Try for free!
from just USD30.00 per month
Spring Security Core Concepts
Module 1: Core Concepts
Equivalent to a 2 day training course. The running time of the videos is 5.5 hours.
- This course shows how to use Spring Security on a web application.
- Using Spring Security 4, we use the XML namespace to define authentication and authorisation roles.
- Common attacks and how to defend against them.
- How to store passwords safely using BCrypt.
- Part of our Spring Training series.
Contents
Having problems? check the errata
|
Course Overview 4m 2s What the course covers and plans for module 2. |
Preview |
|
Getting started 49m 38s We take a standard Spring MVC project and apply security to it. |
Watch |
|
Form Authentication 29m 24s How to set up a login form. |
Watch |
|
Preserving Usernames on Authentication Failure 28m 50s This optional chapter shows how to keep the username on the form if the login fails. This should be easy but Spring doesn't support this "out of the box". |
Watch |
|
Database Authentication 39m 47s We now authenticate against a database table. Note - at this stage the passwords are in cleartext, and very insecure! |
Watch |
|
Creating Users Programatically 45m 42s How to add users to the database. |
Watch |
|
BCrypt Password Encoding 27m 45s How to store passwords securely, using the industry best-practice of BCrypt. |
Watch |
|
Preventing Brute Force Attacks 47m 39s Often, SHA-256 or (even worse) MD-5 is used with a "salt" to encode passwords. This is not recommended, and this chapter explains why. |
Watch |
|
Tag Library and Preventing Cross Site Request Forgeries (CSRF) 27m 29s Support for CSRF protection is "ON" by default; we had to switch it "OFF" early on in the course; it's time now to look at what this does, and why you might need it. |
Watch |
|
Enabling Transport Layer Security (TLS/SSL) 20m 44s It's important to realise that so far, all transmissions to the server have been unencrypted and therefore passwords have been sent in plaintext. This is a brief overview of how to use TLS/SSL in Spring. |
Watch |
|
Coming Soon 7m 22s The next module will feature how to use OAuth (1 and 2), and how to apply security to REST webservices. This is planned for early September 2015. |
Watch |
|
Bonus Chapter: Standard web.xml 63m 42s You might not need Spring Security: you can do security using web.xml. This extra video shows the standard "built in" security and also explains the difference between authentication and authorisation. |
Watch |
|
Bonus Chapter: Using JavaConfig 66m 15s We've copied this chapter from our JavaConfig module, in case you're unable to access that. This chapter covers how to configure Spring Security without XML. Note: this chapter also covers OAuth configuration, which is the subject of our other Spring Security course. |
Watch |