Spring Security Core: Beginner to Guru

Spring Security Core: Beginner to Guru

English | MP4 | AVC 1280×720 | AAC 44KHz 2ch | 128 lectures (13h 14m) | 5.37 GB

Learn how to use Spring Security to Secure Your Spring Framework Applications

Seems like everyday you can find a news story about a security breach, which can be devastating to companies.

Clearly, security is a very important topic.

The Spring Framework is the most popular Java framework for building cloud scale applications.

Spring Security provides you all the tools you need to secure your Java application.

Application security is much more than allowing access after checking a user name and password. You will learn how to limit what application features a user may or may not see. And also, how to limit what data a user may or may not see.

This course focuses on the core fundamentals of Spring Security.

Central to Spring Security is the process of Authentication. This is the process of establishing a user’s identity.

Once a user’s identity is established, the process of Authorization is used to allow the user to access specific actions and features of an application.

Spring Security has a very robust toolset for Authentication and Authorization.

Inside this course, you will master both.

You will start the course by learning how to leverage the auto-configuration capabilities of Spring Boot to quickly secure a web application using HTTP Basic Authentication.

Then, you’ll be lead through a series of exercises, to replace and customize the default Spring Boot auto-configuration.

Through this process, you will understand the Spring Boot hidden ‘magic’, and learn how to master the configuration of Spring Security.

You will be working with a typical Spring Boot Web Application. The application mimics a robust monolithic application – with web pages and RESTful endpoints. This allows us to explore the unique security aspects unique to both web applications and RESTFul APIs.

You may notice there is not a dedicated section of the course about Testing Spring Security. This is because testing is done throughout the course.

Test Driven Development (TDD) is widely considered a best practice in software engineering.

As we explore the features of Spring Security, we will follow a TDD approach.

We will first write a failing test using JUnit 5, Mockito, and Spring MockMVC, then complete the lesson objective to get a passing test.

You will see some great examples of testing Spring with JUnit 5. However, it is recommended you have prior experience with JUnit 5.

In this course, you will learn:

  • HTTP Basic Authentication with Spring Security
  • Spring Security Java Configuration
  • Using an In-Memory Authentication Provider
  • Using Spring Security for Password Management
  • Best Practices for Password Security
  • Creating Custom Authentication Filters
  • Using a database with Spring Data JPA for Authentication
  • User Roles with Spring Security
  • User Authorities with Spring Security
  • Multitenancy Security
  • Configure Spring Security for CSRF Protection
  • Create a custom login form
  • Using Remember Me
  • How to lock out users after too many failed attempts
  • How to unlock accounts automatically after a period of time
  • CORS with Spring Security
Table of Contents

Introduction
1 Introduction
2 What You Will Build In Your Spring Security Course
3 Getting The Most Out of Your Course
4 Setting up your Development Environment
5 Slack Group for Spring Security
6 Github Work Flow
7 Is Your IDE Free Like a Puppy
8 Free 120 Day IntelliJ IDEA Trial

Introduction to Spring Security
9 Introduction
10 Application Security 101
11 Introducing Spring Security
12 OWASP Common Web Vulnerabilities
13 Cross Site Scripting – XSS
14 Cross Site Forgery

HTTP Basic Auth
15 Introduction
16 Overview of HTTP Basic Authentication
17 SFG Brewery Code Review
18 Spring Security Default Basic Auth
19 Customizing User Name and Password
20 Testing Spring Security with JUnit 5
21 Testing HTTP Basic Auth
22 Spring Security Filter Chain

Spring Security Java Configuration
23 Introduction
24 Permit All with URL Pattern Matching
25 HTTP Method Matching
26 Spring MVC Path Matchers

In Memory Authentication Provider
27 Introduction
28 Spring Security Authentication Process
29 User Details Service
30 In Memory Authentication Fluent API

Password Security
31 Introduction
32 Password Encoding
33 MD5 Hash and Password Salt
34 NoOp Password Encoder
35 LDAP Password Encoder
36 SHA-256 Password Encoder
37 BCrypt Password Encoder
38 Delegating Password Encoder
39 Custom Delegating Password Encoder

Custom Authentication Filter
40 Introduction
41 Custom Authentication Filter Overview
42 Delete Beer by ID MockMVC Test
43 Custom Authentication Filter
44 Spring Security Configuration
45 Debugging Spring Security
46 Custom Do Filter Method
47 Custom Failure Handler

Database Authentication
48 Introduction
49 Database Authentication Overview
50 JPA Entities
51 Project Lombok Configuration
52 Spring Data JPA Repositories
53 H2 Database Console Access
54 User Details Service
55 Spring Security Configuration
56 Spring Boot Test Context

User Roles
57 Introduction
58 Authorization in Spring Security
59 Configuring User Roles
60 Verify Role in Filter – Delete
61 Allow Multiple Roles
62 Refactor JUnit 5 Tests
63 Introduction to Method Security
64 Security Expression Based Syntax

User Authorities
65 Introduction
66 Overview Database Refactoring
67 Updated JPA Configuration
68 Defining Roles for Beer Operations
69 Update Spring Security for RESTful Beer API
70 Custom Authorization Annotations

Multitenancy Security
71 Introduction
72 Multitenancy Overview
73 Order Controller Code Review
74 Define Roles for Beer Orders
75 Update JPA User
76 User Customer JPA Mapping
77 Refactor Bootstrap Data
78 TDD – Write Failing Tests
79 Custom Authentication Manager
80 Secure Read Order
81 Using Authentication Principle
82 Spring Security with Spring Data JPA

CSRF Protection in Spring Security
83 Introduction
84 Enable CSRF Protection in Spring Security
85 CSRF with Spring MockMVC
86 Update Customer Forms with CSRF

Login Form
87 Introduction
88 Tag Library Overview
89 Add Login Form to Index Page
90 Add Logout Action
91 Update Java Configuration for Login Form
92 Login and Logout Messages
93 Show Elements by User Permission

Remember Me
94 Introduction
95 Remember Me Overview
96 Simple Hash-Based Token Remember Me
97 Persistent Token Rememeber Me

User Lockout Using Spring Security Events
98 Introduction
99 Introduction
100 Overview of Spring Security Authentication Events
101 Configuration of Spring Security Event Publisher
102 Logging of Authentication Success Events
103 Persistence of Authentication Success Events
104 Locking User Account After Failed Attempts
105 Account Locked Message
106 Automatically Unlocking Accounts After Period of Time

Two Factor Authentication
107 Introduction
108 Two Factor Authentication Overview
109 Google Authenticator with Spring Security
110 Configure User Entity for 2FA
111 Configure 2FA Registration Controller
112 Configure Google Secret Persistence
113 Generate QR Code for Google Authenticator
114 Verify 2FA Opt In
115 FA Verfication UI
116 Spring Security 2FA Filter
117 Spring Security 2FA Failure Handler
118 Exclude Static Resources from Filter
119 Java Configuration and 2FA Demo
120 FA Retrospective

CORS
121 Introduction
122 Overview of CORS
123 Disable Spring Security for Testing
124 Spring MVC CORS Configuration
125 Spring MVC CORS Annotation Config
126 Spring Security CORS Configuration

Appendix A Using GitHub
127 Git and GitHub Basics – Start Here
128 GitHub Workflow

Homepage