Spring Security

Spring Security

This training offers participants an overview of the framework. You will learn how to build secured enterprise J2EE application using Spring Security framework.

Продолжительность
24 часы
Тип курсу
Онлайн
Мова
Англійська
артикль
JVA-013
Продолжительность
24 часы
Місцезнаходження
Онлайн
Мова
Англійська
Код
JVA-013
Тренінг для 7-8 чи більше людей? Налаштуйте тренінги для ваших конкретних потреб
Spring Security
Продолжительность
24 часы
Місцезнаходження
Online
Мова
English
Код
JVA-013
€ 450 *
Тренінг для 7-8 чи більше людей? Налаштуйте тренінги для ваших конкретних потреб

опис

Spring Security is the most popular framework for user authentication and restricting access to Enterprise applications. This course deals with authentication and authorization mechanisms (and their application in real practice).


This course covers the following:

  1. Theoretical foundations of restricting access to Enterprise applications
  2. Spring Security Abstractions
  3. X509 authentication, SSL certificates
  4. Setting Spring Security configuration in practice
  5. Using Spring Security to restrict access to various parts of the application
  6. Using JWT tokens, OAuth protocol
  7. Using Spring authorization server and Keycloak server
  8. Developing resource servers


Plus the course includes several practical tasks.

сертифікат
Після проходження курсу видається сертифікат
на бланку Luxoft Training

Цілі

Teach trainees how to solve various tasks of authentication and access control for Enterprise Applications using Spring Security.

Цільова аудиторія

Java developers with experience of over 1 year (experience in Spring + Spring Boot)

передумови

• Experience in working with Java SE >= 8

• Experience of working with Spring Framework and Spring Boot or passed through the JVA-010 Spring Framework 5 for Application Development course"TYPE"TEXT";}

Дорожня карта

1. Introduction to Spring Security

  • Security Tasks
  • Identification, Authentication, Authorization
  • Examples of Spring Security Configuration
  • Hands-on Lab “Spring Security Overview”
  • Spring Security Capabilities


2. Authentication

  • HTTP Basic Authentication
  • Hands-on Lab “Setting HTTP Basic Authentication”
  • Deny-by-Default / Allow-by-Default
  • Main Abstractions of Spring Security
  • Hands-on Lab “Adding the User Storage”
  • Integration with Web, Authentication in a Web Application
  • Servlets API, DelegatingFilterProxy, FilterChain, Spring Security Filters
  • Form-based Authentication
  • Tokens vs. Session Key
  • CORS, CSRF, CSRF Token, XSS
  • Hands-on Lab “Login Form”
  • Anonymous Authentication
  • Hands-on Lab “Adding Anonymous Authentication”
  • Remember-Me Authentication
  • Persistent Tokens
  • Hash-based Tokens
  • JWT
  • Hands-on Lab “Hash-based Tokens”
  • X509 Authentication
  • Hands-on Lab “Authentication with X509 Certificates”


3. Authorization

  • Spring Security Authorization Abstractions
  • URL-based Authorization
  • Method-based Authorization
  • @Secured, @Pre/@Post Annotations
  • Domain Objects Security (ACL)
  • Hands-on Lab “ACL and Method-based Authorization”


4. OAuth 2.0

  • OAuth 2.0 Roles
  • Access and Refresh Tokens
  • Grant Type: Authorization Code
  • Grant Type: Password
  • Grant Type: Client Credentials
  • Grant Type: Implicit
  • Spring authorization server
  • Keycloak authorization server
  • Implementing resource servers
  • Lab: creating resource server, using authorization server
Залишилися запитання?
Зв'яжітьсяз нами