Course description
The Spring Security Training Course is designed to provide developers and IT professionals with comprehensive knowledge and practical skills in implementing security measures within Java applications using the Spring Security framework. This course covers essential concepts and advanced techniques to secure web applications effectively. The theory is supported via numerous code examples.
This course covers the following:
1. Theoretical foundations of restricting access to Enterprise applications
2. Overview of the Spring Security framework, its architecture, and core components.
3. X509 authentication, SSL certificates
4. Setting Spring Security configuration in practice. Configuring security using XML and Java annotations, integrating with Spring Boot.
5. Securing Web Applications: Protecting web applications, including form-based login, session management, and CSRF protection.
6. Using Spring Security to restrict access to various parts of the application, i.e.
a. using URL-based authorization
b. securing service layer methods using annotations and AOP
c. Doman Objects Security (ACL)
7. Using JWT tokens, the OAuth protocol
8. Using Spring Authorization Server
9. Integrating Spring Security withKeycloak server
10. Developing resource servers
Plus, the course includes numerous practical tasks.
The trainee after the course:
• Will understand the fundamentals of enterprise application security
• Will know and use the implementations of security mechanisms provided by Spring Security
Will be acquainted with Spring Security abstractions for implementing their own security mechanisms.
Upcoming start dates
Who should attend?
Prerequisites
- Experience in working with Java SE 8 or higher
- Experience working with Spring Framework and Spring Boot or passed through the Spring Framework 5+ for Application Development course
Training content
1. Introduction to Spring Security – 2h (theory – 2h, practice – 1h)
a. Security Tasks
b. Identification, Authentication, Authorization
c. Examples of Spring Security Configuration
d. Hands-on Lab “Spring Security Overview”
e. Spring Security Capabilities
2. Authentication – 12h (theory – 8h, practice – 3h)
• HTTP Basic Authentication
• Hands-on Lab “Setting HTTP Basic Authentication”
• Deny-by-Default / Allow-by-Default
• Main Abstractions of Spring Security
• Hands-on Lab “Adding the User Storage”
• Integration with Web, Authentication in a Web Application
• Servlets API, DelegatingFilterProxy, FilterChain, Spring Security Filters
• Form-based Authentication
• Tokens vs. Session Key
• CORS, CSRF, CSRF Token, XSS
• Hands-on Lab “Login Form”
• Anonymous Authentication
• Hands-on Lab “Adding Anonymous Authentication”
• Remember-Me Authentication
• Persistent Tokens
• Hash-based Tokens
• JWT
• Hands-on Lab “Hash-based Tokens”
• X509 Authentication
• Hands-on Lab “Authentication with X509 Certificates”
3. Authorization – 4h (theory – 3h, practice – 2h)
• Spring Security Authorization Abstractions
• URL-based Authorization
• Method-based Authorization
• @Secured, @Pre/@Post Annotations
• Domain Objects Security (ACL)
• Hands-on Lab “ACL and Method-based Authorization”
4. OAuth 2.0 – 2h and Authorization servers (theory – 3h, practice – 2h)
• OAuth 2.0 Roles
• Access and Refresh Tokens
• Grant Type: Authorization Code
• Grant Type: Password
• Grant Type: Client Credentials
• Grant Type: Implicit
• Spring authorization server
• Keycloak authorization server
• Implementing resource servers
• Lab: creating resource server, using an authorization server
Total: theory – 16h, practice – 8h
Certification / Credits
Objectives
Learning Objectives:
- Gain a thorough understanding of Spring Security's capabilities and features.
- Learn to implement robust authentication and authorization mechanisms.
- Acquire the skills to secure web applications against common security threats.
- Understand how to integrate Spring Security with various authentication providers and protocols.
- Develop the ability to customize and extend Spring Security to meet specific application requirements.
Quick stats about Luxoft Training Center?
More than 200 training courses
Conducted over 1,500 training sessions
Customized training solutions for business
Contact this provider
Luxoft Training Center
Luxoft Training Center — an essential part of the global technology leader, Luxoft, a DXC Technology Company. We play a pivotal role in propelling B2B businesses forward by delivering customized training solutions. Emphasizing the significance of learning and employee development,...