Improve your coding skills from beginner to expert with the largest online Java e-learning platform

Spring Security Module 2: OAuth2 and REST

featuring OAuth2
  • This course follows on from our Spring Security Module.
  • We use the CRM system built on the Webservices course, and we will convert this into an OAuth provider.
  • A third party website will then become a client of this site.
  • Part of our Spring Training series.


You will need to understand the basic concepts of Spring Security, as covered in Module 1. We use REST extensively, although you only need a basic familiarity with it.

Contents - This module runs for around 6 hours and is equivalent to a 3 day live course.


Having problems? check the errata for this course.



21 m 18 s
In this course we will be using the CRM system from the Spring Remoting course. You don't need experience of REST, this chapter will explain how to set the system up.


Securing a REST Webservice

44 m 17 s
Adding security to REST is really a case of applying standard Spring Security. We'll use Basic Authentication in this chapter.


An Overview of OAuth

41 m 52 s
OAuth is not the easiest to understand - in this chapter a very basic (and simplified) overview of OAuth 2.


The Authorization Code Grant Type - Leg 1

32 m 40 s
We will implement a full OAuth 2 process - this is the first section where the user (resource owner) authenticates and authorizes.


The Authorization Code Grant Type - Leg 2

32 m 15 s
In Leg 2, we need to authenticate the client


The Authorization Code Grant Type - Leg 3

37 m 26 s
And in Leg 3, we finally grant access to the resources


The OAuthRestTemplate

22 m 2 s
This template improves the client's code dramatically!


Additional Scopes

35 m 53 s
A feature of OAuth is that you can define fine grained scopes - in this chapter we will add a "write" scope.


Other Grant Types

41 m 5 s
There are other, less secure grant types available in OAuth. When should you use them? We also implement one of the grant types in our project.



55 m 17 s
How to encrypt the traffic using HTTPs. This is hard work but an essential step.


Module Summary

4 m 11 s
A preview of what is coming up in Module 3 of this series.


Bonus Chapter - JavaConfig for Security

66 m 15 s
This bonus chapter has been borrowed from our JavaConfig module - it shows how to use JavaConfig to configure the security aspects of your application, including OAuth.

Let the Course Come to You

About Us Pricing Frequently Asked Questions Contact Privacy T&Cs Affiliates and Resellers
Facebook Twitter YouTube LinkedIn