Information Technology
VMware Spring Security
This 2-day course offers hands-on experience with the major features of Spring Security, which includes configuration, authentication, authorization, password handling, testing, protecting against security threats, and the OAuth2 support to secure applications. On completion, participants will have a foundation for securing enterprise and microservices applications.
2 Days
16 Hrs
11 Lessons
Course Objectives
By the end of the course, you should be able to meet the following objectives:
- Use Spring Security in Spring and Spring Boot applications Configure the Spring Security filter chain Protect HTTP endpoints with expression
- based access control and the AuthorizationManager API Protect method execution Use different authentication mechanisms Handle passwords in an efficient way Integrate Spring Security with Junit 5 and MockMVC to test HTTP and method security Protect against common vulnerabilities and threats Understand what OAuth2 is Use and configure the Spring Authorization Server Implement a resource server and client
Agenda
- Need for security
- Basic security concepts
- Common security vulnerabilities
- Introduction to Spring Security
- High-level architecture
- Overview of SecurityContext
- Spring Security with Spring Boot
- Building blocks for authentication
- Authentication mechanisms based on user name and password
- Other authentication mechanisms
- Authentication events
- Configuring authorization
- Using AccessDecisionsManager for authorization
- Using AuthorizationManager for authorization
- Bypassing security
- Method security architecture
- Declarative method security with annotations
- Spring Security Testing Support
- Security mock annotations and meta-annotations
- Using MockMvc to test security
- Password hashing
- Upgrading passwords
- Hardening web applications with security headers
- Preventing cross-site request forgery
- Encrypting data in transit
- Need for OAuth
- Overview of OAuth2 and OIDC
- OAuth2 grant types
- Types of tokens
- Spring Security OAuth2 support and OAuth2 login
- Introduction to Authorization Server
- Spring Authorization Server endpoints
- Spring Authorization Server configuration
- Resource server
- Using JWT tokens
- Using opaque tokens
- Configuring an OAuth2 client
FREE
Interested in course?
Course Type: Instructor Led