Spring Security | | Software Development
Spring Security
Duration
24 hours
Location
Online
Language
English
Code
JVA-013
400.00 *
Training for 7-8 or more people? Customize trainings for your specific needs
Description
Spring Security is the most popular framework for user authentication and restricting access to Enterprise applications. This course deals with authentication and authorization mechanisms (and their application in real practice).This course covers the following:
- Theoretical foundations of restricting access to Enterprise applications
- Spring Security Abstractions
- X509 authentication, SSL certificates
- Setting Spring Security configuration in practice
- Using Spring Security to restrict access to various parts of the application
- Using JWT tokens, OAuth protocol
- Using Spring authorization server and Keycloak server
- Developing resource servers
Plus the course includes several practical tasks.
After completing the course, a certificate
is issued on the Luxoft Training form
is issued on the Luxoft Training form
Objectives
Teach trainees how to solve various tasks of authentication and access control for Enterprise Applications using Spring Security.
Target Audience
Java developers with experience of over 1 year (experience in Spring + Spring Boot)
Prerequisites
a:2:{s:4:"TEXT";s:191:"• Experience in working with Java SE >= 8
• Experience of working with Spring Framework and Spring Boot or passed through the JVA-010 Spring Framework 5 for Application Development course";s:4:"TYPE";s:4:"TEXT";}
Roadmap
a:2:{s:4:"TEXT";s:1998:"1. Introduction to Spring Security
2. Authentication
3. Authorization
4. OAuth 2.0
- Security Tasks
- Identification, Authentication, Authorization
- Examples of Spring Security Configuration
- Hands-on Lab “Spring Security Overview”
- Spring Security Capabilities
2. Authentication
- HTTP Basic Authentication
- Hands-on Lab “Setting HTTP Basic Authentication”
- Deny-by-Default / Allow-by-Default
- Main Abstractions of Spring Security
- Hands-on Lab “Adding the User Storage”
- Integration with Web, Authentication in a Web Application
- Servlets API, DelegatingFilterProxy, FilterChain, Spring Security Filters
- Form-based Authentication
- Tokens vs. Session Key
- CORS, CSRF, CSRF Token, XSS
- Hands-on Lab “Login Form”
- Anonymous Authentication
- Hands-on Lab “Adding Anonymous Authentication”
- Remember-Me Authentication
- Persistent Tokens
- Hash-based Tokens
- JWT
- Hands-on Lab “Hash-based Tokens”
- X509 Authentication
- Hands-on Lab “Authentication with X509 Certificates”
3. Authorization
- Spring Security Authorization Abstractions
- URL-based Authorization
- Method-based Authorization
- @Secured, @Pre/@Post Annotations
- Domain Objects Security (ACL)
- Hands-on Lab “ACL and Method-based Authorization”
4. OAuth 2.0
- OAuth 2.0 Roles
- Access and Refresh Tokens
- Grant Type: Authorization Code
- Grant Type: Password
- Grant Type: Client Credentials
- Grant Type: Implicit
- Spring authorization server
- Keycloak authorization server
- Implementing resource servers
- Lab: creating resource server, using authorization server
Schedule and prices
View:
Register for the next course
Registering in advance ensures you have priority. We will notify you when we schedule the next course on this topic
Courses you may be interested in
Spring Framework 5 for Application Development
In this training you’ll learn how to use the core features of the Spring Framework, create production ready applications and discover how to use Spring in your projects.
Online:
02.10.2023 - 13.10.2023
Spring Core
It covers the major aspects of the Spring Core framework used for the inversion of control (IoC), Spring Expression Language (SpEL) and aspect oriented programming (AoP) applications constructing.
Spring Databases
This training is an introduction to the Spring Databases, covering all the major aspects of the Spring Databases framework: Spring JDBC, Spring ORM, transactions. During the course participants will also get learn how to write their own applications using the Spring Databases framework.
