Spring Security Zero To Master Along With Jwt,Oauth2 (updated 7/2022)

Spring Security, Authentication, Authorization, Users, Roles, CORs, CSRF, JWT, OAUTH2, OpenID Connect, KeyCloak

What you'll learn
Spring Security framework details and it features.
How to adapt security for a Java web application using Spring Security
What is CSRF, CORS, JWT, OAUTH2
Applying authorization rules using roles, authorities inside a web application using Spring Security
Method level security in web/non-web applications
Requirements
Java
Basics of Spring framework
Description
'Spring Security Zero to Master' course will help in understanding the Spring Security Architecture, important packages, interfaces, classes inside it which handles authentication and authorization requests in the web applications. It also covers most common security related topics like CORs, CSRF, JWT, OAUTH2, password management, method level security, user, roles & authorities management inside web applications.Below are the important topics that this course covers,Spring Security framework details and it featuresHow to adapt security for a Java web application using Spring SecurityPassword Management in Spring Security with PasswordEncodersDeep dive about encoding, encryption and hashingWhat is CSRF, CORS and how to address themWhat is Authentication and Authorization. How they are different from each other.Securing endpoint URLs inside web applications using Ant, MVC & Regex MatchersFilters in Spring Security and how to write own custom filtersDeep dive about JWT (JSON Web Tokens) and the role of them inside Authentication & AuthorizationDeep dive about OAUTH2 and various grant type flows inside OAUTH2.Deep dive about OpenID Connect & how it is related to OAUTH2Applying authorization rules using roles, authorities inside a web application using Spring SecurityMethod level security in web/non-web applicationsSocial Login integrations into web applicationsSet up of Authorization Server using KeyCloak The pre-requisite for the course is basic knowledge of Java, Spring and interest to learn.

Overview

Section 1: Getting Started

Lecture 1 Course Introduction

Lecture 2 Details of Source Code, PDF Content & other instructions for the course

Lecture 3 What is Security & Why it is important

Lecture 4 Creating a simple Spring security project

Lecture 5 Understanding on how multiple requests work with out credentials

Lecture 6 Spring Security Internal flow and Architecture

Lecture 7 Summary of the Section

Section 2: Changing the default security configurations

Lecture 8 Understanding about UI part of the project

Lecture 9 Creating backend services needed for the application

Lecture 10 Testing the backend services with default configurations

Lecture 11 Checking the default configuration inside the spring security library

Lecture 12 Modifying the code as per our custom requirements

Lecture 13 Denying all the requests

Lecture 14 Permit all the requests

Lecture 15 Summary of the Section

Section 3: Defining & Managing Users

Lecture 16 Configuring users using inMemoryAuthentication

Lecture 17 Configuring users using InMemoryUserDetailsManager

Lecture 18 Understanding User Management interfaces and Classes

Lecture 19 Deep Dive of UserDetails Interface

Lecture 20 Deep Dive of UserDetailsService Interface

Lecture 21 Deep Dive of UserDetailsManager Interface

Lecture 22 Deep Dive of UserDetailsManager Implementations

Lecture 23 Note regarding the next lecture

Lecture 24 Creating MySQL Database in AWS

Lecture 25 Creating Users inside the DB as per JdbcUserDetailsManager class

Lecture 26 Using JdbcUserDetailsManager to perform authentication

Lecture 27 Creating our own custom implementation of UserDetailsService

Lecture 28 Summary of the section

Section 4: Password Management with PasswordEncoders

Lecture 29 How our passwords validated in Spring Security by default

Lecture 30 Encoding Vs Encryption Vs Hashing

Lecture 31 How Our passwords will be validated with hashing by Spring Security

Lecture 32 Definition of the PasswordEncoder

Lecture 33 Deepdive into NoOpPasswordEncoder

Lecture 34 Deepdive into StandardPasswordEncoder

Lecture 35 Deepdive into Pbkdf2PasswordEncoder

Lecture 36 Deepdive into Bcrypt and Scrypt PasswordEncoders

Lecture 37 Implementing and enhancing our application to use Bcrypt password encoder

Lecture 38 Details about Spring Security Crypto package

Lecture 39 Summary of the section

Section 5: Understanding Authentication Provider and Implementing it

Lecture 40 Role of AuthenticationProvider in the Spring Security flow

Lecture 41 Scenarios where we need to implement Authentucation Provider

Lecture 42 Understanding Authentication Provider definition

Lecture 43 Understanding Authentication & Principal Interfaces

Lecture 44 Implementing and Customizing the Authentication Provider inside our application

Lecture 45 Summary of the Section

Section 6: Understanding CORs & CSRF

Lecture 46 Setting up the EazyBank UI project

Lecture 47 Understanding the UI project and walkthrough of the Angular code

Lecture 48 Understanding the backend project and walkthrough of the latest code

Lecture 49 Testing the EazyBank application with both UI and Backend applications up

Lecture 50 Deep dive into CORS (CROSS-ORIGIN RESOURCE SHARING)

Lecture 51 Making code changes to resolve CORS issue

Lecture 52 Deep dive into CSRF (CROSS-SITE REQUEST FORGERY)

Lecture 53 Resolving CSRF error by disabling it in Spring Security

Lecture 54 Resolving CSRF error by generating a CSRF token

Lecture 55 Making Spring Security changes to make CSRF not applicable for Contact page

Lecture 56 Summary of the Section

Section 7: Understanding & Implementing Authorization

Lecture 57 Authentication Vs Authorization

Lecture 58 Spring Security Internal flow for AUTHN & AUTHZ

Lecture 59 How Authorities stored in Spring Security

Lecture 60 Configuring Authorities in Spring Security

Lecture 61 Authority Vs Role

Lecture 62 Configuring Roles in Spring Security

Lecture 63 Deep dive of Ant, MVC, Regex matchers for applying restrictions on the paths

Lecture 64 Summary of the Section

Section 8: Filters in Spring Security

Lecture 65 Introduction to Filters in Spring Security and the sample use cases

Lecture 66 Inbuilt Filters provided by Spring Security and validating them inside our app

Lecture 67 Implementing our own custom filter in Spring Security

Lecture 68 Adding a custom filter using addFilterBefore() method

Lecture 69 Adding a custom filter using addFilterAfter() method

Lecture 70 Adding a custom filter using addFilterAt() method

Lecture 71 Details about GenericFilterBean and OncePerRequestFilter

Lecture 72 Summary of the Section

Section 9: Token based Authentication using JSON Web Token (JWT)

Lecture 73 Introduction to Tokens in Authentication flow

Lecture 74 Advantages of Token based Authentication

Lecture 75 Exploring the JSESSIONID & CSRF Tokens inside our application

Lecture 76 Deep dive about JWT Tokens

Lecture 77 Making project configuration to use JWT tokens

Lecture 78 Configuring filters to generate and validate JWT tokens

Lecture 79 Making changes on the client side for JWT token based authentication

Lecture 80 Validating the JWT changes made by running the applications

Lecture 81 Validating the JWT token expiration scenario

Lecture 82 Summary of the Section

Section 10: Method Level Security

Lecture 83 Introduction to method level security in Spring Security

Lecture 84 Details about method invocation authorization in method level security

Lecture 85 Implementing method level security using preauthorize and postauthorize

Lecture 86 Details about filtering authorization in method level security

Lecture 87 Implementing method level security using prefilter and postfilter

Lecture 88 Summary of the section

Section 11: Deep dive of OAUTH2

Lecture 89 Problems that OAUTH2 framework trying to solve

Lecture 90 Introduction to OAUTH2

Lecture 91 Different Components involved in OAUTH2 flow

Lecture 92 Authorization code grant type flow in OAUTH2

Lecture 93 Implicit grant type flow in OAUTH2

Lecture 94 Resource owner credentials grant type flow in OAUTH2

Lecture 95 Client credentials grant type flow in OAUTH2

Lecture 96 Refresh token grant type flow in OAUTH2

Lecture 97 How resource server validates the tokens issued by Auth server

Lecture 98 Summary of the Section

Section 12: Implementing OAUTH2 using spring security

Lecture 99 Registering the client details with the GitHub to use it's OAUTH2 Auth server

Lecture 100 Building a sample spring application that uses GitHub Auth server during OAUTH2

Lecture 101 Running and verifying the sample application using GitHub OAUTH2

Section 13: Implementing OAUTH2 style login inside EazyBank using KeyCloak

Lecture 102 Introduction to OAUTH2 flow inside EazyBank web App

Lecture 103 Introduction to OpenID Connect

Lecture 104 Introduction to KeyCloak Auth Server

Lecture 105 Installation of KeyCloak server & setup admin account

Lecture 106 Setup a Realm inside KeyCloak Server for EazyBank App

Lecture 107 Creating Client Credentials inside KeyCloak for API-API secured invocations

Lecture 108 Setup EazyBank Resource Server

Lecture 109 Getting Access token from KeyCloak using client credentials grant type

Lecture 110 Passing Access token to Resource server for response through Postman

Lecture 111 Understanding Authorization code grant type for EazyBank App

Lecture 112 Creating Client and User details inside KeyCloak for Auth code grant flow

Lecture 113 Testing Authorization code grant type using Postman App

Lecture 114 Deep dive on Authorization code grant type with PKCE

Lecture 115 Creating public facing client details inside KeyCloak server

Lecture 116 Understanding PKCE Authorization code grant type inside Angular UI App

Lecture 117 Important features of KeyCloak

Lecture 118 Social Login integration with the help of KeyCloak Server

Lecture 119 Summary of the Section

Section 14: Thank You and Congratulations

Lecture 120 Thank You and Congratulations

Lecture 121 Bonus lectures

Beginner students who are learning Spring framework and interested in security as well,Developers who already know developing web applications using Spring framework,Java Architects