JAVAX-SPSC

User and privilege management using Spring Security

Form of participation
Form of training
Length of training
  • 2 day (2×8 Lessons)
  • daily 9:00 - 17:00
Available languages
  • Hungarian
Dates

Training price

343 000 Ft
+ VAT/person
Please choose the date and form of participation!
Would you like a custom made solution, group training on this topic?
Find out more about our customised training services here.

Description

The training aims to provide a comprehensive insight into the Spring Security framework, one of the most popular solutions for addressing security issues in Java-based applications. The training will take you from the basics to more advanced features so that you can effectively use it for authentication, authorization and general security issues.

The training includes complex practical exercises.

Outline

  • General introduction to Spring Security
  • Spring Security architecture
  • Authentication and Authorization
  • standalone web application, login with username and password
    • Basic Authentication
    • Form Authentication
    • URL-based page protection
    • Firewall
    • Storing users and roles in memory
    • Read users and roles with JDBC, JPA
    • Password hashing
    • Integration testing
    • Create your own login form
    • Logout
    • Thymeleaf integration
    • User query in Java code
    • Method level privilege management
    • Spring Data integration
    • Actuator and H2 console protection
  • Remember me token
  • LDAP
  • Events
  • Observability
  • Using HTTPS
    • PEM and PKCS keyrings
    • Key reloading
  • Cross Site Request Forgery (CSRF)
  • Content Security Policy (CSP)
  • CORS
  • Backend application with REST API using JWT
  • OAuth 2 and OIDC with Keycloak
    • OAuth 2
    • Authorization code grant type
    • Client, with user interface
    • Resource server with REST API
    • Token types, id token, access token, refresh token
    • Claim, scope
    • User name
    • Roles
    • Token forwarding
    • Logout
    • PKCE
    • Audience
    • Use Postman
  • Clustering
  • Authentication using Spring Cloud Gateway
  • Using OAuth 2 and OIDC Spring Authorization Server
  • Social login (e.g. GitHub) integration
Outline (PDF)

Prerequisites

Basic knowledge of the Spring Framework is required, such as AOP, DI, Application context, etc.

PrerequisiteApplication development with Spring Framework (JAVAX-SPR)orBuilding a Microservice Application with Spring Boot Framework in Docker environment (JAVAX-MCR)Completion of training courses or practical knowledge of the material covered in those courses.

As some of the course material is in English, a basic level of English at document reading level is required. The training is in Hungarian, based on Hungarian slides.