Video description
8+ Hours of Video Instruction
Overview
In Spring Security LiveLessons, learn from Spring experts Rob Winch, Spring Security project lead, and Josh Long, Spring developer advocate. Rob and Josh will teach you how to leverage both built-in and custom authentication and authorization in Spring Security. They also discuss the common exploits and how Spring Security can defend against them, how to easily test a Spring Security application, and how to properly design your code.
About the Instructor
Josh Long is an open-source contributor, frequent worldwide conference speaker, Java Champion, author or co-author of five books and a frequent video trainer with several best-selling videos. You can find him on Twitter as @starbuxman.
Rob Winch is the project lead for Spring Security, Spring Session, and Spring LDAP projects. He is a committer on the core Spring Framework, contributor to Spring Boot, author, and international speaker. In the past he has worked in the healthcare industry, bioinformatics research, high-performance computing, and as a web consultant. When he is not sitting in front of a computer he enjoys playing the guitar. You can find him on Twitter as @rob_winch.
Skill Level
Beginner/Intermediate
Learn How To
- Leverage both built-in and custom authentication
- Leverage both built-in and custom authorization
- Use Spring Security to defend against common exploits
- Easily test a Spring Security application
- Properly design your code
Who Should Take This Course
- Developers who know they need to address security upfront but struggle with how to do so
- Developers who know they don’t know enough about security and would happily embrace industry-proven solutions to take the shortcut to production
- Developers who want to level up their security practices and bring them to the modern ag
Course Requirements
- Experience programming with Java, Spring, and Spring Boot
- Previous Web application development experience
About Pearson Video Training
Pearson publishes expert-led video tutorials covering a wide selection of technology topics designed to teach you the skills you need to succeed. These professional and personal technology videos feature world-leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, Pearson IT Certification, Prentice Hall, Sams, and Que Topics include IT Certification, Network Security, Cisco Technology, Programming, Web Development, Mobile Development, and more. Learn more about Pearson Video training at http://www.informit.com/video.
Table of Contents
Introduction
Spring Security: Introduction
Lesson 1: Boot Camp
Learning objectives
1.1 Things You’ll Need: Java 8, an IDE, Maven, Spring Boot CLI
1.2 Dependency Injection
1.3 SpEL
1.4 Portable Service Abstractions
1.5 AOP
1.6 How Servlet Filter Works
1.7 Auto Config
Lesson 2: Hello Spring Security
Learning objectives
2.1 Creating Hello Security
2.2 What You Get Out of the Box
2.3 How it Works
2.4 What Spring Security Provides
Lesson 3: Authentication 101
Learning objectives
3.1 What is Authentication?
3.2 In Memory Authentication
3.3 JDBC-Based Authentication
3.4 LDAP-Based Authentication
3.5 Login and Logout
3.6 Custom AuthenticationProviders
3.7 Custom UserDetailsServices
3.8 Password Encoding and Migration
3.9 Audit Events
Lesson 4: Web Based Authorization
Learning objectives
4.1 What is Authorization?
4.2 Setting Up Our Sample Application
4.3 Configuring Web-Based Authorization
4.4 Understanding Web-Based Authorization
4.5 Actuator
Lesson 5: Protection Against Common Attacks
Learning objectives
5.1 Cache Control
5.2 HTTPS
5.3 XSS
5.4 Content Sniffing
5.5 CSRF Protection
5.6 Session Fixation
5.7 Click Jacking
5.8 CSP
5.9 RFD Attacks
5.10 HttpFirewall
Lesson 6: Method Security
Learning objectives
6.1 Why Method Security?
6.2 Creating Our Insecure Application
6.3 Integrating with Spring Security
6.4 JSR 250 Annotations
6.5 @Secured
6.6 @PreAuthorize/@PostAuthorize
6.7 Spring Data integration
Lesson 7: OAuth2
Learning objectives
7.1 Introduction
7.2 Authenticating with OAuth2
7.3 Resource Server
7.4 WebClient Integration
7.5 Authorization Code Flow
Lesson 8: Testing
Learning objectives
8.1 Test Method Security
8.2 Test Web Security with MockMvc
8.3 Test Web Security with HtmlUnit Integration
Summary
Spring Security: Summary