Spring Security Core Concepts

Try for free!

Subscribe and stream all our courses
from just $30.00 per month
Start my free trial

Spring Security Core Concepts

Module 1: Core Concepts

Equivalent to a 2 day training course. The running time of the videos is 5.5 hours.

  • This course shows how to use Spring Security on a web application.
  • Using Spring Security 4, we use the XML namespace to define authentication and authorisation roles.
  • Common attacks and how to defend against them.
  • How to store passwords safely using BCrypt.
  • Part of our Spring Training series.
You will need previous experience of Java, Web Development and SpringMVC. We have a series of Spring Training courses which cover all of these topics if you need them!

Contents

Having problems? check the errata

Course Overview 4m 2s

What the course covers and plans for module 2.

Preview

Getting started 49m 38s

We take a standard Spring MVC project and apply security to it.

Watch

Form Authentication 29m 24s

How to set up a login form.

Watch

Preserving Usernames on Authentication Failure 28m 50s

This optional chapter shows how to keep the username on the form if the login fails. This should be easy but Spring doesn't support this "out of the box".

Watch

Database Authentication 39m 47s

We now authenticate against a database table. Note - at this stage the passwords are in cleartext, and very insecure!

Watch

Creating Users Programatically 45m 42s

How to add users to the database.

Watch

BCrypt Password Encoding 27m 45s

How to store passwords securely, using the industry best-practice of BCrypt.

Watch

Preventing Brute Force Attacks 47m 39s

Often, SHA-256 or (even worse) MD-5 is used with a "salt" to encode passwords. This is not recommended, and this chapter explains why.

Watch

Tag Library and Preventing Cross Site Request Forgeries (CSRF) 27m 29s

Support for CSRF protection is "ON" by default; we had to switch it "OFF" early on in the course; it's time now to look at what this does, and why you might need it.

Watch

Enabling Transport Layer Security (TLS/SSL) 20m 44s

It's important to realise that so far, all transmissions to the server have been unencrypted and therefore passwords have been sent in plaintext. This is a brief overview of how to use TLS/SSL in Spring.

Watch

Coming Soon 7m 22s

The next module will feature how to use OAuth (1 and 2), and how to apply security to REST webservices. This is planned for early September 2015.

Watch

Bonus Chapter: Standard web.xml 63m 42s

You might not need Spring Security: you can do security using web.xml. This extra video shows the standard "built in" security and also explains the difference between authentication and authorisation.

Watch

Bonus Chapter: Using JavaConfig 66m 15s

We've copied this chapter from our JavaConfig module, in case you're unable to access that. This chapter covers how to configure Spring Security without XML. Note: this chapter also covers OAuth configuration, which is the subject of our other Spring Security course.

Watch
Copyright ©2021 VirtualPairProgrammers.com