Spring Security 6 Zero to Master along with JWT,OAUTH2
'Spring Security Zero to Master' course will help in understanding the Spring Security Architecture, important packages, interfaces, classes inside it which handles authentication and authorization requests in the web applications. It also covers most common security related topics like CORs, CSRF, JWT, OAUTH2, password management, method level security, user, roles & authorities management inside web applications.
More
Below are the important topics that this course covers:
Spring Security framework details and it features
How to adapt security for a Java web application using Spring Security
Password Management in Spring Security with PasswordEncoders
Deep dive about encoding, encryption and hashing
What is CSRF, CORS and how to address them
What is Authentication and Authorization. How they are different from each other.
Securing endpoint URLs inside web applications using Ant, MVC & Regex Matchers
Filters in Spring Security and how to write own custom filters
Deep dive about JWT (JSON Web Tokens) and the role of them inside Authentication & Authorization
Deep dive about OAUTH2 and various grant type flows inside OAUTH2.
Deep dive about OpenID Connect & how it is related to OAUTH2
Applying authorization rules using roles, authorities inside a web application using Spring Security
Method level security in web/non-web applications
Social Login integrations into web applications
Set up of Authorization Server using KeyCloak
The pre-requisite for the course is basic knowledge of Java, Spring and interest to learn.
Watch Online Spring Security 6 Zero to Master along with JWT,OAUTH2
# | Title | Duration |
---|---|---|
1 | Course Introduction | 07:33 |
2 | Details of Source Code, PDF Content & other instructions for the course | 04:00 |
3 | What is Security & Why it is important | 07:08 |
4 | Creating a simple Spring Boot app with out security | 11:45 |
5 | Securing Spring Boot basic app using Spring Security | 06:43 |
6 | Configure static credentials inside application properties file | 04:47 |
7 | Why should we use Spring Security framework | 04:35 |
8 | Quick introduction to Servlets & Filters | 05:07 |
9 | Introduction to Spring Security Internal flow | 10:25 |
10 | Demo of Spring Security internal flow | 14:25 |
11 | Sequence flow of the Spring Security default behaviour | 04:51 |
12 | Understanding on how multiple requests work with out credentials | 04:12 |
13 | Understanding about UI part of the EazyBank application | 05:43 |
14 | Backend REST services required for EazyBank app | 03:09 |
15 | Creating backend services needed for the EazyBank application - Part 1 | 07:34 |
16 | Creating backend services needed for the EazyBank application - Part 2 | 05:58 |
17 | Checking the default configuration inside the spring security framework | 07:19 |
18 | Modifying the code as per our custom requirements | 06:51 |
19 | Denying all the requests | 04:36 |
20 | Permit all the requests | 04:48 |
21 | Introduction to the agenda of the section | 04:19 |
22 | Configuring users using InMemoryUserDetailsManager - Approach 1 | 09:38 |
23 | Configuring users using InMemoryUserDetailsManager - Approach 2 | 05:24 |
24 | Understanding User Management interfaces and Classes | 08:52 |
25 | Deep Dive of UserDetails Interface & User class | 12:01 |
26 | Deep Dive of UserDetailsService & UserDetailsManager Interfaces | 04:53 |
27 | Deep Dive of UserDetailsManager Implementation classes | 12:04 |
28 | Creating MySQL Database in the cloud | 13:14 |
29 | Connecting to DB & Creating Users inside the DB as per JdbcUserDetailsManager | 08:36 |
30 | Using JdbcUserDetailsManager to perform authentication | 11:19 |
31 | Creating our own custom tables for Authentication | 05:03 |
32 | Creating JPA Entity and repository classes for new table | 08:56 |
33 | Creating our own custom implementation of UserDetailsService | 09:55 |
34 | Building a new REST API to allow the registration of new User | 13:56 |
35 | How our passwords validated in Spring Security by default | 08:46 |
36 | Encoding Vs Encryption Vs Hashing - Part 1 | 06:35 |
37 | Encoding Vs Encryption Vs Hashing - Part 2 | 10:08 |
38 | How Our passwords will be validated with hashing & PasswordEncoders | 03:02 |
39 | Deep dive of PasswordEncoder interface | 04:49 |
40 | Deep dive of PasswordEncoder implementation classes - Part 1 | 09:06 |
41 | Deep dive of PasswordEncoder implementation classes - Part 2 | 06:17 |
42 | Demo of registration of new user with Bcrypt password encoder | 07:57 |
43 | Demo of login with Bcrypt password encoder | 09:45 |
44 | Why should we consider creating our own AuthenticationProvider | 04:33 |
45 | Understanding AuthenticationProvider methods | 07:11 |
46 | Implementing and Customising the AuthenticationProvider inside our application | 08:16 |
47 | Testing our custom AuthenticationProvider implementation | 05:30 |
48 | Spring Security Sequence flow with custom AuthenticationProvider | 02:38 |
49 | Setting up the EazyBank UI project | 09:43 |
50 | Understanding the UI project and walkthrough of the Angular code | 13:34 |
51 | Creating new DB schema for EazyBank scenarios | 09:43 |
52 | Updating Backend project based on the latest DB schema | 09:31 |
53 | Testing registration of the new user with latest changes | 03:54 |
54 | Taste of CORs error | 05:43 |
55 | Introduction to CORs | 03:54 |
56 | Possible options to fix the CORs issue | 05:51 |
57 | Fixing CORs issue using Spring Security | 07:18 |
58 | Demo of default CSRF protection inside Spring Security | 05:34 |
59 | Introduction to CSRF attack | 05:27 |
60 | Solution to handle CSRF attacks | 05:57 |
61 | Ignoring CSRF protection for public APIs | 05:12 |
62 | Implementing CSRF token solution inside our web application | 20:24 |
63 | Testing the CSRF related changes | 09:47 |
64 | Authentication Vs Authorization | 05:58 |
65 | How Authorities stored inside Spring Security | 07:11 |
66 | Creating new table authorities to store multiple roles or authorities | 05:33 |
67 | Making backend changes to load authorities from new DB table | 09:39 |
68 | Configuring Authorities inside web application using Spring Security-Theory | 03:15 |
69 | Configuring Authorities inside web application using Spring Security - Coding | 06:32 |
70 | Authority Vs Role in Spring Security | 04:07 |
71 | Configuring Roles Authorization inside web app using Spring Security-Theory | 02:39 |
72 | Configuring Roles Authorization inside web app using Spring Security-Coding | 05:31 |
73 | Introduction to Filters in Spring Security and the sample use cases | 04:57 |
74 | Demo of Inbuilt Filters of Spring Security framework | 07:30 |
75 | How to create our own custom filter | 04:21 |
76 | Adding a custom filter using addFilterBefore() method | 08:55 |
77 | Adding a custom filter using addFilterAfter() method | 05:54 |
78 | Adding a custom filter using addFilterAt() method | 05:35 |
79 | Details about GenericFilterBean and OncePerRequestFilter | 07:02 |
80 | Demo of JSESSIONID and issues with it | 03:45 |
81 | Advantages of Token based Authentication | 08:22 |
82 | Deep dive about JWT Tokens - Part 1 | 06:31 |
83 | Deep dive about JWT Tokens - Part 2 | 08:51 |
84 | Making project configuration to use JWT tokens | 06:16 |
85 | Configuring filters to generate the JWT tokens | 08:28 |
86 | Configuring filters to validate JWT tokens | 08:17 |
87 | Making changes on the client side for JWT token based authentication | 02:55 |
88 | Validating the JWT changes made by running the applications | 05:42 |
89 | Validating the JWT token expiration scenario | 02:59 |
90 | Introduction to method level security in Spring Security | 05:45 |
91 | Details about method invocation authorization in method level security | 08:23 |
92 | Demo of method level security using @PreAuthorize | 05:51 |
93 | Demo of method level security using @PostAuthorize | 03:28 |
94 | Details about filtering authorization in method level security | 03:38 |
95 | Demo of @PreFilter annotation | 07:46 |
96 | Demo of @PostFilter annotation | 04:20 |
97 | Problems that OAUTH2 trying to solve | 11:04 |
98 | Introduction to OAUTH2 | 06:31 |
99 | OAuth2 terminologies or jargons | 04:55 |
100 | OAuth2 Sample flow - Theory | 06:05 |
101 | Demo of OAuth2 Sample flow | 06:36 |
102 | Deep dive on Authorization code grant type flow in OAUTH2 | 09:37 |
103 | Demo of Authorization code grant type flow in OAUTH2 | 05:51 |
104 | Deep dive & Demo of implicit grant flow in OAUTH2 | 05:25 |
105 | Deep dive of password grant type flow in OAUTH2 | 04:24 |
106 | Deep dive of client credentials grant type flow in OAUTH2 | 03:32 |
107 | Deep dive of refresh token grant type flow in OAUTH2 | 06:19 |
108 | How resource server validates the tokens issued by Auth server | 02:55 |
109 | Introduction to OpenID Connect | 10:22 |
110 | Registering the client details with the GitHub to use it's OAUTH2 Auth server | 04:57 |
111 | Building a springboot application that uses GitHub Auth server during OAuth2 | 07:42 |
112 | Running and verifying the sample application using GitHub OAUTH2 | 04:41 |
113 | Introduction to OAUTH2 flow inside EazyBank web App | 02:22 |
114 | Introduction to KeyCloak Auth Server | 04:43 |
115 | Installation of KeyCloak server & setup admin account | 04:22 |
116 | Setup a Realm inside KeyCloak Server for EazyBank App | 02:01 |
117 | Creating Client Credentials inside KeyCloak for API-API secured invocations | 04:48 |
118 | Setup of EazyBank Resource Server | 14:20 |
119 | Getting Access token from KeyCloak using client credentials grant type | 07:55 |
120 | Passing Access token to Resource server for response through Postman | 04:58 |
121 | Understanding Authorization code grant type for EazyBank App | 02:43 |
122 | Creating Client and User details inside KeyCloak for Auth code grant flow | 03:58 |
123 | Testing Authorization code grant type using Postman App | 09:04 |
124 | Deep dive on Authorization code grant type with PKCE | 09:28 |
125 | Demo of Authorization code grant type with PKCE | 06:29 |
126 | Creating public facing client details inside KeyCloak server | 03:08 |
127 | Implementing PKCE Authorization code grant type inside Angular UI App - Part 1 | 08:32 |
128 | Implementing PKCE Authorization code grant type inside Angular UI App - Part 2 | 08:02 |
129 | Testing PKCE flow inside Eazy Bank application | 05:52 |
130 | Important features of KeyCloak | 07:37 |
131 | Social Login integration with the help of KeyCloak Server | 05:28 |
132 | Thank You and Congratulations | 01:37 |