Spring Security Zero to Master along with JWTOAUTH2

Spring Security, SpringBoot Security, CORs, CSRF, JWT, OAUTH2, OpenID Connect, KeyCloak
Spring Security Zero to Master along with JWTOAUTH2
File Size :
6.74 GB
Total length :
14h 43m

Category

Instructor

Eazy Bytes

Language

Last update

Last updated 12/2022

Ratings

4.5/5

Spring Security Zero to Master along with JWTOAUTH2

What you’ll learn

Spring Security framework details and it features.
How to adapt security for a Java web application using Spring Security
What is CSRF, CORS, JWT, OAUTH2
Applying authorization rules using roles, authorities inside a web application using Spring Security
Method level security in web/non-web applications

Spring Security Zero to Master along with JWTOAUTH2

Requirements

Java
Basics of Spring framework

Description

‘Spring Security Zero to Master’ course will help in understanding the Spring Security Architecture, important packages, interfaces, classes inside it which handles authentication and authorization requests in the web applications. It also covers most common security related topics like CORs, CSRF, JWT, OAUTH2, password management, method level security, user, roles & authorities management inside web applications.Below are the important topics that this course covers,Spring Security framework details and it featuresHow to adapt security for a Java web application using Spring SecurityPassword Management in Spring Security with PasswordEncodersDeep dive about encoding, encryption and hashingWhat is CSRF, CORS and how to address themWhat is Authentication and Authorization. How they are different from each other.Securing endpoint URLs inside web applications using Ant, MVC & Regex MatchersFilters in Spring Security and how to write own custom filtersDeep dive about JWT (JSON Web Tokens) and the role of them inside Authentication & AuthorizationDeep dive about OAUTH2 and various grant type flows inside OAUTH2.Deep dive about OpenID Connect & how it is related to OAUTH2Applying authorization rules using roles, authorities inside a web application using Spring SecurityMethod level security in web/non-web applicationsSocial Login integrations into web applicationsSet up of Authorization Server using KeyCloak The pre-requisite for the course is basic knowledge of Java, Spring and interest to learn.

Overview

Section 1: Getting Started

Lecture 1 Course Introduction

Lecture 2 Details of Source Code, PDF Content & other instructions for the course

Lecture 3 What is Security & Why it is important

Lecture 4 Creating a simple Spring Boot app with out security

Lecture 5 Securing Spring Boot basic app using Spring Security

Lecture 6 Configure static credentials inside application properties file

Lecture 7 Why should we use Spring Security framework

Lecture 8 Quick introduction to Servlets & Filters

Lecture 9 Introduction to Spring Security Internal flow

Lecture 10 Demo of Spring Security internal flow

Lecture 11 Sequence flow of the Spring Security default behaviour

Lecture 12 Understanding on how multiple requests work with out credentials

Section 2: Changing the default security configurations

Lecture 13 Understanding about UI part of the EazyBank application

Lecture 14 Backend REST services required for EazyBank app

Lecture 15 Creating backend services needed for the EazyBank application – Part 1

Lecture 16 Creating backend services needed for the EazyBank application – Part 2

Lecture 17 Checking the default configuration inside the spring security framework

Lecture 18 Modifying the code as per our custom requirements

Lecture 19 Denying all the requests

Lecture 20 Permit all the requests

Section 3: Defining & Managing Users

Lecture 21 Introduction to the agenda of the section

Lecture 22 Configuring users using InMemoryUserDetailsManager – Approach 1

Lecture 23 Configuring users using InMemoryUserDetailsManager – Approach 2

Lecture 24 Understanding User Management interfaces and Classes

Lecture 25 Deep Dive of UserDetails Interface & User class

Lecture 26 Deep Dive of UserDetailsService & UserDetailsManager Interfaces

Lecture 27 Deep Dive of UserDetailsManager Implementation classes

Lecture 28 Creating MySQL Database in the cloud

Lecture 29 Connecting to DB & Creating Users inside the DB as per JdbcUserDetailsManager

Lecture 30 Using JdbcUserDetailsManager to perform authentication

Lecture 31 Creating our own custom tables for Authentication

Lecture 32 Creating JPA Entity and repository classes for new table

Lecture 33 Creating our own custom implementation of UserDetailsService

Lecture 34 Building a new REST API to allow the registration of new User

Section 4: Password Management with PasswordEncoders

Lecture 35 How our passwords validated in Spring Security by default

Lecture 36 Encoding Vs Encryption Vs Hashing – Part 1

Lecture 37 Encoding Vs Encryption Vs Hashing – Part 2

Lecture 38 How Our passwords will be validated with hashing & PasswordEncoders

Lecture 39 Deep dive of PasswordEncoder interface

Lecture 40 Deep dive of PasswordEncoder implementation classes – Part 1

Lecture 41 Deep dive of PasswordEncoder implementation classes – Part 2

Lecture 42 Demo of registration of new user with Bcrypt password encoder

Lecture 43 Demo of login with Bcrypt password encoder

Section 5: Understanding Authentication Provider and Implementing it

Lecture 44 Why should we consider creating our own AuthenticationProvider

Lecture 45 Understanding AuthenticationProvider methods

Lecture 46 Implementing and Customising the AuthenticationProvider inside our application

Lecture 47 Testing our custom AuthenticationProvider implementation

Lecture 48 Spring Security Sequence flow with custom AuthenticationProvider

Section 6: Understanding CORs & CSRF

Lecture 49 Setting up the EazyBank UI project

Lecture 50 Understanding the UI project and walkthrough of the Angular code

Lecture 51 Creating new DB schema for EazyBank scenarios

Lecture 52 Updating Backend project based on the latest DB schema

Lecture 53 Testing registration of the new user with latest changes

Lecture 54 Taste of CORs error

Lecture 55 Introduction to CORs

Lecture 56 Possible options to fix the CORs issue

Lecture 57 Fixing CORs issue using Spring Security

Lecture 58 Demo of default CSRF protection inside Spring Security

Lecture 59 Introduction to CSRF attack

Lecture 60 Solution to handle CSRF attacks

Lecture 61 Ignoring CSRF protection for public APIs

Lecture 62 Implementing CSRF token solution inside our web application

Lecture 63 Testing the CSRF related changes

Section 7: Understanding & Implementing Authorization

Lecture 64 Authentication Vs Authorization

Lecture 65 How Authorities stored inside Spring Security

Lecture 66 Creating new table authorities to store multiple roles or authorities

Lecture 67 Making backend changes to load authorities from new DB table

Lecture 68 Configuring Authorities inside web application using Spring Security-Theory

Lecture 69 Configuring Authorities inside web application using Spring Security – Coding

Lecture 70 Authority Vs Role in Spring Security

Lecture 71 Configuring Roles Authorization inside web app using Spring Security-Theory

Lecture 72 Configuring Roles Authorization inside web app using Spring Security-Coding

Section 8: Writing our own Custom Filters in Spring Security

Lecture 73 Introduction to Filters in Spring Security and the sample use cases

Lecture 74 Demo of Inbuilt Filters of Spring Security framework

Lecture 75 How to create our own custom filter

Lecture 76 Adding a custom filter using addFilterBefore() method

Lecture 77 Adding a custom filter using addFilterAfter() method

Lecture 78 Adding a custom filter using addFilterAt() method

Lecture 79 Details about GenericFilterBean and OncePerRequestFilter

Lecture 80 Deep dive of Ant, MVC, Regex matchers for applying restrictions on the paths

Section 9: Token based Authentication using JSON Web Token (JWT)

Lecture 81 Demo of JSESSIONID and issues with it

Lecture 82 Advantages of Token based Authentication

Lecture 83 Deep dive about JWT Tokens – Part 1

Lecture 84 Deep dive about JWT Tokens – Part 2

Lecture 85 Making project configuration to use JWT tokens

Lecture 86 Configuring filters to generate the JWT tokens

Lecture 87 Configuring filters to validate JWT tokens

Lecture 88 Making changes on the client side for JWT token based authentication

Lecture 89 Validating the JWT changes made by running the applications

Lecture 90 Validating the JWT token expiration scenario

Section 10: Method Level Security

Lecture 91 Introduction to method level security in Spring Security

Lecture 92 Details about method invocation authorization in method level security

Lecture 93 Demo of method level security using @PreAuthorize

Lecture 94 Demo of method level security using @PostAuthorize

Lecture 95 Details about filtering authorization in method level security

Lecture 96 Demo of @PreFilter annotation

Lecture 97 Demo of @PostFilter annotation

Section 11: Deep dive of OAUTH2 & OpenID Connect

Lecture 98 Problems that OAUTH2 trying to solve

Lecture 99 Introduction to OAUTH2

Lecture 100 OAuth2 terminologies or jargons

Lecture 101 OAuth2 Sample flow – Theory

Lecture 102 Demo of OAuth2 Sample flow

Lecture 103 Deep dive on Authorization code grant type flow in OAUTH2

Lecture 104 Demo of Authorization code grant type flow in OAUTH2

Lecture 105 Deep dive & Demo of implicit grant flow in OAUTH2

Lecture 106 Deep dive of password grant type flow in OAUTH2

Lecture 107 Deep dive of client credentials grant type flow in OAUTH2

Lecture 108 Deep dive of refresh token grant type flow in OAUTH2

Lecture 109 How resource server validates the tokens issued by Auth server

Lecture 110 Introduction to OpenID Connect

Section 12: Implementing OAUTH2 using spring security

Lecture 111 Registering the client details with the GitHub to use it’s OAUTH2 Auth server

Lecture 112 Building a springboot application that uses GitHub Auth server during OAuth2

Lecture 113 Running and verifying the sample application using GitHub OAUTH2

Section 13: Implementing OAUTH2 style login inside EazyBank using KeyCloak

Lecture 114 Introduction to OAUTH2 flow inside EazyBank web App

Lecture 115 Introduction to KeyCloak Auth Server

Lecture 116 Installation of KeyCloak server & setup admin account

Lecture 117 Setup a Realm inside KeyCloak Server for EazyBank App

Lecture 118 Creating Client Credentials inside KeyCloak for API-API secured invocations

Lecture 119 Setup of EazyBank Resource Server

Lecture 120 Getting Access token from KeyCloak using client credentials grant type

Lecture 121 Passing Access token to Resource server for response through Postman

Lecture 122 Understanding Authorization code grant type for EazyBank App

Lecture 123 Creating Client and User details inside KeyCloak for Auth code grant flow

Lecture 124 Testing Authorization code grant type using Postman App

Lecture 125 Deep dive on Authorization code grant type with PKCE

Lecture 126 Demo of Authorization code grant type with PKCE

Lecture 127 Creating public facing client details inside KeyCloak server

Lecture 128 Implementing PKCE Authorization code grant type inside Angular UI App – Part 1

Lecture 129 Implementing PKCE Authorization code grant type inside Angular UI App – Part 2

Lecture 130 Testing PKCE flow inside Eazy Bank application

Lecture 131 Important features of KeyCloak

Lecture 132 Social Login integration with the help of KeyCloak Server

Section 14: Thank You and Congratulations

Lecture 133 Thank You and Congratulations

Lecture 134 Bonus lectures

Beginner students who are learning Spring framework and interested in security as well,Developers who already know developing web applications using Spring framework,Java Architects

Course Information:

Udemy | English | 14h 43m | 6.74 GB
Created by: Eazy Bytes

You Can See More Courses in the IT & Software >> Greetings from CourseDown.com

New Courses

Scroll to Top