based Authentication
  • Tokens vs. Session Key
  • CORS, CSRF, CSRF Token, XSS
  • Hands-on Lab “Login Form”
  • Anonymous Authentication
  • Hands-on Lab “Adding Anonymous Authentication”
  • Remember-Me Authentication
  • Persistent Tokens
  • Hash-based Tokens
  • JWT
  • Hands-on Lab “Hash-based Tokens”
  • X509 Authentication
  • Hands-on Lab “Authentication with X509 Certificates”


3. Authorization

  • Spring Security Authorization Abstractions
  • URL-based Authorization
  • Method-based Authorization
  • @Secured, @Pre/@Post Annotations
  • Domain Objects Security (ACL)
  • Hands-on Lab “ACL and Method-based Authorization”


4. OAuth 2.0

  • OAuth 2.0 Roles
  • Access and Refresh Tokens
  • Grant Type: Authorization Code
  • Grant Type: Password
  • Grant Type: Client Credentials
  • Grant Type: Implicit
  • Spring authorization server
  • Keycloak authorization server
  • Implementing resource servers
  • Lab: creating resource server, using authorization server
Nadal masz pytania?
Połącz sięz nami