Course Content
Subtitle Guide – Hướng dẫn thêm phụ đề
0/1
Set up subtitle for video – Hướng dẫn thêm phụ đề
01 – Getting Started
0/14
Subtitle File Resource
001 Course Introduction
07:32
002 Details of Source Code, PDF Content & other instructions for the course
03:59
002 GitHub-Repo
003 What is Security & Why it is important
07:07
004 Creating a simple Spring Boot app with out security
11:44
005 Securing Spring Boot basic app using Spring Security
06:42
006 Configure static credentials inside application properties file
04:46
007 Why should we use Spring Security framework
04:34
008 Quick introduction to Servlets & Filters
05:06
009 Introduction to Spring Security Internal flow
10:24
010 Demo of Spring Security internal flow
11:18
011 Sequence flow of the Spring Security default behaviour
04:50
012 Understanding on how multiple requests work with out credentials
04:11
02 – Changing the default security configurations
0/10
Subtitle File Resource
001 Understanding about UI part of the EazyBank application
05:42
002 Backend REST services required for EazyBank app
03:08
003 Creating backend services needed for the EazyBank application – Part 1
07:33
004 Creating backend services needed for the EazyBank application – Part 2
05:57
005 Checking the default configuration inside the spring security framework
07:18
006 IMPORTANT NOTE
007 Modifying the code as per our custom requirements
06:50
008 Denying all the requests
04:35
009 Permit all the requests
04:47
03 – Defining & Managing Users
0/15
Subtitle File Resource
001 Introduction to the agenda of the section
04:18
002 Configuring users using InMemoryUserDetailsManager – Approach 1
09:37
003 Configuring users using InMemoryUserDetailsManager – Approach 2
05:23
004 Understanding User Management interfaces and Classes
08:51
005 Deep Dive of UserDetails Interface
12:00
006 Deep Dive of UserDetailsService & UserDetailsManager Interfaces
04:52
007 Deep Dive of UserDetailsManager
12:06
008 Creating MySQL Database in the cloud
13:13
009 Connecting to DB & Creating Users inside the DB as per JdbcUserDetailsManager
08:35
010 Using JdbcUserDetailsManager to perform authentication
11:18
011 Creating our own custom tables for Authentication
05:02
012 Creating JPA Entity and repository classes for new table
08:55
013 Creating our own custom implementation of UserDetailsService
09:54
014 Building a new REST API
13:53
04 – Password Management with PasswordEncoders
0/10
Subtitle File Resource
001 How our passwords validated in Spring Security by default
08:45
002 Encoding Vs Encryption Vs Hashing – Part 1
06:34
003 Encoding Vs Encryption Vs Hashing – Part 2
10:07
004 How Our passwords will be validated with hashing & PasswordEncoders
03:01
005 Deep dive of PasswordEncoder interface
04:48
006 Deep dive of PasswordEncoder implementation classes – Part 1
09:05
007 Deep dive of PasswordEncoder implementation classes – Part 2
06:16
008 Demo of registration of new user with Bcrypt password encoder
07:56
009 Demo of login with Bcrypt password encoder
09:44
05 – Understanding Authentication Provider and Implementing it
0/6
Subtitle File Resource
001 Why should we consider creating our own AuthenticationProvider
04:32
002 Understanding AuthenticationProvider methods
07:10
003 Implementing and Customising the AuthenticationProvider inside our application
08:15
004 Testing our custom AuthenticationProvider implementation
08:50
005 Spring Security Sequence flow with custom AuthenticationProvider
02:37
06 – Understanding CORs & CSRF
0/16
Subtitle File Resource
001 Setting up the EazyBank UI project
09:42
002 Understanding the UI project and walkthrough of the Angular code
13:33
003 Creating new DB schema for EazyBank scenarios
09:42
004 Updating Backend project based on the latest DB schema
09:30
005 Testing registration of the new user with latest changes
03:53
006 Taste of CORs error
05:42
007 Introduction to CORs
03:53
008 Possible options to fix the CORs issue
05:50
009 Fixing CORs issue using Spring Security
07:17
010 Demo of default CSRF protection inside Spring Security
05:33
011 Introduction to CSRF attack
05:26
012 Solution to handle CSRF attacks
05:56
013 Ignoring CSRF protection for public APIs
05:11
014 Implementing CSRF token solution inside our web application
20:23
015 Testing the CSRF related changes
09:46
07 – Understanding & Implementing Authorization
0/10
Subtitle File Resource
001 Authentication Vs Authorization
05:57
002 How Authorities stored inside Spring Security
07:10
003 Creating new table authorities to store multiple roles or authorities
05:32
004 Making backend changes to load authorities from new DB table
09:38
005 Configuring Authorities inside web application using Spring Security-Theory
03:14
006 Configuring Authorities inside web application using Spring Security – Coding
06:31
007 Authority Vs Role in Spring Security
04:06
008 Configuring Roles Authorization inside web app using Spring Security-Theory
02:38
009 Configuring Roles Authorization inside web app using Spring Security-Coding
05:30
08 – Writing our own Custom Filters in Spring Security
0/8
Subtitle File Resource
001 Introduction to Filters in Spring Security and the sample use cases
04:56
002 Demo of Inbuilt Filters of Spring Security framework
07:29
003 How to create our own custom filter
04:20
004 Adding a custom filter using addFilterBefore() method
08:54
005 Adding a custom filter using addFilterAfter() method
05:53
006 Adding a custom filter using addFilterAt() method
05:34
007 Details about GenericFilterBean and OncePerRequestFilter
07:01
09 – Token based Authentication using JSON Web Token (JWT)
0/11
Subtitle File Resource
001 Demo of JSESSIONID and issues with it
03:44
002 Advantages of Token based Authentication
08:21
003 Deep dive about JWT Tokens – Part 1
06:30
004 Deep dive about JWT Tokens – Part 2
08:50
005 Making project configuration to use JWT tokens
06:15
006 Configuring filters to generate the JWT tokens
08:27
007 Configuring filters to validate JWT tokens
08:16
008 Making changes on the client side for JWT token based authentication
02:54
009 Validating the JWT changes made by running the applications
05:41
010 Validating the JWT token expiration scenario
02:58
10 – Method Level Security
0/8
Subtitle File Resource
001 Introduction to method level security in Spring Security
05:44
002 Details about method invocation authorization in method level security
08:22
003 Demo of method level security using @PreAuthorize
05:50
004 Demo of method level security using @PostAuthorize
03:27
005 Details about filtering authorization in method level security
03:37
006 Demo of @PreFilter annotation
07:45
007 Demo of @PostFilter annotation
04:19
11 – Deep dive of OAUTH2 & OpenID Connect
0/14
Subtitle File Resource
001 Problems that OAUTH2 trying to solve
11:03
002 Introduction to OAUTH2
06:30
003 OAuth2 terminologies or jargons
04:54
004 OAuth2 Sample flow – Theory
06:04
005 Demo of OAuth2 Sample flow
06:35
006 Deep dive on Authorization code grant type flow in OAUTH2
09:36
007 Demo of Authorization code grant type flow in OAUTH2
05:50
008 Deep dive & Demo of implicit grant flow in OAUTH2
05:24
009 Deep dive of password grant type flow in OAUTH2
04:23
010 Deep dive of client credentials grant type flow in OAUTH2
03:31
011 Deep dive of refresh token grant type flow in OAUTH2
06:18
012 How resource server validates the tokens issued by Auth server
02:54
013 Introduction to OpenID Connect
10:21
12 – Implementing OAUTH2 using spring security
0/4
Subtitle File Resource
001 Registering the client details with the GitHub to use it’s OAUTH2 Auth server
04:56
002 Building a springboot application that uses GitHub Auth server during OAuth2
07:41
003 Running and verifying the sample application using GitHub OAUTH2
04:40
13 – Implementing OAUTH2 style login inside EazyBank using KeyCloak
0/20
Subtitle File Resource
001 Introduction to OAUTH2 flow inside EazyBank web App
02:21
002 Introduction to KeyCloak Auth Server
04:42
003 Installation of KeyCloak server & setup admin account
04:21
004 Setup a Realm inside KeyCloak Server for EazyBank App
02:00
005 Creating Client Credentials inside KeyCloak for API-API secured invocations
04:47
006 Setup of EazyBank Resource Server
14:19
007 Getting Access token from KeyCloak using client credentials grant type
07:54
008 Passing Access token to Resource server for response through Postman
04:57
009 Understanding Authorization code grant type for EazyBank App
02:42
010 Creating Client and User details inside KeyCloak for Auth code grant flow
03:57
011 Testing Authorization code grant type using Postman App
09:03
012 Deep dive on Authorization code grant type with PKCE
09:27
013 Demo of Authorization code grant type with PKCE
06:28
014 Creating public facing client details inside KeyCloak server
03:07
015 Implementing PKCE Authorization code grant type inside Angular UI App – Part 1
08:31
016 Implementing PKCE Authorization code grant type inside Angular UI App – Part 2
08:01
017 Testing PKCE flow inside Eazy Bank application
05:51
018 Important features of KeyCloak
07:36
019 Social Login integration with the help of KeyCloak Server
05:27
14 – Thank You and Congratulations
0/2
001 Thank You and Congratulations
01:36
Subtitle File Resource
Spring Security 6 Zero to Master along with JWT,OAUTH2
About Lesson

IMPORTANT NOTE [May 26, 2023]

Starting from Spring Security 6.1 and Spring Boot 3.1.0 versions, the Spring Security framework team recommends using the Lambda DSL style for configuring security for APIs, web paths, etc. Consequently, they have deprecated a few methods within the framework. These deprecated methods are planned to be removed in Spring Security 7, which is expected to be released in the next 2-3 years. This timeframe allows all developers sufficient time for migrating their code.

However, there’s no need to worry as this change does not alter the underlying concepts, . Instead of using normal Java configurations, we will now employ the Lambda DSL. Below, you will find an example code snippet illustrating the differences between the two styles:

With out Lambda DSL

With Lambda DSL

Please note that the course is recorded using Spring Boot 3 and Spring Security 6 versions, where normal Java style configurations are used instead of Lambda DSL. Therefore, I encourage you to follow the videos to understand the concepts, methods, configurations, etc., and try to use Lambda DSL style configurations.

For your reference, I have updated the code in the GitHub repository to use the Lambda DSL style. You should be able to comprehend the Lambda DSL style, but if you have any questions, please feel free to reach out to me.

The Lambda DSL was created to accomplish to following goals:

  • Automatic indentation makes the configuration more readable.

  • The is no need to chain configuration options using .and()

  • The Spring Security DSL has a similar configuration style to other Spring DSLs such as Spring Integration and Spring Cloud Gateway.

Please refer to the following link for the official note regarding this change from the Spring Security team:

https://docs.spring.io/spring-security/reference/migration-7/configuration.html

Thank you very much. Let’s have fun and learn together.

Madan

Join the conversation
Previous
Next

Please contact me via telegram

DMCA.com Protection Status