Take your programming skills to the next level with our Java e-learning programme

Spring Security Core Concepts

Module 1: Core Concepts
  • This course shows how to use Spring Security on a web application.
  • Using Spring Security 4, we use the XML namespace to define authentication and authorisation roles.
  • Common attacks and how to defend against them.
  • How to store passwords safely using BCrypt.
  • Part of our Spring Training series.

Pre-requisites

You will need previous experience of Java, Web Development and SpringMVC. We have a series of Spring Training courses which cover all of these topics if you need them!

Contents - Equivalent to a 2 day training course. The running time of the videos is 5.5 hours.

 

1

Course Overview


4 m 2 s
What the course covers and plans for module 2.

2

Getting started


49 m 38 s
We take a standard Spring MVC project and apply security to it.

3

Form Authentication


29 m 24 s
How to set up a login form.

4

Preserving Usernames on Authentication Failure


28 m 50 s
This optional chapter shows how to keep the username on the form if the login fails. This should be easy but Spring doesn't support this "out of the box".

5

Database Authentication


39 m 47 s
We now authenticate against a database table. Note - at this stage the passwords are in cleartext, and very insecure!

6

Creating Users Programatically


45 m 42 s
How to add users to the database.

7

BCrypt Password Encoding


27 m 45 s
How to store passwords securely, using the industry best-practice of BCrypt.

8

Preventing Brute Force Attacks


47 m 39 s
Often, SHA-256 or (even worse) MD-5 is used with a "salt" to encode passwords. This is not recommended, and this chapter explains why.

9

Tag Library and Preventing Cross Site Request Forgeries (CSRF)


27 m 29 s
Support for CSRF protection is "ON" by default; we had to switch it "OFF" early on in the course; it's time now to look at what this does, and why you might need it.

10

Enabling Transport Layer Security (TLS/SSL)


20 m 44 s
It's important to realise that so far, all transmissions to the server have been unencrypted and therefore passwords have been sent in plaintext. This is a brief overview of how to use TLS/SSL in Spring.

11

Coming Soon


7 m 22 s
The next module will feature how to use OAuth (1 and 2), and how to apply security to REST webservices. This is planned for early September 2015.

12

Bonus Chapter: Standard web.xml


63 m 42 s
You might not need Spring Security: you can do security using web.xml. This extra video shows the standard "built in" security and also explains the difference between authentication and authorisation.

13

Bonus Chapter: Using JavaConfig


66 m 15 s
We've copied this chapter from our JavaConfig module, in case you're unable to access that. This chapter covers how to configure Spring Security without XML. Note: this chapter also covers OAuth configuration, which is the subject of our other Spring Security course.

Let the Course Come to You

About Us Pricing Frequently Asked Questions Contact Privacy T&Cs Affiliates and Resellers
Facebook Twitter YouTube