CF

Spring Security 6 Zero to Master along with JWT,OAUTH2

14h 50m 3s
English
Paid

This course shows you how to build secure Java web apps with Spring Security 6. You learn how the core parts work and how they handle login, roles, and request checks. You also learn how to protect APIs with JWT and OAuth2.

What You Learn

You get clear steps to add security to a Spring app. Each topic includes hands-on work so you can try it on your own.

Spring Security Basics

  • How the Spring Security framework works
  • Main packages, classes, and interfaces
  • How requests move through the security chain

Add Security to a Web App

  • Set up security for a Java web app
  • Use Ant, MVC, and regex matchers to protect URLs
  • Add custom filters when you need extra checks

Password and Data Safety

  • Use PasswordEncoders
  • Know the difference between encoding, hashing, and encryption

Web Protection

  • What CSRF is and how to handle it
  • What CORS is and when it matters

Login and Access

  • What authentication and authorization mean
  • How to use roles and authorities
  • How to add method-level rules

JWT and OAuth2

  • How JWT works in login and access checks
  • OAuth2 grant types and when to use each one
  • OpenID Connect and how it fits with OAuth2

More Features

  • Social login in web apps
  • Set up an authorization server with Keycloak

Who Should Take This

You should know basic Java and Spring. You do not need past security work, but you should want to learn it.

About the Author: Udemy

Udemy thumbnail

Udemy is the largest open marketplace for online courses on the internet. Founded in 2010 by Eren Bali, Oktay Caglar, and Gagan Biyani and headquartered in San Francisco, the company went public on the Nasdaq in 2021 under the ticker UDMY. The platform hosts well over two hundred thousand courses across software development, IT and cloud, data science, design, business, marketing, and creative skills, taught by tens of thousands of independent instructors. Roughly seventy million learners use it worldwide, and the corporate arm — Udemy Business — supplies a curated subset of that catalog to enterprise customers.

Because Udemy is a marketplace rather than a single editorial publisher, the catalog is uneven by design. The strongest material lives in the long-form, project-based courses authored by working engineers — full-stack JavaScript, React, Node.js, Python data science, AWS, Docker and Kubernetes, mobile development with Flutter and React Native, and cloud certification preparation. The CourseFlix listing under this source is the slice of that catalog that has been mirrored here for offline-friendly viewing, organized by topic and updated as new releases land. Pricing on Udemy itself swings dramatically with the site's near-permanent sales, which is why the platform is best treated as a deep reference catalog: pick instructors with strong reviews and a track record of updating their material rather than buying on the headline price alone.

Watch Online 132 lessons

This is a demo lesson (10:00 remaining)

You can watch up to 10 minutes for free. Subscribe to unlock all 132 lessons in this course and access 10,000+ hours of premium content across all courses.

View Pricing
0:00
/
#1: Course Introduction
All Course Lessons (132)
#Lesson TitleDurationAccess
1
Course Introduction Demo
07:33
2
Details of Source Code, PDF Content & other instructions for the course
04:00
3
What is Security & Why it is important
07:08
4
Creating a simple Spring Boot app with out security
11:45
5
Securing Spring Boot basic app using Spring Security
06:43
6
Configure static credentials inside application properties file
04:47
7
Why should we use Spring Security framework
04:35
8
Quick introduction to Servlets & Filters
05:07
9
Introduction to Spring Security Internal flow
10:25
10
Demo of Spring Security internal flow
14:25
11
Sequence flow of the Spring Security default behaviour
04:51
12
Understanding on how multiple requests work with out credentials
04:12
13
Understanding about UI part of the EazyBank application
05:43
14
Backend REST services required for EazyBank app
03:09
15
Creating backend services needed for the EazyBank application - Part 1
07:34
16
Creating backend services needed for the EazyBank application - Part 2
05:58
17
Checking the default configuration inside the spring security framework
07:19
18
Modifying the code as per our custom requirements
06:51
19
Denying all the requests
04:36
20
Permit all the requests
04:48
21
Introduction to the agenda of the section
04:19
22
Configuring users using InMemoryUserDetailsManager - Approach 1
09:38
23
Configuring users using InMemoryUserDetailsManager - Approach 2
05:24
24
Understanding User Management interfaces and Classes
08:52
25
Deep Dive of UserDetails Interface & User class
12:01
26
Deep Dive of UserDetailsService & UserDetailsManager Interfaces
04:53
27
Deep Dive of UserDetailsManager Implementation classes
12:04
28
Creating MySQL Database in the cloud
13:14
29
Connecting to DB & Creating Users inside the DB as per JdbcUserDetailsManager
08:36
30
Using JdbcUserDetailsManager to perform authentication
11:19
31
Creating our own custom tables for Authentication
05:03
32
Creating JPA Entity and repository classes for new table
08:56
33
Creating our own custom implementation of UserDetailsService
09:55
34
Building a new REST API to allow the registration of new User
13:56
35
How our passwords validated in Spring Security by default
08:46
36
Encoding Vs Encryption Vs Hashing - Part 1
06:35
37
Encoding Vs Encryption Vs Hashing - Part 2
10:08
38
How Our passwords will be validated with hashing & PasswordEncoders
03:02
39
Deep dive of PasswordEncoder interface
04:49
40
Deep dive of PasswordEncoder implementation classes - Part 1
09:06
41
Deep dive of PasswordEncoder implementation classes - Part 2
06:17
42
Demo of registration of new user with Bcrypt password encoder
07:57
43
Demo of login with Bcrypt password encoder
09:45
44
Why should we consider creating our own AuthenticationProvider
04:33
45
Understanding AuthenticationProvider methods
07:11
46
Implementing and Customising the AuthenticationProvider inside our application
08:16
47
Testing our custom AuthenticationProvider implementation
05:30
48
Spring Security Sequence flow with custom AuthenticationProvider
02:38
49
Setting up the EazyBank UI project
09:43
50
Understanding the UI project and walkthrough of the Angular code
13:34
51
Creating new DB schema for EazyBank scenarios
09:43
52
Updating Backend project based on the latest DB schema
09:31
53
Testing registration of the new user with latest changes
03:54
54
Taste of CORs error
05:43
55
Introduction to CORs
03:54
56
Possible options to fix the CORs issue
05:51
57
Fixing CORs issue using Spring Security
07:18
58
Demo of default CSRF protection inside Spring Security
05:34
59
Introduction to CSRF attack
05:27
60
Solution to handle CSRF attacks
05:57
61
Ignoring CSRF protection for public APIs
05:12
62
Implementing CSRF token solution inside our web application
20:24
63
Testing the CSRF related changes
09:47
64
Authentication Vs Authorization
05:58
65
How Authorities stored inside Spring Security
07:11
66
Creating new table authorities to store multiple roles or authorities
05:33
67
Making backend changes to load authorities from new DB table
09:39
68
Configuring Authorities inside web application using Spring Security-Theory
03:15
69
Configuring Authorities inside web application using Spring Security - Coding
06:32
70
Authority Vs Role in Spring Security
04:07
71
Configuring Roles Authorization inside web app using Spring Security-Theory
02:39
72
Configuring Roles Authorization inside web app using Spring Security-Coding
05:31
73
Introduction to Filters in Spring Security and the sample use cases
04:57
74
Demo of Inbuilt Filters of Spring Security framework
07:30
75
How to create our own custom filter
04:21
76
Adding a custom filter using addFilterBefore() method
08:55
77
Adding a custom filter using addFilterAfter() method
05:54
78
Adding a custom filter using addFilterAt() method
05:35
79
Details about GenericFilterBean and OncePerRequestFilter
07:02
80
Demo of JSESSIONID and issues with it
03:45
81
Advantages of Token based Authentication
08:22
82
Deep dive about JWT Tokens - Part 1
06:31
83
Deep dive about JWT Tokens - Part 2
08:51
84
Making project configuration to use JWT tokens
06:16
85
Configuring filters to generate the JWT tokens
08:28
86
Configuring filters to validate JWT tokens
08:17
87
Making changes on the client side for JWT token based authentication
02:55
88
Validating the JWT changes made by running the applications
05:42
89
Validating the JWT token expiration scenario
02:59
90
Introduction to method level security in Spring Security
05:45
91
Details about method invocation authorization in method level security
08:23
92
Demo of method level security using @PreAuthorize
05:51
93
Demo of method level security using @PostAuthorize
03:28
94
Details about filtering authorization in method level security
03:38
95
Demo of @PreFilter annotation
07:46
96
Demo of @PostFilter annotation
04:20
97
Problems that OAUTH2 trying to solve
11:04
98
Introduction to OAUTH2
06:31
99
OAuth2 terminologies or jargons
04:55
100
OAuth2 Sample flow - Theory
06:05
101
Demo of OAuth2 Sample flow
06:36
102
Deep dive on Authorization code grant type flow in OAUTH2
09:37
103
Demo of Authorization code grant type flow in OAUTH2
05:51
104
Deep dive & Demo of implicit grant flow in OAUTH2
05:25
105
Deep dive of password grant type flow in OAUTH2
04:24
106
Deep dive of client credentials grant type flow in OAUTH2
03:32
107
Deep dive of refresh token grant type flow in OAUTH2
06:19
108
How resource server validates the tokens issued by Auth server
02:55
109
Introduction to OpenID Connect
10:22
110
Registering the client details with the GitHub to use it's OAUTH2 Auth server
04:57
111
Building a springboot application that uses GitHub Auth server during OAuth2
07:42
112
Running and verifying the sample application using GitHub OAUTH2
04:41
113
Introduction to OAUTH2 flow inside EazyBank web App
02:22
114
Introduction to KeyCloak Auth Server
04:43
115
Installation of KeyCloak server & setup admin account
04:22
116
Setup a Realm inside KeyCloak Server for EazyBank App
02:01
117
Creating Client Credentials inside KeyCloak for API-API secured invocations
04:48
118
Setup of EazyBank Resource Server
14:20
119
Getting Access token from KeyCloak using client credentials grant type
07:55
120
Passing Access token to Resource server for response through Postman
04:58
121
Understanding Authorization code grant type for EazyBank App
02:43
122
Creating Client and User details inside KeyCloak for Auth code grant flow
03:58
123
Testing Authorization code grant type using Postman App
09:04
124
Deep dive on Authorization code grant type with PKCE
09:28
125
Demo of Authorization code grant type with PKCE
06:29
126
Creating public facing client details inside KeyCloak server
03:08
127
Implementing PKCE Authorization code grant type inside Angular UI App - Part 1
08:32
128
Implementing PKCE Authorization code grant type inside Angular UI App - Part 2
08:02
129
Testing PKCE flow inside Eazy Bank application
05:52
130
Important features of KeyCloak
07:37
131
Social Login integration with the help of KeyCloak Server
05:28
132
Thank You and Congratulations
01:37
Unlock unlimited learning

Get instant access to all 131 lessons in this course, plus thousands of other premium courses. One subscription, unlimited knowledge.

Learn more about subscription

Related courses

Frequently asked questions

What is Spring Security 6 Zero to Master along with JWT,OAUTH2 about?
This course shows you how to build secure Java web apps with Spring Security 6. You learn how the core parts work and how they handle login, roles, and request checks. You also learn how to protect APIs with JWT and OAuth2. What You Learn…
Who teaches this course?
It is taught by Udemy. You can find more courses by this instructor on the corresponding source page.
How long is the course?
It contains 132 lessons with a total runtime of 14 hours 50 minutes. Every lesson is available to watch online at your own pace.
Is it free to watch?
It is part of CourseFlix's premium catalog. A subscription unlocks the full video player; the course description, table of contents, and preview information are available to everyone.
Where can I watch it online?
The course is available to watch online on CourseFlix at https://courseflix.net/course/spring-security-6-zero-to-master-along-with-jwt-oauth2. The page hosts every lesson with the integrated video player; no download is required.