Spring Boot & spring security

Duration: 5 days

Please find the course objectives below:

Spring boot

  • Introduction
  • Getting Started with Groovy
  • Installing Spring Boot CLI
  • Building and Deploying an Application
  • Using Templates
  • Gathering Metrics
  • Using Java with start.spring.io
  • Spring Boot Starters
  • Building as a Runnable JAR
  • Data Access with Spring Data
  • Property Support
  • Securing an Application
  • Authentication and Authorization
  • JMS Support

Spring security

Introduction

  • Introduction to Spring Security
  • Basic concepts in Security
  • Integration: LDAP, CAS, X.509, OpenID, etc

Authentication

  • The Configuration
  • The Constraint
  • The Configuration
  • Anonymous "Authentication"
  • Logout
  • PasswordEncoder and SaltSource
  • Key Lengthening
  • Channel Security
  • Session Management

URL Authorization

  • URL Authorization
  • Programmatic Authorization: Servlets
  • Programmatic Authorization: Spring Security
  • Role-Based Presentation
  • The Spring Security Tag Library

Under the Hood: Authentication

  • The Spring Security API
  • The Filter Chain
  • Authentication Manager and Providers
  • The Security Context
  • Plug-In Points
  • Implementing UserDetailsService
  • Connecting User Details to the Domain Model

Under the Hood: Authorization

  • Authorization
  • FilterSecurityInterceptor and Friends
  • The AccessDecisionManager
  • Voting
  • Configuration Attributes
  • Access-Decision Strategies
  • Implementing AccessDecisionVoter
  • The Role Prefix
  • Method and Instance Authorization

Method Authorization

  • Using Spring AOP
  • XML vs. Annotations
  • @PreAuthorize and @PostAuthorize
  • Spring EL for Authorization
  • @PreFilter and @PostFilter
  • Domain Object Authorization

The ACL Schema

  • Interface Model
  • ACL-Based Presentation
  • The ACL Schema
  • Implementing ACL based granular security

OAuth for Spring Security

  • Third-Party Authorization
  • OAuth
  • Roles and Initial Flow
  • Grant Types
  • Access Tokens
  • The Google OAuth API
  • OAuth for Spring Security
  • Client-Details Services
  • Token Services
  • The AuthorizationEndpoint
  • The TokenEndpoint
  • The UserApprovalHandler
  • The Resource-Server Filter
  • The ScopeVoter
  • The OAuth-Aware RestTemplate
  • AccessTokenProviders
  • The OAuth Redirecting Filter
  • Conclusion
For an onsite course please contact us