English | MP4 | AVC 1280×720 | AAC 44KHz 2ch | 161 lectures (24h 36m) | 13.02 GB
Spring Security 6 , SpringBoot 3 Security, CORs,CSRF,JWT, OAUTH2, OpenID Connect, KeyCloak, Spring Authorization Server
‘Spring Security Zero to Master’ course will help in understanding the Spring Security Architecture, important packages, interfaces, classes inside it which handles authentication and authorization requests in the web applications. It also covers most common security related topics like CORs, CSRF, JWT, OAUTH2, password management, method level security, user, roles & authorities management inside web applications.
Below are the important topics that this course covers,
- Spring Security framework details and it features
- How to adapt security for a Java web application using Spring Security
- Password Management in Spring Security with PasswordEncoders
- Deep dive about encoding, encryption and hashing
- What is CSRF, CORS and how to address them
- What is Authentication and Authorization. How they are different from each other.
- Filters in Spring Security and how to write own custom filters
Deep dive about JWT (JSON Web Tokens) and the role of them inside Authentication & Authorization - Deep dive about OAUTH2 and various grant type flows inside OAUTH2.
- Deep dive about OpenID Connect & how it is related to OAUTH2
- Applying authorization rules using roles, authorities inside a web application using Spring Security
- Method level security in web/non-web applications
- Social Login integrations into web applications
- Set up of Authorization Server using KeyCloak, Spring Authorization Server
Table of Contents
Getting Started
1 Course Introduction
3 Details of Source Code, PDF Content & other instructions for the course
4 Creating a simple Spring Boot app with out security – Part 1
5 Creating a simple Spring Boot app with out security – Part 2
6 Securing Spring Boot basic app using Spring Security & static credentials
7 Funny memes on Security
8 What is Security & Why it is important
9 Quick introduction to Servlets & Filters
10 Introduction to Spring Security Internal flow – Theory
11 Demo of Spring Security internal flow – Part 1
12 Demo of Spring Security internal flow – Part 2
13 Sequence flow of the Spring Security default behaviour
14 Understanding on how multiple requests work with out credentials
Changing the default security configurations
15 Understanding about UI part of the EazyBank application
16 Creating backend services needed for the EazyBank application
17 Checking the default configuration inside the spring security framework
18 Modifying the security config code as per our custom requirements
19 How to disable formLogin and httpBasic authentication
20 httpBasic authentication testing using postman
Defining & Managing Users using InMemoryUserDetailsManager
21 Configuring users using InMemoryUserDetailsManager
22 Configuring PasswordEncoder using PasswordEncoderFactories
23 Demo of CompromisedPasswordChecker
24 Deep Dive of UserDetailsService & UserDetailsManager Interfaces
25 Deep Dive of UserDetails & Authentication interfaces
Defining & Managing Users using a database
26 Quick revision of enhancements done so far
27 Creating MySQL Database using Docker
28 Understanding JdbcUserDetailsManager & creating Users inside the DB
29 Using JdbcUserDetailsManager to perform authentication
30 Creating our own custom tables for Authentication
31 Creating JPA Entity and repository classes for new table
32 Creating our own custom implementation of UserDetailsService
33 Building a new REST API to allow the registration of new User
Password Management with PasswordEncoders
34 How our passwords validated with out PasswordEncoders
35 What is Encoding, Decoding & why it is not suitable for passwords management
36 What is Encryption, Decryption & why it is not suitable for passwords management
37 Demo of Encryption, Decryption
38 Introduction to Hashing
39 Drawbacks of Hashing & what are Brute force attacks, Dictionary or Rainbow tab
40 How to overcome Hashing drawbacks, Brute force and Dictionary table attacks
41 Introduction to PasswordEncoders in Spring Security
42 Deep dive of PasswordEncoder implementation classes
43 Demo of registration and login with Bcrypt password encoder
Understanding Authentication Provider and Implementing it
44 Why should we consider creating our own AuthenticationProvider
45 Understanding AuthenticationProvider methods
46 Implementing and Customizing the AuthenticationProvider inside our application
47 Environment specific Security configurations using Profiles – Part 1
48 Environment specific Security configurations using Profiles – Part 2
49 Environment specific Security configurations using Profiles – Part 3
Spring Security customizations for most common use cases
50 Accepting only HTTPS Traffic using Spring Security
51 Exception Handling in Spring Security framework
52 Defining Custom AuthenticationEntryPoint – Part 1
53 Defining Custom AuthenticationEntryPoint – Part 2
54 Defining Custom AccessDeniedHandler
55 Session Timeout & invalid session configurations
56 Concurrent Session Control configurations
57 Session Fixation Attack protection with Spring Security
58 Listening Authentication Events – Theory
59 Listening Authentication Events – Demo
60 Form Login Configurations for MVC or monolithic apps – Part 1
61 Form Login Configurations for MVC or monolithic apps – Part 2
62 Form Login Configurations for MVC or monolithic apps – Part 3
63 Form Login Configurations for MVC or monolithic apps – Part 4
64 Logout Configurations for MVC or monolithic apps
65 Spring Security Thymeleaf integration
66 Role of SecurityContext & SecurityContextHolder
67 Load login user details in Spring Security
Understanding CORs & CSRF
68 Setting up the EazyBank UI project
69 Understanding and walkthrough of the Angular code – Part 1
70 Understanding and walkthrough of the Angular code – Part 2
71 Creating new DB schema for EazyBank scenarios
72 Updating Backend project based on the latest DB schema
73 Testing registration of the new user with latest changes
74 Taste of CORs error
75 Introduction to CORs
76 Possible options to fix the CORs issue
77 Fixing CORs issue using Spring Security
78 Demo of default CSRF protection inside Spring Security
79 Introduction to CSRF attack
80 Solution to handle CSRF attacks
81 Implementing CSRF token solution inside backend application – Part 1
82 Implementing CSRF token solution inside backend application – Part 2
83 Implementing CSRF token solution inside UI application
84 Ignoring CSRF protection for public APIs
Implementing Authorization using Authorities,Roles
85 Authentication Vs Authorization
86 How Authorities stored inside Spring Security
87 Creating new table authorities to store multiple roles or authorities
88 Making backend changes to load authorities from new DB table
89 Configuring Authorities inside web application using Spring Security
90 Authority Vs Role in Spring Security
91 Configuring Roles Authorization inside web application using Spring Security
92 Listening to the Authorization events
Custom Filters in Spring Security
93 Demo of Inbuilt Filters of Spring Security framework
94 How to create and configure our own custom filter
95 Adding a custom filter using addFilterBefore() method
96 Adding a custom filter using addFilterAfter() method
97 Adding a custom filter using addFilterAt() method
Token based Authentication using JSON Web Token (JWT)
98 Opaque Tokens vs JSON Web Tokens (JWT)
99 Advantages of Token based Authentication
100 Deep dive about JWT Tokens
101 Making project configuration to use JWT tokens
102 Building logic to generate the JWT tokens
103 Building logic to validate the JWT tokens
104 Making changes on the client side for JWT token based authentication
105 Validating the JWT changes made by running the applications
106 Validating the JWT token expiration scenario
107 Publish an AuthenticationManager for custom or manual authentication – Part 1
108 Publish an AuthenticationManager for custom or manual authentication – Part 2
Method Level Security
109 Introduction to method level security in Spring Security
110 Details about method invocation authorization in method level security
111 Demo of method level security using @PreAuthorize and @PostAuthorize
112 Details about filtering authorization in method level security
113 Demo of @PreFilter annotation
114 Demo of @PostFilter annotation
Deep dive of OAUTH2 & OpenID Connect
115 Problems that OAUTH2 trying to solve
116 Introduction to OAUTH2
117 OAuth2 terminologies or jargons
118 Demo of OAuth2 Sample flow
119 Deep dive on Authorization code grant type flow in OAUTH2
120 Demo of Authorization code grant type flow in OAUTH2
121 Deep dive & Demo of implicit grant flow in OAUTH2
122 Deep dive & demo of Authorization code grant type with PKCE
123 Deep dive of password grant type flow in OAUTH2
124 Deep dive of client credentials grant type flow in OAUTH2
125 Deep dive of refresh token grant type flow in OAUTH2
126 How resource server validates the tokens issued by Auth server
127 Introduction to OpenID Connect
Implementing OAUTH2 using spring security & social logins
128 Introduction to the agenda of OAUTH2 implementations and demos
129 Demo of OAUTH2 using social logins – Part 1
130 Demo of OAUTH2 using social logins – Part 2
131 Demo of OAUTH2 using social logins – Part 3
132 Demo of OAUTH2 using social logins – Part 4
133 Demo of OAUTH2 using social logins – Part 5
Securing EazyBank using OAUTH2 and KeyCloak
134 Introduction to OAUTH2 flow inside EazyBank web App
135 Introduction to KeyCloak Auth Server
136 Installation of KeyCloak server, setup admin account & realm
137 Creating Client Credentials inside KeyCloak for API-API secured invocations
138 Setup of EazyBank Resource Server – Part 1
139 Setup of EazyBank Resource Server – Part 2
140 Client credentials grant type flow demo in eazybank
141 Demo of Opaque Tokens – Part 1
142 Demo of Opaque Tokens – Part 2
143 Creating Client and User details inside KeyCloak for Auth code grant flow
144 Testing Authorization code & refresh grant types using Postman App
145 Testing Authorization code PKCE grant types using Postman App
146 Implementing PKCE Authorization code grant type inside Angular UI App – Part 1
147 Implementing PKCE Authorization code grant type inside Angular UI App – Part 2
148 Testing PKCE flow inside Eazy Bank Angular UI application
149 Configuring MFA using KeyCloak
150 Social Login integration with the help of KeyCloak
OAUTH2 Auth Server using Spring Authorization Server
151 Introduction to Spring Authorization Server
152 Set up of Spring Authorization Server
153 Creating Client Credentials inside Spring Auth Server for API-API invocation
154 Client credentials grant type flow demo with Spring Auth Server
155 OAuth2 Token Customization in Spring Auth Server
156 Creating clients inside Spring Auth Server for Auth Code & PKCE grant type flows
157 Updating Spring Auth Server to authenticate the end user using DB
158 Auth Code & PKCE grant type flows demo with Spring Auth Server
159 Refresh token grant type flow demo with Spring Auth Server
160 Demo of Opaque Tokens with Spring Auth Server
Thank You and Congratulations
161 Thank You and Congratulations
Resolve the captcha to access the links!